Network+ 008
Throughput
Amount of data transfer supported by a link in typical conditions. This can be measured in various ways with different software applications. Goodput is typically used to refer to the actual "useful" data rate at the application layer (less overhead from headers and lost packets).
time to live (TTL)
Amount of time that the record returned by a DNS query should be cached before discarding it.
Simple Network Management Protocol (SNMP)
Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.
What port configuration feature allows a server to smooth incoming traffic rates?
IEEE 802.3x flow control.
Internet Control Message Protocol (ICMP)
IP-level protocol for reporting errors and status information supporting the function of troubleshooting utilities such as ping.
Neighbor Discovery (ND) protocol
IPv6 protocol used to identify link local nodes.
public switched telephone network (PSTN)
Global network connecting national telecommunications systems.
packet sniffer
Recording data from frames as they pass over network media, using methods such as a mirror port or tap device.
Transport Layer Security (TLS)
Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.
What type of DNS record is used to prove the valid origin of email?
Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records can be used to validate the origin of email and reject spam. These are configured in DNS as text (TXT) records.
insulation-displacement connection (IDC)
Block used to terminate twisted pair cabling at a wall plate or patch panel available in different formats, such as 110, BIX, and Krone.
frame
Common term for the protocol data unit for layer 2.
Which OSI layer packages bits of data from the Physical layer into frames?
Data Link.
Mechanical Transfer Registered Jack (MTRJ)
Mechanical Transfer Registered Jack (MTRJ)
stateless address autoconfiguration (SLAAC)
Mechanism used in IPv6 for hosts to assign addresses to interfaces without requiring manual intervention.
broadcast domain
Network segment in which all nodes receive the same broadcast frames at layer 2.
Which grade or grades of fiber have a 62.5 micron core?
OM1.
What is a Class D address?
One used for multicasting.
show commands
Set of commands in a switch OS to report configuration or interface information.
Which component in a VoIP network allows calls to be placed to and from the voice telephone or public switched telephone network (PSTN)?
This function is performed by a VoIP gateway.
Multiple Input Multiple Output (MIMO)
Use of multiple reception and transmission antennas to boost bandwidth via spatial multiplexing and to boost range and signal reliability via spatial diversity.
Multiuser MIMO (MU-MIMO)
Use of spatial multiplexing to connect multiple MU-MIMO-capable stations simultaneously, providing the stations are not on the same directional path.
What is a RADIUS client, and how should it be configured?
What is a RADIUS client, and how should it be configured?
What are the sizes of TCP and UDP headers?
TCP is 20 bytes (or more) while UDP is 8 bytes.
Coarse Wavelength Division Multiplexing (CWDM)
Technology for multiplexing up to 16 signal channels on a single fiber using different wavelengths.
True or False? Stations with 802.11ac capable adapters must be assigned to the 5 GHz frequency band.
True-802.11ac is designed to work only in the 5 GHz frequency band, with the 2.4 GHz band used for legacy clients.
True or False? DHCP options can be configured on a per-scope basis.
True.
True or False? SIP enables the location of user agents via a specially formatted URI.
True.
True or false? A VLAN is a single broadcast domain.
True.
True or false? A managed switch should have auto MDI/MDI-X enabled by default.
True.
True or false? To perpetrate an ARP spoofing attack, the threat actor spoofs the IP address of a legitimate host, typically the subnet's default gateway.
True. The threat actor sends gratuitous ARP replies claiming to own the IP address of the target.
Which Ethernet standard works at 100 Mbps over Cat 5 or better copper cable?
100BASE-TX.
Which fiber Ethernet standard is best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput?
10GBASE-SR.
Which types of distribution frame are best suited to 100 MHz or better operation?
110, BIX, and Krone blocks.
A server has a four-port gigabit Ethernet card. If a switch supports port aggregation, what bandwidth link can be achieved?
4 x 1 gigabit or 4 gigabit.
Which IEEE WLAN standards specify a data transfer rate of up to 54 Mbps?
802.11a and 802.11g.
Post Office Protocol (POP)
Application protocol that enables a client to download email messages from a server mailbox to a client over port TCP/110 or secure port TCP/995.
What type of security control uses an attestation report?
A Network Access Control (NAC) server configured to allow connections only to clients that meet a health policy, such as running an appropriate OS/OS version and being up-to-date with patches and security scanning definitions.
What is the difference between a Wi-Fi analyzer and a spectrum analyzer?
A Wi-Fi analyzer is a software-based tool that interrogates the wireless adapter to display detailed information, based on what the Wi-Fi radio can receive. A spectrum analyzer uses dedicated radio hardware to report on frequency usage outside of Wi-Fi traffic, and so can be used more reliably to detect interference sources.
Nmap Security Scanner
A highly adaptable, open-source network scanner used primarily to scan hosts and ports to locate services and detect vulnerabilites.
bus topology
A shared access media where all nodes attach directly to a single cable segment.
Terminal Access Controller Access Control System (TACACS+)
AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.
Remote Authentication Dial-in User Service (RADIUS)
AAA protocol used to manage remote and wireless authentication infrastructures.
What type of DNS record resolves a host name to an IPv6 address?
AAAA.
Enhanced IGRP (EIGRP)
Advanced distance vector dynamic routing protocol using bandwidth and delay metrics to establish optimum forwarding paths.
At what layer of the OSI model does a fiber distribution panel work
All types of distribution frames work at the physical layer (layer 1).
