Network + Material Bank
Cat 6A
(Answer with cable) -Standard: 10GBASE-T -Maximum Supported Distance: 100 meters
Cat 5
(Cable type) -Standard: 100 BASE-TX, 1000 BASE-T -Maximum Supported Distance: 100 meters
Cat 5e
(Cable type) -Standard: 100 BASE-TX, 1000 BASE-T -Maximum Supported Distance: 100 meters
1000 Mbit/s Ethernet
(Transfer rate) -1000BASE-T -1000BASE-SX -1000BASE-LX
Cat 7
(cable type) -Standard: 10GBASE-T -Maximum Supported Distance: 100 meters
10Gbit/s
(how fast, not what cable) -10GBASE-T
Number of Subnets Formula
- 2ⁿ - n = number of 1's in the Subnet ID IGNORE
Number of Available Host Addresses Formula
- 2ⁿ−2 - n = number of 0's in the Host ID - Host ID can't be all 0's or 1's IGNORE
Star Network Topology
- A type of topology that has a central hub or computer
A network administrator updated an Internet server to evaluate some new features in the current release. A week after the update, the Internet server vendor warns that the latest release may have introduced a new vulnerability and a patch is in the works. What should the administrator do to mitigate this risk? downgrade the server and defer the new feature testing utilize WAF to restrict malicious activity to the internet server enable HIPS to protect the server until patch is released enable the host-based firewall on the internet server
downgrade the server and defer the new feature testing Since the vendor stated that the new version introduces vulnerabilities in the environment, it is better to downgrade the server to the older and more secure version until a patch is available.
When a criminal or government investigation is underway, what describes the identification, recovery, or exchange of electronic information relevant to that investigation? data transport first responder encryption eDiscovery
eDiscovery Process of elimination: Data transport is the transport of data while the First responder is the "first responder" and encryption is a method of putting data into a tunnel so it's completely secured. That leaves us with eDiscovery.
An administrator's router with multiple interfaces uses OSPF. When looking at the router's status, it is discovered that one interface is not passing traffic. Given the information below, what would resolve this issue? Output: Fast Ethernet 0 is up, line protocol is down Int ip address is 10.20.130.5/25 MTU 1500 bytes, BW10000 kbit, DLY 100 usec Reliability 255/255, Tx load 1/255, Rx load 1/255 Encapsulation ospf, loopback not set Keep alive 10 Full duplex, 100Mb/s, 100 Base Tx/Fx Received 1052993 broadcasts 0 input errors 0 packets output, 0 bytes 0 output errors, 0 collisions, 0 resets replace the line card enable the connection port put the IP address in the right broadcast domain set the loopback address set the OSPF to area 0
enable the connection port Since the line protocol is down, you will need to enable the connecting port to restore the connection.
An organization notices a large amount of malware and virus incidents at one satellite office, but hardly any at another. All users at both sites are running the same company image and receive the same group policies. What is MOST likely being implemented at the site with less issues? end-user awareness training vulnerability scanning consent to monitoring business continuity measures
end-user awareness training Users should have security awareness training and should have accepted and signed acceptable use policy (AUP) agreements. User awareness training is one of the most significant countermeasures the company can implement.
A technician is helping a SOHO determine where to install the server. What should they consider first? cable length equipment limitations environmental limitations compatibility requirements
environmental limitations SOHO stands for Small Office / Home Office. A SOHO network is typically a small network. Being a small network, it is unlikely that it will have a datacenter or even a dedicated server room. Therefore, they should consider the environmental limitations (power, space, and cooling) first.
A network technician needs to connect two switches. The technician needs a link between them that is capable of handling 10 Gbps of throughput. What type of media would be the BEST to meet this requirement? fiber optic cable CAT5e cable CAT3 cable Coax cable
fiber optic cable To achieve 10 Gbps, you should use CAT 6a or a fiber cable. Since CAT6a isn't an option, fiber is the best answer here. CAT 5e can only operate up to 100 meters at 1 Gbps of speed.
Full vs Incremental vs Differential backup
full, self explanatory, incremental is all files changed since last backup, differential is all files changed since last full backup
A client is concerned about a hacker compromising a network in order to gain access to confidential research data. What could be implemented to redirect any attackers on the network? Honeypot Content filter DMZ Botnet
honeypot A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data that appears to be a legitimate part of the site, but is actually isolated and monitored, and seems to contain information or a resource of value to attackers, who are then blocked.
ipconfig and ifconfig - View and manage IP configuration
ipconfig - Windows TCP/IP config ipconfig /all - Display all IP configuration details ipconfig /release - Release the DHCP lease ipconfig /renew - Renew the DHCP lease ipconfig /flushdns - Flush the DNS resolver cache ifconfig - Linux interface configuration
What Ethernet feature will allow increased FCoE network throughput as long as all network devices recognize its specific size? frame relay jumbo frame equal cost multipath QoS TCP offloading
jumbo frame By allowing jumbo frames, network throughput can be increased.
What is the network topology in which all nodes have point to point connections to all other nodes known as? Bus Mesh Star Ring
mesh A mesh network is a network topology in which each node relays data for the network.
netstat - Display network statistics
netstat -a - Show all active connections netstat -b - Show binaries netstat -n - Do not resolve names
Signal Interference Monitoring Command
netstat -e
nslookup and dig - Lookup information from DNS servers
nslookup <ip address> dig <ip address>
pathping - Combination of ping and traceroute
pathping <ip address>
ping- test reachability
ping - Test reachability to a TCP/IP address ping -t - Ping until stopped with Ctrl-c ping -a - Resolve address to a hostname ping -n - Send # of echo requests ping -f - Send with Don't Fragment flag set
A technician wants to implement a network for testing remote devices before allowing them to connect to the corporate network. What could the technician implement to meet this requirement? Honeynet quarantine high availability MAN network
quarantine Quarantine is where devices that do not meet the standards for the regular network can be placed. In this area, they can be checked before connecting to the main network.
A network architect is designing a highly-redundant network with a distance vector routing protocol in order to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize? hold down timers split horizon spanning tree route poisoning
route poisoning The Route poisoning setting in Cisco's Split Horizon is what prevents routing loops and shows the failed routes.
Route - View the device's routing table
route print
type subnetting (HAVE TO REDO SUBNETTING HERE)
subnetting
SSL/TLS VPN
tcp 443 Very lightweight VPNs that can just authenticate users with a login & password. Can be run even from a browser in most OSs.
RJ-11 Connector
- telephone jack - used to connect to modems on a computer - locking tab - resembles RJ-45 but smaller
Cable Crimper
-"Pinch" the connector onto a wire -Connect the modular connector to the cable -Metal prongs are pushed through the insulation
TDR/OTDR
-(Optical) Time Domain Reflectometer -Estimate fiber lengths, measure signal loss, determine light reflection, create wire maps -May require additional training
Your office is located in a small office park and you are installing a new wireless network access point for your employees. The companies in the adjacent offices are using Wireless B/G/N routers in the 2.4 Ghz spectrum. Your security system is using the 5 Ghz spectrum, so you have purchased a 2.4 Ghz wireless access point to ensure you don't interfere with the security system. To maximize the distance between channels, which set of channels should you configure your WAP to use?
-1,6,11 -Wireless access points should always be configured with channels 1, 6, or 11 to maximize the distance between channels and prevent overlaps.
100 Mbit/s Ethernet
-100BASE-TX (how fast, not what cable)
A network technician must replace a network interface card on a server. The server currently uses a multimode fiber to uplink a fiber switch. Which of the following types of NICs should the technician install on the server? 1000Base-LR 1000Base-FX 1000Base-T 10GBase-SR
-10GBase-SR -10Gbase-SR is a 10 Gigabit Ethernet LAN standard for operation over multi-mode fiber optic cable and short wavelength signaling. Remember, for the exam, "S is not single", meaning the ones that has a Base-S as part of its name designates it as a multimode fiber cable.
A technician has punched down only the middle two pins (pins 4 and 5) on an Ethernet patch panel. Which of the following has the technician cabled this port to be used with?
-10baseT -POTS is short for plain old telephone service. The technician was making a cable for a telephone to use, since it only requires two pins (send and receive).
Loopback Address
-127.0.0.1 -Usually the one above, used to send something back to yourself
Default Gateway
-192.168.1.1 -The IP of the router that allows you to communicate outside of the subnet
An administrator has a virtualization environment that includes a vSAN and iSCSI switching. What action could the administrator take to improve the performance of data transfers over iSCSI switches? the administrator should set the MTU to 9000 on each of the participants in the vSAN the administrator should configure the switch ports to auto-negotiate the proper Ethernet settings The administrator should configure each vSAN participant to have its own VLAN The administrator should connect the iSCSI switches to each other over inter-switch links (ISL)
the administrator should set the MTU to 9000 on each of the participants in the vSAN When using an iSCSI SAN (with iSCSI switching), we can improve network performance by enabling 'jumbo frames'. A jumbo frame is a frame with an MTU of more than 1500. By setting the MTU to 9000, there will be fewer but larger frames going over the network. Enabling jumbo frames can improve network performance by making data transmissions more efficient.
A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switchport 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switchport 8) and switch 3 (switchport 8) are connected to Switch 1 (switchports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router's other interface port (FastEthernet0/1). Based on the configuration described here, how many broadcast domains are there within this network?
-2 Broadcast domains -A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. Routers break up broadcast domains, therefore there are two broadcast domains in this network - one for each side of the router (the three switches makeup one broadcast domain, and the hub makes up the second broadcast domain).
T3 line speed
-44.736 Mbps
Tunneling IPv6
-6 to 4 addressing, sending an IPv6 based address through an IPv4 network -Requires relay routers -No support for NAT
Which of the following wireless standards should you implement if the existing wireless network only allows for three non-overlapping channels and you need additional non-overlapping channels to prevent interference with neighboring businesses in your office building?
-802.11ac -Wireless B and G only support 3 non-overlapping channels (1, 6, 11). Wireless N and Wireless AC supports 5 GHz spectrum which provides dozens of non-overlapping channels. 802.1q is used for VLANs, and is not a wireless networking standard.
A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. What is the MOST likely source of the problem?
-802.1q is not configured on the switch port -APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is a misconfigured switch port that the computer is connected to. The 802.1q protocol is used to configure VLAN trunking on switch ports.
You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The route has one port connected to a cable modem and one port connected to switch port #1. The hub's first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network?
-9 -Based on the description provided, there are 9 collision domains. Each port on the router is a collision domain (2), each port on the switch is a collision domain (8), and all of the ports on the hub make up a single collision domain (1). But, since one of the ports on the router is connected to one of the ports on the switch, they are in the same collision domain (-1). Similarly, the hub and the switch share a common collision domain with their connection to each other over the switch port (-1). This gives us 9 collision domains total: the 8 ports on the switch, and the 1 port on the route that is used by the cable modem.
Subnet Mask
-A 32-bit number that masks an IP address, and divides the IP address into network address and host address
VTP (VLAN Trunking Protocol)
-A Cisco-proprietary messaging protocol used between Cisco switches to communicate configuration information about the existence of VLANs, including the VLAN ID and VLAN name accross a network -Without it, VLANs would have to be configured and controled for each switch on the network -Can create VLANs on one switch, the VLAN server, allowing for centralized VLAN management
NS (Name Server)
-A DNS record that delegates a DNS zone to use the given authoritative name servers
FDDI (Fiber Distributed Data Interface)
-A LAN standard, defined by ANSI X3T9.5, that can run at speeds up to 200Mbps and uses token-passing media access on fiber-optic cable. -Can use a dual-ring architecture for fault tolerance
Metro Ethernet
-A WAN technology that sends Ethernet traffic across MAN connections.
VLSM (Variable Length Subnet Mask)
-A classless subnet mask that can be customized to a different length for each subnet based on the number of nodes on that subnet. -Considered like subnetting a subnet
DiffServ (Differentiated Services)
-A computer networking architecture that specifies a simple and scalable mechanism for classifying and managing network traffic and providing quality of service (QoS)
F-Connector
-A connector used with an RG-6 coaxial cable and is used for connections to a TV and has a single copper wire.
BNC Connector
-A connector used with thin coaxial cable -Some of these connectors are T-shaped and called T-connectors
ICMP (Internet Control Message Protocol)
-A core IP protocol that notifies the sender that something has gone wrong in the transmission process and that packets were not delivered. -Known as IP protocol 1
MIB (Management Information Base)
-A database used in network management that contains a list of objects managed by the NMS and their descriptions as well as data about each object's performance. -Is used for managing all entities on a network using Simple Network Management Protocol. It would allow whatever tool to correctly interpret the information received.
VPN concentrator
-A device that aggregates hundreds or thousands of VPN connections -Maybe even just one
NIU/Smartjack
-A device that determines the demarc -Can be used by a company for loopback tests and diagnostics -Also can be used for configuration changes
Flood Guard
-A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack. -Allows you to configure a maximum number of source MAC addresses on an interface.
stateless firewall
-A firewall capable only of examining packets individually. The firewalls perform more quickly than stateful firewalls, but do not keep use the context of where and why the data is coming from to adjust for blocking.
Stateful Inspection Firewall
-A firewall that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. -These work at the networking layer and are more secured than just packet filtering firewalls.
LAN (Local Area Network)
-A group of devices in the same broadcast domain
VLAN (Virtual LAN)
-A group of devices on the same broadcast domain separated logically instead of physically
IS-IS (Intermediate System to Intermediate System)
-A link-state routing protocol used within a network. -Classless routing protocol
VTP Domain
-A logical grouping of switches that share a common set of VLAN requirements -A switch can only be a memeber of one of these at a time
Networking Heat Map
-A map of a room, floor, or even a city overlaid by a graphical representation of a wireless signal. -Professional network administrators and regular home users alike use WiFi of these abstractions to find dead zones and make adjustments to achieve the desired coverage.
Split Horizon
-A method of preventing routing loops in distance-vector routing protocols -Prohibits a router from advertising a route back onto the interface from which it was learned -Used in RIP and EIGRIP
NAT (Network Address Translation)
-A method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device
DWDM (Dense Wavelength Division Multiplexing)
-A multiplexing technology that uses light wavelengths to transmit data. -Revolutionized the transmission of data over long distances. -Used in fiber optic communications -By sending multiple data streams at the same time can turn one transmission channel of 2.5Gbps upto 100Gbps with many channels (96)
MAN (Metropolitan Area Network)
-A network in your city -Larger than a LAN, often smaller than a WAN -Common to see government ownership
AS (Autonomous System)
-A network or a collection of networks that are all managed and supervised by a single entity or organization -A group of IPs under common control -Important point of reference for discussing IGPs and EGPs
LACP (Link Aggregation Control Protocol)
-A network specification that enables the bundling of several physical ports together to form a single logical channel. -Crucial for NIC teaming
66 Block
-A patch panel for analog voice and some digital links -Wire and a punch-down too, no additional connectors required -Generally replaced by 110 blocks, still seen in many installations
Channel Bonding
-A practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. -An 802.11n feature that allows two adjacent 20-MHz channels to be combined to make a 40-MHz channel. -Used heavily in WiFi implementations
CDMA (Code Division Multiple Access)
-A protocol standard used by cellular WANs and cell phones -Not open source, only used by a few companies now.
Default Route
-A route for when no other match, like a fallback static route -A remote site may have only one route -Can dramatically simplify the routing process
WPA Attack
-A security exploit in which a hacker uses a program to intercept a WPA key as it is communicated between stations and access points. -Aircrack-NG used for this -Send deauthentication packets from your device pretending to be the WAP, intercept the key when the device reauthenticates, decrypt the key -Brute force the key, since its encrypted. Allows you to get the password without any actual interaction with the WAP.
TKIP (Temporal Key Integrity Protocol)
-A security protocol created by the IEEE 802.11i task group to replace WEP. -Used in WPA, WPA2
CSU/DSU (Channel Service Unit/Data Service Unit)
-A service unit that sits between the router and the circuit -The CSU connects to the network provider the DSU connects to your router -Located on the demarcation point
DHCP Relay
-A services that relays DHCP requests to DHCP servers that exist in remote networks -Is used to proxy client requests for IP configurations across different network segments?
802.1Q VLAN Trunking
-A standard for tagging VLAN frames across a network -Adds a VLAN header in an Ethernet frame
VRRP (Virtual Router Redundancy Protocol)
-A standard that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the master router. If the master router fails, backup routers stand in line to take over responsibility for the virtual IP address. -Very similar HSRP, but HSRP is just for the default gateway
A network administrator needs to install a centrally-located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. Which type of firewall should the administrator install?
-A stateful network based firewall -A stateful firewall enhances security through the use of packet filtering and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network.
GRE (Generic Routing Encapsulation)
-A tunneling protocol developed by Cisco that is used to transmit PPP data frames through a VPN tunnel. GRE encapsulates PPP frames to make them take on the temporary identity of IP packets at Layer 3. To the WAN, messages look like inconsequential IP traffic.
Crossover Cable
-A twisted pair patch cable in which the termination locations of the transmit and receive wires on one end of the cable are reversed. -Used to connect two hosts directly, connecting one computer to another, one switch to another or a router to another router -Not used as much anymore as most devices have features that allow them to translate the data.
Straight Through Cable
-A twisted pair patch cable in which the wire terminations in both connectors follow the same scheme. -Pin 1 entry goes to Pin 1 exit and so on -Used commonly to connect a host to a client, connecting a printer to a router, computer to a router etc.
DB-25 Connector
-A type of connector with 25 pins that's commonly used in serial communication that conforms to the RS-232 standard.
DB-9 Connector
-A type of connector with nine pins that's commonly used in serial communication that conforms to the RS-232 standard.
Rollover Cable
-A type of twisted pair cable in which the terminations on one end are exactly the reverse of the terminations on the other end. -Are not intended to carry data but instead create an interface with the device. -Used for serial connections between routers and consoles or other interfaces.
