Network + Flash Cards
The _____ command is used in a Windows environment to see how many
hops a packet takes to reach a destination
tracert
The communication between distance-vector routers is known as ____
Hops
the largest data unit that can be passed without fragmentation.
The Maximum Transmission Unit (MTU)
The process by which routers learn of a change in the network
topology is called
convergence
The second version of RIP dealt with the shortcomings of the
original design. Authentication was included to enable secure transmissions,
also, it changed from a networkwide broadcast discovery method
to a multicast method to reduce overall network traffic.
RoutingInformation Protocol or
RIPv2
The syntax for the route add command is:
route add 192.168.2.1
mask (255.255.255.0) 192.168.2.4
Three types of bridges are used in networks:
Transparent bridge
Source route bridge
Translational bridge
Unlike cut-through, in a _____ switching
environment, the entire packet is received and error-checked before
being forwarded. The upside of this method is that errors are not propagated
through the network. The downside is that the error-checking
process takes a relatively long time, and store-and-forward switching is
considerably slower as a result..
store-and-forward
used with network bridges and switches. With the help of Spanning Tree Algorithm (STA), STP avoids or eliminates loops on a Layer 2 bridge.
Spanning Tree Protocol (STP)
What are the methods of switching?
Cut-through
Store-and-forward
FragmentFree
What are the two types of Link-state protocols?
Open Shortest Path First (OSPF)
Intermediate System-to-Intermediate System (IS-IS):
WHat is one waya router that uses Link-state protocol differs fromone that uses distance-vector protocol
it builds a map of the entire network and then
holds that map in memory. ALso, On a network that uses a link-state protocol,
routers send link-state advertisements (LSAs) that contain information about
the networks to which they connect.
What two issues must be considered when using bridges?
Bridge Placement and Eliminating bridging loops
With _____ communications, each router on the network
communicates all the routes it knows about to the routers to which it is
directly attached. In this way, routers communicate only with their router
neighbors and are unaware of other routers that may be on the network.
Distance-Vector Routing
With eliminating bridging loops: Bridging loops can occur when more than
one bridge is implemented on the network. In this scenario, the bridges
can confuse each other by leading one another to believe that a device is
located on a certain segment when it is not. To combat the bridging
KNOW THIS
____enables administrators to monitor the traffic outbound and inbound
to the switch.
Port mirroring
The ports on a hub to which computer systems are attached are called
Medium-Dependent Interface Crossed (MDI-X).
Another type of port, called a_____port, is often
included on a hub or switch to facilitate the connection of two switches or
hubs.
Medium-Dependent Interface (MDI)
ExamAlert
In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed.
ExamAlert
Routers that send link-state advertisements (LSA) that contain information about the network to which they connect
link-state routing
- True or False: The biggest difference between a LAN and WAN is usually
the size of the network.
- True. A WAN is a network that spans more than one geographic location,
often connecting separated LANs.
- What network model offers no centralized storage of data or centralized
control over the sharing of files or resources?
- A peer-to-peer network is a decentralized network model offering no centralized
storage of data or centralized control over the sharing of files or
resources.
- In what networking model is the processing power shared between the
client systems and the server?
- A distributed network model has the processing power distributed
between the client systems and the server.
A___ is a data network restricted to a single geographic location and typically
encompasses a relatively small area, such as an office building or school
LAN
A ____is a network that spans more than one geographic location, often
connecting separated LANs
WAN
You can choose from two basic wired network models:
peer-to-peer and
client/server.
A ____network is a decentralized network model offering no centralized
storage of data or centralized control over the sharing of files or
resources. All systems on this network can share the resources on
their local computer and use resources of other systems.
peer-to-peer
The ____ networking model is, without question, the most widely
implemented model and the one you are most likely to encounter when working
in real-world environments. The advantages of the this system
are that it is a centralized model and it enables centralized network management
of all network services, including user management, security, and backup
procedures
The client/server
EXAM ALERT:
The role of the client computer in the client/server model is to request the data
from the server and present that data to the users.
EXAM ALERT
1. What is the maximum number of computers recommended for inclusion in a peer-to-peer network? ❍ A. 2 ❍ B. 5 ❍ C. 10 ❍ D. 25
- C. The maximum number of computers recommended in a peer-to-peer network
is 10.
2. When a WAN is confined to a certain geographic area, such as a university campus or city, it is known as a ❍ A. LAN ❍ B. MAN ❍ C. VAN ❍ D. VPN
- B. A WAN can be referred to as a MAN (Metropolitan Area Network) when it is
confined to a certain geographic area, such as a university campus or city.
- Which topology (star, bus, or ring) would use a hub or switch?
- Of the choices given, only a star topology would use a hub or switch.
- With which topology does every node have a direct connection to every
other node?
- With a mesh topology, every node has a direct connection to every other
node.
A ___refers to a network’s physical and logical layout.
topology
A network’s____topology refers to the actual layout of the computer cables and other network
devices.
physical
A network’s_____ topology refers to the way in which the network
appears to the devices that use it.
logical
A___ topology uses a trunk or backbone to connect all the computers on the
network
bus
EXAM ALERT:
Loose or missing terminators from a bus network disrupt data transmissions.
EXAM ALERT:
Loose or missing terminators from a bus network disrupt data transmissions.
The____ topology is actually a logical ring, meaning that the data travels in a
circular fashion from one computer to another on the network.
ring, is not a physical ring
In the ____topology, all computers and other network devices connect to a central
device called a hub or switch. Each connected device requires a single cable
to be connected to the hub, creating a point-to-point connection between the
device and the hub.
star
Among the network topologies discussed in this chapter, the star topology is the
easiest to expand in terms of the number of devices connected to the network.
EXAM ALERT
The ___ ____ topology (see Figure 1.6) incorporates a unique network design
in which each computer on the network connects to every other, creating a
point-to-point connection between every device on the network
wired mesh
EXAM ALERT:
Because of the redundant connections, the mesh topology offers better fault tolerance
than other topologies.
EXAM ALERT:
Because of the redundant connections, the mesh topology offers better fault tolerance
than other topologies.
___ ___ ___is a technology designed to speed up network
traffic flow by moving away from the use of traditional routing tables.
Multiprotocol Label Switching (MPLS)
Wireless networks typically are implemented using one of two wireless topologies:
. Infrastructure, or managed, wireless topology
. Ad hoc, or unmanaged, wireless topology
The ___ ___ ___ is commonly used to extend a wired LAN to
include wireless devices. Wireless devices communicate with the wired LAN
through a base station known as an access point (AP) or wireless access point.
infrastructure wireless topology
In a __ __ __ topology, devices communicate directly between themselves
without using an access point. This peer-to-peer network design is commonly
used to connect a small number of computers or wireless devices.
wireless ad hoc
Wireless mesh networks are known as self-healing, which
refers to the network’s capability to adapt to network failure and even
function should a node be moved from one location to another. Selfhealing
in a wireless mesh environment is possible because of the interconnected
connections and because of the wireless media.
Self-healing
Another meaning: The term hybrid topology also can refer to the combination of
wireless and wired networks. For the Network+ exam, however, the term hybrid
most likely refers to the combination of physical networks.
EXAM ALERT
- You have been asked to install a network to give the network users the greatest
amount of fault tolerance. Which of the following network topologies would you
choose?
❍ A. Star
❍ B. Ring
❍ C. Mesh
❍ D. Bus
- C. A mesh network uses a point-to-point connection to every device on the network.
This creates multiple points for the data to transmit around the network
and therefore creates a high degree of redundancy. The star, ring, and bus
topologies do not offer fault tolerance.
An AP can operate as a bridge connecting a standard wired network to wireless
devices or as a router passing data transmissions from one access point to
another.
EXAM ALERT
The term ___ ____ is used to loosely encompass any device capable of
encrypting data for the purpose of making it more difficult to intercept. On
the lower end, this can encompass devices used by individual users (encrypted
flash drives, for example). On the higher end, a server can encrypt data for the
network.
encryption devices
Because the Network+ exam focuses on networking and the objective focuses on
the OSI model, the presentation layer is responsible for encrypting/decrypting data
EXAM ALERT:
Because the Network+ exam focuses on networking and the objective focuses on
the OSI model, the presentation layer is responsible for encrypting/decrypting data
sent across the network.
EXAM ALERT:
Because the Network+ exam focuses on networking and the objective focuses on
the OSI model, the presentation layer is responsible for encrypting/decrypting data
sent across the network.
- Users are complaining that the network’s performance is unsatisfactory. It takes
a long time to pull files from the server, and, under heavy loads, workstations
can become disconnected from the server. The network is heavily used, and a
new videoconferencing application is about to be installed. The network is a
1000BaseT system created with Ethernet hubs. Which device are you most likely
to install to alleviate the performance problems?
❍ A. Switch
❍ B. Router
❍ C. Bridge
❍ D. Gateway
- A. Replacing Ethernet hubs with switches can yield significant performance
improvements. Of the devices listed, switches are also the only ones that can be
substituted for hubs. A router is used to separate networks, not as a connectivity
point for workstations. A bridge could be used to segregate the network and
therefore improve performance, but a switch is a more obvious choice in this
example. A gateway is a device, system, or application that translates data from
one format into another.
2. Which of the following devices forwards data packets to all connected ports? ❍ A. Router ❍ B. Switch ❍ C. Bridge ❍ D. Hub
- D. Hubs are inefficient devices that send data packets to all connected devices.
Switches pass data packets to the specific destination device. This method significantly
increases network performance.
3. Of the following routing methods, which is likely to require the most administration time in the long term? ❍ A. Static ❍ B. Link state ❍ C. Distance vector ❍ D. Dynamic
- A. Static routing takes more time to administer in the long term because any
changes to the network routing table must be manually entered. Distance vector
and link state are both dynamic routing methods. Dynamic routing might take
more time to configure initially, but in the long term, it requires less administration
time. It can automatically adapt to changes in the network layout.
- Which of the following statements best describes a gateway?
❍ A. It is a device that enables data to be routed from one network to
another.
❍ B. It refers to any device that resides at the entrance of a network.
❍ C. It is a device, system, or application that translates data from one format
into another.
❍ D. It is a network device that can forward or block data based on the
MAC address embedded in the packet.
- C. A gateway can be a device, system, or application that translates data from
one format into another. Answers A and B more closely describe a router.
Answer D describes a bridge. A bridge is a device that is used to segregate a
network. It makes forwarding or blocking decisions based on the MAC address
embedded in the packet.
- You are experiencing performance problems on your Ethernet-based network. By
using a network performance-monitoring tool, you determine that the network
has a large number of collisions. To reduce the collisions, you decide to install a
network bridge. What kind of bridge are you most likely to implement?
❍ A. Collision bridge
❍ B. Transparent bridge
❍ C. Visible bridge
❍ D. Translational bridge
- B. A transparent bridge can be used to segment a network, reducing the number
of collisions and overall network traffic. It is called transparent because the other
devices on the network do not need to be aware of the device and operate as if
it weren’t there. A translational bridge is used in environments where it is necessary
to translate one data format into another. Such a conversion is unnecessary
in this scenario. There is no such thing as a collision bridge or a visible bridge.
- What acts as a translator between the LAN and WAN data formats?
- A CSU/DSU acts as a translator between the LAN and WAN data formats.
- What is the term that describes the mechanisms used to control bandwidth
usage on the network?
- Bandwidth shaping describes the mechanisms used to control bandwidth
usage on the network.
- True or False: A load balancer must be a hardware device specially configured
to balance the load.
- False. A load balancer can be either a hardware device or software specially
configured to balance the load.
The term ___ ___ describes the mechanisms used to control bandwidth
usage on the network. With this, administrators can control who uses bandwidth,
for what purpose, and what time of day bandwidth can be used. Traffic
shaping establishes priorities for data traveling to and from the Internet and
within the network.
traffic shaping
A ___ ___ essentially performs two key
functions—monitoring and shaping. Monitoring includes identifying where
bandwidth usage is high and the time of day. After that information is
obtained, administrators can customize or shape bandwidth usage for the best
needs of the network.
bandwidth shaper
A ___ ___ is any software that controls what a user is allowed to peruse
and is most often associated with websites. Using a content filter, an employer
can block access to pornographic sites to all users, some users, or even just an
individual user.
content filter
___ ___ is a technique in which the workload is distributed between several servers. This feature can
take networks to the next level; it increases network performance, reliability,
and availability.
Load balancing
EXAM ALERT:
Remember that load balancing increases redundancy and therefore data availability.
Also, load balancing increases performance by distributing the workload.
EXAM ALERT
A ___ ___ is one that can operate at both Layer 2 and Layer 3 of the
OSI model, which means that the multilayer device can operate as both a
switch and a router.
multilayer switch
EXAM ALERT:
A multilayer switch operates as both a router and a switch.
EXAM ALERT
A ___ ___ examines the
network data it receives, decides where the content is intended to go, and forwards
it. It can also can identify the application that data is targeted
for by associating it with a port.
content switch
___ ___ can help with load balancing because they can distribute
requests across servers and target data to only the servers that need it, or distribute
data between application servers.
Content servers
EXAM ALERT:
A content switch can distribute incoming data to specific application servers and
help distribute the load.
EXAM ALERT
a __ __ is defined as a server that sits between a client computer and the
Internet, looking at the web page requests the client sends.
proxy server
The ___ is a list of
allowed or nonallowed websites;
Access Control List (ACL)
A ___ ___ can be used to increase remote-access security. It can establish a secure connection (tunnel)
between the sending and receiving network devices.
VPN concentrator/ VPN concentrators
add an additional level to VPN security. They can not only create the tunnel,
but they also can authenticate users, encrypt the data, regulate the data transfer,
and control traffic.
Connects networks
Router- A router uses the softwareconfigured
network address to
make forwarding decisions.
Connects LANS to reduce overall network traffic
Bridge- A bridge enables data to pass through it or prevents data from passing through it by reading the MAC address
Connects devices on a twisted-pair network
Switch- A switch forwards data to its destination by using the MAC address embedded in each packet
Connects devices on an Ethernet twisted-pair network
Hub- a hub does not perform any tasks besides signal regeneration
Translates from one data format into another
Gateway- can be hardware or software based. Any device that translates data formats is called a gateway
Translates digital signals used on a LAN into those used on a WAN
Channel Service Unit/Data Service Unit (CSU/DSU)- Sometims incorporated into other devices, such as a router with WANT connection
Provides serial communication capabilities across phone lines
Modem- Modems modulate the digital signals into analog at the sending end and perform the reverse function at the receiving end
Enables systems to connect to the network
Network Card- interfaces can be add-in expansion cards, express cards, or built-in interfaces
Interconnects older technology with new
Media converter- is a hardware device that connects newer Gigabit Ethernet technologies with older 100BaseT networks or older copper standards with fiber
Provides controlled data access between networks
Firewalls- can be hardward or software based. They are an essential part of a network’s security strategy
Automatically distributes IP information
Dynamic Host Configuration Protocol (DHCP) assigns all IP information, including IP address, subnet mask, DNS, gateway, and more
Functions as a switch or router
Multilayer switch- Operates on layers 2 and 3 of the OSI model as a switch and can perform router functionality
Forwards data by application
Content Switch- Can identify and forward data by its port and application
Distributes network load
Load balancer- increases redundancy by distributing the load to multiple servers
Combines network services
Multifunction devices- these are hardware devices that combine multiple network services into a single device, reducing cost and easing admin difficulty
Provides name resolution from hostnames to IP addresses
DNS Server- answers requests to translate hostnames into IP addresses
Manages network Bandwitdth
Bandwidth shaper- monitors and controls bandwidth usage
Manages client internet requests
Proxy Server- Serves two key network performances: increases network performance by caching, and filters outgoing client requests.
- Several users on your network are downloading from peer-to-peer networks,
tying up bandwidth during peak hours. Which of the following is used to manage
network bandwidth?
❍ A. Load leveler
❍ B. Load toner
❍ C. Bandwidth toner
❍ D. Bandwidth shaper
- D. The term bandwidth shaping describes the mechanisms used to control
bandwidth usage on the network. With this, administrators have complete control
over who uses bandwidth, for what purpose, and the time of day bandwidth
can be used. Bandwidth shaping establishes priorities for data traveling to and
from the Internet and within the network.
2. Which of the following devices passes data based on the MAC address? ❍ A. Hub ❍ B. Switch ❍ C. MSAU ❍ D. Router
- B. When determining the destination for a data packet, the switch learns the
MAC address of all devices attached to it and then matches the destination
MAC address in the data it receives. None of the other devices listed passes
data based solely on the MAC address.
- On a virtual desktop what is the term that encompasses the software and
hardware needed to create the virtual environment?
- The virtual desktop is often called a virtual desktop interface (VDI) and
that term encompasses the software and hardware needed to create the
virtual environment.
- True or False: NaaS is similar to the Software as a Service (SaaS) cloud
computing model in that it is provided on demand in a pay-as-you-go
model.
- True. NaaS is similar to the Software as a Service (SaaS) cloud computing
model in that it is provided on demand in a pay-as-you-go model.
The virtual desktop is often called a ___ ___ and
that term encompasses the software and hardware needed to create the virtual
environment.
virtual desktop interface (VDI)
1. Which of the following is an open source virtual switch? ❍ A. VirtualBox ❍ B. VMware ❍ C. Xen ❍ D. Open vSwitch
- D. Open vSwitch is an open source virtual switch licensed beneath the Apache
2.0 license. It can be found at http://openvswitch.org. The other options listed
(some proprietary and some open source) are for virtual desktops.
- When a vendor offers to provide all networking for a client—freeing the company
from needing to worry about bandwidth, connectivity, scalability, and all the
issues normally associated with networking—what is it known as?
❍ A. SaaS
❍ B. NaaS
❍ C. SAN
❍ D. NAS
- B. Known as Network as a Service (Naas), this alleviates the company’s concerns
about bandwidth, connectivity, scalability, and all the issues normally
associated with networking.
- What is the point of demarcation with a small office?
- The point of demarcation is always the point where the service provider
stops being responsible for the wiring and it becomes your responsibility.
- True or False: Cable modems and DSL modems are commonly used in
SOHO implementations for Internet access.
- True. Cable modems and DSL modems are commonly used in SOHO
implementations for Internet access.
1. On a typical cable modem, which panel light is found beneath the power light? ❍ A. Receive ❍ B. Send ❍ C. Online ❍ D. Activity
- A. A typical sequence of lights on a cable modem is power, receive, send,
online, and activity.
- Which of the following is true of many SOHO routers?
❍ A. They close down the DHCP ports by default.
❍ B. They close down the NAT ports by default.
❍ C. They close down the ICMP ports by default.
❍ D. They leave open the DHCP, NAT, and ICMP ports by default.
- C. Many SOHO routers close down the ICMP ports by default.
- What are T-lines used for, and what is the maximum speed of T1 and T3?
- T-carrier lines create point-to-point network connections for private networks.
T1 lines offer transmission speeds of up to 1.544Mbps, whereas
T3 lines offer transmission speeds of 44.736Mbps.
- What are the X.25 transmission speed restrictions?
- X.25 is restricted to transmission rates of 56Kbps or 64Kbps with digital
implementations.
- What is the difference between circuit switching and packet switching?
- Circuit switching offers a dedicated transmission channel that is reserved
until it is disconnected. Packet switching enables packets to be routed
around network congestion.
In ___ ___, messages are broken into smaller pieces called packets.
Each packet is assigned source, destination, and intermediate node addresses.
Packets are required to have this information because they do not always use
the same path or route to get to their intended destination.
packet switching
Two types of packet-switching methods are used on networks are:
Virtual-circuit packet switching: and Datagram packet switching:
WIth ___ ___ ____, a logical connection is established
between the source and the destination device. This logical connection
is established when the sending device initiates a conversation with the
receiving device. The logical communication path between the two
devices can remain active for as long as the two devices are available or
can be used to send packets once. After the sending process has completed,
the line can be closed.
Virtual-circuit packet switching
Unlike virtual-circuit packet switching, ___ ___ ___ does not establish a logical connection between the sending and transmitting devices. The packets in this type are independently sent, meaning that they can take different
paths through the network to reach their intended destination. To do this, each packet must be individually addressed to determine its source and destination. This method ensures that packets take the easiest possible routes to their destination and avoid high-traffic areas. These are mainly used on the Internet.
Datagram packet switching:
In contrast to the packet-switching method, ___ ____ requires a dedicated physical connection between the sending and receiving devices. The most commonly used analogy to represent this is a telephone
conversation in which the parties involved have a dedicated link between them for the duration of the conversation. When either party disconnects, the circuit
is broken, and the data path is lost.
circuit switching
The two types of ISDN are:
Basic Rate Interface (BRI) and
Primary Rate Interface (PRI).
____ ISDN uses three separate channels; two bearer (B) channels of 64Kbps
each and a delta channel of 16Kbps. B channels can be divided into four D
channels, which ENABLE businesses to have eight simultaneous Internet
connections. The B channels carry the voice or data, and the D channels are
used for signaling.
BRI- BRI ISDN channels can be used separately using 64Kbps transfer or combined to
provide 128Kbps transfer rates.
____ is a form of ISDN that generally is carried over a T1 line and can provide transmission rates of up to 1.544Mbps. ___ is composed of 23 B channels, each providing 64Kbps for data/voice capacity, and one 64kbps D channel,
which is used for signaling.
PRI
EXAM ALERT: ISDN is considered a leased line because access to ISDN is leased from a service
provider.
