The best free certification study guides, practice tests and forums!

Join Us! | Login | Help

SEARCH

Home | Exam Details | Free Tests | Study Guides | Glossary | Articles | Books & Training | Forums | Career & Jobs
Certifications Sponsor
Microsoft
CompTIA
Cisco
CIW
LPI
Red Hat
IBM Network+ Study Guide (N10-004)
Site Tools
This is our free study guide for CompTIA's Netw ork+ certification exam (N10-004). If you w ould like to report an
Free Magazines error or contribute additional information, please use the contact link at the bottom of the site, or post in our
White Papers Training Picks
forums. W e hope you find this guide useful in your studies.
Top Sites K Alliance Training
Contributors
Site Map Domain 1.0: Network T echnologies Videos by K Alliance.
Certification training
FAQ videos for MCTS,
Domain 1.1: Common Networking Protocols MCITP, O racle
O CA/O CP, A+, CCNA,
TCP - TCP breaks data into manageable packets and tracks information such as source and destination of RHCE and m ore. O ur
Practice Tests packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. e-learning courses
IP - This is a connectionless protocol, w hich means that a session is not created before sending data. IP is com e with 24/7 online
responsible for addressing and routing of packets betw een computers. It does not guarantee delivery and m entoring. Click Here
to view our free online
does not give acknow ledgement of packets that are lost or sent out of order as this is the responsibility of training videos.
higher layer protocols such as TCP.
UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. EDULEARN
ICMP - Internet Control Message Protocol enables systems on a TCP/IP netw ork to share status and error Certification Training
information such as w ith the use of PING and TRACERT utilities. O nline on Videos:
SMTP - Used to reliably send and receive mail over the Internet. Microsoft MCSE
Training, A+
FTP - File transfer protocol is used for transferring files betw een remote systems. Must resolve host name to Certification, MCITP, &
IP address to establish communication. It is connection oriented (i.e. verifies that packets reach destination). Free dem os. MCSE
TFTP - Same as FTP but not connection oriented. certification training
Forum Stats ARP - provides IP-address to MAC address resolution for IP packets. A MAC address is your computer's includes sim ulators
Users online unique hardw are number and appears in the form 00-A0-F1-27-64-E1 (for example). Each computer stores and labs.
total users: 171 an ARP cache of other computers ARP-IP combinations.
POP3 - Post Office Protocol. A POP3 mail server holds mail until the w orkstation is ready to receive it. More Training
Last Post IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for accessing e-mail from your
What is your internet
speed ! local server. IMAP (the latest version is IMAP4) is a client/server protocol in w hich e-mail is received and held
by labdulla for you by your Internet server.
Sep. 12, 2014 06:14 TELNET - Provides a virtual terminal or remote login across the netw ork that is connection-based. The
remote server must be running a Telnet service for clients to connect.
Board statistics HTTP - The Hypertext Transfer Protocol is the set of rules for exchanging files (text, graphic images, sound,
W e have a total of video, and other multimedia files) on the W orld W ide W eb. It is the protocol controlling the transfer and
90499 posts! addressing of HTTP requests and responses.
Links HTTPS - Signifies that a w eb page is using the Secure Sockets Layer (SSL) protocol and is providing a secure
connection. This is used for secure internet business transactions.
TechTutorials NTP - Netw ork Time Protocol is a protocol that is used to synchronize computer clock times in a netw ork of
CertifyPro computers.
Certnotes SNMP - Stands for Simple Netw ork Management Protocol and is used for monitoring and status information
A+ Tutorials on a netw ork. SNMP can be used to monitor any device that is SNMP capable and this can include computers,
printers, routers, servers, gatew ays and many more using agents on the target systems. The agents report
information back to the management systems by the use of “traps” w hich capture snapshot data of the
system. This trap information could be system errors, resource information, or other information. The SNMPv2
standard includes enhancements to the SNMPv1 SMI-specific data types, such as including bit strings,
netw ork addresses, and counters. In SNMPv3 security w as addressed. Because all of the trap information
sent w as in clear text, any monitoring information being sent and collected for operational purposes could
also be pulled off the w ire by a malicious person
SIP – Stands for Session Initiation Protocol and is a signaling protocol, w idely used for controlling multimedia
communication sessions such as voice and video calls over Internet Protocol (IP). Other feasible application
examples include video conferencing, streaming multimedia distribution, instant messaging, presence
information and online games. The protocol can be used for creating, modifying and terminating tw o-party
(unicast) or multiparty (multicast) sessions consisting of one or several media streams. The modification can
involve changing addresses or ports, inviting more participants, adding or deleting media streams, etc.
RTP – Real-time Transport Protocol is the audio and video protocol standard used to deliver content over the
Internet. RTP is used in conjunction w ith other protocols such as H.323 and RTSP.
IGMP – Internet Group Management Protocol is used to manage Internet Protocol multicast groups. IP hosts
and adjacent multicast routers use IGMP to establish multicast group memberships. IGMP is only needed for
IPv4 netw orks, as multicast is handled differently in IPv6 netw orks.
TLS - Transport Layer Security is a cryptographic protocol that provides security for communications over
netw orks such as the Internet. TLS and SSL encrypt the segments of netw ork connections at the Transport
Layer end-to-end. Several versions of the protocols are in w ide-spread use in applications like w eb
brow sing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).

Domain 1.2: Identify Commonly Used TCP/UDP Ports

Ports are w hat an application uses w hen communicating betw een a client and server computer. Some common
ports are:

Protocol Type Number

FTP TCP 20,21
SSH TCP 22
TELNET TCP 23
SMTP TCP 25
DNS TCP/UDP 53

DHCP UDP 67
TFTP UDP 69
HTTP TCP 80

converted by W eb2PDFConvert.com
HTTP TCP 80
POP3 TCP 110
NTP TCP 123
IMAP4 TCP 143
SNMP UDP 161
HTTPS TCP 443

Domain 1.3: Identify the Following Address Formats

IPv4 - Every IP address can be broken dow n into 2 parts, the Netw ork ID(netid) and the Host ID(hostid). All hosts
on the same netw ork must have the same netid. Each of these hosts must have a hostid that is unique in relation
to the netid. IP addresses are divided into 4 octets w ith each having a maximum value of 255. W e view IPv4
addresses in decimal notation such as 124.35.62.181, but it is actually utilized as binary data.
IP addresses are divided into 3 classes as show n below :

Class Range
A 1-126
B <128-191
C 192-223

NOTE: 127.x.x.x is reserved for loopback testing on the local system and is not used on live systems. The follow ing
address ranges are reserved for private netw orks:
10.0.0.0 - 10.254.254.254
172.16.0.0 - 172.31.254.254
192.168.0.0 - 192.168.254.254

IPv6 - The previous information on TCP/IP has referred to IPv4, how ever, this addressing scheme has run out of
available IP addresses due to the large influx of internet users and expanding netw orks. As a result, the pow ers
that be had to create a new addressing scheme to deal w ith this situation and developed IPv6. This new
addressing scheme utilizes a 128 bit address (instead of 32) and utilizes a hex numbering method in order to avoid
long addresses such as 132.64.34.26.64.156.143.57.1.3.7.44.122.111.201.5. The hex address format w ill appear
in the form of 3FFE:B00:800:2::C for example.
MAC Addressing - Also know n as hardw are address or ethernet address, A MAC address is a unique code
assigned to most netw orking hardw are. The hardw are is assigned a unique number by the manufacturer and the
address is permanently assigned to the device. MAC Addresses are in a 48-bit hexidecimal format such as
00:2f:21:c1:11:0a. They are used to uniquely identify a device on a netw ork, and for other functions such as for
being authenticated by a DHCP server. For more information, read MAC Addressing Formats And Broadcasts.

Domain 1.4: Proper Use of Addressing Technologies

Subnetting - IP addresses can be class A, B or C. Class A addresses are for netw orks w ith a large number of hosts.
The first octet is the netid and the 3 remaining octets are the hostid. Class B addresses are used in medium to
large netw orks w ith the first 2 octets making up the netid and the remaining 2 are the hostid. Class C is for smaller
netw orks w ith the first 3 octets making up the netid and the last octet comprising the hostid. The Netw ork ID and
the Host ID are determined by a subnet mask. The default subnet masks are as follow s:

Class Default Subnet Subnets Hosts Per Subnet

Class A 255.0.0.0 126 16,777,214
Class B 255.255.0.0 16,384 65,534
Class C 255.255.255.0 2,097,152 254

W hat if you w anted more than 1 subnet? Subnetting allow s you to create multiple logical netw orks that exist w ithin
a single Class A, B, or C netw ork. If you don't subnet, you w ill only be able to use one netw ork from your Class A,
B, or C netw ork. W hen subnetting is employed, the multiple netw orks are connected w ith a router w hich enables
data to find its w ay betw een netw orks. On the client side, a default gatew ay is assigned in the TCP/IP properties.
The default gatew ay tells the client the IP address of the router that w ill allow their computer to communicate w ith
clients on other netw orks.
Classful versus Classless addressing – the original TCP/IP addressing method described above w as called classful
addressing w hich w orked by dividing the IP address space into chunks of different sizes called classes. Classless
addressing is referred to as Classless Inter-Domain Routing (CIDR) and is done by allocating address space to
Internet service providers and end users on any address bit boundary, instead of on 8-bit segments. So
172.16.50.0 does not have to use the standard subnet mask of 255.255.0.0 w hich makes a Class B address space
and w hich also puts it on the same netw ork as 172.16.51.0 using the subnet mask of 255.255.0.0. (W ith classful
addressing, our example has 172.16 as the netw ork name and the 50.0 and 51.0 ranges are both part of the same
host naming convention). Instead, by using classless addressing 172.16.50.0/24 puts these systems on a different
netw ork than 172.16.51.0/24 because the netw ork names here are 172.16.50 and 172.16.51 w hich are different.
NAT - NAT stands for Netw ork Address Translation and is a commonly used IP translation and mapping technology.
Using a device (such as a router) or piece of softw are that implements NAT allow s an entire home or office netw ork
to share a single internet connection over a single IP address. A single cable modem, DSL modem, or even 56k
modem could connect all the computers to the internet simultaneously. Additionally, NAT keeps your home netw ork
fairly secure from hackers. NAT is built in to the most common Internet Connection Sharing technologies.
PAT – Port Address Translation is a feature of a netw ork device that translates TCP or UDP communications made
betw een hosts on a private netw ork and hosts on a public netw ork. It allow s a single public IP address to be used
by many hosts on a private netw ork.

SNAT – Secure Netw ork Address Translation an extension of the standard Netw ork Address Translation (NAT)
service. SNAT is done through one to one IP address translation of one internal IP address to one external IP
address w here NAT is effectively one external address to many internal IP addresses.

