Appendix A. Answers to the Review Questions
Chapter 1
1. B. One of the disadvantages of the physical bus topology is that it’s prone to cable faults. In addition, a fault on the cable can render the entire network unusable. The advantages of the physical bus topology are that the cabling is simple, and no additional network hardware is required to create the network.
2. A, B, D. VLANs can be created by using protocol assignments, by defining the ports on a device as belonging to a VLAN, or by using MAC addresses. VLANs cannot be created by using the NetBIOS computer name.
3. C. A VPN provides a secure communication path between devices over a public network such as the Internet. None of the other answers describes a VPN.
4. A. In a mesh topology, each device is connected directly to every other device. If there is a break in the connection between two devices, alternative paths between the two systems are available. None of the other topologies provide this level of redundancy.
5. C. A VPN extends a local area network by establishing a remote connection using a public network such as the Internet. A VPN provides a point-to-point dedicated link between two points over a public IP network. The VPN link can be used to connect remote networks via the Internet. A star is a type of topology and does not represent a method of connecting two networks. A VLAN is a virtual LAN and a method of dividing a network for security and performance reasons.
6. A, B, C. Many elements are involved in establishing a VPN connection. This includes the VPN client to initiate the session, the VPN server to answer the client requests, and the VPN protocols to secure and establish the connection.
7. B. The star-bus topology is a combination of the star topology and the bus topology. The bus topology forms the connection between star networks. The ad hoc topology refers to a wireless network that does not use an access point.
8. A. The diagram shows the physical bus topology. None of the other answers are valid.
9. C. The infrastructure wireless topology is commonly used to extend a wired LAN to include wireless devices. Wireless devices communicate with the wired LAN through a base station known as an access point or Wireless Access Point. The AP forms a bridge between a wireless and wired LAN, and all transmissions between wireless stations or between a system and a wired network client go through the AP.
10. C. A star topology is created when each node on the network is connected to a central device. None of the other answers are valid.
11. A. In a point-to-point (PtP) wireless configuration, the communication link travels from one node directly to one other node. Wireless point-to-point systems are often used in wireless backbone systems such as microwave relay communications, or as a replacement for a single wired communication cable. The point-to-point link can be used to connect two locations to share data and resources. A wireless mesh is an interconnection between wireless devices creating a redundant link between all nodes.
12. D. The infrastructure wireless topology is commonly used to extend a wired LAN to include wireless devices. Wireless devices communicate with the wired LAN through a base station known as an access point or wireless access point. The AP forms a bridge between a wireless and wired LAN, and all transmissions between wireless stations or between a system and a wired network client go through the AP.
13. D. The term WAN (wide area network) describes a network that spans more than one geographic location. A PAN (personal area network) is a small network connecting personal devices such as printers, PDAs and more. A LAN (local area network) is confined to a single geographic location, such as a single building, office, or school. A
14. D. The diagram shows a physical ring topology. All the other answers are incorrect.
15. B. Physical star networks use centralized devices to connect nodes on the network. Because devices can be plugged and unplugged from these devices without affecting any other systems on the network, star configurations are easy to expand. The disadvantages of a physical star network are that they require more cable than other topologies, require additional networking equipment, and create a single point of failure. For more information, see the section “LAN Topologies” in this chapter.
16. C. The IEEE 802.11 standard defines wireless networking architectures.
17. C. A mainframe is an example of a centralized computing model. All the other answers are incorrect.
18. B. The wired mesh topology requires each computer on the network to be individually connected to every other device. This configuration provides maximum reliability and redundancy for the network. However, it is costly to implement because of the multiple wiring requirements.
19. A. A star topology is shown in the diagram. All the other answers are incorrect.
20. A. VLANs are used for network segmentation, a strategy that significantly increases the performance capability of the network, removes potential performance bottlenecks, and can even increase network security. For more information, see the section “Virtual Local Area Network (VLAN)” in this chapter.
Chapter 2
1. A, C. RS-232 is a TIA/EIA standard for serial transmission between computers and peripheral devices such as modems, mice, and keyboards. RS-232 commonly uses a 25-pin DB-25 connector or a 9-pin DE-9 connector.
2. C. The 568A and 568B are telecommunications standards from the Telecommunications Industry Association (TIA) and the Electronics Industry Association (EIA). These 568 standards specify the pin arrangements for the RJ-45 connectors on UTP or STP cables.
3. C. F-Type connectors are most commonly associated with the coaxial cable used to connect with cable Internet modems. F-Type connectors are not used on cables with IEEE 1394 or FireWire connectors, nor are they used with STP cabling.
4. D. Category 6 high-performance UTP cable is rated and approved for 10GBASE-T networks. Category 6 has a minimum of 250 MHz of bandwidth and specifies cable distances up to 100-meter cable length with 10/100/1000Mbps transfer, along with 10Gbps over shorter distances.
5. C. To add a client to an existing network that uses Category 5 UTP, you would work with RJ-45 connectors. SC and ST connectors are used with fiber-optic cable, and RJ-11 is the connector type associated with telephone cable.
6. B. Plenum cables are coated with a nonflammable material, often Teflon or Kynar, and do not give off toxic fumes if they catch fire. Plenum-grade cables are typically run in floors and in walls.
7. C. RJ-45 connectors are associated with UTP cabling, whereas SC connectors are associated with fiber-optic cabling. Because the network design is high speed (1000Mbps), you would need to use Category 5e cabling or higher. All fiber-optic cable is capable of speeds in excess of 1000Mbps.
8. B. The interference created between wires in a cable is called crosstalk. Attenuation is the term given to the loss of strength in a signal as it travels over the media. Frequency Division Multiplexing (FDM) is a technology that enables more than one signal to be transmitted across a cable at one time. Disruption is not a term used to describe the interference created between wires in a cable.
9. C. The rollover cable is a Cisco proprietary cable used to connect a computer system to a router or switch console port. The rollover cable resembles an Ethernet UTP cable; however, it is not possible to use on anything but Cisco equipment. Like UTP cable, the rollover cable has eight wires inside and an RJ-45 connector on each end that connect to the router and the computer port.
10. B. The maximum distance for multimode fiber is 412 meters. Single-mode fiber increases the distance to 10,000 meters. Answers C and D are not valid.
11. A. A loopback cable is a tool used to test and isolate network problems. The loopback plug redirects outgoing data signals back to the system. The system interprets it as both sending and receiving data, and the corresponding LEDs should light. The loopback cable enables you to connect networking devices directly, without the need for a switch.
12. C. Because fiber uses light to transmit data, it is not susceptible to EMI and cross talk. It is the media of choice in high-interference network environments. All the other cable types mentioned are copper-based and are therefore susceptible, to varying degrees, to EMI and cross talk. It is not a type of network media.
13. A. Crossover cable are commonly used to interconnect network devices such as routers, switches and hubs. The crossover cable can even be used to directly network two PCs together without using a hub or switch. This is done because the cable performs the function of switching.
14. C. There are two main types of punchdown blocks used in industry today, type 66 and type 110. Type 66 is of older design and uses 50 rows of IDC (insulation-displacement connector) contacts to accommodate 25-pair cable. Block 66 was primarily used for voice communication and, although approved for Category 5, might not be suitable due to crosstalk. 110 blocks are used for today’s networks and fully support the higher grade twisted-pair cable.
15. A. F-Type connectors are used with coaxial cabling. They are not used with fiber-optic cable. SC, ST, and LC connectors are used with fiber-optic cabling.
16. D. Attenuation refers to signal degradation as it travels through media. Cross talk is the term used to refer to interference from other cables; EMI is a condition created by electronic or mechanical equipment. Plenum is not a type of interference; it is the term used to classify cables suitable for installation in suspended ceilings and other enclosed areas.
17. A. Within the telecommunications room, horizontal cabling connects the telecommunication room to the end user. The horizontal cabling extends from the telecommunications outlet, or network outlet with RJ-45 connectors, at the client end, and includes all cable from that outlet to the telecommunication room. A patch cord finishes the connection between the client system and telecommunication wall jack.
18. C. Single-mode fiber enables faster transfer rates than multimode fiber and supports longer data transmissions. SC and ST are types of fiber connectors, not types of cable.
19. D. Because of the construction of fiber cable and that it uses light transmission rather than electronic signals, it is resistant to tampering and eavesdropping. All the other cable types listed are copper-based and are therefore less secure than fiber-based media. FTP is a protocol used for transferring files between systems on a network. It is not a type of network media.
