CompTIA NETWORK + STUDY GUIDE

by . ᧁꫝꪮᦓꪻ

NETWORK + STUDY GUIDE

This "guide" (dump) was constructed through many attempts at practice exams, and each question I missed I made note of the correct info in this following list.

Each 1-? numbered list are the details I needed to review more after each practice exam attempt. Reading this list through before an exam attempt was helpful and I did eventually pass and get my Network + cert lol.

I definitely recommend making your own list using the method above when studying.  

  1. Adhoc mode - computers can access each other but not other network resources - LAN, WAN, internet…
  2. wireless range extenders - use for small home/office layout with no more than 10 devices but with two dead spots
  3. 802.11a - provides the most non-overlapping channels (eight) and the shortest range
  4. Users report they cannot upload files to new file server - check ACL settings and blocked TCP/UDP ports
  5. 10GBaseER allows highest maximum cable run of up to 40km using single-mode fiber optic cable
  6. EAP-TLS = Extensible Authentication Protocol with Transport Layer Security authentication supports client-side digital certificates for auth with access points
  7. Phishing / e-mail hoax is a social engineering attack
  8. 802.11a uses 5GHz frequency band
  9. The protocols use the following ports
    • port 20 = FTP  ( it also uses port 21 )
    • 23 = Telnet
    • 25 = SMTP
    • 53 = DNS
    • 80 = HTTP
    • SSH = 22
    • DHCP = 67,68
    • TFTP = 69
    • POP3 = 110
    • NTP = 123
    • NetBIOS = 139
    • IMAP = 143
    • SNMP = 161
    • LDAP = 389
    • HTTPS = 443
    • SMB = 445 or 139
    • LDAPS = 636
    • H.323 = 1720
    • MGCP = 2427/2727
    • RDP = 3389
    • RTP = 5004/5005
    • SIP = 5060/5061
  10. Local authentication - relies on credentials stored and authenticated on the device being used
  11. User reports error message - first identify - ASK what is the error message?…
  12. LC connecter - is the smallest form factor for fiber optic cabling
  13. Motion detection - used for unauthorized entry in room or building
  14. war chalking - hackers publish SSID and security information
  15. Ad hoc - enables devices to communicate directly with each other
  16. APIPA - Automatic Private IP Addressing - may be used as default if DHCP server is down
  17. Private IP address ranges:
    • 10.0.0.0 through 10.255.255.255
    • 172.16.0.0 through 172.31.255.255
    • 192.168.0.0 - 192.168.255.255
  18. You should prevent Downloads on a honeypot - this is possibly entrapment which is illegal
  19. VNC - Virtual Network Computing is free and easy across all platforms for remote access
  20. Web browsers may use unsecured HTTP to access documents on the WWW
  21. Virtual IP Address is a single IP address that may be shared among multiple domain names or servers - eliminates host dependencies on specific, individual network interfaces
  22. IPAM - IP Address Management allows integration of DNS and DHCP so that each is aware of changes in the other
  23. OC - OCx Optical Career uses fiber optic cabling  with higher transmission rates than (BRI, PRI, Tx, Ex, Frame Relay)
  24. Text ( TXT ) records contain human readable text and are designed to help with phishing emails. The SPF (sender policy Framework) record within the TXT helps filter out spoofed emails. DKIM - Domain Keys Identified Mail validates that an email sent from a domain was authorized by the owner of the domain
  25. The Transport layer - is responsible for delivery of segments without error
  26. Active hubs or Multiport repeaters amplify or regenerate signals to all other ports on the hub. All hubs are Physical Layer 1 devices because they act on the data at the bit level
  27. NIC - network interface controller or Network Interface Card , network adapter - hardware to connect to a network
  28. If you change cables in a network update the following:
    • Physical network diagram - includes cable lengths , types, server names, IP address, server roles, network equipment locations, and number of users
    • Network baseline - includes performance stats for the network
  29. No expectation of privacy - data stored on company computer is not guaranteed to remain confidental
  30. MTU - Maximum transmission units - indicate the largest number of bytes allowed in a frame - if reduced the network performance is affected
  31. High gain antenna - has a small vertical beamwidth
  32. IPv6 address matching
  33. MAU is a network connection concentrator used on Token Ring Networks. MAU is similar to a hub - it operates on the Physical Layer
  34. The Data Link layer 2 is responsible for MAC addressing - each NIC can be identified on the physical network.
    • Bridges and switches operate at the data link layer
  35. The Network layer 3 is responsible for the logical network addressing and routing such as IP, IPX, NetBEUI
  36. The Transport layer 4 provides connection oriented comms. Protocols such as TCP operate at transport layer
  37. The most common form of identification and authentication is user identification with reusable password - they are something a user knows
  38. After admin moves client from one subnet to another there is an issue communicating on the network
    • Release and renew the DHCP lease for client computer:
      • ipconfig /release
      • ipconfig /renew
  39. When using a public cloud deployment, other tenants can gain physical access to resources that store your company’s data
  40. If a user complains they cannot log into a network server, first :
    • establish if other users are having the same problem

 

 

