Академический Документы
Профессиональный Документы
Культура Документы
1 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
The best free certification study guides, practice tests and forums!
SEARCH
Home | Exam Details | Free Tests | Study Guides | Glossary | Articles | Books & Training | Forums | Career & Jobs
Sponsor
Certifications
Microsoft
CompTIA
Cisco
CIW
LPI
Red Hat
IBM
Site Tools
Free Magazines
White Papers
Top Sites
Contributors
Site Map
FAQ
Practice Tests
Forum Stats
Users online
total users: 199
Last Post
MCSE 2008 or 2012?
by yonghulaile
May. 13, 2014 02:06
Board statistics
We have a total of
90413 posts!
Links
TechTutorials
CertifyPro
Certnotes
MCSE Training
Training Picks
EDULEARN
Certification Training
Online on Videos:
Microsoft MCSE
Training, A+
Certification, MCITP, &
Free demos. MCSE
certification training
includes simulators and
labs.
K Alliance Training
Videos by K Alliance.
Certification training
videos for MCTS, MCITP,
Oracle OCA/OCP, A+,
CCNA, RHCE and more.
Our e-learning courses
come with 24/7 online
mentoring. Click Here to
view our free online
training videos.
More Training
Number
FTP
20,21
TCP
SSH
TCP
22
TELNET
TCP
23
SMTP
TCP
25
5/19/2014 3:21 PM
2 of 23
DNS
TCP/UDP 53
DHCP
UDP
67
TFTP
UDP
69
HTTP
TCP
80
POP3
TCP
110
NTP
TCP
123
IMAP4
TCP
143
SNMP
UDP
161
HTTPS
TCP
443
http://www.mcmcse.com/comptia/network/N10004_study_guide....
1-126
<128-191
192-223
NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The following
address ranges are reserved for private networks:
10.0.0.0 - 10.254.254.254
172.16.0.0 - 172.31.254.254
192.168.0.0 - 192.168.254.254
IPv6 - The previous information on TCP/IP has referred to IPv4, however, this addressing scheme has run out of
available IP addresses due to the large influx of internet users and expanding networks. As a result, the powers that be
had to create a new addressing scheme to deal with this situation and developed IPv6. This new addressing scheme
utilizes a 128 bit address (instead of 32) and utilizes a hex numbering method in order to avoid long addresses such as
132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address format will appear in the form of
3FFE:B00:800:2::C for example.
MAC Addressing - Also known as hardware address or ethernet address, A MAC address is a unique code assigned to
most networking hardware. The hardware is assigned a unique number by the manufacturer and the address is
permanently assigned to the device. MAC Addresses are in a 48-bit hexidecimal format such as 00:2f:21:c1:11:0a. They
are used to uniquely identify a device on a network, and for other functions such as for being authenticated by a DHCP
server. For more information, read MAC Addressing Formats And Broadcasts.
Class A 255.0.0.0
126
16,777,214
Class B 255.255.0.0
16,384
65,534
Class C 255.255.255.0
2,097,152 254
What if you wanted more than 1 subnet? Subnetting allows you to create multiple logical networks that exist within a
single Class A, B, or C network. If you don't subnet, you will only be able to use one network from your Class A, B, or C
network. When subnetting is employed, the multiple networks are connected with a router which enables data to find its
way between networks. On the client side, a default gateway
is assigned in the TCP/IP properties. The default
gateway tells the client the IP address of the router that will allow their computer to communicate with clients on other
networks.
Classful versus Classless addressing the original TCP/IP addressing method described above was called classful
addressing which worked by dividing the IP address space into chunks of different sizes called classes. Classless
addressing is referred to as Classless Inter-Domain Routing (CIDR) and is done by allocating address space to Internet
service providers and end users on any address bit boundary, instead of on 8-bit segments. So 172.16.50.0 does not
have to use the standard subnet mask of 255.255.0.0 which makes a Class B address space and which also puts it on the
same network as 172.16.51.0 using the subnet mask of 255.255.0.0. (With classful addressing, our example has 172.16
as the network name and the 50.0 and 51.0 ranges are both part of the same host naming convention). Instead, by
using classless addressing 172.16.50.0/24 puts these systems on a different network than 172.16.51.0/24 because the
network names here are 172.16.50 and 172.16.51 which are different.
NAT - NAT stands for Network Address Translation and is a commonly used IP translation and mapping technology. Using
a device (such as a router) or piece of software that implements NAT allows an entire home or office network to share a
single internet connection over a single IP address. A single cable modem, DSL modem, or even 56k modem could
connect all the computers to the internet simultaneously. Additionally, NAT keeps your home network fairly secure
from hackers. NAT is built in to the most common Internet Connection Sharing technologies.
PAT Port Address Translation is a feature of a network device that translates TCP or UDP communications made
between hosts on a private network and hosts on a public network. It allows a single public IP address to be used by
5/19/2014 3:21 PM
3 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
5/19/2014 3:21 PM
4 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
administrator will manually build and make updates to the routing table for all routes in the administrative domain.
Static routers are best suited for small internetworks; due to the need of the manual administration, they do not scale
well to large networks where routing information is often changed, updated and appended. Static routers are not fault
tolerant because when another network device goes down the manually input information may not necessarily provide
alternate pathing to a destination which makes it unreachable (unless quick, manual administrative updates are made.)
Dynamic Router Updates A router with dynamically configured routing tables. This type of automatic configuration is
made up of routing tables that are built and maintained by ongoing communication between the routers only (by default
this does not include initial setup and configuration or administrative needs for a persistent route configuration).
Dynamic routing is fault tolerant; if a router or link goes down, the routers sense the change in the network topology
when the learned route expires in the routing table and cannot be renewed due to the outage. This change is then
disseminated to other routers so that all the routers learn of the network changes. Routing Information Protocol (RIP)
and Open Shortest Path First (OSPF) routing protocols for IP and RIP for IPX are some of examples of protocols that can
be used for these dynamic updates.
Next Hop defined as the next place that a data packet needs to go. In most cases, routers do not need all of the
information regarding where the originating source of the data transmission was. In most cases routers just need to
know where there data needs to go next and the next referred to as the next hop because all they are trying to do is
deliver it to the specified destination IP address that is included in the header information of the data being sent. If that
router is the last hop and can deliver it to the specified IP address it does otherwise it refers to its routing tables to figure
out which router to hand it off to in the effort to get the data packet where it needs to go.
Routing Tables sometimes referred to as a Routing Information Base (RIB), is the database information that stores
all the rout information for the routing network devices. The routing table holds the route information regarding the
topology of the network immediately around the device to other network destinations and it will often include the metric
/ cost associated for the route. There are three main route entries that are generally found in the routing tables Network Route, Host Route and the Default Route. The Network Route is route to a specific Network ID on the network.
