CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008), 8th Edition

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

NAC (network access control), 372, 689–690

name resolution. See Domain Name System (DNS)

name server (NS) DNS records, 337–338

name servers in DNS, 326–327

name spaces in DNS, 322–326

nano prefix, 61

nano-SIMs, 464

NAS (network attached storage), 587

NASs (Network Access Servers), 377–378, 501–502

NAT. See network address translation (NAT)

National Electrical Code (NEC) cabling fire ratings, 63

National Institute of Standards (NIST)

baseline configurations, 660

hash algorithms, 365

passwords, 638

time servers, 767

zero trust, 657

native mode in 802.11g, 494

native VLANs, 406

NDAs (nondisclosure agreements), 640

NDP (Neighbor Discovery Protocol), 433

near-end crosstalk (NEXT), 152–153

NEC (National Electrical Code) cabling fire ratings, 63

neighbor advertisements, 433

neighbor discovery caches, 433

neighbor discovery in IPv6, 432–434

Neighbor Discovery Protocol (NDP), 433

neighbor solicitation messages, 433

neighborship in OSPF, 260

Nessus vulnerability scanner, 642

Net-SNMP package, 710–711

NetBEUI system, 318–319

NetBIOS protocol, 318–319

NetBIOS over TCP/IP (NetBT) protocol, 319

NetFlow analyzers, 713, 716–717

Netscape Navigator browser, 385

netstat command

connection information, 291–296

open ports, 677–678

overview, 746

routing tables, 239, 744

sessions, 32

TCP/IP network issues, 348–349

network access control (NAC), 372, 689–690

Network Access Servers (NASs), 377–378, 501–502

network address translation (NAT)

configuring, 249–250

example, 244–245

NAT64, 446

overview, 244

PAT, 245–247

port forwarding, 247–249

traversal, 445

network analyzers, 713

network attached storage (NAS), 587

network-based anti-malware, 697

network-based IDSs (NIDSs) for multilayer switches, 415

Network Configuration utility, 213, 330–331

network devices

Internet of Things, 607–613

multifunction, 410

overview, 605–607

review, 625–627

unified communication. See unified communication (UC)

VoIP, 613–614

network diagrams, 595–597

network function virtualization (NFV), 560–563

network function virtualization infrastructure (NFVI), 560

network IDs

distance vector routing protocols, 253–256

IP addresses, 188–192

subnets, 202–205

VPNs, 471

network interface cards (NICs)

100BASE-T, 93–94

802.11, 485–486

aspects, 20

buying, 158–160

diagnosing, 163

frames, 16–19

full-duplex Ethernet, 95–96

Gigabit Ethernet, 97

link lights, 160–163

MAC addresses, 9–21

overview, 8–9, 157–158

TCP/IP network issues, 347

virtual, 557–558

network interface units (NIUs), 132

Network layer

IP, 22–24

OSI seven-layer model, 6–21

protocols, 173–174

TCP/IP applications, 282–283

Network Management Software (NMS)

routers, 269–270

SNMP, 709

Network Mapper (Nmap) tool, 641, 747–748

network models

biography of, 2–3

functions, 3–4

OSI seven-layer model. See OSI seven-layer model

overview, 1–2

review, 39–41

working with, 2

network monitoring

interfaces, 719–720

overview, 707

packet flow, 716–717

packet sniffers, 713

performance, 720–721

protocol analyzers, 713–716

review, 727–729

scenarios, 722–726

sensors, 718

SIEM, 726–727

SNMP, 708–712

tools overview, 712–713

network names in SSIDs, 490

network naming

DNS. See Domain Name System (DNS)

history, 318–321

hosts file, 320–321

NetBIOS protocol, 318–319

overview, 317–318

network operations

change management, 634–636

common agreements, 639–640

contingency planning, 645–651

patches, 637–638

review, 651–653

risk management, 629–630

security policies, 630–634

security preparedness, 640–645

training, 638

updates, 636–637

vulnerability assessments, 640–643

network operations centers (NOCs), 596, 723

network prefixes in IPv6 addresses, 427–428

network protection, 414

ID/IP, 415–417

port mirroring, 417–420

network security

agents, 690–691

ARP cache poisoning, 662–666

CIA goals, 656–657

deauthentication attacks, 668

defense in depth, 657–658

denial of service, 666–667

device hardening, 692–697

edge, 688–689

firewalls, 697–703

hosts, 693–697

malware, 672–674

on-path attacks, 668

overview, 655

packet and protocol abuse, 660–661

password attacks, 669

physical and local access, 669–672

physical security, 680–685

posture assessment, 689–690

review, 703–705

rogue devices, 662

segmentation, 691–692

separation of duties, 658

session hijacking, 669

social engineering, 674–676

spoofing, 660

threats overview, 658–659

threats terminology, 659–660

user accounts, 685–688

vulnerabilities, 677–680

zero-day attacks, 661–662

zero trust, 657

network segmentation

enforcement, 691

Ethernet, 69

Network Time Protocol (NTP)

