Net+

[toutbien]

The hell that is due by February 12th.

[toutbien]

• [x] The administrative distance for RIP is 120. (You're dead at 120)

OSPF is 110. (Shortest path first goes one to one) Internal BGP is 200. External EIGRP is 170.

[toutbien]

• [x] An IPv6 address has eight fields.

Each field contains four hexadecimal digits. Each hexadecimal digit is made up of four bits. Therefore, the number of bits in an IPv6 address can be calculated as follows: 4 bits per digit 4 digits per field 8 fields = 128 bits.

A Byte contains eight bits. An IP version 4 (IPv4) address contains 32 bits. A Media Access Control (MAC) address contains 48 bits.

[toutbien]

A dedicated network device that acts as an intrusion detection system (IDS) sensor is called a network-based intrusion detection system (NIDS).

A dedicated network device that acts as an intrusion prevention system (IPS) sensor is called a network-based intrusion prevention system (NIPS).

A host that can protect itself by inspecting traffic flowing into its network interface is called a host-based intrusion prevention system (HIPS).

A demilitarized zone (DMZ) is a logical zone containing one or more firewall interfaces that connects to devices (for example, corporate web servers or e-mail servers) accessible by an outside network (for example, the Internet).

[toutbien]

• [x] Maximum Bandwidth:

The 802.11a WLAN standard= 54 Mbps. The 802.11b WLAN standard =11 Mbps. The 802.11g WLAN standard = 54 Mbps. The 802.11n WLAN standard =greater than 300 Mbps.

[toutbien]

• [ ] Direct-Sequence Spread Spectrum (DSSS) is supported by 802.11b and 802.11g.

Orthogonal Frequency Division Multiplexing (OFDM) is supported by 802.11a, 802.11g, and 802.11n.

Note that 802.11g can support either OFDM or DSSS.

[toutbien]

• [ ] Which type of unshielded twisted pair (UTP) cable is commonly used for 1000BASE-T Ethernet networks and is often made of relatively thick conductors (for example, 22 gauge or 23 gauge wire) and thick insulation?

Cat 6

[toutbien]

Use port security to prevent MAC flooding. Locking down switchports to MAC addresses is a nice little first step in hardening the network. This guards against MAC flood attacks nicely, but note that it is vulnerable to MAC spoofing attacks. (port security keeps watch for floods)

Use dynamic ARP inspection. This Layer 2 security mechanism guards against MAC address spoofing. Note how it can make a nice pairing with port security! (ARP inspectors watches for spoofers)

Use control plane policing (CoPP). This is an excellent security feature that can control the rate of packets to and from the control plane of the network device. (Cops watch out for transfer of packets/packages)

Use private VLANs. Private VLANs allow multiple hosts to exist in the same VLAN, yet they are unable to communicate directly with each other. They can, for instance, reach the Internet or their gateway but are protected from each other.

[toutbien]

• [ ] Authentication, Authorization, and Accounting (AAA) allows a network to have a single repository of user credentials. A network administrator can then, for example, supply the same credentials to log onto a variety of network devices (for example, routers and switches). RADIUS and TACACS+ are protocols commonly used to communicate with an AAA server.

Kerberos is a client-server authentication protocol, which supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (that is, a Key Distribution Center) that hands out tickets that are used instead of a username and password combination.

Remote Desktop Protocol (RDP) is a Microsoft protocol that allows a user to view and control the desktop of a remote Microsoft Windows® computer.

[toutbien]

A firewall defines a set of rules dictating which types of traffic are permitted or denied as that traffic enters or exits a firewall interface.

A virtual private network (VPN) can secure communication between two sites over an untrusted network.

An intrusion prevention system (IPS) sensor sits in-line with traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately.

An intrusion detection system (IDS) sensor receives a copy of traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately.

[toutbien]

An Independent Basic Service Set (IBSS) WLAN can be created without the use of an access point (AP). This type of ad hoc WLAN can be useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.

A Basic Service Set (BSS) WLAN uses a single AP. BSS WLANs are said to run in infrastructure mode (as opposed to ad hoc mode), because wireless clients connect to an AP, which is typically connected to a wired network infrastructure.

An Extended Service Set (ESS) WLAN is a WLAN containing two or more APs. Like a BSS WLAN, ESS WLANs operate in infrastructure mode.

A Service Set Identifier (SSID) can be thought of as the name of a WLAN. Often, an AP will broadcast the name of a WLAN’s SSID, thus allowing wireless devices to see that the WLAN is available.

[toutbien]

• [ ] Terminal Access Controller Access Control System Plus (TACACS+): TACACS+ is a Cisco proprietary TCP-based AAA protocol. TACACS+ has three separate and distinct sessions or functions for authentication, authorization, and accounting. It is similar to Remote Authentication Dial-In User Service (RADIUS) but uses TCP instead of UDP as a transport method; it uses port 49 as the default port. TACACS+ takes a client/server model approach.