EXAM ALERT
BRI to PRI ISDN Comparison
Characteristic BRI PRI
Speed 128Kbps 1.544Mbps
Channels 2B+D 23B+D
Transmission carrier ISDN T1
BRI to PRI ISDN Comparison
Characteristic BRI PRI
Speed 128Kbps 1.544Mbps
Channels 2B+D 23B+D
Transmission carrier ISDN T1
___ ___ are high-speed dedicated digital lines that can be leased from telephone companies. This creates an always-open, always-available line
between you and whomever you choose to connect to when you establish the service. ___ ___ lines can support both voice and data transmissions and are often used to create point-to-point private networks.
T-carrier lines
Four types of T-carrier lines are available. They are:
T1, T2, T3, T4
T- carrier line that Offers transmission speeds of 1.544Mbps and can create point-to-point dedicated digital communication paths. these lines have commonly
been used for connecting LANs. In North America, DS (digital signal) notation is used with T-lines to describe the circuit. For all practical purposes, DS1 is synonymous with it.
T1
T-carrier line which Offers transmission speeds of 6.312Mbps. They accomplish this by
using 96 64Kbps B channels.
T2
This T-carrier line Offers transmission speeds of up to 44.736Mbps, using 672 64Kbps B channels. Digital signal 3 (DS3) is a more accurate name in North America, but ___ is what most refer to the link as.
T3 (When you take the exam, think of DS3 and T3 as synonymous.)
This T-carrier line Offers impressive transmission speeds of up to 274.176Mbps by
using 4,032 64Kbps B channels.
T4
What is the speed for T1 and T3 lines
T1- 1.544Mbps/ T3- 44.736Mbps
OCx Level Transmission Rate for
OC-1 51.84Mbps
51.84Mbps
OCx Level Transmission Rate for
OC-3
155.52Mbps
OCx Level Transmission Rate for
OC-12
622.08Mbps
OCx Level Transmission Rate for
OC-24
1.244Gbps
OCx Level Transmission Rate for
OC-48
2.488Gbps
OCx Level Transmission Rate for
OC-96
4.976Gbps
OCx Level Transmission Rate for
OC-192
9.953Gbps
OCx Level Transmission Rate for
OC-768
39.813Gbps
ExamAlert
When you take the exam, equate SDH with SONET.
Synchronous Optical Network (SONET), Synchronous Digital Hierarchy (SDH) is the European counterpart to SONET
a ___ ___ is one in which unpowered optical splitters
are used to split the fiber so it can service a number of different locations and
brings the fiber either to the curb, the building, or the home.
passive optical network (PON)
____ was one of the original packet-switching technologies, but today it has
been replaced in many applications by Frame Relay
X.25
___ ___is a WAN protocol that operates at the physical and data link layers of the OSI model. ___ ___ enables data transmission for intermittent
traffic between LANs and between endpoints in a WAN.
Frame Relay
In the Frame Relay world, the term
___ refers to terminating equipment located within a company’s network. Termination equipment includes such hardware as end-user systems, servers, routers, bridges, and switches.
DTE- Data terminal equipment
In frame relay, ___ refers to the
equipment owned by the carrier. This equipment provides the switching
services for the network and therefore is responsible for actually transmitting
the data through the WAN.
DCE-Data circuit-terminating equipment
In Frame Relay, ____Represents a temporary virtual circuit established and maintained only for the duration of a data transfer session.
Switched virtual circuit (SVC):
A permanent dedicated virtual link shared in a Frame Relay network, replacing a hard-wired dedicated endto-
end line.
Permanent virtual circuit (PVC):
___ is a packet-switching technology that provides transfer speeds ranging from 1.544Mbps to 622Mbps. It is well suited for a variety of data types, such as voice, data, and video. Using fixed-length packets, or cells, that are 53 bytes long, ___ can operate more efficiently than variable-length-packet packetswitching technologies such as Frame Relay.
Asynchronous Transfer Mode (ATM)
Your company currently uses a standard PSTN communication link to transfer
files between LANs. Until now, the transfer speeds have been sufficient for the
amount of data that needs to be transferred. Recently, a new application was
purchased that requires a minimum transmission speed of 1.5Mbps. You have
been given the task to find the most cost-effective solution to accommodate the
new application. Which of the following technologies would you use?
❍ A. T3
❍ B. X.25
❍ C. T1
❍ D. BRI ISDN
- C. A T1 line has a transmission capability of 1.544Mbps and is considerably
cheaper than a T3 line. X.25 and BRI ISDN cannot provide the required transmission
speed.
- Which of the following best describes the process to create a dedicated circuit between
two communication endpoints and direct traffic between those two points?
❍ A. Multiplexing
❍ B. Directional addressing
❍ C. Addressing
❍ D. Circuit switching
- D. Circuit switching is the process of creating a dedicated circuit between two
communications endpoints and directing traffic between those two points. None
of the other answers are valid types of switching.
- Which of the following statements are true of ISDN? (Choose the two best
answers.)
❍ A. BRI ISDN uses two B+1 D channels.
❍ B. BRI ISDN uses 23 B+1 D channels.
❍ C. PRI ISDN uses two B+1 D channels.
❍ D. PRI ISDN uses 23 B+1 D channels.
- A, D. BRI ISDN uses two B+1 D channels, which are two 64Kbps data channels,
and PRI ISDN uses 23 B+1 D channels. The D channel is 16Kbps for BRI and
64Kbps for PRI.
- You have been hired to establish a WAN connection between two offices: one in
Vancouver and one in Seattle. The transmission speed can be no less than
2Mbps. Which of the following technologies could you choose?
❍ A. T1
❍ B. PSTN
❍ C. T3
❍ D. ISDN
- C. The only possible answer capable of transfer speeds above 2Mbps is a T3
line. None of the other technologies listed can provide the transmission speed
required.
- On an ISDN connection, what is the purpose of the D channel?
❍ A. It carries the data signals.
❍ B. It carries signaling information.
❍ C. It enables multiple channels to be combined to provide greater bandwidth.
❍ D. It provides a temporary overflow capacity for the other channels.
- B. The D channel on an ISDN link carries signaling information, whereas the B,
or bearer, channels carry the data.
6. Which of the following circuit-switching strategies does ATM use? (Choose the two best answers.) ❍ A. SVC ❍ B. VCD ❍ C. PVC ❍ D. PCV
- A, C. ATM uses two types of circuit switching: PVC and SVC. VCD and PCV are
not the names of switching methods.
- Due to recent cutbacks, your boss approaches you, demanding an alternative to
the company’s costly dedicated T1 line. Only small amounts of data require
transfer over the line. Which of the following are you likely to recommend?
❍ A. ISDN
❍ B. FDDI
❍ C. The PSTN
❍ D. X.25
- C. When little traffic will be sent over a line, the PSTN is the most cost-effective
solution; although, it is limited to 56Kbps. All the other WAN connectivity methods
accommodate large amounts of data and are expensive compared to the
PSTN.
8. Which of the following technologies requires a logical connection between the sending and receiving devices? ❍ A. Circuit switching ❍ B. Virtual-circuit packet switching ❍ C. Message switching ❍ D. High-density circuit switching
- B. When virtual-circuit switching is used, a logical connection is established
between the source and the destination device.
- What is VHDSL commonly used for?
- VHDSL supports high-bandwidth applications such as VoIP and HDTV.
- True or False: DSL using regular phone lines transfers data over the same
copper wire.
- True. DSL using regular phone lines transfers data over the same copper
wire.
- What is the difference between a one-way and a two-way satellite
system?
- A one-way satellite system requires a satellite card and a satellite dish
installed at the end user’s site. This system works by sending outgoing
requests on one link using a phone line, with inbound traffic returning on
the satellite link. A two-way satellite system, on the other hand, provides
data paths for both upstream and downstream data.
The term _____ often refers to high-speed Internet access. Both DSL and cable modem are common ____ Internet technologies. ____ routers and ____ modems are network devices that support both DSL and cable.
broadband
_____ is an Internet access method that uses a standard phone line to provide high-speed Internet access. It is most commonly associated with highspeed Internet access; because it is a relatively inexpensive Internet access, it is often found in homes and small businesses. With this type, a different frequency can be used for digital and analog signals, which means that you can talk on the phone while you upload data.
DSL
For DSL services, two types of systems exist. They are:
Asymmetric Digital Subscriber
Line (ADSL) and High-Rate Digital Subscriber Line (HDSL).
___ provides a high data rate in only one direction. It enables fast download speeds
but significantly slower upload speeds. It is designed to work with existing analog telephone service (POTS) service. With fast download speeds, it is well suited for home-use Internet access where uploading large amounts of data isn’t a frequent task.
Asymmetric Digital Subscriber
Line (ADSL)
___ provides a bidirectional high data rate service
that can accommodate services, such as videoconferencing, that require high data rates in both directions.
High-Rate Digital Subscriber Line (HDSL)
A variant of HDSL is ____which provides an HDSL service at very high data transfer rates.
VHDSL (Very High-Rate Digital Subscriber Line),
The ___, often considered a POTS, is the entire collection of interconnected telephone wires throughout the world. Discussions of the ___ include all the equipment that goes into connecting two points, such as the cable, the networking equipment, and the telephone exchanges.
The Public Switched Telephone Network
PSTN
EXAM ALERT:
If money is a major concern, the PSTN is the method of choice for creating a WAN.
If money is a major concern, the PSTN is the method of choice for creating a WAN.
- Which of the following technologies require dialup access? (Choose the two best
answers.)
❍ A. FDDI
❍ B. ISDN
❍ C. Packet switching
❍ D. The PSTN
- B and D. Both the PSTN and ISDN require dialup connections to establish communication
sessions.
- Which of the following is an advantage of ISDN over the PSTN?
❍ A. ISDN is more reliable.
❍ B. ISDN is cheaper.
❍ C. ISDN is faster.
❍ D. ISDN uses 53Kbps fixed-length packets.
- C. One clear advantage that ISDN has over the PSTN is its speed. ISDN can
combine 64Kbps channels for faster transmission speeds than the PSTN can
provide. ISDN is no more or less reliable than the PSTN. ISDN is more expensive
than the PSTN. Answer D describes ATM.
3. Which of the following technologies is known as a 3G transitional technology that supports legacy architecture? ❍ A. HSPA+ ❍ B. LTE ❍ C. WiMax ❍ D. PON
- A. HSPA+ (Evolved High Speed Packet Access) is known as a 3G transitional
technology that supports legacy architecture.
4. What is the theoretical download speed possible with WiMax? ❍ A. 84Mbit/s ❍ B. 100Mbit/s ❍ C. 1Gbit/s ❍ D. 10Gbit/s
- C. The theoretical download speed possible with WiMax is 1Gbit/s. The speed
possible with HSPA+ is 84Mbits/s, whereas that possible with LTE is 100Mbit/s.
5. Which of the following is the time lapse between sending or requesting information and the time it takes to return? ❍ A. Echo ❍ B. Attenuation ❍ C. Bandwidth ❍ D. Latency
- D. Latency refers to the time lapse between sending or requesting information
and the time it takes to return.
6. Which of the following provides public hotspots for wireless Internet access? ❍ A. WISP ❍ B. WASP ❍ C. WSP+ ❍ D. WPST
- A. Wireless Internet access is provided by a Wireless Internet Service Provider
(WISP). The WISP provides public wireless Internet access known as hotspots.
Hotspots offer Internet access for mobile network devices such as laptops,
handheld computers, and cell phones in airports, coffee shops, conference
rooms, and so on.
7. What is the speed usually offered with dialup service? ❍ A. 1Gbps ❍ B. 256Kbps ❍ C. 144Kbps ❍ D. 56Kbps
- D. Almost without exception, ISPs offer 56Kbps access, the maximum possible
under current standards.
- What is the difference between RJ-11 and RJ-45 connectors?
- RJ-11 connectors are used with standard phone lines and are similar in
appearance to RJ-45 connectors used in networking. However, RJ-11
connectors are smaller. RJ-45 connectors are used with UTP cabling.
- What are the two most common connectors used with fiber-optic cabling?
- Fiber-optic cabling uses a variety of connectors, but SC and ST are more
commonly used than others. ST connectors offer a twist-type attachment,
whereas SCs have a push-on connector. LC and MT-RJ are other types of
fiber-optic connectors.
- What are F-type connectors used for?
- F-type connectors are used to connect coaxial cable to devices such as
Internet modems.
- What hardware is located at the demarcation point?
- The hardware at the demarcation point is the smart jack, also known as
the Network Interface Device (NID).
- What is BPL?
- Broadband over Power Lines (BPL) enables electrical wiring to be used to
build a network.
_____ transmissions use digital signaling over a single wire. Communication on ______ transmissions is bidirectional,
allowing signals to be sent and received, but not at the same time.
To send multiple signals on a single cable, _____ uses something
called Time Division Multiplexing (TDM). TDM divides a single channel into time slots. The key thing about TDM is that it doesn’t change how ______ transmission works—only how data is placed on the cable.
Baseband
In terms of LAN network standards, _____ transmissions use analog transmissions. For ______ transmissions to be sent and received, the medium must be split into two channels. (Alternatively, two cables can be used: one to send and one to receive transmissions.) Multiple channels are created using Frequency Division Multiplexing (FDM). FDM allows ___ media to accommodate traffic going in different directions on a single medium at the same time.
broadband
______mode enables one-way communication of data through the network,
with the full bandwidth of the cable used for the transmitting signal.
Simplex mode
accommodates transmitting
and receiving on the network, but not at the same time. Many networks
are configured for half-duplex communication.
half-duplex mode,
___can
simultaneously transmit and receive. This means that 100Mbps network
cards theoretically can transmit at 200Mbps
full-duplex
mode
is a problem when cables are installed near electrical devices, such as air
conditioners or fluorescent light fixtures. If a network medium is placed close
enough to such a device, the signal within the cable might become corrupt.
electromagnetic interference (EMI)
____refers to how the data signals
on two separate media interfere with each other. The result is that the
signal on both cables can become corrupt.
Crosstalk
____refers to the weakening of data signals as they travel through a
medium.
Attenuation
Data-grade cable that can transmit data up to 10Mbps with
a possible bandwidth of 16MHz.
Category 3:
Data-grade cable that has potential data throughput of
16Mbps.
Category 4:Category 4 cable is no longer used.
Data-grade cable that typically was used with Fast Ethernet
operating at 100Mbps with a transmission range of 100 meters
Category 5:Although Category 5 was a popular media type, this cable is an outdated
standard
Data-grade cable used on networks that run at
10/100Mbps and even up to 1000Mbps, can be used up to 100 meters, provides a minimum of 100MHz of bandwidth
Category 5e:
High-performance UTP cable that can transmit data up to
10Gbps. has a minimum of 250MHz of bandwidth and specifies
cable lengths up to 100 meters with 10/100/1000Mbps transfer,
along with 10Gbps over shorter distances.
Category 6:
Offers improvements by offering a minimum of 500MHz of bandwidth.
Category 6a:
Coax Cable Used to generate low-power video connections. cannot be used over long distances because of its high-frequency
power losses.
RG-59 /U
Coax cable that Has a solid copper core. Used for radio communication and thin
Ethernet (10Base2).
RG-58 /U
Coax cable that Has a stranded wire core. Used for radio communication and thin
Ethernet (10Base2).
RG-58 A/U
Coax cable Used for military specifications.
RG-58 C/U
Coax cable Often used for cable TV and cable modems.
RG-6
Ttypes of fiber optic cable where Many beams of light travel through the cable, bouncing
off the cable walls. This strategy actually weakens the signal, reducing
the length and speed at which the data signal can travel.
Multimode Fiber
Type of fiber optic cable that Uses a single direct beam of light, thus allowing for
greater distances and increased transfer speeds.
Single-mode FIber
EXAM ALERT! Cables run through the plenum must have two important characteristics: They must
be fire-resistant, and they must not produce toxic fumes if exposed to intense heat.
EXAM ALERT
___ connectors are associated with coaxial media and 10Base2 networks
BNC Connectors
_____ connectors are small plastic connectors used on telephone
cables. They have capacity for six small pins. However, in many cases,
not all the pins are used.
RJ- (registered jack) 11
____ connectors are used with twistedpair
cabling, the most prevalent network cable in use today. they support up to eight
wires.
RJ-45
_____ are screw-on connections used to
attach coaxial cable to devices. This includes RG-59 and RG-6 cables.most commonly associated
with connecting Internet modems to cable or satellite Internet service
providers’ (ISPs’) equipment. also used to
connect to some proprietary peripherals. They have a “nut” on the connection that provides something to
grip as the connection is tightened by hand. If necessary, this nut can also be
lightly gripped with pliers to aid disconnection.
F- Type Connectors
Fiber connector that uses a half-twist
bayonet type of
lock.
ST Connector
Fiber connector that uses a push-pull connector similar to common audio and video plugs and sockets
SC Connector
\_\_\_\_ Fiber connectors have a flange on top, similar to an RJ-45 connector, that aids secure connection.
LC
___ fiber connector is a popular
connector for two
fibers in a very
small form factor.
MT-RJ
_____is a TIA/EIA standard for serial transmission
between computers and peripheral devices such as modems, mice, and keyboards. was introduced way back in the 1960s and is
still used today. However, peripheral devices are more commonly connected
using USB or wireless connections.
RS-232 (Recommended Standard 232)
_____ ports are now an extremely common sight on both
desktop and laptop computer systems. Like IEEE 1394, it is associated more with connecting consumer peripherals such as MP3 players and digital cameras than with networking. However, many manufacturers now make wireless network cards that plug directly into a ____ port. Most desktop and
laptop computers have between two and four ____ ports, but ____ hubs are
available that provide additional ports if required.
Universal Serial Bus (USB)
When you have two dissimilar types of network media, a _____ is
used to allow them to connect. Depending upon the conversion being done,
it can be a small device barely larger than the connectors themselves,
or a large device within a sizable chassis.
media converter
EXAM ALERT: Make sure you know that the possibilities listed here exist. . Singlemode fiber to Ethernet . Singlemode to multimode fiber . Multimode fiber to Ethernet . Fiber to Coaxial
KNOW THESE
___ and ___ are telecommunications standards from TIA and EIA. These
standards specify the pin arrangements for the RJ-45 connectors on UTP
or STP cables. The number ____refers to the order in which the wires within
the Category 5 cable are terminated and attached to the connector.
568A and 568B
Specifically, in a crossover cable, wires _ and _ and wires _ and _ are crossed.
1 and 3 and 2 and 6
EXAM ALERT: The crossover cable can be used to directly network two PCs without using a hub
or switch. This is done because the cable performs the function of the switch.
EXAM ALERT
The ___ cable is a Cisco proprietary cable used to connect a computer system to a router or switch console port. It resembles an Ethernet UTP cable; however, it is not possible to use it on anything but
Cisco equipment.
rollover
EXAM ALERT: Remember that the rollover cable is a proprietary cable used to connect a PC to a
Cisco router.
EXAM ALERT
A ___ cable, also known as a plug, is used to test and isolate network problems. If made correctly, the it plug causes the link light on a device such as a network interface card (NIC) to come on.
loopback
EXAM ALERT: Know a loopback cable is a basic troubleshooting tool.
EXAM ALERT
in Network Cross-Connects, this section Connects client systems to the network
Horizontal cabling:
in Network Cross-Connects this Runs between floors to connect different
locations on the network.
Vertical (backbone) cabling:
in cable distribution: The location where outside cables
enter the building for distribution. This can include Internet and phone
cabling.
Vertical or main cross-connect:
in cable distribution: The location where the vertical and horizontal
connections meet.
Horizontal cross-connect:
in cable distribution:
Intermediate cross-connect: Typically used in larger networks.
Provides an intermediate cross-connect between the main and horizontal
cross-connects.
The term ___ ___refers to the point where the cables running throughout
the network meet and are connected.
cross-connect
A ___ ___ is a
freestanding or wall-mounted unit with a number of RJ-45 port connections
on the front. In a way, it looks like a wall-mounted hub without the light-emitting
diodes (LEDs). provides a connection point
between network equipment such as hubs and switches and the ports to which
PCs are connected, which normally are distributed throughout a building.
patch panel
Two main types of punchdown blocks are
type 66 and type 110
Type ___ is an older design punchdown block used to connect wiring for telephone systems and other low-speed network systems
66
Type ___ punchdown block is used to connect network cable. can also be used at the other end of the network
cable at the RJ-45 wall jack
to patch panels
110
The main wiring closet for a network typically holds the majority of the network gear, including routers, switches, wiring, servers, and more. This is also typically the wiring closet where outside lines run into the network. This main wiring closet is known as the ___. One of the key components in the ___ is a primary patch panel. The network connector jacks attached to this patch panel lead out to the building for network connections.
Main Distribution Frame (MDF)
In some networks, multiple wiring closets are used. When this is the case, connection to a secondary wiring closets, or IDFs using a backbone cable is used
Intermediate Distribution Frame
IDF
As you might imagine, you need some form of hardware at the demarcation point. This is the smart jack, also known as the ___ ___ ___. The smart jack performs several primary functions:
Network Interface Device (NID)
Network Interface Device Function:
The___ is built into the smart jack.
Like the Ethernet loopback cable, it is used for testing purposes. In this case, the loopback feature enables remote testing so that technicians
do not always need to be called to visit the local network to isolate
problems.
loopback feature
Network Interface Device Function: The smart jack can amplify signals. This feature is similar to that of the function of repeaters in an Ethernet network.
