User(s) are complaining of delays when using the network.

What
would you do? There are lots of concerns that cause network delays, The
Administrator / Network Engineer must check the following simple tasks
before he / she proceed.
 Get the user(s) to demonstrate the problem.
 Determine how many other users are affected.
 Ensure desktop hardware and configuration is OK.
 Trace all connections (they may be on another subnet).
 Commence some monitoring or diagnostics.
 Determine problem (if there is one).
 Check for the virus / spyware activity.
 If everything seems OK, then try to restart the router / switch, same
time try to restart the system.

Name some of the ways of combining TCP/IP traffic and SNA traffic
over the same link.
 DLSw (Data Link Switching)(aka RFC1434)
 RFC1490 (frame relay carrier)
 Serial Tunneling (STUN)
 BAN or BNN (Boundary Access Node, Boundary Network Node)

What sort of cabling is suitable for Fast Ethernet protocols?

 CAT5
 CAT6
 CAT7

What is a Class D IP address?

Class D IP Address is used in Internet Protocol version 4 (IPv4), Class D IP
address beginning with a binary 1110. Class D addresses are reserved for
multicast applications only.
Leading Default
Class Start IP End IP
bitts SNM
Class 224.0.0 239.255.255.
1110 NA
D .0 255
Bit-wise representation
Class D
224. 0. 0. 0 = 11100000.00000000.00000000.00000000
239.255.255.255 = 11101111.11111111.11111111.11111111
1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX

What is Firewall?
A firewall is a secure and trusted machine that sits between a private
network and a public network. The firewall machine is configured with a set
of rules that determine which network traffic will be allowed to pass and
which will be blocked or refused. In some large organizations, you may even
find a firewall located inside their corporate network to segregate sensitive
areas of the organization from other employees. Many cases of computer
crime occur from within an organization, not just from outside.

How do I monitor the activity of sockets?

You can use Microsoft’s packet monitor software here for network activity
events, or Microsoft's NetMon. If you want to use some free 3rd party
software’s like; nirsofts Socket Sniffer small but yet powerful and free...

What are RAW sockets?

A Raw Sockets or R-Sockets are a socket that allows access to packet
headers on incoming and outgoing packets. Raw sockets always receive the
packets with the packet header included.

What is the role of TCP protocol and IP protocol?

The role of TCP is to the data form one machine to another machine in
network and the role of IP is to identify the machine in the network.

What is UDP?
User Datagram Protocol or UDP is part of the Internet Protocol suite, using
which, programs running on different computers on a network can send short
messages known as Datagram’s to one another. UDP can be used in
networks where TCP is traditionally used, but unlike TCP, it does not
guarantee reliability or the right sequencing of data. Datagram’s may go
missing without notice, or arrive in a different order from the one in which
they were sent.

Name Layers in TCP/IP?

Link Layer
Internet Layer
Transport Layer
Application Layer

how can I be sure that a UDP message is received?

UDP stands for: User Datagram Protocol is connectionless and unreliable.
It’s also called connectionless Protocol. The packets sent using UDP can go
missing without senders information, but It is very fast compared to other
methods, which is why it is used, there is no acknowledgement sent back to
the source to let it know everything arrived ok.

How to get IP header of a UDP message?

How many bytes in an IPX network address?
An IPX address uses 80 bits, or 10 bytes, of data. The first four bytes show
the network address, and the last six bytes always represent the node
address, which is the MAC address. An example is
00007C80.0000.8609.33E9. The first eight hex digits (00007C80) represent
the network portion of the address.
What is the difference between MUTEX and Semaphore?
The Difference is, MUTEX will only let its owner an access, While Semaphore
can allow number of "UNKNOWN" Access.

What is priority inversion?

Priority inversion is a situation where in lower priority tasks will run blocking
higher priority tasks waiting for resource.

What is DHCP?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that
enables a server to automatically assign an IP address to a computer from a
defined range of numbers configured for a given network.

Name some routing protocols

• RIP(ROUTING INFORMATION PROTOCOL)

• IGRP( INTERIOR GATEWAY ROUTING PROTOCOL)
• EIGRP(ENHANCED INTERIOR GATEWAY ROUTING PROTOCOL)
• OSPF (OPEN SHORTEST PATH FIRST)
• BGP( BORDER GATEWAY PROTOCOL)

Explain Kerberos Protocol?

Kerberos is an authentication protocol that has become very popular .three
server is involved in the Kerberos protocol.

• Authentication server (AS)

• Ticket granting Server (TGS)
• Real server

Difference between Discretionary Access Control (DAC) and

Mandatory Access Control (MAC)?
DAC is used by itself according to it is access and controlled while
mass it has to be compulsory give the access control.
MAC is designed and enforced in the initial stages and cannot be
changed by entity; from a laymen angle: OS writing to BIOS is not
allowed.
DAC is designed in such a way that access shall be granted based on
the discretion; ex. database table access.
Explain how traceroute, ping, and tcpdump work and what they are
used for?
Traceroute, ping, and tcpdump test the connectivity of the destination in
question by sending ICMP packets and checking the response (TTL) which is
the routers encountered in the path. They are used to check the connectivity
and the distance to the destination.

Describe what a VPN is and how it works?

VPN Virtual Private Network, A service which provides secure network
connectivity between two remote locations over a insecure network
(internet/ISP).

How do you display a routing table?

The function and syntax of the Windows ROUTE command is similar to the
UNIX or Linux route command. Use the command to manually configure the
routes in the routing table.

C:\Documents and Settings\Administrator>route print

==============================================
=============================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 19 d1 67 d2 f3 ...... Intel(R) PRO/100 VE Network
Connection (Microsoft's Packet Scheduler)
==============================================
=============================
==============================================
=============================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 1
192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 1
224.0.0.0 224.0.0.0 192.168.1.69 192.168.1.69 1
255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1
Default Gateway: 192.168.1.1
==============================================
=============================
Persistent Routes:
None

What is a route flap?

In computer networking and telecommunications, route flapping occurs when
a router alternately advertises a destination network via one route then
another (or as unavailable, and then available again) in quick sequence. A
closely related term is interface flapping where an interface on a router has a
hardware failure that will cause the router to announce it alternately as "up"
and "down".

What is a metric?
Metrics is a property of a route in computer networking; consisting of any
value used by routing algorithms to determine whether one route should
perform better than another (the route with the lowest metric is the
preferred route). The routing table stores only the best possible routes, while
link-state or topological databases may store all other information as well.
For example, Routing Information Protocol uses hopcount (number of hops)
to determine the best possible route.

A Metric can include:

• number of hops (hop count)

• speed of the path
• latency (delay)
• path reliability
• path bandwidth
• load
• MTU

In EIGRP, metrics is represented by an integer from 0 to 4294967295.

In Microsoft Windows XP routing it ranges from 1 to 9999.

What is Active Directory?

An active directory is a directory structure used on Microsoft Windows based
computers and servers to store information and data about networks and
domains. It is primarily used for online information and was originally created
in 1996 and first used with Windows 2000.

Can you connect Active Directory to other 3rd-party Directory

Services? Name a few options.
Yes you can connect other vendors.
Examples: E-directory from Novell

where is the AD database held? What other files are related to AD?
AD Database is saved in %systemroot%/ntds.You can see other files also in
this folder. These are the main files controlling the AD structure
 ntds.dit
 edb.log
 res1.log
  res2.log
 Edb.chk

What is the SYSVOL folder?

All active directory data base security related information store in SYSVOL
folder and its only created on NTFS partition.

