Appendix B
Answers to Review Questions

Chapter 1: Introduction to Networks

  1. C. A client-server logical topology allows you to have a centralized database of users so that authentication is provided in one place.
  2. C. To install a physical topology that provides ease of scalability, use a star network. This is a hub or switch device, and this is the most common LAN network today.
  3. D. Only a mesh physical topology has point-to-point connections to every device, so it has more connections and is not a popular LAN technology.
  4. B. In a star topology, each workstation connects to a hub, switch, or similar central device but not to other workstations. The benefit is that when connectivity to the central device is lost, the rest of the network lives on.
  5. C. Multiprotocol Label Switching has as many advantages as a LAN protocol. When labels are used, voice can have priority over basic data, for example.
  6. B. A logical grouping of hosts is called a LAN, and you typically group them by connecting them to a hub or switch.
  7. C. It is easy to relax about security in a peer-to-peer environment. Because of the trouble it takes to standardize authentication, a piecemeal approach involving users' personal preferences develops. There are no dedicated servers in a peer-to-peer network, and such a network can be created with as few as two computers.
  8. A. When a central office, such as headquarters, needs to communicate directly with its branch offices but the branches do not require direct communication with one another, the point-to-multipoint model is applicable. The other scenarios tend to indicate the use of a point-to-point link between sites.
  9. D. LANs generally have a geographic scope of a single building or smaller. They can range from simple (two hosts) to complex (with thousands of hosts).
  10. B. The only disadvantage mentioned is the fact that there is a single point of failure in the network. However, this topology makes troubleshooting easier; if the entire network fails, you know where to look first. The central device also ensures that the loss of a single port and the addition of a new device to an available port do not disrupt the network for other stations attached to such a device.
  11. D. A typical WAN connects two or more remote LANs together using someone else's network (your ISP's) and a router. Your local host and router see these networks as remote networks and not as local networks or local resources. Routers use proprietary serial connections for WANs.
  12. D. Multiprotocol Label Switching provides logical links between sites, so branch offices can be easily and quickly added.
  13. A. In a peer-to-peer network, all computers are considered equal. It is up to the computer that has the resource being requested to perform a security check for access rights to its resources.
  14. D. In client-server networks, requests for resources go to a main server that responds by handling security and directing the client to the resource it wants instead of the request going directly to the machine with the desired resource (as in peer-to-peer).
  15. A. The best answer to this question is an Ethernet switch, which uses a star physical topology with a logical bus technology.
  16. D. Routers are used to connect different networks together.
  17. D. In the mesh topology, there is a path from each connection to every other one in the network. A mesh topology is used mainly because of the robust fault tolerance it offers—if one connection goes on the blink, computers and other network devices can simply switch to one of the many redundant connections that are up and running.
  18. A. As its name implies, in a point-to-point topology you have a direct connection between two routers, giving you one communication path. The routers in a point-to-point topology can either be linked by a serial cable, making it a physical network, or be far away and only connected by a circuit within a Frame Relay network, making it a logical network.
  19. B. A hybrid topology is a combination of two or more types of physical or logical network topologies working together within the same network.
  20. A, B, C, D. Each topology has its own set of pros and cons regarding implementation, so it's important to ask the right questions and consider cost, ease of installation, maintenance, and fault tolerance.

Chapter 2: The Open Systems Interconnection Specifications

  1. C. A connection-oriented session is set up using what is called a three-way handshake. The transmitting host sends a SYN packet, the receiving host sends a SYN/ACK, and the transmitting host replies with the last ACK packet. The session is now set up.
  2. D. TCP and UDP are Transport layer protocols. The Transport layer is layer 4 of the OSI model.
  3. A. The top layer of the OSI model gives applications access to the services that allow network access.
  4. A. If the remote server is busy or does not respond to your web browser request, this is an Application layer problem.
  5. B. The Presentation layer makes data “presentable” for the Application layer.
  6. C. Bridges, like switches, are Data Link layer devices. Hubs, like repeaters, are Physical layer devices. Routers are Network layer devices.
  7. D. The Physical layer's job is to convert data into impulses that are designed for the wired or wireless medium being used on the attached segment.
  8. D. A receiving host can control the transmitter by using flow control (TCP uses windowing by default). By decreasing the window size, the receiving host can slow down the transmitting host so the receiving host does not overflow its buffers.
  9. C, D. Not that you really want to enlarge a single collision domain, but a hub (multiport repeater) will provide this functionality for you.
  10. D. The Transport layer receives large data streams from the upper layers and breaks these up into smaller pieces called segments.
  11. C. The encapsulation order is data, segment, packet, frame, bits.
  12. B, C. Bridges and switches break up collision domains, which allows more bandwidth for users.
  13. C. A reliable Transport layer connection uses acknowledgments to make sure all data is received reliably. A reliable connection is defined by the use of acknowledgments, sequencing, and flow control, which is characteristic of the Transport layer (layer 4).
  14. A, C, D. When sequencing and acknowledgments are used, the segments delivered are acknowledged back to the sender upon their reception. At this point, any segments not acknowledged are retransmitted, and segments are sequenced back into their proper order upon arrival at their destination.
  15. C. Flow control allows the receiving device to control the pace of the transmitting device so the receiving device's buffer does not overflow.
  16. B. IP is a Network layer protocol. TCP is an example of a Transport layer protocol, Ethernet is an example of a Data Link layer protocol, and T1 can be considered a Physical layer protocol.
  17. D. The Presentation layer is the sixth layer of the model. Only the Application layer is higher, but it is not listed. Session is layer 5, Transport is layer 4, and Network is layer 3.
  18. C. A router is specified at the Network layer and a router routes packets. Routers can also be called layer 3 switches.
  19. C. The phrase “Please Do Not Throw Sausage Pizza Away” contains the first letters of the layers in order, from layer 1 through layer 7. “All People Seem To Need Data Processing” works from the top down. The other options have all the right letters, just not in the right order.
  20. B. The 802.3 standard, commonly associated with Ethernet, specifies the media-access method used by Ethernet, which is known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD).

Chapter 3: Networking Connectors and Wiring Standards

  1. B, C. Plenum-rated means that the cable's coating doesn't begin burning until a much higher temperature of heat, doesn't release as many toxic fumes as PVC when it does burn, and is rated for use in air plenums that carry breathable air, usually as nonenclosed fresh-air return pathways that share space with cabling.
  2. D. UTP is commonly used in twisted-pair Ethernet like 10BaseT, 100BaseTX, 1000BaseTX, and so on.
  3. D. Unshielded twisted-pair has standards from Category 2 through 8 for use on Ethernet networks. There is no Category 9 defined.
  4. C. UTP usually connects with RJ-45. You use a crimper to attach an RJ connector to a cable.
  5. A. Single-mode fiber allows for the maximum cable run distances.
  6. B. You would use a straight-through cable to connect a host to a switch, and the typical pin-out is called T568A.
  7. C. Fiber-optic cable transmits digital signals using light impulses rather than electricity; therefore, it is immune to EMI and RFI.
  8. B. Remember that fiber-optic cable transmits a digital signal using light impulses. Light is carried on either a glass or a plastic core.
  9. B. The difference between single-mode fibers and multimode fibers is in the number of light rays (and thus the number of signals) they can carry. Generally speaking, multimode fiber is used for shorter-distance applications and single-mode fiber for longer distances.
  10. C. Standards limit UTP to a mere 100 meters. Different fiber-optic types have different maximum lengths, but fiber-optic is the only cable type that can extend well beyond 100 meters.
  11. B, D, E. There are many different types of fiber-optic connectors. SC, ST, LC, and MT-RJ are some of the more typical connectors in use today.
  12. B. To connect two devices for voice on a vertical connect, the minimum cable you can use is Category 5.
  13. B. In half-duplex communication, a device can either send communication or receive communication, but it cannot do both at the same time.
  14. B. Fiber-optic cable transmits only light (not electricity like UTP), so EMI has zero effect on it.
  15. C. Full-duplex communication requires a point-to-point configuration between two directly connected devices because the collision-avoidance circuit is disabled.
  16. B. 100BaseTX utilizes only pins 1, 2, 3, and 6.
  17. D. All devices that are pinned the same for transmit and receive require a crossover cable to communicate directly. The current switches can autodetect the cable type.
  18. A. A T1 cable uses pairs 1 and 2, so connecting two T1 CSU/DSU devices back-to-back requires a crossover cable that swaps these pairs. Specifically, pins 1, 2, 4, and 5 are connected to 4, 5, 1, and 2, respectively.
  19. D. The demarcation point, or demarc, is the point at which the operational control or ownership changes from your company to a service provider. This is often at the MDF in relation to telephone connections and the CSU/DSU in regard to WAN connections.
  20. B. Fast Ethernet is 100BaseTX and this type of cable uses two pairs of wires.