DHCP - Dynamic Host Configuration Protocol provides a solution that automatically assigns IP addresses to
computers on a netw ork. W hen a client is configured to receive an IP address automatically, It w ill send out a
broadcast to the DHCP server requesting an address. The server w ill then issue a "lease" and assign it to that
client. Some of the benefits of DHCP include the follow ing:
Prevents users from making up their ow n IP addresses.
Prevents incorrect gatew ay or subnet masks from being entered.
Decreases amount of time spent configuring computers especially in environments w here computers get

converted by W eb2PDFConvert.com
 Decreases amount of time spent configuring computers especially in environments w here computers get
moved around all the time.
APIPA – Stands for Automatic Private Internet Protocol Addressing. Client systems that are configured for
automatic IP address assignment / dynamic IP assignment w ill attempt to use DHCP to make a request for an IP
address lease for a given netw ork. W hen the DHCP server is unavailable the service on the client w ill automatically
configure the system w ith an APIPA IP address in the 169.254.0.1 through 169.254.255.254 address range w ith a
subnet mask of 255.255.0.0.

Unicast - the sending of information packets to a single netw ork node. This type of netw ork transmission is used
w here a private or unique resource such as media servers are being requested for tw o w ay connections that are
needed to complete the netw ork communication. So in the media server example, a client system may make the
request for streaming content from the single source and the responding system may leverage unicast as part of
the response to the session request to deliver the content.

Multicast – a single source address responding to multiple destination addresses w ith information to be sent. In a
media server example, the single source address may need to send the data to multiple clients; it does this by
sending the data w ith multiple destination IP addresses. All the clients that “see” this netw ork traffic w ill check to
see if it is meant for them w ith the supplied information. If it is not the client does not receive the data. If a
netw ork node does see that the data is intended for them the device w ill respond by receiving the packet.

Broadcast – traffic sent out from a netw ork node that w ill reach every other node on the subnet / broadcast
domain because the message is sent w ith the intent of reaching all nodes. The netw ork node that is sending the
traffic w ill use the broadcast address for that subnet and every device in that broadcast domain w ill receive the
broadcast information. Generally the broadcast address is the last IP address of that segment. As an example, in
the IP address range of 192.168.0.0 this broadcast address w ould be 192.168.255.255 and the traffic w ould reach
all available nodes on the subnet. Additionally 255.255.255.255 could be used w hich is the broadcast address of
the zero netw ork (0.0.0.0). Internet Protocol standards outline that the zero netw ork stands for the local netw ork
so only those node on the local netw ork w ould hear the broadcast traffic across the 255.255.255.255 address.

Domain 1.5: Common IPv4 and IPv6 Routing Protocols

Link State routing protocols – are one of the tw o main classes of routing protocols used in packet sw itching
netw orks and includes protocols such as Open Shortest Path First (OSPF) and Intermediate System to Intermediate
System (IS-IS). The link-state protocol is performed on every router on the netw ork, w here every routing node
constructs a map of the connectivity to the netw ork by show ing w hich nodes are connected to each other. Each
router calculates the next best logical hop from it to every possible know n destination w hich forms the node's
routing table.
Open Shortest Path First (OSPF) – is a dynamic routing protocol and is used on Internet Protocol (IP)
based netw orks of all sizes – large to small. OSPF is an interior gatew ay protocol (IGP) that routes IP
packets w ithin a single routing domain and w as designed to support variable-length subnet masking (VLSM)
and Classless Inter-Domain Routing (CIDR) addressing.
Intermediate System to Intermediate System (IS-IS) – a link state protocol that operates by forw arding
netw ork topology information throughout a netw ork of routers. Each router then independently builds a
picture of the netw ork's topology based on the data received and the best topological path through the
netw ork to the destination. IS-IS is an Interior Gatew ay Protocol (IGP) typically used on larger netw orks.
Distance-vector routing protocols – are one of the tw o main classes of routing protocols used in packet sw itching
netw orks and includes Routing Information Protocol (RIP) and Interior Gatew ay Routing Protocol (IGRP). uses
distance as one factor and the vector as the other to determine against the know n routing tables to deliver data to
source and destination locations. Routers using the distance-vector routing protocol w ill update other routers of
topology changes periodically w hen a change is detected in the topology of a netw ork.
Routing Information Protocol (RIPv1) – RIP is a distance-vector routing protocol using “hop count” as a
routing metric. The maximum number of hops allow ed for RIP is 15 w hich effectively limits the size of
netw orks that RIP can support.
Routing Information Protocol (RIPv2) – improved upon RIPv1 by having the ability to include subnet
information w ith its updates w hich allow s for Classless Inter-Domain Routing (CIDR) support. The 30 second
proactive broadcast has been eliminated in favor of multicast advertisements for its updates. The 15 hop
count limit remains so that the devices are backw ards compatible w ith RIPv1 devices.
Border Gateway Protocol (BGP) – is the core routing protocol of the Internet. It maintains a table of IP
netw orks and the data that designates w here and how to reach each netw ork through autonomous
systems (AS). BGP makes routing decisions based on path, netw ork policies and / or rule sets.
Enhanced Interior Gateway Routing Protocol (EIGRP) – a proprietary hybrid protocol from Cisco that is a
distance vector routing protocol that functions like a link state routing protocol. EIGRP collects information
and stores it in three tables; the Neighbor Table w hich stores the information about neighboring routers, the
Topology Table w hich contains only the information and data regarding the routing tables from directly
connected neighbors and the Routing table w hich stores the actual routes to all destinations.
Domain 1.6: The Purpose and Properties of Routing
Interior Gateway Protocol (IGP) – routing protocol that is used w ithin an autonomous system w hich is
sometimes referred to as an administrative domain. One type of Interior Gatew ay Protocol are the Distance-vector
routing protocols such as Routing Information Protocol (RIP), Interior Gatew ay Routing Protocol (IGRP) and
Enhanced Interior Gatew ay Routing Protocol (EIGRP). Another type are the Link-state routing protocols such as
Open Shortest Path First (OSPF) and Intermediate system to intermediate system (IS-IS)
Exterior Gateway Protocol (EGP) – routing protocol that is used across different autonomous systems /
administrative domains. It w as the routing protocol leveraged for Internet connected devices in the early 1980s.
Border Gatew ay Protocol (BGP) is the replacement standard for Internet routing over EGP.

Static Router Updates – a router w ith manually configured routing tables. For these types of devices, a netw ork
administrator w ill manually build and make updates to the routing table for all routes in the administrative domain.
Static routers are best suited for small internetw orks; due to the need of the manual administration, they do not
scale w ell to large netw orks w here routing information is often changed, updated and appended. Static routers are
not fault tolerant because w hen another netw ork device goes dow n the manually input information may not
necessarily provide alternate pathing to a destination w hich makes it unreachable (unless quick, manual
administrative updates are made.)

Dynamic Router Updates – A router w ith dynamically configured routing tables. This type of automatic
configuration is made up of routing tables that are built and maintained by ongoing communication betw een the
routers only (by default – this does not include initial setup and configuration or administrative needs for a
persistent route configuration). Dynamic routing is fault tolerant; if a router or link goes dow n, the routers sense
the change in the netw ork topology w hen the “learned route” expires in the routing table and cannot be renew ed
due to the outage. This change is then disseminated to other routers so that all the routers “learn” of the netw ork
changes. Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) routing protocols for IP and RIP
for IPX are some of examples of protocols that can be used for these dynamic updates.
Next Hop – defined as the next place that a data packet needs to go. In most cases, routers do not need all of the
information regarding w here the originating source of the data transmission w as. In most cases routers just need

converted by W eb2PDFConvert.com
to know w here there data needs to go next and the “next” referred to as the “next hop” because all they are
trying to do is deliver it to the specified destination IP address that is included in the header information of the
data being sent. If that router is the last hop and can deliver it to the specified IP address it does otherw ise it
refers to its routing tables to figure out w hich router to hand it off to in the effort to get the data packet w here it
needs to go.
Routing Tables – sometimes referred to as a Routing Information Base (RIB), is the database information that
stores all the rout information for the routing netw ork devices. The routing table holds the route information
regarding the topology of the netw ork immediately around the device to other netw ork destinations and it w ill
often include the metric / cost associated for the route. There are three main route entries that are generally found
in the routing tables - Netw ork Route, Host Route and the Default Route. The Netw ork Route is route to a specific
Netw ork ID on the netw ork. The Host Route is a route to a specific netw ork address. A Default route is the path
used if a physical router or other netw ork routing device cannot find a route for the specified destination.
Convergence – achieved w hen all of the available topology information from routing devices have been passed
along to all of the other deceives in totality and all w hen the information gathered is not in a contradiction state to
any other router's informed topology information. W hen all of the netw ork routing devices "agree" on w hat the
netw ork topology looks like it is said to have full convergence.

Domain 1.7: Characteristics of Wireless Standards

W ireless netw orks allow computers to comunicate w ithout the use of cables using IEEE 802.11 standards, also
know n as W i-Fi. A connection is made from a device, w hich is usually a PC or a Laptop w ith a w ireless netw ork
interface card (NIC), and an Access Point (AP), w hich acts as a bridge betw een the w ireless stations and
Distribution System (DS) or w ired netw orks. An 802.11 w ireless netw ork adapter can operate in tw o modes, Ad-
Hoc and Infrastructure. In infrastructure mode, all your traffic passes through a w ireless ‘access point’. In Ad-hoc
mode your computers talk directly to each other and do not need an access point. The table below show s the
various standards.

Standard Speed Distance Frequency

802.11a 54 mbps 100 ft 5 GHz
802.11b 11 mbps 300 ft 2.4 GHz
802.11g 54 mbps 300 ft 2.4 GHz
802.11n 540 mbps 600 ft 5 GHz and/or 2.4 GHz

Authentication and Encryption:

WEP - W ired Equivalent Privacy is a security encryption algorithm that is easily cracked. For this reason, it
has been replaced by other technologies.
WPA - The original W PA standard used TKIP, but w as later replaced by W PA2 w hich uses a more secure AES-
based algorithm. W PA uses a 256 bit key to encrypt data. This key may be entered either as a string of 64
hexadecimal digits, or as a passphrase of 8 to 63 characters. It is susceptible to brute force attacks w hen a
w eak passphrase is used.
RADIUS - Remote Authentication Dial In User Service (RADIUS) is a netw orking protocol that provides
centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and
use a netw ork service. RADIUS is often used by ISPs and enterprises to manage access to the Internet or
internal netw orks, and w ireless netw orks. Microsoft's answ er to corporate w ireless security is the use of
RADIUS authentication through its Internet Authentication Services (IAS) product.
TKIP - Temporal Key Integrity Protocol w as designed as a solution to replace W EP w ithout requiring the
replacement of legacy hardw are. TKIP suffered from similar flaw s as W EP and has been replaced by more
secure encryption schemes.

Domain 2.0: Network Media and T opologies

Domain 2.1: Standard Cable Types and Their Properties
Cable Types:
Type Description

CAT3 Unshielded tw isted pair capable of speeds up to 10Mbit/s. Used w ith 10Base-T, 100Base-T4, and
100Base-T2 Ethernet.

CAT4 Unshielded tw isted pair capable of speeds up to 20Mbit/s. Not w idely used. Used w ith 10Base-T,
100Base-T4, and 100Base-T2 Ethernet.

