Chapter 2: The Open Systems Interconnection Specifications
The Application layer is responsible for finding the network resources broadcast from a server and adding flow control and error control (if the application developer chooses).
The Physical layer takes frames from the Data Link layer and encodes the 1s and 0s into a digital signal for transmission on the network medium.
The Network layer provides routing through an internetwork and logical addressing.
The Presentation layer makes sure that data is in a readable format for the Application layer.
The Session layer sets up, maintains, and terminates sessions between applications.
Protocol data units (PDUs) at the Data Link layer are called frames. As soon as you see the word frame and/or the term physical addressing in a question, you know the answer is always Data Link layer.
The Transport layer uses virtual circuits to create a reliable connection between two hosts.
The Network layer provides logical addressing, IP and/or IPv6 addressing, and routing.
The Physical layer is responsible for the electrical and mechanical connections between devices.
The Data Link layer is responsible for the framing of data packets.
Chapter 3: Networking Connectors and Wiring Standards
Category 6
Demarcation point, or demarc
Crossover
RG-6
Category 5e
Straight-through
To connect two CSU/DSUs
1, 2, 3, and 6
1 to 3 and 2 to 6
It is completely immune to EMI and RFI and can transmit up to 40 kilometers (about 25 miles).
Chapter 4: The Current Ethernet Specifications
Decimal
128
64
32
16
8
4
2
1
Binary
192
1
1
0
0
0
0
0
0
11000000
168
1
0
1
0
1
0
0
0
10101000
10
0
0
0
0
1
0
1
0
00001010
15
0
0
0
0
1
1
1
1
00001111
Decimal
128
64
32
16
8
4
2
1
Binary
172
1
0
1
0
1
1
0
0
10101100
16
0
0
0
1
0
0
0
0
00010000
20
0
0
0
1
0
1
0
0
00010100
55
0
0
1
1
0
1
1
1
00110111
Decimal
128
64
32
16
8
4
2
1
Binary
10
0
0
0
0
1
0
1
0
00001010
11
0
0
0
0
1
0
1
1
00001011
12
0
0
0
0
1
1
0
0
00001100
99
0
1
1
0
0
0
1
1
01100011
Binary
128
64
32
16
8
4
2
1
Decimal
11001100
1
1
0
0
1
1
0
0
204
00110011
0
0
1
1
0
0
1
1
51
10101010
1
0
1
0
1
0
1
0
170
01010101
0
1
0
1
0
1
0
1
85
Binary
128
64
32
16
8
4
2
1
Decimal
11000110
1
1
0
0
0
1
1
0
198
11010011
1
1
0
1
0
0
1
1
211
00111001
0
0
1
1
1
0
0
1
57
11010001
1
1
0
1
0
0
0
1
209
Binary
128
64
32
16
8
4
2
1
Decimal
10000100
1
0
0
0
0
1
0
0
132
11010010
1
1
0
1
0
0
1
0
210
10111000
1
0
1
1
1
0
0
0
184
10100110
1
0
1
0
0
1
1
0
166
Binary
128
64
32
16
8
4
2
1
Hexadecimal
11011000
1
1
0
1
1
0
0
0
D8
00011011
0
0
0
1
1
0
1
1
1B
00111101
0
0
1
1
1
1
0
1
3D
01110110
0
1
1
1
0
1
1
0
76
Binary
128
64
32
16
8
4
2
1
Hexadecimal
11001010
1
1
0
0
1
0
1
0
CA
11110101
1
1
1
1
0
1
0
1
F5
10000011
1
0
0
0
0
0
1
1
83
11101011
1
1
1
0
1
0
1
1
EB
Binary
128
64
32
16
8
4
2
1
Hexadecimal
10000100
1
0
0
0
0
1
0
0
84
11010010
1
1
0
1
0
0
1
0
D2
01000011
0
1
0
0
0
0
1
1
43
10110011
1
0
1
1
0
0
1
1
B3
Chapter 5: Networking Devices
Description
Device or OSI layer
This device sends and receives information about the Network layer.