  1. Coaxial cables have two conductors - the inner is covered by insulation
  2. Virus - is a malicious software that relies upon other application programs to execute and infect a system
  3. VLANs place users from many locations into the same broadcast domain
  4. You should implement Split Horizon to prevent routing loops
  5. Water or soda acid should be used to suppress a fire that has wood products and paper
  6. CompTIA password guidelines -
    • create passwords that contain at least one symbol
    • configure passwords to change periodically
  7. SNMP - Simple Network Management Protocol should be used to enable the routers to notify you when they exceed specified performance thresholds
  8. Periodically perform a Site Survey to ensure that no unauthorized wireless access points are established
  9. ATM - Asynchronous Transfer Mode is NOT associated with data conversion between ISP and customer equipment
  10. IP addresses should be matched with the following classes
    • Class A Public - 77.24.16.74
    • Class A Private - 10.6.55.44
    • Class B Public - 143.91.63.19
    • Class B Private - 172.20.5.5
    • Class C Public -  204.29.83.91
    • Class C Private - 192.168.103.213
    • APIPA - 169.254.43.31
    • APIPA assigns a class B IP address from 169.254. 0.0 to 169.254. 255.255 to the client when a DHCP server is either permanently or temporarily unavailable.
  11. Tools and descriptions
    • Cable Certifier - used to collect network cable test data and print certification reports
    • Cable Tester - used to test cable resistance levels but does not locate faults
    • Multimeter - electronic measuring tool that tests voltage, current, and resistance
    • OTDR - Optical Time Domain Reflectometer - used to check fiber cable resistance and locate faults
    • Protocol Analyzer - used to capture and analyze data sent over a network
    • TDR - Time Domain Reflector - used to check UTP/STP cable resistance and locate cable faults
    • Tone Generator/ probe - used to identify and trace wires
  12. To automatically propagate VLAN info to all switches on the LAN use VLAN Trunking Protocol (VTP) which is also referred to as 802.1q
  13. IPS - Intrusion prevention system detects network intrusion attempts and controls access to the network for intruders
  14. A Hardware firewall is referred to as an Appliance Firewall
  15. Your network contains four segments. You need to connect two or more of the LAN segments together. You can use the following network devices
    • WAP
    • Bridge
    • Switch
    • Router
  16. IPv6 offers the following improvements over IPv4
    • The IP address size increases from 32 to 128 bits
    • Some of the header fields have been dropped
    • Version 6 has less rigid length limits and the ability to introduce new options
    • Packets will indicate a particular traffic type
    • Support will be provided for data integrity and confidentiality
    • The IPv6 header is 40 fixed bytes and has eight fields of information
  17. Infrastructure mode allows wireless computers to connect to a LAN, WAN or the Internet
  18. Perform [ Reviewing baselines ] periodically to ensure the normal traffic patterns and volume has not changed
  19. Host A will send out an ARP request for the MAC address of Host B. Host A will send a data Frame to the switch with destination address of Host B. Finally the switch will forward the Frame to Host B
    • Host A Switch Host B
    •                  
    •               Router
  20. SMTP - Simple Mail Transfer Protocol - uses port 25 to communicate email transfers
  21. NGFW - Next Generation Firewall works at layer 7 / Application layer - it includes traditional firewall functionality with an Application layer firewall
  22. Implement an active/active cluster - To configure web servers so they share the request load equally - also known as load-balancing cluster
  23. VoIP-PSTN gateway devices establish the routing of calls to the existing PSTN network
  24. Proxy servers fulfill requests on behalf of others. Frequently accessed files are placed in cache on the server. When a client requests a file that is in the proxy case it will be downloaded from the proxy instead of the source, potentially lowering bandwidth usage
  25. https://www.google.com/search?q=how+to+find+base+network+id&oq=how+to+find+base+network+id&aqs=chrome..69i57j33l7.3375j0j9&sourceid=chrome&ie=UTF-8#kpvalbx=_PFGrXprGD8fV-gSV3IKwBg38
  26. nbtstat -r   = command used to show table of NetBIOS names resolution and registration statistics
  27. using Loopback Address returns ping round-trip times of 0, it’s purpose is to test the local IP stack NOT to show performance round-trip metrics
  28. Divide 172.17.0.0/20 into six subnets - Two subnets should have 512 nodes and four more have 256 nodes already established - Need 2048 IP addresses with room for growth
    • allocate two networks with /22 masks, and the remaining four with /23
  29. You should start each wireless access point (WAP) at a separate time to allow each access point to select a channel. When the next is booted it will detect the others channels and use another.
  30. 802.11a wireless access points have eight available non-overlapping channels
    • 36,40,44,48,52,56,60,64

 

 