CAT5 Unshielded tw isted pair capable of speeds up to 100Mbit/s. May be used w ith 10Base-T, 100Base-T4,
100Base-T2, and 100Base-TX Ethernet.
Enhanced Cat 5 is similar to CAT5, but exceeds its performance. Improved distance over previous
CAT5e categories from 100m to 350m. May be used for 10Base-T, 100Base-T4, 100Base-T2, 100BaseTX and
1000Base-T Ethernet.
Can transmit data up to 220m at gigabit speeds. It has improved specifications for NEXT (Near End
CAT6 Cross Talk), PSELFEXT (Pow er Sum Equal Level Far End Cross Talk), and Attenuation. Cat 6 is
backw ard compatible w ith low er Category grades and supports the same Ethernet standards as Cat
5e.
Multimode Multimode fibers have large cores. They are able to carry more data than single mode fibers though
Fiber they are best for shorter distances because of their higher attenuation levels.

Single Single Mode fibers have a small glass core. Single Mode fibers are used for high speed data
Mode transmission over long distances. They are less susceptible to attenuation than multimode fibers.
Fiber
RG59 and These are both shielded coaxial cables used for broadband netw orking, cable television, and other
RG6 uses.
A serial cable is a cable that can be used to transfer information betw een tw o devices using serial
Serial communication, often using the RS-232 standard. Typically use D-subminiature connectors w ith 9 or 25
pins. Cables are often unshielded, although shielding cables may reduce electrical noise radiated by
the cable.

Shielded twisted pair (STP) - differs from UTP in that it has a foil jacket that helps prevent cross talk. Cross talk is
signal overflow from an adjacent w ire.
EMI - Electrical devices such as printers, air conditioning units, and television monitors can be sources of

converted by W eb2PDFConvert.com
electromagnetic interference, or EMI. Some types of netw ork media have more resistance to EMI than others.
Standard UTP cable has minimal resistance to EMI, w hile fiber optic cable is highly resistant.
Plenum grade cabling - is required if the cabling w ill be run betw een the ceiling and the next floor (this is called
the plenum). Plenum grade cabling is resistant to fire and does not emit poisonous gasses w hen burned.

Simplex - Signals can be passed in one direction only.

Half Duplex - Half duplex means that signals can be passed in either direction, but not in both simultaneously.
Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.

Domain 2.2: Common Connector Types

BNC - This connector has found uses w ith both broadcast television equipment and
computer netw orks. W ith regards to netw orking, this connector w as used on early
10Base-2 (Thinnet) Ethernet netw orks. It has a center pin connected to the center coaxial
cable conductor and a metal tube connected to the outer cable shield. A rotating ring
outside the tube locks the cable to the female connector.
RJ-11 - Short for Registered Jack-11, a four or six-w ire connector used primarily to
connect telephone equipment in the United States (POTS). The cable itself is called
category 1 (Cat 1) and is used for dial-up connections. Modems have rj-11 jacks that
connect them to the w all outlet.

RJ-45 - Short for Registered Jack-45, it is an eight-w ire

connector used commonly to connect devices on Ethernet
LANs. RJ-45 connectors look similar to RJ-11 connectors used
for connecting telephone equipment, but they are larger.

ST - The ST connector is a fiber optic connector w hich uses a plug and socket w hich is
locked in place w ith a half-tw ist bayonet lock. The ST connector w as the first standard for
fiber optic cabling. ST Connectors are half-duplex.
SC - The SC connector is a fiber optic connector w ith a push-pull
latching mechanism w hich provides quick insertion and removal
w hile also ensuring a positive connection. SC Connectors are
half-duplex.

LC - The LC connector is just like a SC connector only it is half the size. Like SC
connectors, LC connectors are half-duplex.

RS-232 - A standard for serial binary data interconnection

betw een a DTE (Data terminal equipment) and a DCE (Data
communication equipment). Commonly found in use w ith bar
code scanners, measuring tools, and laboratory instruments are
designed to interface to a computer using a standard RS232
serial cable connection. Many of these uses are being replaced w ith USB enabled devices. The connector is a DB-9
or DB-25 connector.

Domain 2.3: Common Physical Network Topologies

Star - The star topology uses tw isted pair (10baseT or 100baseT) cabling and requires that all
devices are connected to a hub. Advantages are centralized monitoring, and failures do not affect
others unless it is the hub, easy to modify. The disadvantage is that the hub is a single point of
failure. If it goes dow n, there are no communications possible.

Mesh - In a true mesh topology every node has a connection to every other node in the netw ork. A
full mesh provides redundancy in case of a failure betw een links, but is impractical due the
complexity and the expensive amount of cabling required.

Bus - This topology is an old one and essentially has each of the computers on the netw ork daisy-
chained to each other. Packets must pass through all computers on the bus. This type is cheap,
and simple to set up, but causes excess netw ork traffic, a failure may affect many users, and
problems are difficult to troubleshoot.

Ring - A ring topology has a physical and logical ring and is used on SONET and FDDI netw orks
(note that Token Ring netw orks are actually a hybrid star ring topology). Any station can send a
packet around the ring but only the station w ith the token can do so. The token is passed around
the ring giving all stations an opportunity to communicate. This is a very fast and simple netw ork.
How ever if any part of the ring goes dow n, the entire LAN goes dow n. If there is a problem at a
station, it may be difficult to locate it. Ring netw orks are not very common.

Point-to-point - This topology generally refers to a connection restricted to tw o endpoints. Point-

to-point is sometimes referred to as P2P (not the same as peer-to-peer file sharing netw orks), or
Pt2Pt, or variations of this. Examples of this topology include RS-232 serial connections as w ell as
laser netw ork connections betw een buildings.

Point-to-Multipoint - Also know n as P2MP, this is a method of communication betw een a series of
receivers and transmitters to a central location. The most common example of this is the use of a
w ireless access point that provides a connection to multiple devices.
Hybrid - Hybrid topologies are combinations of the above and are common on very large netw orks.
For example, a star bus netw ork has hubs connected in a row (like a bus netw ork) and has
computers connected to each hub as in the star topology.

Domain 2.4: Wiring Standards

568A and 568B - The number 568 refers to the order in w hich the individual w ires inside a CAT 5 cable are
terminated. The only difference betw een the tw o standards is that the green and orange pins are terminated to
different pins. There is no difference in signal and both the 568A and 568B are used as patch cords for Ethernet
connections.

converted by W eb2PDFConvert.com
connections.
Straight through vs Crossover - A straight through cable uses either the 568A or 568B w iring standard and is
used for connecting devices to routers, hubs, sw itches, etc. An crossover cable is used to connect computing
devices together directly (i.e. connecting 2 computers directly together). A crossover cable uses the 568A standard
on one end and 568B on the other end.
Rollover - Rollover cable (also know n as Cisco console cable) is a type of null-modem cable that is most commonly
used to connect a computer terminal to a router's console port. This cable is typically flat and has a light blue color.
It gets the name rollover because the pinouts on one end are reversed from the other, as if the w ire had been
rolled over and you w ere view ing it from the other side.
Loopback - A loopback cable redirects the output back into itself and is used for troubleshooting purposes
(loopback test). This effectively gives the NIC the impression that it is communicating on a netw ork, since its able to
transmit and receive communications.

Domain 2.5: WAN Technology Types and Properties

Frame Relay - Frame relay is a secure, private netw ork that utilizes a logical path or “virtual circuit” to allocate
bandw idth for high performance transmissions. Frame relay is the premier high-speed packet-sw itching protocol
communicating data, imaging, and voice betw een multiple locations. Frame relay is available in a range of
bandw idths from 56 Kbps to full T1 (1.54 Mbps).
T-1/T-3 - A T-1 is a dedicated phone connection supporting data rates of 1.544Mbps. A T-1 line actually consists
of 24 individual channels, each of w hich supports 64Kbits per second. Each 64Kbit/second channel can be
configured to carry voice or data traffic. Most telephone companies allow you to buy just some of these individual
channels, know n as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to
the Internet and for Internet Service Providers (ISPs) connecting to the Internet backbone. The Internet backbone
itself consists of faster T-3 connections. T-1 comes in either copper or fiber optics.
ATM - ATM stands for Asynchronous Transfer Mode and is a high-speed, packet-sw itching technique that uses
short fixed length packets called cells. ATM can transmit voice, video, and data over a variable-speed LAN and W AN
connections at speeds ranging from 1.544Mbps to as high as 622Mbps. ATM is capable of supporting a w ide range
of traffic types such as voice, video, image and data.
SONET - SONET and SDH are a set of related standards for synchronous data transmission over fiber optic
netw orks. SONET is short for Synchronous Optical NETw ork and SDH is an acronym for Synchronous Digital
Hierarchy. SONET is the United States version of the standard and SDH is the international version. SONET defines
a base rate of 51.84 Mbps and a set of multiples of the base rate know n as "Optical Carrier levels." (OCx). Speeds
approaching 40 gigabits per second are possible.
ISDN - Integrated Services Digital Netw ork (ISDN) is comprised of digital telephony and data-transport services
offered by regional telephone carriers. ISDN involves the digitalization of the telephone netw ork, w hich permits
voice, data, text, graphics, music, video, and other source materials to be transmitted over existing telephone
w ires. There are 2 types of ISDN channels:
B (bearer) - Transfers data at 64Kbps. An ISDN usually contains 2 B channels for a total of 128kbps.
D (data) - Handles signalling at either 16Kbps or 64Kbps(sometimes limited to 56Kbps) w hich enables the B
channel to strictly pass data

Connection Speed Medium

ISDN BRI 64kbps/channel Tw isted-pair
ISDN PRI 1,544kbps Tw isted-pair
POTS Up to 56 Kbps Tw isted pair
PSTN 64kbps/channel Tw isted-pair
Frame Relay 56kbps-45mbps Varies
T-1 1.544 Mbps Tw isted-pair, coaxial, or optical fiber
ADSL 256Kbps to 24Mbps (ADSL 2+) Tw isted-pair
SDSL 1.544mbps Tw isted-pair
VDSL 100mbps Tw isted-pair
Cable modem 512 Kbps to 52 Mbps Coaxial
Satellite 1gbps (avg 1-5mbps) Air
T-3 44.736 Mbps Tw isted-pair, coaxial, or optical fiber
OC-1 51.84 Mbps Optical fiber
OC-3 155.52 Mbps Optical fiber
Wireless 1gbps Air
ATM 10gbps Optical fiber
SONET 10gbps Optical fiber

Packet and Circuit Switching - Packet sw itching refers to protocols in w hich messages are divided into packets
before they are sent. Each packet is then transmitted individually and can even follow different routes to its
destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original
message. Most modern W ide Area Netw ork (W AN) protocols, including TCP/IP and Frame Relay are based on
packet-sw itching technologies. In contrast, normal telephone service is based on a circuit-sw itching technology, in
w hich a dedicated line is allocated for transmission betw een tw o parties. Circuit-sw itching is ideal w hen data must
be transmitted quickly and must arrive in the same order in w hich it is sent. This is the case w ith most real-time
data, such as live audio and video. Packet sw itching is more efficient and robust for data that can w ithstand some
delays in transmission, such as e-mail messages and W eb pages.

