Random Flashcards by Thomas Eyre

In STP port states, what is Blocking?

Not forwarding to prevent a loop

How well did you know this?

Not at all

Perfectly

I’m STP port states, what is Listening?

Not forwarding and cleaning the MAC Address

How well did you know this?

Not at all

Perfectly

I’m STP port states, what is Forwarding?

Data passes through and is fully operational

How well did you know this?

Not at all

Perfectly

What designates the interface closest to the singular Root Bridge (Root of the network)

Root Server
Root Guard
Root Interface
Root Port

Root Port

How well did you know this?

Not at all

Perfectly

Power provided by an Ethernet Cable. One wire for both network and electricity

Power over Ethernet (PoE)

How well did you know this?

Not at all

Perfectly

For IPV6, a broadcast is sent across all devices in order to build an ARP

False, IPV6 uses multicast (no broadcasts) and there is no ARP in IPV6

How well did you know this?

Not at all

Perfectly

What is Neighbor MAC Discovery?

Replaces IPv4 ARP.
1.Work station A sends a Neighbor Solicitation (NS) multicast on the network with the destination MAC address.
2. Whichever work station matches that MAC address will then accept.
3. It sends back a Neighbor Advertisement (NA) to inform the first work station of the receipt.

How well did you know this?

Not at all

Perfectly

Which 802.11 standards support 5 GHz and what are their max theoretical throughput per stream/total?

•802.11a- 54 Mbits
•802.11n (4 x MIMO)150mbits, 600 Mbits
•802.11ac (8 x DL MU-MIMO)- 867 Mbits, 6.9 Gbits
•802.11ax (8 x DL and UL MU-MIMO)- 1,201mbits, 9.6 Gbits

How well did you know this?

Not at all

Perfectly

What OSI layer does Application encryption (SSL/TLS) occur?

Later 6 Presentation

How well did you know this?

Not at all

Perfectly

What are the RFC 1918 private IPv4 addresses?

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

How well did you know this?

Not at all

Perfectly

What is the lowest amount a payload can be?

46
1426
60
1526

How well did you know this?

Not at all

Perfectly

Carrier Sense Multiple Access Collision Detection (CSMA/CD) communicates with full duplex,

False, CSMA/CD uses half duplex. If 2 frames are sent from different devices at the same time a collision occurs and a jam signal is sent to all devices to wait a random amount of time before being able to send frames.

How well did you know this?

Not at all

Perfectly

This is configured on a trunk port and Carries traffic for multiple VLAN’s. These frames are not tagged when transmitted over the trunk link.

Native VLAN

How well did you know this?

Not at all

Perfectly

VLAN assigned to switch port when it is not assigned to a specific VLAN

Default VLAN

How well did you know this?

Not at all

Perfectly

will tag outgoing frames and remove the tag on incoming frames.

Trunk ports

How well did you know this?

Not at all

Perfectly

802.3x

Power over Ethernet
Pause frame
Disassociation
STP

Pause frame, used for flow control

How well did you know this?

Not at all

Perfectly

What are some MDIX devices?

Switches
Hubs
NICs

How well did you know this?

Not at all

Perfectly

1,3
2,6
4,7
5,8

Crossover cable pins

How well did you know this?

Not at all

Perfectly

Transmit +
Transmit -
Receive +
Receive -

1
2
3
6

How well did you know this?

Not at all

Perfectly

Improves signal quality, Increases signal strength/speed and allows you to transmit and receive multiple data streams simultaneously through antennas

Multiple-input-multiple-output (MIMO)

How well did you know this?

Not at all

Perfectly

Allows a wireless access points (WiFi router) to communicate simultaneously with multiple client devices.

MU-MIMO

As opposed to MIMO which can only do 1 device at a time.

How well did you know this?

Not at all

Perfectly

Divides wireless communication into sub channels which each user gets their own set of to use, allowing many users on the network at the same time without interfering with one another

Orthogonal Frequency Division Multiple Access (OFDMA)

How well did you know this?

Not at all

Perfectly

802.11g can use up to 40mhz

False, A, B, G can only use 20 mhz
N- 20,40,60,80,
AC- 20,40,60,80,80+80,160
AX- 20,40,60,80,80+80,160

How well did you know this?

Not at all

Perfectly

This type of network allows devices to connect to each other dynamically to form a temporary network without connecting to a central device

Ad hoc (peer to peer) - devices can communicate to each other directly without a centralized infrastructure like a router or access point (WiFi commonly)

How well did you know this?

Not at all

Perfectly

2 devices communicating directly to each other using 802.11 without an access point required

IBSS- Independent Basic Service Set

SSID is the name of the wireless network and BSSID is the hardware address of an access point.

True! SSID is like the name of your WiFi (Lizard King) and BSSID is the physical hardware. The SSID will be the same but you may auto configure to a different BSSID depending on location

What is an Extended Service Set Identifier (ESSID)?

It allows you to roam from one physical AP (BSSID) while remaining on the same network/WiFi (SSID) to another AP (BSSID) automatically. Connected multiple BSSID’s to a singular SSID.

What are Omnidirectional antennas?

Evenly distributed signal on all sides. Very common and used on access points. Rubber duck. Cannot focus a signal to a direction

Which antenna below is directional: Omnidirectional Yagi Parabolic

Yagi- medium directional signal/gain, tree branch like with dipole in middle, medium range Parabolic- focus the signal to a single point, very directional, dish shaped with a central feed (dipole), long range

What masks are in 240 CIDR?

/4 /12 /20 /28

What masks are in a 192 CIDR?

/2 /10 /18 /26

What are the CIDR notation numbers?

128 192 224 240 248 252 254 255

Compress this IPV6 address: 2600:DDDD:1111:0001:0000:0000:0000:0001

2600:DDDD:1111:1::1 Remove leading 0’s Group of 0’s can be abbreviated with double colons

Name an availability percentage and it’s annual downtime.

99.9999 - 00:00:32 99.999 - 00:05:15 (5 9’s) 99.99 - 00:52:34 99.9 - 08:45:36 99.0 - 87:36:00

What is the Mean Time Between Failure (MTBF) and how is it different than the Mean Time To Failure (MTTF)

MTTBF= devices multiplied by total time, divided by failures MTTF= device multiplied by total time, divided by devices

IPv4 has a TTL and IPv6 uses hop limit to avoid packets looping forever.

True

0.0.0.0/0 Default gateway Default local address Default route Default dns suffix

Default Route

Describe Distance Vector routing protocols and give examples.

Makes forwarding decisions based on how many hops •RIP (Routing Info Protocol) -v1 has 15 hops -v2 has 16 hops •EIGP (Enhanced Interior Gateway Routing Protocol)

Which routing protocol is the most scalable and used in large networks? Link state DV Rip BGP

Link State. Makes forwarding decisions based on speed. •OSPF (Open Shortest Path First)

What is BGP (Border Gateway Protocol)

Determines route based on paths, network policies or configured set of rule sets

Centralized management of access points: reporting, configuring/changing, security/monitoring, and adding new AP’s

Wireless LAN Controller

Connects different physical networks and topologies with 2-4 ports distributing traffic based on MAC addresses

Bridge

WPA (Wifi Protected Access)

RC4 with TKIP -Initialization Vector (IV) is a larger and encrypted hash -every packet gets a unique 128 but encryption key

Security protocol that uses per packet mixing to dynamically modify the encryption key used for each packet

TKIP (Temporal Key Integrity Protocol) used in WPA and combined with RC4 Replaced by AES algorithm for WPA2 and 3

Standard for securing wireless networks that utilizes AES for data confidentiality, integrity and authentication within CCMP block cipher mode

WPA2 (WiFi Protected Access 2) Provides authentication and encryption

Widely used Symmetric(same key is used to encrypt/decrypt) for protecting data confidentiality and integrity in various applications.

AES (Advanced Encryption Standard) -resistance to cryptographic attacks like brute force -Block Cipher -encryption algorithm used within WPA2 and WPA3

Latest generation of WiFi security protocol that utilizes data confidentiality with AES, MIC, and GCMP

WPA3, Stronger than WPA2

Encryption and authentication protocol that combines GMAC (Galois Message Authentication Protocol) for MIC and AES for confidentiality

GCMP (Galois/Counter Mode Protocol) WPA3

SAE (Simultaneous Authentication of Equals) using a Diffie Hellman key exchange combined with everyone using a different session key

Dragon Fly Handshake Used in WPA3

changes the PSK authentication process with mutual authentication which creates a shared session key without it going across the network. WPA3 AES WPA2 TKIP

WPA3

What are some home wireless security modes and some used for businesses?

Home: WPA2/3 Personal /WPA2/3-PSK (everyone uses same pre shared key) Business: WPA2/3 Enterprise /WPA2/3-802.1x (authenticates users individually through an authentication server like radius)

If I didn’t need any security for my wireless AP what mode would I have it in? WPA WPA2 WEP Open System

Open System- no authentication password is required.

Allows callers to communicate at the same time with each call using a different code that filters each call on the receiving side

CDMA (Code División Múltiple Access)

First performance metric we typically look at and determines how much work a device is doing

CPU

What are 3 Bandwidth monitor tools that will have network statistics and show the amount of network being used over time?

SNMP, Netflow, sFlow, IPFIX

What tool would I use to determine if latency is coming from an application or if it is from the network?

Packet Capture- can analyze each response times with an analyzer tool inside of it. Ex. Wireshark, tcpdump

Metric used in SNMP

MIB II or MIB (Management Information Base)

When using SNMP to monitor the interface, what are 3 things being monitored?

•Link Status- up or down •Error Rate- signal problems •Utilization- network usage, run bandwidth tests •Packet Drops (Discards) •Interface Resets- Queued packets •Speed and Duplex Lemon Eels Under Pirates Red Sails

T568A

White Green Green White Orange Blue White Blue Orange White Brown Brown

CAT5 is 1000BASE-T

False, Cat 5 ID 100BASE-TX (fast Ethernet) Cat 5e is 1000BASE-T Both have 100MHz frequency

100BASE-SX uses 100megabjt Ethernet over fiber, cheap uses LED and has a max distance of 300 meters

True

Multi mode fiber, laser components, 400 meters (half duplex) 2kilometers (full duplex)

100BASE-FX

1000BASE-LX is multi mode, users lasers and is 400 meters half duplex and 2kilometers full duplex

False, that is 100BASE-FX 1000BASE-LX is Gigabit instead of megabit Multi mode 550m Single mode 5 kilometers

1000BASE-SX

Gigabit, short wavelength laser, multi mode and 220 to 550m

10GBASE-SR Vs 10GBASE-LR

SR is multi mode 26-400meters LR is single mode 10 kilometers

Shows how many packets were sent and received as well as the round trip time

Ping, tests reach ability (hosts), uses ICMP and is a primary trouble shooting tool

What would IPconfig/ifconfig show me?

DNS suffix IPv4/6 address Subnet mask Default gateway Tcp/ip network adapter information

What Is contained inside MIB’s

Object identifiers (OIDs) uniquely identify managed objects and help monitor and control network devices that are referenced by name or number Ex. .iso(1).org(3).dod(6)

This contains bulk transfers, data enhancements while having message integrity, authentication, and encryption

snmp v3

SIEM

is a central logging receiver integrated into Syslog

Gathers traffic (packets) statistics from shared communication between devices using a probe and collector

NetFlow

Botnet attack

Distributed Denial of Service Attack (DDOS)

Common Plan Procedures

Disaster Recovery Plan COOP System Life Cycle SOP SLA MOU NDA

Determines existing wireless landscape by showing access points and existing frequencies

Site Surveys

Heat Maps

Identify wireless signal strengths in an area/building

Many different clients are using the same cloud infrastructure

Multitenancy

Encrypted access to a virtual private cloud, what would you use?

VPN

What service is basic application usage: apps run on a remote server, VDI, local device is a keyboard, mouse and screen, minimal operating system on the client (no huge CPU), network connecivity is most important: big network requirement, everything over the wire

Desktop as a Service

No special networking hardware needed, usually integrated with an existing Fibre Channel infrastructure, not for cable Infiniband Fibre channel over Ethernet Iscsi Fibre channel

Fibre Channel over Ethernet

RFC standard that makes a remote disk look and operate like a local disk with drivers available for many OS without any hardware needed

Iscsi

Requires a lot of bandwidth, can use an isolated network and high speed network technologies

SAN- looks and feels like a local storage device

High speed storage technology that servers (initiators) connect to and need an FC interface FC FC over Ethernet PoE PoE +

Fibre Channel (FC)

Redundancy is maintaining uptime in the case of a failure

False, Fault Tolerance

Server farms with load balancing and network paths are examples of single device fault tolerance

False. Those are multiple device fault tolerance. Single device would be RAID, redundant power supplies, redundant NIC’s

Redundancy

Having multiple components so if one component fails, your system can use another component

Extra disk in case one fails

RAID (Redundant Array of independent Disks)

This will Aggregate bandwidth; has redundant paths with multiple network adapters

NIC Teaming (also called Load Balancing/Failover LBFO) NIC’s talk to each other through multicast

Combining multiple data streams over network connections into a single higher capacity link. Increases bandwidth and efficiency by pooling resources and distributing traffic across those links for performance, redundancy and load balancing. Multiplexing Mímo Mu mimo Aggregate

Aggregate

A Generator is a short term power backup

False, it is a long term

What is Active-passive network redundancy?