What is the measurement standard for wire thickness?
American Wire Gauge (AWG).
Telnet
Application protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23.
What role does an initiator play in a SAN and what hardware must be installed on it?
An initiator is a storage area network (SAN) client device, such as a file server or database server. The server must be installed with a host bus adapter (HBA), such as fiber channel adapter or converged Ethernet adapter.
Server Message Block (SMB)
Application protocol used for requesting files from Windows servers and delivering them to clients. SMB allows machines to share files and printers, thus making them available for other machines to use. SMB client software is available for UNIX-based systems. Samba software allows UNIX and Linux servers or NAS appliances to run SMB services for Windows clients.
Session Initiation Protocol (SIP)
Application protocol used to establish, disestablish, and manage VoIP and conferencing communications sessions. It handles user discovery (locating a user on the network), availability advertising (whether a user is prepared to receive calls), negotiating session parameters (such as use of audio/ video), and session management and termination.
HyperText Transfer Protocol (HTTP)
Application protocol used to provide web content to browsers. HTTP uses port 80. HTTPS(ecure) provides for encrypted transfers, using SSL/TLS and port 443.
What sort of log would you inspect if you wanted to track web server access attempts?
Audit/security/access log.
trunks
Backbone link established between switches and routers to transport frames for multiple virtual LANs (VLANs).
Straight Tip (ST)
Bayonet-style twist-and-lock connector for fiber optic cabling.
plenum
Cable for use in building voids designed to be fire resistant and to produce a minimal amount of smoke if burned.
A technician is cabling a top-of-rack switch in a spine and leaf architecture. Each server has been cabled to the switch. What cabling must the technician add to complete the design?
Cable the top-of-rack (leaf) switch to each spine (distribution) switch. The two tiers are cabled in a full mesh topology.
Cyclic Redundancy Check (CRC)
Calculation of a checksum based on the contents of a frame used to detect errors.
Which categories of U/UTP cable are certified to carry data transmission faster than 100 Mbps?
Cat 5e and Cat 6/6A. Cat 7 and Cat 8 are screened/shielded types.
Which cable type consists of a single core made of solid copper surrounded by insulation, a braided metal shielding, and an outer cover?
Coax.
tcpdump
Command-line packet sniffing utility.
Time to Live (TTL)
Counter field in the IP header recording the number of hops a packet can make before being dropped.
tunneling
Encapsulating data from a local protocol within another protocol's PDU to transport it to a remote network over an intermediate network. Tunneling protocols are used in many contexts, including virtual private networks (VPNs) and transport IPv6 packets over IPv4 networks.
Placement behind a perimeter firewall can identify suspicious traffic that has been allowed through the firewall.
Ensure that clients obtain a new DHCP lease, either by shortening the lease period in advance or by using a script to force clients to renew the lease at startup.
True or false? An automated vulnerability scanner can be used to detect zero-days.
False. An automated scanner is configured with a list of known vulnerabilities to scan for. By definition, zero-day vulnerabilities are unknown to the vendor or to security practitioners. A zero-day is detected either through detailed manual research or because an exploit is discovered.
True or false? An enterprise WAN can be configured using either MPLS or SD-WAN, but the two cannot work together
False. It is true that an enterprise WAN can be configured using multiprotocol label switching (MPLS). However, a software defined WAN can use any type of transport network, including MPLS, so the two can be deployed together.
True or False? The CRC mechanism in Ethernet allows for the retransmission of damaged frames.
False. The CRC indicates only that a frame may be corrupt.
autonomous system (AS)
Group of network prefixes under the administrative control of a single organization used to establish routing boundaries.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
In a contention-based system, each network device competes with the other connected devices for use of the transmission media. Contention-based systems require a set of protocols that reduce the possibility of data collisions, since if the devices compete and simultaneously send data packets, neither packet will reach its intended destination. The Carrier Sense Multiple Access (CSMA) protocols allow contention-based networks to successfully communicate by detecting activity on the network media (Carrier Sense) and reacting to this (for example, if the medium is busy). CSMA/CD (Collision Detection) recognizes a signal collision on the basis of electrical fluctuations produced when signals combine. CSMA/CA (Collision Avoidance) waits for the network to be free before announcing their intention to transmit. If no negative response is received, the unit will transmit. Also known as Contention (CSMA).
What is a principal requirement of IoT networking technologies?
Low power consumption and low latency.
You are planning WLAN for an office building with an attached warehouse. Where would you recommend placing Wi-Fi antennas for the best coverage in an office full of cubicles as well as in the warehouse?
Placing omnidirectional antennas on the ceiling would provide the best coverage with good line-of-sight and reduced interference between the APs and stations. Depending on the height of the warehouse ceiling, you may need to obtain APs with downtilt antennas.
Why is plenum-rated cable used when cable is run in an area where building air is circulated?
Plenum-rated cable produces minimal amounts of smoke if burned, must be self-extinguishing, and must meet other strict fire safety standards.
What term is used to describe a topology in which two nodes share a single link?
Point-to-point.
A technician configures a switch with an IP address and shared secret of a network authentication server. What type of best practice network hardening is being performed?
Port security or IEEE 802.1X Port-Based Network Access Control.
A technician configures a switch port with a list of approved MAC addresses. What type of feature has been enabled?
Port security.
Convergence
Process whereby routers agree on routes through the network to establish the same network topology in their routing tables (steady state). The time taken to reach steady state is a measure of a routing protocol's convergence performance.
spanning tree protocol (STP)
Protocol that prevents layer 2 network loops by dynamically blocking switch ports as needed.