Signal amplification:
Network Interface Device Function:
Lighting and other environmental conditions can
cause electrical surges that can quickly damage equipment. Many smart
jacks include protection from environmental situations.
surge protection
Network Interface Device Function:
Smart jacks typically include an this that allows the owner to identify if something goes wrong with the smart jack and therefore the connections at the demarcation point.
Remote Alarms
acts as a translator
between the LAN data format and the WAN data format.
Channel Service Unit/Data Service Unit (CSU/DSU)
EXAM ALERT:
Traditionally, the CSU/DSU has been in a box separate from other networking
equipment. However, the increasing use of WAN links means that some router
manufacturers are now including CSU/DSU functionality in routers or are providing
the expansion capability to do so.
EXAM ALERT
1. Which of following connectors is commonly used with fiber cabling? ❍ A. RJ-45 ❍ B. BNC ❍ C. SC ❍ D. RJ-11
- C. SC connectors are used with fiber-optic cable. RJ-45 connectors are used
with UTP cable, BNC is used for thin coax cable, and RJ-11 is used for regular
phone connectors.
2. Which of the following describes the loss of signal strength as a signal travels through a particular medium? ❍ A. Attenuation ❍ B. Crosstalk ❍ C. EMI ❍ D. Chatter
- A. The term used to describe the loss of signal strength for media is attenuation.
Crosstalk refers to the interference between two cables, EMI is electromagnetic
interference, and chatter is not a valid media interference concern.
3. What kind of cable would you associate with an F-type connector? ❍ A. Fiber-optic ❍ B. UTP ❍ C. Coaxial ❍ D. STP
- C. F-type connectors are used with coaxial cables. They are not used with fiberoptic,
Unshielded Twisted Pair (UTP), or Shielded Twisted Pair (STP) cabling.
- A user calls to report that he is experiencing periodic problems connecting to the
network. Upon investigation, you find that the cable connecting the user’s PC to
the switch is close to a fluorescent light fitting. What condition is most likely
causing the problem?
❍ A. Crosstalk
❍ B. EMI
❍ C. Attenuation
❍ D. Faulty cable
- B. EMI is a type of interference that is often seen when cables run too close to
electrical devices. Crosstalk is when two cables interfere with each other.
Attenuation is a loss of signal strength. Answer D is incorrect also. It may be that
a faulty cable is causing the problem. However, the question asked for the most
likely cause. Because the cable is running near fluorescent lights, the problem is
more likely associated with EMI.
5. Which of the following is not a type of fiber-optic connector used in network implementations? ❍ A. MT-RJ ❍ B. SC ❍ C. BNC ❍ D. LC
- C. BNC is a connector type used with coaxial cabling. It is not used as a connector
for fiber-optic cabling. MT-RJ, SC, and LC are all recognized types of
fiber-optic connectors.
6. Which of the following fiber connectors uses a twist-type connection method? ❍ A. ST ❍ B. SC ❍ C. BNC ❍ D. SA
- A. ST fiber connectors use a twist-type connection method. SC connectors
use a push-type connection method. The other choices are not valid fiber
connectors.
7. Which Broadband over Power Lines standard exists for high-speed communication devices? ❍ A. MLME ❍ B. IEEE 754 ❍ C. IEEE 1901 ❍ D. Wibree
- C. The IEEE 1901 standard applies to high-speed communication devices and
Broadband over Power Lines (BPL). The other choices are not valid for
Broadband over Power Lines.
8. In a crossover cable, which wire is wire 1 crossed with? ❍ A. 2 ❍ B. 3 ❍ C. 4 ❍ D. 5
- B. In a crossover cable, wires 1 and 3 and wires 2 and 6 are crossed.
9. What are the two main types of punchdown blocks? (Choose two.) ❍ A. 110 ❍ B. 220 ❍ C. 66 ❍ D. 12
- A,C. The two main types of punchdown blocks are type 66 and type 110. Type
66 is an older design used to connect wiring for telephone systems and other
low-speed network systems and is not as widely used as type 110.
10. What device acts as a translator between the LAN data format and the WAN data format? ❍ A. CSMA/CD ❍ B. T568B ❍ C. MTRJ ❍ D. CSU/DSU
- D. A Channel Service Unit/Data Service Unit (CSU/DSU) acts as a translator
between the LAN data format and the WAN data format. Such a conversion is
necessary because the technologies used on WAN links are different from those
used on LANs.
- What are the characteristics/limitations of 1000BaseCX?
- 1000BaseCX offers 1000Mbps transfer speeds over shielded copper
cable. Distances are restricted to 25 meters.
- Which IEEE standard defines 10Gbps networks?
- 10Gbps networks are defined by the IEEE 802.3ae standard.
- What type of connectors can be used with 100BaseTX networks?
- 100BaseTX networks use RJ-45 connectors.
IEEE 802 Networking Standards: Standards for Interoperable LAN/MAN Security (SILS) (network
security)
802.10
IEEE 802 Networking Standards: Wireless networks
802.11
IEEE 802 Networking Standards: 100Mbps technologies, including 100BaseVG-AnyLAN
802.12
IEEE 802 Networking Standards:
Internetworking
802.1
IEEE 802 Networking Standards: The LLC (Logical Link Control) sublayer. called Logical Link Control (LLC), manages data flow
control and error control for the other IEEE LAN standards
802.2
IEEE 802 Networking Standards: CSMA/CD (Carrier Sense Multiple Access with Collision Detection) for Ethernet networks. define a range of networking systems based on the
original Ethernet standard.
802.3
IEEE 802 Networking Standards: A token-passing bus
802.4
IEEE 802 Networking Standards: Token ring networks
802.5
IEEE 802 Networking Standards: Metropolitan area network (MAN)
802.6
IEEE 802 Networking Standards: Broadband Technical Advisory Group
802.7
IEEE 802 Networking Standards: Fiber-Optic Technical Advisory Group
802.8
IEEE 802 Networking Standards: Integrated voice and data networks
802.9
EXAM ALERT: A node is any device connected to the network. A node might be a client computer, server computer, printer, router, or gateway
EXAM ALERT
Know that collisions do occur with CSMA. You can detect them (CD) or attempt to avoid them (CA).
ExamAlert
CSMA/CD is known as a contention media access method because systems contend
for access to the media.
ExamAlert
Know that CSMA/CA uses broadcasts.
ExamAlert
IEEE 802.3x Standard Characteristics:
___, also known as ____ enables you to use multiple channels at the same time to increase performance.
Bonding, also known as channel bonding,
IEEE 802.3x Standard Characteristics:
The term ___, which is the plural of ___, generically describes the methods by which data is transported from one point
to another. Common network ____ types include twisted-pair cable, coaxial
cable, infrared, radio frequency, and fiber-optic cable.
media, medium, media
Summary of ___ Characteristics:
Transmission method -Baseband Speed -10Mbps Total distance/segment- 100 meters Cable type Category- 3, 4, 5, or 6 UTP or STP Connector -RJ-45
10BaseT
Summary of 802.3u Fast Ethernet Characteristics
Transmission method-= Baseband Speed= 100Mbps Distance =100 meters Cable type= Category UTP, STP Connector type= RJ-45 Which one is this?
100BaseTX
Summary of 802.3u Fast Ethernet Characteristics
Transmission method-= Baseband
Speed= 100Mbps
Distance =412 meters (multimode half duplex);
10,000 meters (single mode full duplex)
Cable type= Fiber-optic
Connector type= SC, ST
Which one is this?
100BaseFX
Which IEEE 802.3z Gigabit Ethernet Characteristics has:
Transmission method= Baseband
Speed= 1000Mbps
Distance= Half Duplex 275 (62.5 micron myltimode fiber); half duplex 316 (50 micron multimode fiber; full duplex 275 (62.5 micron multimode fiber); full duplex 550 (50 micron multimode fiber)
Cable Type= 62.5/125 and 50/125 multimode fiber
Connector type= fiber connectors
1000BaseSX
Which IEEE 802.3z Gigabit Ethernet Characteristics has:
Transmission method= Baseband
Speed= 1000Mbps
Distance= Hapf duplex 316 (multimode and single mode fiber); full duplex 550(multimode fiber); full duplex 5000 (single mode fiber)
Cable Type= 62.5/125 and 50/125 multimode fiber; two 10 micron single mode iptical fibers
1000BaseLX
Which IEEE 802.3z Gigabit Ethernet Characteristics has:
Transmission method= Baseband
Speed= 1000Mbps
Distance= 25 meters for both full and half duplex operations
Cable Type= Shielded copper cable
Connector Type= Nine pin shielded connector
1000BaseCX
Summary of \_\_\_\_ Characteristics: Transmission method= Baseband Speed =1000Mbps Total distance/segment= 75 meters Cable type= Category 5 or better Connector type= RJ-45
1000BaseT
10 Gigabit Ethernet is defined in the IEEE 802.3ae standard.
EXAM ALERT
Summary of 802.3an Characteristics: Transmission method = Baseband Speed = 10 gigabit Total distance/segment = 100 meters Category 6a cable; 55 meters Category 6 cable Cable type = Category 6, 6a UTP or STP Connector = RJ-45
10GBaseT
- You troubleshoot a network using 1000BaseCX cable, and you suspect that the
maximum length has been exceeded. What is the maximum length of
1000BaseCX cable?
❍ A. 1,000 meters
❍ B. 100 meters
❍ C. 25 meters
❍ D. 10,000 meters
- C. The 1000BaseCX standard specifies Gigabit Ethernet transfer over Category 5
UTP cable. It uses STP twisted-pair cable and has a 25-meter length restriction.
2. Which of the following 10 Gigabit Ethernet standards has the greatest maximum transmission distance? ❍ A. 10GBaseSR ❍ B. 10GBaseER ❍ C. 10GBaseLR ❍ D. 10GBaseXR
- B. The 10GBaseER standard specifies a maximum transmission distance of
40,000 meters. The 10GBaseSR standard specifies a maximum transmission
distance of 300 meters, whereas 10GBaseLR specifies a maximum transmission
distance of 10,000 meters. 10GBaseXR is not a recognized 10 Gigabit Ethernet
standard.
- Your manager has asked you to specify a high-speed 10GbE link to provide connectivity
between two buildings 3km from each other. Which of the following
IEEE standards are you likely to recommend?
❍ A. 10GBaseLR
❍ B. 10GBaseSR
❍ C. 10GBaseT4
❍ D. 10GBaseFL
- A. 10GBaseLR can be used over distances up to 10km. 10GBaseSR can only be
used up to a maximum distance of 300 meters. 10GBaseT4 and 10GBaseFL are
not recognized 10-Gigabit Ethernet standards.
- In a 100BaseTX network environment, what is the maximum distance between
the device and the networking equipment, assuming that no repeaters are used?
❍ A. 1,000 meters
❍ B. 100 meters
❍ C. 500 meters
❍ D. 185 meters
- B. 100BaseT networks use UTP cabling, which has a maximum cable length of
100 meters. Answer A is incorrect because this distance could be achieved only
with UTP cabling by using repeaters. Answer C specifies the maximum cable
length for 10Base5 networks. Answer D specifies the maximum cable length for
10Base2 networks.
- What is the network name needed to connect to a wireless AP?
- SSID (Service Set Identifier).
- True or False: A wireless access point (AP) is both a transmitter and
receiver (transceiver) device used for wireless LAN (WLAN) radio signals.
- True. A wireless access point (AP) is both a transmitter and receiver
(transceiver) device used for wireless LAN (WLAN) radio signals.
An AP can operate as a bridge, connecting a standard wired network to wireless
devices, or as a router, passing data transmissions from one access point to
another.
EXAM ALERT
____ is a network name needed to connect to a wireless AP.
Service Set Identifier (SSID)
___ refers to a wireless network that uses a single
AP and one or more wireless clients connecting to the AP.
Basic Service Set (BSS)—
____Refers to two or more connected BSSs
that use multiple APs. The ESS is used to create WLANs or larger
wireless networks and is a collection of APs and clients
Extended Service Set (ESS)—
Although the terms
____ and SSID are used interchangeably, there is a difference between the two. SSID is the name used with BSS networks. ___ is the network name used with an ___ wireless network design. With an ___, not all APs necessarily use the same name.
Extended Service Set Identifier (ESSID)—
The MAC address of the Basic Service Set (BSS) AP. The ___ is not to be confused with the SSID, which is the name of the wireless network.
Basic Service Set Identifier (BSSID)—
When troubleshooting or designing wireless networks, the ___ is an important consideration. The ___ refers to the AP’s coverage area. The ___ for an AP depends on many factors, including the strength of the AP antenna, interference in the area, and whether an omnidirectional or directional antenna is used
Basic Service Area (BSA)
When troubleshooting a wireless problem in Windows, you can use the ipconfig
command to see the status of IP configuration. Similarly, the ifconfig command
can be used in Linux. In addition, Linux users can use the iwconfig command to
view the state of your wireless network. Using iwconfig, you can view such
important information as the link quality, AP MAC address, data rate, and encryption
keys, which can be helpful in ensuring that the parameters in the network are
consistent.
EXAM ALERT
____ refers to the theoretical maximum of a wireless standard, such as
100Mbps.
Data rate refers to the theoretical maximum of a wireless standard, such as
100Mbps.
___refers to the actual speeds achieved after all implementation
and interference factors.
Throughput
____ ___ ___ are an important part of the wireless network because
it is their job to advertise the presence of the access point so that systems can
locate it.
Beacon Management Frames
In ____ scanning: The client system listens for the beacon frames to
discover the AP. After it is detected, the beacon frame provides the
information necessary for the system to access the AP.
Passive
in ____ scanning: The client station transmits another type of management frame known as a probe request. The probe request goes out from the client system, looking for a specific SSID or any SSID within its area. After the probe request is sent, all APs in the area with the same SSID reply with another frame, the probe response. The information contained in the probe response is the same information included with the beacon frame. This information enables the client to access the system.
Active
______ spectrum refers to the manner in which data signals travel through a radio frequency. With ___ spectrum, data does not travel straight through a single RF band; this type of transmission is known as narrowband transmission. ____ spectrum, on the other hand, requires that data signals either alternate between carrier frequencies or constantly change their data pattern. Although the shortest distance between two points is a straight line (narrowband), ____ spectrum is designed to trade bandwidth efficiency for reliability, integrity, and security. ___-spectrum signal strategies use more bandwidth than in the case of narrowband transmission, but the trade-off is a data signal that is clearer and easier to detect.
Spread
The two types of spread-spectrum radio
are ____ ____ and ____ ____.
frequency hopping, direct sequence
_____requires the use of narrowband signals that change frequencies in a predictable pattern. The term refers to data signals hopping
between narrow channels.
frequency hopping
With _____ transmissions, the signal is spread over a full transmission frequency spectrum. For every bit of data sent, a redundant bit pattern is also sent. This 32-bit pattern is called a chip. These redundant bits of data provide both security and delivery assurance. The reason transmissions are so safe and reliable is simply because the system sends so many redundant copies of the data, and only a single copy is required to have complete transmission of the data or information. ____ can minimize the effects of interference and background
noise.
Direct-Sequence Spread-Spectrum (DSSS)
Technology
When a single AP is connected to the wired network and to a set of wireless stations,
it is called a Basic Service Set (BSS). An Extended Service Set (ESS)
describes the use of multiple BSSs that form a single subnetwork. Ad hoc mode is
sometimes called an Independent Basic Service Set (IBSS).
ExamAlert
The ______ process occurs when a wireless adapter is turned on. The client adapter immediately begins scanning the wireless frequencies for wireless APs or, if using ad hoc mode, other wireless devices. When the wireless client is configured to operate in infrastructure mode, the user can choose a
wireless AP with which to connect. This process may also be automatic, with the AP selection based on the SSID, signal strength, and frame error rate. Finally, the wireless adapter switches to the assigned channel of the selected wireless AP and negotiates the use of a port.
association
If at any point the signal between the devices drops below an acceptable level, or if the signal becomes unavailable for any reason, the wireless adapter initiates another scan, looking for an AP with stronger signals. When the new AP is located, the wireless adapter selects it and associates with it. This is known
as ______.
reassociation
The 802.11 standards enable a wireless client to roam between multiple APs. An AP transmits a beacon signal every so many milliseconds. It includes a time stamp for client synchronization and an indication of supported data rates. A client system uses the beacon message to identify the strength of the existing connection to an AP. If the connection is too weak, the roaming client attempts to associate itself with a new AP. This enables the client system to roam between distances and APs.
ExamAlert
1. Which of the following wireless protocols operate at 2.4GHz? (Select two.) ❍ A. 802.11a ❍ B. 802.11b ❍ C. 802.11g ❍ D. 802.11n
- B, C, and D. Wireless standards specify an RF range on which communications
are sent. The 802.11b and 802.11g standards use the 2.4GHz range. 802.11a
uses the 5GHz range. 802.11n can operate at 2.4GHz and 5GHz. For more information,
see the section “802.11 Wireless Standards.”
- Under what circumstance would you change the default channel on an access
point?
❍ A. When channel overlap occurs between access points
❍ B. To release and renew the SSID
❍ C. To increase WEP security settings
❍ D. To decrease WEP security settings
- A. Ordinarily, the default channel used with a wireless device is adequate; however,
you might need to change the channel if overlap occurs with another nearby
access point. The channel should be changed to another, nonoverlapping
channel. Changing the channel would not impact the WEP security settings. For
more information, see the section “Wireless Radio Channels.”
- A client on your network has had no problems accessing the wireless network in
the past, but recently she moved to a new office. Since the move she cannot
access the network. Which of the following is most likely the cause of the
problem?
❍ A. The SSIDs on the client and the AP are different.
❍ B. The SSID has been erased.
❍ C. The client has incorrect WEP settings.
❍ D. The client system has moved too far from the access point.
- D. An AP has a limited distance that it can send data transmissions. When a client
system moves out of range, it can’t access the AP. Many strategies exist to increase
transmission distances, including RF repeaters, amplifiers, and buying more powerful
antennas. The problem is not likely related to the SSID or WEP settings because
the client had access to the network before, and no settings were changed. For
more information, see the section “Wireless Troubleshooting Checklist.”
- What is the access method employed by the 802.11 wireless standards?
- All the 802.11 wireless standards employ the CSMA/CA access method.
- What technology can be considered the biggest development for 802.11n
and the key to the new speeds?
- Multiple input multiple output (MIMO) antenna technology is the biggest
development for 802.11n and the key to the new speeds.
____ uses multiplexing to increase the range
and speed of wireless networking. Multiplexing is a technique that combines
multiple signals for transmission over a single line or medium.
multiple input multiple output (MIMO)
- You are installing a wireless network solution, and you require a standard that
can operate using either 2.4GHz or 5GHz frequencies. Which of the following
standards would you choose?
❍ A. 802.11a
❍ B. 802.11b
❍ C. 802.11g
❍ D. 802.11n
- D. The IEEE standard 802.11n can use either the 2.4GHz or 5GHz radio frequencies.
802.11a uses 5GHz, and 802.11b and 802.11g use 2.4GHz. For more information,
see the section “802.11 Wireless Standards.”
- You are installing a wireless network solution that uses a feature known as
MIMO. Which wireless networking standard are you using?
❍ A. 802.11a
❍ B. 802.11b
❍ C. 802.11g
❍ D. 802.11n
- D. MIMO is used by the 802.11n standard and takes advantage of multiplexing
to increase the range and speed of wireless networking. Multiplexing is a technique
that combines multiple signals for transmission over a single line or medium.
MIMO enables the transmission of multiple data streams traveling on different
antennas in the same channel at the same time. A receiver reconstructs the
streams, which have multiple antennas. For more information, see the section
“The Magic Behind 802.11n.”
- What does WPA use to scramble encryption keys using a hashing
algorithm?
- WPA uses a temporal key integrity protocol (TKIP), which scrambles
encryption keys using a hashing algorithm.
- WPA2 uses CCMP. What is the strength of CCMP in terms of bits?
- CCMP uses 128-bit AES encryption with a 48-bit initialization vector.
Always equate WPA Enterprise with 802.1X: For exam purposes, the two are
synonymous.
ExamAlert
1. You are asked to configure the security settings for a new wireless network. You want the setting that offers the greatest level of security. Which of the following would you choose? ❍ A. WEP-Open ❍ B. WEP-Closed ❍ C. WEP-Shared ❍ D. WEP-Unshared 2.
- C. Both WEP-Open and WEP-Shared are forms of wireless security. WEP-Open
is the simpler of the two authentication methods because it does not perform
any type of client verification. It is a weak form of authentication because no
proof of identity is required. WEP-Shared requires that a WEP key be configured
on both the client system and the access point. This makes authentication with
WEP-Shared mandatory and therefore more secure for wireless transmission.
- Which of the following best describes 802.1X?
❍ A. A port-based access control
❍ B. A wireless standard specifying 11Mbps data transfer
❍ C. A wireless standard specifying 54Mbps data transfer
❍ D. An integrity-based access control
- A. 802.1X is an IEEE standard specifying port-based network access control.
Port-based network access control uses the physical characteristics of a
switched local area network (LAN) infrastructure to authenticate devices
attached to a LAN port and to prevent access to that port in cases where the
authentication process fails. For more information, see the section “WPA
Enterprise.”
- In the 802.1X security framework, which of the following best describes the role
of the supplicant?
❍ A. Authenticating usernames and passwords
❍ B. Encrypting usernames and passwords
❍ C. The system or node requesting access and authentication to a network
resource
❍ D. A control mechanism that allows or denies traffic that wants to pass
through a port
- C. The 802.1X security framework has three main components. The supplicant is
the system or node requesting access and authentication to a network resource.