20. D. The crossover cable can be used to directly network two PCs together without using a hub or switch. This is done because the cable performs the function of the switch. Using a straight-through cable and crossover cable to interconnect hubs and switches is covered in the next chapter.
Chapter 3
1. D. The term bandwidth shaping describes the mechanisms used to control bandwidth usage on the network. With this, administrators can control who uses bandwidth, for what, and the time of day bandwidth can be used. Bandwidth shaping establishes priorities to data traveling to and from the Internet and within the network.
2. A, C. Multilayer switches are network devices that operate on Layer 2 and Layer 3 of the OSI model. This means that the device can operate both as a switch and as a router.
3. B. The function of a DNS server is relatively simple in that it provides name resolution from hostnames to IP addresses.
4. B. Bridges make forwarding decisions based on the destination MAC address embedded in each packet. Routers use software addresses, such as IP addresses, to make forwarding decisions. Answers C and D are not valid options.
5. C. A switch uses the MAC address of the connected device to determine the port to which data is forwarded. Routers use software addresses, such as IP addresses, to make forwarding decisions. Answer B is not valid. Although there are many addressing schemes used on networks, Ethernet address is not a valid term. Therefore, answer D is incorrect.
6. A. A proxy server sits between a client computer and the Internet, looking at the web page requests sent by the client. For example, if a client computer wants to access a web page, the request is sent to the proxy server rather than directly to the Internet. The proxy server first determines whether the request is intended for the Internet or for a web server locally. If the request is intended for the Internet, the proxy server sends the request out as if it had originated the request. Web information can be cached and returned to the client; if no cached information is available, it will go to the Internet to get the information. A DNS server is used for hostname to IP resolution, the DHCP server is used to automatically distribute TCP/IP information and the RAS server is for remote access.
7. B. The purpose of Power over Ethernet (PoE) is described in the name. Essentially, PoE is a technology that enables electrical power to be transmitted over twisted-pair Ethernet cable. The power is transferred, along with data, to provide power to remote devices. These devices can include remote switches, wireless access points, Voice over IP (VoIP) equipment, and more.
8. B, C, D. The uplink port can connect hubs and switches together, using a standard twisted-pair cable. All the other answers are invalid.
9. C. Routers use the software-configured network address to make routing decisions. Bridges use MAC addresses to make decisions. Answer D is not valid. The FCS (that is, frame checksum) field is used for error detection.
10. D. Data signals weaken as they travel down a particular media. This is known as attenuation. To increase the distance a signal can travel, we can use repeaters. Repeaters regenerate the data signal as it passes enabling it to travel farther.
11. A, B. The Spanning Tree Protocol using the spanning-tree algorithm can place ports in several states. Ordinarily, they are in a forwarding or blocking state, but they can also be in a listening, learning, and disabled state.
12. D. An active hub regenerates the data signal before forwarding it to all connected devices. Active hubs come in both managed and unmanaged varieties. Answer B describes the action of a switch. Answer C is invalid.
13. B. A firewall is a networking device, either hardware- or software-based, that controls access to your organization’s network. This controlled access is designed to protect data and resources from outside threats, such as intruders from a public network.
14. A. The purpose of Power over Ethernet (PoE) is to enable electrical power to be transmitted over twisted-pair Ethernet cable. The power is transferred, along with data, to provide power to remote devices. These devices can include remote switches, wireless access points, VoIP equipment, and more.
15. B. A 16550 UART chip is capable of speeds up to 115,200bps. None of the other answers represent the speed for the 16550 UART chip.
16. D. The bridging method used on Ethernet networks is called transparent because the other network devices are unaware of the existence of the bridge. Source-route bridges are used on Token-Ring networks, invisible is not a type of bridge, and cut-through is a switching method, not a type of bridge.
17. C. In computer networking, the term trunking refers to the use of multiple network cables or ports in parallel to increase the link speed beyond the limits of any one single cable or port.
18. C. CSUs/DSUs convert the digital signals used on a LAN to the digital signals used on a WAN. The process described in answer A would be performed by a gateway, and the process described in answer B would be performed by a modem. Answer D is not valid because WANs commonly use digital signals.
19. A. Routers make routing decisions based on the software-configured network address, which is protocol dependent. ARP is a protocol used to translate IP addresses to MAC addresses. There is no such thing as an ARP address. Answers C and D are invalid.
20. A, B, C. You should verify bus compatibility, network compatibility, and hardware compatibility before you buy a new NIC. You do not typically need to concern yourself with cooling requirements of a component.
Chapter 4
1. A. Web browsers use HTTP to retrieve text and graphics files from web servers. Answer B describes NTP; answer C describes SSH or Telnet; and answer D describes the function of WINS.
2. C. The term lease describes the amount of time a DHCP client is assigned an address. All the other terms are invalid.
3. A, C. Both UDP and TCP are transport protocols. IP is a network protocol, and NCP is an application protocol.
4. C. The mput command, which is an abbreviation for multiple put, enables more than one file to be uploaded at a time. mget is used to download multiple files in a single command; put is used to upload a single file; and get is used to download a single file.
5. D. DNS is a system that resolves hostnames to IP addresses. The term FQDN describes the entire hostname. None of the other services use FQDNs.
6. C. ARP resolves IP addresses to MAC addresses. Answer A describes the function of RARP; answer B is incorrect because ARP is not used to secure RARP; and answer D describes the process of DNS resolution.
7. D. NTP communicates time synchronization information between systems. NFS is typically associated with accessing shared folders on a Linux system. Utilization information is communicated to a central management system most commonly by using the SNMP protocol.
8. D. POP3 uses port 110 for network communication. Port 21 is used for FTP; port 123 is used by NTP; and port 443 is used by HTTPS.
9. D. Port 443 is used by HTTPS. Therefore, the application you configure is likely to be a secure website application. A virtual terminal application is most likely to use Telnet on TCP/IP port 23, or SSH on port 22. A web-based email application is most likely to use the HTTP protocol on TCP/IP port 80. An FTP server would need access to the TCP/IP ports for the FTP protocol, which are 20 and 21.
10. A. A reverse lookup resolves an IP address to a hostname rather than the hostname-to-IP address resolution normally performed by DNS. Answer B is not valid; answer C describes the process of a standard DNS resolution; and answer D is not a valid answer.
11. B. The term that refers to a message sent by an SNMP agent when a condition is met is trap message. None of the other terms describe the message sent by SNMP.
12. A. Well-known ports are defined in the range 0 to 1023. Answer B describes the range known as registered ports 1024 to 49151. Answer C describes the dynamic, or private, ports, which range from 49152 to 65535. Answer D is not a valid answer.
13. D. FTP is an application protocol. TCP and UDP are transport protocols, and IP is a network protocol.
14. C. The Real-time Transport Protocol (RTP) is the Internet-standard protocol for the transport of real-time data, including audio and video. SCP enables files to be copied securely between two systems.
15. A. SNMP enables network devices to communicate information about their state to a central system known as a manager. It also enables the central system to pass configuration parameters to the devices. In this way it helps monitor the network.
16. C. DNS performs an important function on TCP/IP-based networks. It resolves hostnames, such as www.examcram.com, to IP addresses, such as 209.202.161.67. If DNS is not present or working correctly, it would not be possible for a system to resolve hostnames to IP addresses.
17. C. There are several top-level DNS names reserved. These include .com (commercial organizations), .edu (educational organizations/establishments), and .gov (government).
18. C. Telnet uses port 23. If an administrator blocked this port, the Telnet service would be unavailable. FTP uses ports 20 and 21, SSH uses port 22, and SMTP uses port 25.
19. A. TCP is an example of connection-oriented transport protocol. UDP is an example of a connectionless protocol. Connection-reliant and connection-dependent are not terms commonly associated with protocols.
20. B, C. If port 143 were blocked, the IMAP4 protocol would be blocked. IMAP4 is used to retrieve email from a email server. If port 25 were blocked, the SMTP service would be unavailable. SMTP is used to transport email throughout the network. Answer A is incorrect because TFTP uses port 69, and answer D is incorrect because DNS uses port 53.
Chapter 5
1. C. OSPF is a link-state routing protocol used on TCP/IP networks. RIP is a distance-vector routing protocol used on both TCP/IP and IPX/SPX networks; ARP is a component of the TCP/IP protocol suite. NLSP is a link-state routing protocol used on IPX/SPX networks.