Router
This layer creates a virtual circuit before transmitting between two end stations.
Transport
A Layer 3 switch or multilayer switch.
Router
This device uses hardware addresses to filter a network.
Bridge or switch
Ethernet is defined at these layers.
Data Link and Physical
This layer supports flow control and sequencing.
Transport
This device can measure the distance to a remote network.
Router
Logical addressing is used at this layer.
Network
Hardware addresses are defined at this layer.
Data Link (MAC sublayer)
This device creates one big collision domain and one large broadcast domain.
Hub
This device creates many smaller collision domains, but the network is still one large broadcast domain.
Switch or bridge
This device can never run full-duplex.
Hub
This device breaks up collision domains and broadcast domains.
Router
Chapter 6: Introduction to the Internet Protocol
This would be a layer 2 broadcast, or FF:FF:FF:FF:FF:FF.
FTP uses both TCP ports 20 and 21 for the data channel and the control channel, respectively.
Both TCP and UDP! A DNS server uses TCP port 53 for zone transfers and UDP port 53 for name resolutions. Notice that DNS uses both TCP and UDP. Whether it opts for one or the other depends on what it's trying to do.
ICMP uses IP directly to build error-reporting packets that are transmitted back to the originating source host when issues arise during the delivery of data packets. ICMP is also used during Ping and some Traceroute operations.
Quite simply, the service might not be running currently on that server. Another possibility might be that a firewall between the client and the server has blocked the protocol in question from passing.
RDP uses port 3389.
MGCP uses ports 2427 and 2727.
ICMP is the protocol that the
ping
and
tracert
commands rely on. If you're having trouble getting pings and traceroutes through a router, you might need to check if ICMP is being allowed through.
TFTP servers respond to UDP messages sent to port 69.
SMTP uses TCP port 25, POP3 uses TCP port 110, RDP uses TCP port 3389, and IMAP4 uses TCP port 143.
Chapter 7: IP Addressing
Written Lab 7.1
The class C private range is 192.168.0.0 through 192.168.255.255.
IPv6 has the following characteristics, among others, that make it preferable to IPv4: more available addresses, simpler header, options for authentication, and other security.
Automatic Private IP Addressing (APIPA) is the technology that results in hosts automatically configuring themselves with addresses that begin with 169.254.
An IP address assigned to an interface, considered a one-to-one communication.
One-to-many address
A MAC address, sometimes called a hardware address or even a burned-in address
IPv6 has 128-bit (16-octet) addresses, compared to IPv4's 32-bit (4-octet) addresses, so 96 more bits than IPv4.
172.16.0.0 through 172.31.255.255
192–223, 110xxxxx
Loopback or diagnostics. Actually, the full range of 127.0.0.1 through 127.255.255.254 is referred to as the loopback address.
Written Lab 7.2
Unicast
Global unicast
Link-local
Unique local (used to be called site-local)
Multicast
Anycast
Anycast
::1
FE80::/10
FC00::/7
Chapter 8: IP Subnetting, Troubleshooting IP, and Introduction to NAT
192.168.100.25/30. A /30 is 255.255.255.252. The valid subnet is 192.168.100.24, broadcast is 192.168.100.27, and valid hosts are 192.168.100.25 and 26.
192.168.100.37/28. A /28 is 255.255.255.240. The fourth octet is a block size of 16. Just count by 16s until you pass 37. 0, 16, 32, 48. The host is in the 32 subnet, with a broadcast address of 47. Valid hosts are 33–46.
192.168.100.66/27. A /27 is 255.255.255.224. The fourth octet is a block size of 32. Count by 32s until you pass the host address of 66. 0, 32, 64. The host is in the 64 subnet, broadcast address of 95. The valid host range is 65–94.