2 devices are installed and configured, only one operates at a time, if one fails the other takes over

Computer configured with a single default gateway

FHRP (First Hop Redundancy Protocol) Also called Hot Router

What protocol allows devices to use a virtual IP for the default gateway, if a router disappears another one takes it’s place

VRRP ( Virtual Router Redundancy Protocol)

What 3 things comprise Confidentiality?

•Encryption •Access Controls- restrict access to resource •Steganography- info concealed within another info

Information being accessible to authorized users, Redundancy, Fault Tolerance and Patching are which if the Triad?

Availability- systems and network must be up and running

Non-repudiation

Proof someone sent something

What is in the Core infrastructure?

Web servers, database, applications

cloud based architecture, splits functions into separate logical units, extends functionality and management of a device

SDN (Software Defined Networking)

What does the infrastructure layer/data plane do?

Real work if networking. Processes network frames, packets, forwarding, trunking, encryption etc.

Routing protocols, routing tables, switching tables are in which of the SDN planes?

Control Plane

In SDN what are all the planes?

Data Plane Control Plane Application Plane

mesh topology of switches and routers that optimized east -west traffic flow within a data center

Spine Layer

Commonly used network design in data centers to connect servers and network devices

Top of Rack (ToR) switch is placed at the top of each rack or cabinet providing connectivity to the devices within it.

Pointer Records are human readable text information

False, that is Text records Pointer records are the reverse of an A or AAAA/reverse dns lookup

A name that handles multiple services, one physical server

CNAME (Canonical Name)

Describes DNS zone details

SOA (Start of Authority)

Top level of the DNS hierarchy that provides resolution of domain names to IP addresses DNS Host file Dns root server SOA DNS Root Port

DNS root server

Where does Authoritative dns query comes from? Source file Host file Root server Root port

Source file, non authoritative comes from the cache

Name 3 Top Level Domains

.com .net .edu .org

adds integrity and encryption

AH, only integrity ESP does both

Name 2 Database port #’s

Tcp 1433 ms sql Tcp 1521 oracle sql net Tcp 3306 my sql

What port is LDAP? 389 339 587 589

Tcp 389- store info in network directory

UDP 514

Syslog consolidates all device logs inside a SIEM with a lot of storage space

FTP Control tells the system which file to send

Port 21

Tcp 20

FTP active mode, transferring file has authentication functionality with username and password

IMAP over tls

Port 993

Tcp 995

Pop3 over tls

Tcp 587

SMTP using TLS

Dual Stack Routing

Allows routers and devices to communicate using IPv6 and IPv4 simultaneously with dynamic routing protocols with separate routing tables within it

Teredo tunnels IPv4 through NAT’d IPV6 network

False, IPv6 through IPv4 Miredo does the same but on more operating systems

Rights are gained implicitly and windows uses groups to provide this

RBAC (Role Based access control)

Examples of Zero trust

Multifactor authentication, encryption, system permissions, additional firewalls, monitoring and analytics are examples of what?

What consists of a screened subnet?

It is a DMZ, additional layer of security between the internet and you Ex. Public access to public resources

What is 802.1x?

NAC (Network Access Control)

Not getting access until you authenticate and makes extensive use of EAP and Radius?

NAC (port based network access control)

Authentication credentials that are stored on a wireless router or local device

Local authentication, home WiFi

Centralize authentication for users on -routers, switches, firewalls -server authentication -remote VPN access, 802.1x network access

RADIUS (Remote Authentication Dial In User Service) available on all OS and common AAA protocol

Remote authentication protocol for the network and devices commonly -TACACS -Radius -RDP -LDAP

TACACS+ (Terminal Access Controller Access Control System)

X.500 specification used with Windows authentication

LDAP (lightweight directory access protocol) reading and writing directories over IP network

Kerberos uses SSO by use of a PSK

False, through cryptographic tickets

TACACS+ is commonly used to authenticate with Windows

False, Cisco Kerberos or LDAP commonly are with Windows (Microsoft)

What do RADIUS servers commonly authenticate with?

VPN Concentrator

EAP is exclusive to Radius Servers

False, EAP can use radius, TACACS, and LDAP, 802.1x (NAC) Multiple ways to authenticate

How a posture assessment determines if a device is safe to be used on the network

Performs a health check -is it a trusted device -is running up to to date antivirus -are corporate applications installed -is it a mobile device? Is it encrypted?

Where do devices go that fail a posture assessment?

To a Quarantine network to be fixed by administrators and then try again

Name 3 components of SIEM

-Security Alerts -log aggregation (all devices sending logs to here) and long term storage -data correlation -forensic analysis

What is forensic analysis?

Gathering details after an event

sends infrastructure device data, operating systems and netflow sensor data Syslog Snmp Siem Sflow

SIEM

How do you stop a bot?

Patches, antivirus, on demand scans, network monitoring,

How do you prevent C&C? (Command and control?

Block at fire wall and identify at workstation with host based firewall or host based IPS

Multiple attacks from different services at once is a

DDOS (Distributed Denial of Service)

Turns small attack into a big attack, becoming increasingly common and takes advantage of common not secure protocols (DNS, ICMP)

DDOS amplification

Who is in charge of Botnets?

Command and Control (C&C)

How is an on path attack different from a man in the middle attack?

They aren’t different because they are the same thing

Name 3 on the path attacks (man in the middle)

DNS poisoning ARP poisoning Session hijacking HTTP spoofing WiFi eaves dropping

Best way to prevent an on path attack?

Encryption

An attacker pretending to be a router by having the actual routers IP address and communicating to a device on a subnet

ARP poisoning

Modify a DNS server with the client host file and sending a fake response to a DNS request

DNS poisoning

VLAN’s cannot access another VLAN

True

A VLAN attack can come about from a switch using auto configuration and someone pretending to be a switch to send a trunk connection

True, Switch Spoofing (Type of VLAN hopping)

Switches should be automatically configured because there is less chance of error

False, they should be manually configured to prevent switch spoofing

Takes advantage of native VLAN configuration by including 2 VLAN tags where the first is removed but the second is forwarded to the target

Double tagging/VLAN hopping

Remote sites connecting with one another directly instead of to a main site and the connection disappearing when done.

MGRE (multiple generic routing encapsulation) used DMVPN

What cable is used with Twin Axial?

10G Ethernet and SFP+(transceiver) cables, full duplex

This Coaxial cable is used as patch cables for short distances

RG-59

When using fiber, it is important to make sure you are on the right channel so you don’t have radio frequency interference

False, fiber is immune to RF

APC (Angled Physical Contact) is at an 8 degree angle with a low return loss

True, UPC (Ultra Polished Connection) has a high return loss and are at 0 degree angles

Which connector has 2 different fibers inside of it (send and receive) ? Mtrj LC F Sc

LC (Local Connector)

What type of connector is used with a cable modem( docis) and coaxial cable

F Connector

SFP Transceiver supports up to 16 Gbit

False, 1Gbit and used with RJ45 SFP+ is up to 16Gbit but commonly 10gbit

QSFP and QSFP+ are both Bi-Directional

True, QSFP is 4 1Gbit= 4gbit QSFP+ is 4 10gbit= 40gbit

Installation commonly used between floors or buildings

Fiber distribution panel

Bidirectional communication over a single strand of fiber

WDM (Wavelength Division Multiplexing)

Spoofing

Pretending to be something you aren’t Ex. Fake web server, fake dns, caller ID, email address spoofing

How would you disable a Rogue DHCP server?

-enable DHCP snooping on your switch -authorized DHCP servers in Active Directory -renew IP lease

Why would 802.1x prevent a rogue access point?

Because it is an unauthorized wireless access point and 802.1x (network access control) you must authenticate regardless of connection type

Configuring an access point to look like a network, using the same or a similar SSID (WiFi name)

Wireless evil twin, prevent by encryption

APIPA

169.254.0.1-169.254.254.255

Link Local

Can only communicate to other local devices. Can’t communicate across the network

Classful Subnetting Ranges

A. 1-127 B. 128-191 C. 192-223 D. 224-239 E. 240-254

IPV6 addressing Shortcut

0/2 1/3 4/6 5/7 8/A 9/B C/E D/F

What does high gain mean?

Increased signal strength

Assembly line network

SCADA/ICS

What subnet mask is commonly for point to point links?

/30 or /31

malware gathers information by keystrokes

True

A worm Takes advantage of a vulnerability and installs malware with a remote back door, bot may be installed later

True

What prevents a worm?

Keeping your system up to date

Using common words to gain access to a system

Dictionary attack

Impossible to steal a password if you store your password as this

A hash

You are working as usual and then you lose service, and then you connect again to the wireless network and this happens repeatedly what may be happening?

Disassociation/ de authentication DoS attack.

Encrypts frames to prevent 3rd party de authentication/disassociation attacks 802.11w 802.11ac 802.11d 802.11e

802.11w

Scanning can be useful to avoid tailgating

True

You can configure a maximum number of source MAC addresses on an interface , if it is exceeded the interface disables

True

IP tracking on a switch which works as a DHCP firewall to create a table of untrusted devices by watching for DHCP conversations

DHCP Snooping

Most ideal fire wall to control access Network NGFW Host Flow based

NGFW

What allows or disallows traffic based on tuples

ACL’s

This will Validate all router advertisement by policies set up from an Admin

Router Advertisement Guard

Creating a map of all devices and IP addresses by DHCP Snooping and then decides whether an ARP request legitimate

Dynamic ARP inspection

Restricting any communication to other devices on a switch or access point

Port isolation

Put management on a separate VLAN from the default VLAN

True

Wireless devices on an access point can’t communicate with each other in Wireless isolation

True Commonly at hotels or public areas, guest network

LAN analysis is an easy way to find working IP addresses

False, MAC addresses not IP addresses

A captive portal only allows authentication to devices in its access table that is within its access point.

False, if you’re device is not on the access table it will redirect your web access to a captive portal page

How is a guest network different from a Screened subnet (DMZ)?

A guest network only has access to the internet and not internal resources

Encrypted (private) data traversing a public network is what?

A VPN

A VPN Concentrator is an access device

True, often integrated into a firewall

Site to site VPN has all communication encrypted always

True, concentrators are both typically firewalls

An administrator deciding what traffic goes to the VPN and what traffic goes outside the VPN scope is an ACL

False, Split Tunnel

Linux version of RDP

VNC

Managing systems and devices when network isn’t available by using a serial connection (modem) to dial into the device interface or a console router

Out of band management

Networking Trouble Shooting Methodology

-Identify problem (gather info) -establish theory of probable cause -test the theory -establish a plan of action -implement the solution -verify full system functionality -document findings

What is throughput?

Amount of data transferred in a given time frame

Was built for modem communication, printers and mic and now used as a configuration port Interface MTRJ Patch Panel Serial Console

Serial Console/ cables

RJ-45 to serial communication and used in conjunction with serial port connectors Rollover cable (yost)

Rollover cable (yost)

802.3bt PoE + PoE PoE +++ PoE ++

PoE ++

Rollover device wiring

1-8 2-7 3-6 4-5

-S

Braiding shielding

3 Most common serial console cables.

DB-25 DB-9 Send RS-232 signals

-No signal/connectivity or poor performance is likely a loss of what?

Decibel loss/attentuation

Power cords, fluorescent lights, electrical systems, bend radius/twisting and fire prevention can cause what to a copper cable?

EMI

How is a short circuit different from an open?

A short is 2 connections touching, an open is a break in the connection

What May late collisions indicate you have a configuration issue with?

Duplex mismatch

Fiber optic cables can have communication issues due to dirty cables/connectors.

True, clean thoroughly before using

Final step of cable installation that pinches connector onto the wire that pushes metal prongs through insulation. Connects RJ-45 Connector Coaxial, twisted pair and fiber

Cable crimper, connects modular connector to the Ethernet cable

Trims the wires and breaks insulation, forces wire into a wiring block.

Punch down tool 66 bloc 110 block

Puts an analog sound on the wire, inductive probe doesn’t need to touch the copper. Easy wire tracing.

Tone generator Fox and hound (toner and probe)

Tests physical ports and is not a cross over cable. Serial, Ethernet, T1, fiber -rollover -NIC -modem -Loopback plug

Loopback plug

Estimate fiber lengths, measures signal loss, determine light reflection, and create wire maps.

TDR (cable) OTDR (fiber)

Multimeter

Measures AC/DC voltages, continuity, and wire mapping Cable connectivity, fuse status, wire mapping

Tests for continuity, identifies missing pins and crossed wires, not used for advanced testing Cable tester Toner probe Cable certifier TDR

Cable tester

Taps (active or passive) and ports mirrors (from a switch) do what? Test the network Add encryption Port forwarding intercept network traffic

intercept network traffic

Send a light from one side and measure light power on the other

Light meter

Views the frequency spectrum and identify frequency conflicts

Spectrum analyzer

Join 2 fiber ends together, add connectors and repair fiber using heat. Extend fiber length or remove a section of damaged fiber.

Fusion splicer

What do you connect a tone generator to?

Modular jack Coax Punch down connector

Locate copper or fiber breaks and certify cable installations

TDR/OTDR

sends an electrical pulse down a cable and calculates time and distance for impedance discontinuities TDR Toner probe Otdr Multimeter

TDR is electrical. OTDR uses light

Views wireless information, signal to noise ratio, channel information etc. Wireless packet analyzer Wireless packet inspection Packet capture Protocol analyzer

Wireless packet inspection

Protocol analyzer captures and displays network traffic, use a physical tap or redirect on the switch

True

View traffic patterns, what frames are on the network and has large scale storage San Protocol analyzer Nas Vulnerability scanner

Protocol analyzer

This is Bandwidth testing (measure throughput), pre and post change analysis( test the install firewall/packet shaper), not all sites are the same.