Domain 2.6: LAN Technology Types and Properties

Ethernet - Ethernet is the most w idely-installed local area netw ork ( LAN) technology. Specified in a standard, IEEE
802.3, Ethernet w as originally developed by Xerox from an earlier specification called Alohanet (for the Palo Alto
Research Center Aloha netw ork) and then developed further by Xerox, DEC, and Intel. Early ethernet netw orks
uses coaxial connections. The most common types currently use tw isted pair cabling, how ever, fiber optic cabling is
becoming much more common as standards and speeds increase. Below are some of the ethernet standards:

Connection Cable Type Connector Maximum Speed

Type Length
100
10Base-T Category 3 or better UTP RJ-45 meters 10
cable (328 ft) mbps

100

converted by W eb2PDFConvert.com
 100
100Base- Cat 5 tw isted pair RJ-45 meters 100
TX mbps
(328 ft)
100Base- Fiber Optic ST, SC 2000 100
FX meters mbps
100
1000Base- CAT5e or higher RJ-45 meters 1
T (328 ft) gbps

1000Base- Up to 1
LX Laser over fiber SC 5000 gbps
meters
1000Base- Short w avelength laser SC Up to 550 1
SX over fiber meters gbps
1000Base- Tw inax or short haul 9-Pin shielded D-subminiature connector, or 8-pin 1
CX copper ANSI fiber channel type 2 (HSSC) connector. 25 meters gbps
10GBASE- Shortw ave laser over LC, SC 300 10
SR multi-mode fiber optics meters Gbps
10GBASE- Laser over single-mode LC, SC 2000 10
LR fiber optics meters Gbps
10GBASE- Laser over either single 40 10
ER or multi-mode fiber LC, SC kilometers Gbps
10GBASE- Shortw ave laser over LC, SC 300 10
SW multi-mode fiber optics meters Gbps
10GBASE- Laser over single-mode LC, SC 2000 10
LW fiber optics meters Gbps
10GBASE- Laser over either single 40 10
EW or multi-mode fiber LC, SC kilometers Gbps

Cat 5e (or higher) 100 10

10GBASE-T tw isted pair RJ-45 meters Gbps
(328 ft)

CSMA/CD (Carrier Sense Multiple Access with Collision Detection) - In the early days of ethernet, w hen tw o
hosts w ould send packets at the same time, a collision w ould occur. A standard had to be created that w ould have
the hosts follow rules relating to w hen they could send data and w hen they could not. This standard is Carrier
Sense Multiple Access w ith Collision Detection, referred to as CSMA/CD. CSMA/CD forces computers to “listen” to
the w ire before sending in order to make sure that no other host on the w ire is sending. If a collision is detected,
both of the senders w ill send a jam signal over the Ethernet. This jam signal indicates to all other devices on the
Ethernet segment that there has been a collision, and they should not send data onto the w ire.
How Ethernet CSMA/CD Works
Bonding (AKA Link Aggregation, Port Trunking, EtherChannel, etc.) - Uses multiple netw ork cables/ports in
parallel to increase the link speed beyond the limits of any one single cable or port, and to increase the redundancy
for higher availability.

Domain 2.7: Common Logical Network Topologies

Peer to Peer - A peer to peer netw ork is one in w hich lacks a dedicated server and every computer acts as both a
client and a server. This is a good netw orking solution w hen there are 10 or less users that are in close proximity
to each other. A peer to peer netw ork can be a security nightmare, because the people setting permissions for
shared resources w ill be users rather than administrators and the right people may not have access to the right
resources. More importantly the w rong people may have access to the w rong resources, thus, this is only
recommended in situations w here security is not an issue. P2P file sharing netw orks w ork under a similar
architecture, how ever, there are differences betw een them and the LAN netw orking architecture.

Client/Server - This type of netw ork is designed to support a large number of users and uses dedicated server/s
to accomplish this. Clients log in to the server/s in order to run applications or obtain files. Security and permissions
can be managed by 1 or more administrators w hich w ho set permissions to the servers' resources. This type of
netw ork also allow s for convenient backup services, reduces netw ork traffic and provides a host of other services
that come w ith the netw ork operating system.
VPN - A virtual private netw ork is one that uses a public netw ork (usually the Internet) to connect remote sites or
users together. Companies use site to site VPN to support critical applications to connect offices to remote users.
Instead of using a dedicated, real-w orld connection such as leased line, a VPN uses "virtual" connections routed
through the Internet from the company's private netw ork to the remote site or employee.

VLAN - A virtual LAN is a local area netw ork w ith a definition that maps w orkstations on a basis other than
geographic location (for example, by department, type of user, or primary application). The virtual LAN controller
can change or add w orkstations and manage load-balancing and bandw idth allocation more easily than w ith a
physical picture of the LAN. Netw ork management softw are keeps track of relating the virtual picture of the local
area netw ork w ith the actual physical picture.

Domain 2.8: Install components of Wiring Distribution

Vertical Cross Connect – is a location w ithin a building w here cables originate and / or are terminated,
reconnected using jumpers or pass throughs or are connected to patch panels or other similar devices w here the
locations are from upper or low er floors in the building. These cables could be of multiple different types and
mediums such as phone netw orks, data lines, copper based, fiber channel, etc.
Horizontal Cross Connect – similar to Vertical Cross Connect locations; these are w ithin a building w here cables
originate and / or are terminated but these locations are all on the same floor or building level. As w ith Vertical
Cross Connect configurations, these locations can be of multiple different netw ork types and mediums.

Patch Panel – w all or rack mounted collection of data connections w here all of the netw ork media converges.
These rooms are generally some form of telecommunications closet in a facility and it is used to connect all of the
different types of incoming and outgoing media types on the LAN. W hen they all span the same floor of a building
they are sometimes referred to as Horizontal Cross Connect locations and w hen they span different levels of a
location / different floors of a building they are sometimes referred to as Vertical Cross Connect locations. The main
Patch Panel room w ill often be the connection point for the LAN to be connected to the W AN and / or the internet.
66 Block – is a legacy type of punch dow n block used to connect sets of 22 through 26 American W ire Gauge
(AW G) solid copper w ire in a telephone system. They have a 25-pair standard non-split capacity and generally are
unsuited for traffic and data netw ork communications above 10 megabits per second (Mbps).

converted by W eb2PDFConvert.com
Main Distribution Frame (MDF) – is a w ire distribution frame for connecting equipment inside a facility to cables
and subscriber carrier equipment outside of the facility. One example of this is w here all of the phone cabling inside
a facility is run to planned phone locations (e.g. offices) back to the MDF. W hen the local telephone company makes
the external connections then all circuits are completed.
Intermediate Distribution Frame (IDF) – is another place much like a Horizontal Cross Connect location or a
Vertical Cross Connect location w here netw ork administrators can physically change the netw ork media around and
w here they can house other needed netw ork equipment such as routers, sw itches, repeaters and so forth.
25 Pair – is a grouping of 25 pairs of w ires all inside a single covering / housing or outer insulation casing. It is
best suited for telephone / voice cable runs rather than data cable runs and is generally used as a feeder cable.

100 Pair – is a larger cabling segment to its 25 pair cousin but used in the same manner; all of the 100 pairs of
w ires are inside a single covering / housing or outer insulation casing. It is best suited for telephone / voice cable
runs rather than data cable runs and is generally used as a feeder cable.
110 Block – is the more modern replacement of the legacy 66 Block and is used as a w iring distribution point for
w ired telephone systems (voice) and other types of w ired netw orking (data). On one side of the block w ires are
punched dow n into RJ-11 connectors for voice and RJ-45 connectors for data communications.
Demarc – is the point of operational and administrative control change in a netw ork. One example of this is the
Main Distribution Frame (MDF) point in a facility. This is w here the w ire distribution frame for connecting equipment
inside a facility to cables and subscriber carrier equipment outside of the facility occurs and this is considered a
demarcation point of the operational control of the internal systems w here it changes over to the control of the
external presence.
Demarc Extension – w here the end of the line of the external administrative control is extended beyond that
actual endpoint. Example – you are one business inside of a large high rise building on the 15th floor only and the
Main Distribution Frame (MDF) point is on the ground floor. Your responsibility probably ends at the Intermediate
Distribution Frame (IDF) on your floor and the external administration (example – Phone Company) ends at the
Main Distribution Frame (MDF) on the ground floor. The building administration ow ns all the cabling responsibility
betw een the Main Distribution Frame (MDF) on the ground floor and your Intermediate Distribution Frame (IDF) on
your floor. That cabling is effectively the Demarc Extension

Smart Jack – is a netw ork connection device that is used to connect your internal netw ork to an external service
provider netw ork. The device handles all of the code and protocol differences betw een the tw o netw orks and is
often the actual demarcation point betw een the tw o service entities.
Wiring Installation – is the physical installation of internal w iring in a facility. This may be the pulls of copper phone
and data lines to the running of fiber optic medium from the different cross connect locations.
Wiring Termination – is the end point of netw orked cable runs that w ill generally end either in a patch panel or a
jack location in an office. This has historically been the copper w ire runs associated w ith phone lines to the RJ-11
jacks / blocks to the data lines on the RJ-45 connections. W ire termination is also a consideration on fiber optic
pulls as w ell w hich requires a higher set of skill level.

Domain 3.0: Network Devices

Domain 3.1: Common Network Devices
Hub - A physical layer netw ork device used to connect multiple Ethernet devices together.
Active hubs act as a repeater and boost the signal in order to allow for it to travel farther, w hile
passive hubs simply pass the signal through. Most hubs have an uplink port that allow s them to
connect to other hubs, a router, or other netw ork devices.
Repeater: - A physical layer device that boosts signals in order
to allow a signal to travel farther and prevent attenuation.
Attentuation is the degradation of a signal as it travels farther from its origination.
Repeaters do not filter packets and w ill forw ard broadcasts. Both segments must
use the same access method, w hich means that you can't connect a token ring
segment to an Ethernet segment. Repeaters can connect different cable types as show n in the image.

