COMP NETWORKING NETACAD

What factors should be considered when selecting network devices for a small network?

Factors include cost, speed and types of ports/interfaces, expandability, and OS features and services.

What is the primary command used to test Layer 3 connectivity?

The ping command is the most effective way to quickly test Layer 3 connectivity between a source and destination IP address.

What does QoS stand for and its purpose in a network?

QoS stands for Quality of Service, and it is implemented to classify traffic carefully according to priority to support real-time applications like VoIP and video.

What are the two types of software programs that provide access to a network?

Network applications and application layer services.

What is the role of cost in selecting network devices?

Cost is a crucial factor as it impacts the overall budget available for network setup and maintenance.

How does speed affect network device selection?

Speed determines how quickly data can be transmitted over the network, influencing the performance and efficiency of network communication.

What is meant by the types of ports/interfaces in network devices?

Types of ports/interfaces refer to the physical connections available on the devices, such as Ethernet ports, fiber optic ports, etc., which determine compatibility with existing network infrastructure.

What is the importance of expandability in network devices?

Expandability allows for future upgrades and the addition of new devices to accommodate growing network needs without complete replacement.

What OS features and services should be considered in network devices?

OS features may include support for routing protocols, security features, and management capabilities that help in maintaining a reliable and secure network.

What is the difference between network applications and application layer services?

Network applications are software designed to perform tasks over a network (e.g., web browsers), while application layer services refer to functionalities provided to users for their specific applications (e.g., email services).

What types of threats may arise after a threat actor gains access to a network?

The four types of threats that may arise are information theft, data loss and manipulation, identity theft, and disruption of service.

What are the primary vulnerabilities that pose security risks?

The three primary vulnerabilities are technological, configuration, and security policy.

What is malware?

Malware is short for malicious software, which is designed to damage, disrupt, steal, or inflict illegitimate actions on data, hosts, or networks.

What are the major categories of network attacks?

Network attacks can be classified into three major categories: reconnaissance, access, and denial of service.

What are the three types of reconnaissance attacks?

The three types of reconnaissance attacks are internet queries, ping sweeps, and port scans.

What are the four types of access attacks?

The four types of access attacks are password attacks (including brute-force, Trojan horse, packet sniffers), trust exploitation, port redirection, and man-in-the-middle.

What are the two types of disruption of service attacks?

The two types of disruption of service attacks are DoS (Denial of Service) and DDoS (Distributed Denial of Service).

What does the defense-in-depth approach to security involve?

The defense-in-depth approach involves using a combination of networking devices and services to work together to secure the organization.

What is the purpose of AAA in network security?

AAA controls who is permitted to access a network (authenticate), what they can do while they are there (authorize), and what actions they perform (accounting).

What strategies can mitigate a worm attack?

To mitigate a worm attack, download security updates from the operating system vendor and patch all vulnerable systems.

What is the function of a firewall in network security?

Firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access.

What security measures should be implemented to protect network devices?

Security measures include changing default usernames/passwords, restricting access, turning off unnecessary services, and using strong passwords.

What is the purpose of the Cisco AutoSecure feature?

The Cisco AutoSecure feature is used to assist in securing Cisco routers by applying necessary security configurations.

Why is endpoint security critical to network security?

Securing endpoint devices helps protect the network from vulnerabilities introduced by user devices and ensures better compliance with security policies.

What are the implications of information theft in a network?

Information theft can lead to unauthorized access to sensitive data, financial loss, damage to reputation, and potential legal repercussions.

How can data loss and manipulation affect a business?

Data loss and manipulation can disrupt operations, lead to incorrect decision-making, loss of customer trust, and financial instability.

What is identity theft, and how can it impact individuals and organizations?

Identity theft involves stealing personal information to impersonate someone, leading to financial fraud, compromised security, and legal challenges.

What techniques can be used to perform reconnaissance attacks?

Techniques include social engineering, network scanning, and utilizing tools for metadata extraction from documents.

What are the potential consequences of a DoS attack?

A DoS attack can result in downtime of services, loss of revenue, decreased customer trust, and costs associated with mitigation and recovery.

How can firewalls be effectively configured to enhance network security?

Firewalls should be configured with rules that define allowed and denied traffic, utilize both inbound and outbound filtering, and regularly update their policies.

What is the role of user education in maintaining network security?

User education helps raise awareness of security threats, promotes safe browsing habits, and encourages reporting of suspicious activities.

How does network segmentation contribute to security?

Network segmentation reduces the attack surface by limiting the potential exposure of sensitive data and systems to unauthorized access.

What tools can be used to monitor and manage network security?

Tools include intrusion detection systems (IDS), security information and event management (SIEM) systems, and network monitoring software.

What are the best practices for creating strong passwords?

Best practices include using a mix of upper and lower case letters, numbers, special characters, avoiding common words, and ensuring a minimum length of 12 characters.

What is the role of the application layer in the OSI and TCP/IP models?

The application layer is the closest layer to the end user and is responsible for exchanging data between programs running on the source and destination hosts.

What are the three primary functions of the presentation layer?

The three primary functions are formatting data for receipt by the destination device, compressing data for transmission, and encrypting data for secure transmission.