Remote Authentication Dial-In User Service (RADIUS): RADIUS is a UDP-based protocol used to communicate with a AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, only the password. However, RADIUS does offer more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, whereas TACACS+ is a Cisco proprietary protocol. RADIUS uses UDP port 1812 for authentication and authorization and UDP port 1813 for accounting.

Lightweight Directory Access Protocol (LDAP): LDAP permits a set of standards for the storage and access of user account information. Many proprietary user stores support LDAP for ease of access. This includes Microsoft’s Active Directory. By default, LDAP traffic is unsecured (over port 389). LDAP over TLS/SSL (LDAPS) is a method to secure LDAP by enabling communication using port 636.

Kerberos: Kerberos is a client/server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center) that hands out tickets used instead of a username and password combination.

[toutbien]

Both IEEE 802.3af and IEEE 802.3at are Power over Ethernet (PoE) standards. However, the 802.3af standard specifies a maximum wattage of 15.4 Watts, while the 802.3at standard specifies a maximum wattage of 32.4** Watts.

IEEE 802.1Q is an Ethernet trunking standard.

IEEE 802.1d is a standard for Spanning Tree Protocol (STP).**

[toutbien]

• [ ] Coarse wavelength-division multiplexing (CWDM) uses fewer than eight active wavelengths per fiber, and bidirectional wavelength-division multiplexing (WDM) multiplexes a number of optical carrier signals onto a single optical fiber by using different wavelengths. This technique enables bidirectional communications over one strand of fiber and increases the overall capacity.

Single-mode fiber (SMF) eliminates the issue of multimode delay distortion by having a core with a diameter so small that it only permits one mode (that is, one path) of propagation

Multimode fiber (MMF) typically has shorter distance limitations, as opposed to SMF, to mitigate the issue of multimode delay distortion.

[toutbien]

Split horizon prevents a route from being advertised out an interface from which the route was learned.

Poison reverse violates this rule to propagate a poisoned route.

Route poisoning and hold down are other loop-prevention mechanisms.

[toutbien]

What device terminates the DSL signal coming from a customer? DSLAM (it slams that signal closed)

[toutbien]

• [ ] IEEE 802.1X is a type of network admission control (NAC), which can permit or deny a wireless or wired LAN client access to a network. The device seeking admission to the network is called the “supplicant.” The device to which the supplication connects (either wirelessly or through a wired connection) is called the “authenticator.” The device which checks the supplicant's credentials and permits or denies the supplicant to access the network is called an “authentication server.” Usually, an authentication server is a RADIUS server.

Microsoft Remote Access Server (RAS) is the predecessor to Microsoft Routing and Remote Access Server (RRAS). Both RAS and RRAS are Microsoft Windows Server® features allowing Microsoft Windows® clients to remotely access a Microsoft Windows® network.

Public Key Infrastructure (PKI) uses digital certificates and a certificate authority (CA) to allow secure communication across a public network.

Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is a Microsoft-enhanced version of CHAP, offering a collection of additional features not present with CHAP, including two-way authentication.

[toutbien]

A structured troubleshooting methodology includes the following steps: Step 1: Define the problem. Step 2: Hypothesize a probable cause. Step 3: Test Hypothesis. Step 4: Create an action plan. Step 5: Implement action plan. Step 6: Verify problem resolution. Step 7: Create a post mortem report.

[toutbien]

Dynamic NAT (DNAT) automatically assigns an inside global address from a pool of available addresses.

Static NAT (SNAT) statically configures an inside global address assigned to a specific device inside your network.

Port address translation (PAT) allows multiple inside local addresses to share a single inside global address. Sessions are kept separate through the tracking of port numbers associated with each session.

[toutbien]

• [ ] A lease is a temporary assignment of IP address information to a DHCP client.

A scope is a pool of IP addresses used by a DHCP server to assign IP addresses to DHCP clients.

A reservation is a static mapping of an IP address to a specific MAC address.

An option is an IP address parameter (for example, the IP address of a DNS or WINS server) that a DHCP server assigns a DHCP client.

[toutbien]

• [ ] Which MPLS element makes frame-forwarding decisions based on labels applied to frames?