2. C. The term SNAT refers to a configuration whereby a private IP maps address directly to a static unchanging public IP address. Choice B is incorrect because DNAT maps a private IP address to a public IP address using a pool of public IP addresses. The function of NAT is to enable systems to “hide” behind a single IP address. Using NAT means that only one registered IP address is needed on the external interface of the system acting as the gateway between the internal and external networks.
3. C. Split horizon is a routing algorithm that dictates that routes are not advertised back on the interface from which they were learned. Choice A describes the operation of the split horizon with poison reverse algorithm. None of the other answers are valid.
4. C. In a network that uses distance-vector routing protocols, routers advertise details of the routers they know about. These updates are sent to all the neighbor routers. Answer A describes the actions on a link-state-based network. Answers B and D are invalid.
5. A. A count to infinity occurs when two routers provide information on the same destination and so create a routing loop. All the other answers are invalid.
6. A. Each step in the path between a router and its destination is called a hop. The other terms are not used in networking.
7. D. RIP is a distance-vector routing protocol used on TCP/IP networks. ARP is a component of the TCP/IP protocol suite. NLSP is a link-state routing protocol used on IPX networks, and OSPF is a link-state routing protocol used on TCP/IP networks.
8. B. The 131.16 range is from the Class B range and is not one of the recognized private IP address ranges. All the other address ranges are valid private IP address ranges.
9. A. Class B addresses fall into the range 128 to 191. Therefore, Answer A is the only one of the addresses listed that falls into that range. Answer B is a Class A address, and Answers C and D are both Class C IP addresses.
10. B. The address given is a Class C address; therefore, if you use the default subnet mask, the first three octets represent the network address. None of the other answers are valid.
11. A. External Gateway Protocol specifies routing protocols outside the local LAN. In this case the BGP protocol is an EGP protocol. Internal Gateway protocols include RIP and OSPF.
12. D. The broadcast address for a network uses the network ID, and all other octets in the address are set to all nodes to indicate that every system should receive the message. Therefore, with a network address of 14, the broadcast address is 14.255.255.255. None of the other answers are valid.
13. A, C. The IPv4 address (127.0.0.1) is reserved as the loopback address; IPv6 has the same reservation. IPv6 addresses 0:0:0:0:0:0:0:1 are reserved as the loopback addresses. The address can also be shown using the :: notation with the zeros removed as ::1.
14. B. In CIDR terminology, the number of bits to be included in the subnet mask is expressed as a slash value. If the slash value is 24, the first three entire octets form the subnet mask, so the value is 255.255.255.0. None of the other answers are correct.
15. D. Using NAT, many computers can “hide” behind a single IP address. The main reason we need to do this is because there aren’t enough IPv4 addresses to go around. Using NAT means that only one registered IP address is needed on the external interface of the system acting as the gateway between the internal and external networks.
16. B, C, D. A key difference between IPv4 and IPv6 is in the address types. When it comes to IPv6 addresses, there are three main types of addresses: unicast, multicast, and anycast addresses. IPv4 uses broadcast addressing, whereas IPv6 doesn’t.
17. B. IPv6 addresses are expressed in hexadecimal format and can therefore use only the letters A through F and numbers. They are also expressed in eight parts. None of the other answers fit these criteria.
18. C. An IPv4 broadcast address is an IP address that you can use to target all systems on a subnet or network instead of single hosts. In other words, a broadcast message goes to everyone on the network.
19. B. In IPv6, unique local addresses are equivalent to the IPv4 private address space (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). Like IPv4, where private address ranges are used in private networks, IPv6 uses site-local addresses. Site-local addresses are not automatically configured and must be assigned either through stateless or stateful address configuration processes. The prefix used for the site-local address is (FC00::/7).
20. A. Link-local addresses are automatically configured on all interfaces. This automatic configuration is equivalent to the 169.254.0.0 automatically assigned IPv4 addressing. The prefix used for a link-local address is fe80::.
21. D. The first three bytes (00:D0:59) identify the manufacturer of the card; because only this manufacturer can use this address, the first three bytes are known as the Organizational Unique Identifier (OUI). The last three bytes (09:07:51) are then referred to as the Universal LAN MAC address.
Chapter 6
1. B. The 10GBaseER standard specifies a maximum transmission distance of 40,000 meters. The 10GBaseSR standard specifies a maximum transmission distance of 300 meters, whereas 10GBaseLR specifies a maximum transmission distance of 10,000 meters. 10GBaseXR is not a recognized 10 Gigabit Ethernet standard.
2. A. Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is defined in the IEEE 802.3 standard. On an Ethernet network using CSMA/CD, when a system wants to send data to another system, it first checks to see whether the network media is free. It must do this because each piece of network media used in a LAN can carry only one signal at a time. If the sending node detects that the media is free, it transmits, and the data is sent to the destination. Collision avoidance is an access method used by 802.11 wireless systems and uses avoidance instead of detection as an access method. Token passing and demand property are access methods rarely used today.
3. B. The IEEE 802.3 standard defines the Ethernet networking system, which uses CSMA/CD as its media access method. 802.2 defines specifications for the LLC sublayer of the 802 standard series. 802.4 defines the use of a token-passing system on a linear bus topology. 802.5 defines token ring networking.
4. D. 100BaseFX has the potential to transmit distances that exceed 600 meters. However, to reach distances of 600 meters, you need to use single-mode fiber. Of the other standards, 100BaseT can reach only 550 meters when using Category 5e or Category 6 cabling.
5. C. The 10GBaseT standard specifies 10-gigabit speeds over twisted-pair cable. It is possible for networks using Category 6 cable to upgrade to these speeds; however, the transmission range is limited to 55 meters with Category 6 cable. Transmission range is limited to 100 meters with Category 6a cable.
6. B. The 10GBaseER standard provides 10GBps transmission speeds over distances up to 10,000 meters. It is a currently ratified IEEE 802.3 standard. 100BaseFX runs at only 100Mbps, which makes it the slowest of the technologies listed in the answer. 10GBaseSR can be used only over distances up to 330 meters. 10GBaseWR is not a recognized 10Gbps standard.
7. A. 10GBaseSR/SW is designed for LAN or MAN implementations, with a maximum distance of 300 meters using 50 micron multimode fiber cabling. 10GBaseSR can also be implemented with 62.5 micron multimode fiber cabling but is limited to 33 meters.
8. D. Many substandards fall under the 802.3 Ethernet banner. One is the 802.3an standard for 10GBaseT networking. The 10GBaseT standard calls for 10-gigabit networking over Category 6 or 6a twisted-pair cable.
9. D. 100BaseT4 is a Fast Ethernet standard that can use existing Category 3 cable and have transmission speeds of up to 100Mbps. 100BaseVG-AnyLAN can also use Category 3 cable, but it uses a demand priority access method. 100BaseTX requires Category 5 cable, and 100BaseFX uses fiber-optic cable.
10. B, C, and D. Fast Ethernet standards are specified in the IEEE 802.3u standard. Three standards are defined by 802.3u: 100BaseTX, 100BaseT4, and 100BaseFX. Of the three, the FX standard uses fiber-optic cable and. 10GBaseT uses the 802.3an designation.
11. A, B, and D. Three standards are associated with 802.3z: 1000BaseLX, 1000BaseSX, and 1000BaseCX. 10GBaseSR is a 802.3ae Gigabit Ethernet standard.
12. D. The 10GBaseLW standard is designed to be used over long-wavelength single-mode fiber, giving it a potential transmission range of anywhere from 2 meters to 10 kilometers. This transmission range makes the standard available for LAN, MAN, and WAN deployments. 100BaseCX uses STP cable and has a transmission distance of 25 meters, 100BaseT uses UTP/STP cabling category 5 or higher and has a transmission range of 100meters, and 10GBaseT using copper-based media reaches segment distances of up to 100 meters.
13. B. The 1000BaseT standard uses UTP/STP cabling category 5 or better and offers a segment maximum of 100 meters.
14. D. 100BaseFX is a Fast Ethernet standard implemented on fiber-optic cabling. It is more expensive and more difficult to install than 100BaseTX, which uses twisted-pair cabling. Both standards have a maximum speed of 100Mbps; however, 100BaseFX can be used over greater distance than 100BaseTX.