What is the function of the session layer?

The session layer creates and maintains dialogs between source and destination applications, managing the exchange of information needed to initiate, keep alive, and restore sessions.

What does a P2P (Peer-to-Peer) network allow computers to do?

In a P2P network, multiple computers can connect via a network without a dedicated server, enabling each computer to act as both a client and a server.

What are common web protocols and their functions?

Common web protocols include HTTP for request/response communication and HTTPS for secure transmission over the internet using SSL.

What is SMTP in email protocols?

SMTP (Simple Mail Transfer Protocol) is used for sending emails, while POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are used for retrieving emails.

How does the DNS protocol function?

The DNS protocol matches resource names with numeric addresses, and it uses a message format for queries, responses, and error messages.

What is the DHCP service and its purpose?

DHCP (Dynamic Host Configuration Protocol) automates the assignment of IPv4 address parameters to devices on a network.

What is the role of FTP in file sharing?

FTP (File Transfer Protocol) allows for the transfer of files between a client and an FTP server, establishing separate connections for control and data traffic.

What functions do SMB messages perform?

SMB messages start, authenticate, and terminate sessions, control file and printer access, and allow applications to send or receive messages between devices.

What are the key differences between IMAP and POP email protocols?

IMAP (Internet Message Access Protocol) allows users to access and manage their email on a remote server, keeping messages on the server, while POP (Post Office Protocol) downloads emails to the local device and usually deletes them from the server.

What is the primary function of IMAP?

IMAP allows users to access and manage their emails from multiple devices without losing their email organization and state, such as read/unread status.

How does POP retrieve emails?

POP retrieves emails from the server to the local device, typically removing the emails from the server, which means they can only be accessed from that specific device unless configured otherwise.

What does SMTP do in the context of email protocols?

SMTP (Simple Mail Transfer Protocol) is used to send and relay outgoing email messages from an email client to an email server.

What security measures can be applied to IMAP and POP?

IMAP and POP can implement SSL/TLS encryption to secure the transmission of emails and protect sensitive information during retrieval.

What are common uses for IMAP?

IMAP is commonly used for accessing email accounts from multiple devices, such as smartphones, tablets, and computers, allowing users to keep their inbox synchronized.

What limitations does POP have compared to IMAP?

POP limits email access to one device unless the settings are changed, making it less flexible for users who need access to emails across various devices.

What is the role of the transport layer in data transmission?

The transport layer is responsible for logical communications between applications running on different hosts, managing reliability requirements, tracking sessions, segmenting data, adding header information, identifying applications, and conversation multiplexing.

What are the two main transport layer protocols?

The two main transport layer protocols are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

What are the key characteristics of TCP?

TCP is stateful, reliable, acknowledges data, resends lost data, delivers data in sequenced order, and is used for applications like email and the web.

What are the key characteristics of UDP?

UDP is stateless, fast, has low overhead, does not require acknowledgments, does not resend lost data, and delivers data in the order it arrives, commonly used for applications like VoIP and DNS.

What does TCP establish during communication?

TCP establishes sessions, ensures reliability, provides same-order delivery, and supports flow control.

What is the size of TCP segment overhead?

A TCP segment adds 20 bytes of overhead as header information when encapsulating application layer data.

What are the main applications that use TCP?

Applications that use TCP include HTTP, FTP, SMTP, and Telnet.

What are the header fields of a UDP packet?

UDP header fields include Source and Destination Ports, Length, and Checksum.

How does UDP handle data transmission?

UDP reconstructs data in the order it is received, without resending lost segments, and lacks session establishment.

What is a socket in networking?

A socket is defined by a combination of a source IP address and source port number or a destination IP address and destination port number, used to identify the server and service being requested.

What is the range of port numbers used in TCP and UDP?

The range of port numbers is from 0 through 65535, divided into groups such as Well-known Ports, Registered Ports, and Private/Dynamic Ports.

What are the control bits used in TCP?

The six control bits in TCP are URG, ACK, PSH, RST, SYN, and FIN.

What is the purpose of the TCP three-way handshake?

The TCP three-way handshake establishes that the destination device is present on the network, verifies active services, and informs the destination device that the source client intends to establish a communication session.

What is the function of sequence numbers in TCP?

Sequence numbers in TCP ensure that all data segments are received and reassembled into the original order, allowing for retransmission of lost data.

What is flow control in TCP?

Flow control helps maintain reliable TCP transmission by adjusting the rate of data flow between the source and destination using a 16-bit window size field.

How does UDP communicate and process data?

UDP communicates without tracking sequence numbers, simply reassembling received datagrams in the order they arrive. Applications must manage their own data sequencing if needed.

What tool can be used to verify active TCP connections?

The netstat utility can be used to verify active TCP connections on a networked host.

What is SACK in network protocols?

SACK stands for Selective Acknowledgment. It is a mechanism that allows a sender to know which segments of data have been received successfully by the receiver, enabling more efficient retransmission of lost segments.

Why is the maximum segment size often set to 1460 bytes?

