What is the main difference between RIP and RIPv2
Rip is a classfull and RIPv2 is a classless protocol
Which protocol has a limit of 15 hops between any two networks?
You have a router configured to share routing information using RIP. In addition, you have a single static route that identifies a default route for all other networks. The next hop router for the default rout has changed you need to make the change with the least amount of effort possible. What should you do?
Manually reconfigure the default route to point to the new next hop router.
What terms are synonymous with or made possible with CIDR
VLSM (variable lenght subnet mask)
What routing protocol is classified as a balanced Hybrid routing protocol?
A router is connected to network 192.168.1.0/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24. there is no default route configured on the router.
The router receives a packet address to network 10.1.0.0/16. What will the router do with the packet?
drop the packet
YOu have a network configured to use the OSPF routeing protocol. What describes the state when all OSPF routers have learned about all other routes in the network?
hop counts as the cost metric
What routing protocols divides the network into areas, with all networks required to have an area 0?
Under which circumstance might you implement BGP on your company network and share routes with Internet router?
It the network is connected to the Internet using multiple ISPs
What are the difference between OSPF and IS-IS
OSPF requires and area 0, while IS-IS does not
What describes OSPF?
OSPF is a classless link-state protocol.
YOu have a private network connected to the Internet. Your routers will not share routing information about you private network with Internet routers.
Which of the following best describes the type of routing protocol you would use?
IGP Interior Gateway Protocol
What information does the next hop entry in a routing table identify?
The first router in the path to the destination network.
You manage a server that uses an IP address of 192,168,255.188 with a mask of 255.255.0.0. Which of the following describes the address type?
Which of the following is a characteristic of static routing when compared to dynamic routhing?
all routes must be manually updated on the route.
a router is connected to network 220.127.116.11/24. The router is configured to use RIP and has learned of networks 192.168.3.0/24.
The next hop router for network 192.168.3.0/24 has changed. You nedd to make the change with the least amount of effort possible. What should you do?
Wait for convergence to take place.
What routing rpotocols are classified as lin state routing protocols
Which of the following routing protocols is used by routers on the Internet for learning and sharing routes?
You need to enable hosts on your network to find the IP address of logical names such as srv1.myserver.com. What device would you use?
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. What protocol should you implement?
What is the purpose of using subnets?
Subnets divide an IP network into multiple network addresses.
Which of the following are frequencies defined by 802.11 committees for wireless networking?
You have been contracted by OsCorp to recommend a wireless Internet solution. The wireless strategy must support a transmission range of 150 feet, use a frequency range of 2.4GHz and provide the highest possible transmission speeds.
Which IEEE wireless standards specify transmission speeds up to 54Mbps
You are designing a wireless network for a client. You client needs the network to support a data rate of at least 54Mbps. In addition, the client already has a wireless telephone system installed that operates 2.4 GHz.
Which IEE standard describes wireless communication?
How many total channels are available for 802.11a?
you are designing an update to your clients wireless network. The existing wireless network uses 803.11b equipment; which your client complains runs to slowly. She wants to upgrade the network to run at 54Mbps.
Due to budget constraints, your client wants to upgrade only the wireless access points in the network this year. Next year, she will upgrade the wireless network boards in her users’ workstations. She has also indicated the the system must continue to function during the transition period. Which 802.11 standard will work best in the situation?
How many total channels are available for 802.11g wireless networks
Which data transmission rate is defined by the IEEE 802.11b wireless standard
What is the frequency fo 802.11a networking
All of the 802.11 standards for wireless networking support which type of communication path sharing technology?
carrier sense multiple access with collision avoidance
system asks for permission to transmit
a designated authority (hub, router, access point) grants access when the communication medium is free
the system transmits data and waits for an ACK (acknowledgment)
If no ACK is received the data is retransmitted
is a mechanism where one system is labeled as the primary system. The primary system polls each secondary system in turn to inquire whether they have data transmit
is a mechanism that uses a digital pass card, only the system holding the token is allowed to communicate
is the technology used by Ethernet:
listens for traffice, if the line is clear it begins transmitting
system listens for collisions
no collision, the communication succeeds. if collision are detected, an interrupt jam signal is broadcast to stop all transmissions. Each system waits a random amount of time before re-transmission
In Virtualizaiton, what is the role of the hypervisor?
A hypervisor allows virtual machines to interact with the hardware without going through the host operating system.
