Network +

Question 1

Application Layer

Answer 1

dns, dhcp, ftp, https, ldap, ntp, pop3, ssh, sip, smtp, telnet, tftp

Question 2

Presentation Layer

Answer 2

jpeg, midi, mpeg, tls, ssl

Question 3

Session Layer

Answer 3

H323, netbios, zip, l2tp, l2f

Question 4

Transport Layer

Answer 4

tcp, udp, firewalls, loadbalancers

Question 5

Network Layer

Answer 5

icmp, igmp, IPsec, IPv4, IPv6

Question 6

Data Link Layer

Answer 6

ARP, ATM, FDDI, Frame Relay, PPP, Token Ring

Question 7

Physical

Answer 7

Ethernet, dsl, isdn, wifi, 802.11

Question 8

Circuit Switching

Answer 8

T1/E1/E3,T3, ISDN, POTS, PTSN

Question 9

T1 Info

Answer 9

T1- 24 DSP 1.544 Mbps
More than one frame is sent at once with super frame and extended super frame
E1- 30 channels compared to 24 in T1 2.048 Mbps
T3- 672 DSP 44.7 Mbps
E3- 34.4 Mbps

Question 10

Point to Point

Answer 10

Point to Point Protocol- Layer 2 used
with dedicated leased lines such as T1,
E1, T3 and E3; uses control protocols
and offers multi link interface (multiple
physical connections bonded together)
error detection, authentication

Question 11

PAP, CHAP, MSChap

Answer 11

Used in PPP Point to Point Protocol- Layer 2; used
with dedicated leased lines such as T1,
E1, T3 and E3; uses control protocols
and offers multi link interface (multiple
physical connections bonded together)
error detection, authentication

Question 12

Packet Switching

Answer 12

SONET, ATM, DSL, FRAME RELAY, MPLS, CABLE MODEM, SATELLITE, WIRELESS

Question 13

MPLS

Answer 13

MPLS is used in provider networks, where forwarding decisions are made based on an MPLS label 32bit header

Question 14

ATM

Answer 14

53 byte cells

Question 15

Sonet Data rates

Answer 15

OC1 51.84

Question 16

Port 445

Answer 16

SMB

Question 17

Port 1720

Answer 17

H323

Question 18

Port 139

Answer 18

Netbios

Question 19

IEEE Standards

Answer 19

IEEE 802.3ad link aggregation enables you to group Ethernet interfaces at the physical layer to form a single link layer interface, also known as a link aggregation group (LAG) or bundle.

IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

802. 1D is the IEEE MAC Bridges standard, which includes Bridging, Spanning Tree and others.
803. 3af is the standard that defines Power over Ethernet.

Question 20

FF00::/8

Answer 20

multicast range

Question 21

2000::/3

Answer 21

global range

Question 22

FC00::/7

Answer 22

unique local

Question 23

FE80::/10

Answer 23

APIPA addressing; link local

Question 24

568 B

Answer 24

OW O; GW B; BW G; BW B

Question 25

Syslog Severity

Answer 25

Even Awesome Cisco Engineers Will Need Ice Cream Daily Emergency- most severe Alert- immediate attention Critical- less severe but needs addressing to prevent interruption of service Errors-conditions that do not make system unusable Warnings- notification operations failed to complete Notifications- state changes Information- info about normal operation of system Debug- troubleshooting

Question 26

IP Sec Phase 1

Answer 26

Phase 1 - A bidirectional ISAKMP SA is established between peers to provide a secure management channel (IKE in main or agressive mode) Phase 2 - Two unidirectional IPsec SAS are established for data transfer using separate keys (IKE quick mode)

Question 27

2 IPSec modes

Answer 27

2 IP sec modes- transport and tunnel; transport used for client to site or local; IP header not authenticated tunnel site to site- entire packet is encrypted Authentication Headers (AH) provides connectionless data authentication for IP datagrams and provides protection against replay attacks Encapsulating Security Payloads (ESP) provides confidentiality, connectionless data integrity, data-origin authentication, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality. It encrypts. Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for authentication and key exchange,

Question 28

Main Mode vs Quick Mode

Answer 28

Make sure you know that Main mode uses a three-stage negation process stage one is the negotiation of the security suites to be used, stage two is referred to as the Diffie-Hellman key exchange stage three is the authentication stage between the clients using the chosen authentication method. An important fact to remember is that the strength of the Main mode connection will then dictate the strength of the quick mode negotiations within it once the connection is established. Aggressive- achieves results of main using only 3 packets The Quick mode phase of the connection is used to conduct the actual transfer of data, creating a separate security association (SA) from within the Main mode connection.