PDU (Protocol Data Unit)
-A unit of transmission, different PDU at different OSI layers -Ethernet operates on a frame of data, doesn't know what's inside -IP operates on a packet of data, doesn't know whats inside
Remote Access VPN
-A user-to-LAN virtual private network connection used by remote users
PSK (Pre-Shared Key)
-A value (key) shared with another party so that they can encrypt messages to then be securely sent.
MPLS (Multiprotocol Label Switching)
-A very common WAN technology that supports IP packets, ATM cells and ethernet frames.
LWAPP (Lightweight Access Point Protocol)
-A wireless protocol created by Cisco that makes centralized wireless management possible. -Directs all wireless frames to the wireless controller by adding extra headers to the frames, but it is also considered a lightweight protocol because the headers are relatively small.
Multimeter
-AC/DC voltages -Continuity, wire mapping
A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2 traffic destined for the gateway is redirected to the employee's computer. This type of attack is an example of:
-ARP cache poisoning -ARP poisoning reroutes data and allows an attacker to intercept packets of data intended for another recipient. ARP attacks can be sent from any host on the local area network and the goal is to associate the host so that any traffic meant for something else will instead go directly to the attacker's PC.
A network administrator is comparing several different wireless technologies. To calculate the effective maximum file transfer rate instead of the theoretical, what should be measured? goodput latency throughput bandwidth
throughput Throughput is the measurement of the maximum amount of data that is able to be sent over a transmission path.
Your company has installed a guest wireless network in the break room. According to company policy, employees may only connect to the network and use it while on their lunch break. Which of the following policies should you have each employee sign to show they understand and accept the conditions of use for this guest network?
-AUP -An acceptable use policy (AUP), acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. In this scenario, this is the most appropriate policy to utilize.
Distribution Switch
-Acts as a connection between the core switch and the access switch -Ensures that packets are properly routed between subnets and VLANs -Layer 3
Router
-Acts as a layer 3 switch -Routes traffic between IP subnets -Connects diverse networks types
Mesh networking
-Ad Hoc devices work together to form a mesh "cloud" -Self forms and heals
What is used to define how much bandwidth can be used by various protocols on the network? traffic shaping high availability load balancing fault tolerance
traffic shaping Traffic shaping, also known as packet shaping, is the manipulation and prioritization of network traffic to reduce the impact of heavy users or machines from affecting other users.
You are working at the service desk as a network security technician and just received the following email from an end user who believes a phishing campaign is being attempted. *********************** From: [email protected] To: [email protected] Subject: You won a free iPhone! Dear Susan, You have won a brand new iPhone! Just click the following link to provide your address so we can ship it out to you this afternoon: (http://www.freephone.io:8080/winner.php) *********************** What should you do to prevent any other employees from accessing the link in the email above, while still allowing them access to any other webpages at the domain freephone.io?
-Add DENY TCP http://www.freephone.io ANY EQ 8080 to firewall ACL -There are two ways to approach this question. First, you can consider which is the right answer (if you know it). By adding the full URL of the phishing link to the browser's group policy block list (or black hole list), the specific webpage will be blocked from being accessed by the employees while allowing the rest of the freephone.io domain to be access. Now, why not just block the entire domain? Well, maybe the rest of the domain isn't suspect but just this one page is. (For example, maybe someone is using a legitimate site like GitHub to host their phishing campaign, therefore you only want to block their portion of GitHub.) The second approach to answering this question would be to rule out the incorrect answers. If you used DENY TCP to the firewall ACL answer, you would block all access to the domain, blocking legitimate traffic as well as the possible malicious activity. If you used the DENY IP ANY ANY to filter traffic at the IPS, you would block any IP traffic to ANY website over port 8080. If you added the link to the load balancer, this would not block it either. Therefore, we are only left with the correct answer of using a group policy in this case.
STP (Shielded Twisted Pair)
-Additional Shielding protects against interference -Shield each pair and/or the overall cable -Requires cable to be grounded
A network technician has designed a network consisting of an external Internet connection, a DMZ, an internal private network, and an administrative network. From which network segment should all routers and switches be configured to accept SSH connections?
-Administrative network allowing only admin access -Since the admin network is hidden behind firewalls (surrounding the DMZ), SSH connections from the admin network are inherently secure and therefore should be allowed to communicate with the other three networks.
IDS & IPS (Intrusion Detection/Prevention System)
-Alarms and prevents network breaches -Watches network traffic and analyzes -Much overhead
Broadband
-Alias for transmission across multiple frequencies -Can have speeds from 4Mbits/s to 250Mbits/s
Infrastructure based networking
-All devices communicate through an access point -Most common wireless communication mode
UTM (Unified Threat Management)
-All in one security appliances and technologies that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, DLP, content filtering, etc
Classful Routing
-All interfaces within the classful address space have the same subnet mask -Does not import the subnet mask -Requires more bandwidth than its counter part -Examples: RIPv1 and IGRP
EIA (Electronic Industries Alliance)
-Alliance of trade associations -Develops standards for industry -Standards start with RS-# (Recommended Standard) or EIA-#
MAC Filtering
-Allowing or disallowing devices based on their MAC address
DOCSIS (Data Over Cable Service Interface Specification)
-Allows for high bandwidth data transfer over an existing coaxial cable TV system -Allows internet speed to increase without having to completely replace coaxial cable networks
Load Balancers
-Allows you to determine service prioritization QoS (Quality of Service) -Application centric balancing -Generally, the process of distributing a set of tasks over a set of resources.
Hypervisor
-Allows you to run other operating systems over another -Complete segmentation from host OS is possible
802.11b
-Also an original 802.11 standard -Operates at the 2.4GHz range -11 Mbit/s -Better range than 802.11a -22MHz
Bandwidth
-Amount of frequency in use -20MHz, 40MHz, 80MHz, 160MHz
BRI (Basic Rate Interface)
-An ISDN digital communications line that consists of three independent channels: two B channels each at 64 Kbps and one D channel at 16 Kbps. ISDN BRI is often referred to as 2B+D -Used in telephone service
You have installed and configured a new wireless router. The clients and hosts can ping each other. The WAN is a 10Gbp/s cable connection. The wired clients have fast connections, but the wireless clients are slow to ping and browse the Internet. Which of the following is MOST likely the cause of the slow speeds experienced by the wireless clients?
-An access point experiencing RFI from fluorescent light bulbs -If interference in the wireless spectrum is occurring, more retransmissions will be needed (and thereby slowing speeds experienced). All the other answers will not cause a slow down of only the wireless network. And a high signal to noise ratio is a good thing on wireless networks.
MSA (Multisource Agreement)
-An agreement between multiple manufacturers to make products which are compatible across vendors, acting as de facto standards, establishing a competitive market for interoperable products.
A new piece of malware is attempting to exfiltrate user data through hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic?
-An application aware firewall -A Web Application Firewall (WAF) or Application Aware Firewall would be able to detect both the accessing of random ports and TLS encryption, and could identify it as suspicious, whereas Stateless would inspect port number being used by the traffic leaving. IDS only analyzes incoming traffic, therefore would not be able to see this activity as suspicious.
DDoS (Distributed Denial of Service)
-An attack on a computer or network device in which multiple computers send data and requests to the device in an attempt to overwhelm it so that it cannot perform normal operations. -This is the main reason threat actors have bot nets.
MITM (Man in the Middle)
-An attack where you have a device intercepting the traffic between two devices, moderating the flow. Can be done with ARP spoofing.
RJ-45 Connector
-An eight-position connector that uses all four pairs of wires -It is usually used for network connectivity
A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for Internet and email connectivity. What rule should the technician verify FIRST?
-An implicit deny is enabled -Implicit deny only allows certain traffic through that is specified by certain ports.
ODBC (Open Database Connectivity)
-An industry-standard protocol (API) that makes it possible for software from different vendors to interact and exchange data. -Driver, which processes function calls, submits SQL requests to a specific data source, and returns results to the application -Used with MS SQL server
PSTN (Public Switched Telephone Network)
-An international telephone system that carries analog voice data.
GSM (Global System for Mobile Communications)
-An open mobile networking standard -Uses SIM card -Replaced CDMA
A system administrator wants to verify that external IP addresses are unable to collect software versioning from servers on the network. Which of the following should the system administrator do to confirm the network is protected?
-Analyze packet captures -Captured packets show you the information that was travelling through certain files, etc. Packet sniffers detail the information they've received, so working through those would show if the external network shows or details software versions.
Packet Filtering
-Analyzes TCP packets to allow or deny the traffic based on an ACL -Defined on ingress or egress of an interface
DS3 line
-Another name for a T3 line -44.736 Mbps
While implementing wireless access points into the network, one building is having connectivity issues due to light fixtures being replaced in the ceiling, while all other buildings' connectivity is performing as expected. Which of the following should be changed on the access point for the building with connection issues?
-Antenna -Since only one building is having the issue, it is likely an issue with the antenna having radio frequency interference.
Peer to Peer Network
-Any network without a central file server and in which all computers in the network have access to the public files located on all other workstations -Like a crowed room or elevator where everyone hears each others conversations.
TCP and UDP Ports
-Any number between 0 - 65535 -Port numbers are for communication, not security -Need to know service port numbers well -TCP and UDP do not use the same port numbers, can be 123UDP or 123TCP
PRI (Primary Rate Interface)
-Associated with ISDN and includes 23 64-Kbps data channels and one 16-Kbps signal channel. In North America, it's called a T1 line. -is a telecommunications interface standard used on an Integrated Services Digital Network (ISDN) for carrying multiple DS0 voice and data transmissions between the network and a user
Zero Day Attacks
-Attacks where the vulnerability has not been detected of published -It signifies a major investment when a zero-day is burnt, its like a one time use power weapon.
SSO with Kerberos
-Authenticate one time -Lots of backend ticketing uses cryptographic tickets -Only works with Kerberos
AAA Framework
-Authentication, Authorization, and Accounting Security philosophy using identification (username), authentication (password otherwise proving credentials), authorization and accounting(resources used like data sent, login, time etc)
Social Engineering Principles
-Authority -Intimidation -Consensus/ Social Proof -Scarcity -Familiarity -Trust -Urgency
SLAAC (Stateless Address Autoconfiguration)
-Automatically configures IPv6 address
CSMA/CA (Carrier Sense Multiple Access Collision Avoidance)
-Avoids collisions for full duplex -Common to see RTS/CTS signals (Ready to Send/Clear to Send) -Solves "hidden node" problem
Your company wants to create highly-available data centers. Which of the following will allow the company to continue to maintain an Internet presence at all sites in the event that the WAN connection at their own site goes down?
-BGP -If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available.
Firewall Rules
-Based on ACLs, can be Source/Destination IPs, port number, time of day, etc -Usually in a logical path from top to bottom -An implicit deny if the traffic doesn't match anything in the ACL
The network technician has received a large number of complaints from users that there is poor network performance. The network technician suspects a user may have created a malicious flood on the network with a large number of ping requests. What should the technician do?
-Block all ICMP requests -Ping requests use the Internet Control Message Protocol to send operational information about a host or router. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting.
A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the Internet. What rule on the firewall should the technician configure to prevent student access to the Internet?
-Block all LAN to WAN traffic -By blocking all traffic from the LAN to WAN, it will prevent the students from accessing the Internet by blocking all requests to the Internet.
STP port states
-Blocking, not forwarding preventing a loop -Listening, not forwarding and cleaning the MAC table -Learning, not forwarding, just adding to the MAC table -Forwarding, data passes through -Disabled, admin turned off the port
Network Segmentation
-Breaking a network into pieces and putting various levels of security between those pieces -Physical, logical or virtual segmentation via VLANs, virtual networks, etc -Makes change control much easier
Michael is a system administrator who is troubleshooting an issue with remotely accessing a new server on the local area network. He is using an LMHOST file, which contains the hostname and IP address of the new server. The server that he cannot remotely access to is located on the same LAN as another server that he can successfully remote to. What output from the command line would BEST resolve the issue?
-C:\windows\system32> nbtstat -R Successful purge and reload of the NBT remote cache table -Since he is using a local LMHOST file, it is bypassing the DNS of the machine, and flushing the DNS will not solve the problem. In this case, purging the contents of the NetBIOS name cache and then reloads the #PRE-tagged entries from the Lmhosts file.
Dion Training has just installed a new web server and created an A record for DionTraining.com. When users try entering www.DionTraining.com, though, they get an error. You tell their network administrator that the problem is because he forgot to add the appropriate DNS record to create an alias for www to the root of the domain. Which type of DNS record should be added to fix this issue? PTR NS CNAME AAAA
-CNAME -CNAME records can be used to alias one name to another. CNAME stands for Canonical Name. A common example is when you have both diontraining.com and www.diontraining.com pointing to the same application and hosted by the same server.
A user was moved from one cubicle in the office to a new one a few desks over. Now, they are reporting that their VoIP phone is randomly rebooting. When the network technician takes the VoIP phone and reconnects it in the old cubicle, it works without any issues. What is the cause of the problem?
-Cable short -Since the VoIP phone works in one cubicle but not another one that is very close, it is likely the new cubicle has a short in the cable running to the network jack or from the jack to the VoIP phone. The network technician should test the new cubicle's network jack to ensure there isn't an issue with the wiring.
Duplicate IP Address
-Can cause DoS -DHCP did not work properly, not a panacea -Intermittent connectivity as two IP addresses effectively fight with one another for connection
IP Configuration Issues
-Can communicate to local IP addresses, but not outside subnets -No IP communication Local or remote -Communicate to some IP addresses but not others
Signal Reflection
-Can happen in wireless where signals can bounce off some surfaces. Very often depends on the frequencies and the surfaces -Too much of this can weaken a single, but can actually help a little with MIMO. -Antennas should be positioned to avoid reflection.
Signal Loss
-Can happen via attenuation, reflection, refraction etc. -Signal strength diminishes over distance -Loss of intensity as signal strength moves through medium -Electrical signals through copper, light through fiber, radio waves through the air.
Protocol/Packet Analyzer
-Capture and display network traffic -Use a physical tap or redirect on the switch
tcpdump
-Capture packets from the command line -Available in most Unix/Linux operating systems -Included with Mac OS X, available for Windows (WinDump) -Apply filters, view in real-time -Written in standard pcap format
CSMA/CD (Carrier Sense Multiple Access Collision Detect)
-Carrier Sense (Is there a carrier, is anyone communicating?) -Multiple Access (Is there more than one device on the network?) -CD (Collision Detect) -Half-Duplex switching standard -No longer used
Wireless LAN Controllers
-Centralized management of WAP via single pane of glass -Performance and security monitoring -Easy deployment of new access points
A network administrator recently set up a network computer lab and discovered some connectivity issues. The administrator is able to ping the fiber uplink interface, but none of the new PCs plugged into the switch respond to ICMP requests. What should the technician do next?
-Check if there are link lights on the ports -By checking the link lights on the ports, the administrator can verify if there is any activity on the network, if the ports are enabled, and if the Layer 1 components are working correctly.
DHCP T1 Timer
-Check in with the lending DHCP server at 50% of lease time for renewal
DHCP T2 Timer
-Check in with the lending DHCP server at 87.5% of the lease time for renewal
Troubleshooting IP Configurations
-Check your documentation, like the IP address, subnet mask, and gateway -Monitor the traffic, examining local broadcasts -Confirm that you are the subnet mask gateway fo everyone around you -Traceroute and ping can be used to test infrastructure
EAP-FAST (Flexible Authentication via Secure Tunneling)
-Cisco's proposal to replace LEAP framework -Lightweight and secure
VTP (VLAN Trunking Protocol)
-Cisco's protocol for exchanging VLAN information over trunks. -Allows one switch on a network to centrally manage all VLANs.
SFP and SFP+ (Small Form-factor Pluggable)
-Commonly used to provide 1/Gbits/s fiber -Can support up to 16Gbit/s -Common with 10Gbit/s ethernet
ARP (Address Resolution Protocol)
-Communications protocol that resolves IP addresses to MAC addresses -Can be used as CLI utility
A technician is testing a new web-based tool capable of generating automatic teller machine (ATM) cash and service availability reports. The web-based tool was developed by a consortium of financial institutions. Which of the following cloud delivery models is being described in this scenario?
-Community -A community or private delivery model would work best. A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. The scenario described is a community cloud created tool by the banking industry.
Codec
-Compression/Decompression or Coder/Decoder -Videoconferencing standard, included in hardware and/or software, used to compress or code video, audio, and data signals for transmission and decompress or decode the signal at the other end of the transmission.
Bus Network Topology
-Computers in such a network are linked using a single cable called a trunk or backbone
You have just moved into a new condo in a large building. Your wireless network is acting strangely so you are worried that it may be due to interference from the numerous other wireless networks in the building since each apartment has its own wireless access point. You want to determine what wireless signals are within the walls of your apartment and their relative strength. What technique should you utilize to determine whether the nearby wireless networks are causing interference with your own Wifi network?
-Conduct a site survey within your apartment -If you suspect interference within your apartment or other personal spaces, you should conduct a site survey to identify what wireless signals are emanating into your apartment and how strong their signals are. This will allow you to choose the least used frequency/channel to increase your own signal strength and reduce the interference to your own wireless network.
Jason wants to use his personal cell phone for work-related purposes. Because of his position in the company, Jason has access to sensitive company data which might be stored on his cell phone during its usage. The company is concerned about this but believes with the proper security controls in place it might be acceptable. Which of the following should be done to protect both the company and Jason if they allow him to use his personal cell phone for work-related purposes?
-Conduct real-time monitoring of the phone's activity and usage -While all four are good options, the BEST solution is to conduct real-time monitoring of the phone's activity since it is a technical control that could identify an issue quickly. The other options are all administrative controls (policies), which are useful, but would not actually identify if the sensitive data was leaked from Jason's phone.
Port Security Operation
-Configure a maximum number of source MAC addresses on an interface -You decide how many is too many -The switch monitors the number of unique MAC addresses
WPS Attacks
-Configure a wireless network without typing in the pass phrase -Push a physical or virtual button to reconfigure the WAP. -Possibly identify the 4 to 8 digit PIN on the device and use that. -You can brute force them most of the time for the PIN
A network administrator is configuring a VLAN across multiple switches. The administrator wants to configure the VLAN once and have that configuration propagate to all of the switches in the network. Which of the following should the administrator do?