LSR

[toutbien]

• [ ] Many different pieces should at least be included in a bring-your-own-device (BYOD) policy; these include the following:

• An explicit and detailed list of what devices are actually permitted

• For each device or device category, an explicit security policy

• The appropriate corporate support policy for each device or device category

• A clear delineation of what applications and data are owned by the corporation versus that owned by the user and/or employee

• An explicit list of applications permitted in the BYOD environment

• An integration of the BYOD policy with the acceptable use policy (AUP)

• A detailed presentation on the exit policies for employees as they relate to BYOD

[toutbien]

There five different main Network Discovery Protocol (NDP) message (or packet) types are

• Router Solicitation (RS)
• Router Advertisement (RA)
• Neighbor Solicitation (NS)
• Neighbor Advertisement (NA)

• and Redirect.

  The RA message type is used by IPv6 routers to advertise their presence and to inform the other devices on the local network of other information.

[toutbien]

• [ ] A crimper can be used to attach a connector (for example, an RJ-45 connector) to the end of a UTP cable.

To accompany a crimper, you might want to purchase a spool of cable (for example, Category 6 UTP cable) and a box of RJ-45 connectors. You will then be equipped to make your own Ethernet patch cables, which might be less expensive than buying pre-terminated UTP cables, and convenient when you need a patch cable of a non-standard length or when you need a non-standard pinout on the RJ-45 connectors (for example, if you need a T1 crossover cable).

[toutbien]

• [ ] Microsoft Windows® application logs contain information about software applications running on the underlying operating system.

A Microsoft Windows® security log stores information about security-related events, such as failed login attempts.

A Microsoft Windows® system log lists events generated by the underlying operating system.

Syslog is an open standard for logging information about events occurring on a network device.

[toutbien]

• [ ] IPv6 address types (the most common ones)

-globally routable unicast addresses (2000 to 3999) -link-local (FE80) -multicast (FF).

[toutbien]

• [ ] Simple Mail Transfer Protocol (SMTP) is used for sending e-mail to an e-mail server.

Internet Message Access Protocol version 4 (IMAP4) and Post Office Protocol version 3 (POP3) are used to retrieve e-mail from an e-mail server.

Network News Transport Protocol (NNTP) supports the posting and reading of articles on Usenet news servers.

[toutbien]

The hierarchical network model is built with three layers. There is the access layer, closest to your end users, then there is the distribution layer, followed by the core layer.

A WLAN client and an wireless AP must use a matching Service Set Identifier (SSID), a matching channel (which implies a matching frequency band of either 2.4 GHz or 5 GHz), and a matching encryption type in order for the client to associate with the AP.

Address class usage: Class C is used for small networks. (cute and tiny) Class D is used for multicast. Class E is used for experimental.

[toutbien]

arp -a output:

nterface: 192.168.1.19 --- 0xb Internet Address Physical Address Type 192.168.1.1 00-23-97-6f-72-be dynamic 192.168.1.2 90-84-0d-ee-26-ad dynamic 192.168.1.7 78-e7-d1-bf-33-a8 dynamic 192.168.1.10 d8-30-62-34-b0-77 dynamic 192.168.1.13 00-90-a9-d0-c8-b5 dynamic 192.168.1.14 84-8f-69-f5-5f-3d dynamic 192.168.1.16 20-c9-d0-44-96-41 dynamic 192.168.1.21 00-1b-78-6d-76-fc dynamic 192.168.1.25 a8-86-dd-ac-a5-a5 dynamic 192.168.1.36 00-90-a9-01-bb-04 dynamic 192.168.1.56 68-5b-35-cf-28-1d dynamic 192.168.1.128 38-aa-3c-1f-07-c1 dynamic 192.168.1.202 f0-27-65-f6-b3-b3 dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.2 01-00-5e-00-00-02 static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 224.0.1.60 01-00-5e-00-01-3c static 239.255.255.250 01-00-5e-7f-ff-fa static

[toutbien]

• [ ] A demarc (also known as a demarcation point or a demarc extension) is the point in a telephone network where the maintenance responsibility passes from a telephone company to the subscriber (unless the subscriber has purchased inside wiring maintenance).

A label switch router (LSR) resides as part of a service provider’s MPLS cloud and makes frame-forwarding decisions based on labels applied to frames.

An edge label switch router (ELSR) resides at the edge of an MPLS service provider’s cloud and interconnects a service provider to one or more customers.

A smartjack is a type of network interface device (see the definition for demarc) that adds circuitry. This circuitry adds such features as converting between framing formats on a digital circuit (for example, a T1 circuit), supporting remote diagnostics, and regenerating a digital signal.

[toutbien]

• [ ] Straight Tip (ST) A bayonet-type connector that locks into the socket with a half-twist

Subscriber Connector (SC) A push-pull connector with a key to prevent twisting in the socket, and in some cases, a locking latch

Local Connector (LC)  A small form-factor connector similar to the SC connector but approximately half the size, with a latch to lock the male connector securely in the socket

Mechanical Transfer-Registered Jack (MT-RJ) A small form-factor connector with duplex cores that is similar in size to an RJ45 connector