Subscriber Connector (SC)
Push/pull connector used with fiber optic cabling.
What are the advantages of deploying a wireless mesh topology over an IBSS?
Stations in a wireless mesh network are capable of discovering one another, forming peering arrangements, and performing path discovery and forwarding between peers (routing). These factors make a mesh-based network more scalable than an ad hoc network or independent basic service set (IBSS).
medium dependent interface (MDI)
System that distinguishes transmit and receive pins on different interface types. The interface on an end system is MDI while that on an intermediate system is MDI-X.
Why might contracting with multiple ISPs still fail to provide highly available Internet access infrastructure?
The ISPs might share last mile conduit or have the same peering or transit arrangements that share the same single point of failure. For reliable failover, you need to ensure diverse paths over physically separate circuits.
A technician is configuring a firewall appliance to work with an SDN controller. What functionality on the firewall must be enabled?
The firewall must be able to communicate with the software defined networking (SDN) controller via an application programming interface (API). This API between the control and infrastructure layers is referred to as the southbound API.
What happens if a message sent via SMTP cannot be delivered?
The server generates a non-delivery report (NDR) with an appropriate error code and discards the message.
On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?
The switch must be configured to mirror traffic to the sniffer's port.
These are both first hop redundancy protocols. Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) allow multiple physical router appliances to act as the same logical router, providing failover.
This is some type of Denial of Service (DoS) attack. Specifically, you might suspect a distributed DoS (DDoS) or distributed reflection DoS (DRDoS).
fusion splicer
Tool for joining strands of fiber optic cable with minimal signal loss.
Which three means of establishing a theory of probable cause refer to the OSI model?
Top-to-bottom, bottom-to-top, and divide and conquer.
At which OSI layer is the concept of a port number introduced?
Transport.
You need to verify whether a switch port is misconfigured by checking the number of collisions being reported. What general command could you use at a CLI to report this information?
show interface
transport layer
transport layer
What remote management service is associated with TCP port 23?
Telnet.
What type of AP requires a wireless controller?
A lightweight or thin AP (or one working in thin mode).
hybrid topology
A network that uses a combination of physical or logical topologies. In practice most networks use hybrid topologies. For example, modern types of Ethernet are physically wired as stars but logically operate as buses.
multicasting
A packet addressed to a selection of hosts (in IP, those belonging to a multicast group).
unicast
A packet addressed to a single host. If the host is not on the local subnet, the packet must be sent via one or more routers.
What types of devices are connected in a PAN?
A personal area network (PAN) links devices such as laptops and smartphones and provides connectivity with peripheral devices (printers, input devices, headsets, and so on) plus wearable technology, such as fitness trackers and smart watches.
What use is a PTR DNS record?
A pointer maps an IP address to a host name, enabling a reverse lookup. Reverse lookups are used (for example) in spam filtering to confirm that a host name is associated with a given IP address.
How does a traffic shaper benefit real-time data applications?
A traffic shaper can reserve bandwidth so that QoS parameters, such as maximum latency and jitter, for a real-time data application can be guaranteed.
What is a top listener in terms of network monitoring?
An interface that receives the most incoming traffic.
Bidirectional wavelength division multiplexing (WDM)
Bidirectional wavelength division multiplexing (WDM)
How is jitter mitigated by a VoIP application?
By buffering packets.
What options may be available for an 802.11n network that are not supported under 802.11g?
Channel bonding, Multiple-Input-Multiple-Output (MIMO), and use of either 2.4 GHz or 5 GHz frequency bands.
Optical Multimode (OM)
Classification system for multimode fiber designating core size and modal bandwidth.
Port aggregation
Combining the bandwidth of two or more switch ports into a single channel link.
MAC address table
Data store on a switch that keeps track of the MAC addresses associated with each port. As the switch uses a type of memory called Content Addressable Memory (CAM), this is sometimes called the CAM table.
Routing Information Protocol (RIP)
Distance vector-based routing protocol that uses a hop count to determine the least-cost path to a destination network.
Open Shortest Path First (OSPF)
Dynamic routing protocol that uses a link-state algorithm and a hierarchical topology.
Exterior Gateway Protocol (EGP)
Dynamic routing protocol used to exchange information about network paths in separate autonomous systems.
Interior Gateway Protocol (IGP)
Dynamic routing protocol used to exchange path forwarding information between routers in the same autonomous system.
jumbo frame
Ethernet frame with a payload larger than 1500 bytes (up to about 9000 bytes).
TAP
Hardware device inserted into a cable to copy frames for analysis.
What address is used to contact a DHCPv6 server?
IPv6 does not support broadcasts, so clients use the multicast address ff:02::1:2 to discover a DHCP server.
auto-MDI/MDIX
Interface that can detect a connection type and configure as MDI or MDI-X as appropriate.
media converter
Layer 1 (Physical) network device that translates signals received over one media type for transmission over a different media type.
hub
Layer 1 (Physical) network device used to implement a star network topology on legacy Ethernet networks, working as a multiport repeater.
Twinaxial
Media type similar to coax but with two inner conductors to improve performance.
duplex
Network link that allows interfaces to send and receive simultaneously.
OSI model layer that transforms data between the formats used by the network and applications.
