dolan part 2 test 3

Question 1

routers

Answer 1

• packets
• network layer
• responsible for forwarding packets between computer networks

Question 2

broadcast domains

Answer 2

• router = separate broadcast domains
• Every port on a router should be considered** its own broadcast domain** at face value.
• switchports on a switch can be assigned membership to smaller broadcast domains based on VLAN assignment.
• a router can route between broadcast domains. layer 2 switch can’t

Question 3

IP routing

Answer 3

routers make determinations on where to route packets based off the Routing Table inside router.

• router receive packet ->look destination IP address in header of packet -> compare to routing table -> make forwarding decision

If router is unable to locate destination = routing table discard the received packet.

• If router matches destination IP address with a matching network contained in the routing table, it will forward the packet

Question 4

common routes in routing tables

Answer 4

• Directly Connected Routes – computer networks- are physically connected to the router.
• Static Routes –** configured directly **that tell a router how to route to a destination computer network.
• Dynamic Routes – learned + populated in the routing table without direct administrator input in the form of a static route.
• utilizes a Routing Protocol to find and update routing tables on a router.

Question 5

default gateway

Answer 5

for any com between nodes =
- valid host IP address, subnet mask, and a valid Default-Gateway

• the first layer 3 interface that a host will reach; in other words, this is the* first port on the router that the host can reach on its computer network***

Question 6

autonomous systems

Answer 6

• computer networks = administration/routing strategy
• assigned a number by IANA which is used for a routing protocol

Question 7

routed protocols

Answer 7

• assist application in getting data transferred at the network layer
• provides address for a packet to be sent on a computer network.

IPv4 or IPv6 that get affixed to the header of a packet as a destination and source address

Question 8

Autonomous System Router Designation

Answer 8

• The role a router is fulfilling within an autonomous system

Question 9

Autonomous System Routers (ASR)

Answer 9

Routers that fall within an autonomous system

• running routing protocols that handle routing internal to the autonomous system it belongs to

Question 10

Autonomous System Border Routers (ASBR)

Answer 10

Routers that fall on the border between one autonomous system and another system

-responsible for running routing protocols that handle routing going between the autonomous system that it belongs to and other autonomous systems

Question 11

routing protocols

Answer 11

• assist router w communicating w neighboring routers to update/share their routing tables dynamically
• which path it needs to use from its routing table when forwarding a packet to a destination node

Question 12

routing protocols categories

Answer 12

Interior Routing Protocols
- routing inside of autonomous system or computer network.

Exterior Routing Protocols
– routing between an autonomous system or computer network and another autonomous system or computer network.

Question 13

administrative distance

Answer 13

• select best path when there are two or more different routes to the same destination from two different routing protocols

reliability of routing protocol= prioritized most to least reliable (believable)

• has only local significance, and is not advertised in routing updates.

Question 14

metric

Answer 14

• measure used to decide which route is better (lower number is better)

EX. RIP =hop counts —- OSPF= cost.

Question 15

classful routing protocol

Answer 15

• will not support advertising networks using VLSM.
• will only advertise networks based off IPv4 address

Question 16

classless routing protocol

Answer 16

will support advertising networks using VLSM

Question 17

distance vector routing protocols

Answer 17

best available path to a network based on distance (hops)
RIP aka RIPv1(routing information protocol) old + max hop count is 15

• advertisements contain info router’s routing table

RIPv2
- better functionality by providing the capability for classless routing
- use multicasts for routing advertisements instead of broadcasts that are used in RIPv1

• multicasts sent RIPv2 routers every 30 seconds

Question 18

link state routing protocols

Answer 18

routers will build topology of network + use to build routing table

Open Shortest Path First (OSPF). OSPF -used on mid to large sized computer networks. classless and interior routing protocol

calculate shortest route to a destination computer network through its routing algorithm

factors bandwidth, load, and delay to assign a Cost to an interface

Cost is the metric used by OSPF

Question 19

Hybrid routing protocols

Answer 19

combine both distance vector and link state routing protocols

EIGRP aka Advanced Distance Vector

originally was Cisco now= vendor neutral routing protocol
- classless + interior routing protocol
- will support VLSM
- not limited to class of address when building a shared routing table amongst participating routers

considers bandwidth, load, total delay, reliability, frame sizes, and hop count

Question 20

path vector routing protocols

Answer 20

maintain path information and attempt to avoid routing loops both inside and between autonomous systems