Chapter 4: The Current Ethernet Specifications

  1. B. On an Ethernet network, the MAC address (hardware address) is used for one host to communicate with another.
  2. B. 100BaseTX uses CAT 5e and can run 200 Mbps when using full-duplex.
  3. D. When one device sends a packet out on a network segment, all other devices on the same physical network segment must wait and let it be transmitted.
  4. E. 10Base2 was one of the very first Ethernet network physical mediums and is a thinnet coax.
  5. B, E. Option B carrier sense multiple access with collision detection (CSMA/CD) helps packets that are transmitted simultaneously from different hosts share bandwidth evenly. You might think that CSMA/CD would be the only correct answer, but always think in terms of what is the best answer out of all the options, and B and E (CSMA/CA) are both correct. The exam will never have cut-and-dry answers.
  6. B. A 10GBaseSR cable can have a maximum distance of 990 feet (302 meters).
  7. B. With half-duplex, you are using only one wire pair at a time, with a digital signal either transmitting or receiving.
  8. A. Full-duplex Ethernet uses two pairs of wires at the same time.
  9. C. A 10GBaseLR implementation can go a distance of up to 6 miles.
  10. B. Double up! You can get 20 Mbps with a 10 Mbps Ethernet running full-duplex or 200 Mbps for Fast Ethernet.
  11. B. Full-duplex communication cannot be used with a hub because a hub is a half-duplex single communication device. A host, switch, and router have the ability to process traffic (frames), whereas a hub is a multiport repeater.
  12. B. 11000000 is 192, 10101000 is 168, 00110000 is 48, and 11110000 is 240.
  13. B. In February 2011, the IEEE finally published a standard for Broadband over Power Line (BPL) called IEEE 1901; this is also referred to as Power Line Communication (PLC) or even Power Line Digital Subscriber Line (PDSL).
  14. C. Nibble values are 8 + 4 + 2 + 1, giving us a maximum value of 15. If we have a decimal value of 10, that means the 8 bit and the 2 bit are turned on.
  15. D. The 128, 64, 32, and 8 bits are on, so just add the values: 128 + 64 + 32 + 8 = 232.
  16. B. The first 10 hexadecimal digits (0–9) are the same values as the decimal values. We already know the binary value for the number 10 is 1010—in hex, the number 10 needs to be displayed as a single character. To display double-digit numbers as a single character, we substitute letters. In our example, 10 is A.
  17. C. A MAC, or hardware, address is a 48-bit (6-byte) address written in hexadecimal format.
  18. A. 100BaseT and 1000BaseT both have a maximum distance of 100 meters, or 328 feet.
  19. B. The FCS can detect frames in the sequence by calculating the cyclic redundancy check (CRC), which verifies that all the bits in the frame are unchanged.
  20. C. The 100 means 100 Mbps. The Base means baseband, which refers to baseband technology—a signaling method for communication on the network.

Chapter 5: Networking Devices

  1. E. Intrusion detection and prevention systems are not a requirement for a SOHO Internet connection.
  2. C. Like a hub, a switch connects multiple segments of a network together, with one important difference. Whereas a hub sends out anything it receives on one port to all the others, a switch recognizes frame boundaries and pays attention to the destination MAC address of the incoming frame as well as the port on which it was received.
  3. B. When we say segment, we mean to create multiple collision or broadcast domains. Hubs don't segment a network; they just connect network segments together. Repeaters don't segment the network; they repeat a signal and allow the distance covered to be increased. So the only correct option is B, a switch.
  4. A. The primary function of a bridge is to keep traffic separated on both sides of it, breaking up collision domains.
  5. A. Hubs create one collision domain and one broadcast domain.
  6. B. By allowing full-duplex operation on each port, a switch provides extra bandwidth to each port.
  7. C. A switch is typically just a layer 2 device segmenting the network by using MAC addresses. However, some higher-end switches can provide layer 3 services.
  8. D. Remember that DHCP servers assign IP addresses to hosts. Thus, DHCP allows easier administration than providing IP information to each host by hand (called static IP addressing).
  9. B. Multilayer switches (also called layer 3 switches) don't have fewer features, less bandwidth, or fewer ports than a normal switch; they just allow routing functions between subnets.
  10. B. A load balancer uses a little trickery and sends incoming packets to one or more machines that are hidden behind a single IP address. Modern load-balancing routers can use different rules to make decisions about where to route traffic, which can be based on least load, fastest response times, or simply balancing requests.
  11. A. DNS translates human names to IP addresses for routing your packet through the Internet. Hosts can receive the IP address of this DNS server and then resolve hostnames to IP addresses.
  12. C. Routers, switches, and bridges are all devices that help break up big networks into a number of smaller ones—also known as network segmentation. Hubs don't segment networks—they just connect network segments together.
  13. A. Web cache, of course! Most proxy programs provide a means to deny access to certain URLs in a block list/blacklist, thus providing content filtering, usually in corporate environments.
  14. D. Options A and C aid in boosting network performance. Option B is an advantage gained when segmenting the network. So the only option left is broadcast storms. Increased traffic will increase LAN congestion.
  15. B. If the DHCP server has stopped functioning, it will not hand out IP addresses to hosts that are restarted. However, the hosts that were not shut down still have IP addresses because the lease time has not expired.
  16. D. A proxy server can be used to prevent external traffic from reaching your internal network directly and can also be used to filter the sites to which your users are allowed to connect.
  17. C. Switches create separate collision domains but a single broadcast domain. Remember that routers provide a separate broadcast domain for each interface.
  18. A. Using appliances to offload functions such as encryption, content filtering, and VPN concentration can decrease the workload of other systems and add functionality that may be present in these dedicated devices.
  19. C. A DNS server uses many types of records. An A record is a hostname–to–IP address record, and a pointer record is an IP address–to–hostname record.
  20. D. A proxy server can provide many functions. A proxy server can use a caching engine so repeated access requests for web information would accelerate repeated access for users, and they can also limit the availability of websites.

Chapter 6: Introduction to the Internet Protocol

  1. D. SMTP resides at the Application layer of the OSI and DoD models.
  2. D. HTTPS, or Secure HTTP, uses port 443 by default.
  3. C. Dynamic Host Configuration Protocol (DHCP) is used to provide IP information to hosts on your network. DHCP can provide a lot of information, but the most common is IP address, subnet mask, default gateway, and DNS information.
  4. B. Address Resolution Protocol (ARP) is used to find the hardware address from a known IP address.
  5. B. Secure Shell (SSH) allows you to remotely administer router, switches, and even servers securely.
  6. C. The problem is with DNS, which uses both TCP and UDP port 53.
  7. A, B. A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3. The layer 2 broadcast is all Fs in hex, or FF:FF:FF:FF:FF:FF. The layer 3 broadcast is 255.255.255.255, which means all networks and all hosts. DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also called the Host-to-Host layer.
  8. E. Telnet uses TCP at the Transport layer with a default port number of 23.
  9. C, D. Internet Control Message Protocol (ICMP) is used to send error messages through the network, but ICMP does not work alone. Every segment or ICMP payload must be encapsulated within an IP datagram (or packet).
  10. B, C, D, E. SMTP, SNMP, FTP, and HTTP are connection oriented and use TCP.
  11. A, C, F. DHCP, SNMP, and TFTP use UDP. SMTP, FTP, and HTTP use TCP.
  12. C, D, E. Telnet, File Transfer Protocol (FTP), and Trivial FTP (TFTP) are all Application layer protocols. IP is a Network layer protocol. Transmission Control Protocol (TCP) is a Transport layer protocol.
  13. C. SMTP is used by a client to send mail to its server and by that server to send mail to another server. POP3 and IMAP are used by clients to retrieve their mail from the server that stores it until it is retrieved. HTTP is only used with web-based mail services.
  14. C. Remote Desktop Protocol (RDP) allows you to connect to a remote computer and run programs, as Telnet does. However, the large advantage that RDP has over Telnet is that RDP allows you to have a GUI interface connection.
  15. B. Simple Network Management Protocol is typically implemented using version 3, which allows for a connection-oriented service, authentication and secure polling of network devices, and alerts and reports on network devices.
  16. D. File Transfer Protocol (FTP) can be used to transfer files between two systems.
  17. B. The four layers of the IP stack (also called the DoD model) are Application/Process, Host-to-Host, Internet, and Network Access. The Host-to-Host layer is equivalent to the Transport layer of the OSI model.
  18. C. Network Time Protocol will ensure a consistent time across network devices on the network.
  19. A. Through the use of port numbers, TCP and UDP can establish multiple sessions between the same two hosts without creating any confusion. The sessions can be between the same or different applications, such as multiple web-browsing sessions or a web-browsing session and an FTP session.
  20. D. DNS uses TCP for zone exchanges between servers and UDP when a client is trying to resolve a hostname to an IP address.