15. A and C. Both 1000BaseCX and 10GBaseT high-speed standards specify twisted-pair cable for transfer. The drawback is shorter transmission range. The 1000BaseCX standard calls for STP copper and is limited to 25 meters. The 10GBaseT standard calls for Category 6/6a cable and is limited to 55 and 100 meters, respectively.
16. A. The 802.3ab standard specifies Gigabit Ethernet over Category 5 UTP cable. The standard enables for full-duplex transmission using the four pairs of twisted cable. To reach speeds of 1000Mbps over copper, a data transmission speed of 250Mbps is achieved over each pair of twisted-pair cable.
17. B. 1000BaseLX can transmit up to 5,000 meters, using single-mode fiber. 1000BaseCX uses copper-based cabling restricted to 25 meters; 1000BaseSX distance ranges from about 275 meters to 316 meters depending on fiber cabling used; and 10GBaseT uses copper-based media with a transmission range per segment of about 100 meters.
18. C. Single-mode fiber enables faster transfer rate than multimode fiber and supports longer data transmissions. SC and ST are types of fiber connectors, not types of cable.
19. C. The 802.3an standard specifies 10-gigabit transfer speeds over copper cable. 10GBaseT offers these speeds over both Category 6 and 6a cable.
20. A. Baseband transmissions use digital signaling. Analog signaling is associated with broadband.
Chapter 7
1. B and C. Wireless standards specify an radio frequency (RF) range on which communications are sent. The 802.11b and 802.11g standards use the 2.4GHz range. 802.11a is incorrect because it uses the 5GHz range, and 802.11t is not a valid standard.
2. A. Ordinarily the default channel used with a wireless device is adequate; however, it might be necessary to change the channel if there is overlap with another nearby access point. The channel should be changed to another nonoverlapping channel. Changing the channel would not impact the WEP security settings.
3. D. An AP has a limited distance that it can send data transmissions. When a client system moves out of range, it can’t access the AP. Many strategies exist to increase transmission distances, including RF repeaters, amplifiers, and buying more powerful antennas. The problem is not likely related to the SSID or WEP settings because the client had access to the network before and no settings were changed.
4. B. Beacons are an important part of the wireless network because they advertise the presence of the access point so systems can locate it. Wireless clients automatically detect the beacons and attempt to establish a wireless connection to the access point. Answers A, C and D are invalid.
5. A. On a wireless connection between an access point and the client, each system must be configured to use the same WEP security settings. In this case, they must both be configured to use 128-bit encryption.
6. C. Both WEP-open and WEP-shared are forms of wireless security. WEP-open is the simpler of the two authentications methods because it does not perform any type of client verification. It is a weak form of authentication because there is no proof of identity. WEP-shared requires that a WEP key be configured on both the client system and the access point. This makes authentication with WEP-shared mandatory and therefore more secure for wireless transmission.
7. A. 802.1X is an IEEE standard specifying port-based network access control. Port-based network access control uses the physical characteristics of a switched local area network (LAN) infrastructure to authenticate devices attached to a LAN port and to prevent access to that port in cases where the authentication process fails.
8. D. The IEEE standard 802.11n can use either the 2.4GHz or 5GHz radio frequencies. 802.11a uses 5GHz, 802.11b uses 2.4GHz, as does the 802.11g standard.
9. D. Multiple input multiple output (MIMO) is used by the 802.11n standard and takes advantage of multiplexing to increase range and speed of wireless networking. Multiplexing is a technique that combines multiple signals for transmission over a single line or media. MIMO enables the transmission of multiple data streams traveling on different antennas in the same channel at the same time. A receiver reconstructs the stream that has multiple antennas.
10. C. There are three main components of the 802.1X security framework. The supplicant is the system or node requesting access and authentication to a network resource. The authenticator usually is a switch or AP that acts as a control mechanism enabling or denying traffic to pass though a port. Finally, the authentication server validates the credentials of the supplicant trying to access the network or resource.
11. B and C. The 802.11b and 802.11g standards use channels 1–11 in the 2.4GHz frequency range. Of the channels, 1, 6, and 11 are considered nonoverlapping, which means there is less chance for interference.
12. C. The WPA wireless security protocol uses TKIP (temporal key integrity protocol), which scrambles encryption keys using a hashing algorithm. Then the keys are issued an integrity check to verify that they have not been modified or tampered with during transit. TKIP encryption is not used with WEP.
13. B. RADIUS is a protocol that enables a single server to become responsible for all remote access authentication, authorization, and auditing (or accounting) services. RADIUS functions as a client/server system.
14. A. Orthogonal Frequency Division Multiplexing (OFDM) is a transmission technique that transfers large amounts of data over 52 separate, even-spaced frequencies. OFDM splits the radio signal into these separate frequencies and simultaneously transmits them to the receiver. By splitting the signal and transferring over different frequencies, the amount of cross talk interference is reduced. OFDM is associated with the 802.11n wireless standard.
15. D. By the description, it sounds like the client has moved beyond the reach of the AP. To try to accommodate the client, an RF repeater could be used to duplicate and forward the wireless signal. It would not be wise to move the wireless access point because the move might put it out of reach for other network users. Changing the wireless channel would not help but would prevent the user from accessing the AP altogether.
16. C. An omnidirectional antenna is designed to provide a 360-degree dispersed wave pattern. This type of antenna is used when coverage in all directions from the antenna is required. Omnidirectional antennas are good to use when a broad-based signal is required. This is in contrast to a directional antenna, which works more for a point-to-point connection.
17. B. IEEE 802.11g/b wireless systems communicate with each other using radio frequency signals in the band between 2.4GHz and 2.5GHz. Neighboring channels are 5MHz apart. Therefore, channel 3 would use the 2422 RF (2412+5+5).
18. D. Disabling the SSID broadcast would prevent the SSID name from being displayed on wireless systems. In their default configuration, wireless access points typically broadcast the SSID name into the air at regular intervals. This feature of SSID broadcast is intended to enable clients to easily discover the network and roaming between WLANs. The problem with SSID broadcasting is that it makes it a little easier to get around security. SSIDs are not encrypted or protected in any way.
19. A. The 802.11a wireless standard uses the 5GHz frequency range. 802.11b/g use the 2.4GHz range.
20. C. The IEEE 802.11b standard for wireless networks defines a maximum speed of 11Mbps. With today’s wireless networking standards operating significantly faster, 802.11b deployments are increasingly rare.
Chapter 8
1. C. A T1 line has a transmission capability of 1.544Mbps and is considerably cheaper than a T3 line. X.25, and BRI ISDN cannot provide the required transmission speed.
2. D. A PVC is a permanent virtual circuit between two points, in this case over an ATM network. The PVC can be used to replace a hardwired dedicated end-to-end line. A PVC circuit is permanent. PVC cells cannot take alternative routes to an end point if circuit failure occurs, and even when not in use, bandwidth is still reserved for the PVC. An PVC represents a temporary virtual circuit established and maintained only for the duration of a data transfer session. PVCs are dynamically connected on an as-needed basis.
3. A and D. BRI ISDN uses 2B+1D channels, which are two 64Kbps data channels, and PRI-ISDN uses 23B+1D channels. The other answers are not valid.
4. C. The only technology in this question capable of transfer speeds above 2Mbps is a T3 line. None of the other technologies listed can provide the transmission speed required.
5. A. Several versions of digital subscriber line (DSL) exist; each is designed for a different purpose, and each offers different upload and download speeds. DSL can be symmetric, high-speed upload and download speeds, and asymmetric, slower upload speeds. VHDSL is an asymmetric version of DSL and offers speeds of 10Mbps and beyond. Answers B, C, and D are symmetric versions of DSL.
6. A, B, and D. Many elements are needed to make the connections in a Frame Relay network. This includes a FRAD (Frame Relay Assembler/Disassembler) designed to encapsulate and decapsulate information on packets to make them compatible with Frame Relay. The Frame Relay switch is responsible for routing the frames when they enter the Frame Relay network. The virtual circuit starts from the local network and the FRAD and connects to the FRAD on the receiving end. The virtual link is often a PVC. Answer C is incorrect because Frame Relay bridge is not a valid technology. Answer E, rate adaptive, refers to RADSL that can modify its transmission speeds based on the signal quality.
7. C. The Internet is a public network and commonly used to interconnect remote offices. To do this, technologies such as VPN and appropriate security protocols must be used.