The Host Route is a route to a specific network address. A Default route is the path used if a physical router or other
network routing device cannot find a route for the specified destination.
Convergence achieved when all of the available topology information from routing devices have been passed along to
all of the other deceives in totality and all when the information gathered is not in a contradiction state to any other
router's informed topology information. When all of the network routing devices "agree" on what the network topology
looks like it is said to have full convergence.
Distance Frequency
802.11a
54 mbps
100 ft
5 GHz
802.11b
11 mbps
300 ft
2.4 GHz
802.11g
54 mbps
300 ft
802.11n
2.4 GHz
5 GHz and/or 2.4 GHz
Description
CAT3
Unshielded twisted pair capable of speeds up to 10Mbit/s. Used with 10Base-T, 100Base-T4, and
100Base-T2 Ethernet.
CAT4
Unshielded twisted pair capable of speeds up to 20Mbit/s. Not widely used. Used with 10Base-T,
100Base-T4, and 100Base-T2 Ethernet.
CAT5
Unshielded twisted pair capable of speeds up to 100Mbit/s. May be used with 10Base-T, 100Base-T4,
100Base-T2, and 100Base-TX Ethernet.
CAT5e
Enhanced Cat 5 is similar to CAT5, but exceeds its performance. Improved distance over previous
categories from 100m to 350m. May be used for 10Base-T, 100Base-T4, 100Base-T2, 100BaseTX and
1000Base-T Ethernet.
5/19/2014 3:21 PM
5 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
CAT6
Can transmit data up to 220m at gigabit speeds. It has improved specifications for NEXT (Near End Cross
Talk), PSELFEXT (Power Sum Equal Level Far End Cross Talk), and Attenuation. Cat 6 is backward
compatible with lower Category grades and supports the same Ethernet standards as Cat 5e.
Multimode
Fiber
Multimode fibers have large cores. They are able to carry more data than single mode fibers though they
are best for shorter distances because of their higher attenuation levels.
Single Mode
Fiber
Single Mode fibers have a small glass core. Single Mode fibers are used for high speed data transmission
over long distances. They are less susceptible to attenuation than multimode fibers.
RG59 and
RG6
These are both shielded coaxial cables used for broadband networking, cable television, and other uses.
Serial
A serial cable is a cable that can be used to transfer information between two devices using serial
communication, often using the RS-232 standard. Typically use D-subminiature connectors with 9 or 25
pins. Cables are often unshielded, although shielding cables may reduce electrical noise radiated by the
cable.
Shielded twisted pair (STP) - differs from UTP in that it has a foil jacket that helps prevent cross talk. Cross talk is
signal overflow from an adjacent wire.
EMI - Electrical devices such as printers, air conditioning units, and television monitors can be sources of
electromagnetic interference, or EMI. Some types of network media have more resistance to EMI than others. Standard
UTP cable has minimal resistance to EMI, while fiber optic cable is highly resistant.
Plenum grade cabling - is required if the cabling will be run between the ceiling and the next floor (this is called the
plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses when burned.
Simplex - Signals can be passed in one direction only.
Half Duplex - Half duplex means that signals can be passed in either direction, but not in both simultaneously.
Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.
Bus - This topology is an old one and essentially has each of the computers on the network daisychained to each other. Packets must pass through all computers on the bus. This type is cheap, and
simple to set up, but causes excess network traffic, a failure may affect many users, and problems are
difficult to troubleshoot.
5/19/2014 3:21 PM
6 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
Ring - A ring topology has a physical and logical ring and is used on SONET and FDDI networks (note
that Token Ring networks are actually a hybrid star ring topology). Any station can send a packet
around the ring but only the station with the token can do so. The token is passed around the ring
giving all stations an opportunity to communicate. This is a very fast and simple network. However if
any part of the ring goes down, the entire LAN goes down. If there is a problem at a station, it may be
difficult to locate it. Ring networks are not very common.
Point-to-point - This topology generally refers to a connection restricted to two endpoints. Pointto-point is sometimes referred to as P2P (not the same as peer-to-peer file sharing networks), or Pt2Pt,
or variations of this. Examples of this topology include RS-232 serial connections as well as laser
network connections between buildings.
Point-to-Multipoint - Also known as P2MP, this is a method of communication between a series of
receivers and transmitters to a central location. The most common example of this is the use of a
wireless access point that provides a connection to multiple devices.
Hybrid - Hybrid topologies are combinations of the above and are common on very large networks.
For example, a star bus network has hubs connected in a row (like a bus network) and has computers
connected to each hub as in the star topology.
Speed
Medium
ISDN BRI
64kbps/channel
Twisted-pair
ISDN PRI
1,544kbps
Twisted-pair
POTS
Up to 56 Kbps
Twisted pair
PSTN
64kbps/channel
Twisted-pair
Frame Relay
56kbps-45mbps
Varies
T-1
1.544 Mbps
ADSL
Twisted-pair
SDSL
1.544mbps
Twisted-pair
VDSL
100mbps
Twisted-pair
Cable modem
Coaxial
Satellite
Air
T-3
44.736 Mbps
OC-1
51.84 Mbps
Optical fiber
5/19/2014 3:21 PM
7 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
OC-3
155.52 Mbps
Optical fiber
Wireless
1gbps
Air
ATM
10gbps
Optical fiber
SONET
10gbps
Optical fiber
Packet and Circuit Switching - Packet switching refers to protocols in which messages are divided into packets before
they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once
all the packets forming a message arrive at the destination, they are recompiled into the original message. Most modern
Wide Area Network (WAN) protocols, including TCP/IP and Frame Relay are based on packet-switching technologies. In
contrast, normal telephone service
is based on a circuit-switching technology, in which a dedicated line is allocated for
transmission between two parties. Circuit-switching is ideal when data must be transmitted quickly and must arrive in
the same order in which it is sent. This is the case with most real-time data, such as live audio and video. Packet
switching is more efficient and robust for data that can withstand some delays in transmission, such as e-mail messages
and Web pages.
