Network+

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

GRE

Generic routing encapsulation (GRE) is a communication protocol used to establish a direct, point-to-point connection between network nodes. Being a simple and effective method of transporting data over a public network, such as the Internet, GRE lets two peers share data they wouldn't be able to share over the public network itself. Paired with IPSEC to carry data over layer3

Protecting Networks - Vulnerbilities - Zero Day - Attack

Getting data with attack after exploiting.

Malware (Malicious Software)

Hostile or intrusive software designed to cause intentional harm.

What is confidentiality?

How do I keep things confidential? Via Encryption

Patching - OS Updates

• All devices need updates, even mobile devices • Device patches - security updates • Operating system updates - New features, bug fixes

IOT

(Internet of Things) refers to a network of physical objects of things that are embedded with electronics, sensors, software, and network creativity. These physical objects can exchange data with each other

What is Root Guard

- An STP feature that is enabled on a port-by-port basis. - Prevents a downstream SW (often misconfigured or rogue) from becoming a RB in a topology. - Functions by placing a port in an ErrDisabled state if a superior BPDU is received on a configured port.

Disaster Recovery and Backup - Disaster Recovery Plan - Two Data Types - Configuration Data

-All customized settings for routers Switch Firewall IPS Allows replace and restore of failed device.

Subnet Masks Whacks and Hosts CIDR

/24 - 254 /25 - 126 /26 - 62 /27 - 30 /28 - 14 /29 - 6 /30 - 2

The smallest ipV6 subnet is what?

/64

What wavelength is an SMF Cable?

1310nm to 1550 nm of light generated by a laser.

Which of the port numbers listed below are reserved for NetBIOS services

137-139

What does a Class C start with and what is its whack?

192 /24

What does baseline provide to the Network Administrator

A baseline helps identify irregular activity that needs to be investigated.

Protecting Networks - Physical Security - Detection Methods - Asset Tag

Allows identity of who it belongs to or where it was.

Extensible Authentication Protocol (EAP)

Allows transactional based authentication systems to identify what type capability of authenticatiosns. Wireless Networks

What is needed for encryption?

Alogrithm and a Key

Protecting Networks - Wireshark

Application that captures and analyzes network packets

Infrastructure as Code

Automation Orhestration

BIDI

Bidirectional Single Mode Fiber using different color lasers. Future of fiber otptic.

What is bidi?

Bidirectional. Single Mode Fiber using different colored lasers to increase throughput.

Interference

Biggest problem Can disrupt or slow down connection. Channel being stomped on. Changes made to WAP loose connection Reboot

Forward Proxy

Client speaks to proxy and forwards the data. Dedicated Box or Software Caching Content filtering Acts like a firewall. More detailed parameters than Firewall.

True or false? The DHCP server in the SOHO router assigns an IP address to the WAN interface automatically.

False—the DHCP server in the SOHO router assigns IP addresses to the hosts on the local network. The WAN address is likely to be assigned by DHCP, but a DHCP server is managed by the access provider.

True or false? The WAN port on a SOHO router is connected to the LAN ports by an internal switch?

False—the LAN ports and access point are connected by a switch. The WAN port is separate. Packets must be routed between the LAN and WAN segments.

Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance

Fault Tolerance is the ability for one system to continue functioning in the event of failure of one of its components.

Patching - OS Updates - Manufacturer

Feature Changes Updates Security Vulnerability

Protecting Networks - Physical Security - Physical Controls - Preventative Controls

Fence and Gates Barricades K Ratings

Difference between Forward and Reverse Proxys

Forward Proxy hides the clients Reverse Proxy hides the servers.

Data Center:SDN

Forwarding Plane/Layer - Forwards packets Infrastructure Plane - sends data frames to Control Plane - Sets up ACLs and routing info Application Plane - API, Code Interfaces of SDN Managment Plane Layer.

OSI Data Link Layer or Layer 2 PDU is known as:

Frame

Network Monitoring System Monitoring - Utilization - Error Rates

Frames and or packets that are malformed, broken etc. What percentage are bad?

Protecting Networks - Purpose of Man In The Middle

Garner data - Exfiltration

Which copper Ethernet standard meets the bandwidth requirements for clients in an office network while minimizing costs?

Gigabit Ethernet. Provisioning 10 GbE would require upgrading the network adapters in most client devices, as well as potentially requiring upgraded cable installation.

Hardening IOT Devices at home

Give it a seperate SSID Do not broadcast SSID Cameras in seperate VLAN PSK Use long one. Routine Queries for firmware updates. User Name ACL

What is the order of colors for the 568A standard?

GrW, Gr, OrW, Blu, BluW, Or, BrW, Br

Data Center:Hot and Cold Isles

Help regulate the cooling in data centers with multiple rows of cabinets (The back of all cabinets in one row will face the back of all cabinets in an adjacent row to create a hot isle, and vice versa (front to front) to create a cold isle)

Reverse Proxy

High security Handle DoS attacks Load balancing Caching Encryption acceleration

Protecting Networks - Social Engineering - Phising

Hoax email to click on website to get information

What is non-repudiation?

I have no doubt what I am getting is from the acutal person I expect it to be.

Protecting Networks - Physical Security - Prevention Methods

ID Badge Reader

Network layer protocol that specifies the format of packets and addressing scheme in network communications.

IP

IPAM

IP Address Managment - track and manage allotted IP addressses, maintaininig address needs for servers and VM farms.

anycast

IP delivery mechanism whereby a packet is addressed to a single host from a group sharing the same address.

authentication header (AH)

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

Quadruple A

IPv6

STP - Spanning Tree Protocol

If a loop is detected, the root switch will shut of the port that is looping.

What is Bridge protocol data units (BPDU) Guard?

If it detects a BPDU being sent, the port is disabled. Allows only non-switch devices to connect to port.

Default Route

If the IP address is not otherwise in the table it will be sent to the default route, always starts with 0.0.0. has the gateway and the nic to use.

If there is a long string of zeros how can hou shorten it

If there is a group of 4 zeros, such as 0000:0000 they can be concatenated to 0:0 which can further be shortened to :: (double colon) Leading 0s can also be dumped

Mail Ports TLS

Imap 144>993 TLS POP 110>995 TLS SMTP 25 > 465 TLS

BSSID (basic service set identifier)

In IEEE terminology, the identifier for a BSS (basic service set).

Client Isolation

Keeps users on the same wirelwess network from seeing each other

The Presentation Layer is which Layer in the Open Systems Arc hitecure model?

Layer 6

Protecting Networks - Defense in Depth

Layered system of security measures. -Permieter -Network -Host/Endpoint -Application -Data

Protecting Networks - Network Hardening - Port Security - Router Advertisement (RA)

Let neighboring nodes that the router is available. Uses NDP Neighbor Discovery Protocol. Detects Neighbors.

Which of the following answers does not refer to the characteristics of twinaxial cabling?

Long-distance cable runs

We add DNS records in what ?

Lookup Zones

Protecting Networks - Malware - Trojan - Ransomware/crypto-malware

Lose use of computer until you pay. Crypto encrypts software

What is the name of ability for a switch to be with an uplink data port to work with a straight through cable when directly connected to another switchh?

Medium Dependent Interface Crossover MDI-X. If the switch does it automatically it is Autmatic MDI-X

Standard Business Documentation - MOU

Memorandum of Understanding Between organizations that cannot make a standard legal contract. -Definition of agreed duties -Time Frame

Which type of network topology provides the highest level of redundancy?

Mesh

MAN

Metropolitan Area Network; a geographic network that covers a larger geographic area such as a city or community; may be used to connect computers in libraries, government agencies, etc. together - no more than 30 miles in size

Data Center:Active/Passive

No load balancing, just if one goes down how do we get to the other?

Which of the following would be considered firewall technology?

Port filtering Packet filtering Proxy server Network Address Translation (NAT)

A technician configures a switch port with a list of approved MAC addresses. What type of feature has been enabled?

Port security.

Virtualization

Power Saving Hardware Consolidation System Recovery Research -- Testing

Data Center:Wiring Diagram

Power connections Not where they are but what they are connected to. Also for cable runs.

PSK

Pre-shared key. A secret shared among different systems. Wireless networks support Personal Mode, where each device uses the same PSK. In contrast, Enterprise Mode uses an 802.1x or RADIUS server for authentication.

Risk Managment - Security Assessment - Assets

Routers Firewalls Servers Files Databases

SAML

Security Assertion Markup Language

Server-Side load balancing.

Software at Server location Can use clustering. Systems have own private network Keeps systems identical Some clustering will update froma a single server. Load balancing is now in the cloud

What is a U?

Standarized Height = 1 3/4" on 19" Rack

SOA

Start of Authority - Top level DNS Server for Zone

SOA

Start of Authority DNS Server. Big cheese server.

Protecting Networks - Firewalls - Stateless

Stateless and stateful exist on same firewall.

Which document defines services, products, and time frames for support provided by a vendor?

Statement of Work

Standard Business Documentation - SOW

Statement of Work Legal contract between two parties (Vendor and customer) -Defines services to be performed/supplied -Defines time frame/deliverables -Defines milestones/defines progress

MAC Reservation

Static IP Not needed but ip is, Gives highest priority to make sure the device has an IP

TOR

TOR creates a VPN to a proxy but it randomly creates a path.

Business Continuity Plan - Annual Excercises

Table top go through order Fire Drill, servers get moved etc. Fail Over - Make it happen to test

Formatting data translation, data compression, encyrption/decryption takes place at what layer?

The Presentation Layer or Layer 6

MU-MIMO (Multi User-Multiple in, Multiple Out)

The ability to communicate with up to four devices simultaneously. Introduced in 802.11ac WiFi Routers operating on older standards such as Wireless-A, B, G, and N do not have it.

If you are provided with an ip address block of 192.104.32.0 /24 How many hosts can you use?

The total hosts is 256. Your range would be usable for 254 hosts due to 2 reserved for routing and broadcast, that leaves you with a range from 192.104.32.1-192.104.32.254

EUI-64 creates the Link Local address from the MAC address, what is used to protect the privacy so that your MAC can not be compromised?

The use of a randomizer

Protecting Networks - CIA Protecting Data - CIA Protecting Data - 3 Things that can go wrong.

Threat Vulnerability Exploit

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Unholy Trinity

Threats can create vulnerabilities, vulnerabilities create exploits and exploits can give unauthorized users access to your network.

6TO4

Tunneling adapter software to go to IPv6

Asymmentric encryption

Two keys, a public key and a private key. Public encrypts and private decrypts. Two people need to exchange public keys to decrypt.

Site to Site

Two networks acting as the same network.

Port Bonding - combine ports to add bandwidth.

Two ports on each device act as one port. Two ports are put into a group #int port-channel 1 = a group #switchport mode trunk #int fa0/23 #chann #channel-group 1 mode active #show interface prot-channel 1

Hypervisor Types

Type 2 Runs ontop of OS Hosted Hyper Visor Type 1 - Bare metal

International Export Control

US is very strict Military information Nuclear Information License keys

Protecting Networks - Social Engineering - Masqurading

Urgency and scaring you while imitating someone.

How do you find which connection in patch panel is your wall jack?

Use a Fox and Hound-Tone Generator and Tone Probe

Jill wants to connect multiple devices into a network but has been cautioned not to segment her collision domain. What device would enable her to accomplish this goal?

Use a Hub. A switch will segment a collision domain.

WAN Troubleshooting

Use ping, ipconfig and netstat to test connectivity. -Check Lan Interface Connected? Router giving proper info Can you access the router. Modem lights Power, Link activity LED fix with Modem reset. Choosing a DNS Server Add DNS yourself 8.8.8.8

Variable-length subnet mask VLSM

Used by large internet providers routers.

Fiber Distribution Panel

Used to distribute fiber-optic networks.

Firewall internally

Used to provide stircter rules than external. Implemented for DMZ applications.

Stateful DHCP v6

Used to redirect DNS for local use.

Protecting Networks - Password Attacks - Stopping Attacks

User Education Social Engineering

Leased Office Demarc

Uses Demarc extensions. The Demarc comes into a multi-plexer/splitter. The individual cables then go to the respective tenant to the cable modem in that office.

Windows Naming Process if off network

Uses NETBIOS ports 137-138-139

Dynamic DNS

Uses client that talks to DNS Server

Are all computers in a hub in the same collision domain?

Yes, a hub repeates the data to all ports.

Can you safely connect a server to a PoE+ enabled port or should you disable PoE first?

You can connect the server. PoE uses a detection mechanism to determine whether to supply power.

Protecting Networks - Defense in depth - Networking layer - Network Segmentation Enforcment

You must create seperate vlans and for efficient flow of traffic.

Data Center:Three-tier architecture

a design of user computers and servers that consists of three categories, or tiers

Data Center:Fiber Channel (FC)

a high-speed serial architecture that can operate over optical fiber or over a four-conductor copper cable.

What does it take to use a remote VNC?

client and server.

adhoc mode

configuring the wireless network adaptor to connect to other computers who are also using wireless network adapters directly

OFDM (Orthogonal Frequency Division Multiplexing)

employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission -the modulated signals are perpindicular (orthogonal) and do not cause interference with each other -requires smaller freq set (channel bands) -offers greater throughput

Wireless Access Point (WAP)

enables devices to connect to a wireless network to communicate with each other

Flush DNS

ipconfig /displaydns Displays DNS Cache

A network technician determines that two dynamically assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?

ipconfig /release | ipconfig /renew

ou need to verify whether a switch port is misconfigured by checking the number of collisions being reported. What general command could you use at a CLI to report this information?

show interface

You are wanting to make a short straight-through cable to connect a router to a switch in your MDF. Your company uses the 568B wire pattern. Which color pairs will be crimped down on the outer pins of the RJ-45 connector? (Select two.)

white/brown, brown white/orange, orange

What is used to splice Fiber Optic Cable?

Fusion Splicer

First Generation MSA was what?

GBIC - Gigabit interface converter.

What introduced the SIM card?

GSM

Horizontal Run - Stranded or Solid Core?

Solid

Virtualization Components

1. Computer 2. Hypervisor - Sits between hardware and virtual machine 3. Virtual Machine 4. VHDx Virtual Hard Drive

802.11g

2.4ghz 54mbs OFDM

ISM Band

2.4ghz/5ghz (Medical Band)

Most internet addresses in IPv6 start with what?

2000

With a /24 I have how many hosts?

254

A server has a four-port gigabit Ethernet card. If a switch supports port aggregation, what bandwidth link can be achieved?

4 x 1 gigabit or 4 gigabit.

What is the wavelength range of an MMF Cable?

850nm - 1300nm

How long can a horizontal run be?

90m Meters (Don't forget about patch cable lengths.)

If there is no MX Record what record will be used for mail transfer?

A

What is a common port for https traffic?