Speed test sites

Performance monitoring and speed testing. Run tests across different OS. Your own speed testing

Iperf

IP and port scanners

-Scan for open ports and IP addresses. -Visually map the network and rogue system detection. -Pick a range of IP addresses. Gather information on each device

Netflow

Gather traffic statistics and standard collection method. Probes and collectors to create reports. Shows trends of traffic on network.

Trivial file transfer protocol that transfers files and upgrades firmware. Your device is the TFTP.

TFTP server

Terminal emulator

SSH, encrypted communication that supports across many OSes

Ping

Test reachability to a TCP/IP address

Ping until stopped

Ping -t

ping -a Shows all active connections Resolve address to hostname Answers a Ping request Ack

Resolve address to a hostname

ping -f

Send with Don’t Fragment flag set

ipconfig

Windows TCP/IP config

•ipconfig /all-

Display all IP configuration details

Flush the DNS resolver cache

Ipconfig /flushdns-

The latest Linux utility

ip address

- Lookup information from DNS servers

•nslookup dig

This command determines the route a packet takes to a destination, takes advantage ICMP TTL exceeded error message

Traceroute

Netstat -a

Show all active connections

Show binaries

Netstat -b

Do not resolve names Ipconfig-n Netstat-n Nbstat-n Ping-n

Netstat -n

What comprises hostname?

FQDN and ip address of device on windows, Linux etc

This command finds out which way packets will go, View device’s routing table Show route Show config Route Ipconfig

route

tcpdump is a Windows packet capture tool

False, it is Linux written pcap Windows is Windump

Name 2 things nmap does besides these -Find network devices/network mapper -port scan/find device ports

-operating system scan -service scan -additional scripts

Command to View interface on a device, detailed interface information

Show interface

View device config command

Show config

View routing table command

Show route

Route print in windows or Linux is netstat-r does what? Creates a routing table Find a devices routing table Maps an ip address to a mac address Registers up address in a routing table

find a device’s routing table

Determine round trip time using ICMP

Ping

Canonical names, IP addresses, cache timers can all be found using a what command?

dig

ARP -a

Determines a MAC address based on an IP address with this command

What is a great way to use Telnet?

Useful for checking a port application Telnet

Parabolic is an antenna that focuses the signal to a single point

True, Yagi is very directional and high gain

Orientation of an antenna that is relative to the surface of the Earth

Polarization

Strength of a received radio signal shown as a negative number

RSSI (Received Signal Strength Indication)

Radiated signal strength that shows transmit strength + antenna gain - cable loss

EIRP (Effective isotropic radiated power)

Association

Devices connecting to an access point

Sight surveys

Determine existing wireless landscape

A WiFi password is an example of a Pre shared key (PSK)

True

Client and the access point need the same encryption

True

Problems are often found here with errors and mismatches that are viewed on a console

Interface

Every router interface is configured as an access port or a trunk port and each access port is assigned a VLAN

False, every switch not router

If you are having Intermittent or all day issues you should check an individual device performance for this

Utilization

These separate broadcast domains and are a single VLAN

Routers

How could you identify the source of a broadcast?

Packet capture

Duplicate MAC attacks can be common

False, they are not common and check for man in the middle attack

Duplicate IP address is blocked by what?

Broadcast is sent to every switch port

False, multicast is

A switch directs multicast transmissions using this by watching messages

IGMP Snooping (internet Group Management Protocol)

What command would help you find an asymmetric route?

Using traceroute

Sending information to a router but the router has no idea where the traffic is supposed to go. ICMP host unreachable message

Missing route

IP addresses assigned by a non authorized server

Rogue DHCP, no inherent security in DHCP

Monitors and reports on IP address shortages

IPAM (IP address management protocol)

If a client receives an APIPA what does that mean?

Exhausted DHCP scope

What type of issue do you have if you can if you can communicate to local IP addresses but not outside of your subnet? Dns configuration Interface configuration Ip configuration Duplex configuration

Ip configuration

Name 2 common ways to trouble shoot IP configuration

-Check IP address, subnet mask, gateway, DNS -monitor traffic, examine local broadcast -check devices, -traceroute and ping local IP

If your network has copper don’t block the light

False, fiber, low optical link budget

Name 2 certificate issues

-Expired -wrong domain name -untrusted certificate -correct time and date

How is a network based firewall config confirmed? Ping Ipconfig Acl Policy list

Check the policy list and logs, packet capture

For host based firewall settings, you would check the accessibility and central console

True

Common troubleshooting for VLAN is to confirm physical interface with VLAN number and confirm voice data is on a separate VLAN from internet

True

If web browsing isn’t working it means you have a DHCP issue

False, DNS

Kerberos uses a time stamp

True

If you have a lot of users coming in and out of an office you would want to increase the lease time

False, you would want to lower the ip lease time so you don’t exhaust the DHCP scope

To make a straight through cable you would punch down a 568B on one end and a 568A on the other.

False. You would punch down 568B and 568B on both ends

IPv6 uses 64bits

False, 128 bits

When configuring a wireless access point you want to select the channel with the frequency range least used in that area

True

What device would you use to test the operation of a NIC?

Loopback

The connection is established and ready for normal data flow is ACK

True

Transport handles the routing of data across segments

False, networking

There are 12 broadcast domains in a 24 port switch configured with 12 VLAN’s

True, each vlan is a broadcast domain

A laptop would plug into a hub to see all the communication on the network segment as a network sniffer.

True

supports equal cost load balancing and has all the routers contain the same topology view DV BGP EIGRP OSPF

OSPF

What allows multiple network interfaces to work together as a single virtual network interface?

NIC teaming

An admin needs to be aware of this when installing wireless network in a building with multiple floors.

Channel overlap

SSL VPN has the least connection overhead

True

designed for testing connectivity to a remote server on a specific port.

Telnet

/1 /9 /17 /25

128 CIDR 2 Networks 128 addresses

/2 /10 /18 /26

192CIDR 4 Networks 64 addresses

/3 /11 /19 /27

224 CIDR 8 Networks 32 addresses

/4 /12 /20 /28

240 CIDR 16 Networks 16 addresses

/5 /13 /21 /29

248 CIDR 32 Networks 8 addresses

/6 /14 /22 /30

252 CIDR 64 Networks 4 addresses

/7 /15 /23 /31

254 CIDR 128 Networks 2 addresses

/8 /16 /24 /32

255 CIDR 256 Networks 1 address

Loopback for IPv6? 0000/0 127.0.1 ::1 192.172.3.2

::1

802.1d

STP and avoids loops

When setting up a VPN, a firewall should be the first device configured

True

WAP’s are good up to how many feet to connect to? 125 150 75 30

150

Someone who is logged into a company VPN will have an unexpected source ip address because of a proxy server

True

A packet analyzer (protocol analyzer) can capture a TCP handshake and analyze it

True

2/4 post racks are used for telecommunications equipment

True

RAS is associated with what?

RDP or VNC

used to terminate DS3/T3 lines CSU/DSU Modem Ftype BBC

BBC

25 pair cable is used for Telephony RJ11 Voice PSTN

voice on vertical connect

This is a text file that maps hostname a to ip addresses Nslookup Dns server Local host file Root server

local host file

A network based firewall is software based and on workstations and servers. Allows admin to manage incoming and outgoing traffic at the device level

False, Host based firewall Network based firewall is at edge of network and manages traffic between internal network and outside world. More broad

10GBase-EW (WAN) distance is 10,000 meters

True

purpose is to view data grams

Packet Sniffer’s

How many pairs are crossed in a crossover cable?

2 pairs

CAT 7 has solid Kevlar and can’t bend 90 degrees

False, CAT 6

What tool tests for continuity TDR Tone generator Multimeter Punch down

multimeter

connect vertical cross connects when using data connections Patch panels IDF Mdf Demarc extensión

patch panels 66 block connects telephone or voice connections

A load balancer can cache web content and serve it to users locally

False, proxy server Load balancer evenly distributes network traffic across multiple servers or resources

allows remote users to securely access corporate resources through a web browser on their devices Radius TACACS Kerberos SSL

SSL or SSL VPN

44.7 Mbps

Used to connect a router or switch to a terminal for console management

Rollover

Cable establishes a direct connection between a device and terminal for console management

Console cable

Loop back

Cable that allows to test functionality of network interface

Request timed out is a common find when using this command

Tracert

1.544 mbps

What cable is used to connect telephony distribution 66 pair 100 pair Rollover Console

100 pair cable

How many broadcast domains are in a 24 port unmanaged switch?

1, BD is split by routers and VLAN 24 collision domains

shares information to all switches in a network Port forwarding Multicast Broadcast VTP

VLAN Trunking (VTP)

One time temp posture assessment in a NAC

Non persistent agent

Captive portal relies on what to authentication?

802.1x which uses RADIUS authentication

High utilization threshold exceeded on gi/1/0/24 would be what kind of update?

Interface link status

Host based anti malware can keep a system secure by testing all communication from a distributed target

False, Network based

Only allows certain traffic through that is specified by certain ports

Implicit deny

Terminates a T1 line at a customer’s site

CSU/DSU

Relies on virtual circuits and point to multi point connections Ip helper Frame relay MGRE VLAN’s

Frame relay

CAT3-CAT6 would use this connector

RJ-45

Channel bonding improves this Bandwidth Teaming Aggregate Speed

Connection speed

Dynamic routing protocol that supports IPv4 and VLSM

OSPF

Connects a terminal device to a T1

CSU/DSU

RS-232, DB-9 and DB-25 are this type of cable that connects to a console port

Rollover

Without this a VLAN has no additional security

ACL

Locate possibly outages and track traffic and malicious usage in a network Network analyzer Network sniffer Protocol sniffer Packet capture

network analyzer

A cable tester can be used in locating positions in a cross connect when changing a location of a phone b/w 66 blocks

False, Toner probe

actual encryption over VPN

PPTP

A Toner Probe sends a signal down a cable and measures how long it takes to come back

False, TDR

This network device creates a DMZ

Network based firewall

What are the tools needed to create a CAT5e crossover cable

A cable crimper and snips

Fiber connector that is pushed in with no twisting

Large amount of CRC errors on a router interface would mean you have this issue

Faulty cable

nmap Network statistic Open ports Active hosts Nbstat data

Identify Open ports on a remote server

A routing table has 2 different routes to the same IP subnet, the router will choose the route listed first in the routing table when forwarding a packet

False, route with lowest administrative distance

An Ethernet having slow connection would be due to this

Duplex mismatch, this will cause late collisions

uses certificates to negotiate access to the network SSL EAP-TLS Kerberos RDP

EAP-TLS

Device that connects 2 or more network segments or subnets

Router

Connects multiple devices on the same network segment

Switch

What are the Ethernet cables with RJ-45 connectors that are used to connect ports to the switch?

Patch cables

Portion of IP address that identifies the network the device is assigned to

Subnet address

SDWAN is a tunnel interface

False, mGRE SDWAN is a WAN that uses software to control connectivity

What is the Intranet accessed by authorized outside users securely over the internet

Extranet

Provides network resources

Server

What are the key sizes in AES?

-supports 3 key sizes: 128, 192, 256 bits

divides plaintext into 128 bit blocks and transforms them into ciphertext, used in WPA2

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

What is the difference between a subnet and a network I’d?

Same thing

Devices that send and receive electrical signals Switch Modem Loop back NIC

Network interface

DMVPN topology configuration

Hub and spoke configuration for full mesh

Hosts assigned specific roles like file sharing. Other hosts Access but don’t host devices of their own

Client-server

Network where each device is provided access to shared files

Peer-peer

Provides flow control and transmission for analog and or digital streams over a shared link CSU/DSU Switch Modem LLC

LLC

Conversion of digital data to electric pulses is what layer?

Physical

Physical network device identification and data transmission between hosts are in which layer?

Data Link

End to end flow control is at which layer?

Transport

Method to retrieve or send a piece of data over the internet

HTTP GET

What layer is encapsulation at?

Presentation

Top to bottom is de encapsulated

False, encapsulate Bottom to top Is de encapsulate

ARP is used to determine the MAC address of the host using the destination IP address

True

ACK starts a connection between 2 systems

False, SYN ACK acknowledges a packet has been received

You use this when trying to use TCP to connect to a port

3 way handshake

CP1 sends SYN CP2 receives and sends back a SYN/ACK CP1 sends an ACK and the connection is complete

Open ports respond with SYN/ACK and closed ports respond with an RST flag

True

Sends SYN packet to a port but the 3 way handshake does not occur because the original system doesn’t reply with an ACK. No connection is made or security log

Stealth scan (half open)

All flags are turned on

Xmas Tree scan

Finds a target machine but finds another system to take blame (zombie machine)

Idle scan

RST

TCP flag that resets a connection

Directs the sending system to send buffered data RST DNF PSH BUFF

PSH

When does a router use ARP?