The authenticator usually is a switch or AP that acts as a control mechanism,
allowing or denying traffic that wants to pass through a port. Finally, the authentication
server validates the credentials of the supplicant that is trying to access
the network or resource. For more information, see the section “WPA
Enterprise.”
- You have noticed that connections between nodes on one network are
inconsistent and suspect there may be another network using the same
channel. What should you try first?
- If connections are inconsistent, try changing the channel to another,
nonoverlapping channel.
- True or False: Weather conditions should not have a noticeable impact on
wireless signal integrity.
- False. Weather conditions can have a huge impact on wireless signal
integrity.
- You purchase a new wireless access point that uses no WEP security by default.
You change the security settings to use 128-bit encryption. How must the client
systems be configured?
❍ A. All client systems must be set to 128-bit encryption.
❍ B. The client system inherits security settings from the AP.
❍ C. WEP does not support 128-bit encryption.
❍ D. The client WEP settings must be set to autodetect.
- A. On a wireless connection between an access point and the client, each system
must be configured to use the same WEP security settings. In this case,
they must both be configured to use 128-bit encryption. For more information,
see the section “Wireless Troubleshooting Checklist.”
- You experience connectivity problems with your SOHO network. What can you
change in an attempt to solve this problem?
❍ A. Shorten the SSID.
❍ B. Remove all encryption.
❍ C. Lower the transfer rate.
❍ D. Raise the transfer rate.
- C. If you experience connectivity problems between wireless devices, try using
the lower transfer rate in a fixed mode to achieve a more stable connection. For
example, you can manually choose the wireless transfer rate. The higher the
transfer rate, the shorter the connection distance. For more information, see the
section “Wireless Troubleshooting Checklist.”
- Which network topology focuses on the direction in which data flows within
the physical environment?
- The logical network refers to the direction in which data flows on the network
within the physical topology. The logical diagram is not intended to focus on
- In computing, what are historical readings used as a measurement for
future calculations referred to as?
- Keeping and reviewing baselines is an essential part of the administrator’s role.
- True or False: Both logical and physical network diagrams provide an
overview of the network layout and function.
- True. Both logical and physical network diagrams provide an overview of
the network layout and function.
WhAt type of information should be included i network documentation?
Wiring layout, server configuration, network equipment, key applications, detailed account of network services, and network procedures.
The _____ topology refers to how a network is physically constructed—how it looks. The _____ topology refers to how a network looks to the devices that use it—how it functions.
physical, logical
The physical documentation of the network should include:
Cabling information, servers, network devices, wode area network, user information
In simple terms, a _____ is a measure of performance that indicates how hard the network is working and where network resources are spent.
baseline
Remember that baselines need to be taken periodically and under the same conditions to be effective. They are used to compare current performance with past performance to help determine if the network is functioning properly or if
troubleshooting is required.
ExamAlert
Though often used interchangeably; however, there
is a difference. As mentioned, ______ are written by an organization for its employees. ______ are actual legal restrictions with legal consequences.
policies; Regulations
For the exam and for real-life networking, remember that regulations often are
enforceable by law.
ExamAlert
- What can be used to capture network data?
- Packet sniffers can be used by both administrators and hackers to capture
network data.
- True or False: Port scanners detect open and often unsecured ports.
- True. Port scanners detect open and often unsecured ports.
_____ _____ are commonly used on networks. They are either a hardware device or software that basically eavesdrops on transmissions traveling throughout the network. They quietly capture data and save it to be reviewed later. They can also be used on the Internet to capture data traveling between computers.
Packet sniffers
WHat are two key defenses to use againts packet sniffers?
Use a switched network and ensure that all sensitive data is encrypted as it travles.
In the networking world, _____ refers to the rate of data delivery over a communication channel.
throughput
_____ testers test the rate of data
delivery over a network.
throughput
______ refers to the maximum
amount of information that can be sent through a particular medium under ideal conditions.
Bandwidth
Be sure you know the difference between throughput and bandwidth.
ExamAlert
___ ___are software-based security utilities designed to search a network host for open ports on a TCP/IP-based network.
Port scanners
The quickest way to get an overview of the ports used by the system and their status is to issue the ___ ___command from the command line.
netstat -a
Administrators use the detailed information revealed from a port scan to ensure network security. Port scans identify closed, open, and listening ports. However, port scanners also can be used by people who want to compromise security by finding open and unguarded ports.
ExamAlert
The goal of performance testing is to establish baselines for the comparison of network functioning. The results of a performance test are meaningless unless you can compare them to previously documented performance levels.
ExamAlert
Performance tests are about network functioning today. Load tests look forward to
see if performance may be hindered in the future by growth or other changes to the
network.
ExamAlert
Windows server and desktop systems such as Windows 7/Vista/XP and 2000 use ___ ___ to view many of the key log files. The logs in this can be used to find information on, for example, an error on the system or a security incident.
Event Viewer
A system’s ____ log contains events related to incidents such as
successful and unsuccessful logon attempts and failed resource access. They can be customized, meaning that administrators can fine-tune exactly what they want to monitor. Some administrators choose to track nearly every event of this type on the system.
security
This log contains information logged by applications that run on a particular
system rather than the operating system itself. Vendors of third-party applications can use the___ log as a destination for error messages generated by their applications. This log works in much the same way as the security log. It tracks both successful events and failed events within applications.
application
____ logs record information about components or drivers in the system. This is the place to look when you’re troubleshooting a problem with a hardware device on your system or a problem with network connectivity. It’s also the place to look for hardware device errors, time synchronization issues, or service startup problems.
System
In addition to the specific logs mentioned previously, most UNIX/Linuxbased systems include the capability to write messages (either directly or through applications) to log files via _____. This can be done for security or management reasons and provides a central means by which devices that otherwise could not write to a central repository can easily do so (often by using the logger utility).
syslog
____ logs are most often associated with the tracking of Internet surfing habits. They maintain a record of all sites that a user visits. Network administrators might review these for potential security or policy breaches, but generally these are not commonly reviewed.
History
___ ___ describes the process of managing large volumes of system-generated computer log files. It includes the collection,
retention, and disposal of all system logs. Although it can be a huge task, it is essential to ensure the proper functioning of the network and its applications. It also helps you keep an eye on network and system security.
Log Management (LM)
- Which of the following involves pushing the network beyond its limits, often taking
down the network to test its limits and recovery procedures?
❍ A. Crash and burn
❍ B. Stress test
❍ C. Recovery test
❍ D. Load test
- B. Whereas load tests do not try to break the system under intense pressure,
stress tests sometimes do. Stress testing has two goals. The first is to see
exactly what the network can handle. It’s useful to know the network’s breaking
point in case the network ever needs to be expanded. Secondly, stress testing
allows administrators to test their backup and recovery procedures.
- You suspect that an intruder has gained access to your network. You want to
see how many failed logon attempts there were in one day to help determine
how the person got in. Which of the following might you do?
❍ A. Review the history logs.
❍ B. Review the security logs.
❍ C. Review the logon logs.
❍ D. Review the performance logs.
- B. The security logs can be configured to show failed or successful logon
attempts as well as object access attempts. In this case, the administrator can
review the security logs and failed logon attempts to get the desired information.
The failed logs will show the date and time when the failed attempts occurred.
3. Which utility can be used to write syslog entries on a Linux-based operating system? ❍ A. memo ❍ B. record ❍ C. logger ❍ D. trace
- C. The syslog feature exists in most UNIX/Linux-based distributions and entries
can be written using logger. The other options are not possibilities for writing
syslog entries.
4. Which of the following is not a standard component of an entry in a Windowsbased security log? ❍ A. Event ID ❍ B. Date ❍ C. Computer ❍ D. Domain ❍ E. User
- D. The standard components of an entry in a Windows-based security log
include the date, time, user, computer, and Event ID. The domain is not a standard
component of a log entry.
- You have just used a port scanner for the first time. On one port, it reports that a
process is listening on that port and access to this port will likely be denied.
Which state is the port most likely to be considered to be in?
❍ A. Listening
❍ B. Closed
❍ C. Filtered
❍ D. Blocked
- B. When a port is closed, no process is listening on that port and access to this
port will likely be denied. When the port is Open/Listening, the host sends a
reply indicating that a service is listening on the port. When the port is Filtered or
Blocked, there is no reply from the host, meaning that the port is not listening or
the port is secured and filtered.
- What tools are used to attach twisted-pair network cable to connectors
within a patch panel?
- Punchdown tools are used to attach twisted-pair network cable to connectors
within a patch panel.
- What are the two parts of a toner probe?
- A toner probe has two parts: the tone generator, or toner, and the tone
locator, or probe.
Basically, a ___ ___ is a tool that you use to attach media connectors to the ends of
cables.
wire crimpers
___ ___ are tools designed to cleanly cut the cable.
Wire snips
___ ___are designed to cleanly remove the sheathing
from wire to make sure a clean contact can be made.
wire strippers
Punchdown tools are used to attach twisted-pair network cable to connectors within
a patch panel. Specifically, they connect twisted-pair wires to the insulation displacement
connector (IDC).
ExamAlert
___ ___ ___ is used to monitor the quality
of power used on the network or by network hardware. You plug it into a wall socket, and it finds potential power-related concerns such as power sags, spikes, surges, or other power variations. The administrator then reviews the recorder’s findings. Such power irregularities can cause problems for hardware and, in the case of serious spikes, can destroy hardware.
Voltage Event Recorder
In use, ___ ___ help diagnose computer networking problems, alert you to unused protocols, identify unwanted or malicious network traffic, and help isolate network traffic-related problems.
protocol analyzers
___ ___ ___ is a device used to send a signal through
a particular medium to check the cable’s continuity. They can locate many types of cabling faults, such as a severed sheath, damaged conductors, faulty crimps, shorts, loose connectors, and more. Although network administrators will not need to use a tool such as this every day, it could significantly help in the troubleshooting process. They help ensure that data sent across the network is not interrupted by poor cabling that may cause
faults in data delivery.
time domain reflectometer (TDR)
Ascertaining whether a signal reaches the other end of a fiber-optic cable is relatively easy, but when you determine that there is a break, the problem becomes locating the break. That’s when you need a tool called an __ __ __ __
optical time domain reflectometer (OTDR).
A basic ____ combines several electrical meters into a single unit that can measure voltage, current, and resistance. Advanced models can also measure temperature.
multimeter
A ___ ___ ___ gives administrators a quick glance at the network’s bandwidth and whether its current configuration can grow to support VoIP or Gigabit Ethernet, for example.
Network Qualification Tester
Network qualification testers enable administrators to identify the current speeds the network cabling can support and to isolate cabling from network problems.
ExamAlert
A ___ ___enables the administrator or technician to
butt into a communication line and use it. In the case of a phone line, a technician can use the line normally—that is, make a call, answer a call, or listen in to a call.
butt set
The intent of a ___ ___ is to reveal Wi-Fi hot spots and detect wireless network access with LED visual feedback. Such devices can be configured
to scan specific frequencies.
Wi-Fi Detector
1. You recently installed a new server in a wiring closet. The server shuts down periodically; you suspect power-related problems. Which of the following tools might you use to isolate a power problem? ❍ A. Voltage multimeter ❍ B. Voltage regulator ❍ C. Voltage monitor ❍ D. Voltage event recorder
- D. Voltage event recorders are used to monitor the quality of power used on the
network or by network hardware. Voltage event recorders identify potential
power-related concerns such as power sags, spikes, surges, and other power
variations.
2. While you were away, an air conditioning unit malfunctioned in a server room, and some equipment overheated. Which of the following would have alerted you to the problem? ❍ A. Multimeter ❍ B. Environmental monitor ❍ C. TDR ❍ D. OTDR
- B. Environmental monitors are used in server and network equipment rooms to
ensure that the temperature does not fluctuate too greatly. In the case of a failed
air conditioner, the administrator is alerted to the drastic changes in temperature.
Multimeters, TDRs, and OTDRs are used to work with copper-based media.
3. What tool would you use when working with an IDC? ❍ A. Wire crimper ❍ B. Media tester ❍ C. OTDR ❍ D. Punchdown tool
- D. You use a punchdown tool when working with an IDC. All the other tools are
associated with making and troubleshooting cables; they are not associated with
IDCs.
4. As a network administrator, you work in a wiring closet where none of the cables have been labeled. Which of the following tools are you most likely to use to locate the physical ends of the cable? ❍ A. Toner probe ❍ B. Wire crimper ❍ C. Punchdown tool ❍ D. ping
- A. The toner probe tool, along with the tone locator, can be used to trace cables.
Crimpers and punchdown tools are not used to locate a cable. The ping utility
would be of no help in this situation.
- You are installing a new system into an existing star network, and you need a cable that is 45 feet long. Your local vendor does not stock cables of this length,
so you are forced to make your own. Which of the following tools do you need to complete the task?
❍ A. Optical tester
❍ B. Punchdown tool
❍ C. Crimper
❍ D. UTP splicer
- C. When attaching RJ-45 connectors to UTP cables, the wire crimper is the tool
you use. None of the other tools listed are used in the construction of UTP
cable.
What does IDC stand for?
Insulation displacement connector
- What TCP/IP command can be used to troubleshoot DNS problems?
- The nslookup command is a TCP/IP diagnostic tool used to troubleshoot
DNS problems. On Linux, UNIX, and Macintosh systems, you
can also use the dig command for the same purpose.
- What is the Linux, Macintosh, and UNIX equivalent of the ipconfig
command?
- The ifconfig command is the Linux, Macintosh, and UNIX equivalent
of the ipconfig command.
- What utility is the part of the TCP/IP suite and has the function of resolving
IP addresses to MAC addresses?
- The function of arp is to resolve IP addresses to MAC addresses.
This is Used to track the path a packet takes as it travels across a network. ____ is used on Windows systems; ____ is used on UNIX, Linux, and Macintosh systems.
tracert; traceroute
____ is Used to test connectivity between two devices on a network.
ping
___ is Used to view and work with the IP address to MAC
address resolution cache.
address resolution protocol (ARP)
___ ___ Uses ARP to test connectivity between systems rather
than using Internet Control Message Protocol (ICMP), as
done with a regular ping.
address resolution protocol (arp) ping
___ is Used to view the current TCP/IP connections on a system.
network statistics (netstat)
____ is Used to view statistics related to NetBIOS name resolution and to see information about current NetBIOS over TCP/IP connections.
netbios statistics (nbstat)
____ is Used to view and renew TCP/IP configuration on a
Windows system.
ipconfig
____ is Used to view TCP/IP configuration on a UNIX, Linux, or
Macintosh system.
interface configuration (ifconfig)
Used to perform manual DNS lookups. ____ can be
used on Windows, UNIX, Macintosh, and Linux systems.
While ____ is the command that can be used on UNIX, Linux, and Macintosh
systems.
name server lookup (nslookup); domain information groper (dig)
____ is Used on Linux/UNIX systems to perform a reverse lookup on an IP address.
host
___ is Used to view and configure the routes in the routing table.
route
What does ICMP stand for
Internet control message protocol
ping Command Switches:
Pings a device on the network until stopped
ping -t
ping Command Switches:
Resolves addresses to hostnames
ping -a
ping Command Switches:
Specifies the number of echo requests to send
ping -n count
ping Command Switches:
Records the route for count hops
ping -r count
ping Command Switches:
Timestamp for count hops
ping -s count
ping Command Switches:
Timeout in milliseconds to wait for each reply
ping -w timeout
The ___ ___ ___ error message means that a route to the destination computer system cannot be found. To remedy this problem, you might need to examine the routing information on the local host to confirm that the local host is correctly configured, or you might need to make sure that the default gateway information is correct.
Destination host unreachable
The___ ___ ___ error message is common when you use the ping command. Essentially, this error message indicates that your host did not receive the ping message back from the destination device within the designated time period. Assuming that the network connectivity is okay on your
system, this typically indicates that the destination device is not connected to the network, is powered off, or is not correctly configured. It could also mean that some intermediate device is not operating correctly. In some rare cases, it
can also indicate that the network has so much congestion that timely delivery of the ping message could not be completed. It might also mean that the ping is being sent to an invalid IP address or that the system is not on the same network as the remote host, and an intermediary device is not correctly configured.
Request timed out
The ___ ___error message is generated when the hostname of the destination computer cannot be resolved. This error usually occurs when you ping an incorrect hostname, as shown in the following example, or try to use ping with a hostname when hostname resolution (via DNS or a HOSTS text file) is not configured:
Unknown host
The ___ ___ ___ is a key consideration in understanding the ping
command. The function of this is to prevent circular routing, which
occurs when a ping request keeps looping through a series of hosts. It
counts each hop along the way toward its destination device. Each time it
counts one hop, the hop is subtracted from the ___ ___ ___.
Time To Live (TTL)pingt
___ ___ ___is used to resolve IP addresses to MAC
addresses. This is significant because on a network, devices find each other using the IP address, but communication between devices requires the MAC address. (Remember that the function of this is to resolve IP addresses to Layer 2 or MAC addresses.)!!!
Address Resolution Protocol (ARP)
ARP command switches:
Displays both the IP and MAC addresses and whether they are dynamic or static entries
-a or -g
ARP command switches:
Specifies a specific Internet address
inet_addr
ARP command switches:
Displays the ARP entries for a specified network interface
-N if_addr
ARP command switches:
Specifies a MAC address
eth_addr
ARP command switches:
Specifies an Internet address
if_addr
ARP command switches:
Deletes an entry from the ARP cache
-d
ARP command switches:
Adds a static permanent address to the ARP cache
-s
One type of attack is called an ICMP flood attack (also known as a ping attack).
The attacker sends continuous ping packets to a server or network system, eventually
tying up that system’s resources, making it unable to respond to requests from
other systems.
ExamAlert
netstat Switches commands:
Specifies how long to wait before redisplaying statistics
interval
netstat Switches commands:
Displays the current connections and listening ports. displays statistics for both TCP and User Datagram Protocol (UDP).
-a
netstat Switches commands:
Displays Ethernet statistics. command shows the activity for the NIC and displays the number of packets that have been both sent and received.
-e
netstat Switches commands:
Lists addresses and port numbers in numeric form
-n
netstat Switches commands:
Shows connections for the specified protocol
-p
netstat Switches commands:
Shows the routing table. used to view a system’s routing table. A
system uses a routing table to determine routing information for TCP/IP traffic.
-r
netstat Switches commands:
Lists per-protocol statistics. displays a number of statistics related to the
TCP/IP protocol suite
-s
The netstat and route print commands can be used to show the routing
table on a local or remote system.
ExamAlert
The ____ utility is used to show the port activity for both TCP and UDP connections, showing the inbound and outbound connections.
netstat
The netstat -r command output shows the same information as the output
from the route print command.
ExamAlert
The ____ utility is used to view protocol statistics and information for NetBIOS over TCP/IP connections ___is commonly used to troubleshoot NetBIOS name resolution problems. Because ___ resolves NetBIOS names, it’s available only on Windows systems.
nbtstat
nbtstat Switches commands:
Sends Name Release packets to WINS and then
starts Refresh.
nbtstat -RR (ReleaseRefresh)
nbtstat Switches commands:
Remote host machine name.
nbtstat RemoteName
nbtstat Switches commands:
Dotted-decimal representation of the IP address.
nbtstat IP address
nbtstat Switches commands:
Redisplays selected statistics, pausing interval
seconds between each display. Press Ctrl+C to
stop redisplaying statistics.
nbtstat interval
nbtstat Switches commands:
Adapter status) Outputs the NetBIOS name table
and MAC addresses of the card for the specified
computer.
nbtstat -a
nbtstat Switches commands:
(Adapter status) Lists the remote machine’s name
table given its IP address.
nbtstat -A (IP address)
nbtstat Switches commands:
Lists the contents of the NetBIOS name cache.
nbtstat -c (cache)
nbtstat Switches commands:
Lists local NetBIOS names.
nbtstat -n (names)
nbtstat Switches commands:
Lists names resolved by broadcast or WINS.
nbtstat -r (resolved)
nbtstat Switches commands:
Purges and reloads the remote cache name table.
nbtstat -R (Reload)
nbtstat Switches commands:
Summarizes the current NetBIOS sessions and
their status.
nbtstat -S (Sessions)
nbtstat Switches commands:
Lists the sessions table, converting destination IP
addresses into computer NetBIOS names.
nbtstat -s (sessions)
Used on its own, the ____ command shows basic information such as the name of the local network interface, the IP address, the subnet mask, and the default gateway. Combined with the /all switch, it shows a detailed set of information.
ipconfig
IPCONFIG common troubleshooting symptoms:
The user cannot connect to any other system.
Ensure that the TCP/IP address and subnet mask are correct. If the network uses DHCP, ensure that DHCP
is enabled.
IPCONFIG common troubleshooting symptoms:
The user can connect to another system on the same
subnet but cannot connect to a remote system.
Ensure the default gateway is configured correctly.
IPCONFIG common troubleshooting symptoms:
The user is unable to browse the Internet.
Ensure the DNS server parameters are correctly configured.
IPCONFIG common troubleshooting symptoms:
The user cannot browse across remote subnets.