443

STARTTLS

465 NO PORT SWITCH

The Session Layer is which Layer in the Open Systems Architecture model?

5

802.11A

5 ghz 54mbps OFDM

What port does DNS user?

53

WHAT IS A 3 WAY HANDSHAKE

A TCP method of sending data. A SYN Packet is sent by client SYN/ACK is sent back by server /ACK sent from client and connection is created.

Protecting Networks - Firewalls - Stateful

A firewall aware of state of communication. Creates a State Table Uses a hierarchy of account roles/permissions. If it recognizes communication it allows it.

Firewall, IDS Instrusion Detection System and Intrusion Protection System

A firewall filters, an IDS notifies and an IPS Acts to stop.

Disaster Recovery and Backup - MTBF (Mean Time Between Failures)

A measure of the average time between failures in a system - the higher the amount, the more reliable the thing is.

Tunneling

A program that sends data from your computer throught 'the tunnel' to another system running a client.

What component performs signal amplification to extend the maximum allowable distance for a media type?

A repeater.

NDA (Non-Disclosure Agreement)

A signed agreement between a company and an agency or person in which the agency or person promises they will not disclose or share confidential information.

Global System for Mobile Communications (GSM)

A standard created to replace first generation (1G) analog cellular networks and was first used with second generation (2G) networks, allowing digital cellular data communication for mobile devices. TDMA was used.

POE+ (802.3at)

A standard that enables systems to pass electric power along with data on twisted pair Ethernet cabling. 25.5 W of DC power.

Protecting Networks - Password Attacks - Users

Avoid common names Shoulder Surfing Change default password

A home user reports to a network technician that the Internet is slow when they attempt to use their smartphone or laptop with their Wi-Fi network. The network administrator logs into the admin area of the user's access point and discovers that multiple unknown devices are connected to it. What is MOST likely the cause of this issue?

A successful WPS Attack has occured

Port Tagging

A technique of adding a VLAN ID into an Ethernet frame. The tag identifies which VLAN the frame is coming from or going to. A tagged frame is called an 802.1q frame or a Dot1q frame.

Which of the following answers refer to the characteristic features of bus topology? (Select 3 answers)

A terminator at each end of the main network cable prevents collisions caused by signal bounce The main network cable becomes a single point of failure All network nodes connect to a single central cable (a.k.a. backbone or trunk)

heat map

A two-dimensional representation of data in which values are represented by colors. Created on a Network Managment Station

Hash

Binary value fixed in size.

Protecting Networks - Replay attack

A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.

Web Proxy

A type of proxy that is used to act on behalf of a web client or web server.

DSSS (Direct Sequence Spread Spectrum)

A type of radio transmission in which a single data signal is converted into multiple digital data signals called chips.

MPLS (Multiprotocol Label Switching)

A type of switching that enables any one of several Layer 2 protocols to carry multiple types of Layer 3 protocols. One of its benefits is the ability to use packet-switched technologies over traditionally circuit-switched networks. MPLS can also create end-to-end paths that act like circuit-switched connections. Lower Cost

RIR (Regional Internet Registry)

ARIN= North America APNIC = Asia Pacific AfriNIC = Africa LACNIC = Latin America RIPE NCC = Europe

infrastructure mode

A wireless configuration that uses one or more WAPs to connect wireless workstations to the cable backbone.

WPA2

AES-CCMP is the encryption protocol

How do I list the ARP addresses on my network?

ARP -a

Points of Failure - Critical Assest - High Availabiltiy - Failover

Ability for master systems to detect the failure and then take over.

Protecting Networks - Firewalls - Stateless - ACL

Access Control List

Security Information and Event Managment (SIEM) - Tools

Aggregate and correlate data allowing organization into valuable information. SPLUNK ArcSight ELK - Elasticsearch, Logstash, Kibana

Security Information and Event Managment (SIEM)

Aggregation - Collecting and storing Data Coorelation - Look at and understand analysis

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Cables

Air Gap - Seperate important cabling network distribution cables from others.

Protecting Networks - Physical Security - Detective Physical Control

Alarms Cameras Infrared

Security Information and Event Managment (SIEM) - Correlation

Alerts - For notification if something goes bad - Triggering Exheeding threasholds

What does netstat -a provide?

All connections and listening ports.

Business Continuity Plan - Cloud site backup location

All data and resources available at new location.

Protecting Networks - Defense in depth - Host/Endpoint

All hosts on network -Prevent malware -Make sure software is updated.

Points of Failure - Critical Assest - High Availabiltiy - Failover - Virtual IP - Method

All servers from cluster to recieve data from Common IP.

Client to Site VPN

Also known as a remote-access VPN, a client-to-site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost.

Network Monitoring SNMP (Simple Network Management Protocol)

An Application-layer protocol used to exchange information between network devices. UDP 161 TLS 10161 (encrypted)

What is an Ethernet?

An Ethernet is a single network segment, or layer 2 broadcast domain.

Protecting Networks - Session Hijacking

An attack in which an attacker attempts to impersonate the user by using his session token.

Protecting Networks - IP Spoofing

An attack that changes the source IP address. Uses Arp Poisining.

Protecting Networks - DHCP spoofing attack

An attacker configures a fake DHCP server on the network to issue IP addresses to clients. Creates new DNS server ip.

What is a digital signature

An encrypted hash of the web page and a private key.

Source Port is created where?

At the web client/browser, it is serial and emphemeral

Business Continuity Plan - 3 Parts

BCP Risk to Critical Systems Cost to repair or replace How to implement in a tiemly fashion

Your company wants to create highly available datacenters. Which of the following will allow the company to continue maintaining an Internet presence at all sites if the WAN connection at their own site goes down?

BGP

How does Border Gateway Protocol Function?

BGP Breaks Internet up into abt 20,000 Autonomous Systems.. Each AS has an ASNumber. BGP

What does MPLS connect?

Back office or satellite locations via public facing router at central office - Back Haul Connection, Slower, expensive. Keeps security.

Disaster Recovery and Backup - Methods- Differential

Backup all changes from last full backup

Disaster Recovery and Backup - Methods- Incremental

Backup only changes from last backup

No Connection - Usually check another port.

Bad Ports - if a short, the link light on the NIC will blink but on the switch port it is not. Switch ports. Replace switch Transmit and Receive reverse - Check link lights. Lable cables, keep good inventory. No need to lable straight through as such. Horizontal Cabling - Check for bent pin in cable or switch. Switch ports Open and shorts - Check other port

Multimeter

Basic voltage meter

Symmentric Encryption

Both ends have the same key to encrypt and decode.

What is a BPDU

Bridge protocol data units. - Negotiation of STP for CISCO devices.

Bridge the NIC

Bridging the hardware NIC to the Virtual NICs

What is a DHCP Discover?

Broadcast Sent out to Broadcast Domain to the network DHCP Server.

address resolution protocol (ARP)

Broadcast mechanism by which the hardware MAC address of an interface is matched to an IP address on a local network segment.

Change Managment - Change Managment Team

Business Analyst Marketing Operations Managment

How is the decimal value 12 expressed in hex?

C (this might be written 0xC for clarity). Values above 9 are expressed as letters (10=A, 11=B, 12=C).

Canonical Name

C Name and aliasfor and FQDN

Cnonical Name

C Name, a pointer to an A Record

What is CSMA/CD

Carrier Sense Multiple Access/Collision Detection

A type of network that interconnects multiple LANs within a limited geographical area is known as:

CAN

What is 1000BaseT

CAT 6 100 Meters

What is 10GBaseT

CAT 6 55m CAT 6A 100 Meters.

IPSec (L2TP/IPsec)

CISCO Security for VPN

Define Carrier Sense Multiple Access/Collision Detection

CSMA/CD is a technology used for devices to listen and see who is communicating. When a collision occurs, each MAC address randomly selects a number that is the number of ms to wait before sending again.

Multiplex

CWDM

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Workstation

Cable Locks Screen Filters

nbtstat -c

Cache view, Registered names on network.

RADIUS Server

Can authenticate users to database on another server

Internal Firewalls purpose.

Can be uisedd to block specific access for areas that may need additional restirictions but, still function within the main domain.

The 802.11 2ghz and 5ghz ISM Bands are broken up into?

Channels

When a NIC checks to see if another NIC is transmitting data what process is it called?

Carrier Sense. Collision Detection occurs after a collision has occured.

CSMA (Carrier Sense Multiple Access/CA)

Carrier-sense multiple access with collsion avoidance. A collision detection and prevention method used to ensure proper data communication in a bus network

What cable did 100BaseT4 use?

Cat 3 using all 4 pairs. Full Duplex

What cable is used by 100BaseTX?

Cat 5e

Which categories of U/UTP cable are certified to carry data transmission faster than 100 Mbps?

Cat 5e and Cat 6/6A. Cat 7 and Cat 8 are screened/shielded types.

Troubleshooting Structured Cable issues

Check windows network - Connected or not Link Light - active or not Device Manager - Is network card disabled? Loopback Address - 127.0.0.1 use loopback adapter to check NIC Health. Loose wires - Cleaning crews etc. Check wall plate maybe have to punch down the connection. CHECK WORK AREA FIRST

Protecting Networks - System Life Cycle - Asset disposal ITAD (IT Asset Disposal)

Check with ordiances Security issue. Chain of Custsody Use Asset Tags. Logged in Asset Magmet System Secure Disposal Certificate of Data Destruction

nbtstat -r

Clear Cache

Protecting Networks - Vulnerbilities - CVE

Common Vulnerabilities and Exposure list List of publically disclosed security flaws. Each CVE gets and ID Number

Real Time Video

Communication that offers both audio and video via unicast messages.

Protecting Networks - VLAN Hopping - Port Isolation

Community Ports - Talk with everyone Private Ports - Directed communication

Deployment Models - BYOD - Policy

Company has certain control of some aspect of your device May limit device type User must sign an AUP - Acceptable Use Policy

Data Center:Baseline configurations

Comparitive tool

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Compensating & Corrective Control

Compensating is simply making up for a failed control.

Network Operations - Security Policy - Password Policy

Complexity Password Age Lockout Policy

What is CIA?

Confidentiality, integrity adn availability

What are Patch Cables used for connecting?

Conmnect switches to patch panels and computers to wall outlets.

Which would be the BEST example of an on-path attack?

Connecting a laptop to an access point to sniff packets and intercept them

Encrypted Tunnel

Connection to Proxy.

What does a router do?

Connects different network ids

Digital Certificate

Contains Public Key, digital Signature and third party digital signature.

Traffic Shaping

Control traffic based on serveral parameters. Uses Quality of Service.

Mandatory Access

Control- Lable on resorce, you have to have same lable.

DHCP

DORA Discover, Offer, Request and ACK

DLC

Data Link Control protocols; mac address on ethernet

Lyer 2 is also call the _______ Layer

Data Link Layer

deauthentication attack

Denial-of-service (DoS) strike that disconnects a wireless host from WAP, so that the victim is forced to reconnect and exchange the wireless key multiple times; an attacker can then perform an offline brute-force cracking of the password.

A technician is configuring a computer lab for the students at Dion Training. The computers need to be able to communicate with each other on the internal network, but students using computers should not be able to access the Internet. The current network architecture is segmented using a triple-homed firewall to create the following zones: ZONE INTERFACE, IP address --------------------------------------- PUBLIC, eth0, 66.13.24.16/30 INSTRUCTORS, eth1, 172.16.1.1/24 STUDENTS, eth2, 192.168.1.1/24 What rule on the firewall should the technician configure to prevent students from accessing the Internet?

Deny all traffic from eth2 to eth0

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Fence K Ratings

Department of State K4 - Stopped 15K Pound Vehicle at 30mph K8 - Stopped 15K Pound Vehicle at 40mph K12 - Stopped 15K Pound Vehicle at 50mph

Data Center:East/West Traffic

Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).

What is an access point (AP)?

Device that provides a connection between wireless devices and can connect to wired networks, implementing an infrastructure mode WLAN. Also called wireless access point (WAP).

Points of Failure - Critical Node

Devices needed to maintain the network.

Reverse lookup zones.

Different PTR records for all servers in Zone DNS requires DNS/BIND

Disaster Recovery and Backup - Methods

Differential - Less backup sets but they get bigger Incremental - More backup sets but they get smaller.

Protecting Networks - Network Hardening - Port Security - DHCP Snooping - Mitigation

Disable Network Ports not needed Disable Protocols not needed.

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Internal Threats

Disgruntled Employee -Deactivate Account

netstat -n

Displays addresses and port numbers

What does netstat -b provide?

Displays the executable involved in creating each connection or listening port. Needs elevated prompt

netstat -o

Displays the owning process ID associated with each connection

netstat -r

Displays the routing table.

Short-hand for IPv6

Dump leading 0s

Protecting Networks - Cisco Dynamic Trunking Protocol (DTP)

Dyanically assigns a trunk link.

DNAT

Dynamic Network Address Translation - Has limited number of internal ips to give to devices.

Protecting Networks - System Life Cycle - Asset disposal - Update IT Inventory

End of life details Manner of disposal Value Date

Data Center:Fire Protection System, Redundancy Protocols, load balancing, clustering, uniterruptivle power supplies UPSs and generators

Ensure High Availability.

Network Monitoring - System Monitoring - Utilization

Establish baseline If CPU gets above a certain point send a notification

Business Continuity Plan - Disaster Recovery Plan

Evacuation -Backup site - Cold weeks to bring online. Lowest cost recovery site. -Warm Site takes a few days to bring up. Operational equipment but little or no data -Hot Site Take hours to bring online --Real-time synchronization --Almost all data ready to go

Protecting Networks - Password Attacks - Dictionary Attack

Every word in the dictionary is used until the right word is found.

Switch Down impacts who?

Everyone connected to the switch.

Rouge Access Point with same SSID

Evil Twin

Risk Managment - Security Assessment- Threat Assessment

External Threats Internal Threats Theft Sabatoge Natural Events Water Main Break, Leak, Fire etc Disasters.

A Record

FQDN and matching IP Host Record

netstat -f

FQDN of forgein addresses

What is an important part of a monitoring program?

File Integrity

Protecting Networks - Firewalls

Filters traffic based on criteria.

Protecting Networks - Vulnerbilities - Zero Day - Vulnerability

Finds flaw first before Vendor

Protecting Networks - Firesheep

Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks

You need to provision a fiber patch panel to terminate incoming cabling with green LC connectors. What type of ports should be provisioned on the patch panel?

Green connector color-coding indicates angled physical contact (APC) finishing. This type of finishing is incompatible with PC or UPC ports. The patch panel must be provisioned with Lucent Connector ports with APC finishing type.

100BASE-T transmit pins are 1 and 2. What color code are the wires terminated to these pins under T568A and T568B?