Cable Type
Connector
Maximum
Length
Speed
10Base-T
RJ-45
100 meters
(328 ft)
10
mbps
100Base-TX
RJ-45
100 meters
(328 ft)
100
mbps
100Base-FX
Fiber Optic
ST, SC
2000 meters
100
mbps
1000Base-T
CAT5e or higher
RJ-45
100 meters
(328 ft)
1 gbps
1000Base-LX
SC
Up to 5000
meters
1 gbps
1000Base-SX
SC
Up to 550
meters
1 gbps
1000Base-CX
25 meters
1 gbps
10GBASE-SR
LC, SC
300 meters
10 Gbps
10GBASE-LR
LC, SC
2000 meters
10 Gbps
10GBASE-ER
LC, SC
40 kilometers
10 Gbps
10GBASE-SW
LC, SC
300 meters
10 Gbps
10GBASE-LW
LC, SC
2000 meters
10 Gbps
10GBASE-EW
LC, SC
40 kilometers
10 Gbps
10GBASE-T
100 meters
(328 ft)
10 Gbps
CSMA/CD (Carrier Sense Multiple Access with Collision Detection) - In the early days of ethernet, when two
hosts would send packets at the same time, a collision would occur. A standard had to be created that would have the
hosts follow rules relating to when they could send data and when they could not. This standard is Carrier Sense Multiple
Access with Collision Detection, referred to as CSMA/CD. CSMA/CD forces computers to listen to the wire before
sending in order to make sure that no other host on the wire is sending. If a collision is detected, both of the senders will
send a jam signal over the Ethernet. This jam signal indicates to all other devices on the Ethernet segment that there
has been a collision, and they should not send data onto the wire.
How Ethernet CSMA/CD Works
Bonding (AKA Link Aggregation, Port Trunking, EtherChannel, etc.) - Uses multiple network cables/ports in
parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy for
higher availability.
5/19/2014 3:21 PM
8 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
allows for convenient backup services, reduces network traffic and provides a host of other services that come with the
network operating system.
VPN - A virtual private network is one that uses a public network (usually the Internet) to connect remote sites or users
together. Companies use site to site VPN to support critical applications to connect offices to remote users. Instead of
using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the
Internet from the company's private network to the remote site or employee.
VLAN - A virtual LAN is a local area network with a definition that maps workstations on a basis other than geographic
location (for example, by department, type of user, or primary application). The virtual LAN controller can change or add
workstations and manage load-balancing and bandwidth allocation more easily than with a physical picture of the LAN.
Network management software keeps track of relating the virtual picture of the local area network with the actual
physical picture.
5/19/2014 3:21 PM
9 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
5/19/2014 3:21 PM
10 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
the data is targeted at an ftp port then the request will be sent to an ftp sever. The main benefit of this approach is that
the switch acts as a load balancer as it can balance data or requests across the different type of application servers used
by the business. A second major function that this type of switch can perform is to look at the incoming requests and see
which websites are targeted. This is important for large enterprises or hosting companies. If for example a web hosting
company was hosting several thousand websites the switch could direct requests to the specific servers that the websites
are running on. These devices tend to be very expensive.
IDS/IPS - These terms stand for Intrusion Detection System and Intrusion Prevention System respectively. IDS is a
device (or application) that monitors network and/or system activities for malicious activities or policy violations. IDS is
a passive system that gives alerts when something suspicious is detected and logs the events into a database for
reporting. IPS, on the other hand, sits inline with traffic flows on a network, actively shutting down attempted attacks as
theyre sent over the wire. It can stop the attack by terminating the network connection or user session originating the
attack, by blocking access to the target from the user account, IP address, or other attribute associated with that
attacker, or by blocking all access to the targeted host, service, or application. Vendors are increasingly combining the
two technologies into a single box, now referred to as IDPS. These devices are used with, not instead of, a firewall.
Load Balancer - A load balancer is a hardware and/or software solution that provides load balancing services. Load
balancing is used to distribute workloads evenly across two or more computers, network links, CPUs, hard drives, or
other resources, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid
overload. Using multiple components with load balancing, instead of a single component, may increase reliability
through redundancy. As an example, Google receives many, many more search requests than a single server could
handle, so they distribute the requests across a massive array of servers.
Mutlifunction Network Devices - As you might guess, multifunction network devices combine the function of
individual devices into a single unit. An example is wireless access points which often include one or more of the
following: firewall, DHCP server, wireless access point , switch, gateway, and router.
DNS Server - DNS is an Internet and networking service that translates domain names into IP addresses. The internet
is based on numerical IP addresses, but we use domain names because they are easier to remember. DNS is the service
that looks up the IP address for a domain name allowing a connection to be made. This process is very similar to calling
information. You call them with a name, they check their database and give you the phone number. The DNS service is
included with server operating systems (Windows 2003/2008, Linux, etc.) and network devices such as routers.
Bandwidth Shaper - Describes the mechanisms used to control bandwidth usage on the network. Bandwidth shaping is
typically done using software installed on a network server. From this server, administrators can control who uses
bandwidth, for what, and when. Bandwidth shaping establishes priorities to data traveling to and from the Internet and
within the network. A bandwidth shaper essentially performs two key functions: monitoring and shaping. Monitoring
includes identifying where bandwidth usage is high and at what time of day. After that information is obtained,
administrators can customize or shape bandwidth usage for the best needs of the network. I am unaware why CompTIA
listed this in the "network devices" section of their objectives, but bandwidth shapers are typically software.
Proxy Server - A proxy server acts as a middle-man between clients and the Internet providing security, administrative
control, and caching services. When a user makes a request for an internet service and it passes filtering requirements,
the proxy server looks in its local cache of previously downloaded web pages. If the item is found in cache, the proxy
server forwards it to the client. This reduces bandwidth through the gateway. If the page is not in the cache, the proxy
server will request the page from the appropriate server. Nowadays, the functions of proxy servers are often built into
firewalls.
CSU/DSU - A Channel Service Unit/Data Service Unit (CSU/DSU) acts as a translator between the LAN data format and
the WAN data format. Such a conversion is necessary because the technologies used on WAN links are different from
those used on LANs. Although CSU/DSU's look similar to modems, they are not modems, and they don't modulate or
demodulate between analog and digital. All they really do is interface between a 56K, T1, or T3 line and serial interface
(typically a V.35 connector) that connects to the router. Many newer routers have CSU/DSUs built into them.
5/19/2014 3:21 PM
11 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
Trunking - VLANs are local to each switch's database, and VLAN information is not passed between switches. Trunk links
provide VLAN identification for frames traveling between switches. The VLAN trunking protocol (VTP) is the protocol that
switches use to communicate among themselves about VLAN configuration.
Port Mirroring - Used on a network switch to send a copy of network packets seen on one switch port (or an entire
VLAN) to a network monitoring connection on another switch port. This is commonly used for network appliances that
require monitoring of network traffic, such as an intrusion-detection system.
Port Authentication - The IEEE 802.1x standard defines 802.1x port-based authentication as a client-server based
access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly
accessible ports. The authentication server validates each client connected to a switch port before making available any
services offered by the switch or the LAN.