  1. first physical barrier against intruder - fence
  2. Valid reasons to assign a virtual IP address to an internet server
    • To permit the same address to access multiple domain names
    • To permit multiple servers to share the same address
    • to eliminate host dependencies on specific, individual network interfaces
  3. Valid reasons to implement subnets on an IP network
    • To reduce congestion by decreasing network traffic
    • to increase network security
  4. IDF/ MDF documentation is the most helpful for maintaining and documenting main connections
  5. Increased lease time - can be manipulated to reduce network traffic
  6. Overcapacity - network has more devices connected than originally designed to support
    • ex. College kids connecting personal devices between classes causing congestion
  7. You need to implement STP to prevent network loops when more than one path can be used. Which two devices can you use?
    • Switches
    • Bridges
  8. The Internet Small Computer Systems Interface (iSCSI) protocol is used in storage area networks (SANs), LANS, WANs, and the internet
  9. RAS - Remote Access Service - service provided by Windows that allows remote access to the network via a dial-up connection.
  10. DNS is the protocol that will manage the FQDN to IP address mappings. DNS works at the Application layer of the OSI model
  11. To capture packets on multiple subnets you can install the network analyzer on all subnets OR install a distributed network analyzer
  12. VLANs allow you to segment a network and isolate traffic to different segments. VLANs are created by tagging and untagging ports on a switch. A trunk port, which serves as the connection between the switches, tags the VLAN traffic
  13. Error rate is a metric that can be used as a tool to indicate the reliability of the network (network segment ) A segment with a high error rate would be less reliable than a segment with a lower error rate which is usually expressed as a percentage
  14. Ping of Death attack - a system or network is flooded with ICMP packets larger than 65,536 bytes. You can prevent this attack by not allowing ICMP messages from outside your network
  15. When shopping for a new wireless access point check for antenna placement recommendation - some are designed for wall mounting for ex.
  16. The iptables Linux command allows you to control a firewall and filter packets. Filtering can be performed using packet type, packet source/ destination or target
  17. Twisted pair cabling is the least expensive cabling media
  18. A hardware firewall is also referred to as an appliance firewall
  19. CAN - controller area network - is used in industrial applications, originally in automotive systems
  20. WPA - fixed core issues with WEP and designed to work with older wireless clients & WPA2 does not support the use of older wireless cards
  21. Physical penetration is a social engineering attack that is typically considered the most dangerous attack that a targeted hacker can use. They get inside the physical location and access the network or computer systems.
  22. A 110 block uses a punch-down tool just like 66 block.
    • 110 block supports higher frequencies than a 66 block
    • requires less space
    • supports both telephone & data ( 66 is only used on telephone networks)
  23. A mesh topology connects every device to every other device.
  24. Implement a Unified Communication (UC) gateway to connect the VoIP network to your company’s PBX
  25. When using 2.4GHz you should be concerned with channel overlap. Use 1,6,11 to avoid the high degree of overlap
  26. Using virtual servers would allow you to host a Linux environment for Web Services and a Windows environment for Active Directory services on the same physical server. Implementing virtual switches will allow you to host the services on different broadcast domains.
  27. You would like to provide secure, remote access between company’s 3 internet connected sites and their Windows client, servers, and domain controllers. Which option would provide adequate security and cost the least overall?
    • Use IPSec to secure RDP over the Internet with connection security rules and associations
  28. 802.11b and 802.11g operate on the 2.4ghz frequency and can be used interchangeably.
    • You cannot use 802.11a access points with 802.11b or 802.11g
  29. SSL ( secure sockets layer ) uses TCP port 443 - HTTPS uses 443
  30. After finding a solution or workaround the first next step is to test it
  31. A wiring schematic includes the flow of network communication and symbols to indicate equipment function
  32. Role separation involves dividing server duties amongst two or more servers to reduce an attack profile ( separate services between services to lower risk from attacks )

 

