Data Communications & Network Final (Chapters 7, 8, 10, 11, 12)
LDAP
CH 10: Active Directory and 389 Directory Server are both compatible with which directory access protocol?
Denied, Implicit Deny Rule
CH 10: Any traffic that is not explicitly permitted in the ACL is ___, which is called the ___.
Layer 7
CH 10: At what layer of the OSI model do proxy servers operate?
Wireless
CH 10: EAPoL is primarily used with what kind of transmission?
Root Bridge (Master Bridge)
CH 10: Only one ___ exists on a network using STP.
Content filtering and file caching
CH 10: What are the two primary features that give proxy servers an advantage over NAT?
Firewall misconfiguration
CH 10: What causes most firewall failures?
AD (Active Directory)
CH 10: What feature of Windows Server allows for agentless authentication?
Content-filtering firewall
CH 10: What kind of firewall blocks traffic based on application data contained within the packets?
TGT (ticket-granting ticket)
CH 10: What kind of ticket is held by Kerberos's TGS?
Connectivity and performance issues between two hosts in which some applications or ports can make the connection while others can't.
CH 10: What kinds of issues might indicate a misconfigured ACL?
Agent
CH 10: What software might be installed on a device in order to authenticate it to the network?
An IDS can only detect and log suspicious activity. An IPS can react when alerted to such activity.
CH 10: What's the essential difference between an IPS and an IDS?
Application awareness
CH 10: Which NGFW feature allows a network admin to restrict traffic generated by a specific game?
switchport port-security
CH 10: Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?
access-list acl_2 permit http any any
CH 10: Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
User authentication
CH 10: Which of the following features is common to both an NGFW and traditional firewalls?
Access control
CH 10: Which of the following is NOT one of the three AAA services provided by RADIUS and TACACS+?
To simplify the process of granting rights to users
CH 10: Why do network administrators create domain groups to manage user security privileges?
The ISP's STP-related topology information shouldn't be mixed with a corporate network's STP-related topology information.
CH 10: Why is a BPDU filter needed at the demarc?
Top listeners
CH 11: One of your coworkers downloaded several, very large video files for a special project she's working on for a new client. When you run your network monitor later this afternoon, what list will your coworker's computer likely show up on?
Standby UPS system / Online UPS system
CH 11: What are the two main categories of UPSes?
SNMP Get Next
CH 11: What command requests the next record in an SNMP log?
DiffServ
CH 11: What field in an IPv4 packet is altered to prioritize video streaming traffic over web surfing traffic?
MIB (Management Information Base)
CH 11: What file must be accessed in order to analyze SNMP logs?
Business continuity
CH 11: What is the primary goal of disaster recovery?
Email, text (SMS), or new support tickets
CH 11: What kinds of alerts can you program your network monitor to send to IT staff when it detects specific, problematic conditions?
Port 161
CH 11: What port do SNMP agents listen on?
LACP (Link Aggregation Control Protocol)
CH 11: What protocol is most often used to bond ports between a switch and a busy server?
Converged Network Adapter (CNA)
CH 11: What type of adapters are required on servers in an FCoE storage network?
How long devices like this one will last on average until the next failure
CH 11: When shopping for a new router, what does the MTBF tell you?
A baseline
CH 11: When you arrive at work one morning, your inbox is full of messages complaining of a network slowdown. You collect a capture from your network monitor. What can you compare it to in order to determine what has changed?
CoS (Class of Service)
CH 11: Which QoS technique operates at Layer 2 to more efficiently route Ethernet traffic between VLANs?
DiffServ for IPv4 / Traffic Class for IPv6
CH 11: Which fields are modified in IPv4 and IPv6 packets to help prioritize traffic for QoS?
Speed
CH 11: Which of the following features of a network connection between a switch and server is NOT improved by link aggregation?
Online UPS
CH 11: Which power backup method will continually provide power to a server if the power goes out during a thunderstorm?
Cold site
CH 11: Which type of disaster recovery site contains all the equipment you would need to get up and running again after a disaster, and yet would require several weeks to implement?
Wireshark
CH 11: While troubleshooting a recurring problem on your network, you will want to examine the TCP messages being exchanged between a server and a client. Which tool should you use?
If one power supply fails, the other can take over. Redundancy
CH 11: Why might you want to install two power supplies in a critical server?
Traffic shaping
CH 11: Your roommate has been hogging the bandwidth on your router lately. What feature should you configure on the router to limit the amount of bandwidth his computer can utilize at any one time?
dedicated line, virtual circuit
CH 12: An organization can lease a private ____ that is not shared with other users, or a ____ that can be physically configured over shared lines in the carrier's cloud.
53 bytes
CH 12: How large is an ATM cell?
23B+D
CH 12: How many channels are in an ISDN PRI connection?
Ethernet, USB, Wi-Fi, Bluetooth
CH 12: What are three examples of Layer 2 LAN or PAN standards that also function at Layer 1?
PVC (permanent virtual circuit) and SVC (switched virtual circuit)
CH 12: What are two types of virtual circuits?
A splitter
CH 12: What device must be installed on a DSL network to protect the sound quality of phone calls?
A start symbol or short preamble, a length field, the Layer 2 payload, and possibly a marker to end the frame
CH 12: What information is typically included in a Layer 1 frame?
Layer 3
CH 12: What is the lowest layer of the OSI model at which LANs and WANs support the same protocols?
1.544 Mbps
CH 12: What is the maximum capacity of a T1 line?
Smart jack
CH 12: What kind of device can monitor a connection at the demarc but cannot interpret data?
