Comptia Net+ - Module 8

What is network segmentation and why is it used?

Dividing a network into smaller, separate segments (each a broadcast domain) to:

• Enhance security

• Improve performance

• Simplify troubleshooting

How are networks commonly segmented?

By geographic location, departmental boundaries, or device types.

What is subnetting and why is it used?

Subnetting divides a network into smaller LANs (subnets) to manage traffic better. Each subnet has its own IP group and clients know which devices are local.

How do subnet masks work in IPv4?

The subnet mask determines which part of an IP address is the network ID and which part is the host ID. Example: 192.168.123.132 / 255.255.255.0 → Network: 192.168.123.0, Host: 0.0.0.132

What is CIDR (classless interdomain routing) and how does it work?

CIDR specifies how many bits in an IP address are for the network ID. Written as IP/number-of-network-bits. Example: 192.168.89.127/24 → 24 bits for network.

How does subnetting (classless addressing) affect networks and hosts?

Borrowing host bits for the network ID increases the number of networks but decreases the number of hosts per network.

How do subnet mask tables work for different IPv4 classes?

Class A, B, and C networks can be subnetted. The number of host bits depends on the network class and subnetting approach.

What is DHCP relay and how does it work?

A router (relay agent) forwards DHCP requests from one subnet to a DHCP server on another subnet. The server assigns an IP for the client’s subnet. Also called an IP Helper Address.

What is VLSM (variable length subnet mask) and how does it differ from CLSM (constant length subnet mask)?

VLSM allows subnets to be different sizes, creating “subnets of subnets” by starting with the largest and moving to smaller ones. CLSM uses the same size for all subnets.

How does subnetting work in IPv6?

IPv6 uses no classes or masks. Subnets help manage the huge address space. Addresses are 8 blocks of 4 hex digits; first 4 blocks = network, last 4 = interface. Alter the 4th block of the prefix to create subnets.

What is a VLAN and why is it used?

A VLAN groups switch ports to create smaller broadcast domains, forcing some traffic through a router and reducing unnecessary traffic.

Why are VLANs used?

To isolate traffic, prioritize devices, handle legacy protocols, separate secure users, set up temporary networks, and reduce equipment costs

What’s the difference between unmanaged and managed switches?

• Unmanaged: Plug-and-play, no IP, no VLANs.

• Managed: Configurable, has IP, supports VLANs, port groups, and provides stats/errors.

How does a normal Layer 2 switch differ from a managed switch using VLANs?

• Normal Layer 2 switch: All ports share one broadcast domain.

• Managed switch with VLANs: Ports can be grouped into separate VLANs, even if not adjacent, creating isolated broadcast domains.

What is VLAN tagging (802.1Q) and how does it work?

VLAN tagging marks Ethernet frames with VLAN info. The tag stays with the frame until the final switch port removes it. If the frame moves to a new VLAN, the router adds a new tag

What’s the difference between access ports and tagged (trunk) ports on a switch?

• Access port: Single device, single VLAN.

• Tagged port (trunk): One link carrying multiple VLANs using VLAN tags. Protocols manage and interpret the tags.

How do VLANs, subnets, and router ports work together?

Each VLAN has its own subnet. A router can treat multiple VLANs as separate logical networks, even if they connect through a single port.

What is the network ID with CIDR notation for the IP address 172.16.32.108 whose subnet mask is 255.255.255.0?

172.16.32.0/24

Suppose your company has leased one class C license, 120.10.10.0, and wants to sublease the first half of these IP addresses to another company. What is the CIDR notation for the subnet to be subleased? What is the subnet mask for this network?

• 120.10.10.0/25

• 255.255.255.128

Subnetting operates at the __ layer while VLANs function at the __ layer.

• network

• data link

Which VLAN on a switch manages untagged frames?

The native VLAN

An attacker configures a VLAN frame with two tags instead of just one. The first tag directs the frame to the authorized VLAN. After the frame enters the first VLAN, the switch appropriately removes the tag, then discovers the next tag, and sends the frame along to a protected VLAN, which the attacker is not authorized to access. What kind of attack is this?

Either VLAN hopping or double tagging is an acceptable answer.

What area of a network can provide less stringent security so a web server is more accessible from the open Internet?

Either screened subnet or DMZ (demilitarized zone) is an acceptable answer.

On which networking device do you configure VLANs?

Either switch or managed switch is an acceptable answer.

Which IP addressing technique subnets a subnet to create subnets of various sizes?

VLSM (variable length subnet mask)

Which VLAN type would be the best fit for a company’s web servers that need to be accessible from the Internet but should not be able to communicate with each other?

Isolated VLAN

Which Cisco command lists configured VLANs on a switch?

show vlan