If a router’s routing table doesn’t have a MAC address of devices on the local LAN and they need to forward a frame to it

SSL is a more advanced security protocol than TLS

False, TLS is more advanced

Used by browsers and web servers to exchange files

HTTP

TLS secures messages being transmitted over the internet with RSA authentication and encryption. Web browsers use for safe web transactions

False, SSL

TLS implementation through what 2 protocols

TLS Record- connection security with encryption TLS Handshake- provides mutual authentication and choice of encryption

How does FTP protect access to files?

User names and passwords

CAT 6 has a solid plastic core that keeps twisted pair separated and prevents bend in cable

True

CAT 8 is 40Gbit with foiled twisted and shielding

True

4 connectors that support up to 2 pairs and is used to connect a DSL router to the telephone network

RJ-11

Solid wires conduct signals better but are prone to break when bent. Stranded are flexible but don’t carry electrical signals well

True

GG45 or TERA connectors are the connectors for this CAT cable that requires shielding on each twisted pair

CAT 7, 10GBASE-T

3 coaxial cables

RG6, , RG58 and RG59

BNC connector is used for coaxial

True, also BNC coupler and F Connector

RJ48c is a connector that connects what? Ethernet T1 Wan service Switch Router

T1 WAN service

What’s connector would you use for 10BASE2? BNC F type MTRJ LC

BNC, 10BASE2 is a thinnet

Connector for cable, satellite and broadband cable connections

F-Type

Impedance rating of 75 ohms would use what cable?

RG-6 and RG-59

How is CAT 5e different than CAT 3

More twists per inch Reduce crosstalk Supports higher data rates

If a fiber cable is bent and wants to run straight, how does it still work?

Cladding, will reflect it back into the core and around the bend

Connector for multimode and single, bayonet, push and twist

Used with single and multimode and is a push on/pull off with a locking tan LC ST MTRJ SC

Plastic connector with a locking tab

Duplex connector, send and receive fibers in one connector with a plastic tab LC ST MTRJ SC

MTRJ

Single mode connector, threaded. Shouldn’t pop loose LC SC ST FC

Include both cables in a single connector Sc St LC Mtrj

LC MTRJ

Multi mode fiber operates at 850nm and 1300 nm

True Single is 1310-1550nm

Multi mode has a smaller central core than single mode

False, single mode

SC and ST require what for assembly

Polishing

Determines which wire goes to which pin of the connector

Pinout

Solid core cables are for patch cables and drop cables where flexibility is needed

False, Stranded core cables Solid is for longer runs inside walls or ceilings

4, 5, 7, and 8 pins are unused in gigabit I’m CAT 3,5,5e

True

Tera and GG45 terminate cables in CAT 7

True

Not wiring through an MDF but through an IDF on the floor you need it Demarcation extension Punch down tool Pinout Patch Panel

Demarc extension

True or False, Horizontal cross connects IDF’s on the same floor

True

66 blocks go up to CAT 5e

False, 5

Where twisted pair cables are terminated

Patch panel

When trimming excess wires you point the cut side of the tool toward the connected end of the wire

False, point the cut side of the tool towards the wire end

When punching down a 66 block, this type of blade

Straight

What tool do you use to extend networ services beyond a demarcation?

Punch down tool

Use this to remove the plastic coating over the cable

cable stripper

An open circuit is an electrical signal taking a path a different path than I tended. Signal sent on a wire will arrive on a different wire

False, Short (plastic on wire has worn down)

Which CAT cables have drain wires to absorb EMI?

CAT6 and 7

Measures the crosstalk that occurs at the same connector on different wires Alien crosstalk FEXT Short Next

NEXT measures the crosstalk that happens on the opposite end of where transmission occurred

False, FEXT (far)

when a single wire bundle that parallels with another wire bundle

alien crosstalk

Crosstalk typically occurs in where? Connector Sheath Wire end End of wire

usually is in the connector

Crosstalk preventions

-connectors properly connected -maintain twists up to both ends of wire

What could you use if you need to use a cable longer than 100m?

Repeater

Measure of resistance within the transmission medium and is measured in ohms. Like friction in wire

Impedance

How many Ohms is cable tv?

Name of the Pins between 2 pairs and are crossed Crossover Straight through Split pair Rollover

Split pair

PoE is used on CAT6 or higher

False, Cat 5 or higher

Impedance rating for a cable must match that impedance for the transmitting device

True, mostly used in coaxial

Having a link loss margin less than 12dB ensures the cable run will continue to function

False, 3dB

Whenever a copper cable in installed a degree of signal loss occurs

False, fiber

helps limit the degree of signal loss Attenuation Mimo OFDMA Polishing

Polishing

Physical contact polishing is only used with single mode fiber, slight curve, only cores of the fiber touch each other

True

has a higher grade of polish/curve to reduce ORL (Optical Return Loss)

UPC/SPC (ultra physical contact)

What are ways APC (colored green) reduces back reflection?

-8 degree cut in ferrule -angle cut prevents light going back into fiber -light is reflected into the cladding -only use with other APC -excessive insertion loss with another polish connector

A failure in a Loopback plug means this Bad cable Interface issue Faulty network card Disabled

Faulty network card

Use a cable certifier to test for opens, shorts, splits, wire mappings etc.

False, cable tester

Verifies a cable installation meets requirements for network architecture and multifunctional to test bandwidth, duplex settings etc

Cable certifier

How is snips different than a wire stripper?

Snips cut wire to a specific length to remove damaged sections, wire stripper cut sheath to expose wire

A cable certifier tests for continuity

False, cable tester

A device connected to your switch is only running at 100mbps. What is likely the cause? Crosstalk Impedance Continuity Duplex mismatch

Crosstalk, a wire doesn’t operate at the desired standard

An echo occurs when? Speed mismatch Duplex mismatch Impedance mismatch Connection mismatch

Impedance mismatch, Ex RG6 has 75 ohms and you Connect it to a RG58 with 50 ohms

What is the difference between a NIC and a network adapter

Nothing, same thing

What are common transceivers?

GBIC SFP XFP QSFP

RARP is trying to find a MAC address from an IP address

False, ARP

Network adapter that converts digital signals into analog sound signals across phone wires CSU/DSU CDMA Modem Transceiver

Módem.

Within multiplexing, transmit and receive data through a single optical fiber

BiDi (bi directional)

Media converters, transceivers and switches are layer 2 devices

False, media converter and transceiver are layer 1

What is the broadcast address for ARP? FF.FF FF:FF 127.01 0.0.0.0/0

FF.FF.FF.FF.FF.FF or FF:FF:FF:FF:FF:FF

A wireless NIC uses electronic signals

False, radio Wired NIC sends electronic

The NIC you choose has to match the network architecture, even if you have a media converter

True, can convert fiber into copper but it has to have same architecture

Sends signals from a computer onto a network Transceiver Modem CSU/DSU CDMA

Transceiver

This device repeats all information across all ports. What is another name for a repeater?

Hub

Connects 2 different network segments that use different transmission mediums or different architectures

Wireless Bridge (AP)

MAC addresses change as a frame is routed along the path to its destination (computer to router interface, router interface to router interface) but the packet information (destination and source ip) stay the same

True

A switch learns where devices are located on a network by look at an incoming frames destination MAC address

False, Source MAC address

Connects multiple cable segments and forwards frames to appropriate segment

Switch

For Hexadecimal there is 0-9 but what numbers go with A B C D E F?

10 11 12 13 14 15

11000111 is C7 in binary

True, 1100 and 0111 split into nibbles 1100 =12 (C) 0111=7 11000111=C7

172.16.0.0/16 but you need 24 subnets. How would you find this?

-2 to the 5th =32 which would be enough subnets -Network id becomes 172.16.0.0/21 because you add the 5 to the /16 -# of hosts 2 to the 11th - 2= 2,046 because you subtract 5 from the /16

How would you use Anding to find a Network ID of 172.16.77.54/21

Convert each to binary and multiple top row to bottom IP- 1010110.00010000.01001101.00110110 Subnet mask 11111111.11111111.11111000.00000000 10101100.00010000.01001000.00000000 Then convert to 172.16.72.0

Fixed length subnet masks are mostly used in private networks

True, variable is used in public

What is included in a DHCP scope?

-range of ip addresses -subnet mask -Address of dns server -address of the gateway

DHCP requests pass through routers to other subnets

False, use broadcast frames at layer 2 and use IP helper or DHCP relay function on a router if it has it to

How many IP addresses are able to be assigned with a network address of 137.65.0.0 with a subnet mask of 255.255.0.0

65534, 1. 255.255.0.0 is /16 2. N power - 2(hosts per subnet) 3. 2 to the 16th power - 2=65534

What’s is the subnet mask for 165.245.12.88/26?

255.255.255.192

What is the Network address and first address for 165.245.12.88/20, it’s subnet mask is 255.255.240.0

165.245.0.0 165.245.0.1 Because it is in the 16 range

What’s is the broadcast and last ip address for 18.172.200.77/11 with the subnet mask as 255.224.0.0 and network address 18.160.0.0

18.191.255.255 18.191.255.254 Since 160 in the network address is apart of the 32 address range, the next segment would be 192 so we use 191 since it ends 160-191

What are 2 host ranges for a network ID of 192.168.5.0 where the number of hosts is 64

192.168.5.1 - 192.168.5.62 (192.168.5.63 is broadcast) 192.168.5.64 - 192.168.5.126 (192.168.5.127 is broadcast)

What is the last subnet address you can use for 192.168.5.88/26? Subnet mask is 255.255.255.192 Network address is 192.168.5.64

192.168.5.126 (192.168.5.127 is Broad cast address)

If a DHCP server goes down, a computer with a static ip address can no longer communicate with the server

False, if it is static then it can

For appipa what 2 are only configured? ip address DNS subnet mask Default gateway

Ip address and subnet mask

An alternate ip address is a static ip address you set when a device is experiencing APIPA

True

What protocol is used by a device to ensure an APIPA is not already on a network?

ARP

If a user has an APIPA and you confirm the physical connection is good, what should you do next?

Renew the ip address

DHCP exclusion and reservation are the same thing

False, exclusion are ip addresses that the server won’t assign Reservations are static ip addresses

What type of devices are DHCP exclusions typically used for?

Servers, printers, routers, or other devices that cause issues if ip address changes

After distributing IP addresses you reboot each client system but they can’t get an IP from DHCP server. Why?

You have to configure the clients to obtain ip addressing from a dhcp server

Ñame 2 systems that prevent duplicate IP addresses.

DHCP server APIPA

Longer lease times increase network traffic

True

Dhcp exclusions assign a static ip to a device with a MAC address table

False, reservation

NTP, DNS, and NETBIOS can use an IP helper

True

Dhcp relay sends a broadcast from the router directly to a dhcp server

False, unicast

What happens when a device sends a broadcast for an ip address

If the dhcp server is on the same subnet it will go through Dora, if not it will go to a router (router should have a relay of helper) that sends it directly to the dhcp server for dora

Forwards received dhcp frames to the remote dhcp server if it is 172.16.30.1

Ip helper-address 172.16.30.1

Specifying which server network interface the agent listens on for dhcp message is a required step for configuration on a Linux server

False, windows

Before using a dhcp relay you have to install this VNC Radius Remote Desktop Remote Access service

Remote access service

AAA maps hostname to ipv6 address

False, AAAA

Defines the authoritative sever for a specific domain Host file SOA Name Server Root Port

Name Server

Which Is the hostname? FQDN TDR Http Www.

Www.

Renewing the dhcp servers IP address lease or entering the ipconfig /register dns command on a workstation does what if dynamic dns is in use? New ip address New subnet mask Update arp table Update host records

Causes a dynamic update of the host records

These 2 do not automatically update dynamically in the dns

MX and CNAME

If you have an ip address that is connecting to a site but the hostname isn’t what do you need to configure? DNS server Forward lookup zone Recursive cache Authoritative file

Forward lookup zone

First place a computer looks at during name resolution process Hosts file SOA FQDN Root Server

Hosts file

What time standard does NTP use?

UTC (Coordinated Universal Time)

highest stratum level allowed 16 51 55 15

A system clock having small, rapid variations

Jitter

One packet persecond is 2 machines to an accuracy within a millisecond of each other

False, one packet per minute

Systems clock being off by a few seconds or minutes is Time drift Jitter Latency Dropped packet

Time drift

This is a Unicast assigned to more than one interface, typically belonging to different hosts

Anycast

Ip address that verifies if TCP/IP protocol stack is properly installed on the host

Loopback address

Multicast is an address that represents a static group of hosts

False, dynamic hosts

ISATAP is a dual stack router that can send IPv4 and IPv6 but only for intrasite and not over the internet

True

IPv6 is 8 hexadecimal values with each block being 16 bits of data

False, 4 hexadecimal values

The prefix for IPv6 is 64bits

True, 48 is site prefix (isp, location of host, geo location) 16 is subnet

What is C in Hexadecimal?

1100 because C is 12 A=10 B=11 C=12 D=13 E=14 F=15

What are steps for EUI-64 address subnet prefix? 2600:dddd:1111:0001and MAC address 8c:2d:aa:4b:98:a7

1. Leave the first 64 (prefix) as is Ex 2600:dddd:1111:0001 2. Take the mac address off the interface (48 bits) and write it out Ex 8c:2d:aa:4b:98:a7 3. Split the MAC in 2 and put FFFE in the middle (16 bits) 4. Invert the 7th bit Ex 8c into 8e 2600:dddd:1111:0001:8e2d:aaff:fe4b:98a7

FE80::/10, FE8, FE9, FEA, FEB are all link local addresses

True

FC00 is a unique local address

True, FC00::/7 or FD00::/7

Multicast is FF00::/8 prefix

True, FF02::/16 and FF01::/16 are restricted and not forwarded by routers

Name 2 well known multicasts

FF02::1 FF02::2 FF02::1:2

What is is the local Loopback address?