5/19/2014 3:21 PM
12 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
years mainly due to the increase in computing power and the fact that the keys are alphanumeric or hexadecimal
characters that are configured in 40 bit, 64 bit, 128 bit, 153 bit and 256 bit strength. Wi Fi Protected Access (WPA) was
created by the Wi-Fi Alliance to better secure wireless networks and was created in response to the weaknesses
researchers found in Wired Equivalent Privacy (WEP). Temporal Key Integrity Protocol (TKIP) is used in WPA to encrypt
the authentication and encryption information that was initially passed on the wire in clear text before a network node
could secure its communications on the network. Wi Fi Protected Access version 2 (WPA2) offers additional protection
because it uses the strongest authentication and encryption algorithms available in the Advanced Encryption Standard
(AES).
Configuring Channels and Frequencies most wireless routers work in the 2.4GHz frequency range and require
network administrators to set up the channels for the devices to use. 1, 6 and 11 are the main channels used because
they generally will not be interfered with from other devices such as cordless phones and Bluetooth devices that also
work at this frequency range.
Setting ESSID and Beacon Extended Service Set identifier (ESSID) is the advertisement from the Wireless Access
Point that basically announces its availability for network devices to make a connection. The announcement signal that is
sent out is called the beacon.
Verifying Installation - the process that is outlined for making sure that all the settings needed to connect a network
node to the wireless device. The best practice steps generally include on initial installation of the Wireless Access Point
(WAP) to do so without any security to verify that a client can get on the network. Once that is successful you would then
incorporate the security protocol that you wanted to use and to make sure the client can operate on the network again.
Once this is successfully done it is assumed all other network nodes would be able to successfully repeat the same steps
to access the network securely and with the traffic encrypted.
Description
Application
Represents user applications, such as software for file transfers, database access, and e-mail. It handles
general network access, flow control, and error recovery. Provides a consistent neutral interface for
software to access the network and advertises the computers resources to the network.
Determines data exchange formats and translates specific files from the Application layer format into a
Presentation commonly recognized data format. It provides protocol conversion, data translation, encryption,
character-set conversion, and graphics-command expansion.
Session
Handles security and name recognition to enable two applications on different computers to
communicate over the network. Manages dialogs between computers by using simplex(rare), half-duplex
or full-duplex. The phases involved in a session dialog are as follows: establishment, data-transfer and
termination.
Transport
Provides flow control, error handling, and is involved in correction of transmission/reception problems. It
also breaks up large data files into smaller packets, combines small packets into larger ones for
transmission, and reassembles incoming packets into the original sequence.
Network
Addresses messages and translates logical addresses and names into physical addresses. It also
manages data traffic and congestion involved in packet switching and routing. It enables the option of
specifying a service address (sockets, ports) to point the data to the correct program on the destination
computer.
The interface between the upper "software" layers and the lower "hardware" Physical layer. One of its
main tasks is to create and interpret different frame types based on the network type in use. The Data
Link layer is divided into two sub-layers: the Media Access Control (MAC) sub-layer and the Logical Link
Control (LLC) sub-layer.
Data Link
Physical
LLC sub-layer starts maintains connections between devices (e.g. server - workstation).
MAC sub-layer enables multiple devices to share the same medium. MAC sub-layer maintains
physical device (MAC) addresses for communicating locally (the MAC address of the nearest router
is used to send information onto a WAN).
The specification for the hardware connection, the electronics, logic circuitry, and wiring that transmit the
actual signal. It is only concerned with moving bits of data on and off the network medium. Most network
problems occur at the Physical layer.
Here is an idiotic, yet easy way to remember the 7 layers. Memorize the following sentence: All People Seem To Need
Data Processing. The first letter of each word corresponds to the first letter of the layers starting with Application and
ending with the physical layer.
Domain 4.4: Conduct Network Monitoring to Identify Performance and Connectivity Issues
The topics covered in this section are either already covered elsewhere, or are too expansive for the purposes of this
guide. Consult your book(s) for more information about these topics.
Domain 4.5: Explain Different Methods and Rationales for Network Performance
Optimization
Quality of Service - (QoS) is a set of parameters that controls the level of quality provided to different types of
network traffic. QoS parameters include the maximum amount of delay, signal loss, noise that can be accommodated for
a particular type of network traffic, bandwidth priority, and CPU usage for a specific stream of data. These parameters
are usually agreed upon by the transmitter and the receiver. Both the transmitter and the receiver enter into an
agreement known as the Service Level Agreement (SLA). In addition to defining QoS parameters, the SLA also describes
5/19/2014 3:21 PM
13 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
remedial measures or penalties to be incurred in the event that the ISP fails to provide the QoS promised in the SLA.
Traffic Shaping (also known as "packet shaping" or ITMPs: Internet Traffic Management Practices) is the control of
computer network traffic in order to optimize or guarantee performance, increase/decrease latency, and/or increase
usable bandwidth by delaying packets that meet certain criteria. More specifically, traffic shaping is any action on a set of
packets (often called a stream or a flow) which imposes additional delay on those packets such that they conform to
some predetermined constraint (a contract or traffic profile).Traffic shaping provides a means to control the volume of
traffic being sent into a network in a specified period (bandwidth throttling), or the maximum rate at which the traffic is
sent (rate limiting), or more complex criteria such as GCRA. This control can be accomplished in many ways and for
many reasons; however traffic shaping is always achieved by delaying packets. Traffic shaping is commonly applied at
the network edges to control traffic entering the network, but can also be applied by the traffic source (for example,
computer or network cardhttp://en.wikipedia.org/wiki/Traffic_shaping - cite_note-2) or by an element in the network.
Traffic policing is the distinct but related practice of packet dropping and packet marking.
Load Balancing - is a technique to distribute workload evenly across two or more computers, network links, CPUs,
hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response
time, and avoid overload. Using multiple components with load balancing, instead of a single component, may increase
reliability through redundancy. The load balancing service is usually provided by a dedicated program or hardware
device (such as a multilayer switch or a DNS server).
High Availability - (aka Uptime) refers to a system or component that is continuously operational for a desirably
long length of time. Availability can be measured relative to "100% operational" or "never failing." A widely-held but
difficult-to-achieve standard of availability for a system or product is known as "five 9s" (99.999 percent) availability.
Since a computer system or a network consists of many parts in which all parts usually need to be present in order for
the whole to be operational, much planning for high availability centers around backup and failover processing and data
storage and access. For storage, a redundant array of independent disks (RAID) is one approach. A more recent
approach is the storage area network (SAN).
Some availability experts emphasize that, for any system to be highly available, the parts of a system should be
well-designed and thoroughly tested before they are used. For example, a new application program that has not been
thoroughly tested is likely to become a frequent point-of-breakdown in a production system.