The maximum segment size (MSS) is typically set to 1460 bytes to avoid fragmentation in the presence of a standard maximum transmission unit (MTU) of 1500 bytes in Ethernet. This value accounts for TCP and IP header sizes (20 bytes each), leaving 1460 bytes for actual data payload.

How does SACK improve TCP performance?

SACK improves TCP performance by allowing the receiver to inform the sender of all segments that were successfully received, reducing unnecessary retransmissions of segments that have already been received intact.

What happens when a TCP segment exceeds the MSS of 1460 bytes?

If a TCP segment exceeds the MSS of 1460 bytes, it will be fragmented into smaller segments for transmission, which can lead to inefficiencies and increased latency as each fragment must be acknowledged by the receiver.

What is the relationship between SACK and segment retransmission?

Using SACK, a sender can retransmit only the specific segments that were lost rather than all

What is the purpose of ICMP in TCP/IP communication?

ICMP provides error messages and informational messages about issues related to the processing of IP packets, giving feedback to source devices under certain conditions.

What are the common types of ICMP messages in both ICMPv4 and ICMPv6?

Common ICMP messages include Host reachability, Destination or Service Unreachable, and Time exceeded.

What does the ICMP Echo Message do?

An ICMP Echo Message tests the reachability of a host on an IP network by sending an Echo Request and expecting an Echo Reply from the destination host.

What happens when a host or gateway receives a packet that cannot be delivered?

It uses an ICMP Destination Unreachable message to notify the source, including a code that indicates the reason for non-delivery.

What is the function of an ICMPv4 Time Exceeded message?

It indicates that a packet cannot be forwarded because its Time to Live (TTL) field has decremented to zero, resulting in the packet being discarded.

How does ICMPv6 determine packet expiration compared to ICMPv4?

ICMPv6 uses the Hop Limit field instead of the TTL field to determine if the packet has expired.

What tools utilize ICMP Time Exceeded messages?

The Traceroute tool uses Time Exceeded messages to help identify the path and any potential issues along the route.

What is the basic function of the ping utility?

Ping uses ICMP Echo Request and Echo Reply messages to test connectivity between hosts and provides feedback on round-trip time and success rate.

How does traceroute work in conjunction with ICMP?

Traceroute generates a list of hops successfully reached along a data path by manipulating the TTL field and relying on ICMP Time Exceeded messages to trace the route to a destination.

What can a successful ping to a default gateway indicate?

It indicates that the host and the router interface serving as the default gateway are both operational on the local network.

What feedback does the ping utility provide after sending echo requests?

Ping provides feedback on the time taken for requests to receive replies, as well as a summary of the success rate and average round-trip time after all requests are sent.

What is an ICMP Echo Request?

An ICMP Echo Request is a message sent by the ping utility to test the reachability of a host on an IP network, prompting a response from the destination host.

What is an ICMP Echo Reply?

An ICMP Echo Reply is a message sent back from a destination host in response to an Echo Request, indicating that the host is reachable.

What is the purpose of the local loopback address?

The local loopback address, commonly 127.0.0.1, is used to test the network interface of the local machine and ensures that the TCP/IP stack is functioning properly.

How does ping utilize the local loopback address?

By using the local loopback address in a ping command, users can verify that their network software stack is correctly installed and operational without needing to access external networks.

What is the command to configure an IPv4 address on a Cisco IOS device?

The command is `ip address ip-address subnet-mask`.

What is the command to configure an IPv6 GUA on a Cisco IOS device?

The command is `ipv6 address ipv6-address/prefix-length`.

How does a device obtain a GUA dynamically in an IPv6 network?

A device obtains a GUA dynamically through ICMPv6 messages sent by IPv6 routers, which provide necessary information in Router Advertisement (RA) messages.

What types of addresses must all IPv6 devices have?

All IPv6 devices must have both an IPv6 Global Unicast Address (GUA) and a Link-Local Address (LLA).

What are the three methods for RA messages?

The methods are SLAAC, SLAAC with a stateless DHCPv6 server, and stateful DHCPv6 (no SLAAC).

What is the benefit of the EUI-64 process?

The EUI-64 process creates a 64-bit interface ID using a device's 48-bit MAC address, allowing for a recognizable and unique interface ID in IPv6.

What are the types of IPv6 multicast addresses?

There are well-known multicast addresses and solicited-node multicast addresses.

How many subnets can be created with a 16-bit subnet ID in IPv6?

A 16-bit subnet ID can create up to 65,536 subnets.

What is the primary advantage of IPv6 addressing regarding address conservation?

Address conservation is not a concern with IPv6, as it provides a vast address space to support numerous subnets and hosts.

What command can be used to verify IPv6 address configuration on a Cisco router?

You can use commands like `show ipv6 interface brief`, `show ipv6 route`, and `ping` to verify IPv6 address configuration.

What is a Global Unicast Address (GUA)?

A Global Unicast Address (GUA) is an IPv6 address that is globally unique and routable on the internet, allowing devices to communicate across networks.

What is the structure of a GUA in terms of its components?

A GUA consists of a global routing prefix, a subnet ID, and an interface ID, typically formatted as the first 48 bits for the global routing prefix, the next 16 bits for the subnet ID, and the last 64 bits for the interface ID.