  1. In a situation where IPsec is needed end-to-end only IPv6 makes sense as a solution
  2. Valid reasons for upgrading from IPv4 to IPv6
    • Routing traffic is increasingly difficult due to the rapid growth of the internet
    • IPv4 addresses are being depleted at an increasing rate
  3. The main purpose of a VPN concentrator is to terminate the VPN tunnels
  4. You can implement a max of three 802.11g wireless access points within 30 meters of each other.
    • 802.11g APs only have 3 non-overlapping channels (1,6,11 -US ) (1,6,13 -EU)
  5. Pin 1 in the 568A cable spec should contain the Green/White wire
    • Pin 1 on 568B spec should contain the Orange/White wire
  6. Class of Service (CoS) implements packet tagging in a local area network (LAN)
  7. Shortest possible notation for the IPv6 address 2001:0DB8:0000:0001:0000:0000:0000:F00D:
    • 201:DB8:0:1::F00D
      • Remove leading zeros
      • remove consecutive fields of zeros with double colon
      • The double colon (::) can only be used once
  8. VDSL - Very High Data rate Digital Subscriber provides the highest data rate at 51 to 55 Mbps over cable lengths of up to 1000ft or 300 meters
  9. Port labeling and Patch panel labeling will ensure that you are able to locate individual cables at both ends of their connection
  10. 802.11a WLANs support 23 non-overlapping or non-interfering channels that can be used in a single area
  11. UTP transmission rates:
    • CAT 1 - up to 4 Mbps
    • CAT 2 - 4
    • CAT 3 - 10
    • CAT 4 - 16
    • CAT 5 - 100
    • CAT 5e - 1000 Mbps or 1GB
    • CAT 6 - 1000 Mbps
    • CAT 6a - 10Gbps
    • CAT 7 - 10Gbps
  12. Default ports:
    • 20 & 21 - FTP
    • 110 - POP3
    • 143 - IMAP
    • 443 - HTTPS
    • 3389 - RDP
  13. Asset tags can include RFID ( radio frequency identification ) chips that provide electronic tracking.
  14. You should use a rollover cable to connect to the console port of any Cisco device.
    • A crossover cable connects two legacy or non-MDIX compliant devices such as two computers, two hubs, or two switches
    • A patch cable and a straight through cable are the same thing - this is the standard cable used to connect network devices
  15. If the network ID for subnetA is 200.10.1.0/24
    • configure the default gateway address as 200.10.1.1/24
  16. MAN - Metropolitan Area Network is a network encompassing a localized geographic area, such as a city and it’s suburbs.
  17. Unicast, Multicast and Anycast are types of IPv6 addresses
  18. MTBF - Mean Time Between Failures is the average or mean time between failures on a device or system. It is an expression of reliability for scheduling replacement of a component.
  19. QoS provides varying levels of network bandwidth based on the traffic type.
  20. Kerberos uses AS (authentication server) and TGS (ticket granting servers) to provide network authentication.
  21. 10GBaseSW designation is for use with Synchronous Optical Networking (SONET) networks.
  22. Setting up VoIP - then troubleshooting - first determine if the call terminates on an analog endpoint.
  23. Jumbo Frames should be used by network admin so that the network can accept a max transmission unit (MTU) greater than 1500
  24. After implementing DNS and DHCP on new network infrastructure delete the HOSTS file on each workstation so the workstation will search DNS to resolve the servers host name when it does not find it in the file

 

  1. IPSec uses encapsulation security payload (ESP) and authentication header (AH) as security protocols for encapsulation
    • can work in either tunnel mode or transport mode
    • used in a virtual private network (VPN) implementation to secure transmissions
  2. If activity lights are not lit on the connection between the router and hub you can assume that the router is the problem. The hub would not be the problem because the lights on the hub that connect the LAN computers are lit.
  3. IMAP4 for email retrieval uses TCP port 143. IMAP4 works at the Application layer of the OSI model
  4. SNMP agent runs on a managed device, such as a router or switch. The agent collects management information
  5. A rogue DHCP server can be placed on the network through malicious intent or inadvertently through a virtual machine. If users are getting different IP addresses than expected and have received a duplication of IP addresses …a rogue DHCP server is likely the issue.
  6. You have updated your network cable type used on one subnet from CAT5 to CAT6. Which change management documentation should be revised?
    • network baseline
    • physical network diagram
    • It will NOT affect the logical network diagram or the wiring schematic
  7. for 10GbE over fiber cables use SFP+ ( widely deployed and used fiber optic transceiver that converts digital data into pulses of light for transmission, and visa versa upon reception )
    • SFP (small form-factor pluggable) works with SONET, GbE, Fibre Channel but will NOT work with 10GbE
  8. Infrastructure mode allows wireless computers to connect to a LAN, WAN or the internet. Ad hoc mode allows wireless computers to access each other but not network resources on LAN, WAN, or internet.
  9. If you get a “Destination Host Unreachable” message the most likely culprit is an Incorrect Gateway.
  10. A brouter operates at both the Data Link Layer (2) and the Network Layer (3) of the OSI model.
  11. Host A wants to communicate with Host B
    • router ___ switch ___ host A
    •                       ^__ host B
    • Host A will send an ARP request for Host B’s MAC address
    • Host A will send a frame with the destination MAC address of Host B
    • The switch will forward the frame to Host B
  12. A virtual network interface card (NIC) operates within the virtual environment. It provides a bridge between the physical and virtual environment
  13. If you don’t want users to use USB drives and have no need for Telnet or FTP
    • Disable device ports
    • Disable unnecessary services
  14. If a bus network is not properly terminated the entire network segment will run slowly due to signal reflection. A loose connector will also cause signal reflection.
    • Bus network ex. ( straight line all connected end to end )
    • user1 — user2 — user3 — serverA — user4 — user5
  15. Rack diagrams depict the placement of network equipment such as routers, switches, hubs, patch panels, servers and more in a standard 19” wide cabinet called a Rack.
  16. A primary drawback of a network-based intrusion detection system (NIDS) is that it cannot detect an attack on a host if the intruder is logged on the host computer
  17. When installing WAPs for an outdoor special event your primary concern should be the power levels, they may need to be boosted to provide a better experience for the event attendees.
  18. DHCP transmits dynamic IP address assignments over UDP port 67. DHCP also uses port 68
  19. 802.11ac is backward compatible with 802.11n, so 802.11ac and 802.11n devices may communicate with a WAP of either kind. The maximum indoor range for 802.11n is 230ft which is more than 802.11ac at 115ft.
  20. 802.11b WLANs operate in the 2.4GHz band.  Microwaves and cordless phones will cause interference with them.  Cable TV and electrical wiring will NOT cause interference.
  21. Base ID for 196.11.200.71/18  is 196.11.192.0
    • 196.11.200.71/18 is an example of a ‘slash x’ network
    • with 18 bits used. The standard subnet mask is 11111111.11111111.11000000.00000000 or 255.255.192.0
  22. Electrostatic Discharge (ESD) occurs when static electricity jumps from an object with a higher electrical charge to one with a lower charge - most likely caused the NIC to malfunction if a spark jumps from your hand to the NIC (previously working).
  23. Satellite internet connections are available anywhere you place a dish and are not limited by proximity to an ISP but consequently have the highest latency
  24. When using an optical time domain reflectometer (OTDR) Damage to the cable at ( ___ft) will show under the Distance metric.
  25. 802.11a and 802.11g WLANs are least affected by multipart distortion