192.168.100.17/29. A /29 is 255.255.255.248. The fourth octet is a block size of 8. 0, 8, 16, 24. The host is in the 16 subnet, broadcast of 23. Valid hosts are 17–22.
192.168.100.99/26. A /26 is 255.255.255.192. The fourth octet has a block size of 64. 0, 64, 128. The host is in the 64 subnet, broadcast of 127. Valid hosts are 65–126.
192.168.100.99/25. A /25 is 255.255.255.128. The fourth octet is a block size of 128. 0, 128. The host is in the 0 subnet, broadcast of 127. Valid hosts are 1–126.
A default Class B is 255.255.0.0. A Class B 255.255.255.0 mask is 256 subnets, each with 254 hosts. We need fewer subnets. If we use 255.255.240.0, this provides 16 subnets. Let's add one more subnet bit. 255.255.248.0. This is 5 bits of subnetting, which provides 32 subnets. This is our best answer, a /21.
A /29 is 255.255.255.248. This is a block size of 8 in the fourth octet. 0, 8, 16. The host is in the 8 subnet, and broadcast is 15.
A /29 is 255.255.255.248, which is 5 subnet bits and 3 host bits. This is only 6 hosts per subnet.
A /23 is 255.255.254.0. The third octet is a block size of 2. Starting at 0, 2, 4. The host is in the 16.2.0 subnet; the broadcast address is 16.3.255.
Chapter 9: Introduction to IP Routing
False. RIP and RIPv2 are both distance-vector protocols.
False. RIP and RIPv2 are both distance-vector protocols.
False. EIGRP was created by Cisco as a proprietary routing protocol; however, it is no longer proprietary.
Autonomous system
RIP does not work well in large networks, so OSPF would be the best answer, and both RIP and OSPF are nonproprietary.
Static routing
The MAC address of your default gateway (router)
The IP address of the server
The MAC address of the router sending the frame to the server
The IP address of the server
Chapter 10: Routing Protocols
120
90
120
1
RIPng (Next Generation).
OSPFv3
EIGRPv6
When you need to connect two autonomous systems (ASs) together
When all your routers are Cisco routers and you want easy configuration
Distance vector
Chapter 11: Switching and Virtual LANs
Broadcast
Collision
Trunking allows you to send information about many or all VLANs through the same link. Access ports allow information about only one VLAN transmitted.
Power over Ethernet (PoE)
The VLAN port membership is set wrong.
Flood the frame out all ports except the port on which it was received.
Address learning, filtering, and loop avoidance
It will add the source MAC address to the forward/filter table.
Spanning Tree Protocol (STP)
Create a VLAN for contractors and another VLAN for guests.
Chapter 12: Wireless Networking
11 Mbps
54 Mbps
54 Mbps
2.4 GHz
2.4 GHz
5 GHz
1 Gbps
The values of WPA keys can change dynamically while the system is being used.
The IEEE 802.11i standard has been sanctioned by WPA and is called WPA version 2.
Three
Chapter 13: Using Statistics and Sensors to Ensure Network Availability
Description
Term
The percentage of time the CPU spends executing a non-idle thread.
Processor\% Processor Time
The amount of physical memory in megabytes currently available.
MemoryAvailable Mbytes
The percentage of bandwidth the NIC is capable of that is currently being used.
Network InterfaceBytes Total/Sec
The delay typically incurred in the processing of network data.
Latency
Occurs when the data flow in a connection is not consistent; that is, it increases and decreases in no discernable pattern.
Jitter
Supports plaintext authentication with MD5 or SHA with no encryption but provides GET BULK.
SNMPv2
Sent by SNMP agents to the NMS if a problem occurs.
SNMP trap
Identifier mechanism standardized by the International Telecommunications Union (ITU) and ISO/IEC for naming any object, concept, or “thing” with a globally unambiguous persistent name.
Object identifiers (OIDs)
Hierarchical structure into which SNMP OIDs are organized.