-Configure the switches to utilize VTP -VLAN Trunking Protocol (VTP) shares VLAN information to all switches in a network.
NAS (Network Attached Storage)
-Connect to a shared storage device across the network -File level access
NAS (Network Attached Storage)
-Connected to a shared storage device across the network -File-level access
TCP (Transmission Control Protocol)
-Connection oriented with open and close setup -Reliable delivery because of error recovery -Manages out of order messages and retransmissions -Flow control from receiver end
UDP (User Datagram Protocol)
-Connectionless protocol -Unreliable delivery because no error recovery or retransmission -No flow control, data throughput determined by sender
Cable Tester
-Continuity testing -Identify missing pins, crossed wires -Not used for advanced testing
Damaged Cable Troubleshooting
-Copper cables are rugged but if out in the open can get stepped on or folded between a table and the wall. -Check to make sure cables are in good condition -Replace cable
A common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network is:
-Create an Evil twin. -Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network.
RR (Resource Records)
-DNS Record Type that records the database records of domain name services -Over 30 records types - IP addresses, certificates, host alias names, etc
MX (Mail Exchange)
-DNS record that gets the host name for the mail server
PTR (Pointer Record)
-DNS record that is the opposite of A and AAAA that takes and IP and gives the human readable domain
CNAME (Canoncial Name records)
-DNS record types is an alias of another name
SRV (Service Records)
-DNS records for finding a service -Where is the Windows Domain Controller? WHere is the instant messaging server? Where is the VoIP controller?
A, AAAA (Address Records)
-DNS records that defines the IP address of the host -A records are for IPv4 addresses -AAAA are for IPv6 addresses
TXT (Text records)
-DNS records with useful public information
Which WAN connection types might an Amplitude Modulation (AM) radio station have a detrimental effect on and cause interference?
-DOCSIS -DOCSIS is how cable modems operate by sending radio frequency waves over coaxial cables. AM frequencies can interfere with DOCSIS. The other answers all rely on networks, such as fiber, which are immune to radio frequency interference.
You have just moved into a new apartment and need to get internet service installed. Your landlord has stated that you are not allowed to drill any holes to install new cables into the apartment. Luckily, your apartment already has cable TV installed. Which of the following technologies should you utilize to get your internet installed in your apartment?
-DOCSIS modem -DOCSIS (Data Over Cable Service Interface Specification) is an international telecommunications standard that permits the addition of high-bandwidth data transfer to an existing cable television system. It is employed by many cable television operators to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. Most people today call these 'cable modems', but technically they are DOCSIS modems.
Which communication technology would MOST likely be used to increase bandwidth over an existing fiber optic network by combining multiple signals at different wavelengths?
-DWDM -Dense wavelength-division multiplexing (DWDM) is a high-speed optical network type commonly used in MANs (metropolitan area networks). DWDM uses as many as 32 light wavelengths on a single fiber, where each wavelength can support as many as 160 simultaneous connections.
OSI Layer 2
-Data Link Layer -Basic network language with DLC (Data Link Control) protocols like MAC -The switching layer
Multicast
-Delivers information one to many -Only interested systems -Very specialized, doesn't scale well
Multiplexing
-Designed as a means to send multiple data streams simultaneously through one transmission medium.
Dynamic Routing Protocols
-Determines the best route to a location -Updates in real time upon network change -Many different kinds, have to determine which one to use
IPS Signature Management
-Determining what happens with unwanted traffic -Usually thousands of rules -Takes time to tweak and sift through alerts and noise
Frequency Mismatch
-Devices have to match the access point, 2.4 GHz, 5 GHz -Verify the client is communicating over the correct channel, This is normally done automatically, May not operate correctly if manually configured -Older standards may slow down the newer network, 802.11b compatibility mode on 802.11n networks -Every access point has an SSID -This can be more confusing than you might think, Public Wi-Fi Internet, Guest Internet, Internet
Troubleshooting duplicate IP addresses
-Did you assign one IP to multiple devices, you should check. -Should ping a static IP before addressing it -Find out how many DHCP servers are responding
Wardriving
-Driving around and correlating Wi-Fi networks with GPS coordinates.
A wireless technician wants to configure a wireless network to identify itself to visitors by including the word "Guest" in the name. This wireless network needs to provide coverage to the entire building and will require 3 wireless access points working together to accomplish this level of coverage. What would allow users to identify the wireless network by its displayed name as a single network?
-ESSID broadcast -With an ESSID (Extended Service Set), a wireless network can utilize multiple wireless access points (WAPs) that can broadcast a single network name for access by the clients. A BSSID (Basic Service Set) can only utilize a single WAP in each wireless network.
VLAN Switch Configuration
-Each port should be assigned a VLAN -A non-tagged frame is on the default VLAN -Trunk ports must tag outgoing frames
GBIC (Gigabit Interface Converter)
-Early transceiver common for gigabit and fiber networks
Dion Training has created a guest wireless network for students to use during class. This guest network is separated from the corporate network for security. Which of the following should be implemented to require the least amount of configuration for a student to be able to access the Internet over the guest network?
-Enable SSID broadcast for the guest wireless network -Since security was not listed as a requirement for the guest wireless network, it would be easiest to not setup any encryption, passwords, or authentication mechanisms on the network. Instead, you should simply enable the SSID broadcast for the guest network so students can easily find and connect to it.
A network technician is troubleshooting connectivity problems between switches but suspects the ports are not properly labeled. What option will help to quickly identify the switches connected to each port?
-Enable port discovery protocol on network devices. -By enabling a discovery protocol on the network devices, the technician will be able to get detailed information such as the IP addresses, system version, and the type of device information from supporting devices directly connected to the discovery protocol, therefore providing information about the specific routers.
Fibre Channel over IP (FCIP)
-Encapsulate Fibre Channel frames into IP -Geographically separate the servers from the storage
QSFP (Quad Small Form-factor Pluggable)
-Essentially 4 SFPs stacked -Upto 40Gbit/sec
Spoofing
-Essentially making something prentend it is something it is not -You will often MAC spoof to prevent someone from gaining info on you -IP address spoofing is used in DDoS attacks
A company suffers an outage due to a bad module in a core switch. What is the NEXT step to conduct in troubleshooting?
-Establish a plan of action to solve the problem -We should establish a plan of action to solve the problem, since we already have a hypothesis (guess) as to the issue.
Jumbo Frames
-Ethernet frames with more than 1,500 bytes of payload -Increased transfer efficiency -All ethernet devices on route must support them
Disabling Unnecessary Services
-Every service is a potential vulnerability -Windows 7 has over 130 services by default -Windows 10 has over 240 -May require a lot of resource to know which ones should not be enabled
Yagi Antenna
-Extremely directional -High gain -Used in an outdoor environment for 802.11
Honeypots
-False targets for computer criminals to attack. -Attracts threat actors and traps them there
Firewall
-Filters traffic by port -Layer 4 device
Proxy Server Firewalls
-Firewalls that work by filtering at the application layer. -Provide the best internet experience and provide performance improvements. -Also called an application or gateway firewall. -Essentially turns a 2 device transaction into a 4 device transaction, each application SMTP, HTTPS must have its own virtualized sending and receiving server inside where the safety of the connection is evaluated there.
Broadcast Domains
-For broadcasting messages across the network, like ARP probes, operating system notifications, etc -Stops at router
Fiber Distribution Panel
-For permanent fiber installation, patch panel at both ends -The loop is called a service loop -is mainly used for accommodating fiber cable terminations, connections and patching
Punch-Down Tool
-Forces wire into a wiring block -Trims the wires and breaks the insulation
Network Switch
-Forwards and Drops frames based on destination MAC -Gathers constantly updating MAC list -Maintains loop free environment via RSTP (Rapid Spanning Tree Protocol, 802.1w)
Switch
-Forwards traffic based on data link addresses -May provide PoE
Which WAN technology relies on virtual circuits and point-to-multipoint connections?
-Frame relay -Frame Relay is a WAN technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology. It supports the use of virtual circuits and point-to-multipoint connections. It is commonly used to connect multiple smaller corporate office locations back to a larger centralized headquarters.
802.11 Management Frames
-Frames providing a number of Wi-Fi management features -AircrackNG still works because they did not provide these frames with any authentication mechanism.
You have been asked to connect three 802.11a devices to an 802.11g access point that is configured with WEP. The devices are within 20 feet of the access point, but they are still unable to associate with the access point. Which of the following is the MOST likely cause of the devices being unable to associate with the WAP?
-Frequency Mismatch -802.11a operates in the 5 GHz band while 802.11g operates in the 2.4 GHz band. Therefore, 802.11a devices will be unable to communicate with 802.11b or 802.11g access point.
Which protocol is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections? MPLS ESP GRE PPP
-GRE -Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.
WAN (Wide Area Network)
-Generally connects LANs across a distance and generally much slower than the LAN -Many different WAN technologies
802.11 Channels
-Groups of frequencies
Duplex
-Half-Duplex, devices cannot send and receive simultaneously -Full-Duplex, devices can send and receive at the same time, most switches are this
Expired IP Addresses
-Happens when a DHCP address lease expires and the DHCP server is down. -Client will give up the IP address at the end of the lease and an APIPA address is assigned
Overcapacity
-Has to do with device saturation -There are too many devices on one wireless network -Very common in large meeting places
Geofencing
-Has to do with restricting or allowing features when a device is in a particular area -Cameras may only work outside the office -Authentication only allows logins in a certain area
A college needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs. What type of antenna will provide the BEST coverage?
-High gain antenna (parabolic or Yagi) -High gain antennas put out increased signal strengths and therefore can reach further with less WAPs.
Bluetooth
-High speed communication over short distances -Generally used in PANs
InfiniBand
-High speed switching topology -Alternative to Fiber Channel -Popular use in research and super computers -Designed for very high speeds and low latency
Parabolic Antenna (Dish)
-Highly directional, very focused -Must be pointed -Also used to increase range often in outside environment like Yagi.
Z-Wave
-Home automation networking -Uses a wireless mesh networking, nodes can hop through other nodes on the way to the destination -Uses the ISM band, generally used for industrial, scientific, and medical applications
Which network device operates at Layer 1? Hub Bridge Router Firewall
-Hub -A hub is a layer 1 device and operates at the physical layer. Cables, hubs, repeaters, and wireless access points are all examples of layer 1, or physical layer, devices.
STP (Spanning Tree Protocol)
-IEEE 802.1D standard for preventing looping on a network -Looping occurs when two switches are connected with eachother and feedback continuously
RSTP (Rapid Spanning Tree Protocol)
-IEEE 802.1w -Updated version of STP -Faster convergence, similar process -Backwards compatible
802.1X
-IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. -Used to authenticate to a network -Works with RADIUS or TACACS
DHCP (Dynamic Host Configuration Protocol)
-IP address configuration service -Scalability is difficult -Uses the IPv4 broadcast domain
A network technician just finished configuring a new interface on a router, but the client workstations are not receiving the addressing information from the new interface. Which of the following should be added or changed to allow the workstations to connect to the new interface? TTL MX record IP helper DHCP lease time
-IP helper -DHCP IP Helper addresses enable a single DHCP server to provide DHCP IP addresses to every PC on the network, regardless of whether they are on the same broadcast domain as the DHCP server or not. DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a "middle man" which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address via unicast. By adding an IP Helper address to the new interface on the router, it will allow the DHCP broadcast requests to be forwarded to the workstations.
RIPv2
-IPv4 IGP -Not Proprietary -Distance-vector routing protocol
RIPv2 (Routing Information Protocol)
-IPv4 IGP -Not Proprietary -Distance-vector routing protocol
EIGRP (Enhanced Interior Gateway Routing Protocol)
-IPv4 and IPv6 IGP -Proprietary Parts -Distance-vector Routing protocol
OSPF (Open Shortest Path First)
-IPv4, IGP -Not Proprietary -link state routing protocol
OSPF (Open Shortest Path First) v2
-IPv4, IGP -Not Proprietary -link state routing protocol
OSPFv2 (Open Shortest Path First)
-IPv4,IGP -Not Proprietary -Link-state routing
OSPF (Open Shortest Path First) v3
-IPv6 -Not Proprietary -link state routing protocol
RIPng (RIP next generation)
-IPv6 IGP -Not proprietary -Distance-vector Routing protocol -Uses Hop count as a metric -Updates every 30 seconds -UDP 521
OSPFv3 (Open Shortest Path First)
-IPv6 IGP -Not proprietary -Link-state routing protocol
Network Troubleshooting Methodology
-Identify the problem. -Establish theory of probable cause. -Test the Theory to determine cause. -Establish plan of action to resolve the problem and identify potential effects. -Implement the solution or escalate as necessary. -Verify full system functionality and if applicable implement preventative measures. -Document findings, actions, and outcomes.
OSI Model (Open Systems Interconnection)
-Illustrates how a network device prepares data for delivery over the network to another device, and how data is to be handled when it is received
A technician just completed a new external website and setup access rules in the firewall. After some testing, only users outside the internal network can reach the site. The website responds to a ping from the internal network and resolves the proper public address. What can the technician do to fix this issue while causing internal users to route to the website using an internal IP address?
-Implement a split horizon DNS -Split Domain Name System (Split DNS) is an implementation in which separate DNS servers are provided for internal and external networks as a means of security and privacy management.
Disabling unused TCP and UDP ports
-Important for firewall management -Use a firewall to do this, important for general port filtering.
Disabling Unused Interfaces
-Important security measure to take so no one can get connections to enabled physical ports in conference rooms, break rooms, etc.
Classless Routing
-Imports subnet mask and in this triggered updates are used. -The subnet mask is not the same throughout -Examples: RIPv2, EIGRP, OSPF, and IS-IS
802.11ac
-Improvement over 802.11n -Operates at 5ghz band -Denser signaling modulation - Faster data transfers -Eight MU-MIMO streams, nearly 7 gigabits a second -40, 80, 160MHz
HSRP Active vs Standby
-In one of these configurations there is atleast one active and one standby router -The active A router handles all of the default gateway requests until... -The standby S will kick in if the active router goes down. -The standby
Physical Segmentation
-In this concept, devices like switches are physically separate from each other. Goes along with the idea of air-gapping. -Putting web servers in one rack and database servers in another -Customer A on one switch customer B on another
IR (Infrared)
-Included on many smartphones -Controls for entertainment center
Names Not Resolving
-Indications of this are a non-working web browser -If pinging an IP address works, this is not the problem.
stateful firewall
-Inspects traffic leaving the inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called stateful inspection. -Vulnerable to DDoS due to compute overhead
You are working as part of a network installation team. Your team has been asked to install Cat 5e cabling to some new offices on the second floor of the building. Currently, the office only has one network closet which is located on the first floor. Your team spent the morning running 48 new CAT 5e cables from a patch panel in the networking closet on the first floor to a new networking closet you are outfitting on the second floor. Your team terminated these cables in a new patch panel in the 2nd floor closet. You measured the distance from the switch in the 1st floor closet to the new second floor patch panel and determined it was 80 meters. The team then ran cables from this patch panel to each of the new offices. Some of the offices are working properly, but others are not. You suspect that some of the cable runs are exceeding the maximum length allowed by Cat 5e cabling. What is the BEST solution to this problem?
-Install a switch in the second floor networking closet to increase the signal -The best option is to install a switch in the networking closet on the second floor which can connect to the cables coming from the first floor closet and then to the cables on the second floor patch panel. This will act as a repeater to boost the signal strength over the Cat5e cable, effectively resetting the cable length to 0 meters before leaving the closet. While a repeater may be a good option, a switch is more effective in this case since there are so many cables and repeaters usually only work for an individual cable. A hub would similarly work, but would introduce a signal collision domain for 48 computers. This would drastically decrease the performance of the network. Finally, we don't want to include a switch in each office, as this is a bad security practice and an inefficient use of resources. It is easier to manage and administer a single, centralized switch in the network closet.
DCE (Data Communications Equipment)
-Interface devices such as modems on a Frame Relay network. -DSU, CSU -Gets synchronization clock rate ADD MORE
Several users at an adjacent office building report connectivity issues after a new building was built in-between the two offices. The network technician has determined the adjacent office building is connected to the main office building via an 802.11ac bridge. The network technician logs into the AP and confirms the SSID, encryption, and channels are all correct. Which of the following is MOST likely the cause of this issue?
-Interference -The most likely reason is interference from the new building being placed between the signal path. By process of elimination: Device saturation involves too many devices with too few sources, antenna type restricts the direction for the data to travel and the bandwidth saturation occurs if too many devices are on one WAN link.
A network administrator is troubleshooting an issue with unstable wireless connections in a residence hall. Users on the first and second floors report that the hall's SSID is not visible in the evenings. The network administrator has verified that the wireless system is operating normally. What is the cause of the issue being reported by the users?
-Internet router maintenance is scheduled - Process of elimination: the ARP attack would allow attackers to intercept data or stop all traffic; the SSID being set to hidden wouldn't just change during the day, and a jammer being used would show some possible "wrong" traffic in the logs of the wireless. Internet router maintenance would simply take the network down for the duration of the update/maintenance.
IGRP (Interior Gateway Routing Protocol )
-Is a distance vector interior gateway protocol (IGP) developed by Cisco. -It is used by routers to exchange routing data within an autonomous system. -Is a proprietary protocol. -Classful
PEAP (Protected Extensible Authentication Protocol)
-Is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. -Created by Cisco, Microsoft and RSA Security -Combined a secure channel and EAP
CoS (Class of Service)
-Is a way to manage multiple traffic profiles over a network by giving certain types of traffic priority over others. For example you can give Voice traffic priority over email or http traffic. -A part of managing QoS -Works on OSI layer 2 -Ethernet frame headers modified in an 802.1q trunk -Usually applied by a company's intranet
Port Forwarding
-Is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall
Packet Filter Firewalls (Stateless)
-It lets a packet pass or block its way by comparing it with pre-established criteria like allowed IP addresses, packet type, port number, etc -Packet filtering technique is suitable for small networks but gets complex when implemented to larger networks. -Cannot defeat attacks operating on the application layer
While installing new network equipment, a network administrator wants to add infrastructure to keep the cables organized in the environment. The administrator also needs cables to be easily removed or added due to the constantly changing environment. Which of the following should be added to the network's cable distribution plant to achieve this goal? Cable ties Raised Floor Ladder Trays Hook and loop straps
-Ladder trays -Ladder trays are a cost-effective alternative and allow for easy installation of cables by electricians as well as future access for adding or removing cable runs.