Name the AD NCs and replication issues for each NC

*Schema NC, *Configuration NC, * Domain NC
Schema NC This NC is replicated to every other domain controller in the
forest. It contains information about the Active Directory schema, which in
turn defines the different object classes and attributes within Active
Directory.
Configuration NC Also replicated to every other DC in the forest, this NC
contains forest-wide configuration information pertaining to the physical
layout of Active Directory, as well as information about display specifies and
forest-wide Active Directory quotas.
Domain NC This NC is replicated to every other DC within a single Active
Directory domain. This is the NC that contains the most commonly-accessed
Active Directory data: the actual users, groups, computers, and other objects
that reside within a particular Active Directory domain.

What are application partitions? When do I use them

Application Directory Partition is a partition space in Active Directory which
an application can use to store that application specific data. This partition is
then replicated only to some specific domain controllers.
The application directory partition can contain any type of data except
security principles (users, computers, groups).

How do you create a new application partition

The DnsCmd command is used to create a new application directory
partition. Ex. to create a partition named NewPartition on the domain
controller DC1.contoso.com, log on to the domain controller and type
following command.
DnsCmd DC1/createdirectorypartition NewPartition.contoso.com

How do you view replication properties for AD partitions and DCs?

By using replication monitor --- go to start > run > type Replmon

How do you view all the GCs in the forest?

C:\>repadmin /showreps
domain_controller
OR
You can use Replmon.exe for the same purpose.
OR
AD Sites and Services and nslookup gc._msdcs.%USERDNSDOMAIN%
Why not make all DCs in a large forest as GCs?
With too many DCs are configured to become the GC servers, it will cause
the replication overhead between the DCs across the forest.

What are the Support Tools? Why do I need them?

Support Tools are the tools that are used for performing the complicated
tasks easily. These can also be the third party tools. Some of the Support
tools include DebugViewer, DependencyViewer, RegistryMonitor, etc.

What is LDP? What is REPLMON? What is ADSIEDIT? What is

NETDOM? What is REPADMIN?
Answer is Here

What are sites? What are they used for?

One or more well-connected (highly reliable and fast) TCP/IP subnets. A site
allows administrators to configure Active Directory access and replication
topology to take advantage of the physical network.

What's the difference between a site link's schedule and interval?

Schedule enables you to list weekdays or hours when the site link is
available for replication to happen in the give interval. Interval is the re
occurrence of the inter site replication in given minutes. It ranges from 15 -
10,080 mins. The default interval is 180 mins.

What is the KCC?

The Knowledge Consistency Checker (KCC) is a built-in process that runs on
each domain controller and regenerates the replication topology for all
directory partitions that are contained on that domain controller. The KCC
runs at specified intervals of every 15 minutes by default and designates
replication routes between domain controllers that are most favorable
connections that are available at the time.

What is the ISTG? Who has that role by default?

Intersite Topology Generator (ISTG), which is responsible for the connections
among the sites. By default Windows 2003 Forest level functionality has this
role.

What can you do to promote a server to DC if you're in a remote

location with slow WAN link? You will create a copy of the system state
from an existing DC and copy it to the new remote server. Run "Dcpromo
/adv". You will be prompted for the location of the system state files

What is an IP address?
An Internet Protocol (IP) address is a numerical label that is assigned to
devices participating in a computer network that uses the Internet Protocol
for communication between its nodes

what is a subnet mask?

A subnetwork, or subnet, is a logically visible, distinctly addressed part of a
single Internet Protocol network.[1][2] The process of subnetting is the
division of a computer network into groups of computers that have a
common, designated IP address routing prefix

What is ARP?
A subnetwork, or subnet, is a logically visible, distinctly addressed part of a
single Internet Protocol network.[1][2] The process of subnetting is the
division of a computer network into groups of computers that have a
common, designated IP address routing prefix

What is ARP Cache Poisoning?

ARP cache poisoning, also known as ARP spoofing, is the process of falsifying
the source Media Access Control (MAC) addresses of packets being sent on
an Ethernet network. It is a MAC layer attack that can only be carried out
when an attacker is connected to the same local network as the target
machines, limiting its effectiveness only to networks connected with
switches, hubs, and bridges; not routers.

What is the ANDing process?

In order to determine whether a destination host is local or remote, a
computer will perform a simple mathematical computation referred to as an
AND operation. While the sending host does this operation internally,
understanding what takes place is the key to understanding how an IP-based
system knows whether to send packets directly to a host or to a router.

What is a default gateway? What happens if I don't have one?

A Default gateway is a node (a router/adsl router/internet modem) on a
TCP/IP Network that serves as an access point to another network.a default
geteway is used by a host when the ip's packet destination address belongs
to someplace outside the local subnet.

What is a subnet?
A subnet (short for "subnetwork") is an identifiably separate part of an
organization's network. Typically, a subnet may represent all the machines
at one geographic location, in one building, or on the same local area
network (LAN). Having an organization's network divided into subnets allows
it to be connected to the Internet with a single shared network address.
Without subnets, an organization could get multiple connections to the
Internet, one for each of its physically separate subnetworks, but this would
require an unnecessary use of the limited number of network numbers the
Internet has to assign. It would also require that Internet routing tables on
gateways outside the organization would need to know about and have to
manage routing that could and should be handled within an organization.

What is APIPA?
Short for Automatic Private IP Addressing, a feature of later Windows
operating systems. With APIPA, DHCP clients can automatically self-configure
an IP address and subnet mask when a DHCP server isn't available. When a
DHCP client boots up, it first looks for a DHCP server in order to obtain an IP
address and subnet mask. If the client is unable to find the information, it
uses APIPA to automatically configure itself with an IP address from a range
that has been reserved especially for Microsoft. The IP address range is
169.254.0.1 through 169.254.255.254. The client also configures itself with a
default class B subnet mask of 255.255.0.0. A client uses the self-configured
IP address until a DHCP server becomes available.

The APIPA service also checks regularly for the presence of a DHCP server
(every five minutes, according to Microsoft). If it detects a DHCP server on
the network, APIPA stops, and the DHCP server replaces the APIPA
networking addresses with dynamically assigned addresses.

APIPA is meant for non routed small business environments, usually less than
25 clients.

What is an RFC?
A Request for Comments (RFC) document defines a protocol or policy used
on the Internet. An RFC can be submitted by anyone. Eventually, if it gains
enough interest, it may evolve into an Internet Standard (see FAQ XXX).
Each RFC is designated by an RFC number. Once published, an RFC never
changes. Modifications to an original RFC are assigned a new RFC number.

What is CIDR?
Classless Inter-Domain Routing (CIDR) is a methodology of allocating IP
addresses and routing Internet Protocol packets.

You have the following Network ID: 192.115.103.64/27. What is the IP range
for your network?
It ranges from 192.115.103.64 - 192.115.103.96
But the usable address are from 192.115.103.64 -192.115.103.94
192.115.103.95 - it is the broadcast address
192.115.103.96 - will be the ip address of next range
we can use 30 hostess in this network

You have the following Network ID: 131.112.0.0. You need at least
500 hosts per network. How many networks can you create? What
subnet mask will you use?
Subnetmask is 255.255.252.0, we can create 4 subnet and atleast we can
connect 500host per network
What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain DHCP
options. While PPP remote access clients do not use DHCP to obtain IP
addresses for the remote access connection, Windows 2000 and Windows 98
remote access clients use the DHCPInform message to obtain DNS server IP
addresses, WINS server IP addresses, and a DNS domain name. The
DHCPInform message is sent after the IPCP negotiation is concluded. The
DHCPInform message received by the remote access server is then
forwarded to a DHCP server. The remote access server forwards DHCPInform
messages only if it has been configured with the DHCP Relay Agent.

What is an Object server?

With an object server, the Client/Server application is written as a set of
communicating objects. Client object communicate with server objects using
an Object Request Broker (ORB). The client invokes a method on a remote
object. The ORB locates an instance of that object server class, invokes the
requested method and returns the results to the client object. Server objects
must provide support for concurrency and sharing. The ORB brings it all
together.