8. C. When virtual circuit switching is used, a logical connection is established between the source and the destination device. None of the other answers are valid.
9. D. Home satellite systems are asymmetric; that is, download speeds are faster than upload speeds. A home satellite system is likely to use a modem for the uplink traffic, with downloads coming over the satellite link. Symmetric communication involves equivalent upload and download speeds. All other answers are invalid.
10. C. One clear advantage that ISDN has over the PSTN is its speed. ISDN can combine 64Kbps channels for faster transmission speeds than the PSTN can provide. ISDN is no more or less reliable than the PSTN. ISDN is more expensive than the PSTN. Answer D describes ATM.
11. D. Circuit switching is the process of creating a dedicated circuit between two communication end points and directing traffic between those two points. None of the other answers are valid types of switching.
12. A. ATM uses fixed packets, or cells, with lengths of 53 bytes—48 bytes for data information and 5 bytes for the header. None of the other technologies listed use this cell format.
13. B and D. The Internet and the PSTN are considered public networks and are therefore the most cost-effective data transmission solutions. ATM and FDDI are examples of private networking technologies.
14. B. Message switching uses a store-and-forward switching method. This method is impractical for real-time data transmissions but well suited for other applications, such as email. None of the other switching methods are associated with store-and-forward.
15. B and D. X.25 and Frame Relay are both packet-switching technologies. ATM and FDDI are not considered packet-switching technologies.
16. A. A public network has many advantages, but security is a concern because data transmissions can be intercepted. All the other answers are advantages of using a public network.
17. A and C. ATM uses two types of circuit switching: PVC and SVC. VCD and PCV are not the names of switching methods.
18. B. The D channel on an ISDN link carries signaling information, whereas the B, or bearer, channels carry the data. The other answers are not valid.
19. A and B. DTE and DCEs are associated with Frame Relay networks. The term DTE refers to terminating equipment located with a company’s network. Termination equipment includes such hardware as end-user systems, servers, routers, bridges, and switches. The DCE is the equipment owned by the carrier. This equipment provides the switching services for the network and therefore is responsible for transmitting the data through the WAN.
20. B. In a packet switching network, packets do not always use the same path or route to get to their intended destination. Referred to as independent routing, packet switching enables for a better use of available bandwidth by letting packets travel different routes to avoid high-traffic areas. Answer A is incorrect because circuit switching does not use independent routing; rather, it established a physical circuit that all packets follow. Answers C and D are incorrect because ISDN and PSTN are examples of circuit switching technologies.
Chapter 9
1. B. A switch uses the MAC addresses of connected devices to make forwarding decisions; therefore, it can operate at the data link layer of the OSI model. Additionally, today’s switches can operate at Layer 3, network layer because they provide mechanisms for the routing of data between devices across single or multiple network segments. Components at the physical layer define the actual connection to the network. Physical layer components include cabling and connectors. Protocols at the network layer handle addressing and route discovery. Protocols at the session layer deal with establishment and termination between systems or applications on the network. None of the other answers apply.
2. A, B, and D. Switches, bridges, and NICs operate at the data link layer of the OSI model, which is also known as Layer 2. A hub is defined as a physical layer (that is, Layer 1) device.
3. B. The synchronization of data between applications is performed at the session layer of the OSI model. Protocols at the transport layer establish, maintain, and break connections between two devices. Protocols at the presentation layer convert data so that it can be received from or sent to the network. Devices at the data link layer define the media access method and hardware addressing.
4. D. TCP is a connection-oriented protocol, which means that it guarantees delivery of data. Other protocols, such as UDP, are known as connectionless protocols because data delivery is not guaranteed. Both have advantages; UDP is faster because error checking mechanisms are not required. If data is not delivered, UDP will just keep sending. TCP uses error checking mechanisms to ensure data has been delivered but has a higher overhead due to this extra step.
5. C. Route discovery is performed by protocols that operate at the network layer of the OSI model. Devices at the data link layer define the media access method and hardware addressing. Protocols at the network layer handle addressing and route discovery. Protocols at the transport layer establish, maintain, and break connections between two devices.
6. A and C. The data link layer of the OSI model is divided into two distinct sublayers: the LLC sublayer and the MAC sublayer. None of the other answers are valid.
7. C and D. The transport layer is responsible for, among other things, performing error checking and verification, and establishing, maintaining, and breaking connections between devices. Synchronizing data exchange between applications occurs at the session layer. Error detection and handling for the transmitted signals occur at the data link layer.
8. A. Standards at the data link layer define how the network is accessed on a logical level. Do not confuse the function of the data link layer with that of the physical layer, which performs similar functions but at a physical rather than a logical level. The session layer handles the synchronization of data between applications on networked devices. Protocols at the presentation layer prepare data for transmission on the network or prepare data from the network to be passed to the application layer.
9. C. A hub operates at the physical layer of the OSI model. Components at the application layer are software-based. A router is an example of a network layer device. A switch can operate at level 2 and 3 of the OSI model.
10. C. The term package is not valid when referring to a logical grouping of bits. All the other answers are valid terms.
11. B. The physical layer of the OSI model defines the physical characteristics of the network, including voltages and signaling rates. The data link layer performs error detection and handling for transmitted signals. It also defines the method by which the media is accessed. The session layer handles the synchronization of data between applications on networked devices. Protocols at the presentation layer prepare data for transmission on the network or prepare data from the network to be passed to the application layer.
12. B. APs provide connectivity between wireless and wired portions of a network. They are classified as data link layer devices because they provide logical connectivity but are protocol-independent. Components at the physical layer define the actual connection to the network. Physical layer components include cabling and connectors. A router is an example of a network layer device. Protocols at the transport layer establish, maintain, and break connections between two devices.
13. B. NICs operate at the data link layer of the OSI model. Physical layer components include cabling and connectors. A router is an example of a network layer device. Transport layer components are typically software.
14. D. Encryption is a function that takes place at the presentation layer of the OSI model. Components at the physical layer define the actual connection to the network. Physical layer components include cabling and connectors. The session layer handles the synchronization of data between applications on networked devices. Protocols at the presentation layer prepare data for transmission on the network or prepare data from the network to be passed to the application layer.
15. A and C. Windowing and buffering are commonly used flow control strategies. Segmentation is the term used to describe the division of packets to enable them to be transported across the network. Answer d is not valid.
16. C. The network layer of the OSI model provides mechanisms for moving data between devices on a network. IP uses this layer to move data. The physical layer defines the physical structure of the network; the data link layer is responsible for getting the data signals onto the media; and the session layer synchronizes the data exchange between applications on separate devices.
17. C. The transport layer is responsible for establishing connections between two devices. The session layer handles the synchronization of data between applications on networked devices. Protocols at the network layer handle addressing and route discovery. The application layer provides access to the network for applications and certain end-user functions.
18. B. Protocols at the network layer are responsible for route discovery. Protocols at the transport layer establish, maintain, and break connections between two devices. The session layer handles the synchronization of data between applications on networked devices. Protocols at the application layer provide access to network functions.
19. A and D. The two terms used to describe protocols at the transport layer are connection-oriented and connectionless. The terms in Answers B and C are not used.
20. C. A router uses the logical network address to make decisions and is therefore a network layer device. Application, session, and transport level components are software-based.
Chapter 10
1. D. At least three hard disks are required in a RAID 5 array. None of the other answers are valid.
2. A. Disk mirroring is defined by RAID 1. Raid 0 is disk striping, which offers no fault tolerance. RAID 5 is disk striping with parity. RAID 2 is not a commonly implemented RAID level.
3. A and B. The archive bit is reset in both a full backup and an incremental backup. Differential backups do not change the status of the archive bit. Mirror image is not an accepted backup type.
4. C. A full backup combined with a differential backup requires only two tapes to do a complete restore, assuming that each backup set fits on a single tape. Full and incremental backups might need more than two tapes. Differential and incremental backups must be combined with a full backup to be effective. Answer D is not valid.
5. B and C. RTP and UDP are both protocols used with VoIP. UDP is the transport protocol used because it has less overhead and error-checking mechanisms than does TCP. TCP guarantees message delivery, which adds an unnecessary element to real-time applications. RTP is used with UDP to complete the video of VoIP data stream. Answer D is not valid.