 

  1. Shared authentication and open authentication were the two insecure methods of authentication under WEP. Under Shared Key Authentication (SKA) all clients used the same key making it very vulnerable to being cracked
  2. You instruct a user to issue the ifconfig command /release /renew options. Which situations would this be appropriate for?
    • When recent scope changes have been made on the DHCP server
    • When it has been issued an APIPA address
  3. There are latency issues on your 802.11g WAN that uses a single AP
    • Install another WAP that uses a different non-overlapping channel and the same SSID so the connections will be distributed
  4. These two principles affect the design of ACLs
    • Least Privilege
    • Need to Know
  5. DNS resource record types:
    • A - Maps a host name to an IPv4 address
    • AAAA - Maps a host name to an IPv6 address
    • CNAME - Maps an additional host name to an existing host record
    • MX - Maps a mail server name to a domain
    • PTR - ( pointer record ) Maps an IP address to a host name
  6. OSI layers component matching:
    • Physical layer - Network cable
    • Data Link layer - FDDI (fiber distributed data interface)
    • Network Layer - IPSec
    • Transport Layer - TCP
    • Session Layer - RPC (remote procedure call)
    • Presentation - MIME (multipurpose internet mail extension)
    • Application - DHCP
  7. Video surveillance can be used as a deterrent, an authentication method, or documentation.
  8. In both the (TIA) / (EIA) 568A and 568B specifications Pins 4,5,7,8 contain the same colors
  9. IPSec in tunnel mode with the Authentication Header (AH) protocol produces an encapsulated packet that is digitally signed.
  10. 1000Base-CX is designed for wiring closets. It has a transmission rate of 1000Mbps and max segment length of 25 meters (82 ft)
    • 1000Base-TX transmits 500 Mbps and requires more expensive Cat6 copper cabling
  11. EMI ( electromagnetic interference ) is caused by electromagnets which distorts the signal in other electrical devices. 
  12. Basic Rate Interface (BRI) Integrated Services Digital Network (ISDN) connection can provide a max data transfer rate of 128 Kbps when using both bearer (B) channels - 64kbps each
  13. A physical network diagram includes the actual network interfaces used. It represents the physical locations of the network devices and how they are connected
  14. Configure a DNS server as a server option - this will ensure all DHCP clients receive the DNS server settings.
    • Also configure each router as a scope option for it’s appropriate scope. Each scope will have a different router or default gateway. For this reason router or default gateway info must be configured at the scope level
  15. You install several new WAPs in different areas of the building and want max coverage so you opt for 2.4Ghz .
    • You should be most concerned with Channel Overlap in this case
  16. Cable types with max distance and speed options
    • Cat5 - Up to 100m and 100Mbps
    • Cat6 - Up to 100m and 10Gbps
    • Multi-mode fiber - up to 500m and 10Gbps
    • Single-mode fiber - up to 40Km and 10Gbps
    • ThickNet - up to 500m and 10 Mbps and uses RG-6 coaxial cabling
    • ThinNet - up to 185m and 10 Mbps and uses RG-59 coaxial cabling
  17. Virtual IP address (VIPA)
    • eliminates host dependencies on specific , individual network interfaces
    • permits multiple servers to share the same address
    • permits the same address to access multiple domain names
  18. 00101101 = 45
    • bits 3,5,6,8 are on
    • 128, 64, 32, 16, 8 , 4 , 2 , 1
    • 32 + 8 + 4 + 1 = 45
  19. Host-to-gateway IPSec mode - in this config, the VPN gateway requires the use of IPSec for all remote clients. Only traffic over the internet uses IPsec. No internal hosts have to use IPsec in this config.
  20. T1 lines can provide fast. Digital connections of up to 1.544 Mbps transmitting voice, data, and video. It also provides a dedicated connection which means it provides a 24hr link. A T1 line is more expensive than a dial up connection using plain old telephone service (POTS) or an integrated services digital network (ISDN) connection. Needing a large amount of users justifies this extra cost.
  21. 10GBaseER designation allows the longest max cable run of up to 40km using single mode fiber optic cable.
  22. IPv4 address matching
    • Class A - 12.174.25.98
    • Class B - 162.58.123.84
    • Class C - 219.214.211.167
    • APIPA - 169.254.1.1
    • Private - 172.16.2.3
    • Loopback - 127.0.0.1
    • Multicast - 255.47.72.63
    • ~~~~~~~~~~~~~~~~~~~
      • Private address spaces
      • 10.0.0.0/8
      • 172.16.0.0/12
      • 192.168.0.0/16
  23. Full backups backup all of the files on a system regardless of whether the data has been changed or not. It would also back up data that has NOT been changed since the last backup…
  24. If an employee loses their key card - place digitized photos of the employees on record as a secure method of determining if they should be allowed to enter the company office at the discretion of a security guard.