Cache Engine - (aka server) is a dedicated network server or service acting as a server that saves Web pages or
other Internet content locally. By placing previously requested information in temporary storage, or cache, a cache
server both speeds up access to data and reduces demand on an enterprise's bandwidth. Cache servers also allow users
to access content offline, including media files or other documents. A cache server is sometimes called a "cache engine."
A cache server is almost always also a proxy server, which is a server that "represents" users by intercepting their
Internet requests and managing them for users. Typically, this is because enterprise resources are being protected by a
firewall server. That server allows outgoing requests to go out but screens all incoming traffic. A proxy server helps
match incoming messages with outgoing requests. In doing so, it is in a position to also cache the files that are received
for later recall by any user. To the user, the proxy and cache servers are invisible; all Internet requests and returned
responses appear to be coming from the addressed place on the Internet. (The proxy is not quite invisible; its IP address
has to be specified as a configuration option to the browser or other protocol program.)
Fault-tolerance - describes a computer system or component designed so that, in the event that a component fails,
a backup component or procedure can immediately take its place with no loss of service. Fault tolerance can be provided
with software, or embedded in hardware, or provided by some combination. In the software implementation, the
operating system provides an interface that allows a programmer to "checkpoint" critical data at pre-determined points
within a transaction. In the hardware implementation (for example, with Stratus and its VOS operating system), the
programmer does not need to be aware of the fault-tolerant capabilities of the machine.
At a hardware level, fault tolerance is achieved by duplexing each hardware component. Disks are mirrored. Multiple
processors are "lock-stepped" together and their outputs are compared for correctness. When an anomaly occurs, the
faulty component is determined and taken out of service, but the machine continues to function as usual.
Parameters Influencing QOS
Bandwidth - is the average number of bits that can be transmitted from the source to a destination over the network
in one second.
Latency - (AKA "lag") is the amount of time it takes a packet of data to move across a network connection. When a
packet is being sent, there is "latent" time, when the computer that sent the packet waits for confirmation that the
packet has been received. Latency and bandwidth are the two factors that determine your network connection speed.
Latency in a packet-switched network is measured either one-way (the time from the source sending a packet to the
destination receiving it), or round-trip (the one-way latency from source to destination plus the one-way latency from
the destination back to the source). Round-trip latency is more often quoted, because it can be measured from a single
point. Note that round trip latency excludes the amount of time that a destination system spends processing the packet.
Many software platforms provide a service called ping that can be used to measure round-trip latency. Ping performs no
packet processing; it merely sends a response back when it receives a packet (i.e. performs a no-op), thus it is a
relatively accurate way of measuring latency.
Where precision is important, one-way latency for a link can be more strictly defined as the time from the start of packet
transmission to the start of packet reception. The time from the start of packet transmission to the end of packet
transmission at the near end is measured separately and called serialization delay. This definition of latency depends on
the throughput of the link and the size of the packet, and is the time required by the system to signal the full packet to
the wire.
Some applications, protocols, and processes are sensitive to the time it takes for their requests and results to be
transmitted over the network. This is known as latency sensitivity. Examples of latency sensitive applications include
VOIP, video conferencing, and online games. In a VOIP deployment, high latency can mean an annoying and
counterproductive delay between a speakers words and the listeners reception of those words. Network management
techniques such as QoS, load balancing, traffic shaping, and caching can be used individually or combined to optimize the
network and reduce latency for sensitive applications. By regularly testing for latency and monitoring those devices that
are susceptible to latency issues, you can provide a higher level of service to end users.
Jitter - Jitter is the deviation in or displacement of some aspect of the pulses in a high-frequency digital signal. As the
5/19/2014 3:21 PM
14 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
name suggests, jitter can be thought of as shaky pulses. The deviation can be in terms of amplitude, phase timing, or
the width of the signal pulse. Another definition is that it is "the period frequency displacement of the signal from its ideal
location." Among the causes of jitter are electromagnetic interference (EMI) and crosstalk with other signals. Jitter can
cause a display monitor to flicker; affect the ability of the processor in a personal computer to perform as intended;
introduce clicks or other undesired effects in audio signals, and loss of transmitted data between network devices. The
amount of allowable jitter depends greatly on the application.
Packet Loss - is the failure of one or more transmitted packets to arrive at their destination. This event can cause
noticeable effects in all types of digital communications.
The effects of packet loss:
In text and data, packet loss produces errors.
In videoconference environments it can create jitter.
In pure audio communications, such as VoIP, it can cause jitter and frequent gaps in received speech.
In the worst cases, packet loss can cause severe mutilation of received data, broken-up images, unintelligible
speech or even the complete absence of a received signal.
The causes of packet loss include inadequate signal strength at the destination, natural or human-made interference,
excessive system noise, hardware failure, software corruption or overburdened network nodes. Often more than one of
these factors is involved. In a case where the cause cannot be remedied, concealment may be used to minimize the
effects of lost packets.
Echo - is when portions of the transmission are repeated. Echoes can occur during many locations along the route.
Splices and improper termination in the network can cause a transmission packet to reflect back to the source, which
causes the sound of an echo. To correct for echo, network technicians can introduce an echo canceller to the network
design. This will cancel out the energy being reflected.
High Bandwidth Applications - A high bandwidth application is a software package or program that tends to
require large amounts of bandwidth in order to fulfill a request. As demand for these applications continues to increase,
bandwidth issues will become more frequent, resulting in degradation of a network system. One way to combat the
effects of these applications on a network is to manage the amount of bandwidth allocated to them. This allows users to
still use the applications without degrading the QoS of network services.
Examples:
Thin Clients
Voice over IP
Real Time Video
Multi-media
5/19/2014 3:21 PM
15 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
how the plan will affect the user or other aspects of the network. Thinking ahead can help ensure productivity doesnt
suffer and that downtime is minimized.
Implement and Test the Solution
Implement the action plan step by step to fix the problem. If multiple changes are made at once, you will be unable to
verify exactly what effect each adjustment had. Be sure to document each step because you can lose sight of what you
have tried in complex troubleshooting scenarios. Test the solution. Make sure the solution implemented actually solves
the problem and didnt cause any new ones. Use several options and situations to conduct the tests. Sometimes testing
over time is needed to ensure the solution is the correct one.
Identify the Results and Effects of the Solution
Verify that the user agrees that the problem is solved before you proceed with final documentation and closing the
request. Even if the problem is solved, and the solution was well thought- out and documented, there might cascading
effects elsewhere on the local system or on the network. Test for this before closing out the issue. If a major change was
made, it is advisable to continue monitoring and testing for several days or even weeks after the problem appears to be
resolved.