Access Switch
-Layer 2 switch, not high powered -Provides network access for work groups and users
Next-gen Firewall
-Layer 7 firewall -Deep packet inspection -Tons of overhead
Dictionary Attacks
-Like a brute force but using known words that are more likely to be a password.
CAN (Campus Area Network)
-Limited geographical area, a group of buildings -Your fiber in the ground, no third party provider
Point to Point Network
-Link between two resources. -Simplest form of a network. -Limits how devices can communicate with each other -A phone call is an example of one being established
Tripwire
-Linux FIM solution
iptables - Packet filtering
-Linux iptables - filter packets in the kernel -Simple data blocks - ignores state -Usually placed on a device or server
CSMA/CD Operation
-Listen for an opening, don't transmit data until then -If collision occurs, transmit jam signal to let everyone know, wait random amount of time and retry
Logic Bomb
-Logic left by someone waiting for an event to trigger, once it does it may erase data or cause something else adverse to happen. -Difficult to identify and recover from if done properly
Single-mode Fiber
-Long-range communication, Up to 100 km
SAN (Storage Attached Network)
-Looks and feels like a local storage device -Block level access -Very efficient with reading and writing
SAN (Storage Area Network)
-Looks and feels like a local storage device -Block-level access -Requires a lot of bandwidth, very efficient for reading and writing
A network technician is responsible for the basic security of the network. Management has asked if there is a way to improve the level of access users have to the company file server. Right now, any employee can upload and download files with basic system authentication (username and password). What should he configure to increase security?
-MFA -This security approach provides a defense layer that makes it difficult for an unauthorized user to break into a system. It provides multiple factors that a user must know in order to obtain access. For instance, if one factor is successfully broken, there will be few others that the individual attempting to enter the system must overcome.
A software company is meeting with a car manufacturer to finalize discussions. In the signed document, the software company will provide the latest versions of its mapping application suite for the car manufacturer's next generation of cars. In return, the car manufacturer will provide three specific vehicle analytics to the software company to enhance the software company's mapping application suite. The software company can offer its enhanced mapping application to other car manufacturer but must pay the car manufacturer a royalty. Which of the following BEST describes the document used in this scenario? MSA SLA MOU AUP
-MOU -MOU is a memorandum of understanding. This is the most accurate description based on the choices given.
Logical Network Maps
-Made with specialized software such as Visio, Omnigraffle, Gliffy etc -Useful for planning and collaboration on networks
An additional network segment is urgently needed for QA testing on the external network. A software release could be impacted if this change is not immediate. The request come directly from management, and there is no time to go through the emergency change management process. Which of the following should the technician do?
-Make the change, document the requester, and document all network changes -While this is a difficult situation, the best answer is to make the change, document the requester, and document all the network changes. Since the request came directly from management, if they have sufficient authority to authorize the change, it can be performed outside of the emergency change control process. This should be a RARE occurrence.
TIA (Telecommunications Industry Association)
-Makes commercial telecommunication building standards
A user is receiving certificate errors in other languages in their web browser when trying to access the company's main intranet site. Which of the following is the MOST likely cause of the issue?
-Man-in-the-middle -A man-in-the-middle attack is a general term for when a perpetrator positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is occurring.
PBX (Private Branch Exchange)
-Manages phone calls internally and externally for an organization -Lets companies save money by handling their own telecommunications routing -Can have 4 kinds of communication, Analog, Digital, VoIP and SIP -Will translate all data inputs to something PSTN can work with -Must use TSP or ISP to get to PSTN -Delivers multiple stations for 1 trunk line
MTU (Maximum Transmission Unit)
-Maximum IP packet size before fragmentation -Fragmentation slows things down, losing a fragment loses the whole packets -Difficult to know the MTU all the way through a route, often causes fragmentation issues if a hop has a smaller MTU than the sender, causing fragmentation -MTUs are normally configured once based on network infrastructure -Significant concern for tunneled traffic, tunnel may be smaller than Ethernet segment
Packet Shaping
-Method of prioritizing network traffic -Control by bandwidth usage or data rates -Set important applications to have higher priorities than other apps
TDMA (Time Division Multiple Access)
-Mobile newtorking technology that combines multiple streams into a single stream, and breaks them out again
DNS Poisoning
-Modifying the DNS to send a user somewhere else than where they would have gone otherwise. -If you make the target's DNS address = the attackers, you are now the traffic man.
OFDM, QAM and QPSK are all examples of what wireless technology?
-Modulation -Common types of modulation include Orthogonal frequency-division multiplexing (OFDM), Quadrature Amplitude Modulation (QAM), and Quadrature Phase-shift keying (PSK).
BGP (Border Gateway Protocol)
-Most commonly used EGP -Hybrid routing protocol
Jitter
-Most real-time media is sensitive to delay -Data should arrive at regular intervals -Voice communication, live video -If you miss a packet, there's no retransmission -There's no time to "rewind" your phone call -Jitter is the time between frames -Excessive jitter can cause you to miss information, "choppy" voice calls
Hub
-Multi-port repeater -Half duplex -Outdated
A client reports that half of the office is unable to access a shared printer on the network. Which of the following should the network technician use to troubleshoot the issue?
-Network Diagrams -Network diagram is a visual representation of a computer network. Understanding all the connections is a fundamental step in network troubleshooting. This baseline information can be used for anticipating future problems, as well as planning for future growth.
Kerberos
-Network authentication protocol, after authenticating one time you are good. It uses mutual authentication between client and server preventing man in the middle attack, used in windows. -Standard since the 1980s.
Dialup
-Network with voice telephone lines -56 kbit/s modems, compression up to 320 kbit/s -Legacy systems, network utility
Ad Hoc networking
-Networking with no pre-existing infrastructure -Devices communicate amongst themselves
UTP (Unshielded Twisted Pair)
-No additional shielding -Most common twisted pair cabling
dB loss symptoms
-No connectivity or signal Intermittent connectivity Poor performance -Signal too weak -CRC errors, data corruption Test each connection
PaaS (Platform as a Service)
-No servers, software, maintenance, etc -Someone else handles the platform you handle the development
Ring Network Topology
-Nodes connected along a single wire with no endpoints -A PHYSICAL ring has no technical advantage in LANs, so rarely used there; however, logical rings with star physical layouts (Token ring and Fiber Distributed Data Interface) are both used in LANs -Used in WAN environments where a fiber cable ring around a city provides a connection for telephone companies to service voice and data networks
A network technician is tasked with designing a firewall to improve security for an existing FTP server that is on the company network and is accessible from the Internet. Security personnel are concerned that the FTP server is compromised and is possibly being used as a platform to attack other company servers. What is the BEST way to mitigate this risk?
-Nove the server to the company's DMZ -The DMZ is the subnetwork of a network that hosts public-facing servers and has additional security added to it.
IPv4 Addresses
-OSI Layer 3 address -32 bits, 4bytes long, very limited address space
IPv6 Addresses
-OSI Layer 3 address -Groups of zeros can be abbreviated with a double colon :: -128 bites, 16 bytes, many more possible addresses
You have been hired by a company to upgrade their aging network. The network currently uses static routing for the internal network, but the organization wants to reconfigure it to use a dynamic routing protocol. The new dynamic routing protocol must support IPv4 and VLSM, at a minimum. Based on the requirements provided, which of the following routing protocols should you enable and configure?
-OSPF -Of the options provided, only OSPF supports IPv4 and VLSM (Variable Length Subnet Mask). The other protocols do not support VLSM. (Note: RIPv2 and above does in fact support VLSM.
Collision Domain
-On a network where Collision Detection (CD) would let all devices a collision had occurred -Nobody uses anymore because of CSMA/CA
SaaS (Software as a Service)
-On demand software -No local installation -Central management of applications
A NAC service has discovered a virus on a client laptop. What location should the NAC service put the laptop?
-On the quarantine network -Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. When NAC detects an issue with a client, it places them in a quarantine network.
IPAM (IP Address Management)
-One of the features introduced with Windows Server 2012 R2. Allows an administrator to customize and monitor the IP address infrastructure on a corporate network.
RADIUS (Remote Access Dial-in User Service)
-One of the more common AAA methods -Used to centralize authentication for all users -Services available on almost any server OS
802.11a
-One of the original 802.11 standards -Operates at 5ghz range -54 (Mbit/s) -Poor range -20 MHz
Broadcast
-One to everyone information sharing -On scope of broadcast domain -Routing updates, ARP requests -Not used in IPv6, uses multicast
Unicast
-One to one information sharing -Ex web surfing, file transfers -Does not scale optimally for streaming media
You are creating a wireless link between two buildings in an office park utilizing the 802.11ac standard. The antenna chosen must have a small physical footprint and a minimal weight as it will be mounted on the outside of the building. Which type of antenna should you install?
-Patch antenna -A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern. A yagi or directional antenna could also be used, but if the distance is smaller than about 300 feet between the buildings, using a patch antenna would be sufficient. For longer distances, a yagi would be utilized instead, but these do weight more and have a larger footprint.
SOCKS (Socket Secure)
-Performs at layer 5 -This is a protocol used for facilitating a proxy server. -Facilitates communication with servers through a firewall. -Designed to route any type of traffic generated by any program
Non-ephemeral ports
-Permanent port numbers 0 - 1023 -Usually on server or service
You are currently troubleshooting a network connection error. When you ping the default gateway, you receive no reply. You checked the default gateway and it is functioning properly, but the gateway cannot connect to any of the workstations on the network. At which layer of the OSI model do you believe the issue is occurring?
-Physical -Ping requests occur at layer 3 (Network layer). Therefore, the problem could exist in layer 1 (physical), layer 2 (data link), or layer 3 (network). Since Physical (layer 1) is the only choice from layers 1-3 given, it must be the correct answer. Also, since the gateway cannot reach any of the other devices on the network, it is most likely a cable (physical) issue between the gateway and the network switch.
OSI Layer 1
-Physical Layer -Signaling, cabling, connectors -Not about protocols, is the physics of the network
A network technician is asked to redesign an Ethernet network before some new monitoring software is added to each workstation on the network. The new software will broadcast statistics from each host to a monitoring server for each of the five departments in the company. The added network traffic is a concern of management that must be addressed. How should the technician design the new network?
-Place each department in a separate VLAN -Placing each of the departments on separate VLANs will help minimize the added network traffic. VLANs work by taking multiple physical hosts and LANs and configuring them to act as if they were attached to the same Ethernet switch.
PoE and PoE+ (Power over Ethernet)
-PoE IEEE 802.3af, 15.4 watts, 350 mA -PoE+ IEEE 802.3at, 25.5 watts, 600mA
During a recent penetration test, it was discovered that your company's wireless network can be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn't extend beyond the interior of your building while maintaining a high level of availability to your users?
-Power Level -The power level should be reduced for the radio transmitted in the wireless access points. With a reduced power level, the signal will not travel as far and this can ensure the signal remains within the interior of the building only. The other options, if changed, would affect the availability of the network to the currently configured users and their devices.
DAD (Duplicate Address Detection)
-Prevents duplicate IPs on IPv6
QoS (Quality of Service)
-Prioritizes traffic performance -Describes the process of controlling traffic flows -Many different methods across different network typologies -Managing the delay, delay variation (jitter), bandwidth, and packet loss parameters is the perfection of this.
Cloud Deployment Models
-Private, a virtualized data center -Public, available to everyone over the Internet -Hybrid, a mix of public and private -Community, several organizations share the same resources
Penetration Testing
-Professional hacking to access data and computing power without being granted access -Professional are hired to identify and repair vulnerabilities and only work once, given written permission to obtain ungranted access.
A company has added a lot of new users to the network that is causing an increase in network traffic by 200%. Original projection by the engineers was that the new users would only add 20-30% more network traffic, not 200%. The network administrator suspects that a compromise of the network may have occurred. What should the network administrator have done previously to prevent this network breach?
-Provide end user awareness training for employees -With new employees entering a company, often they are not fully aware of the company's Internet usage policy and safe Internet practices. Providing end user awareness and training for new employees help reduce the company's vulnerability to malicious entities on the Internet.
ISAKMP (Internet Security Association and Key Management Protocol)
-Provides a framework for authentication and key exchange and is designed to be key exchange independent -Like EAP for key exchanges -Protocols such as Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK) provide authenticated keying material with this framework
Root Guard
-Provides a way to enforce the root bridge placement in the network by not allowing a port to become a root port. -Protects against a rogue switch taking control of the spanning tree.
Application Proxies
-Proxies that only work with one or two protocols like HTTP, HTTPS, or FTP
Copper Patch Panel
-Punch down on one side, RJ-45 connector on the other
Your company has just installed a new web server that will allow inbound connections over port 80 from the internet while not being able to accept any connections from the internal network. You have been asked where to place the web server in the network architecture and how to configure the ACL rule to support the requirements. The current network architecture is segmented using a firewall to create the following three zones: ZONE INTERFACE IP address PUBLIC eth0 66.13.24.16/30 DMZ eth1 172.16.1.1/24 PRIVATE eth2 192.168.1.1/24 Based on the requirements and current network architecture above, what is the BEST recommendation?
-Put the server in the DMZ with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server's IP -Since the new web server needs to not allow traffic from the internal network (PRIVATE), you should place it in the DMZ. Then, you should add an ACL entry to the firewall that allows traffic from eth0 (PUBLIC, the internet) to the server's IP within the DMZ (eth1). Most firewalls utilize an implicit deny policy, so all other ports from the eth0 will be blocked, as well as all ports from eth2.
Toner Probe
-Puts an analog sound on the wire -Inductive probe doesn't need to touch the copper
Coaxial Cables
-RG-6 used in television and high speed internet over cable -RG-59 used as patch cables, not designed for long distances
An administrator notices an unused cable behind a cabinet that is terminated with a DB-9 connector. What protocol was MOST likely used on this cable?
-RS-232 -RS-232 is a standard for serial communication transmission of data. It formally defines the signals connecting between a DTE (data terminal equipment) such as a computer terminal, and a DCE (data circuit-terminating equipment or data communication equipment).
Sarah connects a pair of switches using redundant links. When she checks the status of the links, one of them is not active, even when she changes ports. What MOST likely disabled the redundant connection to the other switch?
-RSTP 802.1w -STP 802.1D -The purpose of spanning tree is to verify no loops exist in the network. If something isn't working, it's possibly because the switch detects that there's a loop in the redundant connections.
Which type of equipment should be used for telecommunications equipment and have an open design?
-Rail racks -The 2/4 post racks are open framed which are most common with telecommunication equipment.
A company is setting up a brand new server room and would like to keep the cabling infrastructure out of sight but still accessible to the network administrators. Infrastructure cost is not an issue. Which of the following should be installed to meet the requirements? Conduit Cable Trays Patch Panels Raised Floors
-Raised Floor -Raised floors allow the cabling to be placed under the floor, but still accessible to the network administrators.
Distributed Switching
-Removes physical segmentation with a VLAN distributes across all physical platforms
NDP (Neighbor Discovery Protocol)
-Replaces IPv4 ARP for IPv6 -Added in ICMPv6 -NS (Neighbor Solicitation) is sent out via multicast -NA (Neighbor Advertisement) responds to the NS
A network architect is designing a highly-redundant network with a distance vector routing protocol in order to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize?
-Route poisoning -The Route poisoning setting in Cisco's Split Horizon is what prevents routing loops and shows the failed routes.
Distance-vector routing protocols
-Routing based on how many hops it takes -Hops are the distance -Very little configuration -Good for smaller networks, doesn't scale well
Dynamic Routing
-Routing tables updated in real time -Advantages, no manual calculations, new routes populate automatically, very scalable -Disadvantages, router overhead required, requires initial configuration
Dual-stack routing
-Running both IPv4 and IPv6 at the same time -Interfaces will be assigned multiple address types
A network administrator has determined that the ingress and egress traffic of a router's interface are not being correctly reported to the monitoring server. Which of the following can be used to determine if the router interface uses 64b vs 32b counters? SNMP walk Packet Analyzer Syslog Server Port Scanner
-SNMP walk -SNMPWalk can be used to determine if the counter is using 32 bits or 64 bits by querying the OID of the endpoint (router interface). This is a complex topic that is actually beyond the scope of the Network+ exam (how to use SNMPWalk), and usually serves as a type of in-depth question that CompTIA might ask to determine if a candidate has actual real-world experience in networking or just studied from a textbook. Some instructors like to claim that CompTIA uses these types of questions to determine if someone is cheating, because only people who studied from a "brain dump" are likely to get this question correct! The reason you are seeing this type of question is to remind you that it is ok if you don't know all the answers on test day. Just take your best guess, and then move on!
You are setting up uplink ports for multiple switches to communicate with one another. All of the VLANs should communicate from the designated server switch. Which of the following should be set on the uplink ports if VLAN 1 is not the management VLAN?
-STP -Setting STP on the uplink ports will ensure that loops are not created.
Network / Port Scanner
-Scan for open ports and IP addresses -Visually map the network -Rogue system detection
NAC (Network Access Control)
-Second layer of authentication that will ensure that the proper security measures are in use on a device before authenticating it. -Essentially an attempt at unifying endpoint security
You are working as a forensic investigator for the police. The police have a search warrant to capture a suspect's workstation as evidence for an ongoing criminal investigation. As you enter the room with the policeman, he arrests the suspect and handcuffs him. What should you do FIRST?