Question 29

AH vs ESP header

Answer 29

AH - authentication only; ESP- data confidentiality and authentication

Question 30

Layer 3 redundancy

Answer 30

HSRP- cisco; active and standby GLBP- gateway load balancing protocol- cisco VRRP= Virtual Router Redundancy Protocol-open standard of HSRP LACP- multiple links between devices; appear as a logical link Content engine- caching functions Content Switches- load balancers

Question 31

Admin distance

Answer 31

``` Stat- 1 EIGRP-90 OSPF-110 RIP-120 EXTERNAL EIGRP- 170 ```

Question 32

Three 5.0 Ghz standards in wireless

Answer 32

802.11 a and 802.11n and 802.11 ac

Question 33

Four 2.4 Ghz standards in wireless

Answer 33

802.11, 802.11b, 802.11g, 802.11n

Question 34

Only DSSS transmission standards in wireless

Answer 34

802.11 B and 802.11 G

Question 35

70 m indoors wireless

Answer 35

802.11 ac and 802.11n

Question 36

Bandwidth of 54 mbps

Answer 36

802.11 a, 802.11g

Question 37

Bandwidth of 11 mbps wireless

Answer 37

802.11b

Question 38

Bandwidth of >300 mbps

Answer 38

802.11n

Question 39

Bandwidth of >3 Gps with MU-MIMO

Answer 39

802.11ac

Question 40

10 base T media and bandwidth

Answer 40

Cat 3, 10 Mbps

Question 41

100 base TX media and bandwidth

Answer 41

Cat 5 or higher, 100 mbps

Question 42

1000 base TX media and bandwidth

Answer 42

Cat 6 or higher 1 gbps

Question 43

1000 base SX media and bandwidth and distance

Answer 43

MMF, 220M, 1 gbps

Question 44

1000 base LX media and bandwidth and distance

Answer 44

MMF- 550; SMF- 5km, 1 gbps

Question 45

1000 base ZX media and bandwidth and distance

Answer 45

SMF, 70 km

Question 46

Certificate based mutual authentication of client and the network; relies on client side and server side certificates to provide authentication; certificates must be managed on both client and server (drawback). purely on PKI certificates. This means that each supplicant must have its own certificate installed.

Answer 46

eap - tls

Question 47

extension of esp-tls that provides for certificate based mutual authentication through an encrypted tunnel. only requires server side certificates; The peer can use other authentication methods such as Challenge-Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and Microsoft CHAP (MS-CHAP) v2. This type can encapsulate non EAP authentications E.g. PPP & CHAP. It also doesn't require every supplicant to have its own certificate installed.

Answer 47

eap-ttls

Question 48

Flexible Authentication via Secure Tunneling Designed by Cisco to replace LEAP Three parts In band provisioning via Diffie-Hellman. The client is provided with a shared secret. Tunnel establishment. A tunnel is established between the server and the client. EAP-FAST authenticates by means of a PAC (Protected Access Credential) which can be managed dynamically by the authentication server. The PAC can be provisioned (distributed one time) to the client either manually or automatically.

Answer 48

eap-fast

Question 49

Protected Extensible Authentication Protocol Originally, EAP assumed that communications would be secure; therefore, it did not provide a mechanism to secure the data being transmitted. This protocol corrects this by providing a secure TLS tunnel A server-side certificate is used to create a PKI tunnel

Answer 49

PEAP

Question 50

the maximum amount of time a client is forced to renew dhcp address from existing dhcp server

Answer 50

7/8 or 87.5

Question 51

period of time a client can claim an IP address provided by dhcp

Answer 51

lease period

Question 52

address that replaces the broadcast ipv4 and allows for machines to contact all machines with a specific service to offer such as a router or dns server

Answer 52

anycast address

Question 53

protocol that handles the built-in security that ipv6 incorporates to encrypt packet data

Answer 53

ipsec

Question 54

address assigned manually to ensure that an address stays on a private network and is not routed

Answer 54

unique local

Question 55

similar to APIPA; address that is unicast that computer gives itself

Answer 55

link local

Question 56

single address on a single interface forming a direct line of communication

Answer 56

unicast address

Question 57

routable address used to setup a host to host link on public internet

Answer 57

global unicast

Question 58

address used to receive data intended for many destinations simultaneously

Answer 58

multicast address

Question 59

periodic message sent to a network providing info about the network address and other network paramaters

Answer 59

router advertisement

Question 60

learning data link layer addresses for ipv6 machines located in the same physical or broadcast domain

Answer 60

neighbor discovery

Question 61

host generated message to force an IPv6 gateway device to advertise its network capabilities

Answer 61

router solicitation