Infrastructure (3) Flashcards
Ed has been hired by a company to upgrade its network infrastructure. The current network is 10 Mbps Ethernet running on Category 5 (CAT5) twisted pair cable. There are 100 computers on the network, all of which have 10/100/1000 multispeed network interface adapters. The computers are all connected to hubs. Users are complaining that the network is too slow and connections are sometimes dropped. Management wants to upgrade to the fastest Ethernet standard possible, using the existing cabling, and still keep costs to a minimum. Which of the following implementations should Ed recommend to the client?
Upgrade to 1000Base-T and keep the existing hubs.
Upgrade to 100Base-FX and replace all of the hubs with switches.
Upgrade to 1000Base-T and replace all of the hubs with switches.
Upgrade to 1000Base-T and replace all of the hubs with switches.
The best solution in this scenario is to upgrade to 1000Base-T and replace the existing hubs with switches. 1000Base-T provides the fastest transfer speeds supported by the existing cable. Since users are complaining that the network is slow with the existing hubs, it makes sense to replace the shared hub environment with switches that offer dedicated bandwidth out each port. Any solution that does not replace the hubs would not address the users’ complaints. 100Base-TX would provide a speed increase, but it runs at one-tenth the speed of 1000Base-TX. Upgrading to 100Base-FX would require the cabling to be replaced with fiber optic, which would be very expensive.
Ralph has been hired by a company to redesign its local area network (LAN). Right now it has a single 100 Mbps Ethernet LAN with 40 users and 2 shared servers, all connected through 3 hubs. The users on the network must share files with one another and also access the shared servers to retrieve and store files. The users are complaining that the network is too slow. Management states that cost is a factor that must be considered. Which of the following upgrade scenarios should Ralph recommend in this situation?
Split the network into smaller segments with dedicated hubs as opposed to shared hubs.
Split the network into two routed LANs with 20 users each.
Replace the hubs with switches to define separate collision domains and filter unnecessary traffic from each segment.
Replace the hubs with switches to define separate collision domains and filter unnecessary traffic from each segment.
In this situation, the best choice is to replace the hubs with switches, since the network is relatively small and cost is an issue. In addition, all users must be able to share information directly with one another and to access the servers. On the existing network, all users share the same 100 Mbps communication channel, and each computer must take turns transmitting. By replacing the hubs with switches, you provide each computer with a dedicated 100 Mbps connection to the switch, while reducing unnecessary traffic and collisions on the network. There is no such thing as a dedicated hub. Splitting the network into two routed LANs with 20 users each is not the best solution, since all users must share information on a constant basis. Also, cost is a factor and routers are more expensive than switches. Replacing the hubs with a layer 3 switch and defining two VLANs with 20 users each is not a reasonable solution because layer 3 switches are very expensive. Layer 3 switches and VLANs are typically used in larger enterprise networks.
Which of the following devices can split a single network into two collision domains while maintaining a single broadcast domain?
Hub
Bridge
Switch
Bridge
A bridge can split a single network into two collision domains, because it forwards only the packets that are destined for the other side of the bridge. The bridge forwards all broadcast packets, so it maintains a single broadcast domain. A hub maintains a single collision domain and a single broadcast domain. A switch creates a separate collision domain for each port, and a single broadcast domain for the entire network. A router creates two collision domains, but it does not forward broadcasts, so there are two broadcast domains as well
Alice has a network that consists of three virtual LANs (VLANs) defined on all of the network’s switches. VLAN 10 is the Sales VLAN, VLAN 20 is the Marketing VLAN, and VLAN 30 is the Accounting VLAN. Users are reporting that they can’t communicate with anyone outside of their own VLAN. What is the problem, and what must Alice do?
The problem is a faulty VLAN configuration on one of the switches. Alice needs to re-create the VLANs and configure each VLAN for routing.
One of the VLANs is configured to filter all other VLAN traffic for security purposes. Alice needs to change the filter on this VLAN.
VLANs are limited to data link layer communication only. To allow communication between VLANs, Alice must add a router or a layer 3 switch to the network and configure it to route traffic between the VLANs.
VLANs are limited to data link layer communication only. To allow communication between VLANs, Alice must add a router or a layer 3 switch to the network and configure it to route traffic between the VLANs.
VLANs are data link layer local area networks (LANs) defined within switches. Only devices (and users) connected to ports belonging to the same VLAN can communicate with each other until a layer 3 device, such as a router or a layer 3 switch, is added to the network. Re-creating and reconfiguring the VLANs will not correct this problem. Traffic filters are usually implemented on routers. VLANs do not have to use the same data link protocol.
Which of the following functions is the multifunction device on a home or small office network known as a broadband router least likely to provide?
Wireless access point
Switch
Proxy server
Proxy server
Broadband routers generally do not function as proxy servers, which are application layer devices used to regulate access to the Internet. Many broadband routers are also wireless access points, enabling users to construct a LAN without a complicated and expensive cable installation. Many broadband routers have switched ports for connections to wired devices, such as printers and computers. Most broadband routers use DHCP to assign IP addresses to devices on the private network
Which of the following is the true definition of the term modem?
A device that connects a computer to the Public Switched Telephone Network (PSTN)
A device that connects a local area network (LAN) to the Internet
A device that converts analog signals to digital signals and back again
A device that converts analog signals to digital signals and back again
A modulator/demodulator is any device that converts analog signals to digital signals and digital signals back to analog signals. The digital device does not have to be a computer, and the analog device does not have to be the PSTN. There are many devices that are incorrectly referred to as modems, such as devices that connect a digital LAN to a digital WAN or all-digital devices that connect computers to the Internet
Which of the following devices is used to physically connect computers in the same VLAN?