::1

Why is 343F:1EEE:ACDD:2034:1FF3:5012 not a valid ipv6 address?

It only has 6 sections, it needs 8

With the following IPv6 address FD01:0001:0001:005::7/64 what are the: -Global routing prefix -Subnet ID -Interface ID -Prefix length -Global ID -Unique Local unicast

-Global routing prefix is FD01:0001:005 -Subnet ID is :005 -Interface ID is ::7 -Prefix length is /64 -Global ID is none -Unique Local unicast is FD

Tunneling used to create a router to router tunnel b/w 2 sites through IPv4 network

6to4 tunneling

IPv6 hosts communicating over IPv4 within a site 6/4 4/6 ISATAP Dual stack

ISATAP

This tunneling to configure host to host tunnel between 2 hosts separated by symmetric NAT Teredo 6to4 ISATAP 4to6

Teredo

can be used to send data over the internet, is configured between individual hosts and has dual stack hosts ISATAP 6 to 4 Teredo 4 to 6

Teredo tunneling

FC00::8907:FF:FE76:ABC

Unique local because it begins with FD (or FC)

FF00:98BD:6532::1

Multicast begin with FF

FEA0::AB89:9FF:FE77:1234

Link local because FEA, also FE8, FE9, FEB

2001:6789:9078::ABCE:AFFF:FE98:0001 Global unicast Global Multicast Global local link Global link unicast

Global unicast, begins with 20

FF02::1:2

Multicast for all hosts on the link

The MAC address of a frame containing a multicast packet begins with 01-00-5E and ends with a form of the IP multicast group address. True or False

True

Keeps frames from being forwarded to hosts that are not a member of the multicast group

IGMP snooping

Anycast advantages

Speed Redundancy Ddos mitigation

Broadcasting is used for streaming video and audio applications like video conferencing and real time functions

False, multicasting

Any cast gives same IP address to multiple servers in a IPv4 network

False, BGP does Anycast is for IPv6

198.162.12.254/24 is a unicast address

True

Refreshes all dhcp leases and reregisters dns names, use it to troubleshoot issues with dns

Ipconfig/registerdns

Display the contents of the dns resolver cache. Use it to troubleshoot issues with dns

Ipconfig/displaydns

Would 192.168.1.0 be a valid address on a 192.168.2.0/24 subnet?

No, it would be need to be 192.168.2.

If someone can’t connect to a website after a server upgrade, use this command

Ipconfig /flushdns to remove all entries from dns resolver cache and will force the dns mapping upgrade

Would 192.168.2.0 default gateway be on the same subnet as 192.168.1.0/24

DNS servers need to be on the same subnet as an ip address and default gateway

False, they do not. Only IP address, host, subnet mask and default gateway

4.2.2.1 is the

root DNS server

If you ping a remote host and it is successful then the problem is not network connectivity

True, check name resolution or service access

Inet and inet6 are associated with ipconfig

False, it is in ifconfig and used with Linux

You would use this command to view a systems default gateway

Ipconfig or ifconfig

Interface: 192.168.4.102 on interface 0x3 Internet Address Physical Address Type 192.168.1.23 00-d1-b6-b7-c2-af dynamic

Arp, specifically results of an arp-a command

Shows you the MAC addresses associated with ip addresses that the local station contacted recently

Arp

Name a common dns problem

-Dns server is down -Routing problem between host and dns server -sending host has wrong ip address for dns server

Nslookup can be used on which operating systems?

windows and Unix

Nslookup has more information in it default usage than dig

False, dig has more

Dig -axfr runs a query of all records in the zone

True

Linux reverse lookup of 10.0.0.3 is dig -x 10.0.0.3

True

You can eliminate collision problems by using a switch instead of a hub

True

Most common transmission medium of cable and connector for Ethernet

UTP and RJ45 connectors

When would you uses crossover cable to connect a switch to a router?

Uplink port is in use

Pins used for Loopback plug to RJ45 connector

Pin 1 connected to pin 3 Pin 2 connected to pin 6

What cable is used to connect 2 switches using their uplink ports? Crossover Straight through Rollover RJ45

Crossover, only would use straight through if one is connected to uplink and the other isn’t

Cable that connects a workstation to the bus breaks. What will happen?

No devices will be able to communicate

You see a switch with continually lit lights and a workstation that is flashing rapidly. What is wrong? Spanning tree is in place In a loop Working as usual Faulty network card

Faulty network card

Circuit level gateway makes filtering decisions based off of sessions

True, session layer 5

This firewall filters packets by the payload within a packet Application layer Packet filtering Session layer Stateless

Application layer (7)

A proxy server handles requests coming from the internet to internal servers

False, reverse proxy server

Is a packet filtering firewall stateful or stateless?

Stateless, does see if data has an active session. Layer 5 is stateful and caches those known sessions

A proxy server should be used with an application firewall

False, proxy server is a type of application firewall

Combines a traditional firewall with other network device filtering functionalities

NGFW

Linux command to update or install iptables, retrieve the iptables package by entering this

Sudo apt install iptables-services

What are the 3 iptable chains? Input, output, listening Input, output, learning Input, output, forwarding Input, output, blocking

Input- controls behavior of incoming connections Forward- incoming connections not delivered locally Output- outgoing connections

What 3 options are you able to set on a firewall?

-packet source address -port number -packet destination address

Use a vpn to protect against internet based attacks

False, host based firewall

Sudo iptables -F Fragments rules Clears rules Creates rules Adds rules

Clears all the current rules

UTM firewall Inspection used when traffic throughput and speed are a priority -flow bases -NGFW -host based -networking

Flow based, Proxy inspection when data integrity is priority

If you can Ping from a to b but not from b to a what kind of issue may you have? Connection Speed NIC Firewall

Firewall

prevents the response to port scans from the WAN to protect against port floods Port forwarding Idle scan Stealth mode IPS

Stealth mode

An organization exposing some servers to the public through the internet for mail, web, extranet or vpn

Screened subnet, uses a firewall with a connection to the screened subnet that’s separate from internal network connection

Which is a use for an extended acl? -control network access for ip traffic -identify traffic for vpn access and filtering -allow remote access vpn’s to configure client firewalls and set dynamic access policies

-control network access for ip traffic -identify traffic for vpn access and filtering -allow remote access vpn’s to configure client firewalls and set dynamic access policies

What firewall is used to create a screened subnet to make a web server available to internet users

network based is used to create subnets

What do you need to add to an acl that is on a Cisco device? Implicit deny DV Permit Traceroute

You need to add a permit and identify the type of traffic Cisco all have implicit deny

This firewall counts as a router hop and support multiple interfaces

Routed firewalls

How would you set up a web server in a screened subnet?

You would place it in between 2 firewalls, one facing the internet and the other facing the internal network

How would you allow access to private resources from the internet in a screened subnet?

Place a vpn server in the screened subnet that one must authenticate to

3 network interfaces for dual homed gateway that need to be logged onto

-1connected to the internet -1 connected to the public subnet -1connected to the private network

Anomaly based detection is an IDS that looks for patterns in network traffic and compares to known signatures (malicious packets or another name is finger prints)

False, Signature based Anomaly defines a baseline and looks for anything that falls outside of that baseline by using thresholds as alerts

If IPS has more functions than IDS, why would you used IDS still?

As a back up if a malicious packet makes it through an IPS, an IDS may be able to catch it and alert the security team

can scan the content of encrypted traffic to prevent malicious attacks Nids Hids Nips Hips

Host based IDS

Managed switches are fast, less expensive and good for small networks and unmanaged switches are configurable (web based or command line), VLANs , port security and Link aggregation for bigger networks

False, reverse

SSH is in band management

True, need an ip address for authentication Connecting a work station to a console port on a switch with a rollover cable is out of band and needs to be done first on a switch

Place this in a wiring closet configured for vlan, port security and voip and then connect switches to faster upstream switch

Access level switch

What device would you use if you have 10 VLAN’s that need to communicate with each other?

Layer 3 switch to perform inter vlan routing

When you subdivide a switch into VLAN’s each vlan behaves as an independent switch and creates its own MAC address table

True

What OSI layer is each at below: -firewall blocking traffic using TCP 80 -a login process with multi-factor authentication -tech pings a server at 10.10.22.17 -Ethernet inactive from speed mismatch -MAC address of workstation

Layer 4 Layer 7 Layer 3 Layer 1 Layer 2

A dns request May be sent to one of many dns servers separated geographically on the internet. Which method of casting is this?

Anycast, single ip address has multiple paths to 2 or more endpoints

An internet connection at a distant site has failed. How would you remotely manage this router?

Out of band management, no internet access to use RDP or SSH

Which of these is untrue? -each port can be assigned to only one vlan -each vlan has its own MAC address table -to create a vlan assign individual ports on the switch to the broadcast domain desired

All are true

For a MAC address table, the frame is replicated and sent to every active port on the switch except the source port

True

Command to configure a switch to obtain an ip address from a dhcp server Ipconfig Ip dhcp Dhcp ip address Ip address dhcp

Ip address dhcp

Command to enable switch management from a remote network Dig Ipconfig IP Default gateway IP address

Ip default-gateway 192.168.10.185

Name one of 4 switch config commands you need to configure the switch ip address

Terminal Interface vlan Ip address subnet mask No shut down

STP uses this to prevent switching loops BPDU Encryption Open ports Root Port

BPDU (Bridge Protocol Data Unit)

802.1ax Fault tolerance NIC bonding Link aggregation NIC teaming

Link aggregation

Ports in a blocked state still receive BPDU’s

True

You would use trunking to enable devices in different VLAN’s to communicate with each other

False, layer 3 switch or router Trunks use Gigabit Ethernet uplink ports, VLAN tags are only used for frames that travel between switches on the trunk ports

PoE PoE + PoE ++ PoE ++ type 4

15.4 watts 25.5 51 71.3

Maintained by switch that contains MAC addresses and their corresponding port locations MAC address table CAM Table Port Table Route Table

Content addressable memory table

A trusted device is a device managed by an administrator in your company

True

ARP spoofing occurs in a router

False, a switch because it replaces a Mac address with an attackers MAC address in an arp table

How would you prevent vlan hopping? Disable auto negotiation Enable encryption Configure 802.1x Stateless firewall

Disable the switch’s auto negotiation setting for all ports except for those to which an authorized switch is attached.

keeps ports in assigned roles Root guard Bpdu Router advertisement guard Root port

root guard BPDU guard puts an interface into a blocking state when it receives a BPDU packet meant to change the root bridge switch

a method used on a LAN to allow or deny based on port or network connection such as controlling an access switch ACL Radius 802.1x Port forwarding

802.1x

Arp spoofing changes the mac address on a frame

False, that is mac spoofing Arp spoofing associates an attackers mac address with the ip address of a victims device

something an attacker can do through Mac spoofing

-Bypass 802.1x port based security -Bypass mac filtering -Hide identity to impersonate another device on the network

To make a switch a root bridge how would you do it?

configure a priority number lower than the default (32768)

Dynamic trunking protocol attack bypasses normal function of a router to communicate between VLAN’s and gain unauthorized access to traffic on another VLAN

False, switch spoofing Dynamic trunking protocol attack is not secure and allows a device to modify configuration information

manipulates a switch’s auto negotiation setting to access a vlan that’s connected to the same switch as the attackers vlan Arp spoofing Switch spoofing Vlan spoofing Max spoofing

Switch spoofing

Private network under one administrative authority who controls the network, interior routing

Autónomos system Exterior routing is done between 2 or more of these

shares its entire routing table with every neighbor at every routing update Distance vector BGP OSPF Arp

RIP 2 supports vlsm

True rip 1 doesn’t, rip 2 does

BGP is the only exterior gate way protocol (EGP)and is a hybrid

False, it is not hybrid it is a dv and supports vlsm

Eigrp is a hybrid routing protocol, interior gateway protocol and makes decisions based off of bandwidth and delays

True

Virtual ip (vip) can have multiple devices with the same ip address

True

Which routing protocol would you use if you wanted uninterrupted internet connectivity? BGP OSPF Rip Eigrp

BGP, Exterior dynamic routing protocols provide redundancy in internet connectivity

link state routing protocol, interior, classless, divides large networks into areas and is IPV6

IS-IS routing

One physical interface but you want to connect 2 ip networks. What would you use? Sub interfaces Nic teaming Link aggregate Wireless bridge

Sub interfaces

Permanently Mapping a particular host with a private ip address to a particular port number on a NAT router Port forwarding Static ip 802.1x Port isolation

Port forwarding or DNAT Data can come from in to out, but not out to in

NAT/PAT allows multiple private hosts to share a single public address

True

Hosts on a private network share a virtual ip address if the network utilizes a NAT router

False, physical ip address

If you have 5 servers that need to be accessed from outside your network and you put them behind a firewall so they can’t be accessed directly, which NAT method would you use? Static NAT Screened Subnet Dynamic NAT Port Forwarding

Static NAT, used for web servers because it will have the same ip address

2 stateful routers in traffic flow would cause an issue with asymmetric routing

True, the 2nd firewall would drop the inbound packets coming in

Routing loops cause broadcast storms

False, switching loops

Need a computer with access to the network but do not want hosts on the network to communicate with it

Use a VLAN

Ñame 2 dominant SAN technologies

-fibre channel -iscsi -fibre channel over Ethernet -Infiniband

What are san targets? Storage devices Servers Clients Hosts

Name for storage devices

What does a host use to connect to a San? San fabric Nic Switch Router

NIC or host based adapter (HBA)

Infiniband can support longer distances for San than fc

False, fc is 10km Infiniband is 300 meters

2 types of SANs that need special switches to create San fabric that client systems are not directly connected to

Iscsi and fibre channel sans

This storage is grouped together to provide fault tolerance and to users on the network appears as a single file server Static nas San clustering Nas clustering Static san

Nas clustering, without clustering users would see multiple servers instead of 1

3 components of SAN

Hosts (hypervisors) Storage (targets/devices) San fabric (cabling)

Fibre channel needs 10gbit to function

True

configures an iscsi target and defines its security settings, including chap and pap San Initiator Fibre Cluster

Initiator

Voip is on what layer? Application Session Transport Network

transport layer and mostly udp

Voip hooks up to what connector? Rj11 BNC RJ45 F connector

rj45 for the internet

Algorhythm to compress data in order to save bandwidth for voip

Codec

Voice data transmission through a packet switched ip network

Voip

Latency should be below 250 milliseconds and between 75-150 milliseconds

True

How would you fix increased bandwidth due to voip?