Chapter 7: IP Addressing

  1. D. The addresses in the range 172.16.0.0 through 172.31.255.255 are all considered private, based on RFC 1918. Use of these addresses on the Internet is prohibited so that they can be used simultaneously in different administrative domains without concern for conflict. Some experts in the industry believe these addresses are not routable, which is not true.
  2. B. APIPA uses the link-local private address range of 169.254.0.0 through 169.254.255.255 and a subnet mask of 255.255.0.0.

    APIPA addresses are used by DHCP clients that cannot contact a DHCP server and have no static alternate configuration. These addresses are not Internet routable and cannot, by default, be used across routers on an internetwork.

  3. C. Private IP addresses are not routable over the Internet, as either source or destination addresses. Because of that fact, any entity that wishes to use such addresses internally can do so without causing conflicts with other entities and without asking permission of any registrar or service provider. Despite not being allowed on the Internet, private IP addresses are fully routable on private intranets.
  4. D. The Class A range is 1 through 126 in the first octet/byte, so only option D is a valid Class A address.
  5. C. The Class B range is 128 through 191 in the first octet/byte. Only option C is a valid Class B address.
  6. B. If you turned on all host bits (all of the host bits are 1s), this would be a broadcast address for that network.
  7. B. A Layer 2 broadcast is also referred to as a MAC address broadcast, which is in hexadecimal and is FF.FF.FF.FF.FF.FF.
  8. C. A default Class C subnet mask is 255.255.255.0, which means that the first three octets, or first 24 bits, are the network number.
  9. A. Packets addressed to a unicast address are delivered to a single interface. For load balancing, multiple interfaces can use the same address.
  10. C. I wonder how many of you picked APIPA address as your answer? An APIPA address is 169.254.x.x. The host address in this question is a public address. Somewhat of a tricky question if you did not read carefully.
  11. B. An IPv6 address is 128 bits in size.
  12. B. Packets addressed to a multicast address are delivered to all interfaces identified by the multicast address, the same as in IPv4. A multicast address is also called a one-to-many address. You can tell multicast addresses in IPv6 because they always start with FF.
  13. C. Anycast addresses identify multiple interfaces, which is the same as multicast; however, the big difference is that the anycast packet is delivered to only one address: the first one it finds defined in terms of routing distance. This address can also be called one-to-one-of-many or one-to-nearest.
  14. A, C. The loopback address with IPv4 is 127.0.0.1. With IPv6, that address is ::1.
  15. B, D. In order to shorten the written length of an IPv6 address, successive fields of zeros may be replaced by double colons. In trying to shorten the address further, leading zeros may also be removed. Just as with IPv4, a single device's interface can have more than one address; with IPv6 there are more types of addresses and the same rule applies. There can be link-local, global unicast, and multicast addresses all assigned to the same interface.
  16. C, D. IPv4 addresses are 32 bits long and are represented in decimal format. IPv6 addresses are 128 bits long and represented in hexadecimal format.
  17. D. Only option D is in the Class C range of 192 through 224. It might look wrong because there is a 255 in the address, but this is not wrong—you can have a 255 in a network address, just not in the first octet.
  18. C, E. The Class A private address range is 10.0.0.0 through 10.255.255.255. The Class B private address range is 172.16.0.0 through 172.31.255.255, and the Class C private address range is 192.168.0.0 through 192.168.255.255.
  19. B. This can be a hard question if you don't remember to invert the 7th bit! Always look for the 7th bit when studying for the exam. The EUI-64 autoconfiguration inserts an FF:FE in the middle of the 48-bit MAC address to create a unique IPv6 address.
  20. C. Option C is a multicast address and cannot be used to address hosts.

Chapter 8: IP Subnetting, Troubleshooting IP, and Introduction to NAT

  1. D. A /27 (255.255.255.224) is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts. Does it matter if this mask is used with a Class A, B, or C network address? Not at all. The number of host bits would never change.
  2. B. Don't freak because this is a Class A. What is your subnet mask? 255.255.255.128. Regardless of the class of address, this is a block size of 128 in the fourth octet. The subnets are 0 and 128. The 0 subnet host range is 1–126, with a broadcast address of 127. The 128 subnet host range is 129–254, with a broadcast address of 255. You need a router for these two hosts to communicate because they are in different subnets.
  3. C. This is a pretty simple question. A /28 is 255.255.255.240, which means that our block size is 16 in the fourth octet (0, 16, 32, 48, 64, 80, and so on). The host is in the 64 subnet.
  4. F. A CIDR address of /19 is 255.255.224.0. This is a Class B address, so that is only 3 subnet bits, but it provides 13 host bits, or 8 subnets, each with 8,190 hosts.
  5. C. The host ID of 10.0.37.144 with a 255.255.254.0 mask is in the 10.0.36.0 subnet (yes, you need to be able to subnet in this exam!). Do not stress that this is a Class A; what we care about is that the third octet has a block size of 2, so the next subnet is 10.0.38.0, which makes the broadcast address 10.0.37.255. The default gateway address of 10.0.38.1 is not in the same subnet as the host. Even though this is a Class A address, you still should easily be able to subnet this because you look more at the subnet mask and find your interesting octet, which is the third octet in this question. 256 – 254 = 2. Your block size is 2.
  6. D. A /30, regardless of the class of address, has a 252 in the fourth octet. This means we have a block size of 4 and our subnets are 0, 4, 8, 12, 16, and so on. Address 14 is obviously in the 12 subnet.
  7. D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet.
  8. C. Devices with layer 3 awareness, such as routers and firewalls, are the only ones that can manipulate the IP header in support of NAT.
  9. A. A /29 (255.255.255.248), regardless of the class of address, has only 3 host bits. Six hosts is the maximum number of hosts on this LAN, including the router interface.
  10. C. A computer should be configured with an IP address that is unique throughout the reachable internetwork. It should be configured with a subnet mask that matches those of all other devices on its local subnet, but not necessarily one that matches the mask used on any other subnet. It should also be configured with a default gateway that matches its local router's interface IP address.
  11. A. A /29 (255.255.255.248) has a block size of 8 in the fourth octet. This means the subnets are 0, 8, 16, 24, and so on. 10 is in the 8 subnet. The next subnet is 16, so 15 is the broadcast address.
  12. B. A 24-bit mask, or prefix length, indicates that the entire fourth octet is used for host identification. In a special case such as this, it is simpler to visualize the all-zeros value (172.16.1.0) and the all-ones value (172.16.1.255). The highest usable address, the last one before the all-ones value, is 172.16.1.254.
  13. A, E. First, if you have two hosts directly connected, as shown in the graphic, then you need a crossover cable. A straight-through cable won't work for the exam objectives. Second, the hosts have different masks, which puts them in different subnets. The easy solution is just to set both masks to 255.255.255.0 (/24).
  14. A. A /25 mask is 255.255.255.128. Used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 subnet bits: 8 bits in the third octet and 1 bit in the fourth octet. Because there is only 1 bit in the fourth octet, the bit is either off or on—which is a value of 0 or 128. The host in the question is in the 0 subnet, which has a broadcast address of 127 because 128 is the next subnet.
  15. A. A /28 is a 255.255.255.240 mask. Let's count to the ninth subnet (we need to find the broadcast address of the eighth subnet, so we need to count to the ninth subnet). We start at 16 (remember, the question stated that we will not use subnet 0, so we start at 16, not 0): 16, 32, 48, 64, 80, 96, 112, 128, 144. The eighth subnet is 128, and the next subnet is 144, so our broadcast address of the 128 subnet is 143. This makes the host range 129–142. 142 is the last valid host.
  16. C. A /28 is a 255.255.255.240 mask. The first subnet is 16 (remember that the question stated not to use subnet 0), and the next subnet is 32, so our broadcast address is 31. This makes our host range 17–30. 30 is the last valid host.
  17. A. The best method here is to check the configuration of devices that were using the old router as a gateway to the rest of the internetwork. Routers do not periodically cache their configurations to servers of any sort. You might have copied the old router's configuration to a TFTP server or the like, but failing that, you will have to rebuild the configuration from scratch, which might well be much more than interface addresses. Therefore, keeping a copy of the router's current configuration somewhere other than on the router is a wise choice. Routers don't auto-configure themselves; we wouldn't want them to.
  18. E. A Class B network ID with a /22 mask is 255.255.252.0, with a block size of 4 in the third octet. The network address in the question is in subnet 172.16.16.0 with a broadcast address of 172.16.19.255. Only option E has the correct subnet mask listed, and 172.16.18.255 is a valid host.
  19. D, E. The router's IP address on the E0 interface is 172.16.2.1/23, which is a 255.255.254.0. This makes the third octet a block size of 2. The router's interface is in the 2.0 subnet, and the broadcast address is 3.255 because the next subnet is 4.0. The valid host range is 2.1 through 3.254. The router is using the first valid host address in the range.
  20. A. Network address translation can allow up to 65,000 hosts to get onto the Internet with one IP address by using port address translation (PAT).

Chapter 9: Introduction to IP Routing

  1. C. Yep, you got it. RIP, RIPv2, and EIGRP are all examples of routing protocols; RIPv3 is nonexistent.
  2. C. In dynamic routing, routers update each other about all the networks they know about and place this information into the routing table. This is possible because a protocol on one router communicates with the same protocol running on neighbor routers. If changes occur in the network, a dynamic routing protocol automatically informs all routers about the event.
  3. D. Dynamic routing scales well in large networks and routes are automatically added into the routing table. Static routing is done by hand, one route at a time into each router.
  4. B. Media Access Control (MAC) addresses are always local on the LAN and never go through and past a router.
  5. C. Routing convergence is the time required by the routing protocols to update the routing tables (forwarding tables) on all routers in the network.
  6. D. The arp -a command will show the ARP cache on your host.
  7. D. Hope you answered D! A router will not send a broadcast looking for the remote network—the router will discard the packet.
  8. C. RIPv1 and 2 and IGRP are all distance-vector (DV) protocols. Routers using a DV protocol send all or parts of their routing table in a routing-update message at a regular interval to each of their neighbor routers.
  9. C, D. Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are link-state (LS) routing protocols.
  10. B. The only protocol you could select is Enhanced Interior Gateway Routing Protocol (EIGRP).
  11. A. Interior Gateway Routing Protocol is a distance-vector (DV) interior gateway protocol.
  12. C. Border Gateway Protocol (BGP) is the most popular choice for ISPs or really large corporations.
  13. A, C. Distance-vector (DV) and link-state (LS) are the two routing protocols to remember.
  14. A, D. A frame uses a local MAC address (router) to send a packet on the LAN. The frame will take the packet to either a host on the LAN or a router's interface if the packet is destined for a remote network, which would be sent to the neighbor router.
  15. A. I hope you said A! Packets specifically have to be carried to a router in order to be routed through a network.
  16. C. Remember that the frame changes at each hop but that the packet is never changed in any way until it reaches the destination device.
  17. D. When the routing tables are complete because they include information about all networks in the internetwork, they are considered converged.
  18. A. This is step 6 in the IP routing process. If the hardware address isn't in the ARP cache of the host, an ARP broadcast is sent out onto the local network to search for the hardware address.
  19. C. The best answer would be to reroute traffic using a temporary static route until the maintenance is complete on the router.
  20. A. You are most likely to see a Request Timed Out message when (if) a packet is lost on the way back to the originating host for an unknown error. Remember, if the error occurs because of a known issue, you are likely to see a Destination Unreachable message.

Chapter 10: Routing Protocols

  1. C, D, F. RIPv1 and IGRP are true distance-vector routing protocols and can't do much, really—except build and maintain routing tables and use a lot of bandwidth! RIPv2, EIGRP, and OSPF build and maintain routing tables, but they also provide classless routing, which allows for VLSM, summarization, and discontiguous networking.
  2. B, C. RIP and RIPv2 are distance-vector routing protocols. OSPF and IS-IS are link state.
  3. A, D. RIP and RIPv2 are distance-vector routing protocols. OSPF and IS-IS are link state.
  4. B, E. RIP and RIPv2 are distance-vector routing protocols. OSPF and IS-IS are link state. EIGRP uses qualities from both distance vector and link state to create a hybrid routing protocol. BGP can be used as an EGP and IGP, so the objectives consider BGP a hybrid routing protocol.
  5. C. Dynamic routing is typically used in today's networks because it scales to larger networks and takes less administrative work.
  6. F. Hot Standby Router Protocol (HSRP) is Cisco's FHRP.
  7. C. Static routes may be a good solution, but remember that they are not dynamic, and if a piece of equipment goes down, new routes to remote networks will not automatically update, so OSPF is the best answer. It dynamically will update the routing tables with faster convergence than RIP.
  8. C. The administrative distance (AD) is a very important parameter in a routing protocol. The lower the AD, the more trusted the route. If you have IGRP and OSPF running, by default IGRP routes would be placed in the routing table because IGRP has a lower AD of 100. OSPF has an AD of 110. RIPv1 and RIPv2 both have an AD of 120, and EIGRP is the lowest at 90.
  9. B. The routing protocols that have been upgraded to advertise IPv6 routes are RIPng, OSPFv3, and EIGRPv6. IS-IS can advertise IPv6 routes as well, but no upgrade was needed for IS-IS.
  10. C. Dynamic routing protocols, like RIP, EIGRP and OSPF, automatically add route updates to the routing table. Static routes must be added by hand.
  11. A. The distance-vector protocols RIPv1 and RIPv2 both have a maximum hop count of 15 (remember, 16 is unreachable). IGRP and EIGRP have a hop count of 255, and OSPF doesn't have a maximum hop count.
  12. B. Routing convergence time is the time for all routers to update their routing tables (forwarding tables).
  13. C. BGP is used to connect autonomous systems together on the Internet because of its ability to make classless routing and summarization possible. This helps to keep routing tables smaller and more efficient at the ISP core.
  14. B. RIPv1 sends broadcasts every 30 seconds and has an AD of 120. RIPv2 sends multicasts (224.0.0.9) every 30 seconds and also has an AD of 120. RIPv2 sends subnet-mask information with the route updates, which allows it to support classless networks and non-contiguous networks. RIPv2 also supports authentication between routers; RIPv1 does not.
  15. A, B. Both RIPv1 and RIPv2 have an AD of 120. EIGRP has an AD of 90 and OSPF is 110.
  16. C. Border Gateway Protocol (BGP) attributes include the IP address to get to the next AS (the next-hop attribute) as well as an indication of how the networks at the end of the path were introduced into BGP (the origin code attribute). The AS path information is useful to construct a graph of loop-free autonomous systems and is used to identify routing policies so that restrictions on routing behavior can be enforced based on the AS path.
  17. A. RIPng, which uses port 521, has many of the same features as RIPv2: It's a distance-vector protocol; it has a max hop count of 15; and it -uses split horizon, poison reverse, and other loop-avoidance mechanisms. And it still uses multicast to send its updates too, but in IPv6, it uses FF02::9 for the transport address. For RIPv2, the multicast address was 224.0.0.9, so the address still has a 9 at the end in the new IPv6 multicast range.
  18. B, C. EIGRP holds three tables in RAM: neighbor, topology, and routing. The neighbor and topology tables are built and also maintained with the use of Hello packets.
  19. D. A successor route (think “successful” rather than standby or backup) is used by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed up by a feasible successor route that is stored in the topology table—if one is available. Remember that all routes are in the topology table.
  20. A. RIP and RIPv2 use only hop count as a metric, with a maximum of 15 hops, to find the best path to a remote network.

Chapter 11: Switching and Virtual LANs

  1. D. By creating and implementing VLANs in your switched network, you can break up broadcast domains at layer 2. For hosts on different VLANs to communicate, you must have a router or layer 3 switch.
  2. B, D. Hosts are connected to a switch and are members of one VLAN. This is called an access port. Trunk links connect between switches and pass information about all VLANs.
  3. C. Virtual LANs break up broadcast domains in layer 2 switched internetworks.
  4. C, E. Both 802.1D and 802.1w are IEEE STP versions, with 802.1w being the latest and greatest version.
  5. D, E. The best answers are that the VLAN membership for the port is configured incorrectly and that STP shut down the port.
  6. B, C, F. VLANs break up broadcast domains in a switched layer 2 network, which means smaller broadcast domains. They allow configuration by logical function instead of physical location and can create some security if configured correctly.
  7. B. The Spanning Tree Protocol is used to stop switching loops in a switched network with redundant paths.
  8. A, E. Bridges break up collision domains, which would increase the number of collision domains in a network and also make smaller collision domains.
  9. C. In order to see all frames that pass through the switch and read the packets with a network analyzer, you need to enable port mirroring on the port your diagnostic host is plugged into.
  10. C. Trunking allows switches to pass information about many or all VLANs configured on the switches.
  11. A, C, E. Layer 2 features include address learning, forwarding and filtering of the network, and loop avoidance.
  12. B. Switches break up collision domains, and routers break up broadcast domains.
  13. C. With the exception of the source port, switches flood all frames that have an unknown destination address. If a device answers the frame, the switch will update the MAC address table to reflect the location of the device.
  14. C. Because the source MAC address is not in the MAC address table, the switch will add the source address and the port it is connected to into the MAC address table and then forward the frame to the outgoing port.
  15. D. Virtual Trunk Protocol (VTP) is a Cisco proprietary method of having a single VLAN database advertised to all other switches in your network. This allows for ease of VLAN management in a larger network. Option C is not a possible configuration, by the way; I made that up.
  16. A, B. The sequence of steps for STP convergence is, by default, blocking, listening, learning, forwarding, disabled. When all ports are in either the blocking or forwarding state, STP is converged.
  17. C, D. In the blocking and listening states, the MAC address table is not learning. Only in the learning and forwarding states is the MAC address table learning MAC addresses and populating the MAC address table.
  18. B. Switches break up collision domains by default, but the network is still one large broadcast domain. In order to break up broadcast domains in a layer 2 switched network, you need to create virtual LANs.
  19. C. If you are configuring voice VLANs, you'll want to configure quality of service (QoS) on the switch ports to provide a higher precedence to voice traffic over data traffic to improve quality of the line.
  20. B. Be careful when using port mirroring/spanning on a switch because it can cause a lot of overhead on the switch and possibly crash your network. It's therefore a good idea to use this feature at strategic times and only for short periods, if possible.

Chapter 12: Wireless Networking

  1. C. It is imperative that a good site survey is completed before you install your wireless network. Trying various types of antennas and their placements is the key to covering the whole wireless area.
  2. C. TLS provides really good wireless security, but it's hard to implement because you need to install a certificate on your server and also on all your clients. TTLS only uses a server-side certificate.
  3. C. The IEEE 802.11b and IEEE 802.11g both run in the 2.4 GHz RF range.
  4. B, D. If you are running 802.11b/g frequency, then you can receive interference from microwave ovens and cordless phones.
  5. D. 802.11n uses channel bonding of both the 2.4 GHz range and the 5 GHz range to get increased bandwidth of over 100 Mbps.
  6. D. Bluetooth works wirelessly to connect our phones, keyboards, and so on in small areas, also known as personal area networks (PANs).
  7. B. The IEEE 802.11a standard provides up to 12 non-overlapping channels, or up to 23 if you add the 802.11h standard.
  8. D. The IEEE 802.11a standard provides a maximum data rate of up to 54 Mbps.
  9. C. If you have a large area to cover with wireless, you need to be concerned with channel overlap.
  10. B. The IEEE 802.11b standard provides a maximum data rate of up to 11 Mbps.
  11. B. If everything is correctly configured on the host, then MAC filtering would stop the host from connecting to the AP. If you try to connect and can't, check the AP's settings.
  12. A. The IEEE 802.11i standard replaced Wired Equivalent Privacy (WEP) with a specific mode of the Advanced Encryption Standard (AES) known as the Counter Mode Cipher Block Chaining-Message Authentication Code (CBC-MAC) protocol. This allows AES-Counter Mode CBC-MAC Protocol (AES-CCMP) to provide both data confidentiality (encryption) and data integrity.
  13. C. If you disable SSID broadcasting, which you should, then you must configure the SSID name on the clients that need to connect to the AP.
  14. B. The IEEE 802.11b standard uses direct-sequence spread spectrum (DSSS). If you are running 802.11g, it uses orthogonal frequency-division multiplexing (OFDM).
  15. B. If you are running an extended service set (meaning more than one AP with the same SSID), you need to overlap the cell coverage by 10 percent or more so clients will not drop out while roaming.
  16. B. You need to use directional antennas, like a Yagi, to get the best signal between antennas.
  17. A. Extended service set ID means that you have more than one access point, they all are set to the same SSID, and they are all connected together in the same VLAN or distribution system so users can roam.
  18. D. WPA is cool because it is easy to configure and works great. Type in a passphrase (assuming you're using a pre-shared key) and you're done. Plus, you have great security because the keys change dynamically.
  19. C. 802.11n uses two 20 MHz wide channels to create a 40 MHz wide channel, which provides over 100 Mbps wireless.
  20. B. 802.11n MIMO sends multiple frames by several antennas over several paths. The frames are then recombined by another set of antennas to optimize throughput and multipath resistance. This is called spatial multiplexing.

Chapter 13: Using Statistics and Sensors to Ensure Network Availability

  1. B. Four nines means 99.99 percent of the time.
  2. C. Commonly used NetFlow flows include the following identifiers: source IP address, destination IP address, source port number, destination port number, layer 3 protocol field, Type of Service (ToS) marking, and input logical interface.
  3. C. NetFlow statistics can analyze the traffic on your network by showing the major users of the network, meaning top talkers, top listeners, top protocols, and so on.
  4. A. In networking, a baseline can refer to the standard level of performance of a certain device or to the normal operating capacity for your whole network.
  5. B. When possible, server rooms and data centers should be located on upper floors. If not, raised floors should be deployed to help prevent water from reaching the equipment.
  6. C. Putting a UPS in bypass mode removes the UPS from between the device and the wall output conceptually, without disconnecting it.
  7. D. The capacity value assumes that all the attached devices are pulling the maximum amount of power, which they rarely do. As a rule of thumb, if you multiply the VA times .6, you will get a rough estimate of the maximum load your UPS may undergo at any particular time.
  8. A. In most cases the software that came with the UPS will have the ability to report the current expected runtime based on the current state of the battery.
  9. B. Many of today's enterprise-level UPS systems offer the ability to shut down a server to which they are attached when the power is lost. A proper shutdown is called a graceful shutdown.
  10. D. Capacity is the maximum amount of power the UPS can supply at any moment in time. So if it has a capacity of 650 volt amperes (VA) and you attempt to pull 800 VA from the UPS, it will probably shut itself down.
  11. C. Uninterruptable power supplies (UPSs) are designed to only provide short-term power to the devices, that is, a length of time sufficient to allow someone to gracefully shut down the devices.
  12. B. High humidity cannot be tolerated because it leads to corrosion of electrical parts followed by shorts and other failures.
  13. D. Low humidity sounds good on paper, but with it comes static electricity buildup in the air, which can fry computer parts if it reaches them.
  14. A. Overheating causes system reboots and failures.
  15. C. If it is too damp, connections start corroding and shorts begin to occur. A humidifying system should be used to maintain the level above 50 percent.
  16. B. A failed encapsulation error message indicates that the router has a layer 3 packet to forward and is lacking some element of the layer 2 header that it needs to be able to forward the packet toward the next hop.
  17. A. Giants are packets that are discarded because they exceed the maximum packet size of the medium.
  18. C. Using a cable that is too long can result in late collisions rather than runts and giants.
  19. D. CRC errors mean that packets have been damaged. This can be caused by a faulty port on the device or a bad Ethernet cable.
  20. A. If you have a duplex mismatch, a telling sign is that the late collision counter will increment.

Chapter 14: Organizational Documents and Policies

  1. C. For every policy on your network, there should be a credible related procedure that clearly dictates the steps to take in order to fulfill it.
  2. C. Those making the changes should be completely briefed in these rollback procedures, and they should exhibit a clear understanding of them prior to implementing the changes.
  3. B. A maintenance window is an amount of time a system will be down or unavailable during the implementation of changes.
  4. B. An access control vestibule is an access control solution, not a device hardening technique.
  5. D. Authentication period controls how long a user can remain logged in. If a user remains logged in for the specified period without activity, the user will be automatically logged out.
  6. A. Bring your qwn device (BYOD) initiatives can be successful if implemented correctly. The key is to implement control over these personal mobile devices that leave the safety of your network and return later after potentially being exposed to environments that are out of your control.
  7. C. Data loss prevention (DLP) software attempts to prevent data leakage. It does this by maintaining awareness of actions that can and cannot be taken with respect to a document.
  8. B. The main distribution frame (MDF) connects equipment (inside plant) to cables and subscriber carrier equipment (outside plant). It also terminates cables that run to intermediate distribution frames (IDFs) distributed throughout the facility.
  9. B. Verifying optimal distances between prospective AP locations is part of the Predeployment Site Survey step.
  10. D. For networks and networked devices, baselines include information about four key components: processor, memory, hard-disk (or other storage) subsystem, and wired/wireless utilization.

Chapter 15: High Availability and Disaster Recovery

  1. B. Backing up the system state backs up only the configuration of the server and not the data.
  2. C. An RPO is a measurement of time from a failure, disaster, or comparable loss-causing event. RPOs measure back in time to when your data was preserved in a usable format, usually to the most recent backup.
  3. B. Virtual Router Redundancy Protocol (VRRP) is an IEEE standard (RFC 2338) for router redundancy; Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol.
  4. B. The hello timer is the defined interval during which each of the routers send out Hello messages. Their default interval is 3 seconds, and they identify the state that each router is in.
  5. A. The last 8 bits (0a) are the only variable bits and represent the HSRP group number that you assign. In this case, the group number is 10 and converted to hexadecimal when placed in the MAC address, where it becomes the 0a that you see.
  6. C. With three servers in an active/passive configuration with two on standby, only one is doing work. Therefore, it does not provide load balancing, only fault tolerance.
  7. B. A cloud recovery site is an extension of the cloud backup services that have developed over the years. These are sites that while mimicking your on-premises network are totally virtual.
  8. A. Deluge systems allow large amounts of water to be released into the room, which obviously makes this not a good choice where computing equipment will be located.
  9. A. First-hop redundancy protocols (FHRPs) work by giving you a way to configure more than one physical router to appear as if they were only a single logical one. This makes client configuration and communication easier because you can simply configure a single default gateway and the host machine can use its standard protocols to communicate.
  10. A. Switch stacking is the process of connecting multiple switches together (usually in a stack) that are managed as a single switch.

Chapter 16: Common Security Concepts

  1. B. Role-based access control prescribes creating roles or sets of permissions required for various job roles and assigning those permissions to security groups. When a new employee is assigned that role, they are simply placed in the group and thus inherit all required permissions.
  2. A. This concept prescribes that users should be given access only to resources required to do their job. So if Ralph's job only requires read permission to the Sales folder, that's all he should get even if you know he's completely trustworthy.
  3. D. An exploit occurs when a threat agent takes advantage of a vulnerability and uses it to advance an attack. When a network attack takes advantage of a vulnerability, it is somewhat of an indictment of the network team as most vulnerabilities can be identified and mitigated.
  4. B. This condition is known as a zero-day attack because it is the first day the virus has been released and therefore no known fix exists. This term may also be applied to an operating system bug that has not been corrected.
  5. C. Common Vulnerabilities and Exposures (CVE)is a database of known vulnerabilities using this classification system. It is maintained by the MITRE Corporation and each entry describes a vulnerability in detail, using a number and letter system to describe what it endangers, the environment it requires to be successful, and in many cases, the proper mitigation.
  6. A. An accidental file deletion by an employee is an example of an internal threat.
  7. D. To ensure confidentiality, you must prevent the disclosure of data or information to unauthorized entities.
  8. D. The Zero Trust concept supports least privilege. It prescribes that when a resource is created, the default permission should be No Access. It also means that when ACLs are configured on routers, all traffic should be blocked by default and only specific traffic allowed.
  9. A. A defense-in-depth strategy refers to the practice of using multiple layers of security between data and the resources on which it resides and possible attackers.
  10. A. Network Access Control (NAC) systems examine the state of a computer's operating system updates and antimalware updates before allowing access, and in some cases they can even remediate the devices prior to permitting access.

Chapter 17: Common Types of Attacks

  1. C. Shoulder surfing is not a technology-based attack. It is a social engineering attack.
  2. A. The command and control server is used to control the zombies in a botnet, which is a part of a DDoS attack.
  3. B. Here's how a smurf attack works: The bad guy spoofs the intended victim's IP address and then sends a large number of pings (IP echo requests) to IP broadcast addresses. The receiving router responds by delivering the broadcast to all hosts in the subnet, and all the hosts respond with an IP echo reply—all of them at the same time.
  4. D. In the SYN flood, the attacker sends a SYN, the victim sends back a SYN-ACK, and the attacker leaves the victim waiting for the final ACK. While the server is waiting for the response, a small part of memory is reserved for it. As the SYNs continue to arrive, memory is gradually consumed.
  5. B. The attackers use the monlist command, a remote command in older versions of NTP, that sends the requester a list of the last 600 hosts who have connected to that server. This attack can be prevented by using at least NTP version 4.2.7 (which was released in 2010).
  6. B. A man-in-the-middle attack (also known as an on-path attack) happens when someone intercepts packets intended for one computer and reads the data.
  7. A. A VLAN hopping attack results in traffic from one VLAN being sent to the wrong VLAN. Normally, this is prevented by the trunking protocol placing a VLAN tag in the packet to identify the VLAN to which the traffic belongs. The attacker can circumvent this by a process called double tagging, which is placing a fake VLAN tag into the packet along with the real tag. When the frame goes through multiple switches, the real tag is taken off by the first switch, leaving the fake tag. When the frame reaches the second switch, the fake tag is read and the frame is sent to the VLAN to which the hacker intended the frame to go.
  8. B. ARP spoofing is the process of adopting another system's MAC address for the purpose of receiving data meant for that system. It usually also entails ARP cache poisoning.
  9. A. These are APs that have been connected to your wired infrastructure without your knowledge. The rogue may have been placed there by a determined hacker who snuck into your facility and put it in an out-of-the-way location or, more innocently, by an employee who just wants wireless access and doesn't get just how dangerous doing this is.
  10. C. This ugly trick is achieved by placing their AP on a different channel from your legitimate APs and then setting its SSID in accordance with your SSID.

Chapter 18: Network Hardening Techniques

  1. A. A captive portal web page may ask for network credentials, or in the case of a guest network, it may only ask for agreement to the usage policy of the guest network.
  2. B. Geofencing is the process of defining the area in which an operation can be performed by using a global positioning system (GPS) or radio frequency identification (RFID) to define a geographic boundary.
  3. C. IoT devices are easy recruits to a botnet, which is a group of systems that an attacker controls and directs to foist a DoS attack.
  4. D. When enabled, guest network isolation creates two networks in one. One, the guest network, has client isolation in effect and has access only to the Internet. The second serves as the regular WLAN.
  5. A. When you need to reshape the cell, you use antennas to accomplish this. For example, you may want to send the signal down a long hallway while not transmitting outside the hallway into the parking lot. That could be done with a directional antenna.
  6. B. All MAC layer information must be sent in the clear—anyone equipped with a free wireless sniffer can just read the client packets sent to the access point and spoof their MAC address.
  7. C. Using this approach, all traffic is denied unless it is specifically allowed by a rule. This is also called whitelisting or allow listing in that you are creating a whitelist or allow list of allowed traffic with the denial of all other traffic.
  8. A. Role-based access control (RBAC) is commonly used in networks to simplify the process of assigning new users the permissions required to perform a job role. In this arrangement, users are organized by job role into security groups, which are then granted the rights and permissions required to perform that job.
  9. A. You should not deny all public addresses. That would prevent all traffic from the Internet. When configuring ACLs between the Internet and your private network to mitigate security problems, it's a good idea to include these four conditions:
    • Deny any addresses from your internal networks.
    • Deny any local host addresses (127.0.0.0/8).
    • Deny any reserved private addresses.
    • Deny any addresses in the IP multicast address range (224.0.0.0/4).
  10. B. You should always start your search on the website of the manufacturer. Drivers found elsewhere may be problematic and, in some cases, may introduce malware.

Chapter 19: Remote Access Security

  1. B. Out-of-band management refers to any method of managing the server that does use the network. An example of this technology is Integrated Lights-Out, or iLO, a technology embedded into HP servers that allows for out-of-band management of the server.
  2. B. The most effective way to control both authentication of remote users and the application of their permissions is to provision an AAA server, which can be either RADIUS or TACACS+.
  3. B. A virtual desktop requires less computing power, especially if the applications are also delivered virtually and those applications are running in a VM in the cloud rather than in the local desktop eating up local resources.
  4. C. VNC includes the following components:
    • VNC server: Software that runs on the machine, sharing its screen
    • VNC client (or viewer): Software on the machine that is remotely receiving the shared screen
    • VNC protocol (RDP)
  5. B. Secure Shell (SSH) creates a secure channel between the devices and provides confidentiality and integrity of the data transmission. It uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
  6. B. You don't need to use a VPN. Using the SSL channel, RDP Gateway can tunnel directly to the remote server to increase the security of RDS.
  7. B. Microsoft began calling all terminal services products Remote Desktop with Windows Server 2008 R2.
  8. C. Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft. It allows you to connect to another computer and run programs. RDP operates somewhat like Telnet, except instead of getting a command-line prompt as you do with Telnet, you get the actual graphical user interface (GUI) of the remote computer.
  9. D. A remote desktop connection gives one access to the desktop. SSH does not do that.
  10. A. When a client-to-site VPN is created, it is possible to do so in two ways, split tunnel and full tunnel. The difference is whether the user use the VPN for connecting to the Internet as well as for connecting to the office.

Chapter 20: Physical Security

  1. D. Training is considered a prevention method.
  2. A. Passive infrared (PIR) systems operate by identifying changes in heat waves in an area. Because the presence of an intruder would raise the temperature of the surrounding air particles, the system alerts or sounds an alarm when this occurs.
  3. B. These devices emit a magnetic field and monitor it. If the field is disrupted, which will occur when a person enters the area, the alarm will sound.
  4. C. Tamper detection refers to any method that alerts you when a device or the enclosure in which it resides has been opened or an attempt has been made to open it. Another good example is chassis intrusion detection.
  5. C. Security awareness training educates users about social engineering techniques and makes them less prone to fall for these attacks.
  6. A. Biometric systems are designed to operate using characteristic and behavioral factors. While knowledge factors (password, PIN, or something you know) are the most common authentication factors used, characteristic factors represent something you are (fingerprint, iris scan), while behavioral factors represent something you do (signature analysis).
  7. D. Multifactor required at least two factors of authentication derived from two different categories of factors. A USB fob and a smart card are both possession factors (something you have).
  8. A. One of the issues with biometrics is the occurrence of false positives and false negatives. A false positive is when a user that should not be allowed access is indeed allowed access. A false negative, on the other hand, is when an authorized individual is denied passage by mistake.
  9. B. An access control vestibule (previously known as a mantrap) is used to control access to the vestibule of a building. It is a series of two doors with a small room between them. The user is authenticated at the first door and then allowed into the room. At that point, additional verification will occur (such as a guard visually identifying the person) and then they are allowed through the second door.
  10. B. Smart lockers include a new storage locker option born in the last decade. A smart lock is an electromechanical lock that is designed to perform locking and unlocking operations on a door when it receives such instructions from an authorized device using a wireless protocol and a cryptographic key to execute the authorization process. With smart locks, lockers can be assigned on-the-fly, reset, audited, and reassigned using simple desktop or mobile software.

Chapter 21: Data Center Architecture and Cloud Concepts

  1. D. The core layer provides high-speed interconnections, the aggregation/distribution layer provides services and access switch connectivity, and the access layer is where devices such as servers connect to the network.
  2. B. Straight-through cables, known as drop cables or patch cables will have the pins in the same order on both connectors.
  3. B. On a crossover cable, one connector has flipped the wires. Specifically, pins 1 and 3 get switched as well as pins 2 and 6.
  4. C. If you are going to make your own UTP cables (drop/patch cables) to customize length, you need to make sure that the right wires get to the right pins.
  5. D. North-South data flow is traffic that remains in the data center between devices such as servers or storage systems.
  6. C. Policies govern how the network is configured and operated as well as how people are expected to behave on the network, such as how users are able to access resources and which types of employees get network access.
  7. B. A physical network diagram contains all the physical devices and connectivity paths on your network and should accurately picture how your network physically fits together in detail. This document will also have the firmware revisions on all the switches and access points in your network.
  8. B. The software-defined networking controller provides the control plane for a SDN-based switching fabric.
  9. B. Network monitoring can have several names, including load testing, connectivity testing, and throughput testing. You will also hear network monitors referred to as protocol analyzers.
  10. C. The practice of creating infrastructure definitions in software is called Infrastructure as Code.
  11. A. Those making the changes should be completely briefed in rollback procedures, and they should exhibit a clear understanding of them prior to implementing the changes.
  12. B, C, D. You need to update the network configuration document.
  13. B. There are many different service type offerings from the cloud providers, IaaS, or Infrastructure as a Service, is when the cloud vendor provides the hardware platform, and the company installs and manages its own operating systems.
  14. B. If you add a new cable segment to the network, you need to update the wiring schematics document.
  15. C. Machine to machine configuration interfaces are called application programming interfaces (APIs), and used to communicate with each other instead of human-based interfaces such as a GUI or the command line.
  16. C. Multitenant clouds offer isolated space in the data centers to run services such as compute, storage, and databases. Think of this as your own private data center in the cloud.
  17. A, C, D. Common cloud interconnect methods include Internet, VPN, and Direct Connect.
  18. A, B, C, D. There are many bandwidth-intensive programs, like VoIP and video streaming. These are just a few of the reasons it's necessary to try to optimize network performance.
  19. C. Voice over Internet Protocol (VoIP) is a general term that describes several technologies that are able to deliver voice communications over the Internet or other data networks.
  20. B. A Type 2 hypervisor runs within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware.

Chapter 22: Ensuring Network Availability

  1. C. The NetFlow standard provides session information including the source and destination addresses, applications, and traffic volume.
  2. D. The Simple Network Management Protocol (SNMP) uses organizational identifiers (OIDs) and management information bases (MIBs) for the collection and organization of data.
  3. B. An Ethernet frame below that standard size of 64 bytes is a runt.
  4. C. Data traffic that transmits and receives in only one direction at a time is referred to as half-duplex.
  5. D. A measurement is taken from network gear and servers to determine what is considered to be normal operations of a system.
  6. A, C. When a system uses all available memory or CPU resources, it may become very unstable and fail. Devices must have available memory and CPU capacity available to be able to function.
  7. C. A cyclic redundancy check, or CRC, is a mathematical calculation of a frame of data that is sent to the remote device where it is also calculated and compared to calculation it received. If the values match, the frame was error free.
  8. D. The Simple Network Management Protocol (SNMP) is an application and protocol used to collect operational data from network devices.
  9. A. An encapsulation error occurs when a software process fails to add or remove header data to a data frame.
  10. A, C. Data centers monitor the temperature and humidity to ensure they are in safe operating ranges to protect the equipment and to make sure they are within their heat and humidity specifications.
  11. E. A baseline can be taken on any metric that is considered to be critical for operations.
  12. B, C. Utilization metrics include tracking both the uptime and downtime of applications, servers, and networking gear.
  13. A. High availability is an architecture that enhances a device's ability to operate even if a component or software process fails.
  14. A. Traffic that flows in both directions simultaneously is referred to as full-duplex.
  15. A. The emergency syslog severity level is the most critical and means that a system may be down or unusable.
  16. C. The syslog protocol provides a record of system events and is helpful in reviewing events over time.
  17. C. SNMP version 2c added support for GET BULK, which greatly reduced network traffic. Instead of a network management station requesting objects one at a time, GET BULK allows for multiple objects to be fetched in one request.
  18. A. When data arrives with delays that increase and decrease, there is jitter along the transmission path. This is very detrimental to jitter-sensitive applications such as voice and video.
  19. C. Latency is the measurement of end-to-end delay.
  20. A, D. Both high memory and CPU utilization can cause network equipment such as routers and switches to not have available resources to operate and they may therefore fail or reload.

Chapter 23: Cable Connectivity Issues and Tools

  1. A, B, C. Yep, all of the above. The CompTIA Network+ objectives cover all three in regard to tools used to analyze today's networks.
  2. C. The basic purpose of packet sniffers or network analyzers is to collect and analyze each individual packet that is captured on a specific network segment to determine whether problems are happening. You can also use them to see if there is too much traffic on a segment.
  3. A. A toner probe sends a signal down a pair of wires so that the wires can be traced. Typically, a butt set is used to find this signal, but toner probe is the best answer to this question.
  4. B. An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to give you the skinny on optical fibers. It works by putting out a series of optical pulses into the specific fiber you want to test and can tell you if a break in the fiber has occurred and where.
  5. B. To create a patch cable (568A) to connect your host to a jack in the wall, you need to use a snip.
  6. B. End-to-end loss is referred to as attenuation. If the loss is too great across a cable, the received signal may be too weak to be demodulated.
  7. C. Hope you answered C! A port scanner is just a piece of software designed to search a network for open ports. Administrators of networks use port scanners to ensure security and bad guys use them to compromise it.
  8. D. Wire-map testers are used to determine the cable pinouts from one end of a cable to the other. It can also identify open pins and shorts. By using a wire-map tester on an Ethernet cable, you can verify the cable is pinned correctly and has no open or shorted connections.
  9. B. A time-domain reflectometer gives you very detailed information on the cable under test. It measures delay across the wire, and if there is a break in the cable, it can give you the approximate distance to where the break is.
  10. B. A certifier connects to a cable and runs a bank of tests that can verify whether it meets the standards set by organizations such as ISO or TIA.
  11. D. A packet sniffer captures and analyzes Ethernet frames on a network. The sniffer can be used for detailed troubleshooting of transmit and receive traffic on a LAN from the frame level to the Application layer.
  12. C. A time-domain reflectometer is used to test Physical layer properties of a cable such as impedance characteristics, delay, cable lengths, splices, and cable breaks. It does not see application-level information such as unused services or any LAN information.
  13. A. The trusty multimeter can be used to measure AC and DC levels and resistance.
  14. D. A toner probe allows you to identify a cable that may be in a large bundle and hard to trace. At the remote end, a tone generator is attached to the cable and then at the probe can be used to find the cable at the other end.
  15. A. Just as it is named, a punch-down tool is used to “punch” a wire into a cable block. Crimpers are used to put a jack onto the end of a cable, and snips and strippers are used to prepare the cable.
  16. B. A crimper is the tool you would use to seat a RJ-45 connector to the end of a cable. Punch-down tools terminate a wire onto a cable block; snips and strippers are used to prepare the cable for the crimper operation.
  17. C. Both 66 and 110 blocks are used for mass termination of wires. To insert the wire into the block connectors, you would use a punch-down tool.
  18. D. To measure AC power levels to make sure they are within specifications, a surge protector is used. They can also mitigate overvoltage conditions to protect the connected equipment.
  19. B. By using a loopback plug, you can connect the transmit signals to the receiver and test the condition of the connected port.
  20. A. This is indication that when you plugged in the switch you exceeded the voltage available in the rack as all of the other equipment began to have issues.

Chapter 24: Network Troubleshooting Methodology

  1. A, F. Rebooting servers and routers are not part of the troubleshooting model.
  2. B. You need to check basic connectivity. The link light indicates that the network card is making a basic-level connection to the rest of the network. It is a very easy item to check, and if the link light is not lit, it is usually a very simple fix (like plugging in an unplugged cable).
  3. B. When wireless users complain that the network is slow (latency) or that they are losing their connection to applications during a session, it is usually latency arising from a capacity issue.
  4. B. Although all of these are good tests for network connectivity, checking the server console for user connections will tell you whether other users are able to log into the server. If they can, the problem is most likely related to one of those users' workstations. If they can't, the problem is either the server or network connection. This helps narrow down the problem.
  5. B. Because of all the tests given and their results, you can narrow the problem down to the network connectivity of that workstation. And because no other users in this user’s area are having the same problem, it can't be the hub or server. You can log in as the user from your workstation, so you know it isn't a rights issue or username/password issue. The only possible answer listed is a bad patch cable.
  6. A. Because other users in the same area aren't having a problem, it can't be a downed server, network hub, or jabbering NIC. And because both you and the user can't log in, more than likely it's a problem specific to that workstation. The only one that would affect your ability to log in from that station is the Caps Lock key being pressed. That will cause the password to be in all uppercase (which most server operating systems treat as a different password), and thus it will probably be rejected.
  7. D. Since this is a new connection, you need to start by troubleshooting and identify the symptoms and potential causes.
  8. B. According to the Network+ troubleshooting model, the next step would be step 2, establishing the most probable cause.
  9. C. After determining the affected area, you need to find out if any changes have taken place.
  10. A. Because the user can't log in correctly from any machine, more than likely he is using the wrong procedure for logging in. Because no one else is having that problem (including yourself), the problem must be related to that user.
  11. C. After you have implemented a solution, you need to test if the solution works and identify other effects it may have.
  12. B. Because you cannot reach the web page that resides on the server, the problem is most likely related to your browser.
  13. A, B, C. From a design standpoint, the physical environment for a server should be optimized for items such as placement, temperature, and humidity. When troubleshooting, don't forget to check the physical conditions under which the network device is operating. Check for problems such as those mentioned here as well as EMI/RFI problems, power problems, and unplugged cables.
  14. D. Because most of today's networks still consist of large amounts of copper cable, networks can suffer from the physical issues that have plagued all networks since the very beginning of networking (and the answers here are not a complete list). Newer technologies and protocols have lessened these issues but have not resolved them completely.
  15. A. Once you have determined that the switch or the configuration of the switch is the problem, you need to escalate the issue.
  16. D. Because other people are experiencing the problem, most likely it is either network or server related. Because you can transfer files to and from another server, it can't be the network. Thus, the problem is related to the web server.
  17. D. After investigating the problem thoroughly and successfully testing and resolving an issue, you need to document the solution.
  18. B. Since users can get to the Internet, this means the DNS server is working and they have the correct default gateway. The intranet server is probably down.
  19. C. Performance-monitoring tools can give you an idea of how busy the server and the rest of the network are. These tools use graphs to indicate how much traffic is going through the server.
  20. C. Once you escalate the problem, you are done with the seven-step model. Meet with the escalation team to determine the next step.

Chapter 25: Network Software Tools and Commands

  1. C. The program Packet Internet Groper (ping) is used to find out if a host has the IP stack initialized.
  2. A. The arp utility is used to display the contents of the ARP cache, which tracks the resolution of IP addresses to physical (MAC) addresses and will produce the displayed output.
  3. A. Microsoft has made what it calls Remote Desktop software available for free with Windows products since Windows NT. When this software is installed (installed by default in later versions) on both source and destination computers, a remote desktop connection can be made.
  4. B. The purpose of the ping utility is to test the communications channel between two IP hosts as well as how long it takes the packets to get from one host to another.
  5. C. The ipconfig /all utility will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, WINS configuration, and default gateway.
  6. B, D. The address 127.0.0.1 is the special IP address designated for the local TCP/IP interface. The hostname localhost is the hostname given to the local interface. Therefore, pinging either the IP address or the hostname for the local interface will tell you whether the local interface is working.
  7. C. The command ip was added to most Linux distributions and is replacing the depreciated ifconfig command.
  8. C. The arp utility will show you the resolved MAC to IP address of all hosts on your network segment. Remember, this will work for only local hosts, not remote hosts.
  9. A. Theo netstat -a command will display all connections and listening ports on the host computer. Remember that the -a must be lowercase and that it will not work correctly without the hyphen before it.
  10. B. Commercial sniffers like Wireshark and Omnipeek can capture any packets because they set the NIC to operate in promiscuous mode, which means the NIC processes all packets that it sees.
  11. B. The tracert utility will give you that output. The tracert command (or trace for short) traces the route from the source IP host to the destination host.
  12. C. The tracert utility will tell you which router is having the performance problem and how long it takes to move between each host. Tracert can be used to locate problem areas in a network.
  13. A. The ipconfig /all switch will display the most complete listing of TCP/IP configuration information, also displaying the MAC address, DHCP lease times, and the DNS addresses.
  14. C. The tracert utility returns the names and addresses of all routers through which a packet passes on its way to a destination host.
  15. E. The telnet utility can be used to test if a particular IP host is responding on a particular TCP port by running the telnet command and specifying a port number.
  16. C. The arp -a command will display the current contents of the ARP cache on the local workstation.
  17. C. dig is an old Unix command that will show you DNS server information.
  18. A, D. The arp utility's –a and –g switches perform the same function. They both show the current ARP cache.
  19. B. There are three different chain types:
    • Input: Controls behavior for incoming connections
    • Forward: Used for incoming connections that aren't being delivered locally (like a router would receive)
    • Output: Used for outgoing connections
  20. A. To capture traffic on all interfaces, use the any keyword with the -i (interface) switch.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.8.127