Which component is most likely to allow physical and virtual machines to communicate with each other?
allow multiple vitual servers to communicate on virtual network segments or the physical network
what protocol is used with VoIP
SIP: session initiation protocol set up, maintain and teardown redirect call
RTP: Real time protocol (packets contain the actual voice data:
What features is used with digital IP phones to supply power through a switch port?
Power over ethernet
What protocol is used by VoIP to set up, maintain, and terminate a phone call?
you have a computer that is connected to the Internet through a NAT router. You want to use a private addressing scheme for you computer. What IP addresses could you assign to the computer?
What is not one of the ranges of IP address defined in RFC 1918 that are commonly used behind a NAT server:
what associates a port number with a host on a private network?
You have a small network at home that is connected to the Internet. On your home network you have a server with the IP address 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a Web server and allow Internet hosts to contact the server to browse a personal web site.
What should you use to allow access?
18.104.22.168 to 22.214.171.124.
IGMP snooping on a switch
allows the switch to control which ports get IGMP traffic for a specific group. With IGMP snooping, the switch identifies which ports include members of a specific multicast group. When a message is received for a group, the message is sent only to the ports that have a group member connected.
a single packet is sent to the broadcast address and is processed by all hosts.
hardware is not virtualized.
Network as a Service (NaaS)
Network as a Service (NaaS) is similar to the offsite virtual network in that the servers and desktops are all virtualized and managed by a contracted third-party. Be aware of the following:
NaaS virtualizes the entire network infrastructure; all physical wiring for the network is virtual and is run at the service provider’s site.
A basic network is implemented on the contracted site in order to get out to the service provider’s site.
Typically, all administration tasks of the network are handled by the service provider.
Frequency Hopping Spread Spectrum (FHSS)
Direct-Sequence Spread Spectrum (DSSS)
Direct-Sequence Spread Spectrum (DSSS)
The transmitter breaks data into pieces and sends the pieces across multiple frequencies in a defined range. DSSS is more susceptible to interference and less secure then FHSS.
Frequency Hopping Spread Spectrum (FHSS)
FHSS uses a narrow frequency band and ‘hops’ data signals in a predictable sequence from frequency to frequency over a wide band of frequencies.
Because FHSS shifts automatically between frequencies, it can avoid interference that may be on a single frequency.
Hopping between frequencies also increases transmission security by making eavesdropping and data capture more difficult.
Ad hoc Topology
An ad hoc network works in peer-to-peer mode. The wireless NICs in each host communicate directly with one another. An ad hoc network:
Works in peer-to-peer mode without an access point (the wireless NICs in each host communicate directly with one another).
Uses a physical mesh topology with a logical bus topology.
Is cheap and easy to set up.
Cannot handle a large number of hosts.
Requires special modifications to reach wired networks.
You will typically only use an ad hoc network to create a direct, temporary connection between two hosts.
An infrastructure wireless network employs an access point (AP) that functions like a hub on an Ethernet network. With an infrastructure network:
The network uses a physical star topology with a logical bus topology.
You can easily add hosts without increasing administrative efforts (scalable).
The access point can be easily connected to a wired network, allowing clients to access both wired and wireless hosts.
The placement and configuration of access points require planning to implement effectively.
You should implement an infrastructure network for all but the smallest of wireless networks.
Wireless networks use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)
to control media access and avoid (rather than detect) collisions. Collision avoidance uses the following process:
The sending device listens to make sure that no other device is transmitting. If another device is transmitting, the device waits a random period of time (called a backoff period) before attempting to send again.
If no other device is transmitting, the sending device broadcasts a Request-to-send (RTS) message to the receiver or access point. The RTS includes the source and destination, as well as information on the duration of the requested communication.
The receiving device responds with a Clear-to-send (CTS) packet. The CTS also includes the communication duration period. Other devices use the information in the RTS and CTS packets to delay attempting to send until the communication duration period (and subsequent acknowledgement) has passed.
The sending device transmits the data. The receiving device responds with an acknowledgement (ACK). If an acknowledgement is not received, the sending device assumes a collision and retransmits the affected packet.
After the time interval specified in the RTS and CTS has passed, other devices can start the process again to attempt to transmit.
Wireless communication operates in half-duplex (shared, two-way communication)
Devices can both send and receive, but not at the same time. Devices must take turns using the transmission channel. Typically, once a party begins receiving a signal, it must wait for the transmitter to stop transmitting before replying.
Devices on a wireless network include:
A wireless NIC for sending and receiving signals.