Ensure the WINS or DNS server parameters are correctly configured, if applicable.
ipconfig Switch commands:
Displays the ipconfig help screen
?
ipconfig Switch commands:
Displays additional IP configuration information
/all
ipconfig Switch commands:
Releases the IPv4 address of the specified adapter
/release
ipconfig Switch commands:
Releases the IPv6 address of the specified adapter
/release6
ipconfig Switch commands:
Renews the IPv4 address of a specified adapter
/renew
ipconfig Switch commands:
Renews the IPv6 address of a specified adapter
/renew6
ipconfig Switch commands:
Purges the DNS cache
/flushdns
ipconfig Switch commands:
Refreshes the DHCP lease and reregisters the DNS names
/registerdns
ipconfig Switch commands:
Used to display the information in the DNS cache
/displaydns
The ipconfig /release and ipconfig /renew commands work only when
your system is using DHCP.
TIP
_____ is a utility used to troubleshoot DNS-related problems. Using ____, you can, for example, run manual name resolution queries against DNS servers, get information about your system’s DNS configuration, or specify what kind of DNS record should be resolved.
nslookup
_____is used on a Linux, UNIX, or Macintosh system to perform manual DNS lookups. It performs the same basic task as nslookup, but with one major distinction: The command does not have an interactive mode and instead uses only command-line switches to customize results.
dig
The _____ command is used on Linux/UNIX systems to perform a reverse lookup on an IP address. A reverse lookup involves looking up an IP address and resolving the hostname from that. Users running Microsoft Windows operating systems could use the nslookup command to perform a reverse lookup on an IP address, and Linux users can use the host command or nslookup.
host
The ____ utility is an often-used and very handy tool. With this command,you display and modify the routing table on your Windows and Linux systems.
route
Switches for the route Command in Windows:
Enables you to add a static route to the routing table.
add
Switches for the route Command in Windows:
Enables you to remove a route from the routing table.
delete
Switches for the route Command in Windows:
Enables you to modify an existing route.
change
Switches for the route Command in Windows:
When used with the add command, makes the route permanent. If the -p switch is not used when a route is added, the route is lost upon reboot.
-p
Switches for the route Command in Windows:
Enables you to view the system’s routing table.
Switches for the route Command in Windows:
Removes all gateway entries from the routing table.
-f
1. What command can you issue from the command line to view the status of the system’s ports? ❍ A. netstat -p ❍ B. netstat -o ❍ C. netstat -a ❍ D. netstat –y
- C. Administrators can quickly determine the status of common ports by issuing the netstat -a command from the command line. This command output lists the ports used by the system and whether they are open and listening.
2. Which of the following tools can you use to perform manual DNS lookups on aLinux system? (Choose two.) ❍ A. dig ❍ B. nslookup ❍ C. tracert ❍ D. dnslookup
- A and B. Both the dig and nslookup commands can be used to perform
manual DNS lookups on a Linux system. You cannot perform a manual lookup
with the tracert command. There is no such command as dnslookup.
3. Which of the following commands generates a Request timed out error message? ❍ A. ping ❍ B. netstat ❍ C. ipconfig ❍ D. nbtstat
- A. The ping command generates a Request timed out error when it cannot
receive a reply from the destination system. None of the other commands
listed produce this output.
4. Which of the following commands would you use to add a static entry to the ARP table of a Windows 7 system? ❍ A. arp -a IP ADDRESS MAC ADDRESS ❍ B. arp -s MAC ADDRESS IP ADDRESS ❍ C. arp -s IP ADDRESS MAC ADDRESS ❍ D. arp -i IP ADDRESS MAC ADDRESS
- C. This command would correctly add a static entry to the ARP table. None of
the other answers are valid ARP switches.
5. Which command created the following output? Server: nen.bx.ttfc.net Address: 209.55.4.155 Name: examcram.com Address: 63.240.93.157 ❍ A. nbtstat ❍ B. ipconfig ❍ C. tracert ❍ D. nslookup
- D. The output was produced by the nslookup command. The other commands
listed produce different output.
- True or False: The biggest difference between a LAN and WAN is usually the size of the network.
- True. A WAN is a network that spans more than one geographic location,
often connecting separated LANs.
- What network model offers no centralized storage of data or centralized control over the sharing of files or resources?
- A peer-to-peer network is a decentralized network model offering no centralized
storage of data or centralized control over the sharing of files or
resources.
- In what networking model is the processing power shared between the client systems and the server?
- A distributed network model has the processing power distributed
between the client systems and the server.
A ___ is a data network restricted to a single geographic location and typically
encompasses a relatively small area, such as an office building or school.
LAN
A_______ network is a decentralized network model offering no centralized storage of data or centralized control over the sharing of files or resources. All systems on this type network can share the resources on
their local computer and use resources of other systems.
peer-to-peer
The _____networking model is, without question, the most widely implemented model and the one you are most likely to encounter when working in real-world environments. The advantages of this system are that it is a centralized model and it enables centralized network management of all network services, including user management, security, and backup procedures.
client/server
In a ____ computing model, one system provides both the data storage and processing power for client systems.
This networking model is most often associated with computer mainframes and dumb terminals, where no processing or storage capability exists at the workstation. These network environments are rare, but they do still exist.
centralized
1. What is the maximum number of computers recommended for inclusion in a peer-to-peer network? ❍ A. 2 ❍ B. 5 ❍ C. 10 ❍ D. 25
- C. The maximum number of computers recommended in a peer-to-peer network
is 10.
peer-to-peer network? ❍ A. 2 ❍ B. 5 ❍ C. 10 ❍ D. 25 2. When a WAN is confined to a certain geographic area, such as a university campus or city, it is known as a ❍ A. LAN ❍ B. MAN ❍ C. VAN ❍ D. VPN
- B. A WAN can be referred to as a MAN (Metropolitan Area Network) when it is
confined to a certain geographic area, such as a university campus or city.
- Which topology (star, bus, or ring) would use a hub or switch?
- Of the choices given, only a star topology would use a hub or switch.
- With which topology does every node have a direct connection to every
other node?
- With a mesh topology, every node has a direct connection to every other
node.
A ___ refers to a network’s physical and logical layout.
topology
A network’s ____ topology refers to the actual layout of the computer cables and other network
devices.
physical
A network’s ____ topology refers to the way in which the network
appears to the devices that use it.
logical
A ___ topology uses a trunk or backbone to connect all the computers on the network
bus
The __ topology is actually a logical ___, meaning that the data travels in a circular fashion from one computer to another on the network. It is not a physical ___ topology.
ring
In the ___ topology, all computers and other network devices connect to a central device called a hub or switch. Each connected device requires a single cable to be connected to the hub, creating a point-to-point connection between the
device and the hub.
star
Among the network topologies discussed in this chapter, the star topology is the
easiest to expand in terms of the number of devices connected to the network.
ExamAlert
The wired ____ topology incorporates a unique network design in which each computer on the network connects to every other, creating a point-to-point connection between every device on the network. The purpose of the ____ design is to provide a high level of redundancy. If one network cable fails, the data always has an alternative path to get to its destination— each node can act as a relay.
mesh
Because of the redundant connections, the mesh topology offers better fault tolerance
than other topologies.
ExamAlert
___ ___ ___is a technology designed to speed up network traffic flow by moving away from the use of traditional routing tables. Instead of routing tables, ___ ___ ___ uses short labels to direct packets and forward them through the network.
Multiprotocol Label Switching (MPLS)
The ____ wireless topology is commonly used to extend a wired LAN to include wireless devices. Wireless devices communicate with the wired LAN through a base station known as an access point (AP) or wireless access point. The AP forms a bridge between a wireless and wired LAN, and all transmissions between wireless stations, or between a system and a wired network client, go
through the AP. APs are not mobile and must stay connected to the wired network; therefore, they become part of the wired network ____ (thus the
name).
infrastucture
In a wireless ___ ___ topology, devices communicate directly between themselves without using an access point. This peer-to-peer network design is commonly used to connect a small number of computers or wireless devices. For example, an __ __ wireless network may be set up temporarily between laptops in a boardroom or to connect systems in a home instead of using a wired solution.
ad hoc
in a ___ __ ___ wireless configuration, the
communication link travels from one node directly to one other node.
point-to-point (PtP)
A __ __ ___ wireless connection is designed to link multiple wired networks. Signals in __ __ ___ networks travel from a central node such as a base station of a cellular system, an access point of a WLAN, or a satellite. The function of the ___ wireless topology is to interconnect multiple locations, enabling them to access and share resources.
point-to-multipoint (PtMP)
- You have been asked to install a network to give the network users the greatest
amount of fault tolerance. Which of the following network topologies would you
choose?
❍ A. Star
❍ B. Ring
❍ C. Mesh
❍ D. Bus
- C. A mesh network uses a point-to-point connection to every device on the network.
This creates multiple points for the data to transmit around the network
and therefore creates a high degree of redundancy. The star, ring, and bus
topologies do not offer fault tolerance.
- Which of the following topologies enables network expansion with the least
amount of disruption for the current network users?
❍ A. Bus
❍ B. Ring
❍ C. LAN
❍ D. Star
- D. On a star network, each network device uses a separate cable to make a
point-to-point connection to a centralized device such as a hub or switch. With
such a configuration, you can add a new device to the network by attaching the
new device to the hub or switch with its own cable. This process does not disrupt
the users who are currently on the network. Answers A and B are incorrect
because the addition of new network devices on a ring or bus network can
cause a disruption in the network and cause network services to be unavailable
during the installation of a new device. A LAN (local area network) is created
using any topology and is not a topology in and of itself.
- You have been asked to connect two office locations. It has been specified that
you use a wireless link. Which of the following strategies would you use to connect
the two offices?
❍ A. Point-to-point
❍ B. Wireless mesh
❍ C. PtMP
❍ D. Star bus hybrid
- A. In a point-to-point (PtP) wireless configuration, the communication link travels
from one node directly to one other node. Wireless point-to-point systems are
often used in wireless backbone systems such as microwave relay communications
or as a replacement for a single wired communication cable. You can use
the point-to-point link to connect two locations to share data and resources. The
other choices are not appropriate options for creating the wanted connection.
5. Which network topology offers the greatest level of redundancy but also has the highest implementation cost? ❍ A. Wireless mesh ❍ B. Wired mesh ❍ C. Hybrid star ❍ D. Bus network
- B. The wired mesh topology requires each computer on the network to be individually
connected to every other device. This configuration provides maximum
reliability and redundancy for the network. However, of those listed, it is the most
costly to implement because of the multiple wiring requirements.
- Which of the following statements are associated with a bus LAN network?
(Choose all correct answers.)
❍ A. A single cable break can cause complete network disruption.
❍ B. All devices connect to a central device.
❍ C. It uses a single backbone to connect all network devices.
❍ D. It uses a dual-ring configuration.
- A, C. In a bus network, a single break in the network cable can disrupt all the
devices on that segment of the network—a significant shortcoming. A bus network
also uses a single cable as a backbone to which all networking devices
attach. A star network requires networked devices to connect to a centralized
device such as a hub or MSAU. It does not use a dual-ring configuration.
Therefore, answer B is incorrect.
- What type of network configuration enables a remote user to access a
private network across the Internet?
- A virtual private network (VPN) can enable a remote user to access a private
network across the Internet.
- True or False: VLANs enable you to create multiple broadcast domains on
a single switch.
- True. VLANs enable you to create multiple broadcast domains on a single
switch.
- Which of the following statements best describes a VPN?
❍ A. It is any protocol that enables remote clients to log in to a server over
a network such as the Internet.
❍ B. It provides a system whereby only screen display and keyboard and
mouse input travel across the link.
❍ C. It is a secure communication channel across a public network such
as the Internet.
❍ D. It is a protocol used to encrypt user IDs and passwords.
- C. A VPN provides a secure communication path between devices over a public
network such as the Internet.
2. Which of the following are required to establish a VPN connection? (Choose all correct answers.) ❍ A. VPN server ❍ B. VPN client ❍ C. VPN protocols ❍ D. VPN MAC identification
- A, B, C. Many elements are involved in establishing a VPN connection. This
includes the VPN client to initiate the session, the VPN server to answer the
client requests, and the VPN protocols to secure and establish the connection.
3. Which of the following are valid ways to assign computers to a VLAN? (Choose the three best answers.) ❍ A. Protocol assignment ❍ B. Port-based assignment ❍ C. NetBIOS computer name ❍ D. MAC address
- A, B, D. VLANs can be created by using protocol assignments, by defining the
ports on a device as belonging to a VLAN, or by using MAC addresses. VLANs
cannot be created by using the NetBIOS computer name.
In general, a ___ recovery site is a site that can be up and operational in a relatively short amount of time, such as a day or two.
cold
___ recovery sites are set up to be ready to go at a moment’s notice.
hot
A ___ site typically has computers but is not configured ready to go. This means that
data might need to be upgraded or other manual interventions might need to
be performed before the network is again operational.
warm
A hot site that mirrors the organization’s production network can assume network
operations at a moment’s notice. Warm sites have the equipment needed to bring
the network to an operational state but require configuration and potential database
updates. A cold site has the space available with basic service but typically
requires equipment delivery.
ExamAlert
1. Which two types of tape backup methods clear the archive bit after the backup has been completed? ❍ A. Full ❍ B. Differential ❍ C. Incremental ❍ D. GFS
- A, C. The archive bit is reset after a full backup and an incremental backup.
Answer B is incorrect because the differential backup does not reset the archive
bit. Answer D is wrong because GFS is a rotation strategy, not a backup
method.
- You come to work on Thursday morning to find that the server has failed and
you need to restore the data from backup. You finished a full backup on Sunday
and incremental backups on Monday, Tuesday, and Wednesday. How many
tapes are required to restore the backup?
❍ A. Four
❍ B. Two
❍ C. Three
❍ D. Five
- A. Incremental backups save all files and directories that have changed since the
last full or incremental backup. To restore, you need the latest full backup and all
incremental tapes. In this case, you need four tapes to complete the restore
process.
- Which of the following recovery sites might require the delivery of computer
equipment and an update of all network data?
❍ A. Cold site
❍ B. Warm site
❍ C. Hot site
❍ D. None of the above
- A. A cold site provides an alternative location but typically not much more. A
cold site often requires the delivery of computer equipment and other services. A
hot site has all network equipment ready to go if a massive failure occurs. A
warm site has most equipment ready but still needs days or weeks to have the
network up and running.
- As part of your network administrative responsibilities, you have completed your
monthly backups. As part of backup best practices, where should the tapes be
stored?
❍ A. In a secure location in the server room
❍ B. In a secure location somewhere in the building
❍ C. In an offsite location
❍ D. In a secure offsite location
- D. Although not always done, it is a best practice to store tape backups in a
secure offsite location in case of fire or theft. Answer A is incorrect because if
the server room is damaged by fire or flood, the tapes and the data on the server
can be compromised by the same disaster. Similarly, answer B is incorrect
because storing the backups onsite does not eliminate the threat of a single disaster
destroying the data on the server and tapes. Answer C is incorrect
because of security reasons. The offsite tapes must be secured.
- As network administrator, you have been tasked with designing a disaster recovery
plan for your network. Which of the following might you include in a disaster
recovery plan?
❍ A. RAID 5
❍ B. Offsite tape storage
❍ C. Mirrored hard disks
❍ D. UPS
- B. Offsite tape storage is part of a disaster recovery plan. The other answers are
considered fault-tolerance measures because they are implemented to ensure
data availability.
A full backup is the fastest way to restore data of all the methods discussed here,
because only one tape, or set of tapes, is required for a full restore.
ExamAlert
If you experience trouble with any type of backup, you should clean the tape drive
and then try the backup again. Also visually inspect the tape for physical damage.
ExamAlert
Both full and incremental backups clear the archive bit after files have been backed
up.
ExamAlert
- What are the two categories of QoS that applications generally can be
broken into?
- Applications generally can be broken into either latency-sensitive or
latency-insensitive.
- What term involves delaying the flow of data traffic designated as less
important compared to other traffic streams?
- Traffic shaping involves delaying the flow of data traffic designated as less
important compared to other traffic streams.
___ describes the strategies used to manage and increase the flow of network
traffic. ___ features enable administrators to predict bandwidth use, monitor
that use, and control it to ensure that bandwidth is available to the applications
that need it.
Quality of Service (QoS)
CATEGORIES OF QoS:
These applications need bandwidth for quick delivery
where network lag time impacts their effectiveness. This includes
voice and video transfer. For example, voice over IP (VoIP) would be
difficult to use if there were a significant lag time in the conversation
Latency-sensitive
Controlling bandwidth also involves managing ________ applications. This includes bulk data transfers such as
huge backup procedures and File Transfer Protocol (FTP) transfers.
latency-insensitive
___ ___ is a QoS strategy designed to enforce prioritization policies on the transmission of data throughout the network. It is intended to reduce
latency by controlling the amount of data that flows into and out of the network. Traffic is categorized, queued, and directed according to network policies.
Traffic shaping
Remember that traffic shaping involves delaying the flow of data traffic that is designated
as less important compared to other traffic streams.
ExamAlert
- Caching improves network performance by caching content where?
❍ A. Locally.
❍ B. On a remote server.
❍ C. In archives.
❍ D. Caching does not improve network performance.
- A. Caching improves network performance by locally caching content, thereby
limiting surges in traffic.
2. Which of the following would most likely use latency-sensitive QoS? ❍ A. FTP ❍ B. DNS ❍ C. SNMP ❍ D. VoIP
- D. Latency-sensitive applications include those for voice and video transfer. For
example, voice over IP (VoIP) would be difficult to use if there were a significant
lag time in the conversation.
- True or False: VPNs require a secure protocol to safely transfer data over
the Internet.
- True. VPNs require a secure protocol such as IPSec or SSL to safely
transfer data over the Internet.
- How many phases are there to L2TP authentication?
- L2TP offers two-phase authentication—once for the computer and once
for the user.
Be sure you understand that ISAKMP is a framework and not an implementable
entity.
ExamAlert
___ protocol it outlines
how secure communications should take place, but is not a protocol, or
application, itself.
Internet Security Association and Key Management Protocol (ISAKMP)
______ protocol creates a secure tunnel between two points on a network,
over which other connectivity protocols, such as PPP, can be used. This
tunneling functionality is the basis of VPNs.
Point-to-Point Tunneling Protocol (PPTP)
VPNs are created and managed using PPTP, which builds on the functionality of
PPP. This makes it possible to create dedicated point-to-point tunnels through a
public network such as the Internet.
ExamAlert
_____ ____ protocol is a combination of PPTP and Cisco L2F technology.It authenticates the client in a
two-phase process: It authenticates the computer and then the user. By
authenticating the computer, it prevents the data from being intercepted,
changed, and returned to the user in what is known as a man-in-the-middle
attack.
Layer 2 Tunneling Protocol (L2TP)
Remember for the exam that L2TP offers two-phase authentication—once for the
computer and once for the user. This helps prevent man-in-the-middle attacks.
ExamAlert
Unlike IPSec, which operates at the network layer of the OSI model, L2TP operates
at the data link layer, making it protocol-independent. This means that an L2TP
connection can even support protocols other than TCP/IP, such as AppleTalk and
Novell’s legacy IPX.
ExamAlert
The ___ protocol is designed to provide secure communications between systems. This includes system-to-system communication in the same network, as well as communication to systems on external networks. It is an IP layer security protocol that can both encrypt and authenticate network transmissions. In a nutshell, it is composed of two separate protocols: Authentication Header (AH) and Encapsulating Security Payload
(ESP). AH provides the authentication and integrity checking for data packets,
and ESP provides encryption services.
IP Security (IPSec)
IPSec relies on two underlying protocols: AH and ESP. AH provides authentication
services, and ESP provides encryption services.
ExamAlert
IPSec can be used only on TCP/IP networks. If you use another network protocol,
you need to use a security protocol such as L2TP.
ExamAlert
In a______ implementation, as the name
implies, whole networks are connected together. An example of this would be
divisions of a large company. Because the networks are supporting the VPN,
each gateway does the work and the individual clients do not need to have any
VPN.
site-to-site
In a _______ scenario, individual clients (such as telecommuters or travelers) connect to the network remotely. Because the individual client makes a
direct connection to the network, each client doing so must have VPN client software installed.
client-to-site
Be sure you understand that site-to-site and client-to-site are two types of VPNs.
ExamAlert
___ ___ describes the mechanisms used to filter network traffic to determine
who is and who is not allowed to access the network and network
resources.
Access control:
Firewalls, proxy servers, routers, and individual computers all can
maintain access control to some degree. By limiting who can and cannot
access the network and its resources, it is easy to understand why access control
plays a critical role in security strategy. Several types of access control
strategies exist, as discussed in the following sections.
Be sure you can identify the purpose and types of access control.
ExamAlert
___ ___ control is the most secure form of access control. In systems configured to use mandatory access control, administrators dictate
who can access and modify data, systems, and resources. ____ systems are commonly used in military installations, financial institutions, and, because of new privacy laws, medical institutions.
Mandatory access control (MAC):
MAC secures information and resources by assigning sensitivity labels to
objects and users. When users request access to an object, their sensitivity
level is compared to the object’s. A label is a feature applied to files, directories,
and other resources in the system. It is similar to a confidentiality stamp.
When a label is placed on a file, it describes the level of security for that specific
file. It permits access by files, users, programs, and so on that have a similar
or higher security setting.
___ ___ control is not forced from the administrator or operating system. Instead, access is controlled
by an object’s owner. For example, if a secretary creates a folder, he decides who will have access to that folder. This access is configured using permissions and an access control list.
discretionary access control (DAC):
DAC uses an access control list (ACL) to determine access. The ACL is a
table that informs the operating system of the rights each user has to a particular
system object, such as a file, directory, or printer. Each object has a security
attribute that identifies its ACL. The list has an entry for each system user
with access privileges. The most common privileges include the ability to read
a file (or all the files in a directory), to write to the file or files, and to execute
the file (if it is an executable file or program).