What is a Transaction server?

With a transaction server, the client invokes remote procedures that reside
on the server with an SQL database engine. These remote procedures on the
server execute a group of SQL statements. The network exchange consists of
a single request/reply message. The SQL statements either all succeed or fail
as a unit.

What is a Database Server?

With a database server, the client passes SQL requests as messages to the
database server. The results of each SQL command are returned over the
network. The server uses its own processing power to find the request data
instead of passing all the records back to the client and then getting it find
its own data. The result is a much more efficient use of distributed
processing power. It is also known as SQL engine.

What are the most typical functional units of the Client/Server

applications?
User interface
Business Logic and
Shared data.

What are all the Extended services provided by the OS?

Ubiquitous communications
Network OS extension
Binary large objects (BLOBs)
Global directories and Network yellow pages
Authentication and Authorization services
System management
Network time
Database and transaction services
Internet services
Object- oriented services

What are Triggers and Rules?

Triggers are special user defined actions usually in the form of stored
procedures, that are automatically invoked by the server based on data
related events. It can perform complex actions and can use the full power of
procedural languages.
A rule is a special type of trigger that is used to perform simple checks on
data.

What is meant by Transparency?

Transparency really means hiding the network and its servers from the users
and even the application programmers.

What are TP-Lite and TP-Heavy Monitors?

TP-Lite is simply the integration of TP Monitor functions in the database
engines. TP-Heavy are TP Monitors which supports the Client/Server
architecture and allow PC to initiate some very complex multiserver
transaction from the desktop.

What are the two types of OLTP?

TP lite, based on stored procedures. TP heavy, based on the TP monitors.

What is a Web server?

This new model of Client/Server consists of thin, protable, "universal" clients
that talk to superfat servers. In the simplet form, a web server returns
documents when clients ask for them by name. The clients and server
communicate using an RPC-like protocol called HTTP.

What are Super servers?

These are fully-loaded machines which includes multiprocessors, high-speed
disk arrays for intervive I/O and fault tolerant features.

What is a TP Monitor?
There is no commonly accepted definition for a TP monitor. According to Jeri
Edwards' a TP Monitor is "an OS for transaction processing".

TP Monitor does mainly two things extremely well. They are Process
management and Transaction management?
They were originally introduced to run classes of applications that could
service hundreds and sometimes thousands of clients. TP Monitors provide
an OS - on top of existing OS - that connects in real time these thousands of
humans with a pool of shared server processes.

What is meant by Asymmetrical protocols?

There is a many-to-one relationship between clients and server. Clients
always initiate the dialog by requesting a service. Servers are passively
awaiting for requests from clients.

What are the types of Transparencies?

The types of transparencies the NOS middleware is expected to provide are:-
Location transparency
Namespace transparency
Logon transparency
Replication transparency
Local/Remote access transparency
Distributed time transparency
Failure transparency and
Administration transparency.

What is the difference between trigger and rule?

The triggers are called implicitly by database generated events, while stored
procedures are called explicitly by client applications.

What are called Transactions?

The grouped SQL statements are called Transactions (or) A transaction is a
collection of actions embossed with ACID properties.

What are the building blocks of Client/Server?

The client, the server and Middleware.

Explain the building blocks of Client/Server?

The client side building block runs the client side of the application.
The server side building block runs the server side of the application.

The middleware building block runs on both the client and server
sides of an application. It is broken into three categories:-

Transports stack
Network OS
Service-specific middleware.

What are all the Base services provided by the OS?

Task preemption
Task priority
Semaphores
Interprocess communications (IPC)
Local/Remote Interprocess communication
Threads
Intertask protection
Multiuser
High performance file system
Efficient memory management and
Dynamically linked Run-time extensions.

What are the characteristics of Client/Server?

Service
Shared resources
Asymmetrical protocols
Transparency of location
Mix-and-match
Message based exchanges
Encapsulation of services
Scalability
Integrity
Client/Server computing is the ultimate "Open platform". It gives the
freedom to mix-and-match components of almost any level. Clients and
servers are loosely coupled systems that interact through a message-passing
mechanism.

What is Remote Procedure Call (RPC)?

RPC hides the intricacies of the network by using the ordinary procedure call
mechanism familiar to every programmer. A client process calls a function
on a remote server and suspends itself until it gets back the results.
Parameters are passed like in any ordinary procedure. The RPC, like an
ordinary procedure, is synchronous. The process that issues the call waits
until it gets the results.
Under the covers, the RPC run-time software collects values for the
parameters, forms a message, and sends it to the remote server. The server
receives the request, unpack the parameters, calls the procedures, and
sends the reply back to the client. It is a telephone-like metaphor.

What are the main components of Transaction-based Systems?

Resource Manager
Transaction Manager and
Application Program

What are the three types of SQL database server architecture?

Process-per-client Architecture. (Example: Oracle 6, Informix )
Multithreaded Architecture. (Example: Sybase, SQL server)
Hybrid Architecture
What are the Classification of clients?
Non-GUI clients - Two types are:-
Non-GUI clients that do not need multi-tasking
(Example: Automatic Teller Machines (ATM), Cell phone)
Non-GUI clients that need multi-tasking
(Example: ROBOTs)

GUI clients
OOUI clients

What are called Non-GUI clients, GUI Clients and OOUI Clients?
Non-GUI Client: These are applications, generate server requests with a
minimal amount of human interaction.
GUI Clients: These are applicatoins, where occassional requests to the server
result from a human interacting with a GUI
(Example: Windows 3.x, NT 3.5)
OOUI clients : These are applications, which are highly-iconic, object-oriented
user interface that provides seamless access to information in very visual
formats.
(Example: MAC OS, Windows 95, NT 4.0)

What is Message Oriented Middleware (MOM)?

MOM allows general purpose messages to be exchanged in a Client/Server
system using message queues. Applications communicate over networks by
simply putting messages in the queues and getting messages from queues.
It typically provides a very simple high level APIs to its services.
MOM's messaging and queuing allow clients and servers to communicate
across a network without being linked by a private, dedicated, logical
connection. The clients and server can run at different times. It is a post-
office like metaphor.

What is meant by Middleware?

Middleware is distributed software needed to support interaction between
clients and servers. In short, it is the software that is in the middle of the
Client/Server systems and it acts as a bridge between the clients and
servers. It starts with the API set on the client side that is used to invoke a
service and it covers the transmission of the request over the network and
the resulting response.
It neither includes the software that provides the actual service - that is in
the servers domain nor the user interface or the application login - that's in
clients domain.

What are the functions of the typical server program?

It waits for client-initiated requests. Executes many requests at the same
time. Takes care of VIP clients first. Initiates and runs background task
activity. Keeps running. Grown bigger and faster.
What is meant by Symmentric Multiprocessing (SMP)?
It treats all processors as equal. Any processor can do the work of any other
processor. Applications are divided into threads that can run concurrently on
any available processor. Any processor in the pool can run the OS kernel and
execute user-written threads.

What is General Middleware?

It includes the communication stacks, distributed directories, authentication
services, network time, RPC, Queuing services along with the network OS
extensions such as the distributed file and print services.

What are Service-specific middleware?

It is needed to accomplish a particular Client/Server type of services which
includes:-
Database specific middleware
OLTP specific middleware
Groupware specific middleware
Object specific middleware
Internet specific middleware and
System management specific middleware.

What is meant by Asymmetric Multiprocessing (AMP)?

It imposses hierarchy and a division of labour among processors. Only one
designated processor, the master, controls (in a tightly coupled
arrangement) slave processors dedicated to specific functions.