OSI model layer providing support to applications requiring network services (file transfer, printing, email, databases, and so on).
network layer (layer 3)
OSI model layer responsible for logical network addressing and forwarding.
data link layer (layer 2)
OSI model layer responsible for transferring data between nodes.
session layer (layer 5)
OSI model layer that provides services for applications that need to exchange multiple messages (dialog control).
presentation layer (layer 6)
OSI model layer that transforms data between the formats used by the network and applications.
port tagging
On a switch with VLANs configured, a port with an end station host connected operates in untagged mode (access port). A tagged port will normally be part of a trunk link.
The network administrator at your organization analyzes a network trace capture file and discovers that packets have been intercepted and retransmitted to both a sender and a receiver during an active session. What class of attack has been detected?
On-path attack. Note that this was previously referred to as a man-in-the-middle (MitM) attack.
The network administrator configures a switch with custom privilege levels and assigns commands to each. What type of best practice network hardening will this configuration support?
Role-based access, where different administrator and operator groups are assigned least privilege permissions.
Registered Jack (RJ)
Series of jack/plug types used with twisted pair cabling, such as RJ-45 and RJ-11.
What type of fiber optic cable is suited for long distance links?
Single mode fiber (SMF).
The lobby area of your office building has undergone a renovation, the centerpiece of which is a large aquarium in the middle of the room, separating a visitor seating and greeting area from the reception desks, where the AP facilitating guest Internet access is located. Since the renovation, many guests have been unable to connect to Wi-Fi from the seating area. Could the aquarium really be the cause, and what solution could you recommend?
Yes, a dense body of water could cause absorption and refraction of the radio waves, weakening the signal. You could ceiling mount the AP so that signals are less affected by the body of water. You could also add a second AP at the front of the lobby area to act as a repeater. For optimum performance, both APs should be ceiling-mounted, to preserve line of sight.
What value is used as the BSSID?
The MAC address of the access point.
What component of a structured cabling system protects the demarc against tampering?
The demarcation point or demarc is the location where the service provider terminates cable within customer premises. In terms of the internal cable distribution components, it is identified as an entrance facility. Ideally, this should be enclosed within a secure closet with access restricted to authorized personnel only.
Why might an attacker launch a disassociation attack against an access point?
This could be a simple denial of service (DoS) attack to prevent network access, but the attacker could also be attempting to use an evil twin/rogue AP to intercept network traffic.
What type of cloud solution would be used to implement a SAN?
This would usually be described as Infrastructure as a Service (IaaS).
Why would you deploy a reverse proxy?
To publish a web application without directly exposing the servers on the internal network to the Internet.
variable length subnet masking (VLSM)
Using network prefixes of different lengths within an IP network to create subnets of different sizes.
What is the main difference between WPA and WPA2?
WPA2 supports a stronger encryption algorithm, based on the Advanced Encryption Standard (AES). AES is deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA uses the same RC4 cipher as WEP. WPA uses a mechanism called the Temporal Key Integrity Protocol (TKIP) to make it stronger than WEP, but WPA2 offers better security.
private branch exchange (PBX)
Routes incoming calls to direct dial numbers and provides facilities such as voice mail, Automatic Call Distribution (ACD), and Interactive Voice Response (IVR). A PBX can also be implemented as software (virtual PBX). An IP-based PBX or hybrid PBX allows use of VoIP.
You are auditing the service configuration of a Linux server. Which command can you use to check the PID associated with a TCP port, even if there are no active connections?
Run netstat with the -p switch to show the process ID (PID), -a switch to show all active and listening sockets, and optionally -t to filter by TCP and -n to suppress name resolution and display output quicker: netstat -patn
A technician deploys a standard Linux virtual machine and then installs and configures an open switching OS to run on it. Which virtual network concept is being deployed?
Running virtual appliances on standard CPU platforms (rather than dedicated switch/router hardware) is referred to as network function virtualization (NFV). This is also a type of vSwitch. A virtual switch can be implemented either using NFV or through a built-in function of the hypervisor platform.
F-type connectors
Screw down connector used with coaxial cable.
If a VM is connected to a bridged virtual switch, what sort of network access does it have?
A bridged switch connects the VM to a physical network via the host's NIC.
What must be installed on a server to use secure (HTTPS) connections?
A digital certificate and the corresponding private key.
What difference does DMVPN make to a hub and spoke VPN topology?
A dynamic multipoint VPN (DMVPN) allows the spokes to establish a direct connection, rather than relaying all communications via the hub.
What type of DNS service would you configure on the LAN to use a public DNS server to resolve queries for external domains?
A forwarder.
Encapsulation
A method by which protocols build data packets by adding headers and trailers to existing data.
What type of security audit performs active testing of security controls?
A penetration test (pen test). A vulnerability assessment is one that uses passive testing techniques.
What rack-mountable device can provide line filtering and power monitoring features?
A power distribution unit (PDU).
What tool is used to terminate wiring at a 110 block?
A punchdown tool is used to connect wires via insulation displacement connectors (IDCs). You must use a suitable blade for the IDC format (110, Krone, or BIX).
Mail Exchanger (MX) Record
A record used by e-mail servers for determining the host names of servers responsible for handling a domain's incoming e-mail.
What component performs signal amplification to extend the maximum allowable distance for a media type?
A repeater.
What type of security configuration uses edge and choke firewalls?
A screened subnet. The edge or screening firewall is the public interface while the choke firewall is the LAN interface. The screened subnet is therefore configured as a perimeter network preventing hosts on the Internet being directly connected to hosts on the LAN.