BGP used by ISP and large organizations for routing between autonomous systems. both an interior and exterior routing protocol

depending on BGP’s application to a computer network

Interior Border Gateway Protocol (iBGP) – internal routing protocol on an ASR inside of an computer network or autonomous system.

Exterior Border Gateway Protocol (eBGP) – external routing protocol on an ASBR for routing between one autonomous system to another autonomous system.

Question 21

Inter-Vlan routing

Answer 21

a router facilitating communication between one VLAN to another VLAN

more localized to an individual computer network versus WAN routing that happens between autonomous systems

mulitple VLANS = individual subnet created for each VLAN

Question 22

Defense Information Systems Agency (DISA)

Answer 22

requires printers to be assigned to a VLAN that is different from VLANs that are used for normal user traffic

Question 23

Sub-interfaces

Answer 23

• allow single physical port on router to have multiple logical address assigned to it to act as default-gateways for multiple VLANs (i.e. subnets) on a computer network.
• accomplished by subdividing the router’s physical port into multiple logical interfaces.

Question 24

Switch Virtual Interfaces (SVIs)

Answer 24

• layer 3 interfaces created on switch+functionality to switch it is configured
• allows logical address to be assigned to switch= receive packets with destination.

aka Routed VLAN Interfaces (RVIs).

remote management of switch using Telnet or SSH.

Question 25

Security Technical Implementation Guides (STIGs)

Answer 25

• cybersecurity practices which enhance the security of a computer network (harden security networks through categorized levels

CAT I – vulnerability that will directly + immediately result in a loss of confidentiality, availability, or integrity -greatest risk to a United States Air Force computer network.
ex: a piece of network equipment without passwords configured on it.

CAT II – vulnerability that can results in loss of confidentiality, availability, or integrity
-ex: a piece of network equipment that lacks DoD approved banners that identify the device as belonging to the DoD.

CAT III – vulnerability that degrades measures to protect against loss of confidentiality, availability, or integrity

• example: any type of practice that by itself does not compromise a system but can reasonably lead to a CAT II vulnerability.

Question 26

port security

Answer 26

a port-based method of limiting access to a single switchport on a switch

limits a potential threat from gaining access to a computer network by simply swapping out a node with their own equipment on an active link

MAC based method

This means that any node that is later plugged into that same port will trigger port-security and cause the switchport to enter an Error-Disabled state and shutdown

port-security should only be applied on access switchports because of it’s most common implementation being MAC based

Question 27

IEEE 802.1x

Answer 27

• port-based authentication method for limiting access across an entire wired or wireless computer network

removes the need to individually configure switchports for port-security for every node on a micro level and moves it towards a more macro based application

provides a means for nodes that are plugged into a switch to authenticate with a server and be permitted access based on that authentication

3 primary components

Supplicant – node requires access approval

Authenticator – device requesting approval to join the computer network. (typically a switch)
Authentication Server – approving authority authenticator grant or deny access to the computer network to a requesting node.

Question 28

Access Control Lists

Answer 28

packet filters configured on piece of network equipment. They will examine traffic based the criteria that is provided to them

two types :

-Standard ACLs - are limited in what criteria can be provided to them.

• examine packets and filter based off the sources logical address

An implicit deny any statement means deny everything that does not meet the specified criteria of the ACL.

permit any ^ reverse this

• Extended ACLs -
  allow for more criteria to be specified when filtering packet traffic

can examine packets based off both the source and destination logical address

can be configured to examine the protocols used in the packet traffic and make filtering decisions to either permit or deny based off that