Replace codec with a more efficient one

Hypervisor types

1 bare metal and OS on physical machine 2 software application

3 Hardware components controlled by hypervisor

RAM, cpu, storage

Allows virtual machines to interact with hardware without going through the host operating system

Hypervisor

Type 2 hypervisor is an enterprise level type

False, type 1 Type 2 is installed on pc of laptop and is small scaled (no server)

Impossible to decrease once allocated in virtualization

Storage

Multiple virtual NIC’s can be added to a virtual machine and they need the appropriate driver to function

True

Multiple networks can connect to a single interface on a physical router

False, virtual router Physical routers can only do one interface per network

Allows physical and virtual machines to communicate with each other Hypervisor Vlan Virtual switch VNC

Virtual switch

Software applications to the client either over the internet or on a local area network. Most used model SDN SDWAN SaaS MGRE

SaaS

Everything a developer needs to build an application. Don’t manage hardware or software. Client in charge of securing data. Provider handles updated Saas Paas Iaas Daas

PaaS

Processing, storage, networks and virtualized environment. Runs software without purchasing servers, data centers, space or network equipment. Provider handles update. Client is responsible to secure networks and data IaaS PaaS SaaS Daas

IaaS, responsible for everything but hardware

Tunnel mode only encrypts each packers internal data. Destination and source address are in the clear

False, transport mode (end to end or host to host) later 4 Tunnel entire packet is encrypted, put into a non encrypted packet and is given a new ip header (site to site)

SSL requires these for encryption and identification Username and passwords Mutual authentication Time stamps Certificates

Certifícates

Encryption algorithms to prevent cyber attacks from read packet contents Availability Accounting Integrity Confidentiality

Confidentiality

Using hashing algorithms to ensure packets were not altered in delivery Encryption Integrity Confidentiality SSL

Integrity

Uses this to authenticate source and destination 802.1x Pnac Radius IKE

IKE

Ñame 2 VPN benefits

-cost savings -compatibility -Security -Scalability

Z wave and Zigbee both are wireless mesh networks for communication with smart devices. What is the difference?

Z Wave is simpler and cheaper

Devices, gateway, data storage and remote control are 4 primary IoT technologies

True

Ad hoc is used to establish temporary connectivity such as to copy data from one system to another

True

Wireless networks operate in full duplex

False, half duplex

5ghz is a longer frequency that can travel through physical barriers like walls and floors

False. 2.4 5ghz is faster, but more prone to interference

Encodes data over a wireless network using non overlapping channels OFDM Mimo T1WAN Mu mimo

OFDM

Time it takes for a wireless client to find a wireless access point Beacon interval Time drift Connection speed Stratum

Beacon interval, also announces SSID, support speeds and signaling method

If you can’t ping systems on different segments you should use this device Bridge Router Switch Nic

Network bridge

How would you connect to a wireless access point if ssid broadcast is disabled?

Manually configure a profile on the wireless client

Use this at different times of the day to check channel utilization and identify sources of RF interference at each location you deploy an access point Spectrum analyzer Wireless inspection Vulnerability scanner Beacon interval

a spectrum analyzer

9 decibels is a high gain antenna

False, 2-9 is normal 12 or higher is high gain

Known for home security and act as a repeater with low data transfer

Z wave

Compares WiFi signal yo level of background radio signals Wireless inspection Sight survey Heat map Signal to noise ratio

Signal to noise ratio

SNR higher than 1:1

More signal than noise

Pushes a common configuration out to all the access points in a large enterprise. Typically hub and spoke Broadcast Wireless controller Ip helper Multicast

Wireless controller

These access points contain very little intelligence and need a wireless controller to manage them Unmanaged switch LWAP Managed switch Layer 3 switch

Light weight access points (LWAP)

How would you get rid of a bottle neck in a wireless controller? Load balancer ACL Proxy server Distributed wireless mesh

Use a distributed wireless mesh

What would you need for 2 buildings to be able to use a wireless bridge to connect them?

Directional antenna facing each other

Connects wireless network to internal wired network Bridge Wireless controller Content switch Router

Wireless controller

Need these 3 to be the same to enable roaming in a wireless network

SSID Channel IP Subnet

WAP and NAT router create what? Wireless router SSID broadcast consumer Grade Layer 3 switch Consumer grade access point

Consumer grade access point

Roaming uses multicast for the same SSID across multiple AP’s

False, broadcast

Wireless controller can provide DHCP, work as a router and connect wireless network to wired network

True

Cisco wireless equipment to route frames back and forth between the wireless network and wired lan Wireless controller Light weight access point Bridge Content switch

LWAPP

Auto partitions a single broadcast domain into multiple VLAN’s Trunking Trunk port Default vlan Vlan pooling

Vlan pooling

Proving your identity

Authentication

Open authentication would include Mac filtering and an active portal

True

Wireless signals extending beyond the intended area of coverage Channel overlap Data emanation Attenuation RFI

Data emanation, do not place AP’s near walls and encrypt all traffic

Attacker gains unauthorized access to an existing Bluetooth connection between phones, desktops or laptops

Bluesnarfing

Anonymously sending messages to a blue tooth recipient with a distance of 10-100 meters Bluetipping Bluejacking Bluesnarfing Bluemessaging

Bluejacking

For 802.1x authentication where would you configure the password?

On a radius server

What provide the most interference for wireless access points

Cordless phones Backup generators

You would use this in an environment where there is no clear line of sight between clients and access points and radio signals are reflected along multiple paths before being received Antenna diversity Cladding Mimo OFDMA

Antenna diversity, Improves quality and reliability of a wireless link

Place access points on the highest floor to avoid interference

True

Uniquely identifies the Wap

Ssid

Cable that extends from central office to the customer location. Owned and maintained by the service provider Smartjack Local loop Demarc extension Pstn

Local loop

Wan technology that provides increase bandwidth within the local loop MGRE ISDN Multiplexing BiDi

ISDN

2 forms of ISDN?

Basic rate interface (BRI)- digital signal over POTS Primary rate interface (PRI) - uses digital signals either T1 or E1

Wan data classification and data carrying mechanism. Packet switching technology that supports variable length frames SDN Frame relay Mpls MGRE

Mpls

Collection of devices and structure that connect 2 distant locations which is managed by the service provider Cloud Wan Vpn Demarc

Cloud or wan

Difference between circuit and packet switching?

Packet can take different routes to reach destination

Metro Ethernet configuration Star Mesh Ring Bus

Star or mesh topology, collection of routers and switches connected by fiber to create a metro area network

T1 runs at 64kbps and has 672 channels

False, T3 T1 is 24 channels and runs at 64kbps

DSU reads and writes synchronous digital signals

True, csu manages the digital channel DSU reads and writes synchronous digital signals

E1 is 32 channels at 64kbps

True

OC1 is 51.84 and OC3 is 622.08

False, OC 12 is 622.08 OC3 is 155.52

What kind of switching is often used in telephone networks? Distributed Packet Circuit Public

Distributed switching

Coarse wavelength division multiplexing can carry 40-80 different signals

False, dense wavelength multiplexing CWDM is 16 signals

BRI is 2 B channels at 64kbps and one d channel at 16 kbps

True, pri uses 23 B channels and and 1 Channel at 64kbps

Which single form of internet connectivity provides the greatest potential connectivity wherever you travel? PSTN WLAN WAN Open

PSTN

T1 uses 2 pairs of copper and transfers data at 64kbps

True

Available regardless of whether telephone company network is available Cable modem Out of band management RDP Nic

Cable modem

First internet compatible technology and offers speed of 400 to 1,000kbps

Edge cellular technology

GSM uses this to allow multiple connections on the same frequency? Time division multiple access OFDMA Multiplexing Mu mimo

Time division multiple access

Cellular network type that uses mimo to increase 3G data throughput

LTE and hspa+

Existing needs are minimal which internet connectivity would you use?

Pstn

Process of identifying resources that a user can access over the remote access connections RDP Client-server Authorization Accounting

Authorization

Activity that tracks or logs the use of the remote access connection Snmp Netflow SFlow Accounting

Accounting

Connection requests from remote clients are sent to what server to be approved or denied? Radius TACACS AAA Vpn concentrator

AAA server (authen, authorize, accounting)

Password authentication protocol 2 way handshake with a username and password in clear text, not secure

PAP

What is CHAP?

Challenge Handshake Authentication Protocol 3 way handshake and not sent in clear text like pap

Radius encrypts the entire communication session between the remote servers and radius server

False, TACACS +

Eap negotiates authentication through tickets

True, also password, smart cards and more methods

Ñame 2 protocols used for a AAA remote access

Radius and TACACS+

Splits each AAA into a separate server

TACACS +

What would you use to connect to a server at a remote location? Vpn Remote access TKIP Client

Remote access

Port 49

TACACS +

Port 1812 and 1813

Radius

Provides privacy and data integrity between 2 communication applications TLS IPSec SSL PPTP

TLS

3 types of vpn protocols

Carrier protocol (IP) Tunneling protocol (L2TP) Passenger Protocol (data being transmitted)

3 things IPsec encryption combined with L2TP (Layer2 Tunneling Protocol) provides

Per packet data origin authen (non repudiation) Replay protection Data confidentiality

Intermediary devices (routers) can examine packet headers in transport mode

True

In a vpn only this can unwrap packets and. Decrypt the packet contents Source destination tunnel point Radius server Destination tunnel endpoint NGFW

Destination tunnel endpoint

IPSec cannot be used with NAT

True

What 2 vpn protocols merged to create L2TP?

Layer 2 forwarding and PPTP

Vpn concentrator controls access to private network through multiple servers

False, single server Radius is multiple

routes layer 3 protocols across an ip network GRE IPSec T1 Frame relay

GRE

Uses port 443 and encrypts entire communication session

Ssl vpn

A healthy cpu utilization range should be what percent? 41-80% 8-40% 50-75% 75-90%

8-40%

When a new app is launched, it is normal for utilization to spike up to 85-90%

True

Term for when a system is unable to keep up with demands placed on it Latency Jitter Bottleneck Hard fault

Bottleneck, happen in systems The other 3 happen in devices and the network, not in a system

Speed at which packets travel from source to destination and back Iperf Speed test Latency Packet switched

Latency

If the hard disk light on the front of the system stays lit what does it mean? STP Working as usual Bad NIC Needs more RAM

Computer is constantly working to move data into and out of memory. Needs more physical ram

Resource monitor will show memory utilization

True

If a computer is restarting crashing constantly it means what?

Overheated

Where do you check your CPU’s temperature? NIC Internal hardware Bios Database

Bios

Defines and organizes the parameters that snmp agents will monitor on respective devices (router, server, firewall etc) Walk MIB Oid Get

MIB

An agent sending to the manager to confirm receipt of a transmission for snmp Get Walk Trap Inform

Inform

Snmp uses this to identify a group of devices under the same administrative control

Community strings

In snmp when an event occurs the agent logs details regarding the event is called what?

Trap

In snmp this component uses getnexr messages to navigate the MIB structure

Walk

*Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interfaxe FastEthernet0/0 changed state to down

Default log message -Time Stamp- *Aug 8 11:18:12.081: -Facility (created message)- %LINEPROTO -severity level- -5- -mnemonic- UPDOWN -message text- Line protocol on Interfaxe FastEthernet0/0 changed state to down

This log shows access, events, crashes, updates and anything else valuable for conducting a root analysis

Application log

Log that records information related to logins, incorrect passwords and user rights

Security log

Where can you view if you have a bad video driver if it gives you issues Network interface Dump files Ipconfig Netstat

Dump files

Level 7 is the most severe level in logging

False, 0 is an emergency that can severely impact the system 7 is debugging

You think an attacker is on the web server and can make modifications to the system and logs. What should you do?