6. D. Two disks are required to create a RAID 1 array. All the other answers are invalid.
7. B. By making a full backup on the weekend and incremental backups during the week, you should be able to complete the backups without interfering with the normal working hours of the company. All the other answers are invalid.
8. C. A sag is a short-term voltage drop. A brownout is also a voltage drop, but it lasts longer than a sag. A surge is an increase in power that lasts a few seconds. A spike is a power increase that lasts a few milliseconds.
9. D. RAID 10 offers the performance advantages of RAID 0 and the fault-tolerance capabilities of RAID 1. RAID 0 is not a fault-tolerant solution. RAID 1 and RAID 5 offer fault tolerance but do not increase performance.
10. A and B. In server systems, warm swapping enables network adapters to be swapped out without the server being powered off. Adapter teaming enables multiple NICs to be logically grouped together. If one of the NICs fails, the other NICs in the group can continue to provide network connectivity. Adapters in a team can also be grouped together to increase the available bandwidth. Answers C and D are not valid answers.
11. D. There is no accepted fault-tolerance strategy for coping with a failed memory module. All the other hardware components listed can be implemented in a fault-tolerant configuration.
12. C. A RAID 1 array requires an amount of disk space equivalent to that of the mirrored drive. Therefore, in a RAID 1 array of 80GB, only 40GB will be available for data storage. None of the other answers are valid.
13. A, B, and D. UPSs can prevent damage to hardware and damage to data caused by fluctuations in the power supply. They can also promote the availability of data by keeping a server running if a power outage occurs. A UPS does not increase the speed of the network.
14. A. A hot site is a complete network ready for operation if a catastrophic failure occurs. The hot site will typically include all hardware and data to quickly continue service. Hot sites are not typically deployed due to the costs of the redundant network. However, large financial institutions and government agencies can deploy a hot site. A warm site can refer to an alternative network that is not completely ready for a network switch and might need a few days to get the network operational. A hot spare is a piece of hardware such as a hard disks that can be replaced without needing to power down a system. A cold site is often just an alternative location from which a network can be created if a failure occurs. Limited hardware and infrastructure is located at a cold site.
15. A. RAID 0 offers the highest level of performance but does not offer any fault tolerance. If the performance of RAID 0 is required along with fault tolerance, RAID 10 is a better choice. RAID 1 offers fault tolerance but no increase in performance.
16. A and D. VoIP is a latency-sensitive application. This means that lags in delivery time negatively impact its capability to function properly. VoIP communications can be secured using the secure real-time transfer protocol (SRTP). Answer C is incorrect because VoIP typically uses UDP as a transport protocol and not TCP.
17. A. A cold site provides an alternative location but typically not much more. A cold site often requires the delivery of computer equipment and other services.
18. A. Disk duplexing is an implementation of RAID 1 (disk mirroring) that places each of the drives on a separate controller. None of the other answers are valid.
19. B. In a RAID 5 configuration, a space equivalent to one whole drive is used for the storage of parity information. In this question, this requirement equates to 15GB. Therefore, in a 75GB RAID 5 array, 60GB is available for data storage. None of the other answers are valid.
20. B and D. Both RAID 0 and RAID 1 use two disks. The difference between the two implementations is that RAID 1 offers fault tolerance through disk mirroring, whereas RAID 0 stripes the data across the drives but does not offer any fault tolerance. RAID 5 requires at least three disks, and RAID 10 requires at least four disks if the entire hard disk is to be used.
Chapter 11
1. D. Internal networks are assigned one of the private address ranges. Each of these ranges have a corresponding subnet mask. In this example, the wrong subnet mask has been entered.
2. B. Notice from the dialog screen that the default gateway address is incorrectly entered as the same address as the system’s IP address. Because of this, the system could not likely connect to remote networks. The DNS, IP, and subnet mask settings are correct.
3. C. The default gateway enables the system to communicate with systems on a remote network without the need for explicit routes to be defined. The default gateway can be assigned automatically using a DHCP server or manually inputted.
4. A and B. Configuring a client requires at the least the IP address and a subnet mask. The default gateway, DNS server, and WINS server are all optional, but network functionality is limited without them.
5. B. Crosstalk can occur when the signal from one cable overlaps with the signal from another. This can sometimes happen when cables are run too close together. The remedy is to run the cables farther apart or use quality shielded cable.
6. A, B, and D. When you troubleshoot a wiring problem, consider the distance between devices, interference such as crosstalk and EMI, and the connection points. Answer C is not correct because bound media (that is, cables) are not affected by atmospheric conditions.
7. B. After you fix a problem, you should test it fully to ensure that the network operates correctly before allowing users to log back on. The steps described in Answers A and C are valid but only after the application has been tested. Answer D is not correct; you would reload the executable only as part of a systematic troubleshooting process, and because the application loads, it is unlikely that the executable has become corrupt.
8. C. Not enough information is provided to make an accurate decision about what the problem might be. In this case, the next troubleshooting step would be to talk to the user and gather more information about exactly what the problem might be. All the other answers are valid troubleshooting steps, but only after the information gathering has been completed.
9. C. After you fix a problem, test the fix, and let users back on to the system, you should create detailed documentation that describes the problem and the solution. Answer A is incorrect because you must document both the problem and the solution. It is not necessary to restart the server, so Answer B is incorrect, and Answer D would be performed only after the documentation for the system has been created.
10. B. In a server that has been operating correctly, a resource conflict could indicate that a device has failed and is causing the conflict. More likely, a change has been made to the server, and that change created a conflict. Although all the other answers represent valid troubleshooting steps, it is most likely that there has been a change to the configuration.
11. D. On an Ethernet network, only a single active path can exist between devices on a network. When multiple active paths are available, switching loops can occur. Switching loops are the result of having more than one path between two switches in a network. The spanning-tree protocol is designed to prevent these loops from occurring.
12. A and C. When troubleshooting media, you need to know the type of media used. This enables you to know the characteristics of the media and if it is used correctly on the network. You also need to know where the media is used. If it is used in an area that causes interference, another media type or another location might be required.
13. C. Data signals weaken as they travel farther from the point of origin. If the signal travels far enough, it can weaken so much that it becomes unusable. The weakening of data signals as they traverse the media is referred to as attenuation.
14. C. NEXT refers to interference between adjacent wire pairs within the twisted-pair cable at the near end of the link (the end closest to the origin of the data signal). NEXT occurs when an outgoing data transmission leaks over to an incoming transmission. Answer D refers to FEXT, which is interference at the far end of the link. Answers A and B are invalid.
15. A. Near End crosstalk, or NEXT, occurs when connectors are not properly attached to UTP cable. Specifically, the crosstalk can occur if the wires pushed into the RJ-45 connector are crossed or crushed. When this occurs, the signal can experience intermittent problems.
16. C and D. An AP has a limited distance that it can send data transmissions. When a client system moves out of range, it cannot access the AP. Many strategies exist to increase transmission distances, including RF repeaters, amplifiers, and buying more powerful antennas. Also, client systems might be moved, and the signal can be weakened by a physical issue, such as a concrete wall, mirror, or other obstacles. This too can explain intermittent connectivity problems. The problem is not likely related to the SSID or WEP settings because the client had access to the network before and no settings were changed.
17. A. When you work on an unfamiliar system, the first step should be to consult the documentation to gain as much information as you can about the server and the applications that run on it. All the other troubleshooting steps are valid, but they would be performed only after the information-gathering process is complete.
18. B. Wireless standards 802.11b/g and n are compatible, so either one could be used in a configuration. Encryption, SSID, and distance all have to be verified for a client to authenticate to an AP.
19. D. The Category 5e cable run through the ceiling is likely an indication of EMI. Recall from Chapter 2 that UTP has poor resistance to electromagnetic interference (EMI); therefore, UTP and the electrical equipment do not mix. Cables that run close to fluorescent light fittings can cause intermittent problems because of EMI.
20. A and C. The information provided indicates that this user is the only one experiencing a problem. After determining the scope of the problem, we can assume that the issue must lie with something directly connected with that system. In this case, it is likely that the configuration of the workstation or the physical connectivity is the problem.
Chapter 12
1. A and C. Both route and netstat can be used to view the routing table on a Windows system. nbtstat is used to view NetBIOS over TCP/IP statistics, and ping is used to test connectivity between two devices. tracert is used to trace the route between two devices on a network.
2. A. The nbtstat -R command purges and reloads the remote cache name table. The -n switch displays the local name table, -r provides resolution information, and -S shows the NetBIOS session table.
