Cisco 1 Final Exam Study Guide Fall 2010

1. List and describe the steps a computer goes through to obtain an IP address through DHCP:

The client broadcasts a DHCP DISCOVER packet to identify any available DHCP
servers on the Network. A DHCP server replies with a DHCP OFFER, which is a lease
offer message with an assigned IP Address, subnet mask, DNS server, and default
gateway information as well as the duration of the lease. The client will then broadcast a
DHCP REQUEST packet that identifies the DHCP server and lease offer that it is
accepting. Assuming that the IP address requested by the client, or offered by the server,
is still valid, the chosen server would return a DHCP ACKNOWLEDGMENT message.
The ACK message lets the client know that the lease is finalized.

2. List when you would want to apply static versus dynamic addressing and provide two
advantages and disadvantages of each:

Static addresses are preferred when setting up Network printers, servers, and other
Network devices that need to be accessible to clients on the network. If hosts normally
access a server at a particular IP address, it would not be good if that address changed.

Static Advantages:

1. Provides increased control of Network resources.

2. The addresses used are permanent and allow for an easier solution when tracking
Network Traffic problems.

Static Disadvantages:

1. Entering the information manually on each host can be very time-consuming.

2. Host only performs basic error checks on the IP address, therefore, errors are
more likely to occur.

Dynamic Advantages:

1. It reduces the burden on Network staff of having to manually assign all Network
configuration information and virtually eliminates entry errors.
2. Provides IP settings for home and small business users who may lack the
knowledge necessary to properly configure these settings manually.

Dynamic Disadvantages:

1. Can pose a security risk because any device connected to the Network can
receive IP address configuration information.
2. If assigned to servers, network printers, or other Network devices that are
frequently accessed, the IP address will change and the request will be sent to the
wrong destination.
3. What is ANDing? How does a router use ANDing?

ANDing is one of three basic binary operations used in digital logic. ANDing yields the
following results: 1 & 1 = 1, 1 & 0 = 0, 0 & 1 = 0, 0 & 0 = 0.
Routers use ANDing to determine an acceptable route for an incoming packet. The
router checks the destination address and attempts to associate this address with a next
hop. The router performs ANDing on the IP destination address in the incoming packet
and with the subnet mask of potential routes. This yields a Network address that is
compared to the route from the routing table whose subnet mask was used.

5. What is NAT and how does it correlate with private address range:

Because private addresses are not allowed on the internet, a process is needed for
translating private addresses into unique public addresses to local clients to
communicate on the Internet. The process used to convert private addresses to Internet
route-able addresses is called Network Address Translation (NAT). With NAT, a private
source IP address (local address) is translated to a public address (global address). The
process is reversed for incoming packets.

6. TCP: How does 3 way handshake work and windowing:

1. The initiating client sends a segment containing an initial sequence value, which
serves as a request to the server to begin a communications session.
2. The server responds with a segment containing an acknowledgment value equal
to the received sequence plus 1, plus its own synchronizing sequence value. The
acknowledgment value is 1 greater than the sequence number because there is no
data contained to be acknowledged. This acknowledgment value enables the
client to tie the response back to the original segment that it sent to the server.
3. The initiating client responds with an acknowledgment value equal to the
sequence value it received plus 1. This completes the process of establishing the
connection.

STEP 1: A TCP client sends a segment with the SYN control flag set, indicating an
initial value in the sequence number field in the header.

STEP 2: The server sends a segment back to the client with the ACK flag set,
indicating that the acknowledgment number is significant. With this flag
set in the segment, the client recognizes this as an acknowledgment that
the server received the SYN from the TCP client.

STEP 3: The TCP client responds with a segment containing an ACK that it is the
response to the TCP SYN sent by the server. This segment does not
include any user data. The value in the acknowledgment number field
contains one more than the ISN received from the server. After both
sessions are established between client and server, all additional segments
exchanged in this communication will have the ACK flag set.
7. TCP vs UDP, What are the differences:

TCP (Transmission Control Protocol) is a connection-oriented protocol, a protocol that

guarantees reliable and in-order delivery of data from sender to receiver.

UDP (User Datagram Protocol) is a simple, connectionless protocol. It provides low-

overhead data delivery that offers no error detection or retransmission. UDP sends
datagrams as “best effort”.

8. Know some Application protocol to port #'s:

HTTP: Port 80
FTP: Port 21 to establish, then Port 20 to transfer
SMTP: Port 25
POP3: Port 110
IMAP4: Port 143

Well Known Ports: 0 – 1,023

Destination ports that are associated with common Network
application.

Registered Ports: 1,024 – 49,151

Organizations can use these ports to register specific applications
such as IM software.

Private Ports: 49,152 – 65,535

Often used as source ports. Any application can use these ports.

9. Compare and contrast 802.11 a, b, g, and n:

802.11a: Uses 5 GHz RF spectrum

Maximum data rate of 54 Mbps
Not compatible with 2.4 GHz spectrum. (b/g/n devices)
Range is approximately 33% that of 802.11b/g
Relatively expensive to implement compared to other technologies
Increasingly difficult to find 802.11a compliant equipment

802.11b: First of the 2.4 GHz technologies

Maximum data rate of 11 mbps
Range of approximately 150 feet (46m) indoors / 300 feet (96m) outdoors

802.11g: Uses the 2.4 GHz RF band

Maximum data rate of 54 Mbps
Backward compatible with 802.11b
 802.11n: Newest standard
Specifies support for both 2.4 GHz and 5 GHz technologies
Extends the range and data throughput
Uses multiple antennas, wide channels, and multiple-input multiple-
output (MIMO) technology
Designed to be backwards compatible with existing a/b/g equipment

10. Which is the preferred wireless encryption method:

WPA, unlike WEP, generates new, dynamic keys each time a client establishes a
connection with the AP. For this reason, WPA is considered more secure than WEP
because it is significantly more difficult to crack.

11. How does RTS work and why is it needed:

In some circumstances, stations might not be within range of the transmitting station and
are not able to detect the transmission. In cases such as this, RTS/CTS comes into play.
With RTS/CTS, a device that requires use of a specific communication channel in a BSS
asks permission from the AP. This is known as a Request To Send (RTS). If the channel
is available, the AP will respond to the device with a Clear to Send (CTS) message
indicating that the device may transmit on the channel. This method is used for collision
avoidance. (CSMA/CD Carrier Sense Multiple Access/Collision Detection).

12. Basic and advanced security measures:

1. Change default values for the SSID, user names and passwords
2. Disable remote management to prevent access from external networks
3. Allow communications to the device only through secure protocols
4. Disable broadcast SSID
5. Configure MAC address filtering
6. Configure encryption using WEP or WPA

13. Hack attacks can threaten your network in what ways:

1. Information Theft: Breaking into a computer to obtain confidential information.

Information can be used or sold for various purposes. An example is stealing an
organizations proprietary information, such as research and development
information. A hacker who has gained access to the network might also obtain
information by intercepting data as it is transmitted.
2. Identity Theft: A form of information theft where personal information is stolen
for the purpose of taking over someones identity. Using this information, an
individual can obtain legal documents, apply for credit, and make unauthorized
online purchases. Identity theft is a growing problem costing billions of dollars a
year.
3. Data Loss / Manipulation: Breaking into a computer to destroy or alter data
records. An example of data loss is a virus that reformats a computer's hard
drive. An example of data manipulation is breaking into a records system to
change information, such as the price of an item.
4. Disruption of Service: Preventing legitimate users from accessing services to
 which they should be entitled. Examples include Denial of Service (DoS) attacks
to servers, Network devices, or Network communication links.

14. Given a small company such as the one in Project AnyCompany, describe 5 security techniques
you would have setup for them to assure security remotely and internally:

1. Anti-Spyware: Software installed on an end-user workstation to detect and

remove spyware and adware.
2. Spam Filter: Software installed on an end-user workstation or server to identify
and remove unwanted emails.
3. Pop-Up Blocker: Software installed on an end-user workstation to prevent pop-
up and pop-under advertisement windows from displaying.
4. Patched and Updates: Software applied to an OS or Application to correct a
known security vulnerability or add functionality.\
5. Anti-Virus: Software installed on an end-user workstation or server to detect and
remove viruses, worms, and Trojan horses from files and email.

15. What are recommended practices to mitigate risks:

1. Define security policies.

2. Physically secure servers and Network equipment.
3. Set log-in and file access permissions.
4. Update OS and Applications.
5. Change permissive default Network device and host settings.
6. Run anti-virus and anti-spyware software.
7. Update anti-virus software files.
8. Activate browser tools – pop-up blockers, anti-phishing, plug-in monitors.
9. Use a firewall.

16. What can cause wireless hosts not to connect to a WAP:

1. If the SSID is different on the WAP and the Station.

2. If the host has a different PSK than the one configured on the WAP.
3. If MAC filtering is setup and the MAC is either not on the list or entered wrong
4. The wireless card is turned off.
5. The Station is out of range of the WAP to receive a signal.
6. Station may not be using the same wireless standard as the WAP.

17. What makes up good troubleshooting documentation:

1. Statement of initial problem

2. The steps taken to isolate the problem
3. The results of all the steps taken, both successful and unsuccessful
4. Statement of the final determined cause of the problem
5. Statement of the final problem resolution
6. A list of future preventive measures
18. Scenario – A novice user calls in to you at the help-desk and says they can't access the internet.
What troubleshooting approach would you use to solve the problem? Give some examples of
what you would step them through:

I would use the Bottom-Up approach to solve this users problem. (This scenario is
assuming a home user on a broadband isp. Ex; Road Runner)

1. I would ask this user to look and make sure that all cables are plugged into the
proper ports.
2. If cables are plugged in, I would have them look to see if their ISP modem is
powered on and to make sure that the proper indicator lights are on.
3. I would have them reset the ISP modem by unplugging for 90 seconds.
4. In unsuccessful, I would now have the user go to run; cmd; and type in
IPCONFIG to see if they have an IP configuration.
5. If none is present, I would have them type in IPCONFIG /RENEW
6. If unsuccessful, guide them to internet settings; * never dial a connection; LAN
settings; automatically detect proxy settings. Repeat step 4.
7. If unsuccessful, guide them to Network places; NIC properties, TCP/IP
properties, and select DHCP settings. Repeat step 4.
8. If unsuccessful, I would proceed to ping their ISP modem to ensure that it is
functioning properly. If unsuccessful, set up service call.

19. List 4 software tools you would use to troubleshoot a computer accessing he Internet and how
these tools would help you diagnose problems:

1. IPCONFIG: This utility displays IP configuration information including IP

address, subnet mask, default gateway, and DNS server information. If this
information is not displayed further looking into will be needed.
2. TRACERT: This utility displays the route a packet takes to it's destination. Each
router that the packet passes through is known as a hop. If a hop comes back
timed-out than it usually indicates an issue with that router.
3. PING: This utility is used to test connections to other IP hosts. If a ping fails than
there is usually a configuration issue or faulty hardware.
4. NETSTAT: This utility is used to display network connections. If a host fails to
appear on a NETSTAT query than the host may be improperly configured on the
Network.
 20. Subnet problem: Given network 198.16.3.0/24 subnet this to support 3 networks with 52 hosts
per subnet (you can assume subnet 0 usage). Show work. Include the new subnet mask, and
make a chart listing the networks, usable addresses and broadcast address:

1. Number of needed subnets: 3

2. Number of usable hosts: 52
3. Network address: 198.16.3.0/24

a. Address Class: C
b. Default Subnet Mask: 255.255.255.0
c. Custom Subnet Mask: 255.255.255.192/26
d. Total Number of Subnets: 4
e. Total Number of Host Addresses: 64
f. Number of usable addresses: 62
g. Number of Bits Borrowed: 2

2-4 number of subnets

128-64 number of host addresses
198.16.3. 0 0 | 000000 binary value

2 bits borrowed 128+64=192 custom subnet mask

2/\2=4 total subnets 2/\6= 64 total host bits
-2
62 usable host addresses

Subnet A: Network: 198.16.3.0

Usable Range: 198.16.3.1 – 198.16.3.62
Broadcast: 198.16.3.63

Subnet B: Network: 198.16.3.64

Usable Range: 198.16.3.65 – 198.16.3.126
Broadcast: 198.16.3.127

Subnet C: Network: 198.16.3.128

Usable Range: 198.16.3.129 – 198.16.3.190
Broadcast: 198.16.3.191