Use Syslog to send logs to another server

You want to look at a log of when some restarts occurred. Application History System Security

System log, shows os and hardware events, new hardware or when system started or shut down

Shows when a user logged onto your site, tedious to go through Web server log Application log Security log History log

Web server log

In this the Nic receives only packets that are addressed to its MAC address Switch Promiscuous mode Stealth scan Non promiscuous mode

non promiscuous mode Promiscuous is the Nic receives all packets on the same network segment

Determine which os is running based on how a system responds to different types of network traffic Protocol analyzer Packet capture Fingerprinting Packet sniffer

Fingerprinting

Connecting to a switch and overloading it with fake Mac addresses to have it work as a hub to send out all traffic to each device MAC flooding MAC spoofing Vlan flooding Vlan spoofing

Mac flooding

Passive device that copies frames and allows you to view frame contents but does not allow you to capture, modify and retransmit frames Taps Port mirror Protocol analyzer Packet sniffer

Protocol analyzer

Low humidity results in EMI Electrostatic charge Short Open

Electrostatic charge

Bringing cold air in the front and ducting heat in the back. Ñame for where heat is sent Hot aisle Cold aisle Health check Temperature check

Hot aisle

When you use packet sniffing software you see frames addressed to workstations but not to a router. What switch feature should you configure?

Port mirroring, all frames are sent to all other switch ports instead of just the one it is on

Electrical equipment fire, use this Extinguisher Fire blanket Halon CO2

Halon or CO2

Metal fires use dry powder to suppress

True

For combustible liquids(oil, alcohol) use water or soda acid

False, CO2 or FM200 Combustible, wood, cloth etc use water or soda acid

Primary focus of scope for BCP Human life Business processes Recovery time objective Company assets

Business processes

An agreement that outlines the organization’s monitoring activities EMA SLA MOU COOP

Employee monitoring agreement

You want to make sure the correct ports on a firewall are open and closed. Which document should you look at? Baseline configuration Wiring schematic Wireless site survey IDF

Baseline configuration

Shows layout of electrical, hvac, plumbing and networking wiring Wiring diagram Rack diagram Floor plan Network diagram

Floor plan

Ability to respond to an unexpected hardware or software failure without loss of data or loss of operation Coop Fault tolerance Redundancy UPS

Fault tolerance

What is the SPOF with a cluster of 2 servers with a single shared storage device and each has a single connection to the shared storage and a single connection to the ISP?

The ISP, provide redundancy by connecting one server to a different ISP

Converts DC power stored in the batteries into ac power that can be used for the data center

Inverter

What is the least effective power loss protection for a computer system? Surge protector UPS 2nd power source Back up generator

Surge protector

You should not run a cable across the data center floor

True

Increases network performance and provides a failover solution for network adapters

Ethernet bonding

Ethernet bonding increases speed

False

Clusters are identified by an ip address. This is where client requests are directed to

True

This allows you to use a secondary router to serve as an alternate Redundancy VRRP FHRP Faul tolerance

FHRP

Backs up everything since the last full back up

Incremental

Looks for files that have been modified since the last full backup. Backs up everything since last full backup

Differential back up, does not back up everything since the last differential backup

NAS is typically used in large companies for storage

False, SAN

Incremental backup has a shorter restoration time but may consume more disk space from file changes

False, differential

Backs up files that have archive but set and does not mark them

Differential

Backs up only files that have archive bit set but marks them as being backed up

Incremental

Full back up every night, Wednesday morning the storage system fails. How many restore operations do you need to recover all data

One, just restore the last full back up of wednesday

Fastest restoration of all data if a system failure occurred on a Friday -Restore the full backup from Sunday and all incremental backups -Restore the full backup from Sunday and the last incremental backups -Restore the full backup from Sunday and all differential backups -Restore the full backup from Sunday and the last differential backups

-Restore the full backup from Sunday and the last differential backups

Full back up every Sunday and differential Monday through Saturday System fails Wednesday morning. How many restore operations to recover?

2 Restore full back up Sunday Restore differential from Tuesday

Full backup Sunday night Incremental Monday through Sunday Thursday morning the storage fails. How many restore operations?

4 Restore full from Sunday Restore incremental M-W

This backup includes system volume, OS, installed programs, drivers and user data file Full System image backup Differential Incremental

System image backup

Translates between the external network and internal network, placed inside a screened subnet Dmz Web server Remote Desktop gateway NAT

Remote Desktop gateway

RD gateway encrypts RDP using TLS

False, SSL

Identifies the internal resources that users can access Fingerprinting Sniffing RD RAP RDP access

RD RAP (resource authorization policy)

Citrix RDP

ICA

Set of rules and practices that protect the data and resources from unauthorized access Policies Firewall Vpn Confidentiality

Confidentiality

SFTP uses SSL to be secure

False, SSH FTPS uses SSL

Secure form of SLIP

PPP, uses PAP or CHAP for authentication and encryption to create a connection between 2 devices

Most common insider attacker Spoofing Man in the middle Unintentional threat actor Arp poisoning

Unintentional threat actor

Which is an internal threat? -Delivery man is able to walk into a controlled area -user accidentally deleted the new product design -server back door allows an attacker to gain access

-user accidentally deleted the new product design

A honeypot reveals information about an attackers methods and gathers evidence for identification or prosecution purposes

True

No prior knowledge to the infrastructure they are testing

Black box testing

Grey box testing is when the person has full disclosure of information to mimic an internal attack

False, white box Grey is some information

an attacker trying to figure out an OS or applications

finger printing/footprinting?

Seems to identify costs that cannot be concretely defined for analysis Cost ratio Forensic analysis Quantitative Qualitative

Qualitative

Performed in the security perimeter and what is performed outside of the perimeter? Vulnerability scanner Ingress Penetration testing Egress

Vulnerability scanner, penetration testing

Thorough systematic discovery of as much corporate network as possible. Examples are war driving, social engineering and fire walking Ip spoofing Network enumeration Network mapping Whaling

Network enumeration/mapping

Single blind test is when tester has no prior knowledge and admin has no idea a test is being done

False, double Single is one of them does know

Gathers all event logs from devices and sends securely to the SIEM Trap Get Collector Walk

collectors Data handling receives data from the collector, analyzes and puts it into categories

Finds potentially vulnerability and attempts to exploit it Intrusive scan Threat Vulnerability Weakness

Intrusive scan

Looks for vulnerability and gives you a report on what it finds Pen test Stealth scan Non intrusive scan SFlow

Non intrusive scan

Not authenticating to a system before you scan the system Open Non credentialed Credentialed TACACS+

Non credentialed

sees what services are running on a set of servers on your network Netstat Vulnerability scanner Protocol analyzer Ipconfig

vulnerability scanner

How do network mappers discover devices? Open ports Open ip address Ping scan OS scan

Using a ping scan, can make geographical representation

Gathers information on which applications and services are running. Identify open firewall ports, missing patches and default or blank passwords

Vulnerability scanner

CCTV type used in area with little light

Infrared

Measure of sensitivity to light Light meter Lux Fiber optic OTDR

LUX

Tailgating is following someone with their consent into a building

False, piggybacking

Trojan horse

System that looks safe but has a virus inside it

Set of programs that allow attackers to maintain permanent and hidden admin level access to a computer

Rootkit

Spoofs the source address in ICMP packets.

Smurf attack

Exploits the 3 way handshake WPA2 SYN Flood Dragon Fly Multicast flooding

Syn flood

Attacker steals an open communication session from a user

Session hijacking

Attacker uses a protocol analyzer or sniffer to capture authentication info from client to server is what kind of attack? Man in the middle Dns poisoning Replay attack Arp poisoning

Replay attack

Malware software

Designed to take over or damage a computer

Table of passwords and generated hashes

Rainbow table attack

Random characters added at beginning or end of password Encryption TKIP Cipher Salting

Salting the hash

Difference between a worm and virus?

Worm can replicate itself, virus requires a host for distribution

Source ip address of a packet is changed

IP spoofing

DNS poisoning steps

1. Request DNS info in addition to ip address. Server provides 50 times more information 2. Spoof their own ip address to be that of the target machine 3. Repeat steps 1 and 2 to overwhelm the dns server (DOS)

MAC spoofing changes the MAC address associated with an ip address

False, arp spoofing MAC spoofing is spoofs the MAC address of a valid host in MAC address table of switch

Examines packets incoming to the network and the opposite examines packets going outward

Ingress and egress

Router on the border of your network detects a packet with a source address from an internal client but the packet was received on the internet facing interface. What is happening?

Spoofing is in place

Act of spying on private information or communication. Sniffing is an example Confidentiality Encryption Snooping Stealth inspection

Snooping

Bypasses acl’s on several routers by bypassing a computer on a network or allowing a pc to impersonate another device

MAC spoofing

Linking MAC address with ip address of legitimate computer on server or network

Arp poisoning

Most effective protection against ip packet spoofing on a private network Encryption Honeypot Hashing Ingress/egress filters

Ingress and egress filters

A switch shutting down when max amount of mac addresses is reached is counter measures against what? Sniffing Penetration test Threat Max spoofing

Sniffing

Reviews messages that are delivered to the device and determines whether they are coming from authorized devices Router advertisement guard HIDS Nids Packet capture

Router advertisement guard

Switch ports connected to hosts (servers, workstations, and printers) are configured to be untrusted

True, Switch ports configured to network other switches are trusted

Disable unused protocols, services, and ports to harden this

Router

Install only required software hardens what? Router Workstation Switch Server

Server

If a device doesn’t have the latest OS patch, it will go to this special server San Web Quarantine Remediation

Remediation server

Best practice for hardening a server is to apply latest patch, disable unnecessary software, ensure a host based firewall is running

True

Use each below to harden a user account: Multi factor authentication Account lockout threshold Time of day restrictions Auto account expiration

True

A false positive is when a person. Who should be allowed access is denied access

False, false negative Reverse

Strong authentication using a secret crypto key. Can provide identification across insecure connection Kerberos AES CHAP TLS

Kerberos

Authentication Verifies user

False, Identification Authentication verifies I’d credentials

Provides authentication to a WLAN and uses a public key over TLS CHAP EAP PAP PEAP

PEAP

Authentication used for remote access connections Kerberos Radius CHAP TACACS+

CHAP or MS-CHAP

Used to authenticate users within a LAN with usernames and passwords Radius 802.1x Kerberos PPTP

Kerberos

Authentication for wireless devices Radius TACACS+ 802.1x Kerberos

802.1x and for ports

Identifies how credentials are submitted, protected during transmission, and validated. Authentication Confidentiality Accounting Authorization

Authentication protocol: passwords, certificates and digital certificates for identity

Digital document that identifies a user or a computer. Includes subject name that is the name of the user Digital signature CA SSL Certificate

Certificate

a collection of hardware, software, policies, and organizations that create, issue, and manage digital certificates. OSI PKI Floor plan Network map

A public key infrastructure (PKI) made up of CA’s

You can obtain certificates from a public CA such as DigiCert or install your own PKI and CAs to issue certificates to users and computers in your organization.

True

Computers accept as valid any certificate issued by a trusted CA. By default, most computers trust well-known public CAs

True

Accepts certificate requests. Verifies the information provided by the requester. Creates and issues the certificate to the requester. Revokes certificates, which invalidates them. Publishes a list of revoked certificates known as the certificate revocation list (CRL

digital document that is altered in such a way that it could have come only from the subject identified in the certificate. CA Integrity Digital Signature CHAP

Digital signature

The server generates a challenge message and sends it to the client. The client responds with the username and a value created using a one-way hash function on the challenge message. The server checks the response against its own value that was created using the same hash. If the values match, the client is authenticated. Is steps for what?

CHAP Steps

Voice recognition is an example of something you do

False, something you are Typing behavior is something you do

This authentication controls access through switches and access points

802.1x

Provides support for smart card authentication Something you have Ssl Multi factor Eap

EAP

Ms chap and chap both use 3 way handshake to authenticate

True, MS only uses mutual authentication though

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days. Where would you configure this? Ethernet settings Password hardening Group policy SSH

Configure account policies in Group Policy

You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration?

User can’t change password for 10 days

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. What actions should you take?

-Delete that sales account -Train them to use their own user accounts Reasoning: You should prohibit the use of shared user accounts. Allowing multiple users to share an account increases the likelihood of the account being compromised. Because the account is shared, users tend to take security for the account less seriously.

Manages deployments of updates to system and how aggressively work stations will ge updated Servicing channels CSU DSU Rings

Servicing channels and rings

How long can windows 10 pause updates?

7 days

-Windows Update for Business works with all versions of Windows 10 except Windows 10 Home. -Windows Update for Business provides the latest features for your Windows 10 devices, including security upgrades.

True

provides you with Windows and Store app updates and other Microsoft products.

Windows Update Delivery Optimization function

A log or record of all notable changes made to a Windows system.

WindowsUpdate.log

Layer 3 protocol used to classify IP packets In the IP header that Inserts a code value in this field to prioritize data flow. Routers forward packets according to this field Diffserv COS QOS Tcp flags

Diffserv,

Restricts the amount of data type that can be sent during a specific time frame Bandwidth throttling Port isolation Switch Firewall

Bandwidth throttling

What would you use to improve the speed of file transfers? San Trunking Fibre Channel Port aggregating

Port aggregation

How many collision domains with 2 computers and a router connected to a switch, but also connected to that router is a hub with 2 computers connected to it?

2, both computers and the router to the switch and then the hub with its 2 computers. Router is not in a collision domain

Individual frames marked and classified at layer 2 with a priority value between 0-7 with each number indicating a traffic type TCP Flags COS QOS Severity

Class of Service (COS)

use specialized hardware called an application-specific integrated circuit (ASIC), which performs switching functions in hardware rather than using the CPU and software.