Document the Process and Solution
Document the problem and process used to arrived at the solution. Maintain the records as part of an overall
documentation plan. This will provide and ever-growing database of information specific to your network and also it will
be valuable reference material for future troubleshooting instances.especially if the problem is specific to the
organization. Creating a troubleshooting template with required information included in all trouble reports will ensure all
trouble reports are accurate and consistent no matter who completes them.
Domain 4.7: Troubleshoot Common Connectivity Issues and Select an Appropriate Solution
Crosstalk
Symptoms: Slow network performance and/or an excess of dropped or unintelligible packets. In telephony applications,
users hear pieces of voice or conversations from a separate line.
Causes: Generally crosstalk occurs when two cables run in parallel and the signal of one cable interferes with the other.
Crosstalk can also be caused by crossed or crushed wire pairs in twisted pair cabling.
Resolution: the use of twisted pair cabling or digital signal can reduce the effects of crosstalk. Maintaining proper
distance between cables can also help.
Near-End Crosstalk
Symptoms: Signal loss or interference
Causes: Near-end crosstalk is crosstalk that occurs closer along the cable to the transmitting end. Often occurs in or near
the terminating connector.
Resolution: Test with cable tester from both ends of the cable and correct any crossed or crushed wires. Verify that the
cable is terminated properly and that the twists in the pairs of wires are maintained.
Attenuation
Symptoms: Slow response from the network.
Causes: Attenuation is the degradation of signal strength.
Resolution: Use shorter cable runs, add more access points, and/or add repeaters and signal boosters to the cable path.
Or, evaluate the environment for interference. The interference you would look for would depend on the spectrum used.
Collisions
Symptoms: High latency, reduced network performance, and intermittent connectivity issues.
Causes: Collisions are a natural part of Ethernet networking as nodes attempt to access shred resources.
Resolution: Depends on the network. For example, replacing a hub with a switch will often solve the problem.
Shorts
Symptoms: Electrical shortscomplete loss of signal.
Causes: Two nodes of an electrical circuit that are meant to be at different voltages create a low- resistance connection
causing a short circuit.
Resolution: Use a TDR to detect and locate shorts. Replace cables and connectors with known working ones.
Open Impedance Mismatch
Symptoms: Also known as echo, the tell-tale sign of open mismatch is an echo on either the talker or listener end of the
connection.
Causes: The mismatching of electrical resistance.
Resolution: Use a TDR to detect impedance. Collect and review data,interpret the symptoms, and determine the root
cause in order to correct the cause.
Interference
Symptoms: Crackling, humming, and static are all signs of interference. Additionally, low throughput, network
degradation, and poor voice quality are also symptoms of interference.
Causes: RFI can be caused by a number of devices including cordless phones, Blue-Tooth devices, cameras, paging
systems, unauthorized access points, and clients in ad-hoc mode.
Resolution: Remove or avoid environmental interferences as much as possible. This may entail simply turning off
competing devices. Ensure there is adequate LAN coverage. To resolve problems proactively, test areas prior to
deployment using tools such as spectrum analyzers.
Port Speed
Symptoms: No or low speed connectivity between devices.
Causes: Ports are configured to operate at different speeds and are therefore incompatible with each other.
5/19/2014 3:21 PM
16 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
Resolution: Verify that equipment is compatible and operating at the highest compatible speeds. For example, if a switch
is running at 100 Mbs, but a computers NIC card runs at10 Mbs, the computer will run at the slower speed (10 Mbs).
Replace the card with one that runs at 100 Mbs and throughput will be increased to the higher level (or at least higher
levels since there are variables such as network congestion, etc.)
Port Duplex Mismatch
Symptoms: Late collisions, alignment errors, and FCS errors are present during testing.
Causes: Mismatches are generally caused by configuration errors. These occur when the switch port and a device are
configured to use a different duplex setting or when both ends are set to auto-negotiate the setting. Resolution: Verify
that the switch port and the device are configured to use the same duplex setting. This may entail having to upgrade one
of the devices.
Incorrect VLAN
Symptoms: No connectivity between devices.
Causes: Devices are configured to use different VLANs
Resolution: Reconfigure devices to use the same VLAN.
Incorrect IP Address
Symptoms: No connectivity between devices.
Causes: Either the source or destination device has an incorrect IP address.
Resolution: Use the ping command to determine if there is connectivity between devices. Resolution will depend on the
problem. If a network is running a rouge DHCP server, for example, two computers could have leased the same IP
address. Check TCP/IP configuration information using ipconfig /all on Window machines and ifconfig on Linux/UNIX
/Apple machines. In that case troubleshoot DHCP (it may be off line, etc.). It could be the case that a static IP address
was entered incorrectly. Check IP addresses; empty the arp cache on both computers.
Wrong Gateway
Symptoms: No connectivity between devices.
Causes: The IP address of the gateway is incorrect for the specified route.
Resolution: Change the IP address of the gateway to the correct address.
Wrong DNS
Symptoms: No connectivity between devices.
Causes: A device is configured to use the wrong DNS server.
Resolution: Open the network properties on a Windows machine. Open TCP/IP properties and check the IP address of
the DNS server listed for the client. Put in the correct IP address. Test for connectivity.
Wrong Subnet Mask
Symptoms: No connectivity between devices.
Causes: Either the source or destination device has an incorrect subnet mask.
Resolution: Use the ping command to determine if there is connectivity between devices. Check the IP address on both
devices. Change the incorrect subnet mask to a correct subnet mask. Test for connectivity.
Issues that should be IDd but Escalated
Switching Loop: Need spanning tree protocol to ensure loop free topologies.
Routing Loop: Packets are routed in a circle continuously.
Route Problems: Packets dont reach their intended destination. This could be caused by a number of things:
configuration problems, convergence (in which you have to wait for the discovery process to complete), or a broken
segment (a router is down, etc.).
Proxy arp: If mis-configured, DoS attacks can occur.
Broadcast Storms: The network becomes overwhelmed by constant broadcast traffic.
Wireless Connectivity Issues
Interference
Symptoms: Low throughput, network degradation, dropped packets, intermittent connectivity, and poor voice quality
are all symptoms caused by interference.
Causes: RFI can be caused by cordless phones, Bluetooth devices, cameras, paging systems, unauthorized access points,
metal building framing, and clients in ad-hoc mode.
Resolution: Remove or avoid environmental interferences as much as possible.
Incorrect Encryption
Symptoms: For wireless, if encryption levels between two devices (access point and client) do not match, connection is
impossible. Similarly, if different encryption keys are used between to devices they cant negotiate the key information
for verification and decryption in order to initiate communication.
Causes: Improper configuration.