Secure FTP (SFTP)
A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.
What is the default rule on a firewall?
A system-defined rule that denies anything not permitted by the preceding rules. This is also referred to as an implicit deny rule. An explicit deny is one configured manually by the administrator.
mesh topology
A topology often used in WANs where each device has (in theory) a point-to-point connection with every other device (fully connected); in practice, only the more important devices are directly interconnected (partial mesh).
What is SNTP?
Simple Network Time Protocol-A simpler protocol derived from NTP that enables workstations to obtain the correct time from time servers.
What replaces the VPN client in a clientless remote access solution?
A web browser.
Trivial File Transfer Protocol (TFTP)
Simplified form of FTP supporting only file copying. TFTP works over UDP port 69.
Local Connector (LC)
Small form factor push-pull fiber optic connector; available in simplex and duplex versions.
What is an ASN and how does it assist route aggregation?
An Autonomous System Number (ASN) identifies a group of network prefixes under the administrative control of a single entity (such as an ISP). The AS can be advertised to other ASs through a single prefix (route aggregation), hiding the complexity of the internal network from other autonomous systems.
router
An intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types.
Network Time Protocol (NTP)
Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123.
Syslog
Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.
Remote Desktop Protocol (RDP)
Application protocol for operating remote connections to a host using a graphical interface. The protocol sends screen data from the remote host to the client and transfer mouse and keyboard input from the client to the remote host. It uses TCP port 3389.
Internet Message Access Protocol (IMAP)
Application protocol providing a means for a client to access and manage email messages stored in a mailbox on a remote server. IMAP4 utilizes TCP port number 143, while the secure version IMAPS uses TCP/993.
Secure Shell (SSH)
Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.
Simple Mail Transfer Protocol (SMTP)
Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.
File Transfer Protocol (FTP)
Application protocol used to transfer files between network hosts. Variants include S(ecure)FTP, FTP with SSL (FTPS and FTPES) and T(rivial)FTP. FTP utilizes ports 20 and 21.
What mechanism does RTS/CTS support?
Carrier sense multiple access with collision avoidance (CSMA/CA). Rather than try to detect collisions, a wireless station indicates its intent to transmit by broadcasting a Request To Send (RTS) and waits to receive a Clear To Send (CTS) before proceeding.
What type of assessment tool is configured with details of CVEs?
Common Vulnerabilities and Exposures (CVE) is a dictionary of vulnerabilities in published operating systems and applications software. An automated vulnerability scanner is configured with scripts to scan a host for known vulnerabilities.
When configuring multiple DHCP servers for redundancy, what should you take care to do?
Configure the servers with nonoverlapping address scopes.
What is a virtual terminal?
Configuring a management IP address on a switch to connect to its command line interface over the network (rather than via a serial port).
subinterfaces
Configuring a router's physical interface with multiple virtual interfaces connected to separate virtual LAN (VLAN) IDs over a trunk.
Network hosts are flooding a switch's SSH port with malicious traffic. The switch applies a rate-limiting mechanism to drop the traffic. What best practice network hardening control is being used?
Control plane policing. The SSH port carries management traffic. Malicious management or control traffic can be used to perform a denial of service (DoS) attack against a network appliance by overloading its general purpose CPU. A control plane policing policy protects both control and management channels against this type of attack.
port mirroring
Copying ingress and/or egress communications from one or more switch ports to another port. This is used to monitor communications passing over the switch.
What step can you take to prevent unauthorized use of a remote access server?
Define which user accounts have dial-in rights, consider restricting access by time of day, and configure logging and auditing of remote access logons and attempted logons.
optical spectrum analyzer (OSA)
Determines attenuation of different light wavelengths to establish suitability of fiber optic cable for long-distance applications.
A threat actor forces clients to disconnect from a legitimate access point to try to force them to reconnect to an access point controlled by the attacker using the same network name. What two attack types are being used?
Disconnections are performed using a deauthentication attack, while using a rogue access point to masquerade as a legitimate one is referred to as an evil twin attack.
True or false? To support client roaming within an extended service area, each access point must be configured with the same SSID, security parameters, and Wi-Fi channel.
False-the SSID and security parameters must be the same, but the access points should use different channels where their coverage overlaps.
True or False? Suppressing transmission of the WLAN beacon improves security.
False-the beacon cannot be suppressed completely because clients use it when connecting with the AP. Increasing the broadcast interval reduces network overhead, but it increases the time required to find and connect to the network.
True or False? User Datagram Protocol (UDP), like TCP, uses flow control in the sending of data packets.
False.
True or false? A broadcast storm can only be resolved by investigating interface configurations.
False. A broadcast storm could be caused by a physical layer issue, such as improper cabling.
True or false? Link aggregation can only be configured between intermediate systems, such as switch-to-switch or switch-to-router.
False. Link aggregation can be used between end systems and intermediate systems, too.
True or false? An HTML web page is sent as the response to a client in an HTTP header field.
False. The HTML is the payload of the HTTP packet.
True or false? SSH must be configured with two key pairs to operate; one on the server and one on the client.
False. While the server must be configured with a key pair, the client can optionally use a key pair to authenticate, or can use another mechanism, such as a password.
Single Mode Fiber (SMF)
Fiber optic cable type that uses laser diodes and narrow core construction to support high bandwidths over distances of over 5 km.
Multimode Fiber (MMF)
Fiber optic cable type using LED or vertical cavity surface emitting laser optics and graded using optical multimode types for core size and bandwidth.