A bridge
A hub
A switch
A switch
Replacing routers with switches turns an internetwork into a single large subnet, and VLANs exist as logical elements on top of the switching fabric. Although VLANs are the functional equivalent of network layer subnets, the systems in a single VLAN are still connected by switches, not routers. Bridges connect network segments at the data link layer and selectively forward traffic between the segments. However, bridges do not provide a dedicated connection between two systems like a switch does, and they do not make it possible to convert a large routed internetwork into a single switched network. Therefore, they have no role in implementing VLANs. Hubs are physical layer devices that propagate all incoming traffic out through all of their ports. Replacing the routers on an internetwork with hubs would create a single shared network with huge amounts of traffic and collisions. Hubs, therefore, do not connect the computers in a VLAN
Which of the following best describes the function of a firewall?
A device located between two networks that enables administrators to restrict incoming and outgoing traffic
A device that connects two networks together, forwarding traffic between them as needed
A device that enables Internet network clients with private IP addresses to access the Internet
A device located between two networks that enables administrators to restrict incoming and outgoing traffic
A firewall is a filter that can prevent dangerous traffic originating on one network from passing through to another network. A device that connects two networks together and forwards traffic between them is a router, not a firewall. A device that enables Internet network clients with private IP addresses to access the Internet is a description of a NAT router or a proxy server, not a firewall. A device that caches Internet data is a proxy server or caching engine, not a firewall
Which of the following terms is used to describe the method by which a firewall examines the port numbers in transport layer protocol headers?
IP address filtering
Service-dependent filtering
Deep packet inspection
Service-dependent filtering
Service-dependent filtering blocks traffic based on the port numbers specified in the transport layer header fields. Because port numbers represent specific applications, you can use them to prevent traffic generated by these applications from reaching a network. IP address filtering operates at the network layer. Deep packet inspection (DPI) scans the contents of packets, rather than their headers. Next generation firewall (NGFW) defines a device with advanced protection capabilities; port number scanning is a basic firewall function
Which of the following devices can also be described as a multiport repeater?
Hub
Bridge
Switch
Hub
A repeater is a physical layer device that regenerates incoming signals and retransmits them. A hub is a type of repeater that receives data through any one of its multiple ports and retransmits the data out through all of its other ports. Bridges and switches are data link layer devices, and routers are network layer devices. None of these three can be described as multiport repeaters
Which of the following bridging types has never been used on Ethernet local area networks (LANs)?
Store and forward
Transparent
Source route
Source route
Source route bridging was a technique used on Token Ring (and not Ethernet) networks, in which a Routing Information Field (RIF) in the packet header identified the network segments the packet should follow to reach its destination. Store and forward, transparent, and multiport bridges have all been used on Ethernet networks
Which of the following physical network devices can conceivably be implemented as software in a computer’s operating system? (Choose all correct answers.)
Hub
Switch
Router
Firewall
Router
Firewall
Most operating systems are capable of functioning as routers or firewalls. To route traffic, the system must have two network connections. A software firewall can be part of a computer’s routing functionality, or it can be a stand-alone firewall that protects only the local system. Computers cannot function as hubs or switches because multiple ports would be required and standard network adapters don’t implement those functions
Which of the following criteria does a firewall capable of service dependent filtering use to block traffic?
Hardware addresses
IP addresses
Port numbers
Port numbers
Service-dependent filtering blocks traffic based on the port numbers specified in the transport layer header fields. Because port numbers represent specific applications, you can use them to prevent traffic generated by these applications from reaching a network. IP address filtering enables you to limit network access to specific computers; it is not service dependent. Filtering based on hardware addresses provides the same basic functionality as IP address filtering, but it is more difficult to spoof hardware addresses than IP addresses. Filtering by protocol identifier enables you to block all traffic using TCP or UDP; it is not service dependent
Ralph is a freelance network consultant installing a three-node small business network. The computers are all in the same room and use wired Ethernet to connect to the switched ports of a multifunction device. The device also functions as a network address translation (NAT) router for a cable modem connection to the Internet and uses DHCP to assign private IP addresses to the computers. Although NAT provides a measure of security, Ralph wants to be sure that the computers on the network are protected from unauthorized Internet traffic and attacks against open ports. Which of the following solutions would enable Ralph to accomplish this goal with the minimum cost to the client?
Install a hardware firewall between the multifunction device and the cable modem.
Install an intrusion prevention system (IPS) between the multifunction device and the cable modem.
Install a personal firewall on each of the computers.
Install a personal firewall on each of the computers.
A personal firewall is an inexpensive way to protect an individual computer from Internet incursions. Three copies of the product are much less expensive than any of the other suggested solutions. Installing a hardware firewall is a complex and expensive solution, not suitable for a small network. An IPS is a relatively expensive solution, suitable for larger networks. An IDS is a relatively expensive solution, and connecting it to a switched port would not enable it to protect the other computers on the network. A port scanner is a device that performs scans on demand. It does not continuously monitor ports, and it does nothing to protect them
Which of the following statements about hubs and switches are true? (Choose all correct answers.)
Hubs operate at the physical layer, whereas switches operate at the network layer.
All of the devices connected to a hub are part of a single-collision domain, whereas each device connected to a switch has its own collision domain.
There are switches available with network layer functionality, but there are no hubs with that capability.
Switches create a separate broadcast domain for each collected device, whereas hubs create a single broadcast domain for all of the connected devices.
All of the devices connected to a hub are part of a single-collision domain, whereas each device connected to a switch has its own collision domain.
There are switches available with network layer functionality, but there are no hubs with that capability.
Hubs operate at the physical layer and switches at the data link layer. Hubs and switches both create a single broadcast domain for all of the connected devices. Switches create a separate collision domain for each connected device, whereas hubs create a single-collision domain. There are switches (but not hubs) with network layer (layer 3) functionality