Circuit-switched
CH 12: What kind of network is the PSTN?
TDMA
CH 12: What method does a GSM network use to separate data on a channel?
DOCSIS
CH 12: What specifications define the standards for cable broadband?
Amplitude & phase modulation
CH 12: What two types of modulation does DSL use to carry data?
HFC (hybrid fiber coaxial)
CH 12: What type of network combines fiber with coax?
Between Layers 2 and 3
CH 12: Where does an MPLS label go in a PDU?
VDSL
CH 12: Which DSL standard has the fastest speeds immediately outside the CO?
The Bearer channel (or B channel)
CH 12: Which ISDN channel carries signaling information?
SIP (Session Initiation Protocol)
CH 12: Which protocol can provide VoIP services over a Metro Ethernet connection?
OC levels, digital signal levels
CH 12: ____ in SONET are analogous to the ____ of T-carriers.
Every vNIC is automatically assigned a MAC address.
CH 7: How does a vNIC get a MAC address?
Efficient use of resources. Cost and energy savings. Fault and threat isolation. Simple backups, recovery, and replication.
CH 7: List two advantages to using virtualization on a network.
SDN controller or network controller
CH 7: What kind of device can be used to configure and manage physical and virtual networking devices across the network?
DirectAccess
CH 7: What service in Windows Server 2016 authenticates remote users and computers to the Windows domain and its corporate network resources?
Hypervisor
CH 7: What software allows you to define VMs and manage resource allocation and sharing among them on a host computer?
Virtual switch
CH 7: What virtual, logically defined device operates at the Data Link layer to pass frames between nodes?
CA (certificate authority).
CH 7: When surfing online, you get some strange data on an apparently secure website, and you realize you need to check the legitimacy of the site. What kind of organization issues digital certificates for websites?
TCP
CH 7: Which Transport layer protocol does PPTP use?
PaaS
CH 7: Which cloud computing services model gives software developers access to multiple operating systems for testing?
TLS
CH 7: Which current protocol is used to create secure transmissions for HTTP browsing sessions?
Integrity
CH 7: Which encryption benchmark ensures data is not modified after it's transmitted and before it's received?
IPsec
CH 7: Which encryption protocol does GRE use to increase the security of its transmissions?
Port 3389
CH 7: Which port must be open for RDP traffic to cross a firewall?
PPPoE
CH 7: Which remote access protocol is used over an Ethernet network?
SFTP
CH 7: Which remote file access protocol is an extension of SSH?
OpenVPN
CH 7: Which secured tunneling protocol might be able to cross firewalls where IPsec is blocked?
VNC (Virtual Network Computing or Virtual Network Connection)
CH 7: Which terminal emulation protocol is similar to RDP but is open source?
IKEv2
CH 7: Which tunneling protocol is a component of the IPsec protocol suite?
Type 1 hypervisor
CH 7: Which type of hypervisor is installed on bare metal?
NAT mode
CH 7: With which network connection type does the VM obtain IP addressing information from its host?
VLAN hopping / Double tagging
CH 8: An attacker configures a VLAN frame with two tags instead of just one. The first tag directs the frame to the authorized VLAN. After the frame enters the first VLAN, the switch appropriately removes the tag, then discovers the next tag, and sends the frame along to a protected VLAN, which the attacker is not authorized to access. What kind of attack is this?
24 bits
CH 8: How many bits of a Class A IP address are used for host information?
Switch/Managed switches
CH 8: On which networking device do you configure VLANs?
Layer 3, Layer 2
CH 8: Subnetting operates at Layer ___ while VLANs function at Layer ____.
192/168/1.0/25 255.255.255.128
CH 8: Suppose your company has leased one Class C license, 120.10.10.0, and wants to sublease the first half of these IP addresses to another company. What is the CIDR notation for the subnet to be subleased? What is the subnet mask for this network?
DMZ (Demilitarized zone)
CH 8: What area of a network can provide less stringent security so a web server is more accessible from the open Internet?
Network documentation is easier to manage.
CH 8: What do well-chosen subnets accomplish?
2h - 2 = Z
CH 8: What is the formula for determining the number of possible hosts on a network?
Eight
CH 8: What is the least number of bits you would need to borrow from the network portion of a Class B subnet mask to get at least 130 hosts per subnet?
172.16.32.108/24
CH 8: What is the network ID with CIDR notation for the IP address 172.16.32.108 whose subnet mask is 255.255.255.0?
Show VLAN
CH 8: Which Cisco command lists configured VLANs on a switch?
802.1Q
CH 8: Which IEEE standard determines how VLANs work on a network?
VLSM (Variable Length Subnet Mask)
CH 8: Which IP addressing technique subnets a subnet to create subnets of various sizes?
Management VLAN
CH 8: Which VLAN is designed to support administrative access to networking devices?
Native VLAN
CH 8: Which VLAN on a switch manages untagged frames?
256 - the interesting octet, 2h
CH 8: Which formulas can be used to calculate the magic number? Choose two.
The fourth one
CH 8: Which hexadecimal block in an IPv6 address is used for the Subnet ID?
To increase the number of networking devices on a network
CH 8: Which of the following is NOT a good reason to segment a network?
Trunk
CH 8: Which port mode on a switch enables that port to manage traffic for multiple VLANs?
DHCP relay agent
CH 8: While designing your network's VLAN topology, your team has decided to use a centrally managed DHCP server rather than creating a separate DHCP server for each VLAN. What software will you need in order to make the central DHCP server accessible across VLANs?