Green/White (pin 1) and Green (pin 2) for T658A or Orange (pin 1)/White and Orange (pin 2) for T568B.

Federated Systems

Group of computers that have had kerberos setup on them for a domain.

autonomous system (AS)

Group of network prefixes under the administrative control of a single organization used to establish routing boundaries.

Name Server

Has domain names. Subordinate to SOA

Data Center:Logical Network Diagram

How things are connected

Business Continuity Plan - Alternative business practices

How to process credit cards Accounting sofware Sales tax if you move

Wirewrap

How wires are connected on the cable. Bad Wiremap will show as problem on a wire pair.

Network Operations - Security Policy - Remote Access Policy

How you can connect to the internal network from outside infrastructure. Might include VPN and Authentication

The Physical Layer- Layer 1 consists of what components?

Hub, Cabling, Repeater

Disaster Recovery and Backup - Disaster Recovery Plan

Hurricanes Floods Acts of War

IPS/IDS PLacement

In line.

Stateless auto configuration

In the router advertisement phase to provide IPv6 clients with IPv6 address, submet mask, default gateway and DNS servers.

How does a switch know which port a device MAC address is ?

In the router is the Content Addressable Memory or CAM table. It stores the MAC and associated Port on the switch.

802.3af Power over Ethernet (PoE)

Industry-standard method of supplying power over an Ethernet cable to attached devices.

Protecting Networks - Command and Control (C&C or C2)

Infect computer with virus Computer then sends info to my server (zombie) I reply with complete control Malicous code is executed creating a botnet.

Stateless router solicitation

Information provided to hosts in IPv6 such as Gateway, IP, DNS etc.

Cloud Services

Infrastructure as a Service Iaas Platform as a Service Paas Software as a Service SaaS

IaaS

Infrastructure as a Service. A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. Compare to PaaS and SaaS.

HMI (Human Machine Interface)

Input and output controls on a PLC to allow a user to configure and monitor the system

Data Center:A SAN uses multipathing

Instead of one network card there are 2 or more.

Data Center:Distribution/Aggregation Layer

Interconnects the Layer 1 switches.

netstat -e

Interface statistics

Environmental obstacles to WIFi

Interference reflection abosortion

DEMARC issues

Interference, Failures due to storm

IGP

Interior Gateway Protocol. Autonomus systems are controlled by IGP.

IDF

Intermediate Distribution Frame

Protecting Networks - CIA Protecting Data - Confidentiality, integrity, availability

Internal threats external threats Vulnerabilities Exploits Spoofing

What is ICMP?

Internet Control Message Protocol - Works at IP level Layer 3 not Transport Layer Apps that use ICMP are ping and arp No Data just checksum and type.

DMZ

Internet Router to Switch 1 - Firewall Router DMZ Servers (Web etc.) to Switch Switch 1 to Switch 2 WAN - Firewall Router (Stricter Rules no Port 80 incomming) To Switch 3 internal network router

Data Center:IScsi

Internet Small Computer System Interface. A lower-cost alternative to traditional SANs. It supports sending traditional SCSI commands over an IP network.

Bandwidt Speed Tester

Internet Speed test type apps.

IDS

Intrusion Detection System - Detects potential threats. out-of-band does montioring and alerts

Authoritative DNS Server

It is the authority of its zone.

What type of connector is shown in this picture?

LC or Local Connector or Lucent Connector

10GBaseSR

LED Muiltimode 26m-400m

Name resovle in Windows Home

LLMNR Linked Local Multicast Name Resolution protocol that allows hosts to name resolution for hosts on the same local link

RADIUS Supplacant

Laptop, phone or other resource trying to get on the network

Risk Managment - Security Assessment

Like an Audit to find vulnerabilities.

Network Monitoring - Interface statistics or Interface Data

Link State Speed and Duplex Send and recieve traffic Giants and Runts Cycliclic Redundancy errors

5G

LowMedium and High. Upto 1gbps.

access/edge layer

Lowest tier in a hierarchical network topology acting as the attachment point for end systems.

Which type of fiber optic cable would you use for a LANs?

MMF - Less expensive optics, less expnesive to deploy.

How is MMF graded

MMF is graded by Optical Multimode (OM) categhories

QSFP (quad small form-factor pluggable)

MSA Transcievcer for 40gb Ethernet

MDF

Main Distribution Frame - Where outside connections connect to local distribution.

Patching

Maintenance or updating software. Software patches may be more limited in impact than firmware updates.

Change Managment - Strategic Change

Major change that will substantially effect the business of the infrastructure. Moves to another country or location Changing out All Computers. Not made by Change Managment Committee.

Business Continuity Plan - Alternative Processing Sites

Make Cross agreements with other organizations

SAML ia used to ...

Manage multiple apps using a single account

Software Defined Networking

Management plane/layer Control plane/layer data plane/layer Control of a device remotely

Access Control List

Mandatory Access Control- Lable on resorce, you have to have same lable. Discretionary ACL - Readers, owners, editors. Role Based ACL -- Groups

Protecting Networks - VLAN Hopping - VLAN Spoofing Protection

Manually configure trunk ports not automatic.

Protecting Networks - Denial of Service - DoS - Distributed Denial of Service Attack

Many computers sending attack to server. Malware sent out creates a botnet.

What mechanisims can be used to mitigate routing loops?

Max Hop Count TTL Split Horizon Route Poisoning Hold Down Timer

What is an MTU?

Maximum transmission unit—the maximum amount of data that a frame can carry as payload.

Disaster Recovery and Backup - MTTF, MTTR, MTBF

Mean Time To Fail Mean Time To Recover Mean Time Between Failure

Protecting Networks - Physical Security -

Measures you can take to provide physical security.

What type of connector is shown in this picture?

Mechanical Transfer Registered Jack - MTR. small-form-factor duplex connector with snap-in design for Multi-Mode networks.

automatic private IP addressing (APIPA)

Mechanism for Windows hosts configured to obtain an address automatically that cannot contact a DHCP server to revert to using an address from the range 169.254.x.y. This is also called a link-local address.

What is MDI-X

Medium dependent interface crossover. Takes a straight through cable and performs the cross-over automatically for switch to switch communication and daisy chaining.

Risk Managment

Mitigate risk to an acceptable level

Protecting Networks - Vulnerbilities - CVE - Source

Mitre Corp cve.mitre.org CNA - Numbering Authority

Disaster Recovery and Backup - Methods- Differential - Method

Monday - Full Backup Tuesday - Friday Differential Backup Only two backups to restore fully

Disaster Recovery and Backup - Methods- Incremntal - Method

Monday - Full Backup Tuesday - Friday Incremental Backup If there is a failure on Friday all backups will be needed to restore network for the week

WAN

More than one broadcast domain or two or more networks joined by a router.

Network Monitoring - SNMP - Versions - NMS

Most Network Management Systems can adjust between versions. If device 1 has version 3 and device 2 has version 1 it can talk to them.

Protecting Networks - Physical Security - Detection Methods - Motion Detection

Most common is passive infrared Radio or Microwaves

Protecting Networks - Physical Security - Tamper Detection

Motherboard alarm when case open

Trunking

Moves all VLAN traffic between switches. Uses Port Tagging. Enables VLANs to span more than one switch.

Standard Business Documentation MSA

Multi-Source Agreement -Used in place of a standard.

802.11n

Multi-antenna 2.4gh and 5ghz 108 mbs-300mbs MIMO Channels introduced

What is 224. address?

Multicast

What does MMF refer to?

Multimode Fiber

Most SAN solutions provide more than one connection between the SAN and the server. What is this called?

Multipathing

Multi-Tenancy

Multiple on same device or service.

Switch Loop

Multiple switches are connected in a circuit causing a loop.

What is MSA

Multisource Agreement - Allows you to use Fiber connectors in standard switch via plug-in modules.

Which of the following technologies could be used to ensure that users who log in to a network are physically in the same building as the network they are attempting to authenticate on?

NAC and GPS Location The name "Network Access Control" is almost self-explanatory. At its simplest, NAC solutions provide a way to manage access to network resources. It makes all devices and users visible to network managers and allows technicians to enforce security policies across every part of corporate networks.

Network function Virtualization

NFV - Archetecture. Patterns. Describe the network. Hardware to virtual switch

Which device works on both Data Lin and Physical Layer

NIC

Protecting Networks - Wired Man in the Middle - Purpose is to Gather Data

Names Passwords

External DNS Server

Recognized by DNS System.

What is NEXT and FEXT?

Near-end crosstalk, far-end crosstalk

Data Center:Generators, HVAC

Needed for Data Center

Windows Active Directory

Needed for SSO

Managed Switch

Needs Configuration Must be on same subnet Change default password

What naming resolve services does Windows 10 use?

NetBios and LLMNR

Data Center:NAS

Network Attched Strorage- File Level

Jason is a network manager leading a project to deploy a SAN. He is working with the vendor's support technician to set up and configure the SAN on the enterprise network. To begin SAN I/O optimization, what should Jason provide to the vendor support technician?

Network Diagrams

Which grade or grades of fiber have a 62.5 micron core?

OM1.

OTDR

Optical Time Domain Reflectometer

What is the order of colors for the 568B standard?

OrW, Or, GrW,Blu,BluW,Gr,BrW,Br

What color is a Multi-Mode Fiber Optic Cable?

Orange

Structured Cabling

Organization for cabling. Telecommunications Closet, Horizontal Runs, Work Area

Network Monitoring - SNMP - Community

Organization of Managed Devices

Protecting Networks - Firewalls - Stateless

Original type of firewall. Looks at data filters on IP address and Port number.

Authentication

Password

APIPA 169.254.x.x

Password forgotten

Equpment Rack Parts

Patch Panel, Cable Managment, Primary Switch, Router, Server

Risk Managment - Security Assesment - Vulnerability Assessment - Pen Testing

Penetration Testing

Network Monitoring - Tools

Performance Metrics Network Metrics Environmental Factors Presentation of Data

PAN

Personal Area Network Bluetooth, tethering etc.

Layer 1 is also called the _______ Layer.

Physical

At which layer of the OSI model is no header encapsulation applied?

Physical.

For Kerberos to work, it needs what?

Synched Time

Network Operations - Disaster Planning

Plan that is put in place to move to site or cloud.

Change Managment

Planning, implementing, controlling and reviewing the movement of an organisation from a current state to a new one.

Why is plenum-rated cable used when cable is run in an area where building air is circulated?

Plenum-rated cable produces minimal amounts of smoke if burned, must be self-extinguishing, and must meet other strict fire safety standards.

Interference

Problems that could occur during certain times. Intermittent issues.

Forensics - Four Steps - Interface with Authorities - Forensic Reports - Legal Hold

Process of Organization to preserve or organize data to a pending legal in reaction to a pending legal issue.

Forensics - Four Steps - Interface with Authorities - Forensic Reports - e-Discovery

Process of requesting data and providing it in a legal way.

Deployment Models - BYOD - Policy - Onboarding

Process to bring user into network on their device. The policy on what you agree to when getting on the network. Malware scans, apps etc.

Risk Managment - Security Assesment - Vulnerability Assessment - Vulnerability Scanner

Program that will inspect areas of vulnerability.

DMZ purpose?

Protect public-facing servers by creating an isolated area for those devices.

Protecting Networks - Firewalls - Network firewall

Protects the network. Hardware firewall Hardware Firewall

Link Aggregation Control Portocol LACP

Protocol for port bonding.

Open VPN and SSH

Protocols for a VPN

What MSA device is used for 40 Gigabit Ethernet?

QSFP - Quad small form-factor Pluggable

Role-based ACL

RBAC - Groups

Which of the following terms represents the maximum amount of data, as measured in time, that an organization is willing to lose during an outage?

RPO

Disaster Recovery and Backup - Disaster Recovery Plan - Recovery Point Objective

RPO - State of backup when data is recovered. How much data will be lost if backup used.

What is the flag used to terminate a connection between two hosts when the sender believes something has gone wrong with the TCP connection between them?

RST

Enterprise Security in WAP

Radius server uses WPA2 WPA2 Enterprise

Network Monitoring - SNMP - Cinfguration - RO

Read Only - You can only read

Discretionary ACL

Readers, owners, editors.

nbtstat -RR

Rebroadcast status.

RSSI

Received Signal Strength Indicator Estimated Measurement of the power level that a wireless client device is receiving from an Access Point.

Network Operations - High Availability

Redundancy and fault tolerance implemented to prevent network from going down. Includes backup startegies.

Forensics - Four Steps - Interface with Authorities - Forensic Reports

Report any findings to authorities

Network Monitoring - SNMP - Get

Request to query for information on a network entity.

Layer 2 attack

Requires physical connection to network. Creates flood.

Patching - Process

Research - Verify that patch will do what you want to do, and is working for others. Testing - Test on VM Configuration Backups -

What type of Fiber optic cable would you use for WANs?

SMF - Better optics than MMF but more expensive to deploy Supports higher signaling speeds (Upt to 100 gbs)

Your data center requires as much speed as possible for a short range. What type of optic cable should you use?

SMF - The repeaters are nearly the price of MMF repeaters and it is able to handle higher speeds of 40 gbs and 100 gbs Ethernet standards.

Server Record

SRV Record. Used in voice over IP Allows me to create a record for a specific service.

Connection Methods

SSH, VPN

What does this picture refer to ?

ST or Straight Tip Connector. It is an early bayonet-style connector that uses a push-and-twist locking mechanisim. Used for Multi-Mode networks but very common for Ethernet installations.

What protocol provides protection against broadcast storms

STP

Protecting Networks - Denial of Service - DoS - Attacks - Volume Attack-Protocol Attack

SYN Flood TCP/SYN Most common form

Disaster Recovery and Backup - Offsite

Safer Not as acessible.

Protecting Networks - Physical Security - Physical Controls - Preventative Controls -

Safes Locked Cabinets Enclosures Faraday Cage

Deployment models: Corporate-owned/issued, personally enabled (COPE)

Same as COBO but recieve approved apps

Know the 4 things of basic cloud computing

Scalability Elasticity Multi-tennancy Security Implications

Protecting Networks - Defense in depth - Networking layer - Network Access Control

Scan Hardware VLAN to isolate network Seperate SSIDs

Protecting Networks - Denial of Service - DoS - Attacks - Amplification Attack - Smurf Attack

Send ICMP Attacker spoofs IP of server Hosts all send packets to imposter.

SPF

Sender Policy Framework - Email Authentication A public list of senders ok to send from your domain.

Patching - OS Updates

Seperate Machine for Patches and Updates Download and Install on the Test machine first.

Points of Failure - Critical Assest - High Availabiltiy - Failover - Virtual IP

Single IP shared by multiple systems.

Protecting Networks - Firewalls - Stateless - Dynamic Ports in Apps

Some apps change port numbers. They keep searching for a port that is open. Need firewall that is contex and application aware.