What is OLTP?
In the transaction server, the client component usually includes GUI and the
server components usually consists of SQL transactions against a database.
These applications are called OLTP (Online Transaction Processing) OLTP
Applications typically,
Receive a fixed set of inputs from remote clients. Perform multiple pre-
compiled SQL comments against a local database. Commit the work and
Return a fixed set of results.

What is meant by 3-Tier architecture?

In 3-tier Client/Server systems, the application logic (or process) lives in the
middle tier and it is separated from the data and the user interface. In
theory, the 3-tier Client/Server systems are more scalable, robust and
flexible.
Example: TP monitor, Web.

What is meant by 2-Tier architecture?

In 2-tier Client/Server systems, the application logic is either burried inside
the user interface on the client or within the database on the server.
Example: File servers and Database servers with stored procedures.
What is Load balancing?
If the number of incoming clients requests exceeds the number of processes
in a server class, the TP Monitor may dynamically start new ones and this is
called Load balancing.

What are called Fat clients and Fat servers?

If the bulk of the application runs on the Client side, then it is Fat clients. It is
used for decision support and personal software.
If the bulk of the application runs on the Server side, then it is Fat servers. It
tries to minimize network interchanges by creating more abstract levels of
services.

What is meant by Horizontal scaling and Vertical scaling?

Horizontal scaling means adding or removing client workstations with only a
slight performance impact. Vertical scaling means migrating to a larger and
faster server machine or multiservers.

What is Groupware server?

Groupware addresses the management of semi-structured information such
as text, image, mail, bulletin boards and the flow of work. These
Client/Server systems have people in direct contact with other people.

What are the two broad classes of middleware?

General Middleware
Service-specific middleware

What are the types of Servers?

File servers
Database servers Transaction servers Groupware servers Object servers Web
servers.

What is a File server?

File servers are useful for sharing files across a network. With a file server,
the client passes requests for file records over network to file server.

What are the five major technologies that can be used to create
Client/Server applications?
Database Servers
TP Monitors
Groupware
Distributed Objects
Intranets.

What is Client/Server?
Clients and Servers are separate logical entities that work together over a
network to accomplish a task. Many systems with very different architectures
that are connected together are also called Client/Server.

List out the benefits obtained by using the Client/Server oriented TP

Monitors?
Client/Server applications development framework.
Firewalls of protection.
High availability.
Load balancing.
MOM integration.
Scalability of functions.
Reduced system cost.

What are the services provided by the Operating System?

Extended services - These are add-on modular software components that are
layered on top of base service.

What is ACID property?

ACID is a term coined by Andrew Reuter in 1983, which stands for Atomicity,
Consistence, Isolation and Durability.

What are stored procedures?

A stored procedure i s named collection of SQL statements and procedural
logic that is compiled, verified and stored in a server database. It is typically
treated like any other database object. Stored procedures accept input
parameters so that a single procedure can be used over the network by
multiple clients using different input data. A single remote message triggers
the execution of a collection of stored SQL statements. The results is a
reduction of network traffic and better performance.

What is wide-mouth frog?

Wide-mouth frog is the simplest known key distribution center (KDC)
authentication protocol.

What is passive topology?

When the computers on the network simply listen and receive the signal,
they are referred to as passive because they don’t amplify the signal in any
way.
Example for passive topology - linear bus.

What is region?
When hierarchical routing is used, the routers are divided into what we call
regions, with each router knowing all the details about how to route packets
to destinations within its own region, but knowing nothing about the internal
structure of other regions.
What is virtual channel?
Virtual channel is normally a connection from one source to one destination,
although multicast connections are also permitted. The other name for
virtual channel is virtual circuit.

Difference between the communication and transmission?

Transmission is a physical movement of information and concern issues like
bit polarity, synchronization, clock etc.
Communication means the meaning full exchange of information between
two communication media.

What is the difference between TFTP and FTP application layer

protocols?
The Trivial File Transfer Protocol (TFTP) allows a local host to obtain files from
a remote host but does not provide reliability or security. It uses the
fundamental packet delivery services offered by UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP /
IP for copying a file from one host to another. It uses the services offered by
TCP and so is reliable and secure. It establishes two connections (virtual
circuits) between the hosts, one for data transfer and another for control
information.

What are the advantages and disadvantages of the three types of

routing tables?
The three types of routing tables are fixed, dynamic, and fixed central. The
fixed table must be manually modified every time there is a change. A
dynamic table changes its information based on network traffic, reducing the
amount of manual maintenance. A fixed central table lets a manager modify
only one table, which is then read by other devices. The fixed central table
reduces the need to update each machine's table, as with the fixed table.
Usually a dynamic table causes the fewest problems for a network
administrator, although the table's contents can change without the
administrator being aware of the change.

What is Beaconing?
The process that allows a network to self-repair networks problems. The
stations on the network notify the other stations on the ring when they are
not receiving the transmissions. Beaconing is used in Token ring and FDDI
networks.

What does the Mount protocol do ?

The Mount protocol returns a file handle and the name of the file system in
which a requested file resides. The message is sent to the client from the
server after reception of a client's request.
What are Digrams and Trigrams?
The most common two letter combinations are called as digrams. e.g. th, in,
er, re and an. The most common three letter combinations are called as
trigrams. e.g. the, ing, and, and ion.

What is the HELLO protocol used for?

The HELLO protocol uses time instead of distance to determine optimal
routing. It is an alternative to the Routing Information Protocol.

What is the minimum and maximum length of the header in the TCP
segment and IP datagram?
The header should have a minimum length of 20 bytes and can have a
maximum length of 60 bytes.

What do you meant by "triple X" in Networks?

The function of PAD (Packet Assembler Disassembler) is described in a
document known as X.3. The standard protocol has been defined between
the terminal and the PAD, called X.28; another standard protocol exists
between the PAD and the network, called X.29. Together, these three
recommendations are often called "triple X".

What is attenuation?
The degeneration of a signal over distance on a network cable is called
attenuation.

What is Protocol Data Unit?

The data unit in the LLC level is called the protocol data unit (PDU). The PDU
contains of four fields a destination service access point (DSAP), a source
service access point (SSAP), a control field and an information field. DSAP,
SSAP are addresses used by the LLC to identify the protocol stacks on the
receiving and sending machines that are generating and using the data. The
control field specifies whether the PDU frame is a information frame (I -
frame) or a supervisory frame (S - frame) or a unnumbered frame (U -
frame).

What are the data units at different layers of the TCP / IP protocol
suite?
The data unit created at the application layer is called a message, at the
transport layer the data unit created is called either a segment or an user
datagram, at the network layer the data unit created is called the datagram,
at the data link layer the datagram is encapsulated in to a frame and finally
transmitted as signals along the transmission media.

What is difference between ARP and RARP?

The address resolution protocol (ARP) is used to associate the 32 bit IP
address with the 48 bit physical address, used by a host or a router to find
the physical address of another host on its network by sending a ARP query
packet that includes the IP address of the receiver.
The reverse address resolution protocol (RARP) allows a host to discover its
Internet address when it knows only its physical address.

What is MAC address?

The address for a device as it is identified at the Media Access Control (MAC)
layer in the network architecture. MAC address is usually stored in ROM on
the network adapter card and is unique.

What is terminal emulation, in which layer it comes?

Telnet is also called as terminal emulation. It belongs to application layer.

What are the types of Transmission media?

Signals are usually transmitted over some transmission media that are
broadly classified in to two categories:-

Guided Media: These are those that provide a conduit from one device to
another that include twisted-pair, coaxial cable and fiber-optic cable. A signal
traveling along any of these media is directed and is contained by the
physical limits of the medium. Twisted-pair and coaxial cable use metallic
that accept and transport signals in the form of electrical current. Optical
fiber is a glass or plastic cable that accepts and transports signals in the
form of light.