 

  1. The most likely valid reason for moving servers that contain confidential information onto a demilitarized zone (DMZ) is compliance with federal and state regulations
  2. Security guard personnel are the most expensive countermeasure used to reduce physical security risks. The cost of hiring, training, and maintaining them can easily outweigh the benefits
  3. Common Address Redundancy protocol (CARP) is an open standard that creates a redundancy group to share an IP address
  4. To avoid multipath distortion you should use the diversity antenna system.
    • Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while traveling between the transmitter and receiver
  5. Transceiver mismatch occurs when you have a fiber connector pugged into the wrong type fiber port. Do not plug a SFP fiber cable into a SFP+ port for ex.
  6. The traceroute command (used for CISCO - tracert is for Windows) finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in a network.
  7. Collisions on an Ethernet CSMA/CD network are normal and generally do not cause any negative effects on the network, but it can cause delays if excessive.
  8. EAP-FAST (extensible authentication protocol - flexible authentication via secure tunneling) was created by CISCO to help with enforcing strong password policies and it does not require digital certificates.
  9. 172.16.5.2/23  < What subnet is that IP address a member of and what is the broadcast address for that subnet?
    • subnet: 172.16.4.0, broadcast: 172.16.5.255
  10. The IEEE 802.11 standard, which is the main standard for wireless LANs specifies using Carrier Sense Multiple Access/ Collision Avoidance (CSMA/CA) for its media access method.
  11. If dropping occasional packets is less important than reducing latency end-to-end, Datagram Transport Layer Security (DTLS) is the best option. Well suited for securing applications and services that are delay sensitive and hence use datagram transport, such as VPNs and video services.

 

 

  1. Port Address Translation (PAT) provides port address translation. This is based on port numbers
  2. Port authentication on your network switches is based on the switch’s MAC address. If the switch is not specifically configured with a MAC address the MAC address communication is not allowed through the switch port.
  3. 100Base-TX, known as Fast Ethernet, uses two pairs of CAT5 UTP cable, standard RJ-45 connectors are used. 100Base-TX transmits data at 100Mbps with a maximum segment distance of 100meters
  4. T1 lines can provide fast, digital connections of up to 1.544 Mbps, transmitting voice, data, and video. T1 line also provides a dedicated connection, which means it provides a 24hr link.
  5. 1000BaseCX Ethernet standard supports a data transmission rate of 1 gigabit per second over 150-ohm balanced copper cable. 1000BaseCX ethernet standard supports a max cable length of only 25meters
  6. A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central location. UTM appliances incorporate multiple security and performance functions in one device.
  7. You should use channels 36-48 and 149-161 for indoor and outdoor wifi use. All 802.11n and 802.11ac client devices support use on these two bands.
    • channels 52-64 are reserved for government weather radar systems
    • channels 100-144 are also reserved for gov weather radar systems
  8. 10GBaseER allows a max cable run of up to 40Km (25miles) using single-mode fiber optic cable
  9. OSPF is a link-state routing protocol which uses Cost as a metric for optimal path calculation.
  10. When deploying fiber distribution panels these are important
    • cable termination
    • cable splices
    • bulkhead adapters and receptacles
    • cable storage
  11. The characteristics match with the 802.11 specs as follows:
    • 802.11a - 5Ghz up to 54 Mbps
    • 802.11b - 2.4Ghz up to 11 Mbps
    • 802.11g - 2.4Ghz up to 54 Mbps
    • 802.11n - 2.4 or 5Ghz up to 600 Mbps
    • 802.11g and b are backwards compatible
    • 802.11ac - 5Ghz up to 1Gbs (good for streaming video to multiple devices)
  12. An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for intruders
  13. Session Initiation Protocol (SIP) is the protocol used on a VoIP network, it is an application layer protocol.
  14. For your network DHCP server:
    • the reserved client options take precedence over all other options
    • The order in which options are applied are as follows:
      • server options
      • scope options
      • class options
      • reserved client options
    • Scope options always override server options if there is a conflict. Class options always override scope and server options. To use class options, DHCP clients must be configured with a specific DHCP Class ID. Reserved client options always override client, scope, and server options.
  15. Multiprotocol Label Switching (MPLS) is a WAN technology that allows using label switching for routing frames. It uses label-switching routers and label-edge routers to forward traffic.
  16. A T3 connection allows for connections of up to 44.736 Mbps
  17. The following transceiver or fiber optics characteristics are essential:
    • Multimode - multimode cable makes use of thicker, graded light-conducting fibers that are cheaper to make and terminate, and that use cheaper and less precise light emitting and receiving elements in their transceivers. They are more limited in the distances such cables can span ( but can still cover 100s of meters) and are well suited for LAN applications
    • Full duplex - communications means that both parties may transmit and receive simultaneously over a communications link. Because LAN applications require simultaneous, two-way comms, full duplex is needed
    • Duplex  cables - incorporate two fibers so that one may be used to send data for receipt by another party, while that other party may use the other fiber to send data for receipt by the first party, thus supports simultaneous, two-way comms and is well suited for LAN applications.
  18. Class of Service (CoS) implements packet tagging in a LAN.
  19. The following options are relevant to network segmentation when using switches:
    • Tagging and untagging ports
    • VLANs
  20. Data Link Layer addresses are MAC addresses for unique identification, whereas network addresses are a Network layer component.
  21. Multi-protocol Label Switching Layer 3 (MPLS L3) VPNs allow all offices to connect to the same single routed network and connect directly to the cloud
  22. Z-wave is a wireless technology that is widely used in home automation, such as smart lights, locks, and thermostats. It creates a wireless mesh network with a primary controller. Each device communicates with its nearest neighbor, much like routers communicate with each other.
  23. Border Gateway Protocol (BGP) is categorized as an EGP.
  24. An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet.
  25. 1000Base-CX is designed for wiring closets - it has a transmission rate of 1000Mbps and max segment length of 25 meters.
  26. Fiber-optic cable carries its signals in the form of modulated pulses of light, so it’s virtually impossible to intercept the signal without interrupting it and thus being detected.
  27. Subnets are used for the following reasons:
    • to expand the network
    • to reduce congestion
    • to reduce CPU use
    • to isolate network problems
    • to improve security
    • to allow combos of media because each subnet can support a diff medium
  28. To automatically propagate VLAN info to all switches on the LAN - use VLAN Trunking Protocol (VTP) also referred to as 802.1q
  29. 192.168.0.1 is a valid host address within the range of IANA-designated private IP addresses that provide a max of 16bits per host address.