attacks, 661

operation, 285–286

purpose, 391

troubleshooting, 767–768

Network utility, 184–185, 212, 224

networks

names. See Domain Name System (DNS)

performance troubleshooting, 772–773

protocols, 21

TCP/IP issues, 347–349

virtualization. See virtualization

next-generation firewalls (NGFWs), 698

next hops in routing tables, 236

NEXT (near-end crosstalk), 152–153

NFV (network function virtualization), 560–563

NFVI (network function virtualization infrastructure), 560

NGFWs (next-generation firewalls), 698

NIC teaming

multilayer switches, 414

troubleshooting, 765–766

NICs. See network interface cards (NICs)

NIDSs (network-based IDSs) for multilayer switches, 415

NIST. See National Institute of Standards (NIST)

NIUs (network interface units), 132

Nmap (Network Mapper) tool, 641, 747–748

NMS (Network Management Software)

routers, 269–270

SNMP, 709

NOCs (network operations centers), 596, 723

non-persistent agents in network security, 690–691

nondisclosure agreements (NDAs), 640

nonrepudiation

digital signatures, 365–366

overview, 365

PKI, 366–370

secure applications, 310

TCP/IP security, 354

north-south traffic in data centers, 585–586

notifications

change management, 635

computer crimes, 648

ECN, 617

malware, 695

SNMP, 712

TCN, 86

NS (name server) DNS records, 337–338

nslookup command

DNS, 345–346

overview, 742–743

NTP. See Network Time Protocol (NTP)

ntpdc command, 661

object identifiers (OIDs) in SNMP, 709

OC (Optical Carrier) standards in SONET, 451

octets in IP addresses, 193

OEMs (original equipment manufacturers) for NMS, 269

OFDM (orthogonal frequency-division multiplexing), 491

offboarding policies, 633–634

Offer messages in DHCP, 215

Office 365, 553

Ohm rating for coaxial cable, 52–53

OIDs (object identifiers) in SNMP, 709

OM (optical multimode) fiber in 100BASE-FX, 94

omnidirectional antennas, 516–518

on-link entry in routing tables, 236

on-path attacks

ARP cache poisoning, 665

description, 668

on-premises data centers, 589

onboarding policies, 633–634

100-megabit Ethernet, 91

100BASE-FX, 94–95

100BASE-SX, 95

100BASE-T, 92–94

full-duplex, 95–96

110 blocks, 122–123

one-way satellite access, 460–461

open cable circuits, 733

open-ended questions in troubleshooting, 751

open networks in Wi-Fi, 535

open ports, 294, 677–678

Open Shortest Path First (OSPF) protocol, 260–261

OpenNMS tool, 270

OpenVAS vulnerability scanner, 642

optic modules in Gigabit Ethernet, 100

Optical Carrier (OC) standards in SONET, 451

optical link budgets, troubleshooting, 768–769

optical multimode (OM) fiber in 100BASE-FX, 94

optical power meters, 735–736

optical time domain reflectometers (OTDRs), 156, 733–734

orchestration, 555–556

Organizationally Unique Identifiers (OUIs), 10, 671

original equipment manufacturers (OEMs) for NMS, 269

orthogonal frequency-division multiplexing (OFDM), 491

OSI seven-layer model

encryption, 360–361

firewalls, 698

layer 1 and layer 2, 6–21

layer 3, 22–24

layer 3 through layer 7 overview, 21–22

layer 4, 27–30

layer 5, 30–32

layer 6, 33

layer 7, 33–35

layer overview, 4–5

network segmentation, 625

packets within frames, 24–26

remote work, 35–38

troubleshooting, 753–754

OSPF (Open Shortest Path First) protocol, 260–261

OTDRs (optical time domain reflectometers), 156, 733–734

OUIs (Organizationally Unique Identifiers), 10, 671

out-of-band management

switches, 398

VNCs, 469

outbound firewall traffic, 700

outcomes documentation in troubleshooting, 756

outlets in work areas, 128–129

Outlook, 302–303

outputs, virtualization, 547–548

overcapacity issues in WAPs, 532

overlap, channel, 528–529

overlay tunnels in IP addresses, 446

overutilization of hardware, 543

ownership factor in acceptable use policies, 630

PaaS (platform as a service), 551–552

packet abuse, 660–661

packet sniffers, 713, 746–747

packets

firewall filters, 698

flow monitoring, 716–717

frames, 24–26

layer 3, 22

routing. See routing

segmentation and reassembly, 27–30

segments, 29–30

sniffing, 670

pads in Ethernet frames, 70–71

PAgP (Port Aggregation Protocol)