___ ____ control controls access to objects according to established rules. The configuration and security settings established on a router or firewall are a good example.
Rule-based access:
In a practical application, rule-based access control is a variation on MAC.
Administrators typically configure the firewall or other device to allow or
deny access. The owner or another user does not specify the conditions of
acceptance, and safeguards ensure that an average user cannot change settings
on the devices.
In ___ ___ control, access decisions are determined by the roles that individual users have within the organization.
role-based access control (RoBAC):
Role-based access
requires the administrator to have a thorough understanding of how a particular
organization operates, the number of users, and each user’s exact function
in that organization.
___ ___ is often too restrictive to be practical in business. For instance, using teachers as an example, some more experienced teachers might have more responsibility than others and might require increased access to a particular network object. Customizing access to each individual is a time-consuming
process.
Least privilege
_____ is a remote-access solution included with Windows Server products. It is a feature-rich, easy-to-configure, easy-to-use method of configuring remote
access.
Remote Access Service RAS
____ is the standard remote-access protocol in use today. PPP is actually a family of protocols that work together to provide connection services.
point-to-point protocol PPP:
During the establishment of a PPP connection between the remote system
and the server, the remote server needs to authenticate the remote user. It
does so by using the PPP authentication protocols.
___ _____ ____is a protocol used to connect multiple network users on an Ethernet local area network to a remote site through a common device.
Point-to-Point Protocol over Ethernet (PPPoE):
For example, using PPPoE, you can have all users
on a network share the same link, such as a DSL, cable modem, or wireless
connection to the Internet. PPPoE is a combination of PPP and the Ethernet
protocol, which supports multiple users in a local area network (hence the
name). The PPP information is encapsulated within an Ethernet frame.
___ ___ ___is a method to restrict access to the network
based on identify or posture (discussed later in this chapter). This was created by Cisco to enforce privileges and make decisions on a client device based on information gathered from it (such as the vendor and version of the antivirus
software running).
Network Access Control (NAC)
A ____assessment is any evaluation of a system’s security based on settings
and applications found.
posture
Be able to identify posture assessment.
ExamAlert
Remote-Control Protocols:
____ is a low-bandwidth protocol used to send mouse movements, keystrokes, and bitmap images of the screen
on the server to the client computer. It does not actually send data over the connection—only screenshots and client keystrokes.
Remote Desktop Protocol (RDP),
____ is a tunneling protocol originally created for UNIX systems. It uses encryption to establish a secure connection between two systems and provides
alternative, security-equivalent applications for such utilities as Telnet, FTP, and other communications-oriented applications. Although it is available with
Windows and other operating systems, it is the preferred method of security for Telnet and other cleartext-oriented programs in the UNIX environment. It uses port 22 and TCP for connections.
Secure Shell (SSH),
Be sure you know the port associated with SSH.
Citrix
EXAMALERT
_____ enables clients to access and run applications on a server, using the
server’s resources. Only the user interface, keystrokes, and mouse movements
transfer between the client system and the server. In effect, even though you
work at the remote computer, the system functions as if you were actually sitting
at the computer itself. As with Terminal Services and RDP, it is an
example of thin client computing.
Independent Computing Architecture (ICA)
Three protocols described in this chapter enable access to remote systems and enable users to run applications on the system, using that system’s resources. Only the user interface, keystrokes, and mouse movements transfer between the client system and the remote computer.
ExamAlert
When configuring security for wireless networks, filtering by MAC address is a
common practice. Typically, in MAC filtering security, MAC addresses can be
added to an “allow” ACL or “deny” ACL.
ExamAlert
1. Which of the following protocols is used in thin-client computing? ❍ A. RDP ❍ B. PPP ❍ C. PPTP ❍ D. RAS
- A. RDP is used in thin-client networking, where only screen, keyboard, and
mouse input is sent across the line. PPP is a dialup protocol used over serial
links. PPTP is a technology used in VPNs. RAS is a remote-access service.
- Which of the following statements best describes the function of PPP?
❍ A. It is a secure technology that enables information to be securely
downloaded from a website.
❍ B. It is a dialup protocol used over serial links.
❍ C. It is a technology that enables a secure tunnel to be created through
a public network.
❍ D. It provides a public key/private key exchange mechanism.
- B. PPP is a protocol that can be used for dialup connections over serial links.
Answer A describes SSL, answer C describes a VPN, and answer D describes
PKI.
- Your company wants to create a secure tunnel between two networks over the
Internet. Which of the following protocols would you use to do this?
❍ A. PAP
❍ B. CHAP
❍ C. PPTP
❍ D. SLAP
- C. To establish the VPN connection between the two networks, you can use
PPTP. PAP and CHAP are not used to create a point-to-point tunnel; they are
authentication protocols. SLAP is not a secure dialup protocol.
- Because of a recent security breach, you have been asked to design a security
strategy that will allow data to travel encrypted through both the Internet and
intranet. Which of the following protocols would you use?
❍ A. IPSec
❍ B. SST
❍ C. CHAP
❍ D. FTP
- A. IPSec is a nonproprietary security standard used to secure transmissions both
on the internal network and when data is sent outside the local LAN. IPSec provides
encryption and authentication services for data communications. Answer B
is not a valid protocol. Answer C, CHAP, is a remote-access authentication protocol.
Answer D is incorrect because FTP is a protocol used for large data transfers,
typically from the Internet.
- What does the acronym AAA stand for?
- AAA refers to authentication, authorization, and accounting services.
- What are some of the policies that can usually be set for passwords?
- Common password policies typically include a minimum length of password,
password expiration, prevention of password reuse, and prevention
of easy-to-guess passwords.
___ refers to the mechanisms used to verify the identity of the computer or user attempting to access a particular resource. It is usually done with a set of credentials—most commonly a username and
password.
Authentication
_____determines if the person, previously identified and authenticated,
is allowed access to a particular resource. This is commonly determined
through group association. In other words, a particular group may have a specific
level of security clearance.
Authorization
_______ refers to the tracking mechanisms used to keep a record of events on a system. One tool often used for this purpose is auditing. Auditing is the process of monitoring occurrences and keeping a log of what has occurred on
a system.
Accounting
Be sure you can identify the purpose of authentication, authorization, and
accounting.
ExamAlert
In a Windows environment, two pieces of information are required to access the
network: a valid username and a valid password. Both are required to gain access.
ExamAlert
You need to identify an effective password policy. For example, a robust password
policy would include forcing users to change their passwords on a regular basis.
ExamAlert
_______ is an Internet Engineering Task Force (IETF) standard for providing authentication. It is an integral part of network security. Networks, including the Internet, can connect people from all over the world. When data travels from one point to another across a network, it can be lost, stolen, corrupted, or misused. Much of the data sent over networks is sensitive, whether it is medical, financial, or otherwise. A key consideration for those responsible for the network is maintaining the confidentiality of the data.
Kerberos:
Kerberos was designed to fix such problems by using a method requiring only
a single sign-on. This single sign-on enables a user to log into a system and
access multiple systems or resources without the need to repeatedly re-enter
the username and password. Additionally, Kerberos is designed to have entities
authenticate themselves by demonstrating possession of secret information.
Kerberos is a nonproprietary protocol and is used for cross-platform authentication.
It’s the main authentication protocol used with Windows servers.
ExamAlert
Kerberos enables secure authentication over an insecure network such as the
Internet.
ExamAlert
Kerberos uses ___ ___ ___ in which both client and server use the same encryption key to cipher and decipher data.
symmetric key cryptography,
Another cryptography method in use is asymmetric key cryptography, or public key
cryptography. In this method, a device has both a public and private key. The private
key is never shared. The public key is used to encrypt the communication, and
the private key is used for decrypting.
ExamAlert
You should know that the security tokens used in Kerberos are known as tickets.
ExamAlert
_______ is a collection of software, standards, and
policies combined to enable users from the Internet or other unsecured public
networks to securely exchange data.
Public Key Infrastructure (PKI):
PKI uses a public and private cryptographic
key pair obtained and shared through a trusted authority. Services and
components work together to develop the PKI. Some of the key components
of a PKI include the following: Certficates, Certificat authorities (CAs), Certificate templates, Certificate Revocation List (CRL)
In PKI:
A nonsecret key that forms half of a cryptographic key pair
used with a public key algorithm. The public key is freely given to all
potential receivers.
Public Key
In PKI:
The secret half of a cryptographic key pair used with a
public key algorithm. The private part of the public key cryptography
system is never transmitted over a network.
Private Key
RADIUS is a protocol that enables a single server to become responsible for all
remote-access authentication, authorization, and auditing (or accounting) services.
ExamAlert
RADIUS functions as a client/server system. The remote user dials in to the
remote-access server, which acts as a RADIUS client, or network access server
(NAS), and connects to a RADIUS server. The RADIUS server performs
authentication, authorization, and auditing (or accounting) functions and
returns the information to the RADIUS client (which is a remote-access server
running RADIUS client software); the connection is either established or
rejected based on the information received.
KNOW THIS
Authenticates remote Windows workstations, providing the
functionality to which LAN-based users are accustomed while integrating
the hashing algorithms used on Windows networks
Microsoft Challenge Handshake Authentication Protocol (MSCHAP): MS-CHAP works with PPP, PPTP, and L2TP network connections. MS-CHAP
uses a challenge/response mechanism to keep the password from being sent during the authentication process. MS-CHAP uses the Message Digest 5 (MD5) hashing algorithm and the Data Encryption Standard
(DES) encryption algorithm to generate the challenge and response. It provides mechanisms for reporting connection errors and for changing the user’s password.
An extension of PPP that
supports authentication methods that go beyond the simple submission
of a username and password. _____ was developed in response to an
increasing demand for authentication methods that use other types of
security devices such as token cards, smart cards, and digital certificates.
Extensible Authentication Protocol (EAP):
____ is a simple authentication protocol in which the username and password
are sent to the remote-access server in clear text, making it possible
for anyone listening to network traffic to steal both.
Password Authentication Protocol (PAP):
PAP typically is
used only when connecting to older UNIX-based remote-access servers
that do not support any additional authentication protocols.
You should be familiar with the different remote-access authentication methods and
know where and when they may be used.
ExamAlert
A Protocol for securely uploading and downloading files to and from a remote host. Based on SSH security
Secure File Transfer Protocol (SFTP)
A secure protocol for retrieving files from a web server. Uses SSL to encrypt data between client and host
Hypertext Transfer Protocol Secure
A secure alternative to Telnet that enables secure sessions toe be opened on a remote host
SSH
Provides an independent framework for authentication and key exchange. The actual implementation is usually done by IPSec but could be handled by any implementation capable of negotiating, modifying, and deleting security associations.
Internet Security Association and Key Management Protocol (ISAKMP)
Enables files to be securely copied between two systems. Uses Secure SHell (SSH) technology to provide encryption services
Secure Copy Protocol (SCP)
A network monitoring system used to monitor the network’s condition. is not secured
Simple Network Management Protocol version 1 and 2 (SNMPv1/2)
You will most certainly be asked questions on secure protocols and when they
might be used. Review Table 10.1 before taking the Network+ exam.
ExamAlert
2. Which of the following is not an authentication protocol? ❍ A. IPSec ❍ B. CHAP ❍ C. PAP ❍ D. EAP
- A. IPSec is not an authentication protocol. All the other protocols listed are
authentication protocols.
- You are onsite as a consultant. The client’s many remote-access users experience
connection problems. Basically, when users try to connect, the system
cannot service their authentication requests. What kind of server might you recommend
to alleviate this problem?
❍ A. RADIUS server
❍ B. IPSec server
❍ C. Proxy server
❍ D. Kerberos server
- A. By installing a RADIUS server, you can move the workload associated with
authentication to a dedicated server. A proxy server would not improve the
dialup connection’s performance. There is no such thing as a Kerberos server or
an IPSec server.
- What are some of the more common potential risks to computer
systems?
- Viruses, Trojan horses, and worms all present a potential risk to computer
systems.
In a____ attack, spoofed UDP packets are sent to a network’s broadcast
address. These packets are directed to specific ports, such as port 7 or port 19,
and, after they are connected, can flood the system.
Fraggle
Software programs or code loaded onto a computer without the user’s knowledge. After it is loaded, the ____ performs some form of
undesirable action on the computer.
virus
Certificatess are the cornerstones of the PKI. A certificate is essentially a form of
electronic credential that validates users, computers, or devices on the network. A
certificate is a digitally signed statement that associates the credentials of a public
key to the identity of the person, device, or service that holds the corresponding
private key.
ExamAlert
_____ is a security
protocol designed to provide centralized validation of users who are attempting
to gain access to a router or Network Access Server (NAS).
Terminal Access Controller Access Control System+ (TACACS+):
Like
RADIUS, TACACS+ is a set of security protocols designed to provide
authentication, authorization, and accounting (AAA) of remote users.
TACACS uses TCP port 49 by default.
Both RADIUS and TACACS+ provide authentication, authorization, and accounting
services. One notable difference between TACACS+ and RADIUS is that TACACS+
relies on the connection-oriented TCP, whereas RADIUS uses the connectionless
UDP.
ExamAlert
____ Brings with it enhancements over its predecessor. These enhancements include support for two-way authentication
and a few changes in how the cryptographic key is analyzed.
Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP v2)::
____supports non-
Microsoft remote-access clients. enables for authentication without
actually having the user send his password over the network.
Because it’s an industry standard, it enables Windows Server 2008/2003
and Windows 7/Vista to behave as a remote client to almost any thirdparty
PPP server.
Challenge Handshake Authentication Protocol (CHAP):
Users are allowed to log on without authentication.
Unauthenticated access:
A protocol for uploading and downloading files
to and from a remote host. Also accommodates
basic file management tasks.
FTP File Transfer Protocol
A [rptpcp; fpr retrieving files from a web server. Data is sent in clear text
Hypertext Transfer Protocol (HTTP)
Enables sessions to be opened on a remote host
Telnet
A cyrtographic protocol whose purpose is to verify that secure communications between a server and a client remain secure. It is an enhancement/replacement for SSL
Transport Layer Security
Replaced by SSH because it sends all data clear text
RSH- a UNIX utility used to run a command on a remote machine
Copies files between systems, but transport is not secured
Remote Copy Protocol (RCP)
An enhanced version of its predecessors offering both encryption and authentication services
SNMPv3
1. Which of the following protocols is used with HTTPS? ❍ A. SSH ❍ B. SSL ❍ C. Proxy ❍ D. IPSec
- B. HTTPS uses SSL to create secure connections over the Internet. Answer A is
incorrect because SSH provides a secure multiplatform replacement for Telnet.
Answer C is invalid because it is a service and not a protocol. Answer D is incorrect
because IPSec is designed to encrypt data during communication between
two computers.
3. Which of the following is the strongest password? ❍ A. password ❍ B. WE300GO ❍ C. l00Ka1ivE ❍ D. lovethemusic
- C. Strong passwords include a combination of letters and numbers and upperand
lowercase letters. Answer C is by far the strongest password. Answer A is
not a strong password because it is a standard word, contains no numbers, and
is all lowercase. Answer B mixes letters and numbers, and it is not a recognized
word, so it is a strong password, but it is not as strong as answer C. Answer D is
too easy to guess and contains no numbers.
- Which of the following services or protocols use SSH technology to provide
additional security to communications? (Choose two.)
❍ A. SCP
❍ B. SFTP
❍ C. SNMP
❍ D. SMTP
- A and B. Secure Shell (SSH) technology is used by both Secure Copy Protocol
(SCP) and Secure File Transfer Protocol (SFTP). Answers C and D are incorrect
because Simple Network Management Protocol (SNMP) and Simple Mail
Transfer Protocol (SMTP) do not use SSH technology for additional security.
- What type of malware covertly gathers system information through the
user’s Internet connection without his or her knowledge, usually for advertising
purposes?
- Spyware covertly gathers system information through the user’s Internet
connection without his or her knowledge, usually for advertising purposes.
The _____ attack is similar to a Fraggle attack. However, a ping request is sent
to a broadcast network address, with the sending address spoofed so that many ping replies overload the victim and prevent it from processing the
replies.
Smurf
Although they are still a form of virus, ___ viruses are
specifically designed to damage office or text documents.
macro
___ are a nasty form of software that automatically and
silently propagate without modifying software or alerting the user. After
they are inside a system, they can carry out their intended harm,
whether it is to damage data or relay sensitive information
WORMS
appear as helpful or harmless programs
but when installed carry and deliver a malicious payload. A___ ___
virus might, for example, appear to be a harmless or free online game
but when activated is actually malware.
Trojan horse
____ covertly gathers system information through the
user’s Internet connection without his or her knowledge, usually for advertising purposes. These applications typically are bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet.
Spyware
A __ virus installs itself into the operating system and stays there. It typically places itself in memory and from there infects and does damage. The resident loads with the operating system
on boot.
resident
Like any other applications, from time to time viruses are enhanced to make them harder to detect and to modify the damage they do. Modifications to existing viruses are called ____ because they are
rereleased versions of known viruses.
variants
One particularly hard-to-handle type of virus is the
____. It can change its characteristics to avoid detection. These viruses are some of the most difficult types to detect and remove.
polymorphic
____ can hide itself to avoid detection. Such
viruses often fool detection programs by appearing as legitimate programs
or hiding within legitimate programs.
Stealth virus:
___viruses are designed to infect and corrupt documents.
Because documents are commonly shared, these viruses can
spread at an alarming rate.
Macro Virus
Be prepared to identify the types of viruses and the differences between a virus,
Trojan horse, and worm.
ExamAlert
_____ attacks are designed to tie up network bandwidth and resources and eventually bring the entire network to a halt. This type of
attack is done simply by flooding a network with more traffic than it can handle. This attack is not designed to steal data but rather to cripple a network
and, in doing so, cost a company huge amounts of dollars.
Denial of service (DoS)
____ attacks are one of the most common types of attacks. Typically, usernames
are easy to obtain. Matching the username with the password allows
the intruder to gain system access to the level associated with that particular
user.
Password
____is a common form of cracking. It can be used by both outsiders and people within an organization. Social engineering is a hacker term for tricking people into revealing their password or some form of security information. It might include trying to get users to send passwords or other information over email, shoulder surfing, or any other method that tricks users into divulging information. It is an attack that attempts to take advantage of human behavior.
Social engineering
____ involves an intruder who obtains sensitive
information such as passwords, data, and procedures for performing functions
by intercepting, listening to, and analyzing network communications.
eavesdropping
In a ___ attack, an attacker gains access to a computer or program by
bypassing standard security mechanisms.
back door attack,: For instance, a programmer might
install a back door so that the program can be accessed for troubleshooting or
other purposes. Sometimes, as discussed earlier, nonessential services are
installed by default, and it is possible to gain access using one of these unused
services.
In a ___ attack, the intruder places himself between the sending and receiving devices and captures the communication as it passes by. The
interception of the data is invisible to those actually sending and receiving the
data. The intruder can capture the network data and manipulate it, change it,
examine it, and then send it on. Wireless communications are particularly susceptible
to this type of attack.
man-in-the-middle attack
_____ is a technique in which the real source of a transmission, file, or email is concealed or replaced with a fake source. This technique enables an attacker, for example, to misrepresent the original source of a file available for download. Then he can trick users into accepting a file from an untrusted
source, believing it is coming from a trusted source.
Spoofing
A ___ ___ ___ describes a situation in which a wireless access point has
been placed on a network without the administrator’s knowledge.
rogue access point:
The result is
that it is possible to remotely access the rogue access point because it likely
does not adhere to company security policies. So all security can be compromised
by a cheap wireless router placed on the corporate network. An evil twin
attack is one in which a rogue wireless access point poses as a legitimate wireless
service provider to intercept information users transmit.
These attacks start with war driving—driving around with a laptop looking for
open wireless access points with which to communicate and looking for weak
implementations that can be cracked (WEP cracking or WPA cracking). They
then lead to war chalking—those who discover a way in to the network leave signals (often written in chalk) on, or outside, the premise to notify others
that the vulnerability is there. The marks can be on the sidewalk, the side of
the building, a nearby signpost, and so on.
Advertising Wireless Weaknesses
Often users receive a variety of emails offering products, services, information,
or opportunities. Unsolicited email of this type is called ____. This technique involves a bogus offer sent to hundreds of thousands
or even millions of email addresses. The strategy plays the odds. For
every 1,000 emails sent, perhaps one person replies. Phishing can be dangerous
because users can be tricked into divulging personal information such as
credit card numbers or bank account information.
phishing (pronounced
“fishing”)
Be ready to identify the types of attacks just described. You can expect a question
on the exam about these types of attacks.
ExamAlert
1. What type of virus can hide itself to avoid detection? ❍ A. Macro ❍ B. Stealth ❍ C. Partite ❍ D. Worm
- B. A stealth virus can hide itself to avoid detection. Such viruses often fool
detection programs by appearing as legitimate programs or hiding within legitimate
programs.
- Which of the following is an attack in which a rogue wireless access point poses
as a legitimate wireless service provider to intercept information users transmit?
❍ A. Pharming
❍ B. Phishing
❍ C. Evil twin
❍ D. Social Engineering
- C. An evil twin attack is one in which a rogue wireless access point poses as a
legitimate wireless service provider to intercept information users transmit.