Resolution: Ensure that security settings match between and among devices.
Congested Channel
Symptoms: Very slow speeds.
Causes: Interference from neighboring wireless network; congested network channel.
Resolution: Many wireless routers are set to auto configure the wireless channel. Try logging into the router and
manually change the channel the wireless router is operating on.
Incorrect Frequency
5/19/2014 3:21 PM
17 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
Symptoms: No connectivity.
Causes: In wireless, devices must operate on the same frequency. A device for a 802.11a frequency cant communicate
with one designed for 802.11b.
Resolution: Deploy devices that operate on the same frequency.
ESSID Mismatch
Symptoms: No connectivity between devices.
Causes: Devices are configured to use different ESSIDs.
Resolution: Set the devices to use the same SSID. Ensure that the wireless client and the access point are the same.
Note: SSIDs are case sensitive.
Standard Mismatch
Symptoms: No connectivity between devices.
Causes: Devices are configured to use different standards such as 802.11a/b/g/n.
Resolution: Devices have to be chosen to work together. 802.11a, for example, is incompatible with 802.11b/g because
the first operates at 5 GHz and the second at 2.4 GHz. O a 802.11g router could be set only for g mode and you are
trying to connect with a 802.11b wireless card. Change the mode on the router.
Distance
Symptoms: Slow connection and low throughput.
Causes: The distance between two points may be to blame for this connectivity issue. The longer the distance between
the two points the prominent the problem may become. Issues that can occur between the two points include latency,
packet loss, retransmission, or transient traffic.
Resolution: I f the issue is with cabling, do not exceed distance limitations. If the issue is with wireless, you may need to
increase coverage. Use a spectrum analyzer to determine coverage and signal strength.
Bounce
Symptoms: No or low connectivity between devices.
Causes: Signal from device bounces off obstructions and is not received buy the receiving device.
Resolution: If possible, move one device or the other to avoid obstructions. Monitor performance and check for
interference.
Incorrect Antenna Placement
Symptoms: No or low signal and connectivity.
Causes: The position of the access points antenna can negatively affect overall performance.
Resolution: Change the position of the antenna and monitor device performance.
IPCONFIG - This command is used to view network settings from a Windows computer command line. Below are the
ipconfig switches that can be used at a command prompt.
ipconfig /all will display all of your IP settings.
ipconfig /renew forces the DHCP server, if available to renew a lease.
ipconfig /release forces the release of a lease.
IFCONFIG - IFCONFIG is a Linux/Unix command line tool that is similar to IPCONFIG in Windows. Common uses for
ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface. At boot time,
many UNIX-like operating systems initialize their network interfaces with shell-scripts that call ifconfig. As an interactive
tool, system administrators routinely use the utility to display and analyze network interface parameters.
PING - PING (Packet InterNet Groper) is a command-line utility used to verify connections between networked
devices. PING uses ICMP echo requests that behave similarly to SONAR pings. The standard format for the command is
ping ip_address/hostname. If successful, the ping command will return replies from the remote host with the time it took
to receive the reply. If unsuccessful, you will likely recieve and error message. This is one of the most important tools
5/19/2014 3:21 PM
18 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
ARP PING (ARPING) - ARPING is a computer software tool that is used to discover hosts on a computer network.
The program tests whether a given IP address is in use on the local network, and can get additional information about
the device using that address. The arping tool is similar in function to ping, which probes hosts using the Internet Control
Message Protocol at the Internet Layer (OSI Layer 3). Arping operates at the Link Layer (OSI Layer 2) using the Address
Resolution Protocol (ARP) for probing hosts on the local network (link) only, as ARP cannot be routed across gateways
(routers). However, in networks employing repeaters that use proxy ARP, the arping response may be coming from such
proxy hosts and not from the probed target.
NSLOOKUP - This is a command that queries a DNS server for machine name and address information. Originally
written for Unix operating systems, this command is now available on Windows and other operating systems. To use
nslookup, type "nslookup" followed by an IP address, a computer name, or a domain name. NSLOOKUP will return the
name, all known IP addresses and all known aliases (which are just alternate names) for the identified machine.
NSLOOKUP is a useful tool for troubleshooting DNS problems.
Hostname - The hostname command is used to show or set a computer's host name and domain name. It is one of
the most basic of the network administrative utilities. A host name is a name that is assigned to a host (i.e., a computer
connected to the network) that uniquely identifies it on a network and thus allows it to be addressed without using its full
IP address. Domain names are user-friendly substitutes for numeric IP addresses.
Dig (domain information groper) - Dig is a Linux/Unix tool for interrogating DNS name servers. It performs DNS
lookups and displays the answers that are returned from the name server(s) that were queried.
Mtr - Mtr is a Linux command line tool that combines the functionality of the traceroute and ping programs in a single
network diagnostic tool.
Route - The route command is used to display and manipulate a local routing table. Examples of its use include
adding and deleting a static route. This tool is available in Unix, Linux and Windows.
NBTSTAT - Is a Windows utility used to troubleshoot connectivity problems between 2 computers communicating via
NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS name
cache and gives MAC address.
NETSTAT - Is a Windows, Linux, and Unix command-line tool that displays network connections (both incoming and
outgoing), routing tables, and a number of network interface statistics. It is used for finding problems in the network and
to determine the amount of traffic on the network as a performance measurement.
5/19/2014 3:21 PM
19 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
5/19/2014 3:21 PM
20 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
systems from multiple sessions, appearing as a possible Distributed Denial of Service (DDoS) attack.
Zones demarcation points from one network type to another. Networks internal to a company are considered
internal zones or intranets. A network external to the internal network is generally considered the internet or external
zones. If there is a network that the company manages that is not a part of the internal intranet but is in place between
the intranet and the internet this is called the demilitarized zone or the DMZ. The main purpose of this zone is to act as
an additional layer of security buffer between the intranet and the internet.
5/19/2014 3:21 PM
21 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization
and directory services that can store and, when necessary, revoke the certificates.
Kerberos - Invented by MIT, this protocol has been evolving in the Unix world for over a decade and has become a
standard in Windows operating systems. Kerberos is a network authentication protocol which utilizes symmetric
cryptography to provide authentication for client-server applications. The core of a Kerberos architecture is the KDC (Key
Distribution Server) that serves as the trusted third party and is responsible for storing authentication information and
using it to securely authenticate users and services. In order for this security method to work, it is paramount that the
KDC is available and secure. The clocks of all hosts involved must be synchronized as well.
AAA - AAA commonly stands for authentication, authorization and accounting.