Modem - The modem is a device that converts digital information to analog by MODulating it on
the sending end and DEModulating the analog information into digital information at the receiving
end. Most modern modems are internal, how ever, they can be internal or external. External
modems are connected to the back of the system board via a RS-232 serial connection. Internal
modems are installed in one of the motherboard's PCI or ISA expansion slots depending on the
modem. The modem contains an RJ-11 connection that is used to plug in the telephone line. Modems have different
transmission modes as follow s:
Simplex - Signals can be passed in one direction only.
Half Duplex - Half duplex means that signals can be passed in either direction, but not in both
simultaneously. Half-duplex modems can w ork in full-duplex mode.
Full Duplex - Full duplex means that signals can be passed in either direction simultaneously.
Modems can also be classified by their speed w hich is measured by the BAUD rate. One baud is one electronic state
change per second. Since a single state change can involve more than a single bit of data, the Bits Per
Second(BPS) unit of measurement has replaced it as a better expression of data transmission speed. Common
modem speeds are V.34 at 28.8 kbps, V.34+ at 33.6 kbps and V.90 at 56 Kbps.
Network Interface Card - A Netw ork Interface Card, often abbreviated as NIC, is an
expansion board you insert into a computer so the computer can be connected to a
netw ork. Most NICs are designed for a particular type of netw ork, protocol and media,
although some can serve multiple netw orks.
Media Converters - simple netw orking devices that make it
possible to connect tw o dissimilar media types such as tw isted pair
w ith fiber optic cabling. They w ere introduced to the industry nearly tw o decades ago, and
are important in interconnecting fiber optic cabling-based systems w ith existing copper-
based, structured cabling systems. They are also used in MAN access and data transport
services to enterprise customers. Fiber media converters support many different data
communication protocols including Ethernet, Fast Ethernet, Gigabit Ethernet, T1/E1/J1,
DS3/E3, as w ell as multiple cabling types such as coax, tw isted pair, multi-mode and single-
mode fiber optics. Media converter types range from small standalone devices and PC card converters to high port-
density chassis systems that offer many advanced features for netw ork management.

converted by W eb2PDFConvert.com
density chassis systems that offer many advanced features for netw ork management.
Switch - A sw itch is a netw ork device that filters and forw ards packets betw een LAN
segments and ensures that data goes straight from its origin to its proper
destination. Sw itches remember the address of every node on the netw ork, and
anticipate w here data needs to go. A sw itch only operates w ith the computers on
the same LAN. This reduces competition for bandw idth betw een devices on the
netw ork. It isn't smart enough to send data out to the internet, or across a W AN. These functions require a router.
Bridge - Functions the same as a repeater, but can also divide a netw ork in order to
reduce traffic problems. A bridge can also connect unlike netw ork segments (ie. token ring
and ethernet). Bridges create routing tables based on the source address. If the bridge
can't find the source address it w ill forw ard the packets to all segments. Bridging methods:
Transparent - Only one bridge is used.
Source-Route - Bridging address tables are stored on each PC on the netw ork
Spanning Tree - Prevents looping w here there exists more than one path betw een segments
Wireless Access Point - A W ireless Access Point is a radio frequency transceiver w hich allow s your
w ireless devices to connect to a netw ork. The W AP usually connects to a w ired netw ork, and can
relay data betw een the w ireless devices (such as computers or printers) and w ired devices on the
netw ork. A w ireless access point w ill support up to 32 w ireless devices. The range of the w ireless
signal depends greatly on obstructions such as w alls. For more information about w ireless
standards, see domain 1.7.
Router - Functioning at the netw ork later of the OSI model, a router is
similar to a sw itch, but it can also connect different logical netw orks or
subnets and enable traffic that is destined for the netw orks on the other
side of the router to pass through. Routers create or maintain a table of
the available routes and can be configured to use various routing protocols to determine the best route for a given
data packet. Routers can connect netw orks that use disimilar protocols. Routers also typically provide improved
security functions over a sw itch.
Firewall - Either a hardw are or softw are entity (or a combination of both) that
protects a netw ork by stopping netw ork traffic from passing through it. In most
cases, a firew all is placed on the netw ork to allow all internal traffic to leave the
netw ork (email to the outside w orld, w eb access, etc.), but stop unw anted traffic
from the outside w orld from entering the internal netw ork. This is achieved by
granting and denying access to resources based on a set of configurable rules.
DHCP Server - A server that is responsible for assiging unique IP address to the
computers on a netw ork. A DHCP server prevents the assignment of duplicate IP
addresses to clients and reduces administrative effort in netw ork configuration. A
DHCP server is actually more of a service that is found on netw ork operating systems such as W indow s 2002/2008
server, or on netw ork devices such as routers.

Domain 3.2: Specialized Network Devices

Multilayer Switch - A multilayer sw itch (MLS) is a computer netw orking device that sw itches on OSI layer 2 like an
ordinary netw ork sw itch and provides extra functions on higher OSI layers. Some MLSs are also able to route
betw een VLAN and/or ports like a common router. The routing is normally as quick as sw itching (at w irespeed).
Some sw itches can use up to OSI layer 7 packet information; they are called layer 4-7 sw itches, content-sw itches,
w eb-sw itches or application-sw itches.
Content Switch - The main function of a content sw itch is to inspect the netw ork data that it receives so that it can
decide w here on the netw ork that data (or request) needs to be forw arded to. Once this is determined the data is
sent to the appropriate server w hich can handle the data. In most cases the sw itch looks to see w hat type of
application or softw are the request is targeted at. It does this by looking to see w hat port the requests is directed
at. For example if the data is targeted at an ftp port then the request w ill be sent to an ftp sever. The main benefit
of this approach is that the sw itch acts as a load balancer as it can balance data or requests across the different
type of application servers used by the business. A second major function that this type of sw itch can perform is to
look at the incoming requests and see w hich w ebsites are targeted. This is important for large enterprises or
hosting companies. If for example a w eb hosting company w as hosting several thousand w ebsites the sw itch could
direct requests to the specific servers that the w ebsites are running on. These devices tend to be very expensive.

IDS/IPS - These terms stand for Intrusion Detection System and Intrusion Prevention System respectively. IDS is a
device (or application) that monitors netw ork and/or system activities for malicious activities or policy violations. IDS
is a passive system that gives alerts w hen something suspicious is detected and logs the events into a database
for reporting. IPS, on the other hand, sits inline w ith traffic flow s on a netw ork, actively shutting dow n attempted
attacks as they’re sent over the w ire. It can stop the attack by terminating the netw ork connection or user session
originating the attack, by blocking access to the target from the user account, IP address, or other attribute
associated w ith that attacker, or by blocking all access to the targeted host, service, or application. Vendors are
increasingly combining the tw o technologies into a single box, now referred to as IDPS. These devices are used
w ith, not instead of, a firew all.
Load Balancer - A load balancer is a hardw are and/or softw are solution that provides load balancing services.
Load balancing is used to distribute w orkloads evenly across tw o or more computers, netw ork links, CPUs, hard
drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response
time, and avoid overload. Using multiple components w ith load balancing, instead of a single component, may
increase reliability through redundancy. As an example, Google receives many, many more search requests than a
single server could handle, so they distribute the requests across a massive array of servers.
Mutlifunction Network Devices - As you might guess, multifunction netw ork devices combine the function of
individual devices into a single unit. An example is w ireless access points w hich often include one or more of the
follow ing: firew all, DHCP server, w ireless access point, sw itch, gatew ay, and router.
DNS Server - DNS is an Internet and netw orking service that translates domain names into IP addresses. The
internet is based on numerical IP addresses, but w e use domain names because they are easier to remember. DNS
is the service that looks up the IP address for a domain name allow ing a connection to be made. This process is
very similar to calling information. You call them w ith a name, they check their database and give you the phone
number. The DNS service is included w ith server operating systems (W indow s 2003/2008, Linux, etc.) and netw ork
devices such as routers.
Bandwidth Shaper - Describes the mechanisms used to control bandw idth usage on the netw ork. Bandw idth
shaping is typically done using softw are installed on a netw ork server. From this server, administrators can control
w ho uses bandw idth, for w hat, and w hen. Bandw idth shaping establishes priorities to data traveling to and from
the Internet and w ithin the netw ork. A bandw idth shaper essentially performs tw o key functions: monitoring and
shaping. Monitoring includes identifying w here bandw idth usage is high and at w hat time of day. After that
information is obtained, administrators can customize or shape bandw idth usage for the best needs of the
netw ork. I am unaw are w hy CompTIA listed this in the "netw ork devices" section of their objectives, but bandw idth
shapers are typically software.

converted by W eb2PDFConvert.com
Proxy Server - A proxy server acts as a middle-man betw een clients and the Internet providing security,
administrative control, and caching services. W hen a user makes a request for an internet service and it passes
filtering requirements, the proxy server looks in its local cache of previously dow nloaded w eb pages. If the item is
found in cache, the proxy server forw ards it to the client. This reduces bandw idth through the gatew ay. If the page
is not in the cache, the proxy server w ill request the page from the appropriate server. Now adays, the functions of
proxy servers are often built into firew alls.
CSU/DSU - A Channel Service Unit/Data Service Unit (CSU/DSU) acts as a translator betw een the LAN data format
and the W AN data format. Such a conversion is necessary because the technologies used on W AN links are
different from those used on LANs. Although CSU/DSU's look similar to modems, they are not modems, and they
don't modulate or demodulate betw een analog and digital. All they really do is interface betw een a 56K, T1, or T3
line and serial interface (typically a V.35 connector) that connects to the router. Many new er routers have
CSU/DSUs built into them.

Domain 3.3: Advanced Features of a Switch

PoE - Generally speaking, Pow er over Ethernet technology describes a system to safely pass electrical pow er,
along w ith data, on Ethernet cabling. Standard versions of PoE specify category 5 cable or higher. Pow er can come
from a pow er supply w ithin a PoE-enabled netw orking device such as an Ethernet sw itch or from a device built for
"injecting" pow er onto the Ethernet cabling. IP Phones, LAN access points, and W iFi sw itches to RFID readers and
netw ork security cameras. All of these require more pow er than USB offers and very often must be pow ered over
longer runs of cable than USB permits. In addition, PoE uses only one type of connector, an 8P8C (RJ45), w hereas
there are four different types of USB connectors.
Spanning Tree Protocol - Spanning Tree is one of three bridging methods a netw ork administrator can use. W hich
method you use usually w ill be determined by the netw ork’s size. The simplest method is transparent bridging,
w here only one bridge or sw itch exists on the netw ork. The next is Source-Route, in w hich bridging address tables
are stored on each PC on the netw ork. Then there’s w hat you came for, spanning tree, w hich prevents loops
w here there exists more than one path betw een segments. STP w as upgraded to Rapid Spanning Tree Protocol
(RSTP).
VLAN - A broadcast domain is normally created by the router. W ith VLAN’s, a sw itch can create the broadcast
domain. This allow s a virtual netw ork, independent of physical location to be created.

Trunking - VLANs are local to each sw itch's database, and VLAN information is not passed betw een sw itches. Trunk
links provide VLAN identification for frames traveling betw een sw itches. The VLAN trunking protocol (VTP) is the
protocol that sw itches use to communicate among themselves about VLAN configuration.

Port Mirroring - Used on a netw ork sw itch to send a copy of netw ork packets seen on one sw itch port (or an
entire VLAN) to a netw ork monitoring connection on another sw itch port. This is commonly used for netw ork
appliances that require monitoring of netw ork traffic, such as an intrusion-detection system.

converted by W eb2PDFConvert.com
appliances that require monitoring of netw ork traffic, such as an intrusion-detection system.

Port Authentication - The IEEE 802.1x standard defines 802.1x port-based authentication as a client-server based
access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through
publicly accessible ports. The authentication server validates each client connected to a sw itch port before making
available any services offered by the sw itch or the LAN.