Switches

You would like to implement a device to speed up access to your web content. The device should be able to distribute requests between the various web servers using specialized hardware, not just software configurations. In addition, SSL sessions should use the hardware components in the device to create the sessions. Proxy server Content switch Vpn concentrator Radius server

Content switch, Use a content switch to perform these functions. Switches use specialized hardware modules to perform common tasks. For example, you can have a switch with a special hardware module that's used for SSL connections. Using the hardware module in a specialized switch is faster than using the CPU or software in another device.

Which type of switch optimizes network performance by using ASIC to perform switching at wire speed? Multilayer Content Distribution Layer 3

A multilayer switch, uses specialized hardware called an application-specific integrated circuit (ASIC) to perform switching functions in hardware rather than using the CPU and software. ASIC allows switches to perform the switching function at wire speed.

0 - Background 1 - Best effort 2 - Excellent effort 3 - Critical applications 4 - Video (< 100ms latency) 5 - Voice (< 10ms latency) 6 - Internetwork control 7 - Network control

True

Command that Tells you if your serial interface is up or down

Show interface

Use this to check the right FQDN is with the correct ip address

Nslookup

How would you check a vlan setting? SSH Packet capture Port isolation Trunking

Using ssh

A user can’t connect to a server, you find no other user can. What do you do next? According to trouble shoot methodology

Determine what has changed

A user can’t connect to a website, you reproduce the problem, what should you do next according to troubleshooting methodology?

Identify the affected areas of the network

Displays network connections for TCP

Netstat

can detect all the channels that are broadcasting in the area and see all the overlaps in your Wireless network. This can give you an idea on how to set up the channels and reduce the interference between access points. There are free versions that are easy to download. Ofdma Mimo SONET WiFi analyzer

Wifi analyzer

A cross platform tool that measures speeds across a network over multiple connections. It is an in-depth monitoring tool that looks at timing, buffers, and protocols that deal with TCP, UDP, SCTP with IPv4 and IPv6. also help balance congestion on a busy network. It can remain in the background on a server to monitor the throughput between devices.

Iperf

Port scanner Use a port scanner to check for open ports on a system or firewall. Compare the list of opened ports with the list of ports allowed by your network design and security policy. Typically, a port is opened when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed towards that port.

You are traveling throughout North America to many metropolitan and rural areas. Which single form of internet connectivity provides the greatest potential connectivity wherever you travel?

Pstn

Broadband cable is dependent on service offerings from the regional cable television company, which does not have as great a presence as the telephone company. To use broadband cable, the service must be added to the cable TV package.

True

Topology where messages travel from one device until they reach the destination device

Logical ring

Topology with messages broadcast to all devices on the network

Physical bus

Provides the os a link to the device driver

Llc

Translates generic network requests into device specific terms MGRE Port aggregate MAC sublayer Snmp walk

MAC sublayer

ISCSI and fibre channel SAN’s are not directly connected to a switch.

True Use (San fabric) Have a special switch that clients don’t connect to

You are the network administrator for a large hospital. One of your users, Suzie, calls you stating that she is unable to access any network resources. After some initial troubleshooting, you realize that her computer is using the IP address 169.254.0.52. You've confirmed that the network's physical connection is connected properly. Which of the following should you do next?

Renew the ip address

TLS Handshake- connection security with encryption

False TLS Record- connection security with encryption TLS Handshake- provides mutual authentication and choice of encryption

Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network

DNAT (port forwarding)

IKE uses which of the following functions to negotiate a Security Association (SA

Internet Security Association Key Management Protocol (ISAKMP) establishes a framework for the negotiation. The Diffie-Hellman key exchange generates symmetric keys used for the encryption of the negotiation of the SA

Which of the following WAN technologies provides packet switching over high-quality digital lines at speeds greater than 1.544 Mbps? Pstn Frame relay SONET MAN

Frame relay, networks are packet-switched networks that operate at T1 or T3 speeds. Frame relay achieves faster speeds by using high-quality digital lines, which require less extensive error control than X.25 networks.

Which ip address do broadcast messages use? Last valid Loopback Ping First valid

The last valid ip address First is the network id

Virtual NIC’s need appropriate driver and multiple virtual NIC’s can be added to a virtual machine

True, They have MAC addresses also

updates filters to block suspicious traffic and performs reverse lookups to identify an intruder Network based firewall IDS Host based firewall IPS

IDS

Comparisons to known attack patterns Anomaly based attack Signature based attack Rainbow table IDS signature

IDS signature

2 extensions that use MIMO to increase bandwidth

LTE and HSPA +

Intermediary network between 2G and 3 G

Edge

4G that delivers high speed internet to large geographic areas

WIMAX

3G tech that adds additional traffic channels to increase bandwidth

CDMA2000

Cisco wireless equipment to route frames back and forth between the wireless network and wired LAN Wireless LAN controller Light weight access point Bridge Beacon interval

LWAPP

Which of the following routing protocols divides the network into areas with all networks required to have an area 0 (to identify the backbone area)?

OSPF Each autonomous system requires an area 0 that identifies the network backbone. All areas are connected to area 0, either directly or indirectly through another area. Routes between areas must pass through area 0.

IDS that alerts trespassers HIDS PIDS Nids IPS

PIDS

Which of the following cellular network types provided digital data service, such as text messaging, but did not offer internet

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. What are these?

Anomaly based IPS

Unmanaged switches have advanced management and security features

False, managed

When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch? Native vlan Default vlan Trunk port Trunking

Trunk port

2 switch features used with voip

PoE VLAN

Port A and Port B have auto-negotiation enabled. Port A has a speed capacity of 100 Mbps, and Port B has a speed capacity of 1,000 Mbps. At which speed will the ports communicate?

100 mbps When enabled, auto-negotiation selects the highest speed at which both ports are capable. Because Port A has a capacity of 100 Mbps, auto-negotiation will choose 100 Mbps for both ports.

Configures how a MAC address table is filled IPAM Switch Port security Vlan

Port security, protects switch from flooding

Message encryption and used agents and manager authentication SNMPv3 AES CHAP PAP

SNMPv3

Humidity in server room is at 60% and temp is 80 degrees. How can you reduce?

Add separate A/C unit in the server room

By default, a NIC only accepts frames addressed to itself. To enable the packet sniffer to capture frames sent to other devices, configure the NIC in promiscuous mode (sometimes called p-mode). In p-mode, the NIC processes every frame it sees.

True

Counteract email spoofing with this

X headers

Identifies devices under the same administrative control

Community string

This OS system does not use Syslog

Windows

You have a website that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before performance is negatively impacted Utilization RAM Storage Load tester

Load tester

L2TP came from what 2 protocols

Layer 2 forwarding and PPTP

Hides in a harmless looking software but has a hidden program with admin access to os systems

Rootkit, Trojan horse is a type

Where to place ACL’s

As close to the destination as possible

The lower the number the more light you need for a clear image in lux

False, lower number lux the less light is needed for a clear image

What Firewall operates at network and transport layers. Filters by both ip address and port number

Stateful inspection firewall

What firewall protects your laptop from internet based attacks?

Host based firewall, inspects traffic received by a host. Use a host-based firewall to protect your computer from attacks when there is no network-based firewall, such as when you connect to the internet from a public location

Firewall that protects your data from internal attacks

Network based, place on edge of private network

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services Dhcp Port forwarding ARP Inspection Port Scanner

Port scanner

Which of the following components do switches use to optimize network performance by performing switching operations in hardware rather than using the CPU and software?

ASIC

Netstat-n shows active UDP connections

False, TCP A will show both

Locates network cables

Tone generator

This routing happens when a packet travels on a different outbound path than it travels on the inbound path.

Asymmetrical

Your computer is sharing information with a remote computer using the TCP/IP protocol. Suddenly, the connection stops working and appears to hang. Which command can you use to check the connection?

Netstat

You manage a network that uses 1000BaseT Ethernet. You find that one device communicates on the network at only 100 Mbps.Which tool should you use to test the drop cable and connection to the network?

A cable certifier verifies or validates that a cable or an installation meets the requirements for a specific architectural implementation. a specific drop cable meets the specifications for 1000BaseT networking.

Can block and detect malicious payloads Network based firewall Host based firewall IPS HIDS

IPS

Packet filtering firewalls filter by inspecting contents of network packets

False, only by IP address, port and protocol

Switches running STP are in the process of exchanging BPDUs and redefining their roles. Which port state are the switches currently in?

Listening

Vpn that employs IPSec as it’s data encryption Radius L2TP PPTP Ppp

L2TP Dial up vpn connections Ppp or pptp use chap or pap for encryption

NIDS analyze encrypted traffic

False, HIDS monitors traffic coming into host NIDS analyzes just network traffic

What command line would you find all ip address for professormesser.com?

Dig or Nslookup

Must be an ip address on the local subnet

Gateway (Default gateway 192.168.1.1)

Routing protocol thst routers use to learn and share routes Convergence BGP Eigrp OSPF

BGP

Each vlan is it’s own broadcast domain

True

Minimum frame size and the name of a frame lower than that amount

64, runt

Wireless performance issues look at one of these 3

Speed Throughput Distance

Latency and firmware issues could mean a what issue? Ip configuration issue Hardware issue Wired network controller issue Routing issue

Wired network controller issue

Disable legacy speed, check channels to avoid overlap, adjust out out power for less interference and AP conflicts, split network for more AP’s and frequencies helps manage what? Access points WAP Channel utilization Iperf

Channel utilization

Wireless signals get weaker the further away from antenna, Attenuation can be measured with this

WiFi analyzer

Control power out out on AP, use a receive antenna with higher gain and being aware power is lost in antenna cable co-ax are solutions to this Wireless signal issues Antenna placement Channel utilization Ip configuration

Wireless signal issues

Access point issue where you don’t connect to the right WiFi

Wrong SSID

Changing an access point with a legacy device could cause this issue

Security issue, same encryption for client and AP (WPA2/3 is most up yo date, prior wep or wpa)

Interference, slow througput, access point locations or channels could be an issue with this for wireless Hardware failure Incorrect antenna placement Switch spoofing Wrong vlan

Incorrect antenna placement

Do this before blindly troubleshooting

Look at the device (switch, router, etc) configuration (ssh, terminal, web console or desktop)

Default gate way or static route issue look here

Routing table

Single device issue could be this Wrong ip address Wrong subnet Interface issue Ip configuration

interface issue, check physical connectivity, nothing works if this has an issue, check for errors and mismatches

Connecting a device to a switch and dhcp address is not in subnet or can’t talk to other devices Appipa Wrong default Wrong subnet Vlan mismatch

Vlan mismatch

Every switch interface is configured as one of these 2

Access port (each assigned a vlan) or trunk port

Plugging into wrong interface is what type of issue

Vlan issue

Interface issue with Duplex mismatch or hardware bad Nic or driver could be from this

Collision

Use a packet capture to identify source, see how many are going on at once and separate the network smaller would be solutions to this issue

Broadcast storm

Potential man in middle attack or local administered MAC address or manufacture error would be this issue and solved by a packet capture

MAC spoofing/duplicate

Wrong static ip address, multiple dhcp servers overlap, rogue dhcp, 2 addresses fighting for connectivity and blocked by os would be this issue Hardware failure Ip configurations Duplicate ip addresses Vlan mismatch

Duplicate ip addresses

Check ip addressing, ping an ip address before static addressing, capture dhcp process, ping ip address and look at mac and arp table to troubleshoot this Duplicate ip address Man in the middle Ip configuration Hardware issue

Duplicate ip address

No multicast destination address in switch forwarding table so each multicast is sent to every switch port, consumes bandwidth and resources on remote device

Multicast flood

Troubleshoots multicast flooding/issues by directing the multicast transmissions

IGMP snooping

What is when Traffic is coming in one route and leaving another which leads to dropped sessions by a firewall. Trouble shoot this issue with traceroute

Asymmetric route

Use traceroute and identify each route in the routing table would trouble shoot this Switching loop Routing loop Faulty NIC Faulty cable

Routing loop

Check ip address, subnet mask, default and dns, monitor traffic by looking at local broadcast, check devices around by confirming subnetmask and gateway, utilize ping and traceroute by pinging local ip, default and outside address to trouble shoot this Ip configuration Duplicate ip Duplicate mac Faulty NIC

Ip configuration

Expired or wrong domain name is what type of issue? Forward look up Txt Cname Certificate

Certificate issue

What is the issue if No response, run ping to see if connected, run traceroute to see if you are filtered or you can make to other side, check server and lights Hardware failure Ip configuration Dns issue Wrong default gateway

Hardware failure

Protocols and ports applications not working, limited accessibility and trouble shoot by looking at policies and lists or a packet capture to see where traffic is going

Incorrect firewall setting

Sets policies on what can and can’t be used on a company personal device

MDM mobile device manager

When forwarding data what is the destination layer 2 address always?

Mac address of the default gateway router

Transitions a port immediately to the forwarding state, bypassing STP listening and learning to reduce time for end user device to connect to operational ports BPDU Guard BPDU Spanning tree PortFast

PortFast

Enough processing logic to function autonomously without a wireless controller Thin AP Dynamic ap Fat AP Stand-alone AP

Fat AP

Tool used to pinpoint exact location of any radio interference such as source of jamming WiFi analyzer Multimeter Tone generator Spectrum analyzer

Spectrum analyzer