Hybrid Cloud

Some of the cloud is private, some is public.

SNAT

Static Network Address Translation - Sends specific traffic to one Internal address.

nbstat -r

Statistics.

Network Monitoring - Documenting Logs

System Logs or General Logs

Neighbor Discovery Protocol.

Systems talk to each other and self configure.

Telnet

TCP 23

UC Ports - RTP Real-Time Transport Protocol

TCP 5004 and 5005

Which port enables the FTP's Data Connection for sending file data?

TCP Port 20

nbtstat -a <computer name>

Tells me info on other system

Scott is a brand new network technician at Dion Training. He has been told to remote into the edge switch from his desk and enable DHCP snooping. Which of the following commands should he use?

Telnet

Protecting Networks - Defense in depth - Application

Test applications to be sure no negative impact

TXT Record

Text Record - Anything you want. DKIM and SPF

IANA

The Internet Assigned Numbers Authority is the agency that assigns IP addresses to computer networks

Disaster Recovery and Backup - Mean time to failure (MTTF)

The average amount of time expected until the first failure of a piece of equipment.

What is a Subnet ID

The bits borrowed from the Host ID of the original IP Network address.

Distributed Switching

The centralized installation, configuration, and handling of every switch in a virtualized network.

RADIUS Client

Wireless access point for example to get you to the RADIUS Server.

What is the cost differerence between an SMF repeater and an MMF repeater?

The cost of an SMF repeater is only silightly higher lowering the cost to deploy SMF.

What is the effect of cladding having a different refractive index to the core?

The different refractive index creates a boundary that causes the light to bounce back into the core, facilitating the process of total internal reflection that guides the light signal through the core.

What function or service prevents an Internet host from accessing servers on the LAN without authorization?

The firewall.

What is the lowest layer (bottom layer) of a bare-metal virtualization environment?

The hardware

With CSMA/CD, what will happen if a host has data to transmit and there is already data on the cable?

The host will wait for a random backoff period before attempting to transmit again.

You need to run UTP cable between two switches at opposite ends of a warehouse that is 140 m (459 feet) long. What additional device (if any) is required for the installation to be compliant with 1000BASE-TX Ethernet standard?

The maximum link length is 100 m (328 feet) so a repeater will be needed.

What is the process to verification of public key source?

Third party creates a digital signature from the third party. That digital sig is attached to the digital sig provided from source and compared for accuracy.

Protecting Networks - Man in the Middle - 2 parts

Third-party interception between a two-part conversation Third party uses the information to their advantage.

WiFi Analyzer

Tool for checking/diagnosing issues on a wireless network.

What layer uses ports?

Transport Layer. Layer 4

At which OSI layer is the concept of a port number introduced?

Transport or Layer 4

Protecting Networks - Malware - Trojan - Remote Access Trojan - Logic Bomb

Triggered upon an action. For instance when account is disabled.

Which of the following technologies combines the functionality of a firewall, malware scanner, and other security appliances into one device?

UTM - Unified Threat Managment

You need to provision modular SFP+ transceivers to support a 10 gigabit link between two switches using an existing fiber cable. What two characteristics must you check when ordering the transceivers?

Use an appropriate Ethernet standard and wavelength for the type and grade of fiber and link distance (10GBASE-SR versus 10GBASE-LR, for instance) and match the connector type of the existing cable (LC or SC, for instance).

MFA

Use more than one attribute to log in.

automation

Using scripts and APIs to provision and deprovision systems without manual intervention.

arp

Utility to display and modify contents of host's cache of IP to MAC address mappings, as resolved by address resolution protocol (ARP) replies.

Protecting Networks - VLAN Hopping Types

VLAN Spoofing and Double Tagging

CISCO VLAN trucnking?

VLAN Trunking Protocol - VTP

What is a hash used for?

Verified that data has not been changed.

How do I know the keys came from the right place?

Verifiying both keys by using a third key from a seperate relationship

What is a VLAN

Virtual local area network. A VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch. Creates seperate Broadcast domains from one switch

What is a native VLAN?

Vlan1 it is the default Vlan for all switches

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

WPA Personal

Protecting Networks - Firewalls - Edge of Network

Want firewall at the edge of the network.

WPA

Wireless Protected Access

What are the first 1024 ports known as?

Well known ports

Authorization

What can you do on the network once authenticated

Network Monitoring - Documenting Logs - History log

What has changed over time.

Metric

What is the best way to go with more than one option.

While setting up your wireless network, you want to have certain users access the Internet, but block them from accessing other wireless clients or wired network itself. What do you need to setup?

Wireless client isolation

Desktop as a Service

Workstation in a Cloud

Antenna Problems

Wrong type - Plan Placement - Change antennas keep cable short as possible. Dipoles out of alignment

Expired Certificate

can be viewed then fixed by getting a new certicate from its issuer or accepting the certificate in its current state

Data Center:FHRP (First Hop Redundancy Protocol)

is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address

Tool that gives us state of network right now

nbt stat

Protecting Networks - New name for Man-in-the-middle

on-path attacks

Unified Communication

the integration of communication channels into a single service. Teams in software, phone device. Collaborative Collaborative Tools/Workflow Presence Information Video Conferencing/Real Time

How do you find the path to a destination

tracert or traceroute (Linux) pathping if tracert does not work.

What port is RDC

3389

What port does LDAP use

389

What is the OM3/OM4 Specification?

50 Micron cable but designed for 850 nm Vertical-Cavity Surface-Emitting Lasers (VCSEL), also referred to as laser optimized MMF (LOMMF).

Which of the following ports is assigned to the Domain Name System (DNS)?

53

What maximum distance is defined in standards documentation for 1000BASE-LX running over MMF?

550 m (1804 feet). Note that 1000BASE-LX can run over MMF or SMF. SMF has much higher range.

EAP-TLS

"EAP-Transport Layer Security--Uses PKI, requiring both server-side and client-side certificates."

Web app focused

1.Identity Provider. is signed on. 2. Web apps are service providers. 3. IDP provides provider with a token that can be used to access any resource

The oldest version of 100 mb ethernet is 100BaseT4. How many hubs could it support? It supported how many nodes per hub?

100 and each hub could handle 1024 nodes per hub.

Full Duplex became popular at what point of speed eveloution?

100 mb

What is the typical cable segment length for a copper twisted-pair Ethernet cable?

100 meters

How many meters could a 100BaseT4 hub be from a node?

100 meters.

Which of the following answers describe(s) the characteristics of Category 5e (Cat 5e) cabling?

100-meter cable segment length ( -Twisted-pair copper cabling ( RJ45 connecto -1 Gbps transfer rate over all 4 cable pairs (1000BASE-T networks)

Data Center:Data Center

A facility used to house management information systems and associated components, such as telecommunications and storage systems

Autonomlus System

A group of one or more networks under control of a single entity. The Govermnet, big university etc.

What port is TightVNC?

5900

802.11ac

5ghz 2.4ghz 1gps MU-MIMO

How many ghz is 803.11ac

5ghz only Won't work on 2.4ghz router.

/26 is how many hosts?

62

What is OM1/OM2 spcification?

62.5 Micron cable is OM1, 50 Micron Cable is OM2

What is the size range of an MMF cable?

62.5 or 50 Microns

You are configuring a point-to-point link between two routers and have been assigned an IP of 77.81.12.14/30. What is the network ID associated with this IP assignment?

77.81.12.12

Windows default lease is __ days.

8

How many groups in an IPV6 address

8 groups of 4 Hex numbers each in 7 columns

What is the size range of an SMF cable?

8 to 10 microns Core

Protecting Networks - Man in the Middle - Get in the Middle

802.11 Wireless with no encryption Bluetooth susceptable NFC

Protecting Networks - Denial of Service - DoS - Attacks - Volume Attack-Application Attack

Apache 1.10 Slow Loris Attack Client iniates a conversation but then becomes very slow to respond.

Protecting Networks - Malware - Virus

Attaches itself to a file or program and propogate to other files or programs.

Protecting Networks - Vulnerbilities - Zero Day

Attacker finds flaw before vendor can find it.

Protecting Networks - Network Hardening - Port Security - ARC Poisoning

Cisco Dynamic ARP Inspection (DAI) Keeps list of known and good IP and MAC Addresses

Protecting Networks - and VLAN Hopping

Ciscoo Dynamic Trunking Protocol (DTP)

Independent Computing Architecture (ICA)

Citrix Proprietary protocol. Others used for remote are TightVNC and RDP

IP Class License

Class A 0-126 /8 = 16.7 Million Class B 128-191 /16 = 65,534 Hosts Class C 192-223 /24 = 254 Hosts

CIDR

Classless Inter-Domain Routing

Business Continuity Plan - After Action Reports

Clear documentation of everything that happnend

Proxy Server Placement Server is obscured.

Client knows Forward Proxy, this will be a reverse proxy.

SSID (Service Set Identifier)

A unique character string used to identify an access point on an 802.11 network.

Network Monitoring - SNMP - Walk

An SNMP application that uses SNMP GETNEXT requests to query a network entity for a tree of information. Big batch of Gets.

Protecting Networks - Man-in-the-middle

An attack that intercepts legitimate communication and forges a fictitious response to the sender.

Protecting Networks - Malware - Root Kit

Difficult to detect Gets privlages to take actions on computer

Business Continuity Plan - Considerations

Distance Level of Internet Activity Housing Entertainment Legal issues - Secure Data Cloud Data must be within the same country in which you are doing business.

Does a router have only one ip address?

Each port has a seperate ip address.

Data Center:Spine and Leaf

Each top-of-rack switch is connected to the layer three switches on the spine layer.

Disaster Recovery and Backup - Disaster Recovery Plan - Recovery Time Objective

How long it will take from the time of failure to the time the organization returns to function.

Disaster Recovery and Backup - Disaster Recovery Plan - Backup Plan Assessment

How much data might be lost and how long to restoer it.

Dion Worldwide has recently built a network to connect four offices around the world together. Each office contains a single centralized switch that all of the clients connect to within that office. These switches are then connected to two of the other locations using a direct fiber connection between each office. The office in New York connects to the London office, the London office connects to the Hong Kong office, the Hong Kong office connects to the California office, and the California office connects to the New York office. Which of the following network topologies best describes the Dion Worldwide network?

Hybrid

BGP (Border Gateway Protocol)

Hybrid of Linkstate and Distance Vector.

IP Reservation

IP Addresses out of the IP scope/range. Reduce scope as much as possible. Range issues are common as far as DHCPis concerned.

Dual Stack is what

IPv4 and IPv6 on same host.

Router prefix

IPv6 DHCP Allows router to know what network ID the network is.

Data Center:Core

Out to Internet Routers that take data out of the local network. Fastest part of data center is line that connects the switches. This is the Backbone.

Data Center:North bound traffic

Outbound traffic.

slow Wireless network

Over capacity, basically don't have enough wireless access points. Make new SSIDs, speedup the network, New WAP Jitter, there is no simple fix and need to increase capacity Chops, stops breakup of signal.

Protecting Networks - Denial of Service - DoS

Overwhelm the server.

Data Center:SAN controller

Own special controller for Network Attached Storage. Allows connection over high speed cabling (FCoE, Fiber Channel, ICSI)

IXP (internet exchange point)

IXP physical infrastructure enables different Internet Service Providers (ISPs) to exchange Internet traffic between networks through mutual peering agreements .

Which of the following answers does not refer to the OSI TCP segment header?

Layer 3 header

The Transport Layer is which Layer in the Open Systems Architecture model?

Layer 4

Protecting Networks - Social Engineering - Eves Dropping

Listening to others and writing down the info.

nbstat -n

Lists Registered Name

Network Monitoring - SNMP - Cacti

Open Source SNMP app

No acces to Wireless Network

Open WiFi properties Shows all the info on Network. Changed Security -- Lose Connection have to login in again.

authoritative name server

DNS server designated by a name server record for the domain that holds a complete copy of zone records.

Temporary IPv6 address

Created for security easily supported by IPv6.

What is an I/G bit?

Determines whether a frame is addressed to an individual node (0) or group (1). The latter is used for multicast and broadcast.

Network Monitoring - SNMP - Managment Information Base (MIB)

Device specific Download MIB for each device

Which of the following answers provides the BEST example of two-factor authentication?

Smartcard and PIN

Protecting Networks - Firewalls - Host Firewall

Software Firewall

Protecting Networks - Malware - Trojan

Software that seems innocent.

MX Record

Special host record for a Mail Server.

What does a host use to know if the destination is on the local network or a remote network?

Subnet Mask - if the Network number is different then the host arps the defalut gateway to route the packet.

Disaster Recovery and Backup - Media - Local Backups

Tapes Hardrives Usually onsite

Forensics - Four Steps - Document Scene

Preserve state of equipment Find anything that needs to be inspected forenscically Take pictures or use video camera --Screen --Switches --Screens

Demarc

Seperates Telecom Company equipment from my equipment

Protecting Networks - Dmilitarized Zone (DMZ)

Seperates public from private hosts.

srv record

Server Record. There are many services. SRV records can be configured for any service.

Standard Business Documentation - SLA

Service Level Agreement -Between a customer and service provider -Scope, quality and terms of service to be provided. -- Denfinition of service provided --Equipment --Technical support

What is SMF

Single Mode Fiber

What type of fiber optic cable is suited for long distance links?

Single mode fiber (SMF).

SSO

Single sign-on. Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federated database for different operating systems.

10GBaseER

Single-Mode (laser) 1550nm 40 KM

10GBaseLR (Long Range)

Single-Mode 1310nm 10 Kilometers

SFP or SFP+

Small Form Factor Pluggable MSA Designed for smaller form factor connectors. Like and LC

110-Punchdown Tool

This tool is used to permanently connect wires to patch panels and RJ-45 wall jacks

What is TCP

Transmission Control Protocol - Trasport Layer Protocol. On top of IP

Data Center:HSRP (Hot Standby Router Protocol)

This is exclusive to Cisco and allows a default router address to be configured to be used in the event that the primary router fails.

ad hoc network

Type of wireless network where connected devices communicate directly with each other instead of over an established medium. Also called Independent Basic Service Set (IBSS).

The admin just added 462 Meter Run of fiber-optic cable to the network. What should be done next?

Update the wiring schematics

Licensing Restrictions

Usage Transfer Renewal

Key Exchange for https process

Use private key to encrypt the hash of the webpage 2. Attach digital sig to Public Key 3. Using public key, decrypt web page. 4.Has the page at the client if the hash matches, youo can be sure the keys are good.

Change Managment - Committee or Team

Used for changes that do not impact the whole infrastructure. Infrastructure level changes. Not Global Changes.