3. C. The router at steps 5 or 6 is the likely source of the problem. Because all steps up to and including step 5 have been successful, the problem lies either on the far side of Router 5 or the near side of the router in step 6. Answer A is incorrect because if the destination host were not online, you would receive no successful replies. Answer B is incorrect because if the router at step 4 were having a problem, you would receive only four successful replies and not five. Answer D is incorrect because if the router were powered off, you would receive no successful replies.
4. D. The netstat -s command displays statistics on a per-protocol basis. The -S and -R switches are not valid with netstat. Answer B (-r) causes netstat to display the routing table, and Answer E (-a) checks connections.
5. B. The output is from a netstat command. All the other utilities listed provide different output.
6. B. In this case, the problem is caused because the hostname of the destination computer cannot be resolved. In Answer A, the hostname would have to first be resolved before you could draw this conclusion. Answer C is incorrect; if the route to the destination could not be determined, you would receive a Destination Unreachable message. Answer D is incorrect because WINS is not used for name resolution on the Internet.
7. C. On a Linux system, the traceroute command can be used to track the path a packet takes between hosts on the network. Of the commands listed, only traceroute can perform this function on a Linux system. Tracert is the equivalent of the traceroute command on Windows systems. The arp utility is used to view IP address to MAC address resolutions that have been performed by the system. The nbtstat utility is used to view NetBIOS over TCP/IP statistics.
8. C. The ifconfig command displays the configuration of the network interfaces on a Linux system. Answers A and B are Windows-based utilities, and Answer D is a NetWare command.
9. C. The ping -t command issues a continuous stream of ping requests until it is interrupted. None of the other answers are valid switches for the ping command.
10. A. Many routers and firewalls are configured to block ICMP echoes, which is used by the ping command. ICMP is blocked because it can be used as a method of attack—specifically, denial of service attacks in which ICMP is used to overwhelm a system. With ICMP blocked, ping will not work. This is where arp ping is the better utility to use.
11. C. The default gateway parameter is missing from the TCP/IP configuration.
12. C. The nbtstat command can be used to view NetBIOS over TCP/IP statistics. The ping command is used to test connectivity between devices; netstat is used to view TCP/IP protocol statistics; the arp command is used to view a list of IP address to MAC address resolutions; and tracert is used to track the path between two devices on the network.
13. C. A high number of errors in the Received column in the netstat -e output indicates that errors are generated on the network. However, the 0 value in the Sent column suggests that this system is not generating the errors. The other answers for this question are not valid.
14. D. The output is from the Windows tracert command. The tracert command is used for troubleshooting to help identify where data packets travel and where they are dropped. All the other utilities listed provide different output.
15. B. This is normal output from a tracert command.
16. B and C. A Destination Host Unreachable message in response to a ping suggests either a problem with the default gateway or a possible error in the routing table. Answer A is incorrect; if the remote host were online, the ping should be successful. Answer D would result in a series of Request Timed Out errors.
17. A and B. Both the dig and nslookup commands can be used to perform manual DNS lookups on a Linux system. You cannot perform a manual DNS lookup with the tracert command. There is no such command as dnslookup.
18. A. The ping command generates a Request Timed Out error when it can receive a reply from the destination system. None of the other commands produce this output.
19. C. This command would correctly add a static entry to the ARP table. None of the other answers are valid ARP switches.
20. D. The output shown was produced by the nslookup command. The other commands listed produce different output.
Chapter 13
1. D. Voltage event recorders monitor the quality of power used on the network or by network hardware. Voltage event recorders identify potential power related concerns such as power sags, spikes, surges, or other power variations.
2. B. Temperature monitors are used in server and network equipment rooms to ensure that the temperature does not fluctuate greatly. In the case of a failed air conditioner, the administrator would have been alerted of the drastic changes in temperature. Multimeters, and TDRs, work with regular network media. OTDRs are used with optical based media.
3. B. Whereas load tests do not try and break the system under intense pressure, stress tests sometimes do. There are two clear goals of stress testing: The first is to see exactly what the network can handle. That is, where is its breaking point, which is useful to know in terms of network expansion. Secondly, stress testing enables administrators to test their backup and recovery procedures.
4. B. In this scenario, the section of horizontal cable runs through the ceiling and over fluorescent lights. This cable run might be a problem as such devices can cause EMI. Alternatively to plenum cable used in this scenario, STP might have worked as well.
5. D. You use a punchdown tool when working with an IDC. All the other tools are associated with making and troubleshooting cables, but they are not associated with IDCs.
6. A. The toner probe tool, along with the tone locator, can be used to trace cables. Crimpers and punchdown tools are not used for locating a cable. The ping utility would be of no help in this situation.
7. C. Administrators can quickly determine the status of common ports by issuing the netstat –a command from the command line. This command output lists the ports used by the system and whether they are open and listening.
8. B. The security logs can be configured to show failed or successful logon attempts. In this case, the administrator can review the security logs and failed logon attempts to get the desired information. The failed logs show the date and time when the failed attempts occurred.
9. B. In this diagram, Cable 1 is plenum rated and should be fine. Cable 3’s are patch cable are do not need to be STP rated. However, STP cables can attach directly to the wall jack. Cable 2 however goes through walls and ceilings; therefore, it would be recommended to have a better grade of cable than regular UTP. STP provides greater resistance to EMI. In ceilings, lights or other devices can cause interference.
10. C. When attaching RJ-45 connectors to UTP cables, the wire crimper is the tool you use. When in use, the individual wires from twisted-pair cable is inserted into the RJ-45 connector. When carefully inserted, the RJ-45 connector is placed into the crimpers. The crimpers force a metal connector to pierce the individual wires and the connections is made. None of the other tools are used in the construction of UTP cable.
11. D. Packet sniffers are commonly used on networks. They are either a hardware device or software and eavesdrop on network transmissions traveling throughout the network. The packet sniffer quietly captures data and saves to be reviewed at a later time.
12. D. If you suspect a problem with a patch cable, you can use a media tester to test it. An OTDR tests optical cables, and so it would not be used on UTP, which is copper-based cable. The other tools discussed in this question would not be used.
13. C. A load test enables administrators to put the network and specific network hardware under increased loads to test their functionality. In this case the number of users on the network is due to grow. The administrator can run a load test to see what impact the new users will have on the network. A simulated load test will reveal potential problems before the new user are added.
14. C. An OTDR can find a break in a length of fiber-optic cable. The other tools listed cannot be used to troubleshoot a break in a fiber-optic cable.
15. C. In this case, there are intermittent transmission problems that might be related to cables being used and cable placement. If you could see a physical network diagram, you might notice that the wrong cable type is used. Reviewing the logical diagram might be done after verifying that the physical one looked okay. It would not necessarily help in this case to review security or history logs.
16. A. A basic multimeter combines several electrical meters into a single unit offering the ability to measure voltage, current, and resistance. Advanced models can also measure temperature. A multimeter has a display, terminals, probes, and a dial to select various measurement ranges. A digital multimeter has a numeric digital display, whereas an analog has a dial display. Inside a multimeter, the terminals connect to different resistors depending on the range selected.
17. C. A toner probe is sometimes referred to as the fox and hound. None of the other answers are valid. A toner and probe can locate the ends of a cable; the toner probe generates a signal transmitted on the wire you are attempting to locate. At the other end, you press the tone locator against individual wires. When it makes contact with the wire that has the signal on it, the locator emits an audible signal or tone.
18. C. Network procedures differ from policies in that they identify the way in which tasks are to be performed. For example, each network administrator has backup procedures identifying the time of day backups and done, how often they are done, and where they are stored. A network is full of a number of procedures both for practical reasons but perhaps more important for security reasons. Policies are established rules from a particular organization.
19. D. The application log contains information logged by applications that run on a particular system rather than the operating system. Vendors of third-party applications can use the application log as a destination for error messages generated by their applications. In this case it would be necessary to review the application logs on the server to determine the problems with the application.
20. B and D. For security reasons, administrators must know what ports are open and potentially accessible from outside sources. Some ports are left open by default in operating systems making them vulnerable to outside attacks. Port scanners provide a way to check the status of all system ports ensuring that they cannot be compromised. Additionally, the netstat –a command can be used on Windows systems to quickly identify the status of the systems ports.