Angled Physical Contact (APC)
Fiber optic connector finishing type that uses an angled polish for the ferrule.
Physical Contact (PC)
Fiber optic finishing type where the cable and connector are polished to a higher standard than with Physical Contact (PC).
UltraPhysical Contact (UPC)
Fiber optic finishing type where the cable and connector are polished to a higher standard than with Physical Contact (PC).
Small Form Factor Pluggable (SFP)
Fiber optic transceiver module type supporting duplex 1 Gbps (SFP) or 10 Gbps (SFP+) links.
Quad small form-factor pluggable (QSFP)
Fiber optic transceiver module type supporting four individual duplex lanes at 1 Gbps (QSFP) or 10 Gbps (QSFP+) that can be aggregated into a single 4 Gbps or 40 Gbps channel.
TCP flags
Field in the header of a TCP segment designating the connection state, such as SYN, ACK, or FIN.
Ethernet headers
Fields in a frame used to identify source and destination MAC addresses, protocol type, and error detection.
canonical notation
Format for representing IPv6 addresses using hex double-bytes with colon delimitation and zero compression.
In what STP-configured state(s) are all ports when a network running STP is converged?
Forwarding or blocking.
What type of client-to-site VPN ensures that any traffic from the remote node can be monitored from the corporate network while the machine is joined to the VPN?
Full tunnel. This mode contrasts with split tunnel, where only traffic for the private network is tunneled.
microsegmentation
Function of an Ethernet switch whereby collision domains are reduced to the scope of a single port only.
Power over Ethernet (PoE)
Specification allowing power to be supplied via switch ports and ordinary data cabling to devices such as VoIP handsets and wireless access points. Devices can draw up to about 13W (or 25W for PoE+).
Dual stack
Host operating multiple protocols simultaneously on the same interface. Most hosts are capable of dual stack IPv4 and IPv6 operation for instance.
Link Aggregation Control Protocol (LACP)
IEEE protocol governing the use of bonded Ethernet ports (NIC teaming).
extended unique identifier (EUI)
IEEE's preferred term for a network interface's unique identifier. An EUI-48 corresponds to a MAC address while an EUI-64 is one that uses a 64-bit address space.
What technology could be used to provision security cameras without having to provide a separate circuit for electrical power?
IP cameras could be powered over data cabling using Power over Ethernet (PoE).
Anycast
IP delivery mechanism whereby a packet is addressed to a single host from a group sharing the same address.
What type of scanning tool outputs a "Host is up" status report.
IP scanner. Note that while most IP scanners can also function as port scanners they are distinct types of scanning activity.
What parameters in packet headers can a Layer 3 firewall ruleset use?
IP source and destination address, protocol type, and port number.
ring topology
In a ring topology, all of the computers are connected in a circle. The ring comprises a series of point-to-point links between each device. Signals pass from device to device in a single direction with the signal regenerated at each device.
star topology
In a star network, each node is connected to a central point, typically a switch or a router. The central point mediates communications between the attached nodes. When a device such as a hub is used, the hub receives signals from a node and repeats the signal to all other connected nodes. Therefore the bandwidth is still shared between all nodes. When a device such as a switch is used, point-to-point links are established between each node as required. The circuit established between the two nodes can use the full bandwidth capacity of the network media.
bridge
Intermediate system that isolates collision domains to separate segments while joining segments within the same broadcast domain.
switch
Intermediate system used to establish contention-free network segments at layer 2 (Data Link).
What protocol would enable a client to manage mail subfolders on a remote mail server?
Internet Message Access Protocol (IMAP) or IMAP Secure (IMAPS). Post Office Protocol (POP3) allows download of mail messages but not management of the remote inbox.
What is the purpose of the window field in a TCP segment?
It is used for flow control. The window indicates the amount of data that the host can receive before sending another acknowledgement.
repeater
Layer 1 device that regenerates and retransmits signals to overcome media distance limitations.
Internet Group Management Protocol (IGMP)
Layer 3 protocol that allows hosts to join and leave groups configured to receive multicast communications.
What standard(s) are intended to support 4G mobile wireless services?
Long Term Evolution (LTE) and LTE Advanced (LTE-A).
physical layer (PHY)
Lowest layer of the OSI model providing for the transmission and receipt of data bits from node to node. This includes the network medium and mechanical and electrical specifications for using the media.
maximum transmission unit (MTU)
Maximum size in bytes of a frame's payload. If the payload cannot be encapsulated within a single frame at the Data Link layer, it must be fragmented.
What is an MTU?
Maximum transmission unit-the maximum amount of data that a frame can carry as payload.
How would you test for excessive attenuation in a network link?
Measure the insertion loss in dB by using a cable tester.
flow control
Mechanism defined in IEEE 802.3a that allows a server to instruct a switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.
Automatic Private IP Addressing (APIPA)
Mechanism for Windows hosts configured to obtain an address automatically that cannot contact a DHCP server to revert to using an address from the range 169.254.x.y. This is also called a link-local address.
fragmentation
Mechanism for splitting a layer 3 datagram between multiple frames to fit the maximum transmission unit (MTU) of the underlying Data Link network.
Coaxial
Media type using two separate conductors that share a common axis categorized using the Radio Grade (RG) specifications.
What type of network topology is used by IoT technologies such as Z-Wave and Zigbee?
Mesh topology.