- Which of the following is a type of denial of service attack that occurs when
more data is put into a buffer than it can hold?
❍ A. Dictionary attack
❍ B. Buffer overflow
❍ C. Worm
❍ D. Trojan horse
- B. A buffer overflow is a type of denial of service (DoS) attack that occurs when
more data is put into a buffer than it can hold.
- Which of the following is an attack in which something that appears as a helpful
or harmless program carries and delivers a malicious payload?
❍ A. Worm
❍ B. Phish
❍ C. Evil twin
❍ D. Trojan horse
- D. Trojan horses appear as helpful or harmless programs but, when installed,
carry and deliver a malicious payload.
- Which of the following is an attack in which users are tricked into revealing their
passwords or some form of security information?
❍ A. Pharming
❍ B. Phishing
❍ C. Evil twin
❍ D. Social Engineering
- D. Social engineering is a term for tricking people (users) into revealing their
passwords or some form of security information.
- What are some of the services a firewall often provides?
- A firewall often provides such services as NAT, proxy, and packet filtering.
- What is the primary difference between an IDS and an IPS?
- An IDS is a passive security measure, and the IPS is a reactive security
measure.
- What is the scope of a firewall?
- A firewall can be either host-based, on a single system, or networkbased,
protecting systems networkwide.
Security is represented well in the Network+ objectives. You can expect to see
exam questions on the types of firewalls and their characteristics. For example, you
should know the differences between software and hardware firewalls and understand
stateful inspection versus packet filtering firewalls.
ExamAlert
A stateless firewall examines the information within a data packet and rejects or
accepts the packet based on the source or destination address or port number listed
in the packet header. Stateful firewalls have features allowing them not only to
examine individual packets but also to examine packet streams at the application
layer (DNS, SMTP, POP3, SNMP).
ExamAlert
Application layer firewalls offer a proxy service between the sending and receiving
devices. Using proxy services, the firewall can filter the content to and from source
and destination.
ExamAlert
The three firewall methods described in this chapter are often combined into a single
firewall application. Packet filtering is the basic firewall function. Circuit-level
functionality provides NAT, and an application firewall provides proxy functionality.
This is a good point to remember for the exam.
ExamAlert
- What is the basic reason for implementing a firewall?
❍ A. It reduces the costs associated with Internet access.
❍ B. It provides NAT functionality.
❍ C. It provides a mechanism to protect one network from another.
❍ D. It allows Internet access to be centralized.
- C. Implementing a firewall gives you protection between networks, typically from
the Internet to a private network. All the other answers describe functions offered
by a proxy server. Some firewall systems do offer NAT functionality, but NAT is
not a firewall feature; it is an added benefit of these systems.
- Which of the following statements best describes a VPN?
❍ A. It is any protocol that enables remote clients to log in to a server over
a network such as the Internet.
❍ B. It provides a system whereby only screen display and keyboard and
mouse input travel across the link.
❍ C. It is a secure communication channel across a public network such
as the Internet.
❍ D. It is a protocol used to encrypt user IDs and passwords.
- C. A VPN provides a secure communication path between devices over a public
network such as the Internet.
- While reviewing the security logs for your server, you notice that a user on the
Internet has attempted to access your internal mail server. Although it appears
that the user’s attempts were unsuccessful, you are concerned about the possibility
that your systems might be compromised. Which of the following solutions
are you most likely to implement?
❍ A. A more secure password policy
❍ B. A firewall system at the connection point to the Internet
❍ C. File-level encryption
❍ D. Kerberos authentication
- B. To prevent unauthorized access to a private network from the Internet, you
can use a firewall server to restrict outside access. Implementing a more secure
password policy (answer A) is a good idea, but it is not the best choice.
Implementing a file-level encryption system (answer C) is a good idea, but it is
not the best choice. Kerberos (answer D) is an authentication system, not a
method to prevent unauthorized access to the system.
- You have enabled HTTPS because of concerns about the security of your web
server application, which runs on a web server system in the DMZ of your corporate
network. However, remote users are now unable to connect to the application.
Which of the following is the most likely reason for the problem?
❍ A. Port 80 is being blocked on the corporate firewall.
❍ B. Port 443 is being blocked on the corporate firewall.
❍ C. Remote users need to enable HTTPS support in their web browsers.
❍ D. Port 110 is being blocked on the corporate firewall.
4. B. The most likely explanation is that port 443, the HTTPS default port, is being blocked by a corporate firewall. Port 80 (answer A) is used by HTTP. All modern web browsers automatically support HTTPS; therefore, answer C is incorrect. Port 110 (answer D) is used by POP3.
5. Which of the following is not a commonly implemented feature of a firewall system? ❍ A. NAT ❍ B. Packet filtering ❍ C. Proxy ❍ D. NAS
- D. A firewall can provide several services to the network, including NAT, proxy
services, and packet filtering. NAS is not a function of a firewall server; the
acronym stands for network attached storage.
- When a system running TCP/IP receives a data packet, which of the following
does it use to determine which service to forward the packet to?
❍ A. Port number
❍ B. Packet ID number
❍ C. Data IP number
❍ D. IP protocol service type
- A. The service for which a data packet is destined is determined by the port
number to which it is sent.
___ ___ control is the most secure form of access control. In systems configured to use mandatory access control, administrators dictate
who can access and modify data, systems, and resources. ____ systems are commonly used in military installations, financial institutions, and, because of new privacy laws, medical institutions.
Mandatory access control (MAC):
MAC secures information and resources by assigning sensitivity labels to
objects and users. When users request access to an object, their sensitivity
level is compared to the object’s. A label is a feature applied to files, directories,
and other resources in the system. It is similar to a confidentiality stamp.
When a label is placed on a file, it describes the level of security for that specific
file. It permits access by files, users, programs, and so on that have a similar
or higher security setting.
___ ___ control is not forced from the administrator or operating system. Instead, access is controlled
by an object’s owner. For example, if a secretary creates a folder, he decides who will have access to that folder. This access is configured using permissions and an access control list.
discretionary access control (DAC):
DAC uses an access control list (ACL) to determine access. The ACL is a
table that informs the operating system of the rights each user has to a particular
system object, such as a file, directory, or printer. Each object has a security
attribute that identifies its ACL. The list has an entry for each system user
with access privileges. The most common privileges include the ability to read
a file (or all the files in a directory), to write to the file or files, and to execute
the file (if it is an executable file or program).
___ ____ control controls access to objects according to established rules. The configuration and security settings established on a router or firewall are a good example.
Rule-based access:
In a practical application, rule-based access control is a variation on MAC.
Administrators typically configure the firewall or other device to allow or
deny access. The owner or another user does not specify the conditions of
acceptance, and safeguards ensure that an average user cannot change settings
on the devices.
In ___ ___ control, access decisions are determined by the roles that individual users have within the organization.
role-based access control (RoBAC):
Role-based access
requires the administrator to have a thorough understanding of how a particular
organization operates, the number of users, and each user’s exact function
in that organization.
___ ___ is often too restrictive to be practical in business. For instance, using teachers as an example, some more experienced teachers might have more responsibility than others and might require increased access to a particular network object. Customizing access to each individual is a time-consuming
process.
Least privilege
_____ is a remote-access solution included with Windows Server products. It is a feature-rich, easy-to-configure, easy-to-use method of configuring remote
access.
Remote Access Service RAS
____ is the standard remote-access protocol in use today. PPP is actually a family of protocols that work together to provide connection services.
point-to-point protocol PPP:
During the establishment of a PPP connection between the remote system
and the server, the remote server needs to authenticate the remote user. It
does so by using the PPP authentication protocols.
___ _____ ____is a protocol used to connect multiple network users on an Ethernet local area network to a remote site through a common device.
Point-to-Point Protocol over Ethernet (PPPoE):
For example, using PPPoE, you can have all users
on a network share the same link, such as a DSL, cable modem, or wireless
connection to the Internet. PPPoE is a combination of PPP and the Ethernet
protocol, which supports multiple users in a local area network (hence the
name). The PPP information is encapsulated within an Ethernet frame.
___ ___ ___is a method to restrict access to the network
based on identify or posture (discussed later in this chapter). This was created by Cisco to enforce privileges and make decisions on a client device based on information gathered from it (such as the vendor and version of the antivirus
software running).
Network Access Control (NAC)
A ____assessment is any evaluation of a system’s security based on settings
and applications found.
posture
Be able to identify posture assessment.
ExamAlert
Remote-Control Protocols:
____ is a low-bandwidth protocol used to send mouse movements, keystrokes, and bitmap images of the screen
on the server to the client computer. It does not actually send data over the connection—only screenshots and client keystrokes.
Remote Desktop Protocol (RDP),
____ is a tunneling protocol originally created for UNIX systems. It uses encryption to establish a secure connection between two systems and provides
alternative, security-equivalent applications for such utilities as Telnet, FTP, and other communications-oriented applications. Although it is available with
Windows and other operating systems, it is the preferred method of security for Telnet and other cleartext-oriented programs in the UNIX environment. It uses port 22 and TCP for connections.
Secure Shell (SSH),
Be sure you know the port associated with SSH.
Citrix
EXAMALERT
_____ enables clients to access and run applications on a server, using the
server’s resources. Only the user interface, keystrokes, and mouse movements
transfer between the client system and the server. In effect, even though you
work at the remote computer, the system functions as if you were actually sitting
at the computer itself. As with Terminal Services and RDP, it is an
example of thin client computing.
Independent Computing Architecture (ICA)
Three protocols described in this chapter enable access to remote systems and enable users to run applications on the system, using that system’s resources. Only the user interface, keystrokes, and mouse movements transfer between the client system and the remote computer.
ExamAlert
When configuring security for wireless networks, filtering by MAC address is a
common practice. Typically, in MAC filtering security, MAC addresses can be
added to an “allow” ACL or “deny” ACL.
ExamAlert
1. Which of the following protocols is used in thin-client computing? ❍ A. RDP ❍ B. PPP ❍ C. PPTP ❍ D. RAS
- A. RDP is used in thin-client networking, where only screen, keyboard, and
mouse input is sent across the line. PPP is a dialup protocol used over serial
links. PPTP is a technology used in VPNs. RAS is a remote-access service.
- Which of the following statements best describes the function of PPP?
❍ A. It is a secure technology that enables information to be securely
downloaded from a website.
❍ B. It is a dialup protocol used over serial links.
❍ C. It is a technology that enables a secure tunnel to be created through
a public network.
❍ D. It provides a public key/private key exchange mechanism.
- B. PPP is a protocol that can be used for dialup connections over serial links.
Answer A describes SSL, answer C describes a VPN, and answer D describes
PKI.
- Your company wants to create a secure tunnel between two networks over the
Internet. Which of the following protocols would you use to do this?
❍ A. PAP
❍ B. CHAP
❍ C. PPTP
❍ D. SLAP
- C. To establish the VPN connection between the two networks, you can use
PPTP. PAP and CHAP are not used to create a point-to-point tunnel; they are
authentication protocols. SLAP is not a secure dialup protocol.
- Because of a recent security breach, you have been asked to design a security
strategy that will allow data to travel encrypted through both the Internet and
intranet. Which of the following protocols would you use?
❍ A. IPSec
❍ B. SST
❍ C. CHAP
❍ D. FTP
- A. IPSec is a nonproprietary security standard used to secure transmissions both
on the internal network and when data is sent outside the local LAN. IPSec provides
encryption and authentication services for data communications. Answer B
is not a valid protocol. Answer C, CHAP, is a remote-access authentication protocol.
Answer D is incorrect because FTP is a protocol used for large data transfers,
typically from the Internet.
- What does the acronym AAA stand for?
- AAA refers to authentication, authorization, and accounting services.
- What are some of the policies that can usually be set for passwords?
- Common password policies typically include a minimum length of password,
password expiration, prevention of password reuse, and prevention
of easy-to-guess passwords.
___ refers to the mechanisms used to verify the identity of the computer or user attempting to access a particular resource. It is usually done with a set of credentials—most commonly a username and
password.
Authentication
_____determines if the person, previously identified and authenticated,
is allowed access to a particular resource. This is commonly determined
through group association. In other words, a particular group may have a specific
level of security clearance.
Authorization
_______ refers to the tracking mechanisms used to keep a record of events on a system. One tool often used for this purpose is auditing. Auditing is the process of monitoring occurrences and keeping a log of what has occurred on
a system.
Accounting
Be sure you can identify the purpose of authentication, authorization, and
accounting.
ExamAlert
In a Windows environment, two pieces of information are required to access the
network: a valid username and a valid password. Both are required to gain access.
ExamAlert
You need to identify an effective password policy. For example, a robust password
policy would include forcing users to change their passwords on a regular basis.
ExamAlert
_______ is an Internet Engineering Task Force (IETF) standard for providing authentication. It is an integral part of network security. Networks, including the Internet, can connect people from all over the world. When data travels from one point to another across a network, it can be lost, stolen, corrupted, or misused. Much of the data sent over networks is sensitive, whether it is medical, financial, or otherwise. A key consideration for those responsible for the network is maintaining the confidentiality of the data.
Kerberos:
Kerberos was designed to fix such problems by using a method requiring only
a single sign-on. This single sign-on enables a user to log into a system and
access multiple systems or resources without the need to repeatedly re-enter
the username and password. Additionally, Kerberos is designed to have entities
authenticate themselves by demonstrating possession of secret information.
Kerberos is a nonproprietary protocol and is used for cross-platform authentication.
It’s the main authentication protocol used with Windows servers.
ExamAlert
Kerberos enables secure authentication over an insecure network such as the
Internet.
ExamAlert
Kerberos uses ___ ___ ___ in which both client and server use the same encryption key to cipher and decipher data.
symmetric key cryptography,
Another cryptography method in use is asymmetric key cryptography, or public key
cryptography. In this method, a device has both a public and private key. The private
key is never shared. The public key is used to encrypt the communication, and
the private key is used for decrypting.
ExamAlert
You should know that the security tokens used in Kerberos are known as tickets.
ExamAlert
_______ is a collection of software, standards, and
policies combined to enable users from the Internet or other unsecured public
networks to securely exchange data.
Public Key Infrastructure (PKI):
PKI uses a public and private cryptographic
key pair obtained and shared through a trusted authority. Services and
components work together to develop the PKI. Some of the key components
of a PKI include the following: Certficates, Certificat authorities (CAs), Certificate templates, Certificate Revocation List (CRL)
In PKI:
A nonsecret key that forms half of a cryptographic key pair
used with a public key algorithm. The public key is freely given to all
potential receivers.
Public Key
In PKI:
The secret half of a cryptographic key pair used with a
public key algorithm. The private part of the public key cryptography
system is never transmitted over a network.
Private Key
Certificatess are the cornerstones of the PKI. A certificate is essentially a form of
electronic credential that validates users, computers, or devices on the network. A
certificate is a digitally signed statement that associates the credentials of a public
key to the identity of the person, device, or service that holds the corresponding
private key.
ExamAlert
RADIUS is a protocol that enables a single server to become responsible for all
remote-access authentication, authorization, and auditing (or accounting) services.
ExamAlert
_____ is a security
protocol designed to provide centralized validation of users who are attempting
to gain access to a router or Network Access Server (NAS).
Terminal Access Controller Access Control System+ (TACACS+):
Like
RADIUS, TACACS+ is a set of security protocols designed to provide
authentication, authorization, and accounting (AAA) of remote users.
TACACS uses TCP port 49 by default.
RADIUS functions as a client/server system. The remote user dials in to the
remote-access server, which acts as a RADIUS client, or network access server
(NAS), and connects to a RADIUS server. The RADIUS server performs
authentication, authorization, and auditing (or accounting) functions and
returns the information to the RADIUS client (which is a remote-access server
running RADIUS client software); the connection is either established or
rejected based on the information received.
KNOW THIS
Both RADIUS and TACACS+ provide authentication, authorization, and accounting
services. One notable difference between TACACS+ and RADIUS is that TACACS+
relies on the connection-oriented TCP, whereas RADIUS uses the connectionless
UDP.
ExamAlert
Authenticates remote Windows workstations, providing the
functionality to which LAN-based users are accustomed while integrating
the hashing algorithms used on Windows networks
Microsoft Challenge Handshake Authentication Protocol (MSCHAP): MS-CHAP works with PPP, PPTP, and L2TP network connections. MS-CHAP
uses a challenge/response mechanism to keep the password from being sent during the authentication process. MS-CHAP uses the Message Digest 5 (MD5) hashing algorithm and the Data Encryption Standard
(DES) encryption algorithm to generate the challenge and response. It provides mechanisms for reporting connection errors and for changing the user’s password.
____ Brings with it enhancements over its predecessor. These enhancements include support for two-way authentication
and a few changes in how the cryptographic key is analyzed.
Microsoft Challenge Handshake Authentication Protocol version 2
(MS-CHAP v2)::
An extension of PPP that
supports authentication methods that go beyond the simple submission
of a username and password. _____ was developed in response to an
increasing demand for authentication methods that use other types of
security devices such as token cards, smart cards, and digital certificates.
Extensible Authentication Protocol (EAP):
____supports non-
Microsoft remote-access clients. enables for authentication without
actually having the user send his password over the network.
Because it’s an industry standard, it enables Windows Server 2008/2003
and Windows 7/Vista to behave as a remote client to almost any thirdparty
PPP server.
Challenge Handshake Authentication Protocol (CHAP):
____ is a simple authentication protocol in which the username and password
are sent to the remote-access server in clear text, making it possible
for anyone listening to network traffic to steal both.
Password Authentication Protocol (PAP):
PAP typically is
used only when connecting to older UNIX-based remote-access servers
that do not support any additional authentication protocols.
Users are allowed to log on without authentication.
Unauthenticated access:
You should be familiar with the different remote-access authentication methods and
know where and when they may be used.
ExamAlert
A protocol for uploading and downloading files
to and from a remote host. Also accommodates
basic file management tasks.
FTP File Transfer Protocol
A Protocol for securely uploading and downloading files to and from a remote host. Based on SSH security
Secure File Transfer Protocol (SFTP)
A [rptpcp; fpr retrieving files from a web server. Data is sent in clear text
Hypertext Transfer Protocol (HTTP)
A secure protocol for retrieving files from a web server. Uses SSL to encrypt data between client and host
Hypertext Transfer Protocol Secure
Enables sessions to be opened on a remote host
Telnet
A secure alternative to Telnet that enables secure sessions toe be opened on a remote host
SSH
A cyrtographic protocol whose purpose is to verify that secure communications between a server and a client remain secure. It is an enhancement/replacement for SSL
Transport Layer Security
Provides an independent framework for authentication and key exchange. The actual implementation is usually done by IPSec but could be handled by any implementation capable of negotiating, modifying, and deleting security associations.
Internet Security Association and Key Management Protocol (ISAKMP)
Replaced by SSH because it sends all data clear text
RSH- a UNIX utility used to run a command on a remote machine
Enables files to be securely copied between two systems. Uses Secure SHell (SSH) technology to provide encryption services
Secure Copy Protocol (SCP)
Copies files between systems, but transport is not secured
Remote Copy Protocol (RCP)
A network monitoring system used to monitor the network’s condition. is not secured
Simple Network Management Protocol version 1 and 2 (SNMPv1/2)
An enhanced version of its predecessors offering both encryption and authentication services
SNMPv3
You will most certainly be asked questions on secure protocols and when they
might be used. Review Table 10.1 before taking the Network+ exam.
ExamAlert
1. Which of the following protocols is used with HTTPS? ❍ A. SSH ❍ B. SSL ❍ C. Proxy ❍ D. IPSec
- B. HTTPS uses SSL to create secure connections over the Internet. Answer A is
incorrect because SSH provides a secure multiplatform replacement for Telnet.
Answer C is invalid because it is a service and not a protocol. Answer D is incorrect
because IPSec is designed to encrypt data during communication between
two computers.
2. Which of the following is not an authentication protocol? ❍ A. IPSec ❍ B. CHAP ❍ C. PAP ❍ D. EAP
- A. IPSec is not an authentication protocol. All the other protocols listed are
authentication protocols.
3. Which of the following is the strongest password? ❍ A. password ❍ B. WE300GO ❍ C. l00Ka1ivE ❍ D. lovethemusic
- C. Strong passwords include a combination of letters and numbers and upperand
lowercase letters. Answer C is by far the strongest password. Answer A is
not a strong password because it is a standard word, contains no numbers, and
is all lowercase. Answer B mixes letters and numbers, and it is not a recognized
word, so it is a strong password, but it is not as strong as answer C. Answer D is
too easy to guess and contains no numbers.
- You are onsite as a consultant. The client’s many remote-access users experience
connection problems. Basically, when users try to connect, the system
cannot service their authentication requests. What kind of server might you recommend
to alleviate this problem?
❍ A. RADIUS server
❍ B. IPSec server
❍ C. Proxy server
❍ D. Kerberos server
- A. By installing a RADIUS server, you can move the workload associated with
authentication to a dedicated server. A proxy server would not improve the
dialup connection’s performance. There is no such thing as a Kerberos server or
an IPSec server.
- Which of the following services or protocols use SSH technology to provide
additional security to communications? (Choose two.)
❍ A. SCP
❍ B. SFTP
❍ C. SNMP
❍ D. SMTP
- A and B. Secure Shell (SSH) technology is used by both Secure Copy Protocol
(SCP) and Secure File Transfer Protocol (SFTP). Answers C and D are incorrect
because Simple Network Management Protocol (SNMP) and Simple Mail
Transfer Protocol (SMTP) do not use SSH technology for additional security.