 

  1. You should deploy media converters between the wiring centers on each floor - if the media /cabling is dissimilar 
  2.  In both the (TIA) / (EIA) 568A and 568B specifications - Pins 4,5,7, and 8 contain the same colors. 
    1. 568A  Pin 1 = Green/white
    2. 568B Pin 1 = Orange/white
  3. The Forward lookup Zone is most likely to contain the IP address if Computer A is trying to communicate with Computer B but only knows Computer B’s FQDN (fully qualified domain name / whatever.somesite.org)
  4. An MAU is similar to a HUB and also operates on the Physical layer of the OSI model
  5. Asset tags can include RFID chips that provide electronic tracking
  6. Active Hubs or multiport repeaters amplify or regenerate signals to all other ports on the hub. All hubs operate on the Physical layer of the OSI model. 
  7. Once a solution or workaround has been implemented the next step is to TEST the solution to be sure the problem is resolved. Later document the problem and the solution. 
  8. Legacy systems would be best isolated on a separate network segment to reduce the attack surface by limiting it to only specific users. 
  9. You have replaced all of the routers on your network with switches. You then decide to turn off CSMA/CD. What is the BEST description of the result of your actions? 
    1. - Network devices will now operate in full-duplex mode. Because each switch port is connected to a single device and each device operates in its own collision domain, you can turn off CSMA/CD, thereby allowing full-duplex mode, meaning that traffic can be transmitted in both directions at the same time.
  10. After a client is authenticated on a network that uses Kerberos 5, the client is granted a ticket-granting ticket (TGT). To ensure that tickets expire correctly, clock synchronization used in Kerberos authentication. In Kerberos, a client is granted a TGT from an Authentication Server (AS), which is sometimes referred to as a ticket granting Server (TGS). The client then sends its TGT to a Key Distribution Center (KDC), and the KDC sends a session key to the client. The client then uses the session key to gain access to resources on a Kerberos network. Because the KDC relies on a timestamp to determine the age of a request, a timestamp is included during key exchanges. If the timestamp is older than the allowed grace period for requests, then it is possible that a hacker intercepted the request. Therefore, a network that relies on Kerberos for authentication requires some type of time synchronization service for hosts on a network.
  11. IMAP (Internet Message Access Protocol / version 4 = IMAP4) is an internet protocol for email retrieval that uses TCP port 143.  IMAP works at the Application layer of the OSI model.
  12. Transceiver mismatch occurs when you have a fiber connector plugged into the wrong type fiber port.  ex. Do not plug in SFP into an SFP+ port bc it won’t work. 
  13. 802.11n WAP has a max distance of 230ft which is more than 802.11ac in which the max is only 115ft.  Ordinarily 802.11ac would be the best choice for deployment because of its ability to support multiple simultaneous users, wide data channels, and higher data rates - but distance and cost limitations may call for 802.11n to be used instead. 
  14. You should implement a virtual SAN (vSAN) if - you need to isolate two of the devices that are located on a SAN fabric containing 8 devices for example. 
  15. 802.11a WLAN technology supports 23 non-overlapping or non-interfering channels that can be used in a single area.
  16. MPLS VPN - To allow all offices to connect to the same single-routed network and connect directly to the cloud - The best solution is to deploy a Multiprotocol Label Switching Layer 3 (MPLS L3) Virtual private network (vpn). 
  17. To view the MAC address for a NIC installed on a Windows 7 computer use the following command 
    1. - ipconfig /all
  18. MTBF - mean time between failures - will allow you to schedule replacement of a component at a convenient time as opposed to waiting for it to fail. 
    1. - MTTR - mean time to recover - is the avg time it takes to recover or restore a system. 
  19.  A Wiring Schematic - includes the flow of network communication and symbols to indicate equipment function. They use horizontal and vertical lines to show how the system flow functions, not the physical layout of the devices on the network. 
    1. - A Wiring Diagram - emphasizes network connections and uses horizontal and vertical lines to represent network wires. Components are represented by pictures instead of symbols. 
  20. A Physical Network Diagram includes the actual network interfaces used. It represents the physical locations of the network devices and how they are connected.  Can be used to determine the actual network interfaces used on all network devices. 
  21. The netstat command displays incoming and outgoing connections, routing tables, and network interface statistics. Refer to netstat when documenting current network connections. 