A wireless access point (AP) is the equivalent of an Ethernet hub. The wireless NICs connect to the AP, and the AP manages network communication.
A wireless bridge connects two wireless APs into a single network or connects your wireless AP to a wired network. Most APs today include bridging features.
Many wireless access points include ports (or hubs, switches, or routers) to connect the wireless network to the wired portion of the network.
An STA is a wireless network card (NIC) in an end device such as a laptop or wireless PDA. STA often refers to the device itself, not just the network card.
Access Point (AP)
An access point (AP), sometimes called a wireless access point, is the device that coordinates all communications between wireless devices as well as the connection to the wired network. It acts as a hub on the wireless side and a bridge on the wired side. It also synchronizes the stations within a network to minimize collisions.
Basic Service Set (BSS)
A BSS, also called a cell, is the smallest unit of a wireless network. All devices in the BSS can communicate with each other. The devices in the BSS depend on the operating mode:
In an ad hoc implementation, each BSS contains two devices that communicate directly with each other.
In an infrastructure implementation, the BSS consists of one AP and all STAs associated with the AP.
All devices within the BSS use the same radio frequency channel to communicate.
Independent Basic Service Set (IBSS)
An IBSS is a set of STAs configured in ad hoc mode.
Extended Service Set (ESS)
An ESS consists of multiple BSSs with a distribution system (DS). The graphic above is an example of an ESS. In an ESS, BSSs that have an overlapping transmission range use different frequencies.
Distribution System (DS)
The distribution system (DS) is the backbone or LAN that connects multiple APs (and BSSs) together. The DS allows wireless clients to communicate with the wired network and with wireless clients in other cells.
Service Set Identifier (SSID)
he Service Set Identifier (SSID), also called the network name, groups wireless devices together into the same logical network.
All devices on the same network (within the BSS and ESS) must have the same SSID.
The SSID is a 32-bit value that is inserted into each frame. The SSID is case-sensitive.
The SSID is sometimes called the ESS ID (Extended Service Set ID) or the BSS ID (Basic Service Set ID). In practice, each term means the same thing. Note: Using BSS ID to describe the SSID of a BSS is technically incorrect.
Basic Service Set Identifier (BSSID)
Basic Service Set Identifier (BSSID)
Basic Service Set Identifier (BSSID)
The BSSID is a 48-bit value that identifies an AP in an infrastructure network or a STA in an ad hoc network. The BSSID allows devices to find a specific AP within an ESS that has multiple access points, and is used by STAs to keep track of APs when roaming between BSSs. The BSSID is the MAC address of the access point and is set automatically.
Note: Do not confuse the BSSID with the SSID. They are not the same thing.
What type of virtualization completely simulates a real physical host
Wireless clients seem to take a long time to find the wireless access point You want to reduce the time it takes for the clients to connect
Decrease the beacon interval
You want to connect your client computer to a wireless access point connected to your wired network at work. The network administrator tells you that the access point is configured to use WPA2 personal with the strongest encryption method possible . SSID broadcast is turned on. What must you configure manually on the client
You adminster a network with windows 2000 and UNIX servers, and windows 2000 professional, windows 98 and macintosh clients. A user of Windows 98 computer calls you one day and says he is unable to access resources on the network. You type ipconfig on the user’s computer and receive the following output:
0 Ethernet adapter:
you also check you NIC and see the link light on.
what might be the problem?
Unavailable DHCP Server
You manage a network with two switches. The seitches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch also in VLAN 1
What should you configure to allow communication between these two devices through the switches?
a trunk port is used to connect two switches together
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to /centralize remote access authentication and authorization.
What is required part of your configuration?
Configure the remote access servers as Radius clients
what are characterisitcs of TACACS+
Allows for possible of three different servers, one each for authentication, authorizaiton, and accounting
You have a small home wireless network that uses WEP. The access point is configured as the DHCP server and a NAT router that connects to the Internet. You do not have a RADIUS server. What authenticaiton method should you choose?
you have purchased a used wireless point and want to set up a small wireless network at home. The access point only supports WEP.
You want to configure the most secure settings on the access point. Which of the following would you configure?
You need to configure a wireless network. You want to use WPA Enterprise. Which of the following components will be part of your design?
you have a small wireless network that uses multiple access points. The network currently uses WEP YOu want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop?
On wireless networks, which technology is employed to provide the same type of protection that cables provide on a wired netwrork?