Unguided Media: This is the wireless media that transport electromagnetic

waves without using a physical conductor. Signals are broadcast either
through air. This is done through radio communication, satellite
communication and cellular telephony.

What are major types of networks and explain?

Server-based network
Peer-to-peer network

Peer-to-peer network, computers can act as both servers sharing resources

and as clients using the resources.
Server-based networks provide centralized control of network resources and
rely on server computers to provide security and network administration.

What is SAP?
Series of interface points that allow other computers to communicate with
the other layers of network protocol stack.

What is multicast routing?

Sending a message to a group is called multicasting, and its routing
algorithm is called multicast routing.
What is the difference between routable and non- routable
protocols?
Routable protocols can work with a router and can be used to build large
networks. Non-Routable protocols are designed to work on small, local
networks and cannot be used with a router.

What is REX?
Request to Exit (REX) - A signal that informs the controller that someone has
requested to exit from a secure area.

What are the different types of networking / internetworking

devices?
Repeater:
Also called a regenerator, it is an electronic device that operates only at
physical layer. It receives the signal in the network before it becomes weak,
regenerates the original bit pattern and puts the refreshed copy back in to
the link.
Bridges:
These operate both in the physical and data link layers of LANs of same type.
They divide a larger network in to smaller segments. They contain logic that
allow them to keep the traffic for each segment separate and thus are
repeaters that relay a frame only the side of the segment containing the
intended recipient and control congestion.
Routers:
They relay packets among multiple interconnected networks (i.e. LANs of
different type). They operate in the physical, data link and network layers.
They contain software that enable them to determine which of the several
possible paths is the best for a particular transmission. Gateways: They relay
packets among networks that have different protocols (e.g. between a LAN
and a WAN). They accept a packet formatted for one protocol and convert it
to a packet formatted for another protocol before forwarding it. They operate
in all seven layers of the OSI model.

What is redirector?
Redirector is software that intercepts file or prints I/O requests and translates
them into network requests. This comes under presentation layer.

What is packet filter?

Packet filter is a standard router equipped with some extra functionality. The
extra functionality allows every incoming or outgoing packet to be inspected.
Packets meeting some criterion are forwarded normally. Those that fail the
test are dropped.

What is logical link control?

One of two sublayers of the data link layer of OSI reference model, as
defined by the IEEE 802 standard. This sublayer is responsible for
maintaining the link between computers when they are sending data across
the physical network connection.

What is traffic shaping?

One of the main causes of congestion is that traffic is often busy. If hosts
could be made to transmit at a uniform rate, congestion would be less
common. Another open loop method to help manage congestion is forcing
the packet to be transmitted at a more predictable rate. This is called traffic
shaping.

What is NETBIOS and NETBEUI?

NETBIOS is a programming interface that allows I/O requests to be sent to
and received from a remote computer and it hides the networking hardware
from applications.
NETBEUI is NetBIOS extended user interface. A transport protocol designed
by microsoft and IBM for the use on small subnets.

Why should you care about the OSI Reference Model?

It provides a framework for discussing network operations and design.

What is Proxy ARP?

is using a router to answer ARP requests. This will be done when the
originating host believes that a destination is local, when in fact is lies
beyond router.

What is EGP (Exterior Gateway Protocol)?

It is the protocol the routers in neighboring autonomous systems use to
identify the set of networks that can be reached within or via each
autonomous system.

What is IGP (Interior Gateway Protocol)?

It is any routing protocol used within an autonomous system.

What is OSPF?
It is an Internet routing protocol that scales well, can route traffic along
multiple paths, and uses knowledge of an Internet's topology to make
accurate routing decisions.

What is Kerberos?
It is an authentication service developed at the Massachusetts Institute of
Technology. Kerberos uses encryption to prevent intruders from discovering
passwords and gaining unauthorized access to files.

What is SLIP (Serial Line Interface Protocol)?

It is a very simple protocol used for transmission of IP datagrams across a
serial line.
What is Mail Gateway?
It is a system that performs a protocol translation between different
electronic mail delivery protocols.

What is RIP (Routing Information Protocol)?

It is a simple protocol used to exchange information between the routers.

What is NVT (Network Virtual Terminal)?

It is a set of rules defining a very simple virtual terminal interaction. The NVT
is used in the start of a Telnet session.

What is source route?

It is a sequence of IP addresses identifying the route a datagram must follow.
A source route may optionally be included in an IP datagram header.

What is BGP (Border Gateway Protocol)?

It is a protocol used to advertise the set of networks that can be reached
with in an autonomous system. BGP enables this information to be shared
with the autonomous system. This is newer than EGP (Exterior Gateway
Protocol).

What is Gateway-to-Gateway protocol?

It is a protocol formerly used to exchange routing information between
Internet core routers.

What is Project 802?

It is a project started by IEEE to set standards that enable
intercommunication between equipment from a variety of manufacturers. It
is a way for specifying functions of the physical layer, the data link layer and
to some extent the network layer to allow for interconnectivity of major LAN
protocols.
It consists of the following:
802.1 is an internetworking standard for compatibility of different LANs and
MANs across protocols.
802.2 Logical link control (LLC) is the upper sublayer of the data link layer
which is non-architecture-specific, that is remains the same for all IEEE-
defined LANs. Media access control (MAC) is the lower sublayer of the data
link layer that contains some distinct modules each carrying proprietary
information specific to the LAN product being used. The modules are
Ethernet LAN (802.3), Token ring LAN (802.4), Token bus LAN (802.5).
802.6 is distributed queue dual bus (DQDB) designed to be used in MANs.

What is silly window syndrome?

It is a problem that can ruin TCP performance. This problem occurs when
data are passed to the sending TCP entity in large blocks, but an interactive
application on the receiving side reads 1 byte at a time.
What is a Multi-homed Host?
It is a host that has a multiple network interfaces and that requires multiple
IP addresses is called as a Multi-homed Host.

What is autonomous system?

It is a collection of routers under the control of a single administrative
authority and that uses a common Interior Gateway Protocol.

What is the difference between interior and exterior neighbor

gateways?
Interior gateways connect LANs of one organization, whereas exterior
gateways connect the organization to the outside world.

What is MAU?
In token Ring, hub is called Multistation Access Unit (MAU).

Explain 5-4-3 rule?

In a Ethernet network, between any two points on the network, there can be
no more than five network segments or four repeaters, and of those five
segments only three of segments can be populated.

What is difference between baseband and broadband transmission?

In a baseband transmission, the entire bandwidth of the cable is consumed
by a single signal. In broadband transmission, signals are sent on multiple
frequencies, allowing multiple signals to be sent simultaneously.

What is ICMP?
ICMP is Internet Control Message Protocol, a network layer protocol of the
TCP/IP suite used by hosts and gateways to send notification of datagram
problems back to the sender. It uses the echo test / reply to test whether a
destination is reachable and responding. It also handles both control and
error messages.

What is Brouter?
Hybrid devices that combine the features of both bridges and routers

What is frame relay, in which layer it comes?

Frame relay is a packet switching technology. It will operate in the data link
layer.

What is External Data Representation?

External Data Representation is a method of encoding data within an RPC
message, used to ensure that the data is not system-dependent.
What is Bandwidth?
Every line has an upper limit and a lower limit on the frequency of signals it
can carry. This limited range is called the bandwidth.

What protocol is used by DNS name servers?

DNS uses UDP for communication between servers. It is a better choice than
TCP because of the improved speed a connectionless protocol offers. Of
course, transmission reliability suffers with UDP.

What is the range of addresses in the classes of internet addresses?

Class A 0.0.0.0 - 127.255.255.255

Class B 128.0.0.0 - 191.255.255.255
Class C 192.0.0.0 - 223.255.255.255
Class D 224.0.0.0 - 239.255.255.255
Class E 240.0.0.0 - 247.255.255.255

What are the important topologies for networks?

BUS topology:
In this each computer is directly connected to primary network cable in a
single line.
Advantages:
Inexpensive, easy to install, simple to understand, easy to extend.
STAR topology:
In this all computers are connected using a central hub.
Advantages:
Can be inexpensive, easy to install and reconfigure and easy to trouble shoot
physical problems.
RING topology:
In this all computers are connected in loop.
Advantages:
All computers have equal access to network media, installation can be
simple, and signal does not degrade as much as in other topologies because
each computer regenerates it.

Difference between bit rate and baud rate?

Bit rate is the number of bits transmitted during one second whereas baud
rate refers to the number of signal units per second that are required to
represent those bits.
baud rate = bit rate / N
where N is no-of-bits represented by each signal shift.

What is anonymous FTP and why would you use it?

Anonymous FTP enables users to connect to a host without using a valid
login and password. Usually, anonymous FTP uses a login called anonymous
or guest, with the password usually requesting the user's ID for tracking
purposes only. Anonymous FTP is used to enable a large number of users to
access files on the host without having to go to the trouble of setting up
logins for them all. Anonymous FTP systems usually have strict controls over
the areas an anonymous user can access.

What is the difference between an unspecified passive open and a

fully specified passive open?
An unspecified passive open has the server waiting for a connection request
from a client. A fully specified passive open has the server waiting for a
connection from a specific client.

What is virtual path?

Along any transmission path from a given source to a given destination, a
group of virtual circuits can be grouped together into what is called path.

Explain the function of Transmission Control Block?

A TCB is a complex data structure that contains a considerable amount of
information about each connection.

What is a DNS resource record?

A resource record is an entry in a name server's database. There are several
types of resource records used, including name-to-address resolution
information. Resource records are maintained as ASCII files.

What is a pseudo TTY?

A pseudo TTY or false terminal enables external machines to connect
through Telnet or rlogin. Without a pseudo TTY, no connection can take
place.

What is the Network Time Protocol?

A protocol that assures accurate local timekeeping with reference to radio
and atomic clocks located on the Internet. This protocol is capable of
synchronizing distributed clocks within milliseconds over long time periods. It
is defined in STD 12, RFC 1119.

What is mesh network?

A network in which there are multiple network links between computers to
provide multiple paths for data to travel.

What is RAID?
A method for providing fault tolerance by using multiple hard disk drives

What is a Management Information Base (MIB)?

A Management Information Base is part of every SNMP-managed device.
Each SNMP agent has the MIB database that contains information about the
device's status, its performance, connections, and configuration. The MIB is
queried by SNMP.

What is cladding?
A layer of a glass surrounding the center fiber of glass inside a fiber-optic
cable

What is subnet?
A generic term for section of a large networks usually separated by a bridge
or router.

A gateway operates at the upper levels of the OSI model and translates
information between two completely different network architectures or data
formats.

What is point-to-point protocol?

A communications protocol used to connect computers to remote networking
services including Internet service providers.

What are 10Base2, 10Base5 and 10BaseT Ethernet LANs?

10Base2�An Ethernet term meaning a maximum transfer rate of 10
Megabits per second that uses baseband signaling, with a contiguous cable
segment length of 100 meters and a maximum of 2 segments
10Base5�An Ethernet term meaning a maximum transfer rate of 10
Megabits per second that uses baseband signaling, with 5 continuous
segments not exceeding 100 meters per segment.
10BaseT�An Ethernet term meaning a maximum transfer rate of 10
Megabits per second that uses baseband signaling and twisted pair cabling.

What are the possible ways of data exchange?

(i) Simplex
(ii) Half-duplex
(iii) Full-duplex.

What are the two types of transmission technology available?

(i) Broadcast
(ii) point-to-point.

How do I convert a numeric IP address like 192.18.97.39 into a

hostname like java.sun.com?
String hostname = InetAddress.getByName("192.18.97.39").getHostName();

What is DNS?
Domain Name System (DNS) is an Internet Engineering Task Force (IETF)
standard name service that allows your computer to register and resolve
domain names.
The DNS makes it possible to assign domain names to organizations
independent of the routing of the numerical IP address. In other words, DNS
is a system that translates domain names into IP addresses. This is
necessary because computers only make use of IP addresses yet we use only
human readable names since the names are easier to remember than IP
addresses.

What are the seven layers of OSI (Open System Interconnection)

Model?
Layer Name
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

The easiest way to remember the layers of the OSI model is to use the handy
mnemonic
"All People Seem To Need Data Processing":
Layer Name Mnemonic
7 Application All
6 Presentation People
5 Session Seem
4 Transport To
3 Network Need
2 Data Link Data
1 Physical Processing

What is Client/Server Networking?

The term client/server refers to a model utilizing networked client and server
computers and application software. Web, FTP, email, DNS and many other
database applications are client-server systems.

What is Peer-to-Peer Networking?

Peer to peer networks share responsibility for processing data among all of
the connected devices. Peer-to-peer networking (also known simply as peer
networking) differs from client-server networking in several respects.

What Is a Network Name?

A network name is a string that computing devices use to identify a specific
computer network. Network names are typically different from names of
individual computers or the addresses computers use to identify each other.
What Is URL?
URLs (Uniform Resource Locators) identify by name Web servers and
individual Web pages stored on those servers, anywhere on the Internet.

What Is URI?
A URI (Uniform Resource Identifier) names both local and remote Internet
resources similar to URLs.

What Is TCP?
TCP (Transmission Control Protocol) is the main transport protocol utilized in
IP networks.
The TCP protocol exists on the Transport Layer of the OSI Model. The TCP
protocol is a connection-oriented protocol which provides end-to-end
reliability.
By connection-oriented, we mean that before two network nodes can
communicate using TCP, they must first complete a handshaking protocol to
create a connection.
When we say that TCP provides end-to-end reliability, we mean that TCP
includes mechanisms for error detection and error correction between the
source and the destination.
These properties of TCP are in contrast to UDP, which is connectionless and
unreliable. Higher layer protocols which utilize TCP include HTTP, SMTP,
NNTP, FTP, telnet, SSH, and LDAP.

Diagram of the TCP Header

TCP Header Format

-----------------

0 1 2 3
01234567890123456789012345678901
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+

What Is UDP?
User Datagram Protocol or UDP is part of the Internet Protocol suite, using
which, programs running on different computers on a network can send short
messages known as Datagrams to one another. UDP can be used in networks
where TCP is traditionally used, but unlike TCP, it does not guarantee
reliability or the right sequencing of data. Datagrams may go missing
without notice, or arrive in a different order from the one in which they were
sent.

What Is Dynamic DNS?

Dynamic DNS is a technology that allows you to update the IP address of a
domain in real time. In order to fully understand how Dynamic DNS works, it
is important to first understand domain names and name servers.
Essentially, all website domain names are held on computer servers known
as name servers. These servers are used, with the help of a Domain Name
System (DNS) server, to change the domain name into something more
easily recognizable by a computer, an Internet Protocol (IP) Address.

Who/What is Internet Engineering Task Force (IETF)?

The Internet Engineering Task Force (IETF) develops and promotes Internet
standards, cooperating closely with the W3C and ISO/IEC standard bodies
and dealing in particular with standards of the TCP/IP and Internet protocol
suite. It is an open standards organization, with no formal membership or
membership requirements. All participants and managers are volunteers,
though their work is usually funded by their employers or sponsors; for
instance, the current chairperson is funded by VeriSign and the U.S.
government's National Security Agency.

What are LAN and WAN?

A local area network (LAN) is a group of computers and associated devices
that share a common communications line or wireless link. Typically,
connected devices share the resources of a single processor or server within
a small geographic area (for example, within an office building). Usually, the
server has applications and data storage that are shared in common by
multiple computer users. A local area network may serve as few as two or
three users (for example, in a home network) or as many as thousands of
users.

Wide Area Network (WAN) is a computer network that covers a broad

area (i.e., any network whose communications links cross metropolitan,
regional, or national boundaries). This is in contrast with personal area
networks (PANs), local area networks (LANs), campus area networks (CANs),
or metropolitan area networks (MANs) which are usually limited to a room,
building, campus or specific metropolitan area (e.g., a city) respectively. The
largest and most well-known example of a WAN is the Internet. WANs are
used to connect LANs and other types of networks together, so that users
and computers in one location can communicate with users and computers
in other locations. Many WANs are built for one particular organization and
are private. Others, built by Internet service providers, provide connections
from an organization's LAN to the Internet. WANs are often built using leased
lines. At each end of the leased line, a router connects to the LAN on one
side and a hub within the WAN on the other. Leased lines can be very
expensive. Instead of using leased lines, WANs can also be built using less
costly circuit switching or packet switching methods. Network protocols
including TCP/IP deliver transport and addressing functions. Protocols
including Packet over SONET/SDH, MPLS, ATM and Frame relay are often
used by service providers to deliver the links that are used in WANs. X.25
was an important early WAN protocol, and is often considered to be the
"grandfather" of Frame Relay as many of the underlying protocols and
functions of X.25 are still in use today (with upgrades) by Frame Relay.

What is Intrusion Detection System? or IDS

IDS means Intrusion detection system, is software and/or hardware
designed to detect unwanted attempts at accessing, manipulating, and/or
disabling of computer systems, mainly through a network, such as the
Internet. These attempts may take the form of attacks, as examples, by
crackers, malware and/or disgruntled employees. IDS cannot directly detect
attacks within properly encrypted traffic. An intrusion detection system is
used to detect several types of malicious behaviors that can compromise the
security and trust of a computer system. This includes network attacks
against vulnerable services, data driven attacks on applications, host based
attacks such as privilege escalation, unauthorized logins and access to
sensitive files, and malware ("viruses, trojan horses, and worms).
IDS can be composed of several components: Sensors which generate
security events, a Console to monitor events and alerts and control the
sensors, and a central Engine that records events logged by the sensors in a
database and use a system of rules to generate alerts from security events
received. There are several ways to categorize IDS depending on the type
and location of the sensors and the methodology used by the engine to
generate alerts. In many simple IDS implementations all three components
are combined in a single device or appliance.

What Is Malware?
Malware, short for malicious software, is software designed to infiltrate a
computer without the owner's informed consent. The expression is a general
term used by computer professionals to mean a variety of forms of hostile,
intrusive, or annoying software or program code.[1] The term "computer
virus" is sometimes used as a catch-all phrase to include all types of
malware, including true viruses.

Software is considered malware based on the perceived intent of the creator

rather than any particular features. Malware includes computer viruses,
worms, Trojan horses, most rootkits, spyware, dishonest adware, crimeware
and other malicious and unwanted software. In law, malware is sometimes
known as a computer contaminant, for instance in the legal codes of several
U. S. states, including California and West Virginia.

What are Computer Viruses?

Computer viruses are programs written by "mean" people. These virus
programs are placed into a commonly used program so that program will run
the attached virus program as it boots, therefore, it is said that the virus
"infects" the executable file or program. Executable files include Macintosh
"system files" [such as system extensions, INITs and control panels] and
application programs [such as word processing programs and spreadsheet
programs.] Viruses work the same ways in Windows or DOS machines by
infecting zip or exe files.
A virus is inactive until you execute an infected program or application OR
start your computer from a disk that has infected system files. Once a virus
is active, it loads into your computer's memory and may save itself to your
hard drive or copies itself to applications or system files on disks you use.
Some viruses are programmed specifically to damage the data on your
computer by corrupting programs, deleting files, or even erasing your entire
hard drive. Many viruses do nothing more than display a message or make
sounds / verbal comments at a certain time or a programming event after
replicating themselves to be picked up by other users one way or another.
Other viruses make your computer's system behave erratically or crash
frequently. Sadly many people who have problems or frequent crashes using
their computers do not realize that they have a virus and live with the
inconveniences.

What is Trojan horse (Computing)?

A Trojan horse, or Trojan for short, is a term used to describe malware that
appears, to the user, to perform a desirable function but, in fact, facilitates
unauthorized access to the user's computer system. The term comes from
the Trojan horse story in Greek mythology. Trojan horses are not self-
replicating which distinguishes them from viruses and worms. Additionally,
they require interaction with a hacker to fulfill their purpose. The hacker
need not be the individual responsible for distributing the Trojan horse. It is
possible for hackers to scan computers on a network using a port scanner in
the hope of finding one with a Trojan horse installed.

What are Computer Worms?

A computer worm is a self-replicating computer program. It uses a network
to send copies of itself to other nodes (computers on the network) and it may
do so without any user intervention. Unlike a virus, it does not need to attach
itself to an existing program. Worms almost always cause at least some
harm to the network, if only by consuming bandwidth, whereas viruses
almost always corrupt or devour files on a targeted computer.

What Is Network layer? The network layer attempts to deliver packets

from a node on one network segment to another node that may be on
another network segment. All network layer protocols use a header that
includes both a source and destination address. Network layer addresses
consist of two parts: A network segment prefix which identifies the network
segment and a node suffix, which identifies the node on the segment.

An IP version 4 address is a total of 32 bits. The division of bits between the

network segment prefix and the node varies. The network segment prefix is
divided into 2 parts: The network number which is unique in the world and a
subnet number with is assigned at the campus level.

An IP version 6 address is a total of 128 bits. The division between network

segment prefix and node suffix will vary. The node suffix will be at least 48
bits to allow using an Ethernet address as the node suffix.

An IPX address is a total of 80 bits. 32 bits is used for the network number
and 48 bits is used for the node number. In most cases the node number is
the Ethernet address. Since we do not participate in a global IPX network, the
network number is assigned at the campus level. The convention for IPX
network numbers on the Madison campus is that the IPX network number is
an IP address on the same network segment.

An Appletalk address is a total of 24 bits. 16 bits are used for the network
number and 8 bits for the node number. The node number is chosen
automatically at random from the node numbers that are not in use at the
time the node starts up, so the node number may vary across startups.

The network layer does not guarantee delivery of packets. Packets may be
dropped due to transmission errors, network congestion, an unknown
address, or other reasons.
What is IP Address Spoofing?
IP address spoofing means generating IP packets/ data with fake IP
addresses.

What Is Client/Server Architecture

A Client/Server Architecture also known as Network architecture, where Each
System / Computer / Process on the network are known as either a client or a
Server?
Servers are more powerful than the client systems they manage disk drives
(file servers), printers (print servers), or network traffic (network servers).
Clients are known as PCs or Workstations on which users run applications.
Clients rely on servers for resources, such as files, devices, and even
processing power.
Another type of network architecture is known as a peer-to-peer architecture
because each node has equivalent responsibilities. Both client/server and
peer-to-peer architectures are widely used, and each has unique advantages
and disadvantages. Client-server architectures are sometimes called two-tier
architectures.

What are Networking Devices?

• Gateway: device sitting at a network node for interfacing with another

network that uses different protocols. Works on OSI layers 4 to 7.
• Router: a specialized network device that determines the next
network point to which to forward a data packet toward its destination.
Unlike a gateway, it cannot interface different protocols. Works on OSI
layer 3.
• Bridge: a device that connects multiple network segments along the
data link layer. Works on OSI layer 2.
• Switch: a device that allocates traffic from one network segment to
certain lines (intended destination(s)) which connect the segment to
another network segment. So unlike a hub a switch splits the network
traffic and sends it to different destinations rather than to all systems
on the network. Works on OSI layer 2.
• Hub: connects multiple Ethernet segments together making them act
as a single segment. When using a hub, every attached device shares
the same broadcast domain and the same collision domain. Therefore,
only one computer connected to the hub is able to transmit at a time.
Depending on the network topology, the hub provides a basic level 1
OSI model connection among the network objects (workstations,
servers, etc). It provides bandwidth which is shared among all the
objects, compared to switches, which provide a dedicated connection
between individual nodes. Works on OSI layer 1.
• Repeater: device to amplify or regenerate digital signals received
while setting them from one part of a network into another. Works on
OSI layer 1.
Some hybrid network devices:

• Multilayer Switch: a switch which, in addition to switching on OSI

layer 2, provides functionality at higher protocol layers.
• Protocol Converter: a hardware device that converts between two
different types of transmissions, such as asynchronous and
synchronous transmissions.
• Bridge Router (Brouter): Combine router and bridge functionality
and are therefore working on OSI layers 2 and 3.
• Digital media receiver: Connects a computer network to a home
theatre

Hardware or software components that typically sit on the

connection point of different networks, e.g. between an internal
network and an external network:

• Proxy: computer network service which allows clients to make indirect

network connections to other network services
• Firewall: a piece of hardware or software put on the network to
prevent some communications forbidden by the network policy.
• Network Address Translator: network service provide as hardware
or software that converts internal to external network addresses and
vice versa

Other hardware for establishing networks or dial-up connections:

• Multiplexer: device that combines several electrical signals into a

single signal
• Network Card: a piece of computer hardware to allow the attached
computer to communicate by network
• Modem: device that modulates an analog "carrier" signal (such as
sound), to encode digital information, and that also demodulates such
a carrier signal to decode the transmitted information, as a computer
communicating with another computer over the telephone network
• ISDN terminal adapter (TA): a specialized gateway for ISDN
• Line Driver: a device to increase transmission distance by amplifying
the signal. Base-band networks only.

What is FSB? In personal computers, the front-side bus (FSB) is the bus
that carries data between the CPU and the Northbridge

What are Vcore and Vi/o?

Vcore is the Voltage for the CPU core; Vio is the Voltage for the
Chipset, RAM and AGP slot
On what type of socket can you install a Pentium 4 CPU? Socket 478
(mPGA478B) is a Pin Grid Array (PGA) socket for microprocessors based on
Intel NetBurst architecture. This socket was introduced in August 2001 as
replacement for short-lived socket 423. The socket 478 supports desktop
and mobile Pentium 4 and Celeron processors from 1.4 GHz to 3.46 GHz
with effective front-side bus frequencies 400 MHz - 1066 MHz (100 MHz -
266 MHz QDR). This socket was phased out in favor of socket 775 (LGA775).

What is SMP?
In computing, symmetric multiprocessing or SMP involves a multiprocessor
computer-architecture where two or more identical processors can connect
to a single shared main memory. Most common multiprocessor systems
today use SMP architecture. In case of multi-core processors, the SMP
architecture applies to the cores, treating them as separate processors

Which Intel and AMD processors support SMP?

How do LGA sockets differ from PGA and SEC?

What is the difference between Pentium 4 and Pentium Core 2

Duo? Explain the new technology.

How does IRQ priority works?

What technology enables you to upgrade your computer's BIOS by

simply using a software?

What happens if you dissemble the battery located on the Mother-

Board?

How do L1, L2, and L3 work?

How should we install RAM on a Dual-Channel Motherboard?

What is the advantage of serial over parallel bus?

Is USB using serial or parallel bus? What about Firewire?

How much power is supplied to each USB port?

When should you change your bus-powered USB hub to a self-

powered USB hub?

What is a UPS?

What is the difference between standby and online UPS?

What is LBA (in Hard-Disks)?

How many Hard Disks can you install on an E-IDE controller?

Can you configure two hard disks to use the Master setting on the
same PC?

What is the difference between Narrow-SCSI and Wide-SCSI?

What is SAS?

What are the three main reasons for using RAID?

Is RAID 0 considered to be a redundant Solution? Why?

How many disks can be used for RAID 1?

How RAID 5 works?

What is the smallest number of disks required for RAID5?

What other types of RAID do you know?

What are the six steps for laser printing?

What is the difference between PCI-EX x1 and PCI-EX x16?

Microsoft-based Operating Systems

What is the difference between a workgroup and a domain?

What are the major advantages of working in a domain model?

What types of operating system installation methods do you know?

What is an answer file?

How would you create an answer file for Windows XP? How would
you create one for Windows Vista?

How do you perform an unattended installation on Windows XP?

What is Sysprep?

How do you use Sysprep?

What is the major difference between Newsid and Sysprep?

What is the function of the pagefile.sys file?

What is the function of the hiberfil.sys file?

What is the Registry?

How can you edit the Registry? Name at least 3 ways of doing that.

What should you do if you receive a message stating: "The

following file is missing or corrupt:
'WINDOWS'SYSTEM32'CONFIG'SYSTEM"?

How would you repair an unsuccessful driver update?

When should you use each of the fallowing tools: System Restore,
LKGC and Recovery Console?

How do you set different print priority for different users?

How can you reset user's passwords if you don't know his current
password?

What's the difference between changing a user's password and

resetting it?

You want to grant a user the right to perform backups – should you
add him to the administrators group?

What is MMC?

What is gpedit.msc?

How would you use the MMC to manage other servers on your
network?

You set a local policy for your Stand-alone XP Professional – would

the local policy effects the administrators group?

What new in the Windows Vista Local Policy?

What is the difference between User Privileges and User
Permissions?

What is Safe Mode?

Which logs can be found in Event Viewer?

What is msconfig? On which OS can it be found?

Can you upgrade XP Home Edition to Server 2003?

Which permission will you grant a user for a folder he need to be

able to create and delete files in, if you do not want him to be able
to change permissions for the folder?

What is the difference between clearing the "allow" permission and

checking the "deny"?

Networking

What is a NIC?

What is a MAC Address?

When would you use a crosslink cable?

What are the main advantages and disadvantages of Fiber-Optic-

based networks?

What is the difference between a Hub and a Switch?

On which OSI layer can a router be found?

What is CSMA/CD?

What is multicast?

What is Broadcast?

What is the difference between TCP and UDP?

Describe some of the settings that are added by TCP and by UDP to
the packet's header.

What are TCP Ports? Name a few.

What is a TCP Session?

What three elements make up a socket?

What will happen if you leave the default gateway information

empty while manually configuring TCP/IP?

What will happen if you execute the following command: "arp –d *"?

What is ICMP?

When would you use the ping command with the "-t" switch?

What command-line tool would help you discover for which port
numbers your computer is listening?

What is APIPA? How would you recognize it?

What is a Cyclic Redundancy Check?

What would you type in at a command prompt to view the IP
settings for the computer that you are sitting at?

What command would you type in at a command prompt to view

the IP address of the remote computer?

What is the W Value for class B?

What is the Net ID of an IP Address of 18.9.25.3 with Subnet Mask

of 255.0.0.0?

What is CIDR?

What is 255.255.255.255 used for?

What is the maximum number of hosts for a Class B Network?

What is the (default) class type of 195.152.12.1?

What is the subnet mask for 10.0.10.1/17?

What is the result when changing from a subnet mask of

255.255.224.0 to a subnet mask of 255.255.240.0?

How can you access a shared folder from a remote computer?

Name at least 3 methods.