Domain 3.4: Implement a Basic Wireless Network

Install Client – the actual steps taken to set up a computer, laptop or other netw ork connected device to the
netw ork. This may be in the form of just getting it correctly configured to use TCP/IP or more involved such as
installing a softw are suite so that specific netw ork parameters can be leveraged for proper connectivity to netw ork
resources or resources on the domain.
Network Connections Dialog Box – used to configure different aspects of the netw ork connections by w ay of a
graphical user interface (GUI) w ithin the Microsoft W indow s operating systems (W indow s XP, W indow s Vista,
Server 2003, etc). W ith respect to peer to peer netw orks, you can use the Netw ork Tasks pane to Create a New
Connection, Set up a Home or small office netw ork as w ell as change the W indow s Firew all settings and view
available w ireless netw orks.
Wireless Network Connection Dialog Box – the graphical user interface (GUI) w ithin the Microsoft W indow s
operating systems used to configure the w ireless devices and their settings. On the General tab you can configure
the specific hardw are settings (parameters, drivers, etc) as w ell as the protocols (e.g. TCP/IP) and the netw ork
client that the device w ill use (e.g. Client for Microsoft Netw orks). Additionally, you can install services from this
screen as w ell (e.g. Virtual Machine Netw ork Service). The W ireless Netw orks tab w ill show you the available
netw orks and allow you to configure preference for each of the netw orks encountered.
Access Point Placement – correctly positioning your W ireless Access Points w ill allow for the seamless use of
w ireless devices on your netw ork. By correctly placing the devices, users w ill not generally experience signal loss of
their connection to the netw ork. It is important to understand that there are many things that affect the w ireless
access point signal w ith respect to broadcast and receiving strength that include the construction and architecture
of the building w here the devices are distributed as w ell as general disruption of the frequency range that the
access points operate on by other devices (e.g. microw ave ovens, cordless phones, etc).
Physical Locations of Wireless Access Points (WAPs) – device placement best practices include planning for
more than just nominal half distances betw een devices. Consideration needs to be given to w hat type of
obstructions may be currently in the w ay (physical fire breaks in betw een w alls; metal superstructure, etc) as w ell
as future plans to subdivide offices. Electrical motors and other higher current carrying lines need to be considered
as w ell to keep interference to a minimum.
Wired or Wireless Connectivity – planning for W AP to W AP connections only or a mix of w ired and w ireless
connections. It’s easier to connect W AP to W AP in a daisy chain signal relay configuration but w hen you do this you
need to realize that a physical failure in one W AP device may take out all the devices. It is more w ork and it costs
more in time money and effort to connect the W APs using w ired connections back to a sw itch or a router but it
greatly reduces the potential connectively loss on the netw ork; the loss of a single W AP w here the W APs are w ired
back results in only impacting the users of that one W AP instead of all W APs up and dow nstream.
Install Access Point – another term for the W ireless Access Point(s) that w ill allow you to correctly gain access to
the netw ork w ith your device. This point onto the netw ork w ill allow the client device to configure itself w ith the
necessary encryption (if required) and any other netw ork required settings or else risk being defaulted off the
netw ork.
Configuring Encryption – w ith respect to w ireless clients these are the settings most commonly used. Disabled
simply means that everything is passed as clear text. W ired Equivalent Privacy (W EP) is the low est form of the
types of encryption available and is generally only used today to allow legacy devices that cannot handle more
robust encryption protocols to gain somew hat secured access to the netw ork. W EP has been challenged and
defeated for a number of years mainly due to the increase in computing pow er and the fact that the keys are
alphanumeric or hexadecimal characters that are configured in 40 bit, 64 bit, 128 bit, 153 bit and 256 bit strength.
W i Fi Protected Access (W PA) w as created by the W i-Fi Alliance to better secure w ireless netw orks and w as
created in response to the w eaknesses researchers found in W ired Equivalent Privacy (W EP). Temporal Key
Integrity Protocol (TKIP) is used in W PA to encrypt the authentication and encryption information that w as initially
passed on the w ire in clear text before a netw ork node could secure its communications on the netw ork. W i Fi
Protected Access version 2 (W PA2) offers additional protection because it uses the strongest authentication and
encryption algorithms available in the Advanced Encryption Standard (AES).
Configuring Channels and Frequencies – most w ireless routers w ork in the 2.4GHz frequency range and require
netw ork administrators to set up the channels for the devices to use. 1, 6 and 11 are the main channels used
because they generally w ill not be interfered w ith from other devices such as cordless phones and Bluetooth
devices that also w ork at this frequency range.
Setting ESSID and Beacon – Extended Service Set identifier (ESSID) is the “advertisement” from the W ireless
Access Point that basically announces its availability for netw ork devices to make a connection. The announcement
signal that is sent out is called the beacon.

Verifying Installation - the process that is outlined for making sure that all the settings needed to connect a
netw ork node to the w ireless device. The best practice steps generally include on initial installation of the W ireless
Access Point (W AP) to do so w ithout any security to verify that a client can get on the netw ork. Once that is
successful you w ould then incorporate the security protocol that you w anted to use and to make sure the client
can operate on the netw ork again. Once this is successfully done it is assumed all other netw ork nodes w ould be
able to successfully repeat the same steps to access the netw ork securely and w ith the traffic encrypted.

Domain 4.0: Network Management

Domain 4.1: OSI Model
The OSI netw orking model is divided into 7 layers. Each layer has a different responsibility, and all the layers w ork
together to provide netw ork data communication.

Layer Description
Represents user applications, such as softw are for file transfers, database access, and e-mail. It
handles general netw ork access, flow control, and error recovery. Provides a consistent neutral
Application
interface for softw are to access the netw ork and advertises the computers resources to the
netw ork.
Determines data exchange formats and translates specific files from the Application layer format
Presentation into a commonly recognized data format. It provides protocol conversion, data translation,
encryption, character-set conversion, and graphics-command expansion.
Handles security and name recognition to enable tw o applications on different computers to

converted by W eb2PDFConvert.com
 Handles security and name recognition to enable tw o applications on different computers to
communicate over the netw ork. Manages dialogs betw een computers by using simplex(rare), half-
Session
duplex or full-duplex. The phases involved in a session dialog are as follow s: establishment, data-
transfer and termination.
Provides flow control, error handling, and is involved in correction of transmission/reception
Transport problems. It also breaks up large data files into smaller packets, combines small packets into larger
ones for transmission, and reassembles incoming packets into the original sequence.
Addresses messages and translates logical addresses and names into physical addresses. It also
manages data traffic and congestion involved in packet sw itching and routing. It enables the option
Netw ork of specifying a service address (sockets, ports) to point the data to the correct program on the
destination computer.
The interface betw een the upper "softw are" layers and the low er "hardw are" Physical layer. One of
its main tasks is to create and interpret different frame types based on the netw ork type in use.
The Data Link layer is divided into tw o sub-layers: the Media Access Control (MAC) sub-layer and
the Logical Link Control (LLC) sub-layer.
Data Link
LLC sub-layer starts maintains connections betw een devices (e.g. server - w orkstation).
MAC sub-layer enables multiple devices to share the same medium. MAC sub-layer maintains
physical device (MAC) addresses for communicating locally (the MAC address of the nearest
router is used to send information onto a W AN).

The specification for the hardw are connection, the electronics, logic circuitry, and w iring that
Physical transmit the actual signal. It is only concerned w ith moving bits of data on and off the netw ork
medium. Most netw ork problems occur at the Physical layer.

Here is an idiotic, yet easy w ay to remember the 7 layers. Memorize the follow ing sentence: All People Seem To
Need Data Processing. The first letter of each w ord corresponds to the first letter of the layers starting w ith
Application and ending w ith the physical layer.

Domain 4.3: Evaluate the Network Based on Configuration Management Documentation

The topics covered in this section are either already covered elsew here, or are too expansive for the purposes of
this guide. Consult your book(s) for more information about these topics.

Domain 4.4: Conduct Network Monitoring to Identify Performance and Connectivity Issues
The topics covered in this section are either already covered elsew here, or are too expansive for the purposes of
this guide. Consult your book(s) for more information about these topics.

Domain 4.5: Explain Different Methods and Rationales for Network Performance Optimization
Quality of Service - (QoS) is a set of parameters that controls the level of quality provided to different types of
netw ork traffic. QoS parameters include the maximum amount of delay, signal loss, noise that can be
accommodated for a particular type of netw ork traffic, bandw idth priority, and CPU usage for a specific stream of
data. These parameters are usually agreed upon by the transmitter and the receiver. Both the transmitter and the
receiver enter into an agreement know n as the Service Level Agreement (SLA). In addition to defining QoS
parameters, the SLA also describes remedial measures or penalties to be incurred in the event that the ISP fails to
provide the QoS promised in the SLA.

Traffic Shaping (also know n as "packet shaping" or ITMPs: Internet Traffic Management Practices) is the control
of computer netw ork traffic in order to optimize or guarantee performance, increase/decrease latency, and/or
increase usable bandw idth by delaying packets that meet certain criteria. More specifically, traffic shaping is any
action on a set of packets (often called a stream or a flow ) w hich imposes additional delay on those packets such
that they conform to some predetermined constraint (a contract or traffic profile).Traffic shaping provides a means
to control the volume of traffic being sent into a netw ork in a specified period (bandw idth throttling), or the
maximum rate at w hich the traffic is sent (rate limiting), or more complex criteria such as GCRA. This control can be
accomplished in many w ays and for many reasons; how ever traffic shaping is alw ays achieved by delaying packets.
Traffic shaping is commonly applied at the netw ork edges to control traffic entering the netw ork, but can also be
applied by the traffic source (for example, computer or netw ork cardhttp://en.w ikipedia.org/w iki/Traffic_shaping -
cite_note-2) or by an element in the netw ork. Traffic policing is the distinct but related practice of packet dropping
and packet marking.

Load Balancing - is a technique to distribute w orkload evenly across tw o or more computers, netw ork links,
CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize
response time, and avoid overload. Using multiple components w ith load balancing, instead of a single component,
may increase reliability through redundancy. The load balancing service is usually provided by a dedicated program
or hardw are device (such as a multilayer sw itch or a DNS server).

High Availability - (aka Uptime) refers to a system or component that is continuously operational for a desirably
long length of time. Availability can be measured relative to "100% operational" or "never failing." A w idely-held but
difficult-to-achieve standard of availability for a system or product is know n as "five 9s" (99.999 percent)
availability.

Since a computer system or a netw ork consists of many parts in w hich all parts usually need to be present in order
for the w hole to be operational, much planning for high availability centers around backup and failover processing
and data storage and access. For storage, a redundant array of independent disks (RAID) is one approach. A more
recent approach is the storage area netw ork (SAN).
Some availability experts emphasize that, for any system to be highly available, the parts of a system should be
w ell-designed and thoroughly tested before they are used. For example, a new application program that has not
been thoroughly tested is likely to become a frequent point-of-breakdow n in a production system.