 

  1. The advantage of wireless bridges over E1/T1 lines is that wireless bridges support higher bandwidth than E1/T1 lines, and E1/T1 lines tend to be more expensive in the long term.
  2. IEEE 802.11 wireless LANs use a media access control protocol called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). While the name is similar to Ethernet's Carrier Sense Multiple Access with Collision Detection (CSMA/CD), the operating concept is totally different.
  3. 802.11g devices are incompatible with 802.11a networks. 
    1. - 802.11g devices are compatible with 802.11b networks
    2. - 802.11n networks allow the usage of 802.11a, 802.11b, and 802.11g devices 
  4. A Quarantine Network should be set up in an office for devices that do NOT comply with the network access control (NAC) policies. 
  5. Reasons to assign a virtual IP address to an Internet server
    1. - to permit multiple servers to share the same address
    2. - to eliminate host dependencies on specific, individual network interfaces
    3. - to permit the same address to access multiple domain names 
  6. Class of Service (CoS) implements packet tagging in a local area network (LAN). It tags the different types of traffic, such as video streaming or VoIP. 
  7. Deploy a VLAN if you need to implement an independent network within your private LAN
  8. SSL is assigned to the same port as HTTPS - Port 443
  9. You manage a network for your organization. The network contains one DNS server and three routers. You are setting up a new DHCP server.

     You configure separate scopes for each subnet on your network. The routers are configured to forward DHCP requests. You need to ensure that DHCP clients receive the appropriate settings using the least administrative effort. What else should you do?

  1. - You should configure the DNS server as a server option. This will ensure that all DHCP clients receive the DNS server settings
  2. -You should also configure each router as a scope option for its appropriate scope. Each scope will have a different router or default gateway. For this reason, router or default gateway information must be configured at the scope level. If you configure this option at the server level, all the clients would receive the same router configuration, which would not work because you have three different subnets.
  1.  ESD ( electrostatic discharge ) has most likely caused the network interface card (NIC) to malfunction if you know it was good but you see a spark when installing…
  2.  In a situation where IPsec is needed end-to-end only IPv6 makes sense
  3. IPv6 Relative Network Sizes

/128

1 IPv6 address

A network interface

/64

1 IPv6 subnet

18,446,744,073,709,551,616 IPv6 addresses

/56

256 LAN segments

Popular prefix size for one subscriber site

/48

65,536 LAN segments

Popular prefix size for one subscriber site

/32

65,536 /48 subscriber sites

Minimum IPv6 allocation

/24

16,777,216 subscriber sites

256 times larger than the minimum IPv6 allocation

 

 

  1. The most significant difference between Data Link layer addresses and Network addresses is that network addresses are a network layer component (layer 3) and Data Link addresses are MAC addresses (Layer 2) used for unique identification. 
  2. A bridge provides a quick and low-cost solution for dividing a network into different segments for the purposes of reducing network traffic. Bridges work by building routing tables based on MAC addresses. These routing tables enable bridges to determine which packets need to pass through the bridge to another segment, versus which packets should stay on the local segment. In this scenario, the Accounting department is currently sharing the bandwidth of the entire segment. Using a bridge to place this department on its own segment means the traffic of this segment will stay on the local segment, thus reducing the overall traffic of the network. Only packets destined for other segments will pass through the bridge.
  3. Training employees about proper licensing and use of an organization’s software and hardware includes the following:
    1. - To prevent unauthorized or improper consumption of licenses
    2. - To avoid liability from violating license rules or restrictions
    3. - To comply with license restrictions or limitations
    4. - To practice good organizational ethics and governance
  4. Which of the following are relevant to network segmentation when using switches?
    1. - VLANs
    2. - Tagging and untagging ports 
    3. ~ ARP tables and MAC tables are NOT relevant to network segmentation 
  5. Dual stack to the rescue.

ISPs have chosen an IP address transition method called dual stack. With the dual stack solution, every networking device, server, switch, router and firewall in an ISP's network will be configured with both IPv4 and IPv6 connectivity capabilities.

 

Back to hacker guides