-Secure the area -As a forensic investigator, you should always 'secure the area' before you take any other actions. This includes ensuring that no other people are in the area to disrupt your forensic collection (such as the suspect or their accomplices), ensuring the workstation isn't unplugged from the network or the power, and other actions to prevent the evidence from being tampered with.
WPA (Wi-Fi Protected Access)
-Security protocol used to replace very holey WEP -Made as a short term successor between WEP and the next technology
Light Meter
-Send a light from one side -Measure the light power on the other
RS-232
-Send data one bit at a time -Have a D shape connector -A standard port recommended by the Electronics Industry Association for serial devices.
iSCSI (Internet Small Computer Systems Interface)
-Sends SCSI commands over an IP network -Created by IBM and CISCO -Makes remote disks look and operate like a local disk
Wireless Deauthentication Attacks
-Sends a management frame forcing a user to sign back in -At this time the connecting client's authentication packet is captured -AircrackNG is a good tool for this
A technician has finished configuring AAA on a new network device. However, the technician is unable to log into the device with LDAP credentials but is able to do so with a local user account. What is the MOST likely reason for the problem?
-Shared secret key is mismatched -AAA through RADIUS uses a Server Secret Key (a shared secret key). A secret key mismatch could cause login problems.
Multi-mode Fiber
-Short-range communication, Up to 2 km
Latency and Jitter Signal Issues
-Slower data rates -Increase in retransmissions -Capacity issues -Many people using the same wireless frequencies
Phishing
-Social engineering to get someone to do something through email -Open a malicious attachment or website.
CASB (Cloud Access Security Broker)
-Software that sits between cloud service users and cloud applications to monitor all activity and enforce security policies
Incorrect Time
-Some cryptography is very time sensitive, AD requires all clocks to be within 5 minutes of each other. -Could screw up Kerberos -Configure NTP port 123 on all devices
WAP Security Type Mismatch
-Some devices may be across WPA1, WPA2 and WEP -Should switch all devices over to one standard, WPA2, most devices use this now.
FIM (File Integrity Monitoring)
-Some files change all the time and some never change -Important to keep track of when files are changed that should not have been.
Fibre Channel (FC)
-Specialized high speed topology for connecting servers to storage -Gigabit speeds through copper and fiber
Main Aspects of Switch Configuration
-Speed and Duplex -IP address management
Cat 3 cable
-Standard: 10BASE-T -Maximum Supported Distance: 100 meters
Cat 6
-Standard: 10GBASE-T -Maximum Supported Distance: 55 meters
The Chief Information Officer (CIO) wants to improve the security of the company's data. Which management control should be implemented to ensure employees are using encryption to transmit any sensitive information over the network?
-Standards -Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security or VPN access), while the standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of standards.
DHCP Process
-Step 1 DHCPDISCOVER, Client to DHCP Server Find all of the available DHCP Servers -Step 2 DHCPOFFER, DHCP Server to client Send some IP address options to the client -Step 3 DHCPREQUEST, Server Client chooses an offer and makes a formal request -Step 4: DHCPACK - DHCP Server to client DHCP server sends an acknowledgement to the client
What type of cable would you use to connect a router to a switch?
-Straight-through -When connecting switches to routers, you can just use a straight-through cable because switches are DCE and routers are DTE devices. When you connect a (switch/hub) to a (switch/hub), you need a crossover. If you connect a (switch/hub) to a (router/computer), you need a straight through. If you connect a (router/computer) to (router/computer), then you need a crossover. If this was a real question on the exam, you would have the words provided in a list, and you would drag them below the appropriate drawing.
The administrator modifies a rule on the firewall and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager's inquiry, what did the administrator forget to do first?
-Submit a change request -A change request should be submitted through the change management process prior to any changes being made.
Bridge
-Switch with two to four ports -Connects different physical networks -Gets around physical network size limitations
There are two switches connected using both a CAT6 cable and a CAT5e cable. Which type of problem might occur with this setup?
-Switching loop -A switching loop is when there is more than one Layer 2 path between two endpoints. This can be prevented by using the STP (Spanning Tree Protocol).
LDAP (Lightweight Directory Access Protocol)
-TCP 389, 636 -Secure protocol for reading and writing directories on a network uses the X.500 written by the international telecommunications union.
TACACS (Terminal Access Controller Access-Control System)
-TCP/UDP 49 -Created to control access to dial_up lines to ARPANET
ACL (Access Control List)
-Table that tells a computer operating system which access rights an entity has -Can be for network traffic or user access
traceroute - determine the route a packet takes to a destination
-Takes advantage of ICMP Time to Live Exceeded error message -Not all devices will reply with ICMP Time Exceeded messages traceroute <ip address>
Loop Protection
-Technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA).
Ephemeral Ports
-Temporary ports from 1024 - 65535 -Determined in real-time by clients
ICMP (Internet Control Message Protocol)
-Text messaging for network devices -An error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets -Does not use ports
OSI Layer 7
-The Application Layer -The layer we see, HTTP, FTP, DNS, POP3
BSSID (basic service set identifier)
-The BSSID is the MAC address of the wireless access point (AP).
802.16
-The IEEE standard for broadband wireless metropolitan area networking (also known as WiMAX). -A series of wireless broadband standards
DNS (Domain Name System)
-The Internet's system for converting alphabetic names into numeric IP addresses
OSI Layer 3
-The Network Layer -Routing layer using IP -Layer 3 switches are routers
OSI Layer 6
-The Presentation Layer -Character Encoding, application encryption -Typically combined with Layer 7
OSI Layer 5
-The Session Layer -Communication management between devices, start stop, restart -Controls and tunneling protocols
OSI Layer 4
-The Transport Layer
Barbara, an employee, has properly connected her personal wireless router to a network jack inside her office. The router is unable to get a DHCP address even though her corporate laptop can get a DHCP address when connected to the same jack. Barbara checked the router's configuration to ensure it is setup to obtain a DHCP address. Which of the following is the MOST likely reason that the router is not getting a DHCP address?
-The administrator has implemented a feature that only allows whitelisted MAC addresses to connect to the network. -Whitelisting specific MAC addresses is a security measure implemented by the administrator in order to grant access to a specific user only. It avoids a person with malicious intention to access the corporate network. Since the router has a different MAC address, it is being blocked from connecting to the wired network.
An administrator has a physical server with a single NIC. The administrator intends to deploy two virtual machines onto a single physical server. Each virtual machine needs two NICs, one that connects to the network, and a second that is a server to server heartbeat connection between the two virtual machines. After deploying the virtual machines, what should the administrator do to meet the requirements?
-The administrator should create a virtual switch to bridge all of the connections to the network; the virtual heartbeat NICs should be set to addresses in an unused range -By bridging all of the connections to the network, it allows for faster communication between the virtual machines (hosts). The heartbeat is set on unused address range in order to ensure there is no chance of data collision or loss of signal.
Plenum Space and Rating
-The air circulation areas of buildings -Plenum rated cables are cables going in the plenum that do not produce toxic fumes when burnt -FEP and PVC cable housing are Plenum rated.
FQDN (Fully Qualified Domain Name)
-The host name combined with the host's domain name -Name that specifies its exact location in the tree hierarchy of the Domain Name System -Specifies the top-level domain and the root zone
UC (Unified Communication)
-The integration of communication channels into a single service -PBX in the cloud -Can have 4 kinds of communication, Analog, Digital, VoIP and SIP -Can have 4 kinds of communication, Analog, Digital, VoIP and SIP -Must then use a TSP or ISP to connect to PSTN -Delivers multiple stations for 1 trunk line
MAC Address (Media Access Control)
-The physical address of a network adapter -Unique to a device -48 bit/ 6 bytes long
Demarcation Point
-The point of connection between you and your ISP -Is often a box on the side of your house with an RJ-45
A user has installed a new wireless printer on the network. The user cannot get it connected to the Internet, but can print locally. All other office users can reach the Internet, but cannot connect to the new wireless printer. All users are wireless in this part of the office. What MOST likely has occurred?
-The printer is most likely in ad-hoc mode, which is also known as IBSS. In this type of network, devices talk directly to each other but have no connection outside of this "self-created" network.
Double Tagging
-The process of adding two or more tags to a payload to get your packets access to other VLANs -Everytime you pass through a VLAN that segment of the VLAN tag is taken off, so its a 1 way deal unless you successfully get another computer to do it back.
Incorrect Antenna Type
-The right antenna must be placed in the right area according to the type of room. -Issues caused can be slow throughput
DTE (Data Terminal Equipment)
-The router device ADD MORE
A technician installs three new switches to a company's infrastructure. The network technician notices that all the switch port lights at the front of each switch flash rapidly when powered on and connected. Additionally, there are rapidly flashing amber lights on the switches when they started up the next day. What is happening to the switches?
-The switches are running through their spanning tree process -The switches use the spanning tree process to ensure no routing loops will occur.
Transceiver Mismatch Troubleshooting
-The transceivers have to match the fiber, for example a single mode transceiver must connect to a single mode fiber. -The transceiver wavelength must match, 850nm, 1310nm, etc. -Must use the correct transceivers and optical fiber the entire link. -For signal loss you may be getting dropped or missed frames.
802.11n
-The update to 802.11g, 802.11b and 802.11a -Operates at 5GHz and 2.4GHz -600 Mbit/s -MIMO with 4 antennas -20, 40MHz
Bottleneck Identification
-There are a ton of different performance metrics like CPU, I/Os, storage read/write -All must be monitored to find the slowest one
APIPA Address
-These addresses start with 169.254.*.*
Decibels (dB)
-These are signal strength ratio measurements, one tenth of a bell -Goes on a logarithmic scale +3 dB = 2x the signal +10 dB = 10x the signal +20 dB = 100x the signal +30 db = 1000x the signal
DMZ (Demilitarized Zone)
-This acts as an additional layer of security between the intranet and the internet -A network perimeter that exposes an organizations intranet network to the internet
Port Security
-This can alert or disable a port if MAC address isn't cleared. -Configure how many MACs can go through a port and disable the port if need be.
Proxies
-This device sits between users and external network -Receives the user requests and sends the request on their behalf (proxy)
Untrusted SSL Certificate
-This happens when you got to check the issuing organization for an SSL certificate and it comes back as negative. -Check the certificate for an issuing CA and compare it with the CA on your computer
EAP (Extensible Authentication Protocol)
-This is a basic request/response protocol framework over which we implement a specific authentication algorithm. -Many protocols work using this framework.
Signal Attenuation
-This is a general term that refers to any reduction in the strength of a signal. Can be measured with a Wi-Fi analyzer. -Think of the inverse square law.
HIDS (Host-based Intrusion Detection System)
-This is an intrusion detection system based on the host system. -Snort is a dedicated one of these -Splunk or another SIEM can be set up to work like one of these
Reversing Transmit and Receive troubleshooting
-This is due to a wiring mistake with the cable ends and punch downs, must have proper wiring map. -Some network interfaces will be able to correct it via Auto-MDIX
HSRP (Hot Standby Router Protocol)
-This is exclusive to Cisco and allows a default (virtual) router address to be configured to be used in the event that the primary router fails. -Using multiple routers to service a default gateway address -Essentially a backup default gateway to be defined -Used for high availability fault tolerance
Network Socket
-This is one endpoint of a two-way communication link between two programs running on the network. -It is bound to a port number so that the transport layer can identify the application that data is destined to be sent to.
Device Hardening
-This is required because no system is secure with default configurations -Hardening guides are specific to the software and platform.
NAC (Network Access Control)
-This is the idea that you do not get access until you authenticate. -Can be any number of things physical or even your location, or something you do. -Duplicate MAC address checking - Stop the spoofers
Signal to Noise Ratio
-This is the ratio between your signal coming through and the interference with your signal created by the signals and devices of other networks. -You want a very large ratio, a ratio of 1:1 is bad.
Native VLAN
-This is the untagged VLAN on a switch that will automatically receive all untagged frames. Options for native VLANs vary according to the switch manufacturer and model. -Important to change the native VLAN #
Signal Refraction
-This is when a signal will pass through an object and exits at a different angle. -Data rates are affected and the signal is less directional.
T1 (T Carrier Level 1)
-Time division multiplexing for NA, Japan and SK 24 Channels, 64k/bits per channel -Very old
T1 (T Carrier Level 1)
-Time division multiplexing for NA, Japan and SK 32 Channels, 64k/bits per channel -Very old
Latency
-Time it takes for a bit to travel from its sender to its receiver. -Essentially a delay between the request and the response, the waiting time.
Incorrect Cable Type Troubleshooting Interfaces
-To troubleshoot this you will go through each interface looking for errors. -You will have to verify the configurations (speed, duplex, VLAN etc) -You will have to verify two-way traffic
Fiber Communication
-Transmission by light of the visible spectrum -No RF signal, very difficult to monitor or tap -Signal slow to degrade
Omnidirectional Antennas
-Transmit and receive signals in all directions at the same time. -Makes a tauroidal coverage
Transceiver
-Transmitter and receiver in single component -Provides a modular interface
TCP and UDP
-Transported inside IP protocol -Two different ways to move data -Makes up OSI Layer 4
MTU Troubleshooting
-Troubleshoot using ping, ping with DF and force a maximum size of 1472 bytes -Windows: ping -f -l 1472 8.8.8.8
Troubleshooting Crosstalk
-Troubleshooting this you will always find it is a wiring issue, check the crimp. -Maintain your twists. -Cat 6A increases cable diameter, so increased distance between pairs. -Test and certify your installation
Teredo/Miredo Tunneling
-Tunnels IPv6 through NATed IPv4 -For temporary use -Miredo is open source Teredo
NFC (Near Field Communication)
-Two way wireless communication -Used for payment systems -Bootstraps for other wireless devices, like bluetooth
Static Routing
-Type of routing used to manually specify the mappings in the routing table -Advantages, easy configuration, No CPU overhead, secure, easy to configure -Disadvantages, not scalable, no method to prevent routing loops, no automatic rerouting on outage
Which network element enables unified communication devices to connect to and traverse traffic onto the PSTN?
-UC gaetway -Unified Communications (UC) enables people using different modes of communication, different media, and different devices to communicate with anyone, anywhere, at any time. To accomplish this, a UC gateway is needed.
UPC vs APC Fiber
-UPC,ultra polished connector, zero angle connection, high return loss -APC, angle polished connector, ferrule end face radius, lower return loss high insertion loss
802.11g
-Upgrade to 802.11b, June 2003 -Operates at 2.4GHz range -54 Mbits/s -Backwards compatible with 802.11b and same range -20MHz
A switch technician is being tasked to centrally manage the switches and to segment the switches by broadcast domains. The corporate network is currently using VLAN 1 for all of its devices and is using a single private IP address range with a 24-bit mask. The supervisor wants VLAN 100 to be the management subnet and all switches to share the VLAN information. What option would be best to use?
-Use VLSM on the IP address range with VTP and 802.1q on their switch connections with native VLAN 100 -802.1q is the networking standard that supports VLANs and VLAN tagging. VTP is the VLAN Trunk Protocol and carries all VLAN information to all switches in a VTP domain.
RFID (Radio Frequency Identification)
-Used everywhere -Access badges, pet/animal identification, radar technology etc
TIA/EIA 568B Wiring specifics
-Used for Cat 5e,6 -Color Coding: 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown
PPP (Point to Point Protocol)
-Used to communicate with many different protocols creating a network between devices -Fully featured with compression, authentication, error detection and multilink -a data link layer (layer 2) communications protocol between two routers directly without any host or any other networking in between
ASN (Autonomous System Numbers)
-Used to control routing within a network and exchange routing info with other ISPs -A unique one of these is assigned to an IP group for use in BGP routing -Routing prefixes, which are assigned in blocks by IANA and distributed by the Regional Internet Registry (RIR).
Port Mirroring
-Used to examine a copy of traffic going through a port
ACL (Access Control List)
-Used to look at each packet and allow or deny it. -Defined on the ingress or egress of a network -They elvaluate based on the source IP destination IP, TCP port numbers, ICMP and more -Very often configured on a router
MFA (Multifactor Authentication)
-Used to make authentication more Robust, using two personal bits of information. -Can be any number of things physical or even your location or something you do -Can be expensive like hardware tokens or inexpensive like free smartphone applications.
EGP (Exterior Gateway Protocol)
-Used to route between AS -Leverages the IGP at AS to handle local routing
IGP (Interior Gateway Protocol)
-Used within a single AS (Autonomous System) -Used for exchanging routing information between gateways (commonly routers) within an AS (like a corporate network) -This routing information can then be used to route network-layer protocols like IP.
Loopback Plug
-Useful for testing physical ports -Serial, Ethernet, T1, fiber -These are not crossover cables
E3 (E Carrier Level 3)
-Uses 16 E1 circuits over coaxial cable @ 34.368 Mbits/s
T3 (T Carrier Level 3)
-Uses 28 T1 circuits over coaxial @ 44.736Mbits/s
Hybrid routing protocols
-Uses link-state and distance-vectoring, not many examples
DDoS Amplification
-Using internet protocols with light authentication to have more machines send more attacks. -Common example of protocol abuse -Bot net calls to DNS revolvers with receipt address set to the server getting DDoSed.
FCoE (Fiber Channel over Ethernet)
-Usng FC of an ethernet network -No special networking hardware needed -Not routable
Users are reporting extreme slowness across the network every Friday. What should the network technician review first to narrow down the root cause of the problem?
-Utilization -Reviewing the network utilization can help the technician identify why the slowness is being experienced every Friday, such as users placing additional load on the network by streaming videos or something similar.
A network technician needs to install a server to authenticate remote users before they have access to corporate network resources when working from home. Which kind of server should the network technician implement?
-VLAN -A remote access server is a type of server that provides a suite of services to remotely connect users to a network or the Internet. Usually this will be a RDP or VNC server.
The RAID controller on a server failed and was replaced with a different brand. What will be needed after the server has been rebuilt and joined to the domain?
-Vendor documentation -If the RAID controller fails and is replaced with a RAID controller with a different brand, the RAID will break. We would have to rebuild a new RAID disk and access and restore the most recent backup to the new RAID disk.
RADIUS (Remote Authentication Dial IN User Service)
-Very common because most OS support it. -Allows you to centralize authentication for users, the some credentials could work on routers, switches, firewalls, server authentication, and even remote VPN access. -One of the more common AAA protocols
Duplicate MAC addresses
-Very uncommon networking issue as they are designed to be unique -Probably result of a manufacturing error -Causes intermittent connectivity -Address case by case
Spectrum Analyzer
-View the frequency spectrum -Identify frequency conflicts
Wireless Packet Analysis
-View wireless information -Signal-to-noise ratio, channel information, etc
Various hypervisor guests are configured to use different VLANs in the same virtualization environment through what device?
-Virtual switch -Virtual switches can act like real switches, but are configured in the Hyper-V environment.
A company needs to implement stronger authentication by adding an authentication factor to their wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement?
-WPA2 with a complex shared key -Since the back end uses a RADIUS server for back-end authentication, the network administrator can install 802.1x using EAP with MSCHAPv2 for authentication.
DoS (Denial of Service)
-When a service is forced to fail, not necessarily malicious -Often a smokescreen for some other exploit -Takes advantage of a design failure or vulnerability
Signal Absorption
-When a signal passes through an object and loses signal strength -Different objects absorb differently in accordance with frequency and material density and composition. -Put the antennas on the ceiling to avoid going through walls.
Signal Interference
-When something else is using your same frequency to communicate, possibly overpowering your frequency. -Can be caused like thing like fluorescent lights and microwave ovens.
Exhausted DHCP Scope
-When this happens a client will receive an APIPA address for local subnet communication only. -You must check the DHCP server and add more IP address if possible -IPAM may help with this -Lower the lease time to help with this generally when there are a lot of devices going in and out of an area.
Blocked TCP/UDP ports
-When this happens you will find certain applications not working -Possible ACL or Firewall misconfiguration -Confirm packet capture with ping -Run traceroute to find the failure
SFC (System File Checker)
-Windows FIM solution
110 Block
-Wire-to-wire patch panel -Replaces the 66 Block -Wires are punched into the block -Additional wires punched into connection block, patch the top to the bottom
ANT / ANT+
-Wireless sensor network protocol -proprietary with open access -2.4GHz ISM band
TIA 568A Wiring Order
-Wiring standard -Green/White, Green, Orange/White, Blue, Blue/White, Orange, Brown/White, Brown
TIA 568B Wiring Order
-Wiring standard -Orange/White, Orange, Green/White, Blue, Blue White, Green, Brown White, Brown
ESSID (extended service set identifier)
-With one of these, a wireless network can utilize multiple wireless access points (WAPs) that can broadcast a single network name for access by the clients. -A shared MAC address between multiple APs
IaaS (Infrastructure as a Service)
-You still have to manage it and ensure security -Web server providers are an example
PAN (Personal Area Network)
-Your own private network, bluetooth, IR and NFC -Mobile phone, wireless headset -Health telemetry
Sticky MAC
-a port security feature that dynamically learns MAC addresses on an interface and retains the MAC information in case the Mobility Access Switch reboots. -an alternative to the tedious and manual configuration of static MAC addresses on a port or to allow the port to continuously learn new MAC addresses after interface-down events. Allowing the port to continuously learn MAC addresses is a security risk.
SDN (Software Defined Networking)
-enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring -more like cloud computing than traditional network management -Centrally managed from single pane of glass -Agile and dynamic
A network technician determines that two dynamically-assigned workstations have duplicate IP addresses. What command should the technician use to correct this issue?
-ipconfig/release; ipconfig/renew -The first thing to do is to release that IP address using the command ipconfig /release. Next, the technician should dynamically assign another IP address using the command ipconfig /renew.
eDiscovery
-the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
.128
/25
.192
/26
.224
/27
.240
/28
.248
/29
.252
/30
IPv6 Loopback Address
0:0:0:0:0:0:0:1, also expressed as ::1
DNS Resolution Process
1 - Request sent to local name server 2 - Name server queries root server 3 - Root response sent to local name server 4 - Name server queries .com name server 5 - .com Response sent to local name server 6 - Name server queries specific domain server 7 - Domain server responds to name server 8 - Name server provides result to local device 9 - Answer is cached locally
T1 /PRI line speed
1.544 Mbps
Registered Ports
1024 - 49151
Registered Ports
1024-49151
An administrator is upgrading the switches in the server room to support 10 Gbps of throughput. The switch will need to take advantage of the existing CAT6a lines that run to each server. What Ethernet standard should be used? 10GBaseSW 10GBaseFX 10GBaseT 10GBaseSR
10GBaseT CAT6a can reach speeds of 10 Gbps over 10GBaseT cables. The other cables listed are all fiber cables, and not CAT6a.
IPv4 Loopback Address
127.0.0.1
BRI line speed
128 kbs with a 16kbs control line
A company has a network with three switches, each one with eight ports. The switches are connected to a router that has a hub with four computers plugged into its interface ports. How many broadcast domains are in this network? 16 5 2 1 28
2 A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments. Routers break up broadcast domains, therefore there are two broadcast domains in this network - one for each side of the router (three switches in one and the hub in the second).
A network administrator needs to allow employees to upload files to a remote server. What port should be allowed through the firewall? 20 161 21 23
21 Port 21 or FTP (File Transfer Protocol) is used to transfer files between computers and servers. If you needed to use secure file transfer, you would use port 22 (SFTP).
Host1's application generates a payload of 2500 bytes of data and sends it to Host2. When the application on Host2 receives the payload it will be: more than 2500 bytes due to encapsulation less than 2500 bytes due to decapsulation 2500 bytes in size
2500 bytes in size The payload is the data to be transmitted. The extra pieces added or removed during encapsulation are in addition to this payload size.
/16
255.255.0.0 // 65536 addresses per subnet
/18
255.255.192.0 // 16384 addresses per subnet
/19
255.255.224.0 // 8192 addresses per subnet
/20
255.255.240.0 // 4096 addresses per subnet
/21
255.255.248.0 // 2048 addresses per subnet
/22
255.255.252.0 // 1024 addresses per subnet
/23
255.255.254.0 // 512 addresses per subnet
/24
255.255.255.0 // 256 addresses per subnet
/25
255.255.255.128 // 128 addresses per subnet
/26
255.255.255.192 // 64 addresses per subnet
/27
255.255.255.224 // 32 addresses per subnet
/28
255.255.255.240 // 16 addresses per subnet
/29
255.255.255.248 // 8 addresses per subnet
/30
255.255.255.252 // 4 addresses per subnet
BRI aka
2B+D aka
E1 line speed
2Mbps
E3 line speed
34 Mbps
Dynamic Ports
49152 - 65535
Dynamic Ports
49152-65535
An organization is required to implement a wireless network. The organization must implement wireless routers compatible with 802.11ac protocol that have maximum possible range. What wireless router frequency is a viable option? 2.4GHz 5.0GHz 6.0GHz 3.7GHz
5.0GHz Wireless AC uses 5.0 GHz for wireless transmission, whereas Wireless B/G uses 2.4 GHz.
MMF vs SMF (Multimode Fiber vs Single Mode Fiber distance)
500 meters vs 60 miles before repeater
T2 line speed
6.312Mbps
A company has decided to upgrade its legacy phone system to VoIP. The new phones will download the configurations from a TFTP server each time they boot up. What firewall port must be opened to ensure the phones can communicate with the server? 53 161 20 69
69 TFTP uses port 69 to communicate.
E2 line speed
8.45Mbps
What should a technician upgrade to if the existing wireless standard only allows for three non-overlapping channels and more non-overlapping channels are needed? 802.1q 802.11g 802.11n 802.11b
802.11n Wireless b and g only support 3 non-overlapping channels (1, 6, 11), but Wireless n supports 5 GHz spectrum which provides dozens of non-overlapping channels.
BPDU guard
A Cisco switch feature that listens for incoming STP BPDU messages, disabling the interface if any are received. The goal is to prevent loops when a switch connects to a port expected to only have a host connected to it.
pathping
A TCP / IP command that provides information about latency and packet loss on a network.
A new network administrator is hired to replace a consultant that has been running the network for several months and whose contract was just cancelled. After a month of working on the network, the new network administrator realized there are some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem? A backdoor has been installed to access the network TACAS/RADIUS misconfiguration is causing logs to be erased The last ACL on the router is set to Deny All ICMP ping of death is resetting DHCP and DNS on the server
A backdoor has been installed to access the network A hacker or the previous administrator (consultant) left a piece of software or an SSH protocol to be able to allow themselves access to the network in order to change the server settings. The consultant may be disgruntled that their contract was cancelled and that the new network administrator was hired to replace them.
IDF (Intermediate Distribution Frame)
A cable rack that interconnects and manages the telecommunications wiring between an MDF and workstation devices.
route (command)
A command used to display routing tables and modify static routes on a Windows system.
arp (command)
A command used to interact with the arp table.
NIC (Network Interface Controller)
A component that connects a computer to a computer network.
DSU (Data Service Unit)
A device used in T-carrier technology that converts T-carrier frames into frames the LAN can interpret and vice versa.
ISDN (Integrated Services Digital Network)
A digital circuit switching technology that carries both voice and data.
VLAN Pooling
A feature on wireless controllers that groups multiple VLANs into a single VLAN group, or pool, and then dynamically assigns wireless clients to each successive VLAN in the pool.
DMZ (Demilitarized Zone)
A firewall configuration for securing local area networks (LANs). In a DMZ configuration, there are a set of computers that act as a broker for traffic between the LAN and an outside network allowing the majority of computers to run safely behind a firewall. Thus these computers act as a broker similar to a joint security area in a political demilitarized zone.
MAC filtering
A method used to filter out which computers can access the wireless network; the WAP does this by consulting a list of MAC addresses that have been previously entered.
What requires the network administrator to schedule a maintenance window? A minor release upgrade of a production router a major release upgrade of a core switch in a test lab when a company-wide email notification must be sent
A minor release upgrade of a production router During an update of a production router, the router would not be able to route packages and the network traffic would be affected. It would be necessary to announce a maintenance window. A maintenance window is a period of time designated in advance by the technical staff, during which preventive maintenance that could cause disruption of service may be performed.
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.
Patch Cable
A relatively short section (usually between 3 and 25 feet) of cabling with connectors on both ends.
IPSec (Internet Protocol Security)
A set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption.
Service Pack
A set of patches for a microsoft windows machine.
Syslog
A standard for message logging, usually integrated into a SIEM.
A home user reports to a network technician that the Internet is slow. The network administrator discovers that multiple unknown devices are connected to the access point. What is MOST likely the cause? an evil twin was implemented The user is connected to a botnet A successful WPS attack has occurred The user is experiencing ARP poisoning
A successful WPS attack has occurred Successful WPS attacks happen when the default username/password etc. has not been changed or reconfigured on the router. If your default username/password hasn't been changed, anybody can get into the settings and open the network. This is why additional unknown devices are on the network.
Out-of-Band Management
A switch management option that provides on-site infrastructure access when the network is down or complete remote access in cases of connectivity failures on the network, such as via a cellular signal, in order to interface with a switch.
NIDS (Network-based Intrusion Detection System)
A type of intrusion detection that protects an entire network and is situated at the edge of the network or in a network's protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns.
Hybrid Network Topology
A type of network topology that uses two or more differing network topologies. These topologies can include a mix of bus topology, mesh topology, ring topology, star topology, and tree topology.
WPS (Wi-Fi Protected Setup)
A user-friendly—but not very secure—security setting available on some consumer-grade APs. Part of the security involves requiring a PIN in order to access the AP's settings or to associate a new device with the network. The PIN can be easily cracked through a brute force attack, so this PIN feature should be disabled if possible.
SNMP (Simple Network Management Protocol)
v1 no encryption, one request v2 no encryption, many requests v3 encryption, many requests
A network technician has just run a new point-to-point fiber link between two local routers. After the fiber has been plugged in on both ends, the interface will not come up. The network technician has double-checked the interface configuration on both routers, both SFPs have been hard-looped to confirm they are functioning, connectors on both ends of the links have been cleaned, and there is sufficient power. What is the cause of the problem? Duplex mismatch Wrong IP address Wavelength mismatch Distance limitations
wavelength mismatch Wavelength mismatch is when two different transmitters at each end of the cable have either longer or shorter wavelengths. Both transmitters have to be identical on each end of the cable.
ATM (Asynchronous Transfer Mode)
• A common protocol transported over SONET • 53-byte "cells" spaced evenly apart • 48-byte for data, 5-byte routing header • High throughput, real-time, low latency • Data, voice, and video • Max speeds of OC-192 • Limits based on segmentation and reassembly (SAR)
DMVPN (Dynamic Multipoint VPN )
• Common on Cisco routers • Your VPN builds itself • Remote sites communicate to each other • Tunnels are built dynamically, on-demand • A dynamic mesh
SIP trunking
• Control protocol for VoIP • Traditional PBX connectivity uses T1/ISDN • 23 voice channels, 1 signaling channel • When the lines are full, you get a busy signal • SIP trunking • Use SIP/VoIP to communicate to an IP-PBX provider • More efficient use of bandwidth • Less expensive than ISDN lines
Cisco Hierarchical Model
Access Layer - provides network access for workgroups and users Distribution Layer - Provides policy based connectivity and controls the boundary between the access and core layers Core Layer - provides fast transport between distribution switches within the business campus.
ANSI/TIA/EIA 606
Administrative standard for telecommunications infrastructure of a commercial building, standardizes labels reports, drawings, and work others. Wires could be color coded, bar coded etc.
EIGRP (Enhanced Interior Gateway Routing Protocol)
Advanced Distance Vector Routes IP, IPX, Decnet, Appletalk Routing Advertisements: Partial When Route Changes Occur Metrics: Bandwidth, Delay, Reliability, Load, MTU Size Hop Count: 255 Variable Length Subnet Masks Summarization on Network Class Address or Subnet Boundary Load Balancing Across 6 Equal or Unequal Cost Paths (IOS 11.0) Timers: Active Time (180 sec) Metric Calculation = destination path minimum BW * Delay (msec) * 256 Split Horizon LSA Multicast Address: 224.0.0.10
OSI Layer Mnemonics
All People Seem To Need Data Processing All(Application) People(Presentation) Seem(Session) To(Transport) Need(Network) Data(Data Link) Processing(Physical)
What happens when convergence on a routed network occurs? all routers use route summarization All routers have the same routing table All routers learn the route to all connected networks all routers are using hop count as the metric
All routers learn the route to all connected networks Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers are said to have converged. In other words: In a converged network, all routers "agree" on what the network topology looks like.
PPPoE (Point-to-Point Protocol over Ethernet)
• Encapsulate point-to-point protocol over Ethernet • Common on DSL networks • Easy to implement • Support in most operating systems • No routing required • Similar to existing dialup architecture • Once connected, data is switched to the appropriate ISP
MDF (Main Distribution Frame)
Also known as the main cross connect, the first point of interconnection between an organization's LAN or WAN and a service provider's facility.
BRI (Basic Rate Interface)
An ISDN digital communications line that consists of three independent channels: two B channels each at 64 Kbps and one D channel at 16 Kbps. ISDN BRI is often referred to as 2B+D. See also ISDN and PRI.
Captive Portal
An AP that requires users to agree to some condition before that can use the network / internet has one of these.
ARP Poisoning
An attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to the attacker's machine
Rogue Access Point
An unsecure access point in your environment. The best way to prevent this is using RADIUS.
What is MOST likely to use an RJ-11 connector to connect a computer to an ISP using a POTS line? Analog modem Access point Multilayer switch docsis MODEM
Analog modem An analog modem is a device that converts the computer's digital pulses to tones that can be carried over analog telephone lines, and vice versa. The other type of Internet connection that occurs over an RJ-11 (phone line) is DSL.
A system administrator wants to verify that external IP addresses are unable to collect software versioning from servers on the network. What should the system administrator do to confirm the network is protected? Analyze packet captures Utilize netstat to locate active connections Use nmap to query known ports Review the ID3 logs on the network
Analyze packet captures Captured packets show you the information that was travelling through certain files, etc. Packet sniffers detail the information they've received, so working through those would show if the external network shows or details software versions.
Copper Networking (WAN Transmission Medium)
• Extensive installations • Relatively inexpensive, • Easy to install and maintain • Limited bandwidth availability • Physics limits electrical signals through copper • Wide area networks • Cable modem, DSL, T1/T3 local loop • Often combined with fiber • Copper on the local loop, fiber in the backbone
A firewall technician configures a firewall in order to allow HTTP traffic as follows: Source IP Zone Dest IP Zone Port Action Any Untrust Any DMZ 80 Allow The organization should upgrade to what technology to prevent unauthorized traffic from traversing the firewall? HTTPS Application aware firewall Stateless packet inspection IDS
Application aware firewall Application aware firewall can analyze and verify protocols all the way up to layer 7 of the OSI reference model. It has the advantage to be aware of the details at the application layer. Since we desired to allow HTTP traffic, we must deal with the traffic at the application layer.
DSU (Data Service Unit)
At the demarc this will connect with the interior router.
CSU (Channel Service Unity)
At the demarc, this will connect with the exterior ISDN line.
AAA Framework
Authentication, Authorization, and Accounting
Fiber (WAN Transmission Medium)
• High speed data communication - Frequencies of light • Higher installation cost than copper • Equipment is more costly and more difficult to repair • Communicate over long distances • Large installation in the WAN core • Supports very high data rates • SONET, wavelength division multiplexing • Fiber is slowly approaching the premise • Business and home use
Satellite networking (WAN Transmission Medium)
• Non-terrestrial communication • 15 Mbit/s down, 2 Mbit/s up • High latency • High frequencies - 2 GHz • Used for very remote sites
Frame Relay
• One of the first cost-effective WAN types • Departure from circuit-switched T1s • LAN traffic is encapsulated into frame relay frames • Frames are passed into the "cloud" • Magically appear out the other side • Usually 64 Kbits/s through DS3 speeds • Effectively replaced by MPLS • And other WAN technologies
A company wants to create highly-available datacenters. What will allow the company to continue to maintain an Internet presence at all sites in the event that a WAN circuit at their own site goes down? VRRP Load Balancer OSPF BGP
BGP If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available.
SLA (Service License Agreement)
By a contracted company says how long what systems will be out
Opens and Shorts
Causes of this -two connections could be touching -There may be a break in the connection -Interruption could be intermittent.
tcpdump
Command to capture packets.
traceroute (UNIX) or tracert (Windows) or pathping (Windows)
Command to determine the route a packet takes to a destination.
netstat
Command to display network statistics
ping
Command to test reachability
iptables
Command used to help define packet filtering/firewalls on a linux machine
nslookup and dig
Command used to lookup information from the DNS servers
ipconfig and ifconifg
Command used to view and manage IP configuration
Load Balancing
Concept of distributing computations among infrastructure. Can be used to ensure redundancy so that if an active server fails, one on standby is made to take its place, like a hoplite in a phalanx.
Generating New Keys
Concept of generating new keys: -Important to update or change the keys during installation, should have a formal policy for this. -Encryption keys for secure protocols are managed on the device
Fault Tolerance
Concept referring to the maintenance of uptime in event of failure. Redundancy is the main method to achieve it, so if one device fails, will fail over to the next device
What is used to proxy client requests for IP configurations across different network segments? DHCP relay teredo tunneling SOCKS reverse proxy
DHCP relay A DHCP client is an Internet host using DHCP to obtain configuration parameters such as an IP address. A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet.
Signal Latency
Delays between transmission and reception
BGP (Border Gateway Protocol)
Destination IP Address / Subnet Mask AS-Path Next Hop IP Address
Signal Jitter
Deviation from a predictable data stream
IGRP (Interior Gateway Routing Protocol)
Distance Vector Routes IP, IPX, Decnet, Appletalk Routing Table Advertisements Every 90 Seconds Metric: Bandwidth, Delay, Reliability, Load, MTU Size Hop Count: 100 Fixed Length Subnet Masks Summarization on Network Class Address Load Balancing Across 6 Equal or Unequal Cost Paths ( IOS 11.0 ) Metric Calculation = destination path minimum BW * Delay (usec) Split Horizon Timers: Invalid Timer (270 sec), Flush Timer (630 sec), Holddown Timer (280 sec)
ADSL line speed
Download - 5-35 Mbps Upload - 1-10 Mbps
A company suffers an outage due to a bad module in a core switch. What is the FIRST step to conduct in troubleshooting? Establish a theory, identify the problem, duplicate the problem, test the theory, and repeat gather information, start at the top of the OSI model, and work down Establish a plan of action to solve the problem Gather information, start at the bottom of the OSI model, and work up.
Establish a plan of action to solve the problem The first step is to establish a plan of action to resolve the problem and identify potential effects.
802.3 technologies
Ethernet based technologies
MFA SomewhereYou Are
Examples of this are a -Factor based on your location -An IP address
MFA Something You Do
Examples of this are a -Handwriting analysis -Typing techniques, delays between keystrokes (everyone has a unique profile for this)
MFA Something You Have
Examples of this are a -Smart card -USB Token -Hardware or software tokens -Difficult to change
MFA Something You Know
Examples of this are a -Password -PIN -Pattern
Common Secure Protocols
Examples of this include: -SSH -SFTP -SNMPv3 -TLS/SSL -IPsec
.11110000.00000000/20 Networks 16 - Host 4096
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.240.0
.11111000.00000000/21 Networks 32 - Host 2046
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.248.0
.11111100.00000000/22 Networks 64 - Host 1022
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.252.0
.11111110.00000000/23 Networks 128 - Host 510
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.254.0
.00000000 - /24 - Networks 1 - Hosts 254
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.0
.10000000 - /25 - Networks 2 - Hosts 126
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.128
.11000000 - /26 - Networks 4 - Hosts 62
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.192
.11100000 - /27 - Networks 8 - Hosts 30
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.224
.11110000 - /28 - Networks 16 - Hosts 14
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.240
.11111000 - /29 - Networks 32 - Hosts 6
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.248
.11111100 - /30 - Networks 64 - Hosts 2
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.252
.11111110 - /31 - Networks 128 - Hosts 1
Express this subnet mask in binary, slash notation and give the number of subnets formed along with each's number of host 255.255.255.254
A network technician is replacing a client's security devices which protect their DMZ. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application. What is likely misconfigured and causing a problem? DNS Firewall DHCP Content filter
Firewall A firewall is an integral part of a DMZ. If configured correctly, it can regulate exactly what traffic and users are allowed to access the server. This is different from a content filter because a content filter simply denies traffic to a user based on content, but not access to a server. If the firewall ruleset was not configured to allow external users to access the application remotely, the default condition is to "deny by default".
Physical Network Maps
Follows physical wires of a device, outlining exactly what machines are connected to what.
ADSL (Asymmetric Digital Subscriber Line)
Fully digital, dedicated connection to the telephone system that provides average download speeds of 3-15 Mbps and upload speeds of 384 Kbps to 15 Mbps. Asymmetric identifies that upload and download speeds are different, with download usually being significantly faster than upload.
Which of the following would be the BEST addition to a business continuity plan to protect the business from a catastrophic disaster such as a fire, tornado, or earthquake? Hot sites or cold sites UPS and battery backups building generator Fire suppression system
Hot sites or cold sites Although all answers are adequate suggestions to aid in business continuity, the addition of a hot or cold site is the BEST option. A hot or cold site is a commercial service that provides all equipment and facilities to allow a computer or networking company to continue operations in the event of a catastrophic event. In the case that the building has been destroyed, the hot/cold site is the only option that will allow the business to continue their operations effectively.
126 hosts
How many hosts per subnet can you have in a /25 network?
62 hosts
How many hosts per subnet can you have in a /26 network?
30 hosts
How many hosts per subnet can you have in a /27 network?
14 hosts
How many hosts per subnet can you have in a /28 network?
6 hosts
How many hosts per subnet can you have in a /29 network?
2 hosts
How many hosts per subnet can you have in a /30 network?
2048 subnets and 30 hosts
How many subnets and hosts per subnet can you get from the network 172.18.0.0/27?
2 subnets
How many subnets do you get with /25?
4 subnets
How many subnets do you get with /26?
8 subnets
How many subnets do you get with /27?
16 subnets
How many subnets do you get with /28?
32 subnets
How many subnets do you get with /29?
64 subnets
How many subnets do you get with /30?
AUP (Acceptable Use Policy)
How to use the internet, hardware or services. Every organization has different philosophies for this. Very important to document so you can prove someone knew what they were doing was wrong when fired.
Evil Twin
If you make an access point with the same security credentials and SSN that is a stronger signal than the other networks, it could act as an evil twin, allowing you to have control over the users on the network.
BYOD (Bring Your Own Device)
If your own device has company data, there should be policies as to how to handle it for data.
A network technician has received a report that workstations are unable to gain access to the network. During the troubleshooting process, the technician discovers that the switch connecting these workstations has failed. What is the QUICKEST option to configure a replacement switch? Syslog Image Archive Baseline
Image The baseline is only to give you an idea on how it works before any changes are made. The archive won't explain much and syslog is a windows feature. Process of elimination shows that an image would work best. To image a switch, you can make a backup of the configuration and deploy it to a new/different switch.
Hardware Tampering
In some cases the case of a server may have sensors to notify tampering, sent directly from the BIOS
Cold Site vs Warm Sites vs Hot Sites
Incase your building goes down the cold site will be empty and you will have to populate it, for the warm site you have just enough to get running. Host site, replica of everything, ready to go.
Protocol Analyzers
Like enhanced packet sniffers allowing you to identify traffic patterns and see exactly what applications are doing what.
OSPF (Open Shortest Path First)
Link State Routes IP Routing Advertisements: Partial When Route Changes Occur Metric: Composite Cost of each router to Destination (100,000,000/interface speed) Hop Count: None (Limited by Network) Variable Length Subnet Masks Summarization on Network Class Address or Subnet Boundary Load Balancing Across 4 Equal Cost Paths Router Types: Internal, Backbone, ABR, ASBR Area Types: Backbone, Stubby, Not-So-Stubby, Totally Stubby LSA Types: Intra-area (1,2) Inter-area (3,4), External (5,7) Timers: Hello Interval and Dead Interval (different for network types) LSA Multicast Address: 224.0.0.5 and 224.0.0.6 (DR/BDR) Don't Filter ! Interface Types: Point to Point, Broadcast, Non-Broadcast, Point to Multipoint, Loopback
Integrated IS-IS
Link State Routes IP, CLNS Routing Advertisements: Partial When Routing Changes Occur Metric: Variable Cost (default cost 10 assigned to each interface) Hop Count: None (limited by network) Variable Length Subnet Masks Summarization on Network Class Address or Subnet Boundary Load Balancing Across 6 Equal Cost Paths Timers: Hello Interval, Hello Multiplier Area Types: Hierarchical Topology similar to OSPF Router Types: Level 1 and Level 2 LSP Types: Internal L1 and L2, External L2 Designated Router Election , No BDR
What transmission method is used for network utilizing the 802.3 standard? Synchronus DSSS MAC Baseband Broadband
MAC Media Access control (MAC) is used for wired Ethernet data links. 802.3 is the standard for Ethernet networks.
A company owns four kiosks that are in close proximity within a shopping center. The owner is concerned about someone accessing the Internet via the kiosk's wireless network. What should be implemented to provide wireless access only to the employees working at the kiosk? Host-based antivirus Firewall MAC filtering Web filtering
MAC filtering MAC Filtering will control access to the network by restricting access to only certain devices.
A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP credentials, the tool cannot successfully interpret the results. What needs to be added to allow the network management tool to interpret the new device and control it using SNMP? GET WALK TRAP MIB
MIB Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow whatever tool to correctly interpret the information received.
TACACS (Terminal Access Controller Access Control System)
Made to act as a remote authentication service for the ARPANET, still sees some use today. Also fills the same role as RADIUS, sometimes more reliable as it uses strictly TCP.
MTBF
Meantime between failures, used to predict failure
A user reports slow performance. A technician troubleshooting the issue uses a performance monitoring tool and receives the following results: Avg. % Processor Time = 15% Avg. Pages/Second = 5 Avg. Disk Queue Length = 1 Based on these results, what is the issue? Memory NIC Processor Hard drive
Memory The processor reads data based on how much RAM is in a system. If it takes longer to access certain things, adding more RAM could help the processor work at a higher rate of speed. The Average Pages/Second at 5 is considered high in most cases, so additional RAM should be added to the machine.
File Hashing
Method for ensuring information validity. Involves a file being read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value.
Domain Controller (DC)
Microsoft Server that responds to security authentication requests (logging in, checking permissions, etc.) to a number of computer resources with the use of a single username and password combination.
Vulnerability Scanning
Minimally invasive unlike penetration test. Really good at finding unwanted devices on a network. Will tell us if no firewall, no antivirus and no anti-spyware.
Tim is a network administrator who is setting up three additional switches in his test lab. While configuring the switches, he is verifying the connectivity but finds that when he pings one of the switches using its IP address, he receives "Destination Unreachable". What kind of issue is this? DoS attack Misconfigured DNS settings Misconfigured Split Horizon RADIUS authentication errors
Misconfigured Split Horizon Split horizon is a method of preventing a routing loop in a network. If it is misconfigured, the switches would be unable to communicate with each other. None of the other answers provided would prevent communication between the switches.
What network infrastructure implementations would be used to connect two remote sales machines back to the main campus for all data and voice traffic? Multimode fiber (MMF) MPLS Satellite Crossover cable
Multimode fiber (MMF) Multimode fiber can carry different types of data signals over short distances without losing any integrity. A crossover cable maxes at 300ft (cat5e) satellite works over line of sight technology and sometimes the signal isn't great, and MPLS is based on a short path rather than a long path.
Physical Segmentation
Multiple units, separate infrastructure.
Kerberos
Network authentication protocal after authenticating one time you are good. IT uses mutual authentication between client and server preventing man in the middle attack. Used in windows.
While monitoring the network, a technician notices that the network traffic to one of the servers is extremely high. What should the network technician utilize to verify if this is a concern? Network diagram Real-time monitor Network baseline Log management
Network baseline High network traffic can be a sign of a possible attack conducted either by an insider or someone out of the network to steal relevant information. By reviewing the network baseline, the network technician can determine if the traffic is actually high and if any configurations of the network are out of baseline causing the issue.
It has been determined by network operations that there is a severe bottleneck on the company's mesh topology network. The field technician has chosen to use log management and found that one router is making routing decisions slower than the others on the network. What is this an example of? Network device CPU issues Network device power issues SAN issues Delayed responses from RADIUS
Network device CPU issues Routing decisions must be processed by the router, which relies on the networking device's CPU.
What anti-malware solution should be implemented to deter attackers from loading custom files onto a distributed target platform? Network-based anti-malware Host-based anti-malware Cloud-based anti-malware Signatrue based anti-malware
Network-based anti-malware The network-based anti-malware can keep the system secure by testing all communications to/from a distributed target platform.
An offsite backup service is involved in an investigation currently. Because of this, they are not recycling the outdated tapes. Which of the following is the MOST likely reason for this?
Notice of a legal hold.
What concept is the MOST important for a company's long-term health in the event of a disaster? Implementing an AUP Offsite backups UPS Vulnerability scanning
Offsite backups In case of a disaster, you must protect your data. Some of the most common strategies for data protection include backups made to tape and sent offsite at regular intervals.
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password has been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, what should the technician do to prevent the password from being sniffed on the network again? ensure the password is 10 characters, containing letters and numbers Only allow administrators to access routers using port 22 Copy all configurations to routers using TFTP for security Use SNMPv1 for all configurations involving the router
Only allow administrators to access routers using port 22 Port 22 uses SSH to authenticate a remote computer or user, or in this case, an administrator. Even if the router has been compromised, the new full rights user would not be able to access their new account without the SSH key, which could only be provided by a true administrator. Telnet uses port 23 and passes all information as unencrypted traffic on the network. Telnet should always be disabled for security reasons and SSH (which uses encryption) should be used instead.
Your company has purchased a new building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 in order to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the internal wireless network in the main building is for visitors' use only and MUST NOT require the visitors to setup any special configuration on their devices in order to connect. Which of the following is the BEST encryption to use from the options below to meet your manager's requirements for the new visitors' Wireless Network? WEP WPA2-TKIP Open WPA2-CCMP
Open Since your manager has requested that the visitors not be required to configure anything on their devices, the only option you can choose is Open. This option presents NO security for the visitor's wireless network, but it also requires no setup on the user's devices. All of the other options would require some sort of pre-shared key and setup to allow the visitor to use the network.
A network technician needs to monitor the network to find a user that is browsing websites that are against the company policy. What should the technician use to view the website and find the user browsing it? Packet sniffer SNMP GET Top listener tool IDS
Packet sniffer Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even the password information. This differs from an intrusion detection system in that IDS' wait to receive implicitly-malicious data in a network prior to logging the event.
T568A and T568B Termination
Pin assignment from EIE/TIA-568-B standard -8 conductor 100 ohm balanced twisted-pair cabling T568A and T568B are different pin assignments for 8P8C connectors. Many organizations traditionally use 568B -Difficult to change mid stream You can't terminate one side with the other type connector
802.3af, 802.3a3
PoE
Non-Ephemeral Ports
Ports 0 - 1023
Ephemeral Ports
Ports 1024 - 65,535
UPS (uninterruptible power supply)
Power supply with battery backup.
MSDS (Material Safety Data Sheet)
Provides communication to workers regarding hazardous materials in the office.
Core Switch
Provides fast transport between switches within the business campus
An administrator hosts all of the company's virtual servers internally. In the event of total server failure, the server images can be restored on a cloud provider and accessed through the VPN. What cloud services is the administrator using? Private Iaas Public Iaas Hybrid Saas Community PaaS
Public Iaas Infrastructure as a Service (IaaS) is the foundation of cloud computing. Rather than purchasing or leasing space in expensive datacenter, labor, real estate, and all of the utilities to maintain and deploy computer servers, cloud networks, and storage, cloud buyers rent space in a virtual data center from an IaaS provider. They have access to the virtual data center via the Internet. This type of cloud computing provides the "raw materials" for IT, and users usually only pay for the resources they consume, including (but not limited to) CPU cores, RAM, hard disk or storage space, and data transfer. Since this cloud provider is available to all companies to use, much like Microsoft Azure or Amazon Web Services, this is an example of a Public IaaS or Public Cloud.
The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration? RADIUS FTP DNS Kerberos
RADIUS RADIUS is used to centrally manage credentials for network devices. TACACS is an older username and logon system that uses authentication to determine access, while RADIUS combines authorization AND authentication. For this question, either RADIUS or TACACS would be an acceptable answer.
RDP vs VNC remote desktop
Remote desktop protocol from microsoft vs virtual network computing using remote frame buffer (RFB), may be more useful because are open source. The latter one is used for linux machine primarliy.
A network administrator wants to implement a centralized monitoring solution that utilizes push alerts sent from the client to a server. What type of monitoring should be put in place? NIDS SMS SMTP SNMP
SNMP The keyword is MONITORING. SNMP stands for Simple Network Management Protocol. SMTP is simple mail TRANSPORT protocol. NIDS is network intrusion detection system SMS is short message service. So, knowing what all of them stand for helps you to understand if the goal is simply to manage the server and send alerts from client to server. Based on these information, SNMP is the best choice.