Cache Engine - (aka server) is a dedicated netw ork server or service acting as a server that saves W eb pages or
other Internet content locally. By placing previously requested information in temporary storage, or cache, a cache
server both speeds up access to data and reduces demand on an enterprise's bandw idth. Cache servers also
allow users to access content offline, including media files or other documents. A cache server is sometimes called a
"cache engine." A cache server is almost alw ays also a proxy server, w hich is a server that "represents" users by
intercepting their Internet requests and managing them for users. Typically, this is because enterprise resources
are being protected by a firew all server. That server allow s outgoing requests to go out but screens all incoming
traffic. A proxy server helps match incoming messages w ith outgoing requests. In doing so, it is in a position to also
cache the files that are received for later recall by any user. To the user, the proxy and cache servers are invisible;
all Internet requests and returned responses appear to be coming from the addressed place on the Internet. (The
proxy is not quite invisible; its IP address has to be specified as a configuration option to the brow ser or other
protocol program.)

converted by W eb2PDFConvert.com
 Fault-tolerance - describes a computer system or component designed so that, in the event that a component
fails, a backup component or procedure can immediately take its place w ith no loss of service. Fault tolerance can
be provided w ith softw are, or embedded in hardw are, or provided by some combination. In the softw are
implementation, the operating system provides an interface that allow s a programmer to "checkpoint" critical data
at pre-determined points w ithin a transaction. In the hardw are implementation (for example, w ith Stratus and its
VOS operating system), the programmer does not need to be aw are of the fault-tolerant capabilities of the
machine.
At a hardw are level, fault tolerance is achieved by duplexing each hardw are component. Disks are mirrored.
Multiple processors are "lock-stepped" together and their outputs are compared for correctness. W hen an anomaly
occurs, the faulty component is determined and taken out of service, but the machine continues to function as
usual.

Parameters Influencing QOS

Bandwidth - is the average number of bits that can be transmitted from the source to a destination over the
netw ork in one second.
Latency - (AKA "lag") is the amount of time it takes a packet of data to move across a netw ork connection. W hen
a packet is being sent, there is "latent" time, w hen the computer that sent the packet w aits for confirmation that
the packet has been received. Latency and bandw idth are the tw o factors that determine your netw ork connection
speed. Latency in a packet-sw itched netw ork is measured either one-w ay (the time from the source sending a
packet to the destination receiving it), or round-trip (the one-w ay latency from source to destination plus the one-
w ay latency from the destination back to the source). Round-trip latency is more often quoted, because it can be
measured from a single point. Note that round trip latency excludes the amount of time that a destination system
spends processing the packet. Many softw are platforms provide a service called ping that can be used to measure
round-trip latency. Ping performs no packet processing; it merely sends a response back w hen it receives a packet
(i.e. performs a no-op), thus it is a relatively accurate w ay of measuring latency.
W here precision is important, one-w ay latency for a link can be more strictly defined as the time from the start of
packet transmission to the start of packet reception. The time from the start of packet transmission to the end of
packet transmission at the near end is measured separately and called serialization delay. This definition of latency
depends on the throughput of the link and the size of the packet, and is the time required by the system to signal
the full packet to the w ire.
Some applications, protocols, and processes are sensitive to the time it takes for their requests and results to be
transmitted over the netw ork. This is know n as latency sensitivity. Examples of latency sensitive applications
include VOIP, video conferencing, and online games. In a VOIP deployment, high latency can mean an annoying and
counterproductive delay betw een a speaker’s w ords and the listener’s reception of those w ords. Netw ork
management techniques such as QoS, load balancing, traffic shaping, and caching can be used individually or
combined to optimize the netw ork and reduce latency for sensitive applications. By regularly testing for latency and
monitoring those devices that are susceptible to latency issues, you can provide a higher level of service to end
users.

Jitter - Jitter is the deviation in or displacement of some aspect of the pulses in a high-frequency digital signal. As
the name suggests, jitter can be thought of as shaky pulses. The deviation can be in terms of amplitude, phase
timing, or the w idth of the signal pulse. Another definition is that it is "the period frequency displacement of the
signal from its ideal location." Among the causes of jitter are electromagnetic interference (EMI) and crosstalk w ith
other signals. Jitter can cause a display monitor to flicker; affect the ability of the processor in a personal computer
to perform as intended; introduce clicks or other undesired effects in audio signals, and loss of transmitted data
betw een netw ork devices. The amount of allow able jitter depends greatly on the application.

Packet Loss - is the failure of one or more transmitted packets to arrive at their destination. This event can
cause noticeable effects in all types of digital communications.
The effects of packet loss:
In text and data, packet loss produces errors.
In videoconference environments it can create jitter.
In pure audio communications, such as VoIP, it can cause jitter and frequent gaps in received speech.
In the w orst cases, packet loss can cause severe mutilation of received data, broken-up images,
unintelligible speech or even the complete absence of a received signal.
The causes of packet loss include inadequate signal strength at the destination, natural or human-made
interference, excessive system noise, hardw are failure, softw are corruption or overburdened netw ork nodes. Often
more than one of these factors is involved. In a case w here the cause cannot be remedied, concealment may be
used to minimize the effects of lost packets.

Echo - is w hen portions of the transmission are repeated. Echoes can occur during many locations along the
route. Splices and improper termination in the netw ork can cause a transmission packet to reflect back to the
source, w hich causes the sound of an echo. To correct for echo, netw ork technicians can introduce an echo
canceller to the netw ork design. This w ill cancel out the energy being reflected.

High Bandwidth Applications - A high bandw idth application is a softw are package or program that tends to
require large amounts of bandw idth in order to fulfill a request. As demand for these applications continues to
increase, bandw idth issues w ill become more frequent, resulting in degradation of a netw ork system. One w ay to
combat the effects of these applications on a netw ork is to manage the amount of bandw idth allocated to them.
This allow s users to still use the applications w ithout degrading the QoS of netw ork services.
Examples:
Thin Clients
Voice over IP
Real Time Video
Multi-media

Domain 4.6: Implement the Following Network Troubleshooting Methodology

Gather Information on the Problem
In a contact center netw ork, problems are typically discovered and reported by one of the follow ing types of users:
External customers dialing into a call center to order products, obtain customer service, and so forth.
Internal agents receiving incoming calls from a call queue or initiating outbound collection calls to customers.
Internal users using administrative phones to call employees in other company locations or PSTN

converted by W eb2PDFConvert.com
 Internal users using administrative phones to call employees in other company locations or PSTN
destinations, and perform basic actions such as call transfers and dialing into conferences.
As the netw ork administrator, you must collect sufficient information from these users to allow you to isolate the
problem. Detailed, accurate information w ill make this task easier. As you turn up your netw ork, you may consider
putting these questions in an on-line form. A form w ill encourage users to provide more details about the problem
and also put them into the habit of looking for particular error messages and indicators. Capturing the information
electronically w ill also permit you to retrieve and re-examine this information in the future, should the problem
repeat itself.
Identify The Affected Area
Determine if the problem is limited to one w orkstation, or several w orkstations, one server, one segment, or the
entire netw ork. If only one person is experiencing a certain problem, the problem is most likely at the w orkstation.
If groups of w orkstations are affected, the problem might lie at a part of the netw ork that users all have in
common, such as a particular softw are application or database, a server, the netw ork segment, or the netw ork
configuration.
Determine If Anything Has Changed
To determine w hat has changed, ask question such as:
Could you do this task before? If this is a new task, perhaps the user needs different sysetm permissions, or
additional hardw are of softw are.
If you could do it before, w hen did you first notice you couldn’t do it anymore? Try do find out w hat happened
just before the problem came up, or at least try to pinpoint the time, since the source of the problem might
be related to other changes elsew here on the netw ork.
W hat has changed since the last time you w ere able to do this task? Users can give you information about
events that mightaffect their local systems. You can help them w ith leading questions such as, ”Did someone
add something to your computer?” or “Did you do something differently this time?”.
Establish The Most Probable Cause
T o establish the most probable cause, use a systematic approach. Eliminate possible causes, starting w ith the
obvious and simplest one and w orking back through other causes. Do not overlook straightforw ard and smple
corrections that can fix a range of problems and do not cost much time or effort to try. You might find you can
resolve the issue on the spot.
Determine If Escalation Is Necessary
W hile troubleshooting a netw ork problem, you might find the cause of the problem is not an issue that can be
resolved over the phone or at the user’s desktop. It may be necessary to contact a fellow employee w ho has
specialized know ledge, or a more senior administrator w ith the appropriate permissions and authoration. In these
cases, the problem should be escalated to the appropriate personel to be resolved as quickly as possible. Create
an Action Plan and Solution, Identifying Potential Effect Once you have determined the probable cause, you should
create an action plan before changes are made, detailing each step taken w hile attempting to resolve the issue.
One should also be certain that the original state (before troubleshooting) can be returned to in case things do not
go as planned. Also consider the how the plan w ill affect the user or other aspects of the netw ork. Thinking ahead
can help ensure productivity doesn’t suffer and that dow ntime is minimized.

Implement and Test the Solution

Implement the action plan step by step to fix the problem. If multiple changes are made at once, you w ill be unable
to verify exactly w hat effect each adjustment had. Be sure to document each step because you can lose sight of
w hat you have tried in complex troubleshooting scenarios. Test the solution. Make sure the solution implemented
actually solves the problem and didn’t cause any new ones. Use several options and situations to conduct the
tests. Sometimes testing over time is needed to ensure the solution is the correct one.
Identify the Results and Effects of the Solution
Verify that the user agrees that the problem is solved before you proceed w ith final documentation and closing the
request. Even if the problem is solved, and the solution w as w ell thought- out and documented, there might
cascading effects elsew here on the local system or on the netw ork. Test for this before closing out the issue. If a
major change w as made, it is advisable to continue monitoring and testing for several days or even w eeks after
the problem appears to be resolved.
Document the Process and Solution
Document the problem and process used to arrived at the solution. Maintain the records as part of an overall
documentation plan. This w ill provide and ever-grow ing database of information specific to your netw ork and also it
w ill be valuable reference material for future troubleshooting instances….especially if the problem is specific to the
organization. Creating a troubleshooting template w ith required information included in all trouble reports w ill
ensure all trouble reports are accurate and consistent no matter w ho completes them.

Domain 4.7: Troubleshoot Common Connectivity Issues and Select an Appropriate Solution
Crosstalk
Symptoms: Slow netw ork performance and/or an excess of dropped or unintelligible packets. In telephony
applications, users hear pieces of voice or conversations from a separate line.
Causes: Generally crosstalk occurs w hen tw o cables run in parallel and the signal of one cable interferes w ith the
other. Crosstalk can also be caused by crossed or crushed w ire pairs in tw isted pair cabling.
Resolution: the use of tw isted pair cabling or digital signal can reduce the effects of crosstalk. Maintaining proper
distance betw een cables can also help.
Near-End Crosstalk
Symptoms: Signal loss or interference
Causes: Near-end crosstalk is crosstalk that occurs closer along the cable to the transmitting end. Often occurs in
or near the terminating connector.
Resolution: Test w ith cable tester from both ends of the cable and correct any crossed or crushed w ires. Verify that
the cable is terminated properly and that the tw ists in the pairs of w ires are maintained.