You suspect that a network application is generating faulty packets. What interface metric(s) might help you to diagnose the problem?
Monitoring errors and discards/drops would help to prove the cause of the problem.
MPLS (Multiprotocol Label Switching)
Most WAN providers offer Multiprotocol Label Switching (MPLS) as a means of establishing private links with guaranteed service levels. MPLS can operate as an overlay network to configure point-to-point or point-to-multipoint links between nodes.
You are configuring a firewall to allow a Linux web server to communicate with a database server over port TCP/3306. Assuming it has been left configured with the default port, what type of database is being used?
MySQL.
hub-and-spoke
Network connectivity between multiple virtual private clouds where one virtual private cloud (VPC) acts as a hub and the other VPCs are peered with it but not with each other.
What cabling faults would a wire map tester detect?
Opens, shorts, and transpositions (reversed and crossed pairs).
Secure Sockets Layer (SSL)
Original, obsolete version of the security protocol now developed as TLS.
What is a heat map?
Output from a site survey plotting the strength of wireless signals and channel utilization in different parts of a building.
broadcast
Packet or frame addressed to all hosts on a local network segment, subnet, or broadcast domain. Routers do not ordinarily forward broadcast traffic. The broadcast address of IP is one where the host bits are all set to 1; at the MAC layer it is the address ff:ff:ff:ff:ff:ff.
router advertisement (RA)
Packet sent by an IPv6-capable router to notify hosts about prefixes and autoconfiguration methods available on the local link
plain old telephone service (POTS)
Parts of telephone network "local loop" that use voice-grade cabling. Analog data transfer over POTS using dial-up modems is slow (33.3Kbps).
Border Gateway Protocol (BGP)
Path vector exterior gateway routing protocol used principally by ISPs to establish routing between autonomous systems.
Spanning tree has been deployed without the administrator setting a priority value. Which of the following switches will be selected as the root? Switch A with base MAC f062.81ff.0001 and a 10 Gbps uplink Switch B with base MAC f062.81ff.0002 and a 40 Gbps uplink Switch C with base MAC f062.81ff.0003 and a 40 Gbps uplink
Switch A. The switch with the lowest value MAC address is selected if priority values are equal.
At which layer of the OSI model is no header encapsulation applied?
Physical.
How does placement of an IDS sensor assist with a defense in depth policy?
Placement behind a perimeter firewall can identify suspicious traffic that has been allowed through the firewall.
You have a plan for monitoring switches and routers that accommodates network metrics (bandwidth, latency, and jitter) plus chassis temperature and intrusion. What other performance metric should be monitored?
Processing (CPU and memory) resource. In some circumstances, you might also want to monitor local storage capacity.
A technician has recommended changing the syslog logging level from its current value of 3 to 6. Will this cause more or fewer events to be forwarded?
Raising the level to 6 will capture less severe events (up to informational level) so more events will be forwarded.
Which metric is used to determine frequency of data backups?
Recovery Point Objective (RPO) is the maximum amount of data loss permitted, measured in units of time (seconds, minutes, hours, or days).
When you configure name server addresses as part of a host's IP settings, do you need to specify servers that perform iterative queries only or ones that accept recursive queries?
Recursive queries. These DNS servers are designed to assist clients with queries and are usually separate to the DNS server infrastructure designed to host authoritative name records.
You need to configure clients to be able to communicate with print devices in a remote subnet. Which port number must you allow on a network firewall to enable the standard TCP/IP port?
TCP/9100.
What type of frames are carried over tagged ports?
Tagged ports typically operate as trunks to carry frames between VLANs on different switches. Frames are transported over the trunk link with an 802.1Q header to indicate the VLAN ID.
If a network adapter is using the address 169.254.1.10 on a host connected to the LAN, what would you suspect?
That a DHCP server is offline or not contactable. The system is configured to obtain an address automatically but cannot contact a DHCP server and is using Automatic Private IP Addressing (APIPA).
Which frequency band is less likely to suffer from co-channel interference?
The 5 GHz band.
You are connecting a SOHO network to a VDSL service using a separate VDSL modem. What cables do you require and how should they be connected?
The WAN/DSL port on the modem is connected to the service provider network via a two-pair cable with RJ-11 connectors. The LAN/Ethernet port on the modem should be connected to the SOHO router via an Ethernet cable with RJ-45 connectors.
What configuration information is required on an access point to authenticate users joining the wireless network against a network authentication server?
The authentication method must be set to enterprise and the access point must be configured with the IP address and shared secret of the authentication (RADIUS or TACACS+) server.
What function or service prevents an Internet host from accessing servers on the LAN without authorization?
The firewall.
Your company has a lobby area where guest access is provided so that visitors can get Internet access. The open guest WLAN is currently connected to the production network. The only protection against visitors and hackers getting into the organization's data is file and directory rights. What steps should be taken to provide guest access and better protect the organization's data?
The guest WLAN should be connected to a separate network segment, isolated from the production network. Typically, this would be accomplished using a virtual LAN (VLAN) and a router/firewall to inspect and filter traffic using the Internet link. You could configure a captive portal so that users must register before accessing the WLAN. You could also change to using PSK authentication, with the passphrase obtained from the receptionists.
A technician is configuring a PC with software to manage and monitor a network of field devices. What type of host is being configured and what factors should govern its connection to a corporate data network?
The host is being used as part of a supervisory control and data acquisition (SCADA) system. The host might be kept completely separate from the corporate data network (air gapped). If it is connected, it should be fully segregated from other systems and subject to carefully designed access control policies.