Management information bases (MIBs)
Refers to the standard level of performance of a certain device or to the normal operating capacity for your whole network.
Baseline
Centralizes and stores log messages and can even time-stamp and sequence them.
Syslog
Provides real-time analysis of security alerts generated by network hardware and applications.
SIEM
Errors that mean packets have been damaged.
CRC errors
Chapter 14: Organizational Documents and Policies
Step
Plan
Utilization of three network interfaces on the DNS server
Business continuity plan
Phased introductions of security patches
Change management plan
Degaussing of all discarded hard drives
System life cycle plan
Security issue escalation list
Incident response plan
System recovery priority chart
Disaster recovery plan
Chapter 15: High Availability and Disaster Recovery
Definition
Term
Technique used to spread work out to multiple computers, network links, or other devices
Load balancing
Allows multiple network interfaces to be placed into a team for the purposes of bandwidth aggregation
NIC teaming
Devices that can immediately supply power from a battery backup when a loss of power is detected
UPS
A leased facility that contains all the resources needed for full operation
Hot site
A Cisco proprietary FHRP
HSRP
Chapter 16: Common Security Concepts
Authentication Method
Term
Utilizes the connection-based TCP protocol.
TACACS+
When a user logs into the domain, the domain controller issues them an access token.
Single sign-on
The user's local account and password are verified with the local user database.
Local authentication
Defines a framework for centralized port-based authentication.
802.1X
Combines user authentication and authorization into one profile.
RADIUS
Chapter 17: Common Types of Attacks
Attack
Countermeasure
Shoulder surfing
Privacy filters
Piggybacking
Live guards
Tailgating
Access control vestibule/mantrap
Phishing
Security awareness training
Brute-force attack
Account lockout policy
Chapter 18: Network Hardening Techniques
Authentication Method
Term
Method of blocking rogue router advertisements
RA Guard
Can prevent many on-path/man-in-the-middle attacks
DAI
Can limit network access on a port to a single (or in the case of an IP phone, two) MAC address
Port security
Carries signaling traffic originating from or destined for a router
Control plane
Carries user traffic
Data plane
Chapter 19: Remote Access Security
Term
Definition
Clientless VPN
Requires only a browser that can perform SSL/TLS.
Full tunnel
All traffic goes through the VPN, including Internet traffic.
Site-to-site VPN
All traffic goes through the VPN tunnel.
Split tunnel
Only traffic to the office goes through the VPN. Internet traffic does not
Client-to-site VPN
Only the traffic between the user and the office will go through the tunnel.
Chapter 20: Physical Security
Term
Definition
Purging
Makes the data unreadable even with advanced forensic techniques.
Clearing
With this method, the data is only recoverable using special forensic techniques.
Destruction
Breaking the media apart or chemically altering it.
Overwriting
Writes data patterns over the entire media, thereby eliminating any trace data.
Chapter 21: Data Center Architecture and Cloud Concepts
Leaf, spine
East-West
Automation
Automation
Elasticity
A baseline
Crossover
Cloud computing
Virtual servers, virtual switches, virtual desktops, Software as a Service (SaaS), and Network as a Service (NaaS)
Infrastructure as Code (IaC)
Chapter 22: Ensuring Network Availability
CPU and memory
Baseline
Syslog
Duplex
Bits
FTP
CRC, or cyclic redundancy check
Giant
NetFlow
SNMP, or Simple Network Management Protocol
Chapter 23: Cable Connectivity Issues and Tools
True
True
True
True
False
Certifiers
False
Temperature monitor
Voltage event recorder
Crimper
Chapter 24: Network Troubleshooting Methodology
Test the theory to determine cause.
Document findings, actions, outcomes, and lessons learned.
By twisting the wire pairs together
IP addressing
Crossover
Attenuation
Establish a plan of action to resolve the problem and identify potential effects.
Implement the solution or escalate as necessary.
Routing problems
Incorrect pinout, transceiver mismatch, crosstalk, and attenuation