Elasticity

When demands are higher it gets bigger when demand diminishes it shrinks. Creates a new instance in a seperate VM

Forensics - Four Steps - Collect Evidence

When handling anything anything, document all evidence. -

Continuity

Wheather connected at all.

Bridging Loop

When two switches are connected to each other and the main switch.

When should you escalate a problem?

You might also escalate if you do not have authorization to perform the necessary changes or if the system is under some sort of warranty.

What does '8.3 micron core/125 microcladding single mode glass' refer to?

a single mode cable with an 8.3 Micron Core a 125 microcladding and it is glass.

Data Center:SDN Software Defined Networking

aims at separating the infrastructure (hardware) layer from the control layer -directly programmable from a central location, flexible, vendor neutral, based on open standards. -basically just "network virtualization"- allows data transmission paths, comm decision trees, flow control to be virtualized

A user has a system that is unable to connect to his file server on the network. Which of the following utilities should he run first to try to determine the problem?

ipconfig

Deployment Models - BYOD - Policy - MDM

(Mobile Device Management) a group of applications and/or technologies used to manage mobile devices. MDM tools can monitor mobile devices and ensure they are compliance with security policies.

A Wireless Controller Can Provide

- centralized authentication form wireless clients - load balancing - channel management - detection of rogue access points - wireless technology can be used to connect two different parts of a LAN or two separate LANs

Network Monitoring - SNMP -

-Apply an agent in the device and it becomes Managed Device -SNMP Manager on a system that becomes the Network Managment Station NMS UDP 162 if encrypted 10162 - Listening ports.

Troubleshooting steps

-Identify the problem -Establish a theory of probably cause -Test the theory to determine the cause -Establish a plan of action -Verify the solution -Document the solution

Which of the following statements apply to Peer-to-Peer (P2P) networking?

-In P2P networks, a network node can only request resources -Less stable and secure than client-server networking model -In P2P networks, each node can at the same time serve and request resources

How big is an IPv6 Address?

128 bit you can have 2 to the 128th power.

Which of the following TCP ports is used by the Internet Message Access Protocol (IMAP)?

143

Symptom - Web Page Not available - Error 105 net::ERR__NAME_NOT_RESOLVED

1; If website acessab le

802.11b

1st standard 11 mbs 2.4ghz DSSS 14 Channels US had 11 Channels Channels overlap. 1, 6 or 7 and 11 do not overlap

66 Punchdown Block

1st type of unshielded twisted pair patch panel. Made for phone lines.

DWDM (Dense Wavelength Division Multiplexing)

A multiplexing technology that uses light wavelengths to transmit data. 51.8 Mbps OC-1 line x150 signals = 7.6 Gbps

Layer 7 is the ____ Layer.

Application Layer

Which step has been omitted from the following list of activities related to identifying the problem? Gather information • Duplicate the problem, if possible • Question users • Identify symptoms • Determine if anything has changed

Approach multiple problems individually.

Authentication

Are you able to access the network via ID and Password?

Which type of clients connect to a VPN server using a Web browser without any specific client-based software, and are secured using TLS?

Clientless VPN clients

Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance - Clustering

Clustering -- Multiple servers that appear to user as one device. Share High speed network, data, stores applications and configured for redundancy if a single member of the cluster fails.

In the context of the OSI model, the term "Data encapsulation" is used to describe a process where each layer of the OSI model adds its own control information to the original data that is being passed across the layers from the physical layer up to the application layer.

False

True or False? A computer with a 10BASE-T Ethernet adapter cannot be joined to a 100BASE-T network.

False. Fast Ethernet is backwards-compatible with 10BASE-T (and Gigabit Ethernet is backwards-compatible with Fast Ethernet).

True or false? A bridge does not forward broadcast traffic.

False. Segments on different bridge ports are in separate collision domains but the same broadcast domain.

True or False? The CRC mechanism in Ethernet allows for the retransmission of damaged frames.

False. The CRC indicates only that a frame may be corrupt.

What is 1000 Base SX

Fiber - LED Multi-Mode Fiber Optic Cable 500 meters

What is 1000 BaseLX?

Fiber Laser Single Mode up to 5 Kilometers

Protecting Networks - MAC Spoofing

Fool the switch to think that you are one of the devices on the network. Gaining access.

Protecting Networks - Arp Poisining

Fooling hosts but not router into having them route to you. Confuses ARP cache.

What is a forward lookup zone?

Forward lookup zones are used to map a host name to an IP address.

What port configuration feature allows a server to smooth incoming traffic rates?

IEEE 802.3x flow control.

OSPF (Open Shortest Path First)

IGP, Link State Protocol, Lets other routers know the routes it takes. Uses Area IDs. One router is elected designated and backup designate in the same Area ID

What is used to protect the fiber optic cable from excessive bending or kinking when pulling the cable to install it?

Kevlar (Armaid) strands and sometimes fiverglass rods or strength members.

What is a KDC

Key Distribution Center. A special server service for Kerbros. When you setup a Windows Domain server it becomes a KDC.

How do I know that my public key is from a site I https to?

Key Exchange - Either public or private key can encrypt or decrypt.

Data Center:High Availability

Load Balancing - Make servers look like a single server. Balances usage Clustering - X number of servers, have own backend network servers sync all data, if on e goes down, another can take over. Active Active -Internet high availability FHRP First Hop Redundancy Protocol.

Protecting Networks - Password Attacks - Stopping Attack

Local Security Policy

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Cables

Lockdown systems for cabling Protected Distribution Systems

Protecting Networks - Physical Security - Smart Locker

Locks up items and use your phone app to open

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Confidentiality

Making sure the data stays the same from souce to destination

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Vulnerabilities

Malware Social Engineering Firewall misconfiguration Outdated Firmware

administrative distance (AD)

Metric determining the trustworthiness of routes derived from different routing protocols.

Port Mirroring

Mirrors data going through port to another port. #montior session 1 source interface fa0/22 #montior session 1 destination interface fa 0/23

DNS Troubleshooting

Misconfiguration: IPCONFIG/ALL Get DNS server IP Go to Network Connections. > NIC > IPV4 > PROPERTIES

Can I have moare than one DHCP Server in a Broadcast Domain?

No

Can I rename a VLAN to Joe's VLAN?

No VLANs always use a number.

Transparent Proxy

No client configuration. Grabs everything Must be inline

Protecting Networks - Defense in depth - Data

No user should be given rights that could bring down the system Seperation of duties installer different than uninstaller.

The accounting department just setup a 100 mb Ethernet network. To save costs, they decided to use Hubs instead of the more expnesive Switch. Is this a workable solution?

No, 100 mb Ethernet will not work on a Hub.

In the OSI model, the layer 3 PDU is known as:

Packet

Forensics - Four Steps - Collect Evidence - Chain of Custody

Paper trail of access or control of a given peice of evidence from the time brought into custody to the time it is resolved. -What you took under control -When you took it under control -What you did with the evidence -When and who you passed it onto the next person in line.

Data Center:MDF - Main distribution fram/Intermdieat Distribution Frame

Part of the documentation of your data center.

What does an Ethernet Frame consist of?

Preamble Destination MAC - 48BIT Source MAC - 48 BIT Datatype/Ethertype 2 BYTES Data:Min 64 Bytes Max 1522 Use Pad if not at 64Bytes FCS - Frame Check Sequence

Security Implications

Principle of least privelage. Limit permissons to only what someone needs. Cloud providers enable seperate crendentials. you to setup explicit limited permissions

What is an access control vestibule?

Secure entry system with two gateways, only one of which is open at any one time. Previously known as mantrap, though this terminology is now deprecated.

Network Operations - Security Policy

Statement of how the organization defines goals and motivations in terms of security

What are the IP Protocol types and Version number?

TCP/6 and UDP/17 work in the transport layer. Internet Control Message Protocol (ICMP/1) is used for status messaging and connectivity testing. Internet Group Messaging Protocol (IGMP/2) is used with multicasting. Generic Routing Encapsulation (GRE/47) is used to tunnel packets across an intermediate network. This is used (for example) in some virtual private network (VPN) implementations. Encapsulating Security Payload (ESP/50) and Authentication Header (AH/51) are used with the encrypted form of IP (IPSec). Enhanced Interior Gateway Routing Protocol (EIGRP/88) and Open Shortest Path First (OSPF/89) are protocols used by routers to exchange information about paths to remote networks.

Disaster Recovery and Backup - Media - Cloud

Take up alot of time to get the backups going. Continous ongoing incremental backups

Protecting Networks - Social Engineering - Whaling

Targeting higher up people.

Tamera just purchased a Wi-Fi-enabled Nest Thermostat for her home. She has hired you to install it, but she is worried about a hacker breaking into the thermostat since it is an IoT device. Which of the following is the BEST thing to do to mitigate Tamera's security concerns? (Select TWO)

The BEST options are to configure the thermostat to use the WPA2 encryption standard (if supported) and place any Internet of Things (IoT) devices into a DMZ/screened subnet to segregate them from the production network.

Which of the following are characteristics of a TCP connection when working with upper layer protocols?

The ability to segment data Delivery of data using error recovery methods

What two Services are built into the KDC

Ticket Granting Service and Authenticaton Server

Data Center:What are the three tiers to a Data Center

Tier 1, Core Layer Tier 2 Distribution /aggregation layer Tier 3 Access/edge layer

Distance

Time Domain Reflectometer (TDR)

Security Information and Event Managment (SIEM) - Aggregation

Time synchronization - All systems have to be in synch with time. Event de-Duplication - Same event from different devices. Normalization - Allows analysis tools to be more efficient by creating more tables. Logs - Put logs together WORM - Write Once Read Many Correlation - Alerts

Where would you normally connect a straight through cable from the uplink port of a switch?

To a regular port on another switch.

True or false? A managed switch should have auto MDI/MDI-X enabled by default.

True

True or false? The more subnets you have the less hosts are available?

True

Data Center:Rack Diagram

U Space and Device name and model.

What is 1000BaseCX?

Uses TwinAx at 25 meters.

Load balancing

Using multiple servers to provide the same data.

Data Center:Network Function Virutalization

Virtual Network Hardware

VPC

Virtual Private Cloud

Inter-VLAN Routing

a process for forwarding network traffic from one VLAN to another using a router

What makes up an IPv6 Link Local address?

fe80:0000:0000:0000 or fe80:: [4 grups generated by MAC address] Usin EUI-64 the 48 bit MAC Address is changed to the 2nd half of the number by - splitting the MAC and adding ff-fe between the split. -The 7th bit is flipped. For instance a 2a changes to 29. -the ff and fe are the last last 2 and first 2 of the associated numbers.

Platform as a Service (PaaS)

supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model. For Coding. Obsficates all the infrastructure. Access to software development platformwithotu the need to personally host it.

Write the command to use tcpdump to capture traffic from the IP address 172.16.16.254 on the interface eth0 and output the results to the file router.pcap.

tcpdump -i eth0 -w 'router.pcap' src host 172.16.16.254

Network Monitoring - SNMP - Versions

v1 - RFC 1157 - uses community strings (plain text) No Encryption v2c - RFCs 1901-1908 - uses community strings (plain text) encryption. Expanded Command set. v3 - RFCs 2273-2275 - authentication and encryption TLS. Robust

Data Center:Co-location

when a firm purchases or leases a Web server (and has total control over its operation) but locates the server in a vendor's physical facility. The vendor maintains the facility, communications lines, and the machinery

Deployment models: Corporate-owned, Business Only (COBO)

• The company owns the device • And controls the content on the device • The device is not for personal use • You'll need to buy your own device for home • Very specific security requirements • Not able to mix business with home use

ARP

A broadcast that needs a MAC for an IP address.

Forensics - Four Steps - Secure the Area

Be at the scene Block from prying eyes or disturbances Define area of scene

WDM (wavelength division multiplexing)

Bidirecitional wavelength division multiplexing or BWDM

OSI Physical Layer PDU is known as:

Bit

Types of EAPs

EAP pre-shared key (EAP PSK)-Common key Protected Extensible Authenticatio0n Protocol (PEAP) - Standard username and password. EAP-MD5 - Uses Hash EAP-TTLS - client and service need key Used in wireless networks

What routing algorithm does OSPF (Open Shortest Path First) use?

EIGRP Enhanced Intereior Gateway Routing Protocol Link-State Routing Protocol. To converge, sends out LSAs

Shielded Twisted-Pair (STP) cabling reduces what kind of interference?

EMI

What is needed to install a wireless network?

Floor Plan Analyze area Antenna Placment

10GBaseSW, 10GBaseEW, 10GbaseLW

For working on SONET

What 2 kinds of proxy servers are there

Forward and reverse

What is the primary defining characteristic of a loopback interface?

It is always on.

Protecting Networks - Malware - Trojan - Remote Access Trojan

Remote actions

Deployment Models - BYOD - Policy - Offboarding

Removal of data Deleting proprietary apps

In the OSI model, the layer 4 TCP PDU is known as:

Segment

Protecting Networks - Password Attacks - Brute Force

Submits every possible letter combination

UDP Port 69

TFTP (Trivial File Transfer Protocol)

Which is faster FTP or TFTP

TFTP uses UDP which has lower overhead than TCP.

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Exploits

Take advantage of a Vulnerability -Spoofing - Remote macine acts like a node on your network -Accessing with default password

Policy vs. Procedure

policy are the rules Goals and Aims procedure is how you do it.

How is the IP of 192.168.4.6 show that it is on a 16 bit submask?

192.168.4.6/16

LTE

300 mbs up, 75 mbs down. Nano SIM

Which of the answers listed below refer(s) to the characteristic feature(s) of Category 5 (Cat 5) cabling? (Select all that apply)

-100 Mbps transfer rate over 2 cable pairs (100BASE-T networks) -1 Gbps transfer rate over all 4 cable pairs (1000BASE-T networks) -100-meter cable segment length -Twisted-pair copper cabling -RJ45 connector

Load Balancing

-Load balancer can communicate to servers. -Can be a certificate server -Can be configured as cleint-side or server-side high availability. -Routes by configured list (Round Robin) or least response time. -Server Side uses sophisticated device in server.

Which of the following answers can be used to describe client-server architecture?

-More stable and secure than peer-to-peer architecture -Centralized network type -Less reliable than peer-to-peer architecture

Which of the following answers can be used to describe the characteristics of ring topology?

-Network nodes are daisy-chained in a closed loop -Data is passed through each intermediate node until the receiver node is reached -Each network node connects to exactly two other nodes

Disaster Recovery and Backup - Disaster Recovery Plan - Two Data Types - State

-Once restored when will the device or directory become usable in the system.

Protecting Networks - Denial of Service - DoS - Attacks - Volumemetric Attack

-Ping Flood -UDP Flood -Routers designed to keep this from happening.

Which of the following answers refer(s) to mGRE?