multilayer switches, 414

troubleshooting, 765–766

PANs (personal area networks), 611

PAP (Password Authentication Protocol), 373

parabolic antennas, 518

parameters of topologies, 49–50

partially meshed topology networks, 49

passive FTP, 306

passive optical networks (PONs), 461

Password Authentication Protocol (PAP), 373

passwords

AAA, 376

attacks, 669

authentication, 370–371

default, 692

hashes, 362

network access policies, 631

routers, 268

screensavers, 676

SSH, 382

training, 638

Wi-Fi issues, 529

PAT (port address translation), 245–247

patch antennas, 518–519

patch bays, 127

patch cables

making, 142–145

purpose, 126

patch panels

connecting, 146–148

overview, 122–126

Patch Tuesday, 637

patches

malware prevention, 696

steps, 637–638

unpatched systems, 679

path diversity in high availability, 592

Path MTU, 275

Path MTU Discovery, 275

path vector routing protocols, 257–260

pathping utility

overview, 741–742

routers, 276

PAUSE frames for switches, 399

payloads

frames, 14

IP, 173

Payment Card Industry Data Security Standard (PCI DSS), 601

PBX systems in VoIP, 614

PC (physical contact) connectors, 99

PCF (Point Coordination Function), 493

PCI DSS (Payment Card Industry Data Security Standard), 601

PCI (Peripheral Component Interconnect) NICs, 159

PCI Express (PCIe) expansion slots in NICs, 159

PDUs (power distribution units)

data centers, 593

equipment racks, 120–121

PDUs (protocol data units)

description, 13

routers, 274–275

SNMP, 710

PEAP (Protected EAP), 499

peer-to-peer mode in 802.11, 488

peer-to-peer networks, 38

peers in NTP, 661

penetration testing, 643–644

Perf3 tool, 725

performance

monitors, 720–721

SANs, 588

troubleshooting, 772–773

performance baselines, network, 760

performance metrics

sensors, 718

wireless, 533

Performance Monitor, 720–721

Peripheral Component Interconnect (PCI) NICs, 159

permissions for user accounts, 686–688

persistent agents in network security, 690–691

persistent MAC addresses in switches, 399

personal area networks (PANs), 611

phishing attacks, 675

physical access

control devices, 609

network security, 669–672

physical addresses, 21

physical connections for NICs, 158–159

physical contact (PC) connectors, 99

physical denial of service attacks, 666–667

physical intrusion, 675–676

physical issues in Wi-Fi, 533–535

Physical layer in OSI seven-layer model, 7–8

physical network diagrams, 594–600

physical network installation, 111–112

diagnostics, 162–168

NICs, 157–161

review, 168–170

structured cabling. See structured cabling

physical security

access prevention methods, 122

monitoring, 684–685

overview, 680–681

prevention and control, 681–683

smart lockers, 683–684

physical topologies, 48

PIDs (process IDs), 296

piggybacking, 681

ping command

DNS, 344–345

ICMP, 287

IP addresses, 173, 213–214

overview, 741–742

ping of death in ICMP, 287

pinouts for copper cabling, 149

PKI (public-key infrastructure), 366–370

placeable NICs, 485–486

placement of antennas, 520

plain old telephone service (POTS), 457

plaintext, 355

planes

routers, 561

SDN, 563

plans

business continuity, 647

contingency, 645–651

emergency procedures, 594

floor, 595–596

plans of action, troubleshooting, 754–755

platform as a service (PaaS), 551–552

PLCs (programmable logic controllers), 623

plenum-rated cable, 63

plugs, loopback, 163

pods in data centers, 585

PoE (Power over Ethernet), 508–509

Point Coordination Function (PCF), 493

Point-to-Point Protocol (PPP), 373–375

Point-to-Point Protocol over Ethernet (PPPoE), 458–459

Point-to-Point Tunneling Protocol (PPTP), 472–474

pointer (PTR) DNS records, 340

polarization of antennas, 519

policies

acceptable use, 534, 630–631

incident response, 645

network security, 630–634

system life cycles, 672

troubleshooting, 772

polyvinyl chloride (PVC) rating for cabling, 63

PONs (passive optical networks), 461

pools

IP addresses, 217

mass storage devices, 587

VLANs, 508

POP3 (Post Office Protocol version 3), 299

POP3S (Post Office Protocol version 3 over SSL), 389

port address translation (PAT), 245–247

port aggregation in NICs, 160

Port Aggregation Protocol (PAgP)