Assuming that sufficient bandwidth can be provided, what factor limits the usefulness of a microwave satellite Internet link?
The link will be subject to high latency, which will impact real-time data services.
Which factors are used by default in EIGRP to identify the least-cost path?
The lowest bandwidth link along the path and the sum of latency along the path.
A server group installed with storage devices from Vendor A experiences two failures across 20 devices over a period of 5 years. A server group using storage devices from Vendor B experiences one failure across 12 devices over the same period. Which metric is being tracked and which vendor's metric is superior?
The metric is Mean Time to Failure (MTTF). Note that MTTF is used for devices that cannot be repaired. Repairable system reliability is measured using Mean Time Between Failures (MTBF). Vendor A's devices have a MTTF measured at 50 years (20*5/2), while Vendor B's are 60 years (12*5/1), so Vendor B has the superior metric.
You are configuring a load balanced web application. Which IP address should be configured as a host record in DNS to advertise the application?
The virtual IP (VIP) address of the load balancer.
What is the purpose of HSRP and VRRP?
These are both first hop redundancy protocols. Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) allow multiple physical router appliances to act as the same logical router, providing failover.
What switch configuration feature could you use to prevent web servers in the same subnet from communicating with one another?
This can be configured using a private VLAN. The servers are all placed in the same host VLAN and communicate out of the VLAN/subnet via the promiscuous port. Each server port is configured as an isolated port. The isolated ports are not able to communicate directly.
What type of assessment is most likely to measure security policies and controls against a standard framework?
This can be referred to as posture assessment or risk assessment.
What type of cable can be used to connect a CSU/DSU to a smartjack, assuming a maximum link distance of 1m (3 feet)?
This connection can use an ordinary straight-through RJ-45 patch cord.
You need to cable a service that terminates at an optical network unit (ONU) to the customer router. What type of cable is required?
This connection can use an ordinary straight-through RJ-45 patch cord. The ONU converts the fiber optic signal from the service provider cable to an electrical signal for transmission over copper Ethernet.
What are the characteristics of S/FTP cable?
This is a twisted pair type of copper cable using a braided outer screen and foil shielding for each pair to reduce interference.
Analysis of outgoing traffic shows connections by IP cameras to unidentifiable domain names. What type of traffic has been detected?
This is command and control (C-and-C or C2) traffic between a handler and botnet of compromised IP camera devices, often called an Internet of Things (IoT) botnet.
What type of failover site generally requires only data to be restored before it can resume processing?
This is typical of a warm site.
A Wi-Fi analyzer is a software-based tool that interrogates the wireless adapter to display detailed information, based on what the Wi-Fi radio can receive. A spectrum analyzer uses dedicated radio hardware to report on frequency usage outside of Wi-Fi traffic, and so can be used more reliably to detect interference sources.
This might work, but you should investigate the root cause of the issue and determine whether the solution will have adverse effects. The most obvious issue is that client stations might then be able to hear the AP but not be able to speak to it. Depending on the rest of the WLAN infrastructure, increasing power on one AP may cause more co-channel interference with other cells. A better solution will be to add an access point or to configure a wireless bridge using directional antennas.
How would a router appliance be patched to protect against a specific vulnerability described in a security advisory?
This type of OS does not support patching of individual files, so the whole OS has to be replaced with a new version. Vendors keep track of which version first addresses a specific security advisory.
What is the function of the following command? nslookup - 8.8.8.8
To start nslookup in interactive mode with the DNS server set to 8.8.8.8 (Google's public DNS server).
broadcast storm
Traffic that is recirculated and amplified by loops in a switching topology, causing network slowdowns and crashing switches.
What IPSec mode would you use for data confidentiality on a private network?
Transport mode with Encapsulating Security Payload (ESP). Tunnel mode encrypts the IP header information, but this is unnecessary on a private network. Authentication Header only provides authentication and integrity validation, not confidentiality.
What distinguishes TFTP from FTP?
Trivial FTP only supports GET and PUT commands-not directory browsing, file deletion, and so on. TFTP works over UDP while FTP works over TCP.
True or False? If a client accepts a DHCPOFFER, the DHCPREQUEST packet is broadcast on the network.
True..
fiber distribution panel
Type of distribution frame with pre-wired connectors used with fiber optic cabling.
Small office/home office (SOHO)
Typically used to refer to network devices designed for small-scale LANs.
What types of DNS records have priority or preference values?
Typically, mail (MX) and service (SRV) records.
Which port is used by the Network Time Protocol (NTP)?
UDP/123.
What port and protocol does TFTP use at the Transport layer?
UDP/69.
time domain reflectometer (TDR)
Used to measure the length of a cable run and are able to locate open and short circuits, kinks/sharp bends, and other imperfections in cables that could affect performance.
optical time domain reflectometer (OTDR)
Used to measure the length of a fiber optic cable run and are able to locate faults.
At which layer of the OSI model do VLANs establish network segments?
VLANs work at layer 2, or the data link layer of the OSI model.
How does an SNMP agent report an event to the management system?
Via a trap.
You need to analyze the information saved in a .pcap file. What type of command-line tool or other utility is best suited to this task?
You need to analyze the information saved in a .pcap file. What type of command-line tool or other utility is best suited to this task?
What protocol can be used to implement a SAN without provisioning dedicated storage networking adapters and switches?
iSCSI.