On a wireless network that is employing WEP, which type of user is allowed to authenticate through the access points?
users with the correct WEP key
What protocols or mechanisms is not used to proved security on a wireless network?
remote desktop protocol
You need to add security for your wireless network. You would like to use the most secure method
What specifications identify security that can be added to wireless networks?
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
What wireless security methods uses a common shared key configured on the wireless access point and all wireless clients:
WEP, WPA personal, WPA2 personal
you want to implement 802.1x authentication on you wireless network. What will be required?
What encryption method isused by WPA for wireless networks?
You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want ot control access to the private network through a single server.
What network layer protocol provides authentication and encryption services for IP based network traffic?
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the internet in these locations. What protocol would be most likely to be allowed throught he wides number of firewalls?
VPN is used primarily for what purpose
Support secured communications over an untrusted network
You are in the middle of a big project at work. all of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the files on the server, and print files to a printer connected to a computer ate home.
What protocol should you use?
Remote desktop protocol
IPSec is implemented through two separate protocols. what are these protocols called?
AH-provides authentication and non-repudiation services
ESP provide data encryption services for the data packet
What protocols can your portable computer use to connect to your company’s network via a virtual tunnel through the internet?
VPN protocols that allow company access on a public Network
YOu want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. What protocol is suitable for this task?
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall?
source address of a packet
destination address of a packet
You have recently installed a new Windows Server 2003 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the Internet. Now you must configure the firewall on your network to allow time synchronization traffic through. What port are you most likely to open on the firewalls
You have a router that is configured as a firewall. The router is a layer 3 device only. What does the router use for identifying allowed or denied packets?
What network services or protocols use TCP/IP port 22
You company uses a very fast internet connection and pays for a based on usage. You have been asked by the company president to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance?
Install a proxy server
You have accompany network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a web server publicly available to the Internet users.
Use firewalls to create a DMZ. Place the web server inside the DMZ, and the private network behind the DMZ
What are characteristics of a circuit-level gateway?
Filters based on sessions, and stateful
makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session.
You want to install a firewall that can reject packets that are not part of an active session. What type of firewall should you use?
What functions are performed by proxies?
Cache web pages
block employees from accessing certain Web sites
after blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service what needs to be done
open port 25 and allow SMTP
How does a proxy server differ from a packet filtering firewall?
A proxy server operates at the Application layer, while the packet filters firewall operates at the network layer
Haley configures a web site using windows 2000 default values. what are the HTTP port and SSL port settings
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information.
How should you place devices on the network to best protect the servers?
Put the database server on the private network and the web server inside the DMZ
You administer a Web server on your network. The computer has multiple IP addresses: 192.168.23.2 to 192.168.23.24. The name of the computer is www.westsim.com. You configured the web site as follows:
Ip add. 192.168.23.2
HTTP port: 1030
SSl POrt 443
users complain that they can’t connect to the web site when they type it in . What is the likely source?
The HTTP port should be changed to 80
You are configuring a firewall to allow access to a server hosted on the DMZ of your network. You open TCP/IP ports 80, 25, 110 and 143. Assuming that no other ports on the firewall need to be configured to provide access, what applications are most likely to be hosted on the server?
What protocol and port number is used by TFTP?
You are the administrator for a secure network that uses firewall filtering. several network users have requested to access Internet. Usenet groups fut are unable. What needs to be done to allow users to access news groups?
Open port 119 to allow NNTP service
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet based attacks.
What would you use?
Host based firewall
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two server. What type of device should you use to create the DMZ
Network based firewall
What does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL: access control list is configured with statements that identify traffic characteristics, such as the direction of traffic, the source or destination IP address and the port number
What measures are you most likely to implement in order to protect against a worm or trojan horse?
What is a form a of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of what kind of attack
denial of service
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transaction from occurring?
Denial of service attack
Which of the following is the best countermeasure against man-in-the middles attacks?
What statements about the use of anti-virus software is correct?
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?
Rogue access point
Users on your network report that they have received an e-mail stating that the company has just launched a new web site for employees, and to access the web site they need to go there and enter their username and password information. No one in your company has sent this e-mail.
What type of attack is this?
You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You successfully restore all files from backup, but your boss is adamant the this situation does not reoccur. What do to do?
Install a network virus detection software solution.
What are examples of social engineering?
A smurf attack requires all but which of the following elements to be implemented?
What is the primary countermeasure to social engineering?