multilayer switches, 414

troubleshooting, 765–766

port bonding for multilayer switches, 414

port forwarding, 247–249

port mirroring

multilayer switches, 417

packet sniffers, 713

port protection for switches, 666

PortFast setting in STP, 86

ports

authentication, 420

blocked, 769

connection status, 294–296

disabling, 693

DNS, 321

filtering, 700

multilayer switches, 409–410

NICs, 163

registered, 291–294

routers, 264

rules, 296–297

scanning, 641, 747–748

SNMP, 712

switches, 84, 396–399, 666

syslog, 725

TCP segments, 30, 175

TCP/IP, 288–290

trunk, 402

unnecessary, 677–678

VLANs, 405–406

Zoom, 313

Post Office Protocol version 3 (POP3), 299

Post Office Protocol version 3 over SSL (POP3S), 389

Postfix e-mail server, 300

posture assessment, 644, 689–690

potential attacks, 658

potential effects factor in troubleshooting, 754–755

POTS (plain old telephone service), 457

power distribution units (PDUs)

data centers, 593

equipment racks, 120–121

power failures, troubleshooting, 761

power for data centers

converters, 593

monitoring tools, 165

requirements, 593

telecommunications room location factor, 136

power level Wi-Fi issues, 529–530

power meters, optical, 735–736

Power over Ethernet (PoE), 508–509

PPP (Point-to-Point Protocol), 373–375

PPPoE (Point-to-Point Protocol over Ethernet), 458–459

PPTP (Point-to-Point Tunneling Protocol), 472–474

pre-shared keys (PSKs)

EAP, 499

infrastructure networks, 523

WPA2, 503

preambles in Ethernet frames, 70

prefix delegation in DHCPv6, 436–437

prefixes in IPv6 addresses, 427–428, 439–441

presence information services, 615

Presentation layer in OSI seven-layer model, 33

prevention

malware, 693–695

physical security, 681–683

preventive measures implementation, 756

primary name servers in DNS, 327

principle of least privilege

cloud computing, 569

network access policies, 631

users, 670, 685

printers, 609

privacy

acceptable use policies, 630

cloud computing, 570

private clouds, 553

private direct connections for resources, 578

private IP addresses, 227

private ports, 290

private VLANs, 409

private WANs, 452–455

problems in troubleshooting

duplication, 752

identification, 751

probable causes, 753–754

process assessments, 644

Process Explorer tool, 296

process IDs (PIDs), 296

programmable controllers in SDN, 562

programmable logic controllers (PLCs), 623

promiscuous mode in packet sniffers, 713

Protected EAP (PEAP), 499

protocol abuse in network security, 660–661

protocol analyzers, 713, 746–747

protocol data units (PDUs)

description, 13

routers, 274–275

SNMP, 710

Protocol field in IP headers, 174

proximity readers, 682

proxy servers for multilayer switches, 417–420

PSKs (pre-shared keys)

EAP, 499

infrastructure networks, 523

WPA2, 503

PSTN (Public Switched Telephone Network) connections, 456

PTIs (Public Technical Identifiers), 198

PTR (pointer) DNS records, 340

public clouds, 553

public DNS servers, 342

public-key cryptography, 359–360

public-key infrastructure (PKI), 366–370

Public Switched Telephone Network (PSTN) connections, 456

Public Technical Identifiers (PTIs), 198

pulling cable, 137–141

punchdown blocks, 122–124

punchdown tools, 122–124, 737–738

PuTTY program

routers, 264–265

SSH, 381–382

PVC (polyvinyl chloride) rating for cabling, 63

QAM (quadruple-amplitude modulated), 496

QoS (quality of service)

medianets, 617–618

MPLS, 453

multilayer switches, 413–414

quad small form-factor pluggable (QSFP) optics, 105

quad small form-factor pluggable (QSFP+) connectors, 106–107

Quad9 severs, 478

quadruple-amplitude modulated (QAM), 496

quality of service (QoS)

medianets, 617–618

MPLS, 453

multilayer switches, 413–414

quarantine networks, 692

quartets in IPv6 addresses, 427

query languages for databases, 305

questions in troubleshooting, 751

R.U.D.Y (R U Dead Yet) attacks, 667

RA-Guard (Router Advertisement Guard), 662

raceways, 135–136

rack diagrams, 597

radio frequency ID (RFID) chips, 682

radio frequency interference (RFI)

troubleshooting, 761

Wi-Fi, 534

Radio Guide (RG) rating for coaxial cable, 52

RADIUS (Remote Authentication Dial-In User Service), 377–378, 501

range of 802.11, 490

ransomware, 672–673

Rapid Spanning Tree Protocol (RSTP), 86

RBAC (role-based access control), 372

RDC (Remote Desktop Connection), 467–468

RDG (Remote Desktop Gateway), 468

RDP (Remote Desktop Protocol), 467–468

real-time services (RTS), 615

Real-time Transport Protocol (RTP), 614

real-time video technologies, 615

reassembly of packets, 27–30

received signal strength indication (RSSI) in Wi-Fi, 529

records, DNS, 321, 326, 336–342

recovery from malware, 693–695

recovery point objectives (RPOs), 646

recovery time objectives (RTOs), 646

recursive lookups, 332

redirect packets in IPv6, 434

redundancy

disaster recovery, 646–647

high availability, 592

Ref entry in routing tables, 236

reflection in denial of service, 667

reflection issues in Wi-Fi, 533

refraction issues in Wi-Fi, 533

Regional Internet Registries (RIRs), 197, 430

registered jack (RJ) connectors, 58–59

registered ports, 291–294

relational databases, 304–305

relay, DHCP, 219

relay agents in VLANs, 408

remarks in hosts file, 320–321

remote access, 466

network access policies, 631

remote terminal, 466–469

VPNs, 470–476

Remote Authentication Dial-In User Service (RADIUS), 377–378, 501

Remote Desktop Connection (RDC), 467–468

Remote Desktop Gateway (RDG), 468

Remote Desktop Protocol (RDP), 467–468

remote port mirroring, 417

remote terminal units (RTUs) in SCADA, 624

remote work in OSI seven-layer model, 35–38

repeaters in bus Ethernet, 71–72

reports in forensics, 650

Request messages in DHCP, 216

request timed out messages in ICMP, 287

Requests for Comments (RFCs), 227

research for patches, 637

reservations

DHCP, 219–222

MAC, 221

resolving network names. See Domain Name System (DNS)

resources

cloud computing, 569–570

cloud computing interconnected to local, 576–578

virtualization, 548

Responses in SNMP, 710–711

restores in disaster recovery, 646

reverse DNS lookups, 328

reverse proxy servers for multilayer switches, 419

reverse zones in DNS, 328

RF emanation, 680

RFCs (Requests for Comments), 227

RFI (radio frequency interference)

troubleshooting, 761

Wi-Fi, 534

RFID (radio frequency ID) chips, 682

RG-59 connectors, 52

RG (Radio Guide) rating for coaxial cable, 52

Ring system, 609–610

ring topologies, 44–46

RIP (Routing Information Protocol), 257

RIPE Network Coordination Centre (RIPE NCC), 430

RIRs (Regional Internet Registries), 197, 430

riser-rated cable, 63

risk management

assessments, 640–645

network operations. See network operations

overview, 629–630

risk posture, 644

Rivest, Shamir, and Adleman (RSA) algorithm, 360

RJ (registered jack) connectors, 58–59

RJ-45 connectors

10BASE-T, 73–75

Cat ratings, 129

crimping, 142–145

crossover cable, 84

DSL modems, 460

figure, 58–59

NICs, 157

roaming in 802.11, 490

Rocket.Chat platform, 564–568, 571–573

rogue access points, 536

rogue anti-malware programs, 694

rogue devices, 662

rogue servers in DHCP, 226–227

role-based access, 631

role-based access control (RBAC), 372

rollback process in change management, 635

rollovers for routers, 263

root guards in STP, 86

root servers in DNS, 321–322, 332

rootkits, 674

roots, DNS, 323–324

round robin DNS, 412

route print command, 239

route utility, 744–745

Router Advertisement Guard (RA-Guard), 662

router advertisements in IPv6, 434

router ports for multilayer switches, 410

router solicitation in IPv6, 433

routers

configuring, 271–273

connections, 263–267, 271

control planes and data planes, 561

DHCP, 218

frames, 26

IP addresses, 23

IPv6 addresses, 439–440

LANs, 190–191

MPLS, 453

multicasts, 431

network management software, 269–270

operation, 232–233

overview, 263

problems, 273–277

troubleshooting, 769–770

virtualization, 558–559

web access, 267–269

routes

redistribution, 262–263

router setup, 273

routing

asymmetric, 771

dynamic. See dynamic routing

inter-VLAN, 407–408

Layer 2 data, 235–243

network address translation, 244–250

overview, 231

review, 277–279

router operation, 232–233

routers. See routers

routing tables, 234–243

Routing and Remote Access Service (RRAS), 472

Routing Information Protocol (RIP), 257

routing loops, troubleshooting, 771

routing prefixes in IPv6 addresses, 427

routing tables

distance vector routing protocols, 254

problems, 274

troubleshooting, 760

working with, 234–243

RPOs (recovery point objectives), 646

RRAS (Routing and Remote Access Service), 472

RSA (Rivest, Shamir, and Adleman) algorithm, 360

RSSI (received signal strength indication) in Wi-Fi, 529

RSTP (Rapid Spanning Tree Protocol), 86

RTOs (recovery time objectives), 646

RTP (Real-time Transport Protocol), 614

RTS (real-time services), 615

RTUs (remote terminal units) in SCADA, 624

rules

firewalls, 699–700

ports, 296–297

runs

horizontal cabling, 116

mapping, 135–136

testing, 148–157

Russinovich, Mark, 293, 296

SaaS (software as a service), 552–553

SAE (Simultaneous Authentication of Equals), 503

sanitizing devices, 672

SANs (storage area networks), 587–588

satellite access, 460–461

SC (subscriber connector), 61–62, 94

SCADA (supervisory control and data acquisition) systems, 623–625

scalability of structured cabling, 137

scaling

cloud computing, 569

IaC, 554

virtualization, 548

scanners

port, 747–748

vulnerability, 641

schemas in databases, 305

scope exhaustion

DHCP, 668

troubleshooting, 763–764

scope in DHCP, 217, 221–222

SCP (Secure Copy Protocol), 389

screened subnets, 701

screensavers, 676

SD-WAN (software-defined wide area networking), 455

SDH (Synchronous Digital Hierarchy), 451

SDN (software-defined networking)

data centers, 590

vs. virtualization, 561–563

SDSL (symmetric DSL), 456

secondary name servers in DNS, 327

Secure Copy Protocol (SCP), 389

Secure Hash Algorithm (SHA), 363–365

secure protocols, 381

Secure Shell (SSH) protocol

overview, 381–383

Telnet replacement, 298–299

tunneling, 383–384

Secure Sockets Layer (SSL)

certificate issues, 771

e-mail, 389

SSL/TLS, 309–311, 385–386

VPNs, 475–476

security

cloud computing, 569–570

home, 609–610

network. See network security

policies, 630–634

Wi-Fi, 497–505

Security and Maintenance tool, 694–695

security event management (SEM), 726–727

security guards, 681

security identifiers (SIDs) in Kerberos, 380

security information and event management (SIEM), 726–727

security information management (SIM), 726–727

security through obscurity concept, 504

security type mismatches in Wi-Fi, 529

segments and segmentation

connections, 84–86

DMZs, 701

Ethernet, 69, 84–86

hybrid topologies, 48

network security, 691–692

packets, 27–30

SCADA, 624–625

TCP, 175

SEM (security event management), 726–727

Sender Policy Framework (SPF), 342

sensors for network monitoring, 718

separation of duties, 658

Sequence number field in TCP, 175

serial field for name servers, 327

server-based anti-malware, 697

server clusters for multilayer switches, 411

server farms in data centers, 596

Server Message Block (SMB), 319

server not found message in DNS, 344–345

servers

DHCP, 214–217

DHCP, multiple, 225–226

DHCP, rogue, 226–227

DNS, 321–322

DNS, administering, 333–343

DNS, name, 326–327

DNS, public, 342–343

DNS, subdomains, 325

e-mail, 300–301

ICS, 622

multilayer switches, 417–420

protecting, 675–676

RADIUS, 501

rail racks, 120

troubleshooting, 764

unified communication, 616

service-layer cake in cloud computing, 549

service-level agreements (SLAs), 639

service-related entry points, 131

service set identifiers (SSIDs)

disabling broadcasts of, 504

infrastructure networks, 521–522, 526

wireless networks, 490–491, 535–536

service (SRV) DNS records, 341

services

cloud computing, 549

unnecessary, 677–678

session hijacking, 669

session IDs in SSH, 381

Session Initiation Protocol (SIP), 614

Session layer in OSI seven-layer model, 30–32

sessions

description, 283

seeing, 32

sockets, 291

severity levels, 725

SFF (small form factor) connectors, 98–99

SFP (small form-factor pluggable) transceivers, 100, 104

SFTP (SSH File Transfer Protocol), 389

SHA (Secure Hash Algorithm), 363–365

shapers for multilayer switches, 413–414

shells, CLI, 739

shielded twisted pair (STP) cable, 55

Short Message Service (SMS) alerts, 712

shorthand notation for IPv6 addresses, 427

shorts in cabling, 149

shoulder surfing, 675

show config commands, 759

show interfaces command, 719

network troubleshooting, 759

switches, 398–399

show route command, 760

show ip route command, 242

SIDs (security identifiers) in Kerberos, 380

SIEM (security information and event management), 726–727

signal level issues in Wi-Fi, 529–530

signal loss

fiber-optic cabling, 154–155

measuring, 154

signal mismatches in fiber-optic cabling, 155

signal strength in 802.11, 487

signal-to-noise ratio (SNR) in Wi-Fi, 534–535

signatures

intrusion detection systems, 416

nonrepudiation, 365–366

viruses, 696

SIM (security information management), 726–727

SIM (subscriber identity module) cards, 463–464

Simple Mail Transfer Protocol (SMTP), 299

Simple Mail Transport Protocol Secure (SMTPS), 389

Simple Network Management Protocol (SNMP), 390–391, 708–712

Simple Network Time Protocol (SNTP), 285–286

Simultaneous Authentication of Equals (SAE), 503

single-mode fiber (SMF) fiber-optic cabling, 61

single sign-on (SSO) in Kerberos, 380

single strand fiber transmission, 104

SIP (Session Initiation Protocol), 614

SIP trunking, 616

site surveys

data centers, 600–601

Wi-Fi, 509–512

site--to-site VPN connections, 475

6in4 tunneling standard, 445

66 blocks, 122–124

SLAAC (stateless address autoconfiguration) process, 434–438

SLAs (service-level agreements), 639

slow Wi-Fi connections, 532–533

small form factor (SFF) connectors, 98–99

small form-factor pluggable (SFP) transceivers, 100, 104

smart cards, 682

smart garage door openers, 609

smart jacks, 132, 457

smart lockers, 683–684

smart printers, 609

Smart Queue Management, 413

smart speakers, 608

SMB (Server Message Block), 319

SMF (single-mode fiber) fiber-optic cabling, 61

SMS (Short Message Service) alerts, 712

SMTP (Simple Mail Transfer Protocol), 299

SMTPS (Simple Mail Transport Protocol Secure), 389

SNAT (static NAT), 247

sniffers, packet, 670, 713

snips, 736

SNMP (Simple Network Management Protocol), 390–391, 708–712

snooping

DHCP, 662

IGMP, 766–767

SNR (signal-to-noise ratio) in Wi-Fi, 534–535

SNTP (Simple Network Time Protocol), 285–286

SOA (start of authority) DNS records, 336–337

social engineering

training, 638

types, 674–676

sockets, 291

software

802.11, 487–488

troubleshooting tools, 738–749

software as a service (SaaS), 552–553

software-defined networking (SDN)

data centers, 590

vs. virtualization, 561–563

software-defined wide area networking (SD-WAN), 455

software firewalls, 697–698

SOHO firewalls, 697

solid core UTP cable, 117

solution implementation in troubleshooting, 755

something you do factor in authentication, 371

something you have factor in authentication, 371

something you know factor in authentication, 371

somewhere you are factor in authentication, 371

SONET (Synchronous Optical Network), 101–102, 451

SOPs (standard operating procedures), updating, 636

source addresses in Ethernet, 69

SOWs (statements of work), 639

SpaceX Starlink service, 460

Spanning Tree Protocol (STP), 85–86

Speakeasy Speed Test, 748–749

speakers, 608

special IP addresses, 227

spectrum analyzers, 534

speed of switches, 399

speed test sites, 457, 748–749

SPF (Sender Policy Framework), 342

spine-and-leaf architecture, 590–591

splicers for fiber-optic cabling, 157

split pairs in copper cabling, 149

split tunnel VPNs, 475

splitters for coaxial cable, 53

spoofing

MAC addresses, 504

types, 660

spread-spectrum transmission, 491

SPSs (standby power supplies), 165

spyware, 674

SQL (Structured Query Language), 304–305

SRV (service) DNS records, 341

ss utility, 746

SSH (Secure Shell) protocol

overview, 381–383

Telnet replacement, 298–299

tunneling, 383–384

SSH File Transfer Protocol (SFTP), 389

SSIDs (service set identifiers)

disabling broadcasts of, 504

infrastructure networks, 521–522, 526

wireless networks, 490–491, 535–536

SSL. See Secure Sockets Layer (SSL)

SSO (single sign-on) in Kerberos, 380

ST (straight tip) connectors, 61–62, 94

standard operating procedures (SOPs), updating, 636

standards

audit reports, 601

encryption, 380–384

TCP/IP security, 372–380

Wi-Fi. See Wi-Fi standards

standby power supplies (SPSs), 165

star topologies

802.11, 489

basics, 114

description, 46–47

star-bus topologies, 48

star-ring topologies, 48

start frame delimiters in Ethernet frames, 70

start of authority (SOA) DNS records, 336–337

STARTTLS protocol command, 389

starvation attacks in DHCP, 668

state data, backing up, 646

stateful DHCPv6 servers, 435

stateful inspection firewall model, 698

stateful mapping in NAT64, 446

stateless address autoconfiguration (SLAAC) process, 434–438

stateless DHCPv6 servers, 435

stateless inspection firewall model, 698

stateless mapping in NAT64, 446

statements of work (SOWs), 639

static IP addresses, 210–214

static NAT (SNAT), 247

static VLANs, 405

steady state routers, 256

sticky MAC addresses for switches, 399

storage area networks (SANs), 587–588

storage in data centers, 587–588

STP (shielded twisted pair) cable, 55

STP (Spanning Tree Protocol), 85–86

straight-through cable

switches, 84

troubleshooting, 761

straight tip (ST) connectors, 61–62, 94

stranded core UTP cable, 117

strata in NTP, 286

stream ciphers, 358

structured cabling, 113

basics, 114–115

building-wide, 130–131

connection points, 126–127

connections, 141–148

demarcs, 131–134

equipment racks, 118–122

floor plans, 134–135

horizontal cabling, 115–118

network components, 115–130

patch panels, 122–126

pulling, 137–141

runs, 135–136

telecommunications room location factor, 136–137

telecommunications rooms, 118

testing, 148–157

Structured Query Language (SQL), 304–305

subdomains in DNS, 325

subnet IDs in IPv6 addresses, 427

subnet masks

IP addresses, 192–197

routing tables, 237–238

TCP/IP network issues, 348

troubleshooting, 761

subnets

calculating, 203–207

description, 21

firewalls, 701

host calculations, 201

making, 202–203

overview, 199–201

subscriber connector (SC), 61–62, 94

subscriber identity module (SIM) cards, 463–464

substitution ciphers, 355–356

succession planning, 648

suffixes in DNS, 342–343

supervisory control and data acquisition (SCADA) systems, 623–625

supplicants in RADIUS, 501

surveillance, video, 684–685

surveys, site

data centers, 600–601

Wi-Fi, 509–512

switch port protection, 666

switches

access management, 397–398

data centers, 584

distributed, 558

Ethernet, 81–87

MAC addresses, 16

managing, 396–399

multilayer. See multilayer switches (MLSs)

overview, 395

port configuration, 398–399

review, 421–423

segment connections, 84–86

selecting, 106

STP, 85–86

troubleshooting, 87

virtual, 557–558

VLANs, 400–409

switching loops, troubleshooting, 767

switchports, disabling, 693

symmetric DSL (SDSL), 456

symmetric-key encryption, 357–359

symptoms identification in troubleshooting, 751

SYN (synchronize) segments in three-way handshakes, 175, 283–284

SYN-ACK segments in three-way handshakes, 175

Synchronous Digital Hierarchy (SDH), 451

Synchronous Optical Network (SONET), 101–102, 451

syslog monitors, 720–721, 725

system life cycles, 672

tables

port address translation, 246

router, 190–191

routing. See routing tables

TACACS+ (Terminal Access Controller Access Control System Plus), 378

Table of Contents for CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008), 8th Edition

Create new playlist

Sign In

Sign Up

Table of Contents for
CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008), 8th Edition