Chapter 14
1. B. Locks on a cabinet would be considered a physical security measure. Logical security measures have more to do with securing communications with protocols, using firewalls and such. All the other answers are considered logical security measures.
2. D. Firewalls do not make forwarding decisions based on the NetBIOS service name, which is fictitious. All the other answers are valid means by which a firewall can make filtering decisions.
3. C. Implementing a firewall enables you to have protection between networks, typically from the Internet to a private network. All the other answers describe functions offered by a proxy server. Note that some firewall systems do offer NAT functionality, but NAT is not a firewall feature; it is an added benefit of these systems.
4. A. The RDP protocol is used in thin-client networking, where only screen, keyboard, and mouse inputs are sent across the line. RDP has been used for Windows Terminal Services and now is used with the Remote Desktop feature with Windows XP. PPP is a dial-up protocol used over serial links; PPTP is a technology used in VPNs, and RAS is a remote access service.
5. C. To establish the VPN connection between the two networks, use PPTP. PPP is a protocol used on dial-up links. A VPN is a type of network, not a protocol. VPNs create a virtual tunnel between two end points, such as creating a tunnel through the Internet to create a point-to-point connection. SLIP is a nonsecure dial-up protocol remote access protocol.
6. B. Only screen, keyboard, and mouse inputs are sent across the communications link in a thin-client scenario. This enables the processing to be handled by the server, and with limited information sent, it reduces the amount of bandwidth required for the remote connection. None of the other answers are valid.
7. B. A DMZ is an area of a network where you would place systems that must be accessed by users outside the network.
8. A and B. Packet-filtering firewalls work at the network and data link layers of the OSI model. They do not operate at the application or transport layers of the OSI model.
9. D. PPTP uses TCP to establish a connection. DHCP is used to automatically assign IP information to client systems. FTP is used to transfer files between an FTP server and an FTP client. FTP enables for large file transfers. SSH is a security protocol used to encrypt network communications.
10. B. To create secure data transmissions, IPsec uses two separate protocols: Authentication Headers (AH) and Encapsulating Security Payloads (ESP). Briefly, AH is primarily responsible for the authentication and integrity verification of packets, whereas ESP provides encryption services.
11. B. DNS uses port 53. NTP uses TCP/IP port 123, SMTP uses port 25, and POP3 uses port 110.
12. B. A circuit-level firewall works at the transport layer of the OSI model. The biggest difference between a packet-filtering firewall and a circuit-level firewall is that a circuit-level firewall validates TCP and UDP sessions before opening a connection, or circuit, through the firewall. None of the other answers are valid.
13. A. IPsec can operate in one of two separate modes: transport mode and tunnel mode. These modes refer to how data is sent throughout the network. In transport mode, IPsec protection is provided all the way from the issuing client to the destination server. In this way, transport mode is said to provide end-to-end transmission security. Tunnel mode provides gateway to gateway security, leaving some areas unprotected by IPsec.
14. B. An IDS is considered a passive security measure because it monitors the network looking for potential threats but does not actively seek to correct the threats. An IPS is considered reactive; it can detect threats and take steps to manage those threats. AH and ESP are security protocols used with IPsec.
15. A. Port 443 is used by the HTTPS protocol and is used for secure web transactions. If this port is blocked, users cannot perform secure online transactions. Port 53 is used by DNS, port 80 is used by regular HTTP, and port 21 is used by FTP.
16. A. Encapsulating Security Payloads (ESP) is used to provide encryption services for IPsec and secure network traffic. AH is used with IPsec to provide authentication services.
17. B and D. Because users will access their email via a web browser, the firewall will not need to accommodate POP3 (port 110) and SMTP (port 25). Blocking port 53 would disable DNS lookups, and blocking port 80 would disable web browsing (HTTP).
18. A and D. Common ACL filters use MAC addresses and TCP/IP addresses. A MAC ACL enables or denies certain MAC addresses to the network or a network resource. Similarly, a TCP/IP ACL enables or denies access based on the system’s IP address.
19. A and C. With PPPoE, a number of users can share the same physical connection to the Internet, and in the process, PPPoE provides a way to keep track of individual user Internet access times.
20. C. As far as security is concerned, an ACL typically refers to specific access permissions assigned to an object or device on the network. Restring access to a router by a MAC address is an example of an ACL. Only those MAC addresses listed on the list can authenticate to the router.
Chapter 15
1. A. Although both RADIUS and TACACS+ offer AAA services for remote users, some noticeable differences exist. TACACS+ relies on TCP for connection-oriented delivery, whereas RADIUS uses connectionless UDP for data delivery.
2. B. Authentication refers to the mechanisms used to verify the identity of the computer or user attempting to access a particular resource. Authorization controls who can and who cannot access a resource after authentication. Accountability and accounting are mechanisms used to track who does what on a system or a network.
3. C. SSL provides a mechanism for securing data across a network. When used with the unsecured HTTP protocols, HTTP becomes HTTP secured (HTTPS).
4. A. RADIUS is a protocol that enables a single server to become responsible for all remote access authentication, authorization, and auditing (or accounting) services. RADIUS uses the UDP protocol for communication.
5. B. A Trojan horse does not replicate itself and does not require a host program to run. This is in contrast to viruses that self-replicate. Worms self-replicate without user intervention.
6. C. Strong passwords include a combination of letters and numbers and upper- and lowercase letters. In this question Answer C is by far the strongest password because it has nine characters—a symbol, numbers, and letters. Answer A is not a strong password because it is a standard word, contains no numbers, and is all in lowercase. Answer B mixes letters and numbers, and it is not a recognized word, so it is a strong password, although it is not as strong as Answer C. Answer D is too easy to guess and contains no numbers.
7. B and C. Both CHAP and MS-CHAP are PPP authentication methods. The other answers are not valid authentication protocols.
8. C. Often overlooked is the need to read the documentation for the service pack or hotfix. The documentation tells the administrator what the patch is intended to fix and how it should be applied. After the documentation is read and the administrator is sure of the process to apply the patch, a backup and possibly a baseline should be taken before applying the fix.
9. A. Many of the protocols used on today’s networks have a secure and a not secure option, meaning that data is sent in clear text. In this instance, SSH is a secure alternative to Telnet. Other examples include HTTPS (HTTP secure) and HTTP. None of the other answers are valid.
10. D. Kerberos is available for all the major operating systems.
11. B. Auditing is a process of reviewing security logs so that breaches can be detected. Answer A describes the function of alerting. The other answers are not valid.
12. A, B, and C. When creating a password policy, you should set a minimum password length, parameters limiting reusing the old password, and a password expiration period. You may even want to set a maximum password length, though most operating systems have a built in maximum.
13. C. In many network environments, two types of authentication are used to help ensure that only those who should gain network access actually do. Combing authentication methods is known as multifactor authentication. It combines, for instance, a username-password combination with a smart card or finger scan.
14. A and C. MS-EAP and SSL are not remote access authentication protocols. Remote authentication protocols such as CHAP and PAP are used by RADIUS or other applications to authenticate remote user credentials.
15. A. To determine the user ID of a person trying to log on, you would implement auditing. All major operating systems provide auditing services to record events that occur on a system. This includes tracking logons, logoffs, who accesses certain systems resources, and so on. File permissions, password policies, and intruder detection would not help you to do this.
16. B. EAP is an extension of PPP that supports authentication methods that go beyond the simple submission of a username and password. EAP was developed in response to an increasing demand for authentication methods that use other types of security devices, such as token cards, smart cards, and digital certificates.
17. A. By installing a RADIUS server, it is possible to move the workload associated with authentication to a dedicated server. A proxy server would not improve the dial-up connection’s performance. There is no such thing as a Kerberos RRAS server or an IPsec server.
18. D. With discretionary access, control is not forced from the administrator or the operating system. Instead access is controlled by an object’s owner. DAC uses an ACL to determine access. The ACL is a table that informs the operating system of the rights each user has to a particular system object, such as a file, directory, or printer.
19. A. Asymmetric key encryption uses both a private and public key to encrypt and decrypt messages. The public key is used to encrypt a message or verify a signature, and the private key is used to decrypt the message or to sign a document. In a symmetric key encryption strategy, a single key is used for both encryption and decryption.
20. C. A rogue access point describes a situation in which a wireless access point has been placed on a network without knowledge of the administrator. The result is that it is possible to remotely access the rogue access point because it likely does not adhere to company security policies.