- What are some of the more common potential risks to computer
systems?
- Viruses, Trojan horses, and worms all present a potential risk to computer
systems.
- What type of malware covertly gathers system information through the
user’s Internet connection without his or her knowledge, usually for advertising
purposes?
- Spyware covertly gathers system information through the user’s Internet
connection without his or her knowledge, usually for advertising purposes.
In a____ attack, spoofed UDP packets are sent to a network’s broadcast
address. These packets are directed to specific ports, such as port 7 or port 19,
and, after they are connected, can flood the system.
Fraggle
The _____ attack is similar to a Fraggle attack. However, a ping request is sent
to a broadcast network address, with the sending address spoofed so that many ping replies overload the victim and prevent it from processing the
replies.
Smurf
Software programs or code loaded onto a computer without the user’s knowledge. After it is loaded, the ____ performs some form of
undesirable action on the computer.
virus
Although they are still a form of virus, ___ viruses are
specifically designed to damage office or text documents.
macro
___ are a nasty form of software that automatically and
silently propagate without modifying software or alerting the user. After
they are inside a system, they can carry out their intended harm,
whether it is to damage data or relay sensitive information
WORMS
appear as helpful or harmless programs
but when installed carry and deliver a malicious payload. A___ ___
virus might, for example, appear to be a harmless or free online game
but when activated is actually malware.
Trojan horse
____ covertly gathers system information through the
user’s Internet connection without his or her knowledge, usually for advertising purposes. These applications typically are bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet.
Spyware
A __ virus installs itself into the operating system and stays there. It typically places itself in memory and from there infects and does damage. The resident loads with the operating system
on boot.
resident
Like any other applications, from time to time viruses are enhanced to make them harder to detect and to modify the damage they do. Modifications to existing viruses are called ____ because they are
rereleased versions of known viruses.
variants
One particularly hard-to-handle type of virus is the
____. It can change its characteristics to avoid detection. These viruses are some of the most difficult types to detect and remove.
polymorphic
____ can hide itself to avoid detection. Such
viruses often fool detection programs by appearing as legitimate programs
or hiding within legitimate programs.
Stealth virus:
___viruses are designed to infect and corrupt documents.
Because documents are commonly shared, these viruses can
spread at an alarming rate.
Macro Virus
Be prepared to identify the types of viruses and the differences between a virus,
Trojan horse, and worm.
ExamAlert
_____ attacks are designed to tie up network bandwidth and resources and eventually bring the entire network to a halt. This type of
attack is done simply by flooding a network with more traffic than it can handle. This attack is not designed to steal data but rather to cripple a network
and, in doing so, cost a company huge amounts of dollars.
Denial of service (DoS)
____ attacks are one of the most common types of attacks. Typically, usernames
are easy to obtain. Matching the username with the password allows
the intruder to gain system access to the level associated with that particular
user.
Password
____is a common form of cracking. It can be used by both outsiders and people within an organization. Social engineering is a hacker term for tricking people into revealing their password or some form of security information. It might include trying to get users to send passwords or other information over email, shoulder surfing, or any other method that tricks users into divulging information. It is an attack that attempts to take advantage of human behavior.
Social engineering
____ involves an intruder who obtains sensitive
information such as passwords, data, and procedures for performing functions
by intercepting, listening to, and analyzing network communications.
eavesdropping
In a ___ attack, an attacker gains access to a computer or program by
bypassing standard security mechanisms.
back door attack,: For instance, a programmer might
install a back door so that the program can be accessed for troubleshooting or
other purposes. Sometimes, as discussed earlier, nonessential services are
installed by default, and it is possible to gain access using one of these unused
services.
In a ___ attack, the intruder places himself between the sending and receiving devices and captures the communication as it passes by. The
interception of the data is invisible to those actually sending and receiving the
data. The intruder can capture the network data and manipulate it, change it,
examine it, and then send it on. Wireless communications are particularly susceptible
to this type of attack.
man-in-the-middle attack
_____ is a technique in which the real source of a transmission, file, or email is concealed or replaced with a fake source. This technique enables an attacker, for example, to misrepresent the original source of a file available for download. Then he can trick users into accepting a file from an untrusted
source, believing it is coming from a trusted source.
Spoofing
A ___ ___ ___ describes a situation in which a wireless access point has
been placed on a network without the administrator’s knowledge.
rogue access point:
The result is
that it is possible to remotely access the rogue access point because it likely
does not adhere to company security policies. So all security can be compromised
by a cheap wireless router placed on the corporate network. An evil twin
attack is one in which a rogue wireless access point poses as a legitimate wireless
service provider to intercept information users transmit.
These attacks start with war driving—driving around with a laptop looking for
open wireless access points with which to communicate and looking for weak
implementations that can be cracked (WEP cracking or WPA cracking). They
then lead to war chalking—those who discover a way in to the network leave signals (often written in chalk) on, or outside, the premise to notify others
that the vulnerability is there. The marks can be on the sidewalk, the side of
the building, a nearby signpost, and so on.
Advertising Wireless Weaknesses
Often users receive a variety of emails offering products, services, information,
or opportunities. Unsolicited email of this type is called ____. This technique involves a bogus offer sent to hundreds of thousands
or even millions of email addresses. The strategy plays the odds. For
every 1,000 emails sent, perhaps one person replies. Phishing can be dangerous
because users can be tricked into divulging personal information such as
credit card numbers or bank account information.
phishing (pronounced
“fishing”)
Be ready to identify the types of attacks just described. You can expect a question
on the exam about these types of attacks.
ExamAlert
1. What type of virus can hide itself to avoid detection? ❍ A. Macro ❍ B. Stealth ❍ C. Partite ❍ D. Worm
- B. A stealth virus can hide itself to avoid detection. Such viruses often fool
detection programs by appearing as legitimate programs or hiding within legitimate
programs.
- Which of the following is an attack in which a rogue wireless access point poses
as a legitimate wireless service provider to intercept information users transmit?
❍ A. Pharming
❍ B. Phishing
❍ C. Evil twin
❍ D. Social Engineering
- C. An evil twin attack is one in which a rogue wireless access point poses as a
legitimate wireless service provider to intercept information users transmit.
- Which of the following is a type of denial of service attack that occurs when
more data is put into a buffer than it can hold?
❍ A. Dictionary attack
❍ B. Buffer overflow
❍ C. Worm
❍ D. Trojan horse
- B. A buffer overflow is a type of denial of service (DoS) attack that occurs when
more data is put into a buffer than it can hold.
- Which of the following is an attack in which something that appears as a helpful
or harmless program carries and delivers a malicious payload?
❍ A. Worm
❍ B. Phish
❍ C. Evil twin
❍ D. Trojan horse
- D. Trojan horses appear as helpful or harmless programs but, when installed,
carry and deliver a malicious payload.
- Which of the following is an attack in which users are tricked into revealing their
passwords or some form of security information?
❍ A. Pharming
❍ B. Phishing
❍ C. Evil twin
❍ D. Social Engineering
- D. Social engineering is a term for tricking people (users) into revealing their
passwords or some form of security information.
- What are some of the services a firewall often provides?
- A firewall often provides such services as NAT, proxy, and packet filtering.
- What is the primary difference between an IDS and an IPS?
- An IDS is a passive security measure, and the IPS is a reactive security
measure.
- What is the scope of a firewall?
- A firewall can be either host-based, on a single system, or networkbased,
protecting systems networkwide.
Security is represented well in the Network+ objectives. You can expect to see
exam questions on the types of firewalls and their characteristics. For example, you
should know the differences between software and hardware firewalls and understand
stateful inspection versus packet filtering firewalls.
ExamAlert
A stateless firewall examines the information within a data packet and rejects or
accepts the packet based on the source or destination address or port number listed
in the packet header. Stateful firewalls have features allowing them not only to
examine individual packets but also to examine packet streams at the application
layer (DNS, SMTP, POP3, SNMP).
ExamAlert
Application layer firewalls offer a proxy service between the sending and receiving
devices. Using proxy services, the firewall can filter the content to and from source
and destination.
ExamAlert
The three firewall methods described in this chapter are often combined into a single
firewall application. Packet filtering is the basic firewall function. Circuit-level
functionality provides NAT, and an application firewall provides proxy functionality.
This is a good point to remember for the exam.
ExamAlert
- What is the basic reason for implementing a firewall?
❍ A. It reduces the costs associated with Internet access.
❍ B. It provides NAT functionality.
❍ C. It provides a mechanism to protect one network from another.
❍ D. It allows Internet access to be centralized.
- C. Implementing a firewall gives you protection between networks, typically from
the Internet to a private network. All the other answers describe functions offered
by a proxy server. Some firewall systems do offer NAT functionality, but NAT is
not a firewall feature; it is an added benefit of these systems.
- Which of the following statements best describes a VPN?
❍ A. It is any protocol that enables remote clients to log in to a server over
a network such as the Internet.
❍ B. It provides a system whereby only screen display and keyboard and
mouse input travel across the link.
❍ C. It is a secure communication channel across a public network such
as the Internet.
❍ D. It is a protocol used to encrypt user IDs and passwords.
- C. A VPN provides a secure communication path between devices over a public
network such as the Internet.
- While reviewing the security logs for your server, you notice that a user on the
Internet has attempted to access your internal mail server. Although it appears
that the user’s attempts were unsuccessful, you are concerned about the possibility
that your systems might be compromised. Which of the following solutions
are you most likely to implement?
❍ A. A more secure password policy
❍ B. A firewall system at the connection point to the Internet
❍ C. File-level encryption
❍ D. Kerberos authentication
- B. To prevent unauthorized access to a private network from the Internet, you
can use a firewall server to restrict outside access. Implementing a more secure
password policy (answer A) is a good idea, but it is not the best choice.
Implementing a file-level encryption system (answer C) is a good idea, but it is
not the best choice. Kerberos (answer D) is an authentication system, not a
method to prevent unauthorized access to the system.
- You have enabled HTTPS because of concerns about the security of your web
server application, which runs on a web server system in the DMZ of your corporate
network. However, remote users are now unable to connect to the application.
Which of the following is the most likely reason for the problem?
❍ A. Port 80 is being blocked on the corporate firewall.
❍ B. Port 443 is being blocked on the corporate firewall.
❍ C. Remote users need to enable HTTPS support in their web browsers.
❍ D. Port 110 is being blocked on the corporate firewall.
4. B. The most likely explanation is that port 443, the HTTPS default port, is being blocked by a corporate firewall. Port 80 (answer A) is used by HTTP. All modern web browsers automatically support HTTPS; therefore, answer C is incorrect. Port 110 (answer D) is used by POP3.
5. Which of the following is not a commonly implemented feature of a firewall system? ❍ A. NAT ❍ B. Packet filtering ❍ C. Proxy ❍ D. NAS
- D. A firewall can provide several services to the network, including NAT, proxy
services, and packet filtering. NAS is not a function of a firewall server; the
acronym stands for network attached storage.
- When a system running TCP/IP receives a data packet, which of the following
does it use to determine which service to forward the packet to?
❍ A. Port number
❍ B. Packet ID number
❍ C. Data IP number
❍ D. IP protocol service type
- A. The service for which a data packet is destined is determined by the port
number to which it is sent.
- What are the key sources from which you can gain information about a
computer problem?
- It is important to get as much information as possible about the problem.
You can glean information from three key sources: the computer (in the
form of logs and error messages), the computer user experiencing the
problem, and your own observation.
- What is the final step in the network troubleshooting methodology
CompTIA expects test takers to follow?
- Document the findings, the actions, and the outcomes.
You should expect questions asking you to identify the troubleshooting steps in
exact order.
ExamAlert
- A user reports that she can no longer access a legacy database. What should be
one of the first questions you ask?
❍ A. What has changed since the last time you accessed that database?
❍ B. How many help calls have you placed in the past few months?
❍ C. Who originally installed or created that database?
❍ D. How long have you worked here?
- A. Establishing any recent changes to a system can often lead you in the right
direction to isolate and troubleshoot a problem.
- You’ve spent 2 hours trying to fix a problem and then realize that it falls
outside of your area of expertise and ability to fix. What should you do in most
organizations?
❍ A. Let the user immediately know that she needs to call someone else;
then exit the scene so another person can help.
❍ B. Formulate a workaround; then document the problem and bring it up
at the next meeting.
❍ C. Escalate the issue with a supervisor or manager.
❍ D. Continue working on the problem, trying as many solutions as you
can find, until you solve the problem.
- C. When a problem is outside of your ability to fix, you must escalate the issue.
Unless otherwise specified by the organization, the general rule is to start with
the closest help and work out from there. None of the other options are acceptable
choices.
- You get numerous calls from users who cannot access an application. Upon
investigation, you find that the application crashed. You restart the application,
and it appears to run okay. What is the next step in the troubleshooting process?
❍ A. Email the users to let them know that they can use the application
again.
❍ B. Test the application to ensure that it correctly operates.
❍ C. Document the problem and the solution.
❍ D. Reload the application executables from the CD, and restart it.
- B. After you fix a problem, you should test it fully to ensure that the network correctly
operate before you allow users to log back on. The steps described in
answers A and C are valid but only after the application has been tested. Answer
D is incorrect because you would reload the executable only as part of a systematic
troubleshooting process. Because the application loads, it is unlikely that
the executable has become corrupted.
- A user tells you that she is having a problem accessing her email. What is the
first step in the troubleshooting process?
❍ A. Document the problem.
❍ B. Make sure that the user’s email address is valid.
❍ C. Discuss the problem with the user.
❍ D. Visit the user’s desk to reload the email client software.
- C. Not enough information is provided for you to come up with a solution. In
this case, the next troubleshooting step would be to talk to the user and gather
more information about exactly what the problem is. All the other answers are
valid troubleshooting steps but only after the information gathering has been
completed.
- You have successfully fixed a problem with a server and have tested the application
and let the users back onto the system. What is the next step in the troubleshooting
process?
❍ A. Document the problem.
❍ B. Restart the server.
❍ C. Document the problem and the solution.
❍ D. Clear the error logs of any reference to the problem.
- C. After you have fixed a problem, tested the fix, and let users back on to the
system, you should create detailed documentation that describes the problem
and the solution. Answer A is incorrect because you must document both the
problem and the solution. You do not need to restart the server, so Answer B is
incorrect. Answer D would be performed only after the system’s documentation
has been created.
- What commonly used protocol is designed to prevent switching loops?
- Switching loops are simply the result of having more than one path
between two switches in a network. Spanning Tree Protocol (STP) is
designed to prevent these loops from occurring.
- What can occur when a network is overwhelmed with constant broadcasts
or multicast traffic?
- A broadcast storm occurs when a network is overwhelmed with constant
broadcasts or multicast traffic.
Wiring problems are related to the actual cable used in a network. For the purposes
of the exam, infrastructure problems are classified as those related to network
devices such as hubs, switches, and routers.
ExamAlert
___ ___are simply the result of having more than one path between
two switches in a network. Spanning Tree Protocol (STP) is designed to prevent
these loops from occurring. If the packet in the loop is a broadcast message,
the loop can create a full broadcast storm (as discussed at the end of this
list). Switching loops occur at the data link layer (Layer 2) of the OSI model.
switching loops
You should be able to associate STP with switching loops. (spanning tree protocol)
ExamAlert
As the name suggests, a___ ___ occurs when data packets continue to be
routed in an endless circle.
routing loop
___ typically occur when routing tables contain information that
does not reflect the correct topology of the internetwork.
Route problems
In a ___ ARP configuration, one system
or network device answers ARP requests for another system. It is proxy ARP
because one network system is proxying for another’s ARP communications.
proxy
A ___ ___ occurs when a network is overwhelmed
with constant broadcast or multicast traffic.
broadcast storm: Broadcast storms can eventually
lead to a complete loss of network connectivity as the network is bogged
down with the broadcast storm. As with other network problems, you may
suspect a broadcast storm when network response times are poor and people
are complaining about the slow network. These broadcast storms can be
caused by faulty hardware such as a NIC that continually sends data, switching
loops, or even faulty applications running on the network. Baselines work
well for identifying broadcast storms.
On the router, the ___ ___ dictates what traffic is allowed to flow through. The router can be configured to enable individual port traffic in, out, or both and is referred to as port forwarding. If a port is blocked (such as 80 for HTTP or 21 for FTP), the data will not be allowed through, and users will be affected.
port configuration
Think of port configuration and port forwarding as the same when it comes to the
router.
ExamAlert
A condition known as a ___ ___ can occur when a router does not send back an expected message that the data has been received. It is known as a this from the view that data is being sent, but is essentially being lost.
black hole: This condition occurs when the packet the router receives is larger than the
configured size of the Maximum Transmission Unit (MTU) and the Do Not
Fragment flag is configured on that packet. When this occurs, the router is supposed to send a Destination Unreachable message back to the host. If the
packet is not received, the host does not know that the packet did not go
through.
Identify a black hole.
ExamAlert
When the ___ ___is incorrect, the router thinks the network is divided into segments other than it is actually configured. Because the purpose of the router is to route traffic, a wrong value here can cause it to try to route traffic to subnets that don’t exist.
subnet mask
If you have a wrong gateway problem:
When you have the gateway(s) configured, use the ping and tracert/traceroute
utilities to verify connectivity and proper configuration.
EXAM ALERT
____ refers to interference between adjacent wire pairs within the twistedpair
cable at the near end of the link (the end closest to the origin of the data
signal). This occurs when an outgoing data transmission leaks over to an
incoming transmission. In effect, the incoming transmission overhears the signal
sent by a transmitting station at the near end of the link. The result is that
a portion of the outgoing signal is coupled back into the received signal.
Near End Crosstalk (NEXT)
___ occurs when a receiving station overhears a data signal being sent by a
transmitting station at the other end of a transmission line. This identifies
the interference of a signal through a wire pair to an adjacent pair at the farthest
end from the interfering source (the end where the signal is received).
Far End Crosstalk (FEXT)
NOTE: As mentioned, crosstalk occurs when the signals sent through media interfere with
data signals on adjacent wires. Within the twisted-pair cable, each wire pair is
twisted to help reduce crosstalk; the tighter the twist, the more effective the cable
is at managing crosstalk. This is one reason to buy high-quality cable.
KNOW TIS
For the Network+ objective referencing cable problems associated with distance,
think of attenuation.
ExamAlert
Private Address Range for Class A TCP/IP
Address Rang: 10.0.0.0 to 10.255.255.255 /Subnet Mask 255.0.0.0
Private Address Range for Class B
172.16.0.0 to 172.31.255.255/ Subnet mask 255.255.0.0
Private Address Range for Class C
192.168.0.0 to 192.168.255.255/ subnet mask 255.255.255.0
You need to know the private address ranges in Table 11.2.
ExamAlert
The ___ ___ enables the system to determine what
portion of the IP address represents the network address and what portion
represents the node address.
subnet mask
The ___ ___ enables internal systems to communicate with systems on a remote network. In home use, this would likely be the DSL or cable modem, which acts as a router. In a business environment it is the device that routes traffic from
default gateway
___ enable dynamic hostname resolution
to be performed. It is common practice to have two of these defined so that if one server becomes unavailable, the other
can be used. The client system must be configured with the IP address of the local one of these. If a client system has the wrong one listed, hostname resolution is impossible.
DNS Server Addresses
At the very minimum, an IP address and subnet mask are required to connect to a
TCP/IP network. With just this minimum configuration, connectivity is limited to the
local segment, and DNS resolution is impossible.
ExamAlert
f you manually enter IP information on client systems, remember that entering a
duplicate IP address may prevent a client system from logging on to the network. If
this happens, the second system attempting to log on to the network with the
duplicate address is denied.
ExamAlert
VLAN assignment is one of the troubleshooting topics you should expect to see a
question about on the exam.
ExamAlert
- Which of the following best describes the function of the default gateway?
❍ A. It converts hostnames to IP addresses.
❍ B. It converts IP addresses to hostnames.
❍ C. It enables systems to communicate with systems on a remote network.
❍ D. It enables systems to communicate with routers.
- C. The default gateway enables the system to communicate with systems on a
remote network, without the need for explicit routes to be defined. The default
gateway can be assigned automatically using a DHCP server or can be input
manually.
4. Which of the following bits of IP information are mandatory to join the network? (Choose two.) ❍ A. Subnet mask ❍ B. IP address ❍ C. DNS address ❍ D. Default gateway
- A and B. Configuring a client requires at least the IP address and a subnet mask.
The default gateway, DNS server, and WINS server are all optional, but network
functionality is limited without them.
- You are wiring a new network. Due to space limitations, you need to run several
cables close to each other. After the setup, you find that the signals from each
cable are overlapping. Which term describes what is happening?
❍ A. Attenuation
❍ B. Crosstalk
❍ C. Near crosstalk
❍ D. EMI
- B. Crosstalk can occur when the signal from one cable overlaps with the signal
from another. This can sometimes happen when cables are run too close together.
The remedy is to run the cables farther apart and use quality shielded cable.
6. Which of the following should you consider when troubleshooting wiring problems? (Choose the three best answers.) ❍ A. The distance between devices ❍ B. Interference ❍ C. Atmospheric conditions ❍ D. Connectors
- A, B, and D. When you troubleshoot a wiring problem, consider the distance
between devices, interference such as crosstalk and EMI, and the connection
points. Answer C is incorrect because bound media (that is, cables) are unaffected
by atmospheric conditions.