-Point-to-multipoint network links -Tunneling protocol -Enables delivery of various data packet types over the same network link -Used in Dynamic Multipoint VPN (DMVPN)

Business Continuity Plan - Order of Restoration

-Power -Wired Lan running -ISP Link -- Routers ok -Active directory -Sales and accounting workstations -Production -Wireless access -Peripherals, printers etc.

Protecting Networks - Network Hardening - Port Security - DHCP Snooping -Setup

-Snoop based on VLAN -Interface Configuration for Trust to Port for DHCP Server -Static Bindings - Static IP for each MAC

Which of the following answers refer(s) to the characteristic features of MPLS?

-Used for connecting devices on a WAN -Unencrypted network traffic -Enables sending packets over a single, faster network path (routing decisions based on labels) -Enables delivery of various data packet types over the same network link

Business Risk Assessment - Process Assesment Two Types

-Vendor Assessment How does Vendor handle security? -Process Assessment Codifies and Ranks essential process and examines the likelyhood of a weakness in the process.

C (this might be written 0xC for clarity). Values above 9 are expressed as letters (10=A, 11=B, 12=C).

0xAB. To work this out, divide 171 by 16 (144) and write the remainder (11) as the least significant hex digit (B). Note that the quotient 10 (the integer part of the sum, where 171/16=10.6875) is less than 16. Convert the quotient to hex (10=A) to derive the second hex digit and complete the conversion.

Slow or poor connection issues.

1. Attenuation - Degrading signal over distance. 2. Jitter - VOIP & Video j- Increase throughput, increase speed., buffering. 3. Incorrect cable type- Patch cable rating difference. Switch speed light keeps trying to negotiate. Keep good invetory

kerberos process

1. Client sends hash with username and password 2. The Authentication service sends back to the client a TGT which is time stamped. 3. Client sends TGT over to TGS (Ticket Granting Service) 4. TGT timestamps a token and sends it back to the client 5. Token is used to communciate to resources over the network.

Protecting Networks - Two steps to Man in the middle/on path attacks

1. Get in the stream 2. Get the data

Windows DNS Process

1. If in domain will go to domain controller 2.Uses DNS Server on Domain Controller

Which Ethernet standard works at 100 Mbps over Cat 5 or better copper cable?

100BASE-TX

What superceded 100BaseT4?

100BaseTX

Which fiber Ethernet standard is best suited to implementing backbone cabling that does not exceed 200 m (656 feet) and can achieve at least 4 Gbps throughput?

10GBASE-SR.

Which types of distribution frame are best suited to 100 MHz or better operation?

110, BIX, and Krone blocks.

With a /25 subnets

126 Hosts

What does a Class B start with and what is its whack?

128 /16

How do you convert binary to decimal?

128 64 32 16 8 4 2 1

What does a Class A start with and what is its whack?

160 /8

Multi-Mode has how many connectors?

2

What was the distance between a hub and node allowed for 100BaseFX?

2 kilometers using multimode fiber.

How do I know what the number of subnets will be?

2 to the number of remaining host bits after the whack. Take 2 away for Network number and Broadcast

What is the subnet mask of 192.168.4.6/16

255.255.0.0

If you are provided with an ip address block of 192.104.32.0 /24 How many hosts can you use?

256 Total, 254 Usable. Always one for broadcast and one for switch/routing.

Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 54 Mbps?

802.11a

Which type of wireless network utilizes the 5 GHz frequency band and reaches speeds of up to 3.5 Gbps?

802.11ac

What has the slowest maximum wireless speed?

802.11b was before 802.11a

Which type of wireless network utilizes the 2.4 GHz frequency band and reaches speeds of up to 54 Mbps

802.11g

Whart is a lose format Buffer?

A Fiber Optic protective plastic coating that has a form of lubricant between the strand and the sheath. The buffer may take the form of a miniature conduit, contained within the cable and called a "loose buffer"

PPTP (Point-to-Point Tunneling Protocol)

A Microsoft VPN layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets and uses the same authentication methods as PPP.

Data Center:Virtual Router Redundancy Protocol (VRRP)

A TCP/IP RFC protocol that allows two (or more) routers to share the duties of being the default router on a subnet, with an active/standby model, with one router acting as the default router and the other sitting by waiting to take over that role if the first router fails.

What provides an increase in speed over a MMF LED based fiber cable?

A VCSEL is not as powerful as the solid-state lasers used for SMF, but it supports higher modulation (transmitting light pulses rapidly) than LED-based optics.

IKEv2 (Internet Key Exchange version 2)

A VPN encryption protocol that handles request and response actions. It makes sure the traffic is secure by establishing and handling the SA (Security Association) attribute within an authentication suite.

CDMA (Code Division Multiple Access)

A cellular standard that uses spread-spectrum technology, in which a signal is spread over a wide bandwidth so that multiple users can occupy the same channel. A cellular device on a CDMA network does not require a SIM card because, on a CDMA network, devices are compared against a white list, which is a database of subscribers that contains information on their subscriptions with the provider. Not compatible with GSM.

Remote Terminal Unit (RTU)

A device installed at a key location in an industrial system, which can sense attributes of the physical system and convert this analog data to digital data.

PoE injector (power over ethernet)

A device that adds power to an Ethernet cable so the cable can provide power to a device.

wireless range extender

A device that amplifies your wireless signal to get it out to parts of your home that are experiencing poor connectivity.

Actuator

A device to produce physical movement based on output from a computer system.

Patch Antenna

A directional antenna that has a planar surface and is usually mounted on a wall or column.

What type of address is used by the switch to forward transmissions to the appropriate host?

A media access control (MAC) address. This is a layer 2 address. It is also referred to as a hardware or physical address.

Neighbor Solicitation (NS)

A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask a neighbor to reply with a Neighbor Advertisement, which lists the neighbor's MAC address.

Router Solicitation (RS)

A message defined by the IPv6 Neighbor Discovery Protocol (NDP), used to ask any routers on the link to reply, identifying the router, plus other configuration settings (prefixes and prefix lengths).

ICMP v6

A multicast protocol used to send Neighbor Solicitation and Neighbor Discovery messages.

ICS (Industrial Control System)

A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Medianet

A network that has been optimized for media transmissions.

Mesh Network

A network that uses multiple access points to link a series of devices that speak to each other to form a network connection across a large area.

What type of distribution frame is best suited to cabling wall ports to Ethernet switches in way that best supports futures changes?

A patch panel allows wall ports to be connected to switches via patch cords. If a switch is replaced or if a wall port needs to be connected to a different switch port, the change can be made easily by moving a patch cord.

What is Wireshark?

A protocol analyzer

IGMP (Internet Group Management Protocol)

A protocol in the TCP /IP suite that supports multicasting in a routed environment.

What is ICMP (Internet Control Message Protocol)?

A protocol that gets application data from one machine to another in a connectionless environment

Neighbor Discovery Protocol (NDP)

A protocol that is part of the IPv6 protocol suite, used to discover and exchange information about devices on the same subnet (neighbors). In particular, it replaces the IPv4 ARP protocol.

What tool is used to terminate wiring at a 110 block?

A punchdown tool is used to connect wires via insulation displacement connectors (IDCs). You must use a suitable blade for the IDC format (110, Krone, or BIX).

Smartjack (sometimes called NIU, Network interface unit)

A remote-line diagnostic device placed at the joining point between an ISP's line and customer's on-premises wiring

When more than one switch is connected what happens?

A root bridge is established.

Gateway Router

A router that acts as a default gateway in a TCP/IP network.

TKIP (Temporal Key Integrity Protocol)

A security protocol created by the IEEE 802.11i task group to replace WEP. WPA

ICS Server

A server in an ICS or SCADA system that might include an acquisitions server, which collects and stores raw data, a supervisory server, which controls the physical system, or a historian, which is a centralized database of collected and analyzed data and control activities.

Points of Failure

A single point of failure is one system that, if it fails, will bring down an entire process, workflow, or the whole organization.

PLC (Programmable Logic Controller)

A solid-state control system that has a user-programmable memory to store instructions.

ESSID (extended service set identifier)

A special identifier shared by BSSs that belong to the same ESS. A Basic Service Set (BSS) forms an ad hoc self-contained network with station-to-station traffic flowing directly, receiving data transmitted by another station, and only filtering traffic based on the MAC address of the receiver. An extended service set (ESS) is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point.

Enhanced Data Rates for GSM Evolution (EDGE)

A technology that does not fit neatly into the 2G/3G/4G spectrum. It is technically considered pre-3G but was an improvement on GSM (2G)

What is an AUP

Acceptable use policy (AUP)—An AUP defines acceptable use of systems. It identifies what a user can and cannot do on a system. It is sometimes referred to as Rules of Behavior

Protecting Networks - Malware - Backdoor

Access an application through the programmers backdoor.

Wireless MAC ACL

Access control based on MAC Addresses

Protecting Networks - VLAN Hopping - VLAN Spoofing

Act as a switch in order to trick a legitmate switch to create a trunk link betwqeen them. Happens when a switch is configured to negotiate a trunk. Dynamic Desired, Dynamic Auto or Trunk Mode

Passive vs Active ports in LACP

Active - sends LACP traffic Passive waits to hear port sending LACP traffic. You can have Passive/Active and Active/Active you cannot have Passive/Passive

Network Monitoring

Activities that use tools to observe network performance in an effort to minimize the impact of incidents.

Protecting Networks - VLAN Hopping - Double Tagging

Add or modify tags on a frame to send them to any VLAN. Attacker has to belong to the native VLAN of the trunk. Most switches strip off tag. This exploit puts attacker tag in outer frame and victims tag inner on switch 1. Attacker tag gets stripped, victims remains to be sent to switch two to his VLAN. One directional attack.

Routing Table At least has 4 pieces of information which are...

Address Subnet Gateway Interface

Protecting Networks - Network Hardening - Control Plane Policing

Adjust QoS features to protect against DoS Throttle traffic of protocols

At what layer of the OSI model does a fiber distribution panel work?

All types of distribution frames work at the physical layer (layer 1).

Deployment Models - BYOD - Policy

Allow users to use their device on a campus or company network.

MAC Address Clone

Allow you to use router on your cable modem network. Cable modem thinks the router is a pc.

Deployment models: Choose Your Own Device (CYOD)

Also like COBO but user can choose device.

What is the measurement standard for wire thickness?

American Wire Gauge (AWG).

Network Monitoring - System Monitoring - Packet Drops

Amount of packets a device cannot handle. Buffer Overflows.

Active IDS

An IDS that detects a security breach according to the parameters it has been configured with, logs the activity, and then takes the appropriate action to block the user from the suspicious activity.

Encapsulating Security Payload (ESP)

An IPsec protocol that provides authentication, integrity, and encryption services.

Protecting Networks - Downgrade Attack

An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.

Coarse Wavelength Division Multiplexing (CWDM)

An optical multiplexing technology in which a few signals of different optical wavelength could be combined to travel a fairly short distance. 60 KM, Simpler than DWDM Higher end lans with 10BaseGLX Lower cost than competitors.

Dense wavelength division multiplexing (DWDM)

An optical multiplexing technology in which a large number of optical signals of different optical wavelength could be combined to travel over relatively long fiber cables.

A system administrator wants to verify that external IP addresses cannot collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?

Analyze packet captures.

A network designer wants to run a 10 gigabit backbone between two switches in buildings that are 75 m (246 feet) apart. What is the main consideration when selecting an appropriate copper cable?

At that distance, some type of shielded or screened cat 6A or better cable is required for the installation to be compliant with Ethernet standard 10GBASE-T.

What is Availability?

Balance confidentality tools and integrity are balanced so they will be used. Is this ready to go?

RADIUS is AAA

Authentication, authorizes and accounting

MDI-X Auto-Sensing or Auto-:MDI-X

Automatically detects the cable type to perform switch to switch communication. No need to create a cross-over cable.

Disaster Recovery and Backup - MTTR (mean time to repair)

Average length of time required to perform a repair on the device

Deployment Models - BYOD - Policy

Challenges: Personal Use vs Company Use MDM Must manage from anywher Personal data vs Comany Data

New Switch

Change default password Save Configuration

Risk Managment - Other elements

Changes in Laws Natural Disasters Personal Disasters - Death or disablement of key corporate personell

What can indicate high tempertures of a server

Chassis sensor

What is a benefit of DWDM?

Cheaper to repalce old Sonic OCX equipment and lines. Long distance line.

Protecting Networks - Rouge DHCP

Check ipconfig /all and check IP Range based on gateway and your IP -Know network ID -Know IP Address Disable unused wall plate ports.

Data Center:Audit and Assesment reports

Checking on parts of Network

Which cable type consists of a single core made of solid copper surrounded by insulation, a braided metal shielding, and an outer cover?

Coax or Coaxial

What is an ACL?

Collection oa access control entries or ACEs that determines which subjects (user accounts, host IP addresses and so on) are allowed or denied access to the object and the prvileges given (read only, read/write, and so on.

Protecting Networks - Social Engineering -

Convince someone to give you information.

What elements are used to specify Fiber-Optic Cables?

Core size/Cladding size/Mode/Compoisition glass or plastic

What are the 3 layers in a Fiber Optic Cable?

Core, Claddiing and Jacket or Buffer.

Brienne, an administrator, attempts to connect a laptop to a server with a length of CAT5 cable that has RJ-45 connectors on each end. She verified the IP settings as correct, but the two computers still cannot connect. Which of the following would MOST likely fix the connectivity problem?

Crossover Cable. It is direct to a server. Wire pairs 1/2 and 3/6 need to be swapped on one end of the connecting cables.

What is CPE?

Customer Premises Equipment

Example of Load Balancing

DNS Server does round robing Puts all servers in a zone.

Which OSI layer packages bits of data from the Physical layer into frames?

Data Link.

Data VLAN vs Voice VLAN

Data VLAN is traditional VLAN Voice is prioritized over Data Voice uses MAC Addresses or VLAN Tags

What applies to data as it travels from Layer 1 to Layer 7 of the OSI model?

Decapsulation. Stuff gets stripped as it gets to the application level.

What is crosstalk measured in?

Decibels.

VPN concentator/headend

Dedicated device that acts a s the endpoint to a network.

Which of the following answers can be used to describe leased-line connections?

Dedicated, point-to-point, always-on connections Typically used by businesses and organizations WAN links

Protecting Networks - Firewalls - DPI

Deep Packet Inspection or Application or Context aware running at Layer 7

Network Operations - Security Policy - Acceptable Use Policy

Define Ownership Web Site Access Access time - Time of Day

Protecting Networks - Physical Security - Physical Controls - Deterrent Controls

Designed to prevent badguys from getting into physical infrastructure Lighting Signage Guards

Routing Packet contents

Destination and Source IP, Destination Port and Source Port number. Sequence number and data

auditing

Detailed and specific evaluation of a process, procedure, organization, job function, or system, in which results are gathered and reported to ensure that the target of the audit is in compliance with the organization's policies, regulations, and legal responsibilities. Also called audit report.