Attenuation
Symptoms: Slow response from the netw ork.
Causes: Attenuation is the degradation of signal strength.
Resolution: Use shorter cable runs, add more access points, and/or add repeaters and signal boosters to the cable
path. Or, evaluate the environment for interference. The interference you w ould look for w ould depend on the
spectrum used.
Collisions
Symptoms: High latency, reduced netw ork performance, and intermittent connectivity issues.
Causes: Collisions are a natural part of Ethernet netw orking as nodes attempt to access shred resources.

converted by W eb2PDFConvert.com
Resolution: Depends on the netw ork. For example, replacing a hub w ith a sw itch w ill often solve the problem.
Shorts
Symptoms: Electrical shorts—complete loss of signal.
Causes: Tw o nodes of an electrical circuit that are meant to be at different voltages create a low - resistance
connection causing a short circuit.
Resolution: Use a TDR to detect and locate shorts. Replace cables and connectors w ith know n w orking ones.
Open Impedance Mismatch
Symptoms: Also know n as echo, the tell-tale sign of open mismatch is an echo on either the talker or listener end
of the connection.
Causes: The mismatching of electrical resistance.
Resolution: Use a TDR to detect impedance. Collect and review data,interpret the symptoms, and determine the
root cause in order to correct the cause.
Interference
Symptoms: Crackling, humming, and static are all signs of interference. Additionally, low throughput, netw ork
degradation, and poor voice quality are also symptoms of interference.
Causes: RFI can be caused by a number of devices including cordless phones, Blue-Tooth devices, cameras, paging
systems, unauthorized access points, and clients in ad-hoc mode.
Resolution: Remove or avoid environmental interferences as much as possible. This may entail simply turning off
competing devices. Ensure there is adequate LAN coverage. To resolve problems proactively, test areas prior to
deployment using tools such as spectrum analyzers.
Port Speed
Symptoms: No or low speed connectivity betw een devices.
Causes: Ports are configured to operate at different speeds and are therefore incompatible w ith each other.
Resolution: Verify that equipment is compatible and operating at the highest compatible speeds. For example, if a
sw itch is running at 100 Mbs, but a computer’s NIC card runs at10 Mbs, the computer w ill run at the slow er speed
(10 Mbs). Replace the card w ith one that runs at 100 Mbs and throughput w ill be increased to the higher level (or
at least higher levels since there are variables such as netw ork congestion, etc.)
Port Duplex Mismatch
Symptoms: Late collisions, alignment errors, and FCS errors are present during testing.
Causes: Mismatches are generally caused by configuration errors. These occur w hen the sw itch port and a device
are configured to use a different duplex setting or w hen both ends are set to auto-negotiate the setting.
Resolution: Verify that the sw itch port and the device are configured to use the same duplex setting. This may
entail having to upgrade one of the devices.
Incorrect VLAN
Symptoms: No connectivity betw een devices.
Causes: Devices are configured to use different VLAN’s
Resolution: Reconfigure devices to use the same VLAN.
Incorrect IP Address
Symptoms: No connectivity betw een devices.
Causes: Either the source or destination device has an incorrect IP address.
Resolution: Use the ping command to determine if there is connectivity betw een devices. Resolution w ill depend on
the problem. If a netw ork is running a rouge DHCP server, for example, tw o computers could have leased the same
IP address. Check TCP/IP configuration information using ipconfig /all on W indow machines and ifconfig on
Linux/UNIX/Apple machines. In that case troubleshoot DHCP (it may be off line, etc.). It could be the case that a
static IP address w as entered incorrectly. Check IP addresses; empty the arp cache on both computers.
Wrong Gateway
Symptoms: No connectivity betw een devices.

Causes: The IP address of the gatew ay is incorrect for the specified route.
Resolution: Change the IP address of the gatew ay to the correct address.
Wrong DNS
Symptoms: No connectivity betw een devices.
Causes: A device is configured to use the w rong DNS server.
Resolution: Open the netw ork properties on a W indow s machine. Open TCP/IP properties and check the IP address
of the DNS server listed for the client. Put in the correct IP address. Test for connectivity.
Wrong Subnet Mask
Symptoms: No connectivity betw een devices.
Causes: Either the source or destination device has an incorrect subnet mask.
Resolution: Use the ping command to determine if there is connectivity betw een devices. Check the IP address on
both devices. Change the incorrect subnet mask to a correct subnet mask. Test for connectivity.
Issues that should be ID’d but Escalated
Sw itching Loop: Need spanning tree protocol to ensure loop free topologies.
Routing Loop: Packets are routed in a circle continuously.
Route Problems: Packets don’t reach their intended destination. This could be caused by a number of things:
configuration problems, convergence (in w hich you have to w ait for the discovery process to complete), or a broken
segment (a router is dow n, etc.).
Proxy arp: If mis-configured, DoS attacks can occur.
Broadcast Storms: The netw ork becomes overw helmed by constant broadcast traffic.

Wireless Connectivity Issues

converted by W eb2PDFConvert.com
Interference
Symptoms: Low throughput, netw ork degradation, dropped packets, intermittent connectivity, and poor voice
quality are all symptoms caused by interference.
Causes: RFI can be caused by cordless phones, Bluetooth devices, cameras, paging systems, unauthorized access
points, metal building framing, and clients in ad-hoc mode.
Resolution: Remove or avoid environmental interferences as much as possible.
Incorrect Encryption
Symptoms: For w ireless, if encryption levels betw een tw o devices (access point and client) do not match,
connection is impossible. Similarly, if different encryption keys are used betw een to devices they can’t negotiate the
key information for verification and decryption in order to initiate communication.

Causes: Improper configuration.

Resolution: Ensure that security settings match betw een and among devices.
Congested Channel
Symptoms: Very slow speeds.
Causes: Interference from neighboring w ireless netw ork; congested netw ork channel.
Resolution: Many w ireless routers are set to auto configure the w ireless channel. Try logging into the router and
manually change the channel the w ireless router is operating on.
Incorrect Frequency
Symptoms: No connectivity.
Causes: In w ireless, devices must operate on the same frequency. A device for a 802.11a frequency can’t
communicate w ith one designed for 802.11b.
Resolution: Deploy devices that operate on the same frequency.
ESSID Mismatch
Symptoms: No connectivity betw een devices.

Causes: Devices are configured to use different ESSIDs.

Resolution: Set the devices to use the same SSID. Ensure that the w ireless client and the access point are the
same. Note: SSIDs are case sensitive.
Standard Mismatch
Symptoms: No connectivity betw een devices.
Causes: Devices are configured to use different standards such as 802.11a/b/g/n.
Resolution: Devices have to be chosen to w ork together. 802.11a, for example, is incompatible w ith 802.11b/g
because the first operates at 5 GHz and the second at 2.4 GHz. O a 802.11g router could be set only for “g” mode
and you are trying to connect w ith a 802.11b w ireless card. Change the mode on the router.

Distance
Symptoms: Slow connection and low throughput.
Causes: The distance betw een tw o points may be to blame for this connectivity issue. The longer the distance
betw een the tw o points the prominent the problem may become. Issues that can occur betw een the tw o points
include latency, packet loss, retransmission, or transient traffic.
Resolution: I f the issue is w ith cabling, do not exceed distance limitations. If the issue is w ith w ireless, you may
need to increase coverage. Use a spectrum analyzer to determine coverage and signal strength.
Bounce
Symptoms: No or low connectivity betw een devices.
Causes: Signal from device bounces off obstructions and is not received buy the receiving device.
Resolution: If possible, move one device or the other to avoid obstructions. Monitor performance and check for
interference.
Incorrect Antenna Placement
Symptoms: No or low signal and connectivity.
Causes: The position of the access point’s antenna can negatively affect overall performance.

Resolution: Change the position of the antenna and monitor device performance.

Domain 5.0: Network T ools

Domain 5.1: Command Line Interface Tools
Traceroute - A command-line troubleshooting tool that enables you to view the route to a specified host. This w ill
show how many hops the packets have to travel and how long it takes. In W indow s operating systems, the
command used is "tracert".

converted by W eb2PDFConvert.com
 IPCONFIG - This command is used to view netw ork settings from a W indow s computer command line. Below are
the ipconfig sw itches that can be used at a command prompt.
ipconfig /all w ill display all of your IP settings.
ipconfig /renew forces the DHCP server, if available to renew a lease.
ipconfig /release forces the release of a lease.
IFCONFIG - IFCONFIG is a Linux/Unix command line tool that is similar to IPCONFIG in W indow s. Common uses
for ifconfig include setting an interface's IP address and netmask, and disabling or enabling a given interface. At
boot time, many UNIX-like operating systems initialize their netw ork interfaces w ith shell-scripts that call ifconfig. As
an interactive tool, system administrators routinely use the utility to display and analyze netw ork interface
parameters.

PING - PING (Packet InterNet Groper) is a command-line utility used to verify connections betw een netw orked
devices. PING uses ICMP echo requests that behave similarly to SONAR pings. The standard format for the
command is ping ip_address/hostname. If successful, the ping command w ill return replies from the remote host
w ith the time it took to receive the reply. If unsuccessful, you w ill likely recieve and error message. This is one of
the most important tools for determining netw ork connectivity betw een hosts.
ARP (Address Resolution Protocol) - A host PC must have the MAC and IP addresses of a remote host in order
to send data to that remote host, and it's ARP that allow s the local host to request the remost host to send the
local host its MAC address through an ARP Request. Guide To ARP, IARP, RARP, and Proxy ARP

ARP PING (ARPING) - ARPING is a computer softw are tool that is used to discover hosts on a computer
netw ork. The program tests w hether a given IP address is in use on the local netw ork, and can get additional
information about the device using that address. The arping tool is similar in function to ping, w hich probes hosts
using the Internet Control Message Protocol at the Internet Layer (OSI Layer 3). Arping operates at the Link Layer
(OSI Layer 2) using the Address Resolution Protocol (ARP) for probing hosts on the local netw ork (link) only, as ARP
cannot be routed across gatew ays (routers). How ever, in netw orks employing repeaters that use proxy ARP, the
arping response may be coming from such proxy hosts and not from the probed target.

NSLOOKUP - This is a command that queries a DNS server for machine name and address information. Originally
w ritten for Unix operating systems, this command is now available on W indow s and other operating systems. To
use nslookup, type "nslookup" follow ed by an IP address, a computer name, or a domain name. NSLOOKUP w ill
return the name, all know n IP addresses and all know n aliases (w hich are just alternate names) for the identified
machine. NSLOOKUP is a useful tool for troubleshooting DNS problems.

Hostname - The hostname command is used to show or set a computer's host name and domain name. It is one
of the most basic of the netw ork administrative utilities. A host name is a name that is assigned to a host (i.e., a
computer connected to the netw ork) that uniquely identifies it on a netw ork and thus allow s it to be addressed
w ithout using its full IP address. Domain names are user-friendly substitutes for numeric IP addresses.

Dig (domain information groper) - Dig is a Linux/Unix tool for interrogating DNS name servers. It performs DNS
lookups and displays the answ ers that are returned from the name server(s) that w ere queried.

Mtr - Mtr is a Linux command line tool that combines the functionality of the traceroute and ping programs in a
single netw ork diagnostic tool.

Route - The route command is used to display and manipulate a local routing table. Examples of its use include
adding and deleting a static route. This tool is available in Unix, Linux and W indow s.

NBTSTAT - Is a W indow s utility used to troubleshoot connectivity problems betw een 2 computers communicating
via NetBT, by displaying protocol statistics and current connections. NBTSTAