certmaster Explaining IPv4 Addressing Flashcards
A security analyst is reviewing various subnets that are set aside for various purposes. What is the subnet 192.0.2.0/24 and 198.51.100.0/24 set aside for?
A.Variety of special purposes
B.Local network address not known
C.DHCP lease
D.Documentation and examples
D
The subnets 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 are all set aside for use in documentation and examples. These are other IPv4 address ranges reserved for special use and are not publicly routable.
The subnets 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15 are all set aside for a variety of special purposes.
The subnet 255.255.255.255 broadcasts to the local network when the local network address is not known. A broadcast performs by sending a packet to the network or subnet’s broadcast address.
The system uses the subnet 0.0.0.0/8 when a specific address is unknown and typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease
A network architect is planning a new setup for a new company that has yet to build buildings. Which of the following would the architect set up for a /16 network?
A.Multicast
B.Class A
C.Class B
D.Class C
C
Class B: 255.255.0.0 (/16). The first octet for class B is from 128 - 191. The only remaining use of classful terminology is to describe the default subnet masks.
IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host’s content.
Class A: 255.0.0.0 (/8). The first octet for class A is from 1 - 126. The default masks reengineer the classful scheme but allow network designers to create subnets of different numbers.
Class C: 255.255.255.0 (/24). The first octet for class C is from 192 - 223
A security analyst is reviewing malicious packets and trying to understand the IPv4 header. What is the first field in an IPv4 header?
A.Header Length
B.Version
C.Protocol
D.Source address
B
The Version field is the first field in an IPv4 packet and indicates the version of the Internet Protocol in use, which in the case of IPv4 is 4.
The field after Version is the Length field, which indicates the size of the header and the total packet size, including the payload. The maximum theoretical size is 65,535 bytes.
The Protocol field describes what is contained (encapsulated) in the payload so that the receiving host knows how to process it.
The source and destination address fields do not occur until the end of the header, before options and data. The options field is not as common in IPv4
A helpdesk technician is reviewing the network layout in various areas. What is the purpose of subnetting?
A.Layer 2 tracking
B.Layer 3 segments
C.Port security
D.Flow control
B
Subnetting creates layer 3 broadcast domain segments with fewer hosts. The trick with subnet design is to fit the scheme to the requirements for a number of subnetworks and hosts per subnet.
The CAM table tracks Layer 2 and implements it as content addressable memory (CAM). It is a special type of memory, optimized for searching, rather than random access.
A port security configuration validates the MAC address of end systems connecting to a switch port. Most often, the MAC address of servers and workstations does not change often, except for predictable upgrade cycles.
IEEE 802.3x flow control allows a server to instruct the switch to pause traffic temporarily to avoid overwhelming its buffer and causing it to drop frames
A network administrator is working for a large company on a subnet that requires an 8 bit mask. Which of the following would that be?
A.255.255.0.0
B.255.255.255.0
C.255.255.255.255
D.255.0.0.0
D
255.0.0.0 is an 8-bit mask. A short netmask (255.0.0.0) allows for millions of hosts per network but only 126 possible network addresses.
255.255.0.0 is a 16-bit mask. Note that this system is known as classless addressing. There is an older classful addressing method.
255.255.255.0 is a 24-bit mask. A longer network portion, such as 255.255.255.0, allows for more network IDs within the overall internetwork, but with fewer available host addresses per network.
255.255.255.255 is a 32-bit mask. A 32-bit network mask (or netmask) distinguishes these two components within a single IP address.
A client is trying to connect to a network. The client can get an IP address but does not have internet access and decides to see if they are issued an APIPA address. Which of the following would fall under the APIPA range?
A.10.0.0.0 to 10.255.255.255
B.172.16.0.0 to 172.31.255.255
C.192.168.0.0 to 192.168.255.255
D.169.254.0.0 through 169.254.255.255
D
The APIPA range is from 169.254.0.0 through 169.254.255.255. Microsoft developed Automatic Private IP Addressing (APIPA) for clients that could not contact a Dynamic Host Configuration Protocol (DHCP) server.
The IP addresses from 10.0.0.0 to 10.255.255.255 represent the Class A private address range. Private IP addresses can be from one of the pools of addresses defined in RFC 1918 as non-routable over the Internet.
The IP addresses from 172.16.0.0 to 172.31.255.255 represent the Class B private address range. Any organization can use private addresses on its networks without applying to a registry or ISP, and multiple organizations can use these ranges simultaneously.
The IP addresses from 192.168.0.0 to 192.168.255.255 represent the Class C private address range.
A security analyst is looking at traffic directed to 0.0.0.0/8. For what purpose is this IP range typically used?
A.Variety of special purposes
B.To check that TCP/IP is correctly installed on the local host
C.Source address by client seeking a DHCP lease
D.Examples
C
The system uses the subnet 0.0.0.0/8 when a specific address is unknown and typically used as a source address by a client seeking a Dynamic Host Configuration Protocol (DHCP) lease.
The subnets 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15 are all set aside for a variety of special purposes.
While nominally part of Class A, the range 127.0.0.0 to 127.255.255.255 (or 127.0.0.0/8) is reserved. This range is used to configure a loopback address, which is a special address typically used to check that TCP/IP is correctly installed on the local host.
The subnets 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 are all set aside for use in documentation and examples. These are other IPv4 address ranges reserved for special use and are not publicly routable
A systems administrator attempts to allow one host on the Internet to send content to other hosts that have identified themselves as interested in receiving the originating host’s content. What should the administrator use to accomplish this?
A.Multicast
B.Anycast
C.Broadcast
D.Unicast
A
IPv4 multicasting allows one host on the Internet (or private IP network) to send content to other hosts that have identified themselves as interested in receiving the originating host’s content.
Anycast refers to a group of hosts configured with the same IP address.
One method of addressing multiple hosts is to perform a broadcast. An administrator performs a broadcast by sending a packet to the network or subnet’s broadcast address.
When an IPv4 host wants to send a packet to a single recipient, it uses a unicast packet addressed to the IP address of the destination host
A network administrator wants to use a subnet mask containing 62 usable addresses. Which of the following subnet masks should the administrator use?
A.255.255.255.192
B.255.255.255.240
C.255.255.255.224
D.255.255.255.128
A
A subnet mask of 255.255.255.192 has 62 usable addresses. Subnet addressing has three hierarchical levels: a network ID, subnet ID, and host ID.
A subnet mask of 255.255.255.240 has 16 addresses. To create logical subnets, the network administrator must allocate the bits from the host portion of the IP address as a subnetwork address, rather than part of the host ID.
A subnet mask of 255.255.255.224 has 32 addresses. The mask will always have one of these values in the least significant octet: 128, 192, 224, 240, 248, 252, 254, 255.
A subnet mask of 255.255.255.128 has 128 addresses. It is important to understand that only one mask is ever applied to the IP address on each interface.
A security administrator is investigating a CAM table flooded by an attacker. In the packet capture, what protocol should the security administrator filter on to look at related traffic?
A.ARP
B.IP
C.TCP
D.HTTP
A
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite includes the Address Resolution Protocol (ARP). The ARP performs the task of resolving an IP address to a hardware address. ARP messaging is only available to use with Ethernet.
At the network layer, the TCP segment wraps in an Internet Protocol (IP) header. The IP packet encapsulates in an Ethernet frame at the data link layer.
At the transport layer, the administrator adds a Transport Control Protocol (TCP) header to this application data.
The HyperText Transfer Protocol (HTTP) protocol is an application layer protocol, which will include its own application header.
A network administrator wants to be able to address multiple address hosts. Which of the following would accomplish this task? (Select all that apply.)
A.Broadcast
B.ff:ff:ff:ff:ff:ff
C.Unicast
D.255.255.240.0
A, B
One method of addressing multiple hosts is to perform a broadcast. An administrator performs a broadcast by sending a packet to the network or subnet’s broadcast address.
Implemented broadcasts occur at layer 2 by sending them to MAC address ff:ff:ff:ff:ff:ff. All hosts connected to the switch (or in the same VLAN) will receive them.
When an IPv4 host wants to send a packet to a single recipient, it uses a unicast packet addressed to the destination host’s IP address.
If the subnet mask is 255.255.240.0, the last four digits of the last octet in the IP address are the host ID portion. Setting these digits to all 1s is the last possible address before the next subnet ID, hence the network broadcast address.