RADIUS (Remote Authentication Dial In User Service) - RADIUS is a networking protocol that provides
centralized Authentication, Authorization, and Accounting (AAA) management and provides a method that allows
multiple dial-in Network Access Server (NAS) devices to share a common authentication database. RADIUS is
often used by ISPs and enterprises to manage access to the Internet or internal networks, and wireless networks.
Microsoft's answer to corporate wireless security is the use of RADIUS authentication through its Internet
Authentication Services (IAS) product.
TACACS+ (Terminal Access Controller Access-Control System) - TACACS+ is a proprietary Cisco security
application that provides centralized validation of users attempting to gain access to a router or network access
server. The TACACS+ protocol provides authentication between the network access server and the TACACS+
daemon, and it ensures confidentiality because all protocol exchanges between a network access server and a
TACACS+ daemon are encrypted. Whereas RADIUS combines authentication and authorization in a user profile,
TACACS+ separates the two operations. Another difference is that TACACS+ uses the Transmission Control
Protocol (TCP) while RADIUS uses the User Datagram Protocol (UDP).
802.1X - 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). This standard is designed to
enhance the security of wireless local area networks (WLANs) by providing an authentication framework that allows a
user to be authenticated by a central authority. It is used for securing wireless 802.11 access points and is based on the
Extensible Authentication Protocol (EAP).
CHAP (Challenge Handshake Authentication Protocol) - A type of authentication protocol used on PPP
connections. CHAP uses a 3-way handshake in which the authentication agent sends the client program a key to be used
to encrypt the user name and password. CHAP not only requires the client to authenticate itself in the beginning, but
sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder.
MS-CHAP (MicroSoft Challenge Handshake Authentication Protocol) - This is Microsoft's version of CHAP and is
a one-way encrypted password, mutual authentication process used in Windows operating systems. Like the standard
version of CHAP, MS-CHAP is used for PPP authentication, but is considered by some to be more secure. MS-CHAPv2 was
released to solve many of the problems and deficiencies of the first version.
EAP (Extensible Authentication Protocol) - EAP is an extension to the Point-to-Point Protocol (PPP) was developed
in response to an increasing demand to provide an industry-standard architecture for support of additional authentication
methods within PPP. EAP is an authentication framework, not a specific authentication mechanism that is typically used
on wireless networks. It provides some common functions and negotiation of authentication methods, called EAP
methods. There are roughly 40 different methods defined. Commonly used methods capable of operating in wireless
networks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS. When EAP is invoked by an 802.1X enabled
Network Access Server (NAS) device such as an 802.11 Wireless Access Point, modern EAP methods can provide a
secure authentication mechanism and negotiate a secure Pair-wise Master Key (PMK) between the client and NAS. The
PMK can then be used for the wireless encryption session which uses TKIP or CCMP (based on AES) encryption. Strong
EAP types such as those based on certificates offer better security against brute-force or dictionary attacks and password
guessing than password-based authentication protocols, such as CHAP or MS-CHAP.
5/19/2014 3:21 PM
22 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
Secure File Transfer Protocol (SFTP) sometimes called SSH file transfer protocol is a network protocol that
provides secured, encrypted file transfer capability over TCP port 22 by default.
Secure Copy Protocol (SCP) Application Layer protocol in the Internet Protocol Suite that leverages the Secure
Shell (SSH) protocol using TCP port 22 by default to copy files from system to system on the same network or across
different networks.
Telnet - Application Layer protocol in the Internet Protocol Suite that was traditionally used to connect dumb
terminals to mainframe systems. Today it is sometimes used to connect to headless network equipment such as switches
and routers by using a command window. It is a client server protocol that runs on port 23 by default, and does not
encrypt any data sent over the connection.
Hypertext Transfer Protocol (HTTP) Application Layer protocol in the Internet Protocol Suite that is the standard
protocol in use on the World Wide Web. Operating on port 80 by default, internet clients contact a web server and
request pages back from that server to their web browsers which render the returned content from the connection call.
File Transfer Protocol (FTP) Application Layer protocol in the Internet Protocol Suite that uses port 20 for data
connections and listens on port 21. Often FTP is set up for anonymous access for the putting and getting of files. Even
when user name identification is required and password authentication is request to systems using FTP it is done via
clear text.
Remote Shell (RSH) a command line program which can execute shell commands as another user and on another
computer across a computer network. All of the commands that are sent are done in clear text and any authentication is
also sent over the wire unencrypted. Secure Shell (SSH) is the secure replacement for this utility.
Remote Copy Protocol (RCP) a Unix based command line utility that is used to copy data from one system to
another. The utility sends unencrypted information over the network including any applicable account and password
information. It has been replaced by Secure File Transfer Protocol (SFTP) which is sometimes called SSH file transfer
protocol.
Simple Network Management Protocol versions 1 or 2 (SNMP) Application Layer protocol in the Internet
Protocol Suite that is used for system management and configuration. Version 1 was originally introduced in the late 80s
and does not have really any applicable security features available. Authentication is performed using the community
string", which is effectively nothing more than a password and that was transmitted in clear text. Version 2 did offer
some improvements in performance, security, and confidentiality but it did this through a party-based security system
that was considered overly complex and it was not widely accepted as a result.
5/19/2014 3:21 PM
23 of 23
http://www.mcmcse.com/comptia/network/N10004_study_guide....
information gathering, fraud, or computer system access. Phishing, a form of social engineering, is the fraudulent
process of attempting to acquire sensitive information such as usernames, passwords and credit card details by
masquerading as a trustworthy entity in an electronic communication such as email, chat, or instant messaging.
Mitigation Techniques - For the purposes of this guide, we can't cover all of the various options to prevent security
breaches, so we'll keep it brief with the following:
Policies and Procedures an outline in a group, organization or across an enterprise which outlines different sets
of standards and actions. These will often define acceptable use of network systems and repercussions for
violations. Generally they are drafted by system and network administrators as an outline of service and use and
legal will generally tighten up the actual meaning. Management will ultimately need to follow up with approval
authorization and who will actually enforce them.
User Training skills that need to be communicated to the end user community that are using the network
resources and connected systems. This training usually consists of rudimentary explanations of expected and
acceptable use and what the procedures are for violations. Additionally, it will include some basic level of
explanation of security threats and how user interaction can help defend the network as well as make it more at
risk when the wrong actions are taken.
Patches and Updates operating system updates and application fixes that are released to enhance security
features or to fix known issues with software. Generally, most of the patches and some of the updates are
released in order to correct recently discovered security deficiencies in the code. These updates are always
delivered by the application owner unless a specific agreement is made between the application owner and
another vendor. Users and administrators would generally download these updates manually to install onto
systems or set up some type of automated system for delivery to managed systems and devices.
IT Showcase
5/19/2014 3:21 PM