Subnetting

Dives Network IDs into two or more networks

Protecting Networks - VLAN Hopping - Double Tagging - Fix

Do not use native VLAN1. Should be 1 port only for maintenance.

MAN Metro Ethernet/Optical

Does not use internet. Lower Cost for MPLS or SD WAN Network. No Security

What is a DNS DKIM record?

Domain Key Identified Mail - it stores the public key the receiving mail server will use to verify a message's signature to verify no change to the message has occured.

What is the benefit of port mirroring?

Enables administrators to inspect traffic remotely.

What is a common technique used by malicious individuals to perform an on-path attack on a wireless network?

Evil Twin

What if a device has a 164.254 apipa address and some systems sometimes have the same problem.

Exhausted scope.

EGP

Exterior Gateway Protocol. Outside of Autonomus system. Border Gateway Protocol. Used between AS (Autonomus Systems)

Proxy is Application Specific

FTP Proxy Web Proxy VoIP Proxy

Protecting Networks - System Life Cycle - Asset disposal - Switches

Factory Reset

True or False? The Session layer is responsible for passing data to the Network layer at the lower bound and the Presentation layer at the upper bound.

False. The Session layer is between the Transport and Presentation layers.

True or False? Devices can only transmit on an Ethernet network when the media is clear, and the opportunity to transmit becomes less frequent as more devices are added. Also, the probability of collisions increases. These problems can be overcome by installing a hub.

False. The description of the problem is true, but the solution is not. This issue is resolved by using a bridge or (more likely these days) a switch.

True or False? Documentation should be created only at the end of the troubleshooting process.

False. The last step of the methodology is to ensure that findings, actions, and outcomes are documented, but you cannot do this effectively without existing notes. Most troubleshooting takes place within a ticket system. Ideally, a documented job ticket would be opened at the start of recording the incident.

True or False? Cat standards apply only to wiring.

False—Connectors and interconnects are also rated to cat standards.

Unmanaged Switch

Fewer configuration options than managed switch Must be on same subnet Change default password

What Layer 1, Physical Layer cabling would you use fo long-distance telecommunications networks and for reliable, high-speed networking within datacenters.

Fiber Optic

angled physical contact (APC)

Fiber optic connector finishing type that uses an angled polish for the ferrule.

Protecting Networks - Dmilitarized Zone (DMZ)

Firewall and Router routes incomming traffic to one of the two networks, Public to web site, private if packet is destined to LAN.

Forensics

First Responder Person who is notified of a computer crime -Determine severity of cituation -Collecting information -Documenting findings and actions -Providing necessary information to the proper authorities.

Protecting Networks - Defense in Depth - Perimeter

First line of defense -Vulnerability -Honey Pot = Host that entices attckers by showing a vulnerability. -Honeynet =Collection of Honeypots

Patching - OS Updates - Drivers

Fix incomatibility issue New Features Bug fix.

Lynne is a home user who would like to share music throughout the computers in her house using an external USB hard drive connected to a router that she purchased over a year ago. The manufacturer states that the router can recognize drives up to 4TB in size, but she cannot get her 3TB hard drive to show up on the network. Which of the following should Lynne do to solve this issue?

Flash the router firmware.

Disaster Recovery and Backup - Methods

Full Backups = Everything

Protecting Networks - URL Hijacking: Typosquatting/Brandjacking

Getting a domain name that is close to the url desired. gogle vs google.

Protecting Networks - Social Engineering - Tailgating/piggybacking

Getting through the locked door following someone before it shuts to gain entry.

Datra Center:Site Survey

Gives physical location information, flood info, power etc.

Which of the following protocols reside(s) at the application layer of the OSI model? (Select all that apply)

HTTP, FTP, SMTP

Protecting Networks - CIA Protecting Data - CIA Protecting Data - External Threats

Hackers Poor Physical Security Outdated Software

Authoratative DNS Server

Has local information about its hosts. Does not need to reachout to a different DNS Server

Network Monitoring - System Monitoring - File Integrity

Hash values alert you

Authorization

Here is what you can do once Authenticated

Data Center:Fiber Channel needs what on the host?

Host Bus Adapter

IPV6 AAAA Record

Host record related to IPv6 address.

Network Troubleshooting Methodology

Identify Problem Question Users symptoms Changes Establish a theory of Probable Cause (Use the layers,) Test theory Establish a plan of action Implement and test the solution Verify if the problem is fixed Implement preventative Measures Document findings, actions and outcomes

Sam calls in complaining that "the Internet is down," which probably means his computer has lost it's network connection. What should you do first to begin troubleshooting this problem?

Identify affected areas of the network.

Troubleshooting Steps

Identify the problem: Gather information. Duplicate the problem, if possible. Question users. Identify symptoms. Determine if anything has changed. Approach multiple problems individually. Establish a theory of probable cause: Question the obvious. Consider multiple approaches. Top-to-bottom/bottom-to-top OSI model. Divide and conquer. Test the theory to determine cause: Once theory is confirmed, determine next steps to resolve problem. If theory is not confirmed, reestablish new theory or escalate. Establish a plan of action to resolve the problem and identify potential effects. Implement the solution or escalate as necessary. Verify full system functionality, and if applicable, implement preventive measures. Document findings, actions, and outcomes.

What is the first thing you should do when identfying a problem?

Identify the scope of the problem

Risk Managment - Security Assesment - Vulnerability Assessment

Identify weaknesses that can be avoided. Outdated software Not patched in long time Poor physical security No strong policies put in place.

A workstation is connected to the network and receives an APIPA address but cannot reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet can communicate with the VLAN gateway and access websites on the Internet. Which of the following is the MOST likely the source of this connectivity problem?

If the switchport is configured for 802.1q trunking instead of as an access host port, the workstation will be unable to reach the DHCP server through the port and will fall back to using an APIPA address.

Cable Certifier

If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can use a cable certifier.

802.11 Jammer

Illegal in US.

Change Managment Maintennace Window

Impacted users may expierience down time, may need substitute work stations or locations during the window.

IPS

Intrusion prevention system - Also does function of IDS but will take action, like Active IDS only in-band actively stops for rejects.

Protecting Networks - Dmilitarized Zone (DMZ) - Honey Pot

Invites attacks to capture information. Honeynet does it for a network.

What is a bidi MSA transciever?

It allows single mode, multi-colored lasers to be interfaced to an Ethernet switch.

Protecting Networks - Malware - Mitigating

Keep antivirus up to date Educate users

Hardening IOT items

Keep firmware up to date, implememt physical security, applying internal security options.

Why is it good to setup seperate crendtials for each use.

Keep track of what the credential can do. Restrict damage from what a compromised credential can do Revoke a singal credential if it becomes compromised without shutting down other single use services.

Kerbros/EAP

Kerberos - Authentication for LAN networks. Created for Wired networks.

Which of the following standards is used by Windows for client authentication?

Kerberos - WINDOWS is the key word here.

MPLS description

Lable-Unique Identifier, Exp Bits-Realitive Value for priorotizing, Bottom of Label Stack - Single bit value for initial label. TTL

SCADA (supervisory control and data acquisition)

Large-scale, industrial-control systems. Longer distance

What is LOMMF?

Laser Optimized MMF. Same as VCSEL.

Change Managment - Documentation

Last Step Network Diagrams Floor Plans

Satellite Latency

Latency caused by distance of Satellite.

What Layer does a VLAN Work on?

Layer 2

Virtual Switch is at what layer?

Layer 2. Each NIC in a virtual environment gets its own MAC

Network Operations - Security Policy - Saftey Policy

Lifting equipment Equipment Handling Spills

Protecting Networks - Network Hardening - Port Security - DHCP Snooping

Like DAI, Share same Database as DAI List of MAC Addresses of DHCP servers and clients.

What is Link State when refeering to routing?

Link state dynamic protocol routers advertise. If diffrence detected then routing tables are changed.

At Vista Windows uses LLMNR

Linked Local Multicast Name Resolution. UDP 53,55 Improved name resolve service.

Disaster Recovery and Backup - Methods - File Attribute

Linux - stat Windows attrib

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Log Files

List who was in.

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Locks

Locks - Key Managment Inventory of all keys

Cloud provider's reporting

Log, Monitor and fire alerts based on account activity and changes to resources.

Protecting Networks - CIA Protecting Data - CIA Protecting Data - Availability

Make sure the authorized people can get to the Data.

Protecting Networks - Password Attacks - Stopping Attacks

Make sure there is a password policy in effect. Brute force and Dictionary Train users best way.

Certificate types

Make your own certificate known as Unsigned certificate. Web of Trust and PKI

Benefit of IPv6 Aggregation

Makes IPv6 Faster than IPv4 Lower latency

Network Operations - Change Managment

Making sure that everyone on Network is aware of changes to the network.

Protecting Networks - CIA Protecting Data - Confidentiality

Making sure that only the people that need the data have access to it. Tools: -Encryption -Pricipal of Least Privelage

Protecting Networks - Physical Security - Physical Controls - Preventative Controls - Man Trap

Man Trap

Protecting Networks - Vulnerbilities - Zero Day - Exploit

Method to attack systems with previously unidentified vulnerability

Data Center:Cost of entry to SAN

Minimum is around 50k.

Points of Failure - Critical Assest - High Availabiltiy

Network keeps working with no downtime or interruption

Reverse Lookup Zone

Network ID Backwards. If there is an IP address, looks for the FQDN in.addr.apra

What are the 3 components of a Subnet Address?

Network ID, Subnet ID and Host ID

Network Operations - Forensics

Network Tech is a first responder. Need to know your Incident Response

Protecting Networks - Defense in depth - Networking layer

Network segmentation enforcement Network access control -Limit communication between resources. -Deny by default. -Restrict inbound internet access and limit outbound, where appropriate. -Implement secure connectivity to on-premises networks.

You have selected an SFP+ 1310 nm Tx and 1490 nm Rx transceiver to implement a BiDi link between two switches. Should you provision a second SFP+ 1310 nm Tx and 1490 nm Rx for the other switch?

No, you need an SFP+ module with 1490 nm Tx and 1310 nm Rx.

Network Operations - Documentation

Non-Disclosure (NDA) Memorandum of Understanding (MOU) Bring Your Own Device (BYOD) Statement of Work (SOW)

What are the severity levels and the range?

OBJ-3.1: The severity levels range from zero to seven, with zero being the most severe and seven being the least severe. Level 0 is used for an emergency and is considered the most severe condition because the system has become unstable. Level 1 is used for an alert condition and means that there is a condition that should be corrected immediately. Level 2 is used for a critical condition, and it means that there is a failure in the system's primary application and it requires immediate attention. Level 3 is used for an error condition, and it means that something is happening to the system that is preventing the proper function. Level 4 is used for warning conditions and it may indicate that an error will occur if action is not taken soon. Level 5 is used for notice conditions and it means that the events are unusual, but they are not error conditions. Level 6 is used for information conditions and it is a normal operational message that requires no action. Level 7 is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

What grade of SMF Fiber optic cable is used indoors?

OS1

What Grade of SMF Fiber optic cable is used outdoors?

OS2

What is the order of colors for the 568B standard?

OW Or GrW Blu BluW G BrW Br

Toredo Tunneling

Older version of tunneling. Free Lets you go from IPv4 to IPv6

When can you use double colons? :: for two consecutive strings of 0s?

Once in an IPV6 number

Video Confrencing

One Way enables meeting between geographically separated people who use a network such as the internet to transmit video/audio

Patch Panel

One end of Horizontal Run

What are the two addresses in IPv6?

One is Link Local and the other is the Internet address

UC gateway

One of three components of a UC network, it is an edge device used to add extra services to an edge router.

UC Server

One of three components of a UC network, it is typically a dedicated box that supports any UC-provided service.

UC Device

One of three components of a UC network, it is used to handle voice, video, and more.

Greenfield mode (mode 0)

Only 802.11n devices can talk

Why was PAP replaced by CHAP for PPP connections?

PAP sent usernames in the clear.

What is Port Address Translation (PAT)

PAT is a function that allows multiple users within a private network to make use of a minimal number of IP addresses. Its basic function is to share a single IP public address between multiple clients who need to use the Internet publicly. It is an extension of network address translation (NAT).

What are 3 transporting options through a VPN

PPTP 1723 IPSec 500 4500 SSL 443

Data Center:What is a SAN Pod?

Pods consist of one rack with multiple servers connected to one top-of-rack switch (or two for redundancy)

PTR

Pointer Record to Mail Server in Reverse Loookup Zone

PTR

Pointer record, points to

Network Monitoring - Documenting Logs - Windoes Event Viewer

Popular for Windows.

Protecting Networks - Malware - Adware

Populates screen with ads. Use Alt F4 to close. Not x

What port does NTP use?

Port 123

The FTP's Control Connection for administering a session is established through:

Port 21

UC Ports MGCP Media Gateway Control Protocol

Port 2427 and 2727

STARTTLS Now

Port 587

You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their laptop to that same switch port. Which of the following security features would BEST accomplish this goal?

Port Security

PKI

Public Key Infrastructure - Uses hierarchiacal structure with root servers

Data Center:What does SAN provide?

Redundancy, Power and Saftey.

Scalability

Refers to how well a system can adapt to increased demands in cloud.

Slow Down Tools

Resource Monitor Check properties of Wireless NIC

Unmanaged Switch

Retail Store version of switch GUI Interface IP on Bottom

Protecting Networks - Physical Security - Detection Methods - Bio Metrics

Retinal/Iris Scanner Cell phone - Fingerprints, Voice, Face

You are trying to select the BEST network topology for a new network based on the following requirements. The design must include redundancy using a minimum of two cables to create the network. The network should not be prone to congestion, therefore each device must wait for its turn to communicate on the network by passing around a token. Which of the following topologies would BEST meet the client's requirements?

Ring

Network Operations

Risk Managment Documentation Training Contingency Planning Multi-Device Policies

Risk Managment - Security Assesment - Vulnerability Assessment - Posture Assessment

Risk Posture Threat factors Map of overall Security for the network.

Patching - Firmware

Risky updates Can Brick device Applies to many devices

DHCP Snooping is what?

Root Bridge is configured with a specific port to allow access to the DHCP server. If another DHCP server gets on another port, the port is disabled.

What is a distance vector?

Rotung protocols for sharing Router information. Sends entire routing table to other routers.

A router has not been configured properly, and as a result, packets are not reaching their destination. What could be the cause of this?

Route Mismatch

Which device forwards frames between Networks

Router

Home routers are four devices in one. List them.