OC-12
SONET tansmission line with 622.08 Mbit/s
OC-24
SONET transmission line with 1244.16 Mbit/s
OC-3
SONET transmission line with 155.52 Mbit/s
OC-1
SONET transmission line with 51.84 Mbit/s
OC-48
SONET transmission line with up to 2488.32 Mbit/s
AAA framework
Security philosophy using identification, authentication, authorization and accounting
IPSec
Security protocol suite for layer 3, scans each packet as well as providing encryption. Very popular. Two most important parts are AH - authentication header & ESP - encapsulation security payload
Logical Segmentation with VLANs
Separated logically instead of physically - Cannot communicate between VLANs without a Layer 3 device / router.
LDAP (Lightweight Directory Access Protocol)
Service protocol for reading and writing directories on a network. Uses the X.500 written by the International Telecommunications Union (ITU)
Logical Network Maps
Shows how a network is connected at logical network. Vision Omnigraffle and Gliffy,com are used to make them.
An end user receives a new computer and now is unable to connect to a database using ODBC. Other users are able to connect successfully, and the network technician is able to successfully ping the database server but still is unable to connect. What might have caused this issue? Missing IP routes on router Wrong default gateway address Failing NIC Software firewall is blocking ports
Software firewall is blocking ports A change in the firewall settings to allow access to the specified ports will fix the problem. It appears the default firewall on this new computer is blocking the port used to communicate with the database server. Open Database Connectivity (ODBC)
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
SIEM (Security Information and Event Management)
Splunk is an example. Often used to graph data. Consolidate log files and send alerts.
Unresponsive Service
Symptoms Include: -No response to an application request, No answer -Do you have the right port number And protocol (TCP/UDP)? -Confirm connectivity (Ping, traceroute) -Is the application still working? Telnet to the port number and see if it responds
Hardware Failure
Symptoms Include: -No response, Application doesn't respond -Confirm connectivity, without a ping, you're not going to connect -Run a traceroute, See if you're being filtered, should make it to the other side -Check the server, Lights? Fire?
Incorrect ACL Setting
Symptoms include: -Only certain IP addresses accessible -Access Control Lists(IP address, port numbers, and other parameters, Can allow or deny traffic by filtering packets) -Confirm with packet captures and TCP/UDP traceroutes, Identify the point of no return
Incorrect Host-Based Firewall Setting
Symptoms of this include: -Applications not working, based on the application in use and not necessarily the protocol and port -Check the host-based firewall settings, Accessibility may be limited to an administrator, Managed from a central console -Take a packet capture, the traffic may never make it to the network, dropped by the operating system
Rogue DHCP Server
Symptoms of this include: -IP addresses assigned by a non-authorized server -Client is assigned an invalid or duplicate address
PRI line AKA
T1 line AKA
POP 3 (Post Office Protocol)
TCP 110
POP3
TCP 110
NNTP
TCP 119
NNTP (Network News Transfer Protocol)
TCP 119
NetBIOS session service
TCP 139
L2TP
TCP 1701
H.323
TCP 1720
PPTP
TCP 1723
FTP
TCP 20, 21
FTP (File Transfer Protocol)
TCP 20,21
SSH, SFTP, SCP
TCP 22
SFTP (Secure File Transfer Protocol)
TCP 22 file transfer protocol
Telnet
TCP 23
SMTP
TCP 25
SMTP (Simple Mail Transfer Protocol)
TCP 25
RDP
TCP 3389
LDAP
TCP 389
HTTPS (Hypertext Transfer Protocol Secure)
TCP 443
HTTPS (also SSL TLS VPN)
TCP 443
SMTP over SSL
TCP 465
SSMTP (SMTP over SSL)
TCP 465
TACACS
TCP 49
TACACS (Terminal Access Controller Access Control System)
TCP 49
SIP
TCP 5060, 5061
Syslog
TCP 514
sNEWS
TCP 563
LDAPS (LDAP using SSL/TLS)
TCP 636
TFTP
TCP 69
HTTP
TCP 80
Kerberos
TCP 88
SPOP3 (secure mail transfer protocols)
TCP 995
TLS/SSL (Transport Layer Security/Security Sockets Layer)
TCP 995, 465
TLS/SSL (Transport Layer Security/Security Sockets Layer)
TCP, 995, 465
NETBIOS
TCP, UDP 137, 138, 139
IMAP v4 (Internet Message Access Protocol)
TCP, UDP 143
IMAP4
TCP, UDP 143
SNMP
TCP, UDP 161
SNMP (Simple Network Management Protocol)
TCP, UDP 161
SNMP Trap
TCP, UDP 162
SSH (Secure Shell)
TCP, UDP 22
MGCP (Media Gateway Control Protocol)
TCP, UDP 2427, 2727
RDP (Remote Desktop Protocol)
TCP, UDP 3389
SMB (Server Message Block)
TCP, UDP 445
SIP (Session Initiation Protocol)
TCP, UDP 5060, 5061
DNS
TCP, UDP 53
DNS (Domain Name System)
TCP, UDP 53
HTTP (Hypertext Transfer Protocol)
TCP, UDP 80
FTPS (File Transfer Protocol Secure)
TCP, UDP 989, 990
LDAP (Lightweight Directory Access Protocol)
TCP,UDP 636
A new OC3 experiencing intermittent connectivity and loss of signal alarms. A network administrator finds all the cables are properly connected. There is excess cable between the patch panel and the network node. The cables were forced into their storage compartments in the rack. What is the likely cause of the problem? The bend radius of the cable has been exceeded The OC3 was improperly provisioned The cable was improperly crimped The new OC3 cable is experiencing EMI
The bend radius of the cable has been exceeded A fiber cable (like an OC3) should not be bent more than 45 degrees or it will break the connection.
Port 8080
The default second choice for a web server when port 80 is not usable.
A network administrator is configuring one distribution and five access switches which will be installed in a new building. What is the BEST physical location for the equipment? All switches should be placed in the MDF to leave room in the IDF for servers All switches should be placed in the IDFto leave room in the MDF for servers The distribution switch in the MDF and access switches in the IDF The distribution switch in the IDF and access switches in the MDF
The distribution switch in the MDF and access switches in the IDF Distribution switches should be placed in the Main Distribution Facility (MDF) and the access switches would be placed in the IDF closer to the end users.
Network Convergence
The efficient coexistence of telephone, video, and data communication within a single network, offering convenience and flexibility not possible with separate infrastructures.
Log Management
The idea of managing your logs. Your network logs are stored in a very large drive array, and rolled up as time passes, often graphed to see what you are storing. They are often centralized in a SIEM.
Circuit Labeling
The labeling of all components of a WAN, like the demarc interface, the CSU/DSU and the rater as well as the provider etc
Change Management
The management of change in a company, much overlap with patch management. Change can be dangerous, and saftey is often overlooked. Most companies require clear policies for the duration, installation process, and fallback. Sometimes there is a corporate committee for changes.
Inventory Management
The management of the inventory, has to do with: Putting the bar code on every device to track them and understand how depreciation of devices will be handled. RFID NFC also works. Usually managed by specific inventory management software.
Serial Communication
The process of sending data one bit at a time, sequentially, over a communication channel or computer bus.
HA (High Availability)
The state of systems or company infrastructure that must always be on requiring lots of redundancy. Disallows any single point of failure.
Certificate Based Authentication
The use of a Digital Certificate to identify a user, machine, or device before granting access to a resource, network, application, etc. In the case of user authentication, it is often deployed in coordination with traditional methods such as username and password.
BPDU (Bridge Protocol Data Unit) Packets
These are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocol topology. They contain information on ports, addresses, priorities and costs and ensure that the data ends up where it was intended to go.
Baselines
These are points of reference as to how the network acts at certain times of the day, useful for planning and budgeting.
System Labels (System Labeling)
These are things like the asset tag, system name and serial number need to be clearly visible, all for easier work tickets on them and maintenance.
Speed Test Sites
These websites are good for: -Bandwidth testing -Pre- and post-change analysis -Not all sites are the same
Archive Bit
This bit will indicate if something has been changed since the last backup.
Interface Configuration
This has to do with: -Auto vs Manual configuration -Light status -Speed -Duplex, if mismatched speed will differ
DTLS VPN
This is a VPN using UDP protocols instead of normal TCP for applications that are more suited for UDP, such as encrypted streaming & VOIP
MOU (Memorandum of Understanding)
This is a type of agreement between two or more parties. It expresses a convergence of will between the parties, indicating an intended common line of action.
Stateless vs Stateful packet filtering
This is packet filtering with the context of where the packet came from vs just filtering based on the information contained within the packet alone.
DLP (Data Loss Prevention)
This is the concept of protecting social security numbers, credit cards, medical records and the like. These solutions are often able to watch and alert for policy violations.
NIC Teaming (Network Interface Card Teaming)/LBFO (load balancing fail over)
This is the idea redundant paths in a server using multiple network interface controllers for if one fails. multicast is used for all of the NICs on the network to perform health checks on eachother.
Patch Panel Labeling
This is the labeling the port on the floor to that of the patch panel. Both side`s of link must be labeled. Best with blueprint of the floor.
VLAN Hopping
This is the process of going from one VLAN to another. You might connect your computer to a switch, making the switch think your computer is another switch so you can negotiate the trunk and get access to other VLANs
VLAN Mismatch
This is: -Switch is configured with the incorrect VLAN , configured per switch interface -Link light, but no surfing, A DHCP IP address may not be on the correct subnet, Manually IP addressing won't work at all -Check the switch configuration for VLAN configuration, Each port should have a VLAN setting, VLAN 1 is usually the default
Out of Bounds Management
This must occur when the network isnt directly avaialable for a device, overcome with a serial connection modem connection for dial in management, or via a console router/comm
Your network relies on The use of ATM cells. At which layer of the OSI model do ATM cells operate?
This protocol operates at Layer 2, the data link layer.
Duplex/Speed Match
This refers to the matching of: -speed: 10/100/1000/Auto -Duplex: half/full/auto -incorrect speed means less than expected throughput, most switches fix this automatically -most switches will negotiate an incorrect duplex, needs to match on both sides
How to avoid EMI and interference
To avoid this you should: -Don't twist, pull or stretch cables -Watch that bend radius! -Staples are bad -Avoid power cables
Troubleshooting DNS Issues
To trouble shoot these you should: -Check your IP configuration -Use nslookup or dig to test - does the resolution work? -Try a different DNS server - Google is 8.8.8.8 and 8.8.4.4
Tx and Rx
Transmit and Receive abbreviations
Troubleshooting Opens and Shorts
Troubleshooting these has to do with: -Test your cables prior to implementation -Many connectors look alike -Do you have a good cable mapping device? -Get a good cable person
Troubleshooting Excessive Jitter
Troubleshooting this has to do with: -Confirm available bandwidth -Nothing will work well if the tube is clogged -Make sure the infrastructure is working as expected -Check queues in your switches and routers -No dropped frames -Apply QoS (Quality of Service) -Prioritize real-time communication services -Switch, router, firewall, etc.
An employee of a highly-secure company needs to use facial recognition in addition to username/password to successfully establish a VPN. What BEST describes this methodology? federated identity PKI Biometric authentication Two-factor authentication
Two-factor authentication This would classify best as two-factor authentication, since it requires "something you are" (face) and "something you know" (username/password) for successful authentication to occur.
Link-state routing protocol
Type of routing protocol defined by: -Information passed between routers is related to the current connectivity and quality thereof -Faster is better -Very scalable, usually used in large networks
Cable Shielding Abbreviations
U = Unshielded S = braided Shielding F = Foil Shielding (Overall Cable)/(Individual Pairs)TP -Braided shielding around the entire cable and foil around the pairs is S/FTP -Foil around cable and no shielding around pairs in F/UTP
NTP
UDP 123
NTP (Network Time Protocol)
UDP 123
NetBIOS name service
UDP 137
NetBIOS datagram distribution service
UDP 138
L2TP (Layer 2 Tunneling Protocol)
UDP 1701
RADIUS
UDP 1812, 1813, 1645, 1646
RADIUS (Remotes Access Dial In User Service)
UDP 1812, 1813, 1645, 1646
ISAKMP (Internet Security Association and Key Management Protocol)
UDP 500
RTP (Real-time Transport Protocol)
UDP 5004, 5005
DHCP
UDP 67, 68
DHCP (Dynamic Host Configuration Protocol)
UDP 67, 68
TFTP (Trivial File Transfer Protocol)
UDP 69
RTP (Real Time Transport Protocol)
UDP, 5004, 5005
Rollback
Uninstalling or going to previous patch.
A network administrator is tasked with building a wireless network in a new building located right next door. The wireless clients should not have visibility to one another but should have visibility to the wired users. Users must seamlessly migrate between the buildings while maintaining a constant connection to the LAN. How should he configure the new wireless network in the new building? Use different SSIDs on different channels and VLANs Use the same SSIDs on different channels and AP isolation Use different SSIDs on the same channels with VLANs Use the same SSIDs on same channels with AP isolation
Use the same SSIDs on different channels and AP isolation For users to be able to seamlessly migrate between the two buildings, both Access Points (AP) must use the same SSIDs. They must be on different channels though. Otherwise, interference could occur. Access Point (AP) isolation is a technique for preventing mobile devices connected to an AP from communicating directly with each other.
CSU (Channel Service Unit)
Used to connect to digital leased lines on the line side.
WPA2-PSK vs WPA2-Enterprise
Uses just a password for every device vs having to use a username and password with RADIUS
DSL (Digital Subscriber Line)
Uses telephone lines, download speed is much faster than upload. 52Mbit/s down 16Mbit/s up
Port Aggregation/NIC Teaming
Using more than one card for the same connection, adding redundancy
arp -a
View the local ARP table
A network technician has just received an email regarding a security issue detected on the company's standard web browser. What will MOST likely fix the issue? Vulnerability patch driver update OS update firmware update
Vulnerability patch
Your network security manager wants a monthly report of the security posture of all the assets on the network (e.g. workstations, servers, routers, switches, firewalls). The report should include any feature of a system or appliance that is missing a security patch, OS update, or other essential security feature, as well as its risk severity. What solution would work best to find this data? Virus scan Security policy penetration scan Vulnerability scan
Vulnerability scan A vulnerability scanner is a computer program designed to assess computers, computer systems, networks, or applications for weaknesses. Most vulnerability scanners also create an itemized report of their findings after the scan.
A technician is troubleshooting a newly-installed WAP that is sporadically dropping connections to devices on the network. What should the technician check FIRST during troubleshooting? Encryption type WAP SSID WAP placement Bandwidth saturation
WAP placement For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken into consideration to ensure that the building's construction doesn't cause interference with the wireless signals.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented? WPA personal MAC filtering WPA2 enterprise WEP
WPA personal Since he wishes to use a pre-shared key and not require an authentication server, the most secure choice is WPA personal. WPA2 Enterprise is actually a more secure choice, but it requires a RADIUS authentication server to be used.
10.212.79.255
What is the broadcast address of the network 10.212.64.0 255.255.240.0?
172.20.63.255
What is the broadcast address of the network 172.20.62.0 255.255.254.0?
172.23.125.63
What is the broadcast address of the network 172.23.125.0 255.255.255.192?
172.31.82.129
What is the first valid host on the subnetwork that the node 172.31.82.140 255.255.255.192 belongs to?
192.168.157.129
What is the first valid host on the subnetwork that the node 192.168.157.147/29 belongs to?
192.168.16.0
What is the subnet address of the first subnet?
172.16.0.0
What is the subnet address of the first subnet? IGNORE
207.1.6.0
What is the subnet address of the first subnet? IGNORE
172.252.0.0
What is the subnet address of the last subnet? IGNORE
192.168.16.240
What is the subnet address of the last subnet? IGNORE
207.1.6.128
What is the subnet address of the last subnet? IGNORE
172.16.4.0
What is the subnet address of the second subnet? IGNORE
192.168.16.16
What is the subnet address of the second subnet? IGNORE
207.1.6.128
What is the subnet address of the second subnet? IGNORE
WPA2 and CCMP
What networking protocol is CCMP used with? -CCMP, also known as AES CCMP, is the encryption mechanism that has replaced TKIP.
Convergence
When a change occurs in your network topology, routing tables have to be updated. Each router will send out the contents of its routing tables to other routers. This exchange of information will happen until all routers have updated their routing tables to reflect to new network topology.
172.24.108.0
Which subnet does host 172.24.109.24/22 belong to?
192.168.1.196
Which subnet does host 192.168.1.198/30 belong to?
802.11 (technologies)
Wireless Networking, managed by the IEEE LAN/MAN
255.255.255.192
You are designing a subnet mask for the 172.28.0.0 network. You want 700 subnets with up to 40 hosts on each subnet. What subnet mask should you use?
255.255.255.192 /26
You are designing a subnet mask for the 172.30.0.0 network. You want 800 subnets with up to 50 hosts on each subnet. What subnet mask should you use?
255.255.252.0 /22
You are given an IP range of 172.16.0.0 255.255.0.0 Create 60 usable subnets with the maximum number of hosts per subnet. What would the subnet mask be?
255.255.255.240 /28
You are given an IP range of 192.168.16.0 255.255.255.0 Create 12 usable subnets with the maximum number of hosts per subnet. What would the subnet mask be?
255.255.255.128
You are given an IP range of 207.1.6.0 255.255.255.0 Create 2 usable subnets with the maximum number of hosts per subnet. What would the subnet mask be?
MTTR
You may want to know a system's mean time to restore
RADIUS (Remote Access Dial In User Service)
You need to allow remote access users to log on to a network through a shared authentication database. Name of the authentication service not originally designed for the ARPANET.
A network administrator needs to install a centrally-located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. What firewall type should the administrator install? a stateful network-based firewall a stateless network-based firewall a host-based stateful firewall a host-based firewall
a stateful network-based firewall A stateful firewall enhances security through the use of packet filtering and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network.
arp - get the arp table
arp -a
The network technician has received a large number of complaints from users that there is poor network performance. The network technician suspects a user may have created a malicious flood on the network with a large number of ping requests. What should the technician do? block all ICMP requests update all the antivirus software remove all suspected users from the network upgrade firmware on all network cards
block all ICMP requests Ping requests use the Internet Control Message Protocol to send operational information about a host or router. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting.