Appendix B
Answers to Review Questions

Chapter 1: Introduction to Networks

  1. C. A client-server logical topology allows you to have a centralized database of users so that authentication is provided in one place.
  2. C. To install a physical topology that provides ease of scalability, use a star network. This is a hub or switch device, and this is the most common LAN network today.
  3. D. Only a mesh physical topology has point-to-point connections to every device, so it has more connections and is not a popular LAN technology.
  4. B. In a star topology, each workstation connects to a hub, switch, or similar central device but not to other workstations. The benefit is that when connectivity to the central device is lost, the rest of the network lives on.
  5. C. Multiprotocol Label Switching has as many advantages as a LAN protocol. When labels are used, voice can have priority over basic data, for example.
  6. B. A logical grouping of hosts is called a LAN, and you typically group them by connecting them to a hub or switch.
  7. C. It is easy to relax about security in a peer-to-peer environment. Because of the trouble it takes to standardize authentication, a piecemeal approach involving users’ personal preferences develops. There are no dedicated servers in a peer-to-peer network, and such a network can be created with as few as two computers.
  8. A. When a central office, such as headquarters, needs to communicate directly with its branch offices but the branches do not require direct communication with one another, the point-to-multipoint model is applicable. The other scenarios tend to indicate the use of a point-to-point link between sites.
  9. D. LANs generally have a geographic scope of a single building or smaller. They can range from simple (two hosts) to complex (with thousands of hosts).
  10. B. The only disadvantage mentioned is the fact that there is a single point of failure in the network. However, this topology makes troubleshooting easier; if the entire network fails, you know where to look first. The central device also ensures that the loss of a single port and the addition of a new device to an available port do not disrupt the network for other stations attached to such a device.
  11. D. A typical WAN connects two or more remote LANs together using someone else’s network (your ISP’s) and a router. Your local host and router see these networks as remote networks and not as local networks or local resources. Routers use proprietary serial connections for WANs.
  12. D. Multiprotocol Label Switching provides logical links between sites, so branch offices can be easily and quickly added.
  13. A. In a peer-to-peer network, all computers are considered equal. It is up to the computer that has the resource being requested to perform a security check for access rights to its resources.
  14. D. In client-server networks, requests for resources go to a main server that responds by handling security and directing the client to the resource it wants instead of the request going directly to the machine with the desired resource (as in peer-to-peer).
  15. A. The best answer to this question is an Ethernet switch, which uses a star physical topology with a logical bus technology.
  16. D. Routers are used to connect different networks together.
  17. D. In the mesh topology, there is a path from every connection to every other one in the network. A mesh topology is used mainly because of the robust fault tolerance it offers—if one connection goes on the blink, computers and other network devices can simply switch to one of the many redundant connections that are up and running.
  18. A. As its name implies, in a point-to-point topology you have a direct connection between two routers, giving you one communication path. The routers in a point-to-point topology can either be linked by a serial cable, making it a physical network, or be far away and only connected by a circuit within a Frame Relay network, making it a logical network.
  19. B. A hybrid topology is a combination of two or more types of physical or logical network topologies working together within the same network.
  20. A, B, C, D. Each topology has its own set of pros and cons regarding implementation, so it’s important to ask the right questions and consider cost, ease of installation, maintenance, and fault tolerance.

Chapter 2: The Open Systems Interconnection Specifications

  1. C. A connection-oriented session is set up using what is called a three-way handshake. The transmitting host sends a SYN packet, the receiving host sends a SYN/ACK, and the transmitting host replies with the last ACK packet. The session is now set up.
  2. D. TCP and UDP are Transport layer protocols. The Transport layer is Layer 4 of the OSI model.
  3. A. The top layer of the OSI model gives applications access to the services that allow network access.
  4. A. If the remote server is busy or does not respond to your web browser request, this is an Application layer problem.
  5. B. The Presentation layer makes data “presentable” for the Application layer.
  6. C. Bridges, like switches, are Data Link layer devices. Hubs, like repeaters, are Physical layer devices. Routers are Network layer devices.
  7. D. The Physical layer’s job is to convert data into impulses that are designed for the wired or wireless medium being used on the attached segment.
  8. D. A receiving host can control the transmitter by using flow control (TCP uses windowing by default). By decreasing the window size, the receiving host can slow down the transmitting host so the receiving host does not overflow its buffers.
  9. C, D. Not that you really want to enlarge a single collision domain, but a hub (multiport repeater) will provide this functionality for you.
  10. D. The Transport layer receives large data streams from the upper layers and breaks these up into smaller pieces called segments.
  11. C. The encapsulation order is data, segment, packet, frame, bits.
  12. B, C. Bridges and switches break up collision domains, which allows more bandwidth for users.
  13. C. A reliable Transport layer connection uses acknowledgments to make sure all data is received reliably. A reliable connection is defined by the use of acknowledgments, sequencing, and flow control, which is characteristic of the Transport layer (Layer 4).
  14. A, C, D. When sequencing and acknowledgments are used, the segments delivered are acknowledged back to the sender upon their reception. At this point, any segments not acknowledged are retransmitted, and segments are sequenced back into their proper order upon arrival at their destination.
  15. C. Flow control allows the receiving device to control the pace of the transmitting device so the receiving device’s buffer does not overflow.
  16. B. IP is a Network layer protocol. TCP is an example of a Transport layer protocol, Ethernet is an example of a Data Link layer protocol, and T1 can be considered a Physical layer protocol.
  17. D. The Presentation layer is the sixth layer of the model. Only the Application layer is higher, but it is not listed. Session is Layer 5, Transport is Layer 4, and Network is Layer 3.
  18. C. A router is specified at the Network layer and a router routes packets. Routers can also be called Layer 3 switches.
  19. C. The phrase “Please Do Not Throw Sausage Pizza Away” contains the first letters of the layers in order, from Layer 1 through Layer 7. “All People Seem To Need Data Processing” works from the top down. The other options have all the right letters, just not in the right order.
  20. B. The 802.3 standard, commonly associated with Ethernet, specifies the media-access method used by Ethernet, which is known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD).

Chapter 3: Networking Topologies, Connectors, and Wiring Standards

  1. B, C. Plenum-rated means that the cable’s coating doesn’t begin burning until a much higher temperature of heat, doesn’t release as many toxic fumes as PVC when it does burn, and is rated for use in air plenums that carry breathable air, usually as nonenclosed fresh-air return pathways that share space with cabling.
  2. D. UTP is commonly used in twisted-pair Ethernet like 10BaseT, 100BaseTX, 1000BaseTX, and so on.
  3. D. Unshielded twisted-pair has standards from Category 2 through 8 for use on Ethernet networks. There is no Category 9 defined.
  4. C. UTP usually connects with RJ-45. You use a crimper to attach an RJ connector to a cable.
  5. A. Single-mode fiber allows for the maximum cable run distances.
  6. B. You would use a straight-through cable to connect a host to a switch, and the typical pin-out is called T568A.
  7. C. Fiber-optic cable transmits digital signals using light impulses rather than electricity; therefore, it is immune to EMI and RFI.
  8. B. Remember that fiber-optic cable transmits a digital signal using light impulses. Light is carried on either a glass or a plastic core.
  9. B. The difference between single-mode fibers and multimode fibers is in the number of light rays (and thus the number of signals) they can carry. Generally speaking, multimode fiber is used for shorter-distance applications and single-mode fiber for longer distances.
  10. C. Standards limit UTP to a mere 100 meters. Different fiber-optic types have different maximum lengths, but fiber-optic is the only cable type that can extend well beyond 100 meters.
  11. B, D, E. There are many different types of fiber-optic connectors. SC, ST, LC, and MT-RJ are some of the more typical connectors in use today.
  12. B. To connect two devices for voice on a vertical connect, the minimum cable you can use is Category 5.
  13. B. In half-duplex communication, a device can either send communication or receive communication, but it cannot do both at the same time.
  14. B. Fiber-optic cable transmits only light (not electricity like UTP), so EMI has zero effect on it.
  15. C. Full-duplex communication requires a point-to-point configuration because the collision-avoidance circuit is disabled.
  16. B. 100BaseTX utilizes only pins 1, 2, 3, and 6.
  17. D. All devices that are pinned the same for transmit and receive require a crossover cable to communicate directly.
  18. A. A T1 cable uses pairs 1 and 2, so connecting two T1 CSU/DSU devices back-to-back requires a crossover cable that swaps these pairs. Specifically, pins 1, 2, 4, and 5 are connected to 4, 5, 1, and 2, respectively.
  19. D. The demarcation point, or demarc, is the point at which the operational control or ownership changes from your company to a service provider. This is often at the MDF in relation to telephone connections and the CSU/DSU in regard to WAN connections.
  20. B. Fast Ethernet is 100BaseTX and this type of cable uses two pairs of wires.

Chapter 4: The Current Ethernet Specifications

  1. B. On an Ethernet network, the MAC address (hardware address) is used for one host to communicate with another.
  2. B. 100BaseTX uses CAT 5e and can run 200 Mbps when using full duplex.
  3. D. When one device sends a packet out on a network segment, all other devices on the same physical network segment must wait and let it be transmitted.
  4. E. 10Base2 was one of the very first Ethernet network physical mediums and is a thinnet coax.
  5. B. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) helps packets that are transmitted simultaneously from different hosts share bandwidth evenly. Option B is the correct answer. You might think that CSMA/CA would be the correct answer, but always think in terms of what is the best answer out of all the options, and only B is correct. The exam will never have cut-and-dry answers.
  6. B. A 10GBaseSR cable can have a maximum distance of 990 feet (302 meters).
  7. B. With half duplex, you are using only one wire pair at a time, with a digital signal either transmitting or receiving.
  8. A. Full-duplex Ethernet uses two pairs of wires at the same time.
  9. C. A 10GBaseLR implementation can go a distance of up to 6 miles.
  10. B. Double up! You can get 20 Mbps with a 10 Mbps Ethernet running full duplex or 200 Mbps for Fast Ethernet.
  11. B. Full-duplex communication cannot be used with a hub because a hub is a half-duplex single communication device. A host, switch, and router have the ability to process traffic (frames), whereas a hub is a multiport repeater.
  12. B. 11000000 is 192, 10101000 is 168, 00110000 is 48, and 11110000 is 240.
  13. B. In February 2011, the IEEE finally published a standard for Broadband over Power Line (BPL) called IEEE 1901; this is also referred to as Power Line Communication (PLC) or even Power Line Digital Subscriber Line (PDSL).
  14. C. Nibble values are 8 + 4 + 2 + 1, giving us a maximum value of 15. If we have a decimal value of 10, that means the 8 bit and the 2 bit are turned on.
  15. D. The 128, 64, 32, and 8 bits are on, so just add the values: 128 + 64 + 32 + 8 = 232.
  16. B. The first 10 hexadecimal digits (0–9) are the same values as the decimal values. We already know the binary value for the number 10 is 1010—in hex, the number 10 needs to be displayed as a single character. To display double-digit numbers as a single character, we substitute letters. In our example, 10 is A.
  17. C. A MAC, or hardware, address is a 48-bit (6-byte) address written in hexadecimal format.
  18. A. 100BaseT and 1000BaseT both have a maximum distance of 100 meters, or 328 feet.
  19. B. The FCS can detect frames in the sequence by calculating the cyclic redundancy check (CRC), which verifies that all the bits in the frame are unchanged.
  20. C. The 100 means 100 Mbps. The Base means baseband, which refers to baseband technology—a signaling method for communication on the network.

Chapter 5: Networking Devices

  1. C. NICs are the physical network connections for a computer but are not one of the devices or mediums used to provide Internet access in a SOHO setting.
  2. C. Like a hub, a switch connects multiple segments of a network together, with one important difference. Whereas a hub sends out anything it receives on one port to all the others, a switch recognizes frame boundaries and pays attention to the destination MAC address of the incoming frame as well as the port on which it was received.
  3. B. When we say segment, we mean to create multiple collision or broadcast domains. Hubs don’t segment a network; they just connect network segments together. Repeaters don’t segment the network; they repeat a signal and allow the distance covered to be increased. So the only correct option is B, a switch.
  4. A. The primary function of a bridge is to keep traffic separated on both sides of it, breaking up collision domains.
  5. A. Hubs create one collision domain and one broadcast domain.
  6. B. By allowing full-duplex operation on each port, a switch provides extra bandwidth to each port.
  7. C. A multilayer switch. A switch is typically just a Layer 2 device segmenting the network by using MAC addresses. However, some higher-end switches can provide Layer 3 services.
  8. D. Remember that DHCP servers assign IP addresses to hosts. Thus, DHCP allows easier administration than providing IP information to each host by hand (called static IP addressing).
  9. B. Multilayer switches (also called Layer 3 switches) don’t have fewer features, less bandwidth, or fewer ports than a normal switch; they just allow routing functions between subnets.
  10. B. A load balancer uses a little trickery and sends incoming packets to one or more machines that are hidden behind a single IP address. Modern load-balancing routers can use different rules to make decisions about where to route traffic, which can be based on least load, fastest response times, or simply balancing requests.
  11. A. DNS translates human names to IP addresses for routing your packet through the Internet. Hosts can receive the IP address of this DNS server and then resolve hostnames to IP addresses.
  12. C. Routers, switches, and bridges are all devices that help break up big networks into a number of smaller ones—also known as network segmentation. Hubs don’t segment networks—they just connect network segments together.
  13. A. Web cache, of course! Most proxy programs provide a means to deny access to certain URLs in a blacklist, thus providing content filtering, usually in corporate environments.
  14. D. Options A, B, and C all aid in boosting network performance, so the only option left is broadcast storms. Increased traffic will increase LAN congestion.
  15. B. If the DHCP server has stopped functioning, it will not hand out IP addresses to hosts that are restarted. However, the hosts that were not shut down still have IP addresses because the lease time has not expired.
  16. D. A proxy server can be used to prevent external traffic from reaching your internal network directly and can also be used to filter the sites to which your users are allowed to connect.
  17. C. Switches create separate collision domains but a single broadcast domain. Remember that routers provide a separate broadcast domain for each interface.
  18. A. Using appliances to offload functions such as encryption, content filtering, and VPN concentration can decrease the workload of other systems and add functionality that may be present in these dedicated devices.
  19. C. A DNS server uses many types of records. An A record is a hostname to IP address record, and a pointer record is an IP address to hostname record.
  20. D. A proxy server can provide many functions. A proxy server can use a caching engine so repeated access requests for web information would accelerate repeated access for users, and they can also limit the availability of websites.

Chapter 6: Introduction to the Internet Protocol

  1. D. SMTP resides at the Application layer of the OSI and DoD models.
  2. D. HTTPS, or Secure HTTP, uses port 443 by default.
  3. C. Dynamic Host Configuration Protocol (DHCP) is used to provide IP information to hosts on your network. DHCP can provide a lot of information, but the most common is IP address, subnet mask, default gateway, and DNS information.
  4. B. Address Resolution Protocol (ARP) is used to find the hardware address from a known IP address.
  5. B. Secure Shell (SSH) allows you to remotely administer router, switches, and even servers securely.
  6. C. The problem is with DNS, which uses both TCP and UDP port 53.
  7. A, B. A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both Layer 2 and Layer 3. The Layer 2 broadcast is all Fs in hex, or FF:FF:FF:FF:FF:FF. The Layer 3 broadcast is 255.255.255.255, which means all networks and all hosts. DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also called the Host-to-Host layer.
  8. E. Telnet uses TCP at the Transport layer with a default port number of 23.
  9. C, D. Internet Control Message Protocol (ICMP) is used to send error messages through the network, but ICMP does not work alone. Every segment or ICMP payload must be encapsulated within an IP datagram (or packet).
  10. B, C, D, E. SMTP, SNMP, FTP and HTTP are connection oriented and use TCP.
  11. A, C, F. DHCP, SNMP, and TFTP use UDP. SMTP, FTP, and HTTP use TCP.
  12. C, D, E. Telnet, File Transfer Protocol (FTP), and Trivial FTP (TFTP) are all Application layer protocols. IP is a Network layer protocol. Transmission Control Protocol (TCP) is a Transport layer protocol.
  13. C. SMTP is used by a client to send mail to its server and by that server to send mail to another server. POP3 and IMAP are used by clients to retrieve their mail from the server that stores it until it is retrieved. HTTP is only used with web-based mail services.
  14. C. Remote Desktop Protocol (RDP) allows you to connect to a remote computer and run programs, as Telnet does. However, the large advantage that RDP has over Telnet is that RDP allows you to have a GUI interface connection.
  15. B. Simple Network Management Protocol is typically implemented using version 3, which allows for a connection-oriented service, authentication and secure polling of network devices, and alerts and reports on network devices.
  16. D. File Transfer Protocol (FTP) can be used to transfer files between two systems.
  17. B. The four layers of the IP stack (also called the DoD model) are Application/Process, Host-to-Host, Internet, and Network Access. The Host-to-Host layer is equivalent to the Transport layer of the OSI model.
  18. C. Network Time Protocol will ensure a consistent time across network devices on the network.
  19. A. Through the use of port numbers, TCP and UDP can establish multiple sessions between the same two hosts without creating any confusion. The sessions can be between the same or different applications, such as multiple web-browsing sessions or a web-browsing session and an FTP session.
  20. D. DNS uses TCP for zone exchanges between servers and UDP when a client is trying to resolve a hostname to an IP address.

Chapter 7: IP Addressing

  1. D. The addresses in the range 172.16.0.0 through 172.31.255.255 are all considered private, based on RFC 1918. Use of these addresses on the Internet is prohibited so that they can be used simultaneously in different administrative domains without concern for conflict. Some experts in the industry believe these addresses are not routable, which is not true.
  2. B. APIPA uses the link-local private address range of 169.254.0.0 through 169.254.255.255 and a subnet mask of 255.255.0.0.
  3. APIPA addresses are used by DHCP clients that cannot contact a DHCP server and have no static alternate configuration. These addresses are not Internet routable and cannot, by default, be used across routers on an internetwork.
  4. C. Private IP addresses are not routable over the Internet, as either source or destination addresses. Because of that fact, any entity that wishes to use such addresses internally can do so without causing conflicts with other entities and without asking permission of any registrar or service provider. Despite not being allowed on the Internet, private IP addresses are fully routable on private intranets.
  5. D. The Class A range is 1 through 126 in the first octet/byte, so only option D is a valid Class A address.
  6. C. The Class B range is 128 through 191 in the first octet/byte. Only option C is a valid Class B address.
  7. B. If you turned on all host bits (all of the host bits are 1s), this would be a broadcast address for that network.
  8. B. A Layer 2 broadcast is also referred to as a MAC address broadcast, which is in hexadecimal and is FF.FF.FF.FF.FF.FF.
  9. C. A default Class C subnet mask is 255.255.255.0, which means that the first three octets, or first 24 bits, are the network number.
  10. A. Packets addressed to a unicast address are delivered to a single interface. For load balancing, multiple interfaces can use the same address.
  11. C. I wonder how many of you picked APIPA address as your answer? An APIPA address is 169.254.x.x. The host address in this question is a public address. Somewhat of a tricky question if you did not read carefully.
  12. B. An IPv6 address is 128 bits in size.
  13. B. Packets addressed to a multicast address are delivered to all interfaces identified by the multicast address, the same as in IPv4. A multicast address is also called a one-to-many address. You can tell multicast addresses in IPv6 because they always start with FF.
  14. C. Anycast addresses identify multiple interfaces, which is the same as multicast; however, the big difference is that the anycast packet is delivered to only one address: the first one it finds defined in terms of routing distance. This address can also be called one-to-one-of-many or one-to-nearest.
  15. A, C. The loopback address with IPv4 is 127.0.0.1. With IPv6, that address is ::1.
  16. B, D. In order to shorten the written length of an IPv6 address, successive fields of zeros may be replaced by double colons. In trying to shorten the address further, leading zeros may also be removed. Just as with IPv4, a single device’s interface can have more than one address; with IPv6 there are more types of addresses and the same rule applies. There can be link-local, global unicast, and multicast addresses all assigned to the same interface.
  17. C, D. IPv4 addresses are 32 bits long and are represented in decimal format. IPv6 addresses are 128 bits long and represented in hexadecimal format.
  18. D. Only option D is in the Class C range of 192 through 224. It might look wrong because there is a 255 in the address, but this is not wrong—you can have a 255 in a network address, just not in the first octet.
  19. C, E. The Class A private address range is 10.0.0.0 through 10.255.255.255. The Class B private address range is 172.16.0.0 through 172.31.255.255, and the Class C private address range is 192.168.0.0 through 192.168.255.255.
  20. B. This can be a hard question if you don’t remember to invert the 7th bit! Always look for the 7th bit when studying for the exam. The EUI-64 autoconfiguration inserts an FF:FE in the middle of the 48-bit MAC address to create a unique IPv6 address.
  21. C. Option C is a multicast address and cannot be used to address hosts.

Chapter 8: IP Subnetting, Troubleshooting IP, and Introduction to NAT

  1. D. A /27 (255.255.255.224) is 3 bits on and 5 bits off. This provides 8 subnets, each with 30 hosts. Does it matter if this mask is used with a Class A, B, or C network address? Not at all. The number of host bits would never change.
  2. B. Don’t freak because this is a Class A. What is your subnet mask? 255.255.255.128. Regardless of the class of address, this is a block size of 128 in the fourth octet. The subnets are 0 and 128. The 0 subnet host range is 1–126, with a broadcast address of 127. The 128 subnet host range is 129–254, with a broadcast address of 255. You need a router for these two hosts to communicate because they are in different subnets.
  3. C. This is a pretty simple question. A /28 is 255.255.255.240, which means that our block size is 16 in the fourth octet (0, 16, 32, 48, 64, 80, and so on). The host is in the 64 subnet.
  4. F. A CIDR address of /19 is 255.255.224.0. This is a Class B address, so that is only 3 subnet bits, but it provides 13 host bits, or 8 subnets, each with 8,190 hosts.
  5. C. The host ID of 10.0.37.144 with a 255.255.254.0 mask is in the 10.0.36.0 subnet (yes, you need to be able to subnet in this exam!). Do not stress that this is a Class A; what we care about is that the third octet has a block size of 2, so the next subnet is 10.0.38.0, which makes the broadcast address 10.0.37.255. The default gateway address of 10.0.38.1 is not in the same subnet as the host. Even though this is a Class A address, you still should easily be able to subnet this because you look more at the subnet mask and find your interesting octet, which is the third octet in this question. 256 – 254 = 2. Your block size is 2.
  6. D. A /30, regardless of the class of address, has a 252 in the fourth octet. This means we have a block size of 4 and our subnets are 0, 4, 8, 12, 16, and so on. Address 14 is obviously in the 12 subnet.
  7. D. A point-to-point link uses only two hosts. A /30, or 255.255.255.252, mask provides two hosts per subnet.
  8. C. Devices with Layer 3 awareness, such as routers and firewalls, are the only ones that can manipulate the IP header in support of NAT.
  9. A. A /29 (255.255.255.248), regardless of the class of address, has only 3 host bits. Six hosts is the maximum number of hosts on this LAN, including the router interface.
  10. C. A computer should be configured with an IP address that is unique throughout the reachable internetwork. It should be configured with a subnet mask that matches those of all other devices on its local subnet, but not necessarily one that matches the mask used on any other subnet. It should also be configured with a default gateway that matches its local router’s interface IP address.
  11. A. A /29 (255.255.255.248) has a block size of 8 in the fourth octet. This means the subnets are 0, 8, 16, 24, and so on. 10 is in the 8 subnet. The next subnet is 16, so 15 is the broadcast address.
  12. B. A 24-bit mask, or prefix length, indicates that the entire fourth octet is used for host identification. In a special case, such as this, it is simpler to visualize the all-zeros value (172.16.1.0) and the all-ones value (172.16.1.255). The highest usable address, the last one before the all-ones value, is 172.16.1.254.
  13. A, E. First, if you have two hosts directly connected, as shown in the graphic, then you need a crossover cable. A straight-through cable won’t work. Second, the hosts have different masks, which puts them in different subnets. The easy solution is just to set both masks to 255.255.255.0 (/24).
  14. A. A /25 mask is 255.255.255.128. Used with a Class B network, the third and fourth octets are used for subnetting with a total of 9 subnet bits: 8 bits in the third octet and 1 bit in the fourth octet. Because there is only 1 bit in the fourth octet, the bit is either off or on—which is a value of 0 or 128. The host in the question is in the 0 subnet, which has a broadcast address of 127 because 128 is the next subnet.
  15. A. A /28 is a 255.255.255.240 mask. Let’s count to the ninth subnet (we need to find the broadcast address of the eighth subnet, so we need to count to the ninth subnet). We start at 16 (remember, the question stated that we will not use subnet 0, so we start at 16, not 0): 16, 32, 48, 64, 80, 96, 112, 128, 144. The eighth subnet is 128, and the next subnet is 144, so our broadcast address of the 128 subnet is 143. This makes the host range 129–142. 142 is the last valid host.
  16. C. A /28 is a 255.255.255.240 mask. The first subnet is 16 (remember that the question stated not to use subnet 0), and the next subnet is 32, so our broadcast address is 31. This makes our host range 17–30. 30 is the last valid host.
  17. A. The best method here is to check the configuration of devices that were using the old router as a gateway to the rest of the internetwork. Routers do not periodically cache their configurations to servers of any sort. You might have copied the old router’s configuration to a TFTP server or the like, but failing that, you will have to rebuild the configuration from scratch, which might well be much more than interface addresses. Therefore, keeping a copy of the router’s current configuration somewhere other than on the router is a wise choice. Routers don’t auto-configure themselves; we wouldn’t want them to.
  18. E. A Class B network ID with a /22 mask is 255.255.252.0, with a block size of 4 in the third octet. The network address in the question is in subnet 172.16.16.0 with a broadcast address of 172.16.19.255. Only option E has the correct subnet mask listed, and 172.16.18.255 is a valid host.
  19. D, E. The router’s IP address on the E0 interface is 172.16.2.1/23, which is a 255.255.254.0. This makes the third octet a block size of 2. The router’s interface is in the 2.0 subnet, and the broadcast address is 3.255 because the next subnet is 4.0. The valid host range is 2.1 through 3.254. The router is using the first valid host address in the range.
  20. A. Network Address Translation can allow up to 65,000 hosts to get onto the Internet with one IP address by using Port Address Translation (PAT).

Chapter 9: Introduction to IP Routing

  1. C. Yep, you got it. RIP, RIPv2, and EIGRP are all examples of routing protocols.
  2. C. In dynamic routing, routers update each other about all the networks they know about and place this information into the routing table. This is possible because a protocol on one router communicates with the same protocol running on neighbor routers. If changes occur in the network, a dynamic routing protocol automatically informs all routers about the event.
  3. D. Dynamic routing scales well in large networks and routes are automatically added into the routing table. Static routing is done by hand, one route at a time into each router.
  4. B. Media Access Control (MAC) addresses are always local on the LAN and never go through and past a router.
  5. C. Routing convergence is the time required by the routing protocols to update the routing tables (forwarding tables) on all routers in the network.
  6. D. The arp -a command will show the ARP cache on your host.
  7. D. Hope you answered D! A router will not send a broadcast looking for the remote network—the router will discard the packet.
  8. C. RIPv1 and 2 and IGRP are all distance vector (DV) protocols. Routers using a DV protocol send all or parts of their routing table in a routing-update message at a regular interval to each of their neighbor routers.
  9. C, D. Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) are link state (LS) routing protocols.
  10. B. The only protocol you could select is Enhanced Interior Gateway Routing Protocol (EIGRP).
  11. A. Interior Gateway Routing Protocol is a distance vector (DV) interior gateway protocol.
  12. C. Border Gateway Protocol (BGP) is the most popular choice for ISPs or really large corporations.
  13. A, C. Distance vector (DV) and link state (LS) are the two routing protocols to remember.
  14. A, D. A frame uses MAC addresses to send a packet on the LAN. The frame will take the packet to either a host on the LAN or a router’s interface if the packet is destined for a remote network.
  15. A. I hope you said A! Packets specifically have to be carried to a router in order to be routed through a network.
  16. C. Remember that the frame changes at each hop but that the packet is never changed in any way until it reaches the destination device.
  17. D. When the routing tables are complete because they include information about all networks in the internetwork, they are considered converged.
  18. A. This is step 6 in the IP routing process. If the hardware address isn’t in the ARP cache of the host, an ARP broadcast is sent out onto the local network to search for the hardware address.
  19. C. The best answer would be to reroute traffic using a temporary static route until the maintenance is complete on the router.
  20. A. You are most likely to see a Request Timed Out message when (if) a packet is lost on the way back to the originating host for an unknown error. Remember, if the error occurs because of a known issue, you are likely to see a Destination Unreachable message.

Chapter 10: Routing Protocols

  1. C, D, F. RIPv1 and IGRP are true distance vector routing protocols and can’t do much, really—except build and maintain routing tables and use a lot of bandwidth! RIPv2, EIGRP, and OSPF build and maintain routing tables, but they also provide classless routing, which allows for VLSM, summarization, and discontiguous networking.
  2. B, C. RIP and RIPv2 are distance vector routing protocols. OSPF and IS-IS are link state.
  3. A, D. RIP and RIPv2 are distance vector routing protocols. OSPF and IS-IS are link state.
  4. B, E. RIP and RIPv2 are distance vector routing protocols. OSPF and IS-IS are link state. EIGRP uses qualities from both distance vector and link state to create a hybrid routing protocol. BGP can be used as an EGP and IGP, and the objectives consider BGP a hybrid routing protocol.
  5. C. Dynamic routing is typically used in today’s networks because it scales to larger networks and takes less administrative work.
  6. F. Hot Standby Router Protocol (HSRP) is Cisco’s FHRP.
  7. C. Static routes may be a good solution, but remember that they are not dynamic, and if a piece of equipment goes down, new routes to remote networks will not automatically update, so OSPF is the best answer. It dynamically will update the routing tables with faster convergence than RIP.
  8. C. The administrative distance (AD) is a very important parameter in a routing protocol. The lower the AD, the more trusted the route. If you have IGRP and OSPF running, by default IGRP routes would be placed in the routing table because IGRP has a lower AD of 100. OSPF has an AD of 110. RIPv1 and RIPv2 both have an AD of 120, and EIGRP is the lowest at 90.
  9. B. The routing protocols that have been upgraded to advertise IPv6 routes are RIPng, OSPFv3, and EIGRPv6. IS-IS can advertise IPv6 routes as well, but no upgrade was needed for IS-IS.
  10. C. Dynamic routing protocols, like RIP, EIGRP and OSPF, automatically add route updates to the routing table. Static routes must be added by hand.
  11. A. The distance vector protocols RIPv1 and RIPv2 both have a maximum hop count of 15 (remember, 16 is unreachable). IGRP and EIGRP have a hop count of 255, and OSPF doesn’t have a maximum hop count.
  12. B. Routing convergence time is the time for all routers to update their routing tables (forwarding tables).
  13. C. BGP is used to connect autonomous systems together on the Internet because of its ability to make classless routing and summarization possible. This helps to keep routing tables smaller and more efficient at the ISP core.
  14. B. RIPv1 sends broadcasts every 30 seconds and has an AD of 120. RIPv2 sends multicasts (224.0.0.9) every 30 seconds and also has an AD of 120. RIPv2 sends subnet-mask information with the route updates, which allows it to support classless networks and non-contiguous networks. RIPv2 also supports authentication between routers; RIPv1 does not.
  15. A, B. Both RIPv1 and RIPv2 have an AD of 120. EIGRP has an AD of 90 and OSPF is 110.
  16. C. Border Gateway Protocol (BGP) attributes include the IP address to get to the next AS (the next-hop attribute) as well as an indication of how the networks at the end of the path were introduced into BGP (the origin code attribute). The AS path information is useful to construct a graph of loop-free autonomous systems and is used to identify routing policies so that restrictions on routing behavior can be enforced based on the AS path.
  17. A. RIPng, which uses port 521, has many of the same features as RIPv2: It’s a distance vector protocol; it has a max hop count of 15; and it uses split horizon, poison reverse, and other loop-avoidance mechanisms. And it still uses multicast to send its updates, too, but in IPv6, it uses FF02::9 for the transport address. For RIPv2, the multicast address was 224.0.0.9, so the address still has a 9 at the end in the new IPv6 multicast range.
  18. B, C. EIGRP holds three tables in RAM: neighbor, topology, and routing. The neighbor and topology tables are built and also maintained with the use of hello packets.
  19. D. A successor route (think “successful” rather than standby or backup) is used by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed up by a feasible successor route that is stored in the topology table—if one is available. Remember that all routes are in the topology table.
  20. A. RIP and RIPv2 use only hop count as a metric, with a maximum of 15 hops, to find the best path to a remote network.

Chapter 11: Switching and Virtual LANs

  1. D. By creating and implementing VLANs in your switched network, you can break up broadcast domains at Layer 2. For hosts on different VLANs to communicate, you must have a router or Layer 3 switch.
  2. B, D. Hosts are connected to a switch and are members of one VLAN. This is called an access port. Trunk links connect between switches and pass information about all VLANs.
  3. C. Virtual LANs break up broadcast domains in Layer 2 switched internetworks.
  4. C, E. Both 802.1D and 802.1w are IEEE STP versions, with 802.1w being the latest and greatest version.
  5. D, E. The best answers are that the VLAN membership for the port is configured incorrectly and that STP shut down the port.
  6. B, C, F. VLANs break up broadcast domains in a switched Layer 2 network, which means smaller broadcast domains. They allow configuration by logical function instead of physical location and can create some security if configured correctly.
  7. B. The Spanning Tree Protocol is used to stop switching loops in a switched network with redundant paths.
  8. A, E. Bridges break up collision domains, which would increase the number of collision domains in a network and also make smaller collision domains.
  9. C. In order to see all frames that pass through the switch and read the packets with a network analyzer, you need to enable port mirroring on the port your diagnostic host is plugged into.
  10. C. Trunking allows switches to pass information about many or all VLANs configured on the switches.
  11. A, C, E. Layer 2 features include address learning, forwarding and filtering of the network, and loop avoidance.
  12. B. Switches break up collision domains, and routers break up broadcast domains.
  13. C. With the exception of the source port, switches flood all frames that have an unknown destination address. If a device answers the frame, the switch will update the MAC address table to reflect the location of the device.
  14. C. Because the source MAC address is not in the MAC address table, the switch will add the source address and the port it is connected to into the MAC address table and then forward the frame to the outgoing port.
  15. D. Virtual Trunk Protocol (VTP) is a Cisco proprietary method of having a single VLAN database advertised to all other switches in your network. This allows for ease of VLAN management in a larger network. Option C is not a possible configuration, by the way; I made that up.
  16. A, B. The sequence of steps for STP convergence is, by default, blocking, listening, learning, forwarding, disabled. When all ports are in either the blocking or forwarding state, STP is converged.
  17. C, D. In the blocking and listening states, the MAC address table is not learning. Only in the learning and forwarding states is the MAC address table learning MAC addresses and populating the MAC address table.
  18. B. Switches break up collision domains by default, but the network is still one large broadcast domain. In order to break up broadcast domains in a Layer 2 switched network, you need to create virtual LANs.
  19. C. If you are configuring voice VLANs, you’ll want to configure Quality of Service (QoS) on the switch ports to provide a higher precedence to voice traffic over data traffic to improve quality of the line.
  20. B. Be careful when using port mirroring/spanning on a switch because it can cause a lot of overhead on the switch and possibly crash your network. It’s therefore a good idea to use this feature at strategic times and only for short periods, if possible.

Chapter 12: Wireless Networking

  1. C. It is imperative that a good site survey is completed before you install your wireless network. Trying various types of antennas and their placements is the key to covering the whole wireless area.
  2. C. TLS provides really good wireless security, but it’s hard to implement because you need to install a certificate on your server and also on all your clients. TTLS only uses a server-side certificate.
  3. C. The IEEE 802.11b and IEEE 802.11g both run in the 2.4 GHz RF range.
  4. B, D. If you are running 802.11b/g frequency, which most networks are, then you can receive interference from microwave ovens and cordless phones.
  5. D. 802.11n uses channel bonding of both the 2.4 GHz range and the 5 GHz range to get increased bandwidth of over 100 Mbps.
  6. D. Bluetooth works wirelessly to connect our phones, keyboards, and so on in small areas, also known as personal area networks (PANs).
  7. B. The IEEE 802.11a standard provides up to 12 non-overlapping channels, or up to 23 if you add the 802.11h standard.
  8. D. The IEEE 802.11a standard provides a maximum data rate of up to 54 Mbps.
  9. C. If you have a large area to cover with wireless, you need to be concerned with channel overlap.
  10. B. The IEEE 802.11b standard provides a maximum data rate of up to 11 Mbps.
  11. B. If everything is correctly configured on the host, then MAC filtering would stop the host from connecting to the AP. If you try to connect and can’t, check the AP’s settings.
  12. A. The IEEE 802.11i standard replaced Wired Equivalent Privacy (WEP) with a specific mode of the Advanced Encryption Standard (AES) known as the Counter Mode Cipher Block Chaining-Message Authentication Code (CBC-MAC) protocol. This allows AES-Counter Mode CBC-MAC Protocol (AES-CCMP) to provide both data confidentiality (encryption) and data integrity.
  13. C. If you disable SSID broadcasting, which you should, then you must configure the SSID name on the clients that need to connect to the AP.
  14. B. The IEEE 802.11b standard uses Direct Sequence Spread Spectrum (DSSS). If you are running 802.11g, it uses Orthogonal Frequency Division Multiplexing (OFDM).
  15. B. If you are running an extended service set (meaning more than one AP with the same SSID), you need to overlap the cell coverage by 10 percent or more so clients will not drop out while roaming.
  16. B. You need to use directional antennas, like a Yagi, to get the best signal between antennas.
  17. A. Extended service set ID means that you have more than one access point, they all are set to the same SSID, and they are all connected together in the same VLAN or distribution system so users can roam.
  18. D. WPA is cool because it is easy to configure and works great. Type in a passphrase (assuming you’re using a pre-shared key) and you’re done. Plus, you have great security because the keys change dynamically.
  19. C. 802.11n uses two 20 MHz wide channels to create a 40 MHz wide channel, which provides over 100 Mbps wireless.
  20. B. 802.11n MIMO sends multiple frames by several antennas over several paths. The frames are then recombined by another set of antennas to optimize throughput and multipath resistance. This is called spatial multiplexing.

Chapter 13: Authentication and Access Control

  1. A. A nonpersistent agent is one that is used to assess the device only during the onetime check-in at login. It can be used to support the assessment of endpoints not owned by the organization and as such can help to make a Bring Your Own Device (BYOD) policy possible.
  2. C. On a private network, only authorized users have access to the data, whereas in a public network, everyone connected has access to the data.
  3. B. After determining that the user has Internet access, your next step would be to verify the VPN address and password.
  4. D. To have good security on your network, deny any addresses from your internal networks, deny any local host addresses (127.0.0.0/8), deny any reserved private addresses, and deny any addresses in the IP multicast address range (224.0.0.0/4).
  5. D. Tunneling is encapsulating one protocol within another protocol to complete a secure transmission. Options A, B, and C are all tunneling protocols you should be aware of, as well as Secure Sockets Layer Virtual Private Network (SSL VPN) and Point-to-Point Tunneling Protocol (PPTP).
  6. A. SSL is based on RSA public-key encryption and is used to provide secure Session layer connections over the Internet between a web browser and a web server.
  7. C. The minimum length should be 8 characters, and the maximum length should be 15 characters. A strong password is a combination of alphanumeric and special characters that is easy for you to remember but difficult for someone else to guess.
  8. B. IPSec works at the Network layer of the OSI model (Layer 3) and secures all applications that operate above it (Layer 4 and above). Additionally, because it was designed by the IETF and designed to work with IPv4 and IPv6, it has broad industry support and is quickly becoming the standard for VPNs on the Internet.
  9. D. IPSec works in both transport mode and tunneling mode. In transport mode, a secure IP connection between two hosts is created. Data is protected by authentication or encryption (or both). Tunnel mode is used between network endpoints to protect all data going through the tunnel.
  10. B. Companies that want to ensure that their data is secure during transit should encrypt their data before transmission. Encryption is the process that encodes and decodes data.
  11. A, C. Some older network utilities such as FTP and Telnet don’t have the ability to encrypt passwords.
  12. C. To encode a message and decode an encrypted message, you need the proper encryption key or keys. The encryption key is the table or formula that defines which character in the data translates to which encoded character.
  13. C. TLS was available for use with VPNs in earlier versions prior to 2.0.
  14. D. The Data Encryption Standard (DES) is not a type of public-key encryption.
  15. D. PPTP is a VPN protocol that was created by Microsoft and uses TCP port 1723 for authetication and Generic Routing Encapsulation (GRE) to encrpyt data at the Application level.
  16. B. PPPoE has only two stages: discovery and session. In the discovery phase, the MAC addresses of the endpoints are exchanged so that a secure PPP connection can be made.
  17. C. A fingerprint is an example of something you are. Other examples are retina scans and facial recognition.
  18. A. RADIUS servers provide both authentication and encryption services and can combine these into one service. RADIUS can be used for allowing or denying both wired and wireless access at the domain level.
  19. A. RADIUS combines user authentication and authorization into one centralized database and maintains user profiles.
  20. D. Independent Computing Architecture (ICA) is a protocol designed by Citrix Systems to provide communication between servers and clients. ICA is a remote-access method.

Chapter 14: Network Threats and Mitigation

  1. D. A denial of service (DoS) attack prevents users from accessing the system. All of the options are possible denial-of-service attacks.
  2. A. Session fixation is an attack in which the attacker sets the session ID ahead of time by sending a link to the victim with the ID preset. Then when the user connects, the attacker waits for the authentication to complete and takes over the session by disconnecting the user and using the ID to reconnect.
  3. A. Options B, C, and D are all DoS attacks, so the only real answer is a file virus. A file virus attacks executable application and system program files scanning for networks.
  4. A. In war driving, the attacker simply drives around with a high-powered antenna connected to a wireless laptop.
  5. D. These are all examples of boot-sector viruses that get into the master boot record. A boot-sector virus will overwrite the boot sector, thereby making it look as if there is no pointer to your operating system. When you power up the computer, you will see a Missing Operating System or Hard Disk Not Found error message.
  6. A. A multipartite virus is one that affects both the boot sector and files on your computer.
  7. C. A worm can actively replicate itself without user intervention, whereas a virus can be activated and spread only if a user opens an application.
  8. B. A brute force attack is a software-related attack that employs a program that is running on a targeted network to log in to some type of shared network resource like a server.
  9. A. Social engineering, or phishing, refers to the act of attempting to illegally obtain sensitive information by pretending to be a credible source. Phishing usually takes one of two forms: an email or a phone call.
  10. B. A clean-desk policy means that all important documents, such as books, schematics, confidential letters, and the like, are removed from the desk (and locked away) when employees leave their workstations.
  11. D. It is important to train all employees by informing them that people may try to call and email them to gather information to attack the company. This is called phishing or social engineering.
  12. B. When you set the AP to not broadcast the SSID, it will remove the SSID from packets called beacons (these are the packets that populate the display when you scan for networks) but the SSID will still be present in many other packet types.
  13. A. A security procedure defines the appropriate response to a security event on your network.
  14. A. Soon after WEP’s adoption as a security measure, it was discovered that due to a weakness in the way the algorithm was employed, programs that became widely available on the Internet could be used to crack the WEP key.
  15. B. Windows Update is a utility that is typically automatically installed when you install Windows. The update engine will periodically scan your system for the version of Windows components you have installed and compare them to the most current versions available from Microsoft. If your software is out-of-date, a Windows Update dialog box will appear, asking if you want to install the software updates.
  16. C. With so much code written for applications and operating systems, developers go back after the initial release to fix any problems that are uncovered. These fixes are released as hotfixes or patches.
  17. A. The first responder is responsible for securing the crime scene and protecting the evidence from corruption.
  18. D. Heuristic scanning allows for this type of scanning. The engine looks for suspicious activity that might indicate a virus.
  19. A. Every week, you need to update your list of known viruses—called the virus definition files. You can do this manually or automatically through the manufacturer’s website. You can use a staging server within your company to download and then distribute the updates, or you can set up each computer to download updates.
  20. D. An antivirus program examines the computer suspected of being infected and eradicates any viruses it finds using any of these methods.

Chapter 15: Physical Security and Risk

  1. C. Firewalls work by allowing only packets that pass security restrictions to be forwarded through the firewall. A firewall can also permit, deny, encrypt, decrypt, and proxy all computer traffic that flows through it; this can be between a public and private network or between different security domains (or zones) on a private network. You, as the administrator, set up the rules by which a firewall decides to forward or reject packets of data.
  2. B. Proximity readers are door controls that read a card from a short distance and are used to control access to sensitive rooms.
  3. B. A network-based firewall is what companies use to protect their private network from attacks sourced in the public network. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers as opposed to just one system. This is usually a combination of hardware and software. A host-based firewall is implemented on one machine and is designed to protect that machine only. Most often, this is implemented as software; no additional hardware is required on your personal computer to run a host-based firewall.
  4. C. A properly designed disaster recovery plan (DRP) minimizes the effect of a disaster and includes the steps necessary to resume normal operation. The DRP is implemented when the emergency occurs and includes the steps to restore functions and systems.
  5. B. Nessus cannot identify incorrect IP addresses.
  6. C. One of the benefits of using a firewall is that it helps protect LAN resources from unwanted attacks.
  7. B. An intrusion detection system (IDS) monitors network traffic, looking for signs of an intrusion. Intrusions are detected by an attack signature.
  8. A. RAID-0, also called disk striping, writes the data across multiple drives. While it improves performance, it does not provide fault tolerance.
  9. C. Standard, extended, and outbound are all types of ACLs. Referred is not.
  10. B. You can sometimes just ignore the attack because it’s possible it won’t affect your network. This is called shunning.
  11. C. A DMZ can be set up many different ways, but the best explanation is that the DMZ is used to separate and secure your inside network from the Internet while still allowing hosts on the Internet to access your servers.
  12. E. Most firewalls provide content filtering, signature identification, and the ability to segregate network segments into separate security zones. Most firewalls are also capable of performing scanning services, which means that they scan different types of incoming traffic in an effort to detect problems.
  13. A. In a blind test, the testing team is provided with limited knowledge of the network systems and devices, using publicly available information. The organization’s security team knows that an attack is coming. This type of test requires more effort by the testing team.
  14. B. Nessus is a proprietary vulnerability scanning program that requires a license for commercial use yet is the single most popular scanning program in use.
  15. C. Nmap does not collect passwords.
  16. D. Changing network configurations, terminating sessions, and deceiving the attacker are all actions that can be taken by an IPS device.
  17. D. Proxies act on behalf of the whole network to completely separate packets from internal hosts and external hosts.
  18. B. Nessus operates by performing a port scan and then follows up with more specific tests, but it cannot identify IP address conflicts.
  19. C. A stateful firewall keeps track of the established connections passing through it. When another packet is received that’s part of an existing connection (part of a current state), the packet is passed without checking the ACLs.
  20. C. An intrusion prevention system (IPS) is like an IDS but with two key differences. First, it learns what is “normal” on the network and can react to abnormalities even if they’re not part of the signature database. Second, it can issue an active response such as shutting down a port, resetting connections, or attempting to lull an attacker into a trap.

Chapter 16: Wide Area Networks

  1. D. Routing Information Protocol (RIP) is not a WAN protocol but a routing protocol used in internetworks.
  2. C. These different protocols and technologies all occupy the lower three layers of the OSI model: the Physical layer, the Data Link layer, and sometimes the Network layer. Most WAN protocols work only at the Physical layer and Data Link layer.
  3. B. The demarcation point is the precise spot where the service provider’s responsibility ends and the CPE begins.
  4. D. The European version of the T1 is the E1, which operates at 2.048 Mbps and uses 30 64 Kbps channels (30 DS0s), and two channels are used for D channels, which makes 32 total DS0s.
  5. C. The demarc is the precise spot where the service provider’s (local exchange carrier’s) responsibility ends and the CPE begins. It’s generally a device in a telecommunications closet owned and installed by the telecommunications company (telco).
  6. D. Cable is a great cost-effective connection for a small office or home office (SOHO).
  7. C. A T1 has a line speed of 1.544 Mbps. This 1.544 Mbps connection uses Digital Signal 1 (DS1) and aggregates 24 discrete 64 Kbps channels that use Digital Signal 0 (DS0). Other T-series connections have greater maximum connection speeds.
  8. C. LTE is true 4G and has the best data rates.
  9. B. OC-1, OC-3, OC-12, OC-48, and OC-192 are the normal service offerings. OC-1 has the lowest data rate at 51.84 Mbps, and OC-192 is the highest at 9.953 Gbps.
  10. A. Bluetooth uses a radio technology called Frequency Hopping Spread Spectrum. It chops up the data being sent and transmits chunks of it through the air on up to 75 different frequencies.
  11. C. The x in xDSL represents the different letters that refer to the DSL flavors. xDSLs use high-frequency signals, whereas regular phone calls use low-frequency signals over the same lines.
  12. C. ADSL, HDSL, SDSL, VDSL or VHDSL, and VDSL2 are all common xDSL types. Synchronous Optical Network (SONET) is the standard for synchronous data transmission on optical fiber.
  13. D. DOCSIS stands for data over cable service Interface Specifications. All cable modems and like devices have to measure up to this standard.
  14. C. Optical carrier 12 has speeds up to 622 Mbps.
  15. C. ATM uses a high-speed cell-switching technology that can handle data as well as real-time voice and video. The ATM protocol breaks up transmitted data into 53-byte cells.
  16. A. Frame Relay is the frame WAN technology in which variable-length packets are transmitted by switching.
  17. C. The committed information rate (CIR) is the rate, in bits per second, at which the Frame Relay switch guarantees to transfer data.
  18. C. We’re thinking in terms of a DSL, so a CSU/DSU is not used, nor is a demarc. If clocking was down, your Internet would be completely down. Input errors could be indicative of a duplex issue.
  19. C. The public domain (responsibility of the provider) is the part of the network that allows access into the PSTN (Public Switched Telephone Network) or PLMN (Public Land Mobile Network).
  20. A. Benefits of Dynamic Multipoint VPN include elimination of traffic between remote sites traversing the hub, elimination of additional bandwidth requirements at the hub, elimination of additional network delays, conservation of WAN bandwidth, lower costs for VPN circuits, and increased resiliency and redundancy.

Chapter 17: Troubleshooting Tools

  1. C. The program Packet Internet Groper (ping) is used to find out if a host has the IP stack initialized.
  2. A. The arp utility is used to display the contents of the ARP cache, which tracks the resolution of IP addresses to physical (MAC) addresses and will produce the displayed output.
  3. A. Microsoft has made what it calls Remote Desktop software available for free with Windows products since Windows NT. When this software is installed (installed by default in later versions) on both source and destination computers, a remote desktop connection can be made.
  4. B. The purpose of the ping utility is to test the communications channel between two IP hosts as well as how long it takes the packets to get from one host to another.
  5. C. The ipconfig /all utility will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, WINS configuration, and default gateway.
  6. B, D. The address 127.0.0.1 is the special IP address designated for the local TCP/IP interface. The hostname localhost is the hostname given to the local interface. Therefore, pinging either the IP address or the hostname for the local interface will tell you whether the local interface is working.
  7. A. The command nbtstat –r displays all the name resolutions performed by the local client as well as their associated IP addresses. The –R switch will reload the cache.
  8. C. The arp utility will show you the resolved MAC to IP address of all hosts on your network segment. Remember, this will work for only local hosts, not remote hosts.
  9. B. To purge and reload the remote NetBIOS name cache, you must use nbtstat –R. Remember that the R must be uppercase and that it will not work correctly without the hyphen before it.
  10. B. Commercial sniffers like Wireshark and Omnipeek can capture any packets because they set the NIC to operate in promiscuous mode, which means the NIC processes all packets that it sees.
  11. B. The tracert utility will give you that output. The tracert command (or trace for short) traces the route from the source IP host to the destination host.
  12. C. The tracert utility will tell you which router is having the performance problem and how long it takes to move between each host. Tracert can be used to locate problem areas in a network.
  13. A. The ipconfig /all switch will display the most complete listing of TCP/IP configuration information, also displaying the MAC address, DHCP lease times, and the DNS addresses.
  14. C. The tracert utility returns the names and addresses of all routers through which a packet passes on its way to a destination host.
  15. E. The telnet utility can be used to test if a particular IP host is responding on a particular TCP port.
  16. C. The arp -a command will display the current contents of the ARP cache on the local workstation.
  17. C. dig is an old UNIX command that will show you DNS server information.
  18. A, D. The arp utility’s –a and –g switches perform the same function. They both show the current ARP cache.

  19. B. There are three different chain types:

    Input: Controls behavior for incoming connections.

    Forward: Used for incoming connections that aren’t being delivered locally (like a router would receive)

    Output: Used for outgoing connections

  20. A. To capture traffic on all interfaces, use the any keyword with the -i (interface) switch.

Chapter 18: Software and Hardware Tools

  1. A, B, C. Yep, all of the above. The CompTIA Network+ objectives cover all three in regard to tools used to analyze today’s networks.
  2. C. The basic purpose of packet sniffers or network analyzers is to collect and analyze each individual packet that is captured on a specific network segment to determine whether problems are happening. You can also use them to see if there is too much traffic on a segment.
  3. A. A toner probe sends a signal down a pair of wires so that the wires can be traced. Typically, a butt set is used to find this signal, but toner probe is the best answer to this question.
  4. B. An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to give you the skinny on optical fibers. It works by putting out a series of optical pulses into the specific fiber you want to test and can tell you if a break in the fiber has occurred and where.
  5. B. To create a patch cable (568A) to connect your host to a jack in the wall, you need to use a snip.
  6. A. Remember that firewalls are the first line of defense for an Internet-connected network. If a network was directly connected to the Internet without a firewall, an attacker could theoretically gain direct access to the computers and servers on that network with little effort. The IDS/IPS software is usually positioned between your internal router and the firewall to the outside network (Internet).
  7. C. Hope you answered C! A port scanner is just a piece of software designed to search a network for open hosts. Administrators of networks use port scanners to ensure security and bad guys use them to compromise it.
  8. D. Wire-map testing is the most basic type of testing for twisted-pair cables. It detects transposed wires, opens (broken or unconnected wires), and shorts (wires or pins improperly connected to each other).
  9. B. A time-domain reflectometer (TDR) is a tool that finds and describes faults in metallic cables like twisted wire pairs and coaxial cables. The equivalent device for optical fiber is an optical time-domain reflectometer (OTDR). A TDR can also check the speed and condition of the signal on the cable.
  10. B. A certifier is a combination cable tester and network analyzer, only better. It can test the performance and response times of network resources and certify your full Category 6 cable installation at the same time.
  11. D. Unlike port scanners, packet sniffers actually look inside every packet on a network segment at the frame level.
  12. C. Due to sensitivity to any variation and impedance, options A, B, D, and E are all reasons you’d use a TDR.
  13. A. A multimeter, or a volt/ohm meter (VOM), is used to measure voltage, current, and resistance.
  14. D. Otherwise known as a “fox and hound” wire tracer, a toner probe would be useful in this situation. A toner probe will emit an audible tone when it touches the other end of the cable.
  15. A. I hope you said A! A punch-down tool would be used if you needed to connect wire to a punch-down block. Most networks today have wiring closets, and to terminate the cables, you’re certain to need a punch-down tool.
  16. B. A wire crimper, or crimper, is used for attaching ends onto different types of network cables.
  17. C. A punch-down tool is used to punch down an RJ-45 cable to an insulation displacement connector, typically a 110 block.
  18. D. An everyday surge protector monitors the incoming voltage level and trips a circuit breaker when the voltage reaches a certain level, known as the overvoltage threshold.
  19. B. A loopback test is a diagnostic procedure in which a signal is transmitted and returned to the sending device after passing through all or a portion of a network or circuit. A loopback plug makes this test possible.
  20. B. Electronic devices are prone to overheating, which is why you should use a temperature monitor.

Chapter 19: Network Troubleshooting

  1. A, F. Rebooting servers and routers are not part of the troubleshooting model.
  2. B. You need to check basic connectivity. The link light indicates that the network card is making a basic-level connection to the rest of the network. It is a very easy item to check, and if the link light is not lit, it is usually a very simple fix (like plugging in an unplugged cable).
  3. B. When wireless users complain that the network is slow (latency) or that they are losing their connection to applications during a session, it is usually latency arising from a capacity issue.
  4. B. Although all of these are good tests for network connectivity, checking the server console for user connections will tell you whether other users are able to log into the server. If they can, the problem is most likely related to one of those users’ workstations. If they can’t, the problem is either the server or network connection. This helps narrow down the problem.
  5. B. Because of all the tests given and their results, you can narrow the problem down to the network connectivity of that workstation. And because no other users in her area are having the same problem, it can’t be the hub or server. You can log in as the user from your workstation, so you know it isn’t a rights issue or username/password issue. The only possible answer listed is a bad patch cable.
  6. A. Because other users in the same area aren’t having a problem, it can’t be a downed server, network hub, or jabbering NIC. And because both you and the user can’t log in, more than likely it’s a problem specific to that workstation. The only one that would affect your ability to log in from that station is the Caps Lock key being pressed. That will cause the password to be in all uppercase (which most server operating systems treat as a different password), and thus it will probably be rejected.
  7. D. Since this is a new connection, you need to start by troubleshooting and identify the symptoms and potential causes.
  8. B. According to the Network+ troubleshooting model, the next step would be step 2, establishing the most probable cause.
  9. C. After determining the affected area, you need to find out if any changes have taken place.
  10. A. Because the user can’t log in correctly from any machine, more than likely he is using the wrong procedure for logging in. Because no one else is having that problem (including yourself), the problem must be related to that user.
  11. C. After you have implemented a solution, you need to test if the solution works and identify other effects it may have.
  12. B. Because you cannot reach the web page that resides on the server, the problem is most likely related to your browser.
  13. A, B, C. From a design standpoint, the physical environment for a server should be optimized for items such as placement, temperature, and humidity. When troubleshooting, don’t forget to check the physical conditions under which the network device is operating. Check for problems such as those mentioned here as well as EMI/RFI problems, power problems, and unplugged cables.
  14. D. Because most of today’s networks still consist of large amounts of copper cable, networks can suffer from the physical issues that have plagued all networks since the very beginning of networking (and the answers here are not a complete list). Newer technologies and protocols have lessened these issues but have not resolved them completely.
  15. A. Once you have determined that the switch or the configuration of the switch is the problem, you need to escalate the issue.
  16. D. Because other people are experiencing the problem, most likely it is either network or server related. Because you can transfer files to and from another server, it can’t be the network. Thus, the problem is related to the web server.
  17. D. After investigating the problem thoroughly and successfully testing and resolving an issue, you need to document the solution.
  18. B. Since users can get to the Internet, this means the DNS server is working and they have the correct default gateway. The intranet server is probably down.
  19. C. Performance-monitoring tools can give you an idea of how busy the server and the rest of the network are. These tools use graphs to indicate how much traffic is going through the server.
  20. C. Once you escalate the problem, you are done with the seven-step model. Meet with the escalation team to determine the next step.

Chapter 20: Management, Monitoring, and Optimization

  1. C. UTP cables use an RJ-45 connector. RJ-11 and RJ-25 are often used for terminating telephone lines.
  2. B. Straight-through cables, known as drop cables or patch cables, will have the pins in the same order on both connectors.
  3. B. On a crossover cable, one connector has flipped the wires. Specifically, pins 1 and 3 get switched, and pins 2 and 6 get switched.
  4. C. If you are going to make your own UTP cables (drop/patch cables) to customize length, you need to make sure that the right wires get to the right pins.
  5. C. Electrostatic discharge (ESD) is the technical term for what happens when two objects of dissimilar charge come in contact.
  6. C. Policies govern how the network is configured and operated as well as how people are expected to behave on the network, such as how users are able to access resources and which types of employees get network access.
  7. A. A physical network diagram contains all the physical devices and connectivity paths on your network and should accurately picture how your network physically fits together in detail. This document will also have the firmware revision on all the switches and access points in your network.
  8. A. An ICS server, also called a data acquisition server, uses coded signals over communication channels to acquire information about the status of the remote equipment for display or for recording functions.
  9. B. Network monitoring can have several names, including load testing, connectivity testing, and throughput testing. You will also hear network monitors referred to as protocol analyzers.
  10. D. QoS provides different priority levels to different applications, data flows, or users so that they can be guaranteed a certain performance level.
  11. A. Those making the changes should be completely briefed in rollback procedures, and they should exhibit a clear understanding of them prior to implementing the changes.
  12. D. The job isn’t complete until the paperwork is complete. In this case, network configurations, additions to the network, and physical location changes should be updated to reflect the changed state of the network.
  13. B. Common Address Redundancy Protocol (CARP) can be used to increase availability of gateways and firewalls.
  14. B. If you add a new cable segment to the network, you need to update the wiring schematics document.
  15. C, E. Quality of service (QoS) is basically the ability to provide different priority to one or more types of traffic over other levels for different applications, data flows, or users so that they can be guaranteed a certain performance level.
  16. A. Traffic shaping, also known as packet shaping, is a form of bandwidth optimization. It delays packets that meet a certain criteria to guarantee usable bandwidth for other applications. Essentially, with traffic shaping, you’re delaying some traffic so other traffic can get through. Traffic shaping uses bandwidth throttling to ensure that certain data streams don’t send too much data in a specified period of time.
  17. C. Common Address Redundancy Protocol (CARP) can be used to increase availability of gateways and firewalls. It is not related to virtualization.
  18. A, B, C, D. There are many bandwidth-intensive programs, like VoIP and video streaming. These are just a few of the reasons it’s necessary to try to optimize network performance.
  19. C. Voice over Internet Protocol (VoIP) is a general term that describes several technologies that are able to deliver voice communications over the Internet or other data networks.
  20. A, B, C, D. There are many theories and strategies you can apply to optimize performance on your network. All of them deal with controlling the traffic in some way. Strategies include QoS, traffic shaping, load balancing, high availability, and the use of caching servers. You want to ensure that you have plenty of bandwidth available for those applications that need it, such as critical service operations, VoIP, and real-time multimedia streaming.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.61.81