Router Switch Wireless Access Point DHCP Server

Protecting Networks - Network Hardening - Port Security - Router Advertisement (RA) - Mitigating

Router Advertising Guard. Prtects against rogue advertisements

Protecting Networks - Dmilitarized Zone (DMZ) -Bastion Host

Router that is exposed to public internet. Treat and use a seperate router for local network.

What are 3 componets of the Network Layer

Router, IP Address, Packet

RIP

Routing Internet Protocol Dynamic Routing Protocols, Counts hops to destination and removes the route with more hops from the router table. Rip is limited to 15 hops. Rip is a distance Vector Protocol

To provide encryption on a tunnel you can do what?

Run the data from the computer through an encryption app then to the tunnel. Piggy backing.

Data Center:Network Attached Storage

Runs tight operating system Linux is common Runs over regular network Shows up as normal drive

What type of connector is shown in this picture?:

SC or Subscriber Connector. It is a push/pull design for quick insertion and removal. Used for single or multi-mode. Common for Gigabit Ethernet

Which of the following answers refers to a solution that simplifies large network infrastructure management through the use of software?

SDWAN

2nd Generation MSA was the

SFP - Small Form-factor pluggable. SFP+ is an improved version.

SSTP

Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.

Forensics responsibility

Secure state of media -Remove all doubt of unintentional or intentional

Forensics - Four Steps

Secure the area Document the scene Collect evidence Interface with authorities.

Network Operations - Risk Managment

Security Risk Business Risk

abnormal warnings of high error rate or utilization might signify what?

Security breaches ofr broken equipment.

Authentication and authorization take place at the:

Session Layer

Which OSI layer assumes the responsibility for opening, closing, and maintaining connections between applications?

Session Layer

Web of Trust Certificate

Several members of web of trust provide trust. Takes lots of maintenance.

A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?

Shared Secret mismatch.

Dotted Decimal Notation

Shorthand used reprsent 32 bits. There are 256 combinations 0-255

Protecting Networks - Social Engineering - Dumptser Diving

Shred documents

antenna cable attenuation

Signal loss caused by an external antenna connected to an access point over cabling.

Protecting Networks - Social Engineering - Shoulder Surfing

Someone looks over your shoulder. Get privacy filter on your monitor Be aware.

MFA Attriubutes

Something you do. Something you exhibit Someone you know - Trust Somewhere you are

Which of the following answers refer to the OSI layer 2 header data? (Select 2 answers)

Source and Destination MAC

STP

Spanning Tree Protocol Sends Bridge protocol data units to let the other switches know which switch is the lead.

antenna type

Specially arranged metal wires that can send and receive radio signals, typically implemented as either an omnidirectional or a unidirectional type.

TIA Standards

Specifies wiring standards for structured cabling.

A technician just completed a new external website and set up an access control list on the firewall. After some testing, only users outside the internal network can access the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using its internal IP address?

Split horizon or split view DNS

Protecting Networks - Wired Man in the Middle - Get in the Middle

Spoofing -Spoof MAC -IP Spoof -DNS Spoof

Points of Failure - Critical Assest - High Availabiltiy - Failover - Redundancy - Fault Tolerance - Load Balancing

Spread data amoungst multiple devices before reaching centralized location.

A small business has Internet service that provides three static IP addresses. The customer has assigned one of the static addresses to a Web server that he wants to make available on the public Internet. The server is on-premises on the private side of a router. What service on the router can enable the public to access the Web site from one of the static IP addresses?

Static NAT Static Network Address Translation - Sends specific traffic to one Internal address.

What 2 ways can a switch learn a MAC Address and the port it is on?

Statically or dynamically

What are two ways to load the CAM in a switch?

Statically or dynamically. Statically, the MAC and port are entered manually. Dyanmically, the switch senses the MAC. In an empty table, the first MAC is broadcast to the domain, when the second MAC sends back the packet to the first MAC, its address is added to the CAM. These two ports are then left out of the broadcast when this occurs again until all ports have a CAM entry.

What is used to protect a Fiberoptic Cable from rodents gnawing throught the cable?

Steel shield or armor.

Data Center:SAN

Storage Area Network. A specialized network of high-speed storage devices. Block level.

Patch Cable- Stranded or Solid Core

Stranded

What is the highest strata?

Stratum 0 - Atomic Clocks, GPS System Stratum 1 - Servers that synchronize to within a few milliseconds of Stratum 0 Stratum 2 Clients - Sligghtly less synchronized that 1 Strtum 3 Clients- Slightly less synchonized than 2 There are 15 Strata

Protecting Networks - System Life Cycle - Asset disposal - Hard Drives

Strong Magnet Shred

Points of Failure - Critical Asset

Stystems needed to maintain production.

How does STP elect the Root Bridge?

Switch with lowest Bridge ID, which is the Bridge Priority value + Mac Address. Packed in a Bridge Protocol data unit. BPDU

Switch Port Protection

Switches do not have IP addresses. They work at Layer 2.

UC Ports SIP Session Initiation Protocol

TCP Ports 5060 and 5061

UC Ports H.323 ITU Protocol for Switching audio

TCP port 1720

Which of the following ports is used by HTTPS?

TCP port 443

What Layer does ICMP work at?

TCP/IP model Layer 3 OSI Model Layer 3 (Network)

Network Monitoring - SNMP - Trap

TCP/UDP 162 Setup on device Sends info to NMS

The UPS that provides backup power to your server is malfunctioning because its internal battery has died. To replace the battery, you must shut down the server, unplug it from the UPS, and unplug the UPS from its power source (the wall outlet). You perform these actions but think that there has to be a better way to increase the server's availability in the future. Which of the following recommendations would BEST increase the server's availability based on your experience with this UPS battery replacement?

The BEST recommendation would be to install a redundant power supply in the server.

On a switched network, what configuration changes must be made to allow a host to sniff unicast traffic from all hosts connected to a switch?

The switch must be configured to mirror traffic to the sniffer's port.

Protecting Networks - Social Engineering - Mitigation

Train the users.

What are the characteristics of S/FTP cable?

This is a twisted pair type of copper cable using a braided outer screen and foil shielding for each pair to reduce interference.

Something has changed and now no one within the organization can access the Internet. The ISP has checked everything beyond the demark and found no problems. Which are likely culprits for the outage?

Throttling Policy Customer-Premises equipment Router Configurations

Data Center:FreeNaS

Tool to setup network storage.

Data Center:Floor Plan

Top Down view of Data Center

Data Center:Access/Ege

Top-of-Rack switches server only servers on the one particular rack.

Which three means of establishing a theory of probable cause refer to the OSI model?

Top-to-bottom\ bottom-to-top OSI model. Divide and conquer.

asymmetrical routing

Topology where the return path is different to the forward path.

Protecting Networks - Malware - Spyware

Tracks thing. Key logger Software key logger Hardware key logger - plugs into USB

Voltage Monitor

Tracks voltage over time to check for electrical issues.

Data Center:Southbound traffic

Traffic coming into the datacenter.

SD-WAN - software-defined wide area network

Traffic over the internet. MPLS Features with security. Abstracted, centralized control of networking devices that manage network functions across a diverse infrastructure.

Network Monitoring - Zabbix

Triggers can be set for exceptions against baseline.

adjacent channel interference (ACI)

Troubleshooting issue where access points within range of one another are configured to use different but overlapping channels, causing increased noise. Also called channel overlap.

Protecting Networks - Social Engineering - Tailgating/piggybacking - Mitigation

Turnstile Access Control Vestibule (mantrap)

How many pairs of wires in the cable does 100BaseTX use?

Two Pairs. Fuill Duplex

Duplex mis-match

Two computers connected with a crossover cable. Need to go to Device Manager and change duplex ffrom auto to 1/2 on both systems.

Speed mis-match

Two different speed switches. Speed lights will show two different speeds. No data will flow. This is an older problem and modern switches are auto-speed.

How many firewalls in a dMZ

Two firewalls. One routes pot 80 traffic or whatever port the server application needs. The other isolates the private network through firewall rules.

Change Managment - Change Request

Type of change Configuration procedures Rollback process Potential Impact Notification

application-specific integrated circuit (ASIC)

Type of processor designed to perform a specific function, such as switching.

Flood Guard

Type of switch feature a denial of service (DOS) attack and turn the port off.

Disaster Recovery and Backup - Methods- Snapshots

Typically on Virtual Machines - Traditionally not stored on another medai.

Dynamic Host Configuration Protocol (DHCP) runs on: (Select 2 answers)

UDP port 67 and 68

Data Center:Power

UPS PDU Power Distribution Units Distribute power to devices

Rouge Access Point/Rouge AP

Unauthorized Access point

What is a DHCP offer?

Unicast DHCP address sent back to the client MAC

Protecting Networks - Firewalls - UTM

Unified Threat Managment is a group of functions like firewall, malware detection, VPN Endpoint, Proxie.

Addressing (Network)

Unique identifier for a network node, such as a MAC address, IPv4 address, or IPv6 addres

Network Monitoring - Documenting Logs - Syslog

Unix/Linux Stanardized Format Errors go from 0 to 7 Interactive syslog Viewer Works with SNMP

Protecting Networks - Firewalls - Stateless - Weaknesses

Unsolicited packets comes in, say on a port there is no setting for, causes issues. All the stateless router knows is the ip and port number.

How fast is the data capibility of an SMF Cable?

Up to 100 gps

A 50 Micron OM2 Cable is rated for what speed?

Up to 1gps and uses LED transmitters.

Protecting Networks - Vulnerbilities - Zero Day - Mitigation

Update systems Only use applications essential to your org. Use a firewall Educate Users

DCS (Distributed Control System)

Used to control industrial processes such as electric power generation, oil and gas refineries, water and wastewater treatment, and chemical, food, and automotive production. A hiearchey of ICS Systems.

Business Risk Assessment

Used to identify, understand, and evaluate potential hazards in the workplace

Reverse Lookup Zones

Used to map an IP to a hostname.

TACACS+

Uses TCP Port 49 TACACS+ User goes to TACACS+ Client which goes to TACACS+ Server

Protecting Networks - Wired Man in the Middle - Get in the Middle - ettercap - Penetration Testing Tool

Uses poisons

RADIUS

Uses ports 1812-1813 and 1645-1646 both UDP

Automation in IaC

Using code to set up (provision) and maintain systems in a consistent manner without having to make manual changes.

Orchestration

Using code to setup (provision) and maintain systems in a consistent manner without having to make manual changes.

Which step follows "Implement the solution or escalate as necessary" in the troubleshooting methodology?

Verify full system functionality, and if applicable, implement preventive measures.

OSCP

Verifys each time if set. Good way to verify that you have a good certificate.

What is VCSEL

Vertical-Cavity Surface-Emitting Lasers

What kind of lease should a Public WiFi have?

Very short. If not you can exhaust your IP Scope.

ICS Interface

Where people talk to the ICS Server

Presence

Who is there who is not.

Identification

Who you are.

Secure error from browser to website.

Will cause certificate error exists. Happens when certificate for a web server is self signed. 443 error

Protecting Networks - System Life Cycle - Asset disposal - Hard Drives

Wipe with DoD 5220.22M

Deployment Models - BYOD - Policy - MDM - Middle Ground

Wipes company data, keeps yours.

Protecting Networks - Ettercap Tool

Wired Network Tool for Penetration Testing. Allows spoofing and DoS attacks.

WLAN

Wireless Local Area Network

802.11

Wireless Standard Radio waves to transmit network information between wireless nodes.

CISCO Commands

YOST Cable/Console Cable Use Serial Connection switch>enable (gives privelage mode) switch#show running-config switch#show interface fa 0/1 runts-under packet size giants-over size packt switch#show ip route switch#copy run start (saves changes)

What color is a Single-Mode Fiber Optic Cable

Yellow

Can tunnels encapsulate unencrypted protocols

Yes

Do you need one NS for a domain?

Yes, you need a Name Server for each Zone or Domain

How do you connect VLANs?

You can use a seperate router or inter VLAN routing.

Network Monitoring - Interface statistics or Interface Data - Applications

Zabbix LibreNMS Grafana SolarWinds Nagios Spiceworks

Software as a Service (SaaS)

delivers applications over the cloud using a pay-per-use revenue model

Time Division Multiple Access (TDMA)

divides each channel into six time slots. Each user is allocated two slots: one for transmission and one for reception. This method increases efficiency by 300 percent, as it allows carrying three calls on one channel

MSA 1st Gen

gBic 2 connectors

Michael, a system administrator, is troubleshooting an issue remotely accessing a new Windows server on the local area network using its hostname. He cannot remotely access the new server, but he can access another Windows server using its hostname on the same subnet. Which of the following commands should he enter on his workstation to resolve this connectivity issue?

nbtstat -R Since this is a Windows-based network, the client is likely attempting to connect to the servers using NetBIOS. NetBIOS stores a local cached name table in the LMHOSTS file on each client. If the entry in the client file is pointing to the wrong IP, this could cause the connectivity issues described. Therefore, the system administrator should enter the "nbtstat -R" command to purge and reload the cached name table from the LMHOST file on their Windows workstation.

TCP/IP Apps

ping: sends IP packets to check network connectivity tracert: similar to PING but returns path information to an IP address destination; in macOS & Linux the command is traceroute nslookup: gathers the network's DNS (domain name system/server) information ipconfig: displays TCP/IP network information on a computer; in macOS & Linux the command is ifconfig iptables: Linux command to put rules in place for packet filtering for the Linux kernel firewall netstat: displays a list of active TCP connections on a local network tcpdump: a data-network packet analyzer computer program that runs under a command line interface (CLI). Displays TCP/IP & other packets being transmitted or received over a network to which the computer is attached. pathping: used to combine the functionality of ping & tracert. It is used to locate spots that have network latency & network loss. nmap: used to discover hosts, services, & operation system detection on computer networks by sending packets and analyzing the responses route: allows you to make manual entries into network routing tables. It distinguishes between routes to hosts and routes to networks by interpreting the network address of the destination variable, which can be specified either by symbolic name or numeric address. arp: displays & modifies entries in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more tables that are used to store IP addresses & their resolved Ethernet or token ring physical addresses. dig: performs DNS lookups & displays the answers that are returned from the queried name server(s).

Public Cloud

promotes massive, global, and industrywide applications offered to the general public

ssocircle

provides a variety of service provider SP samples.

Low Optical Link Budget

refers to low fiber-optic signal strength

Community Cloud

serves a specific community with common business models, security requirements, and compliance considerations

Private Cloud

serves only one customer or organization and can be located on the customer's premises or off the customer's premises

Can you use an LTE NIC on a USB Port

yes.

What to do for setting up a WiFi Network

you do a floor plan, site survey, heat maps, check capacity,


Set pelajaran terkait

3.16 Quiz: Light and Photosynthesis

View Set

Chapter 4: Retrieve data from more than one table

View Set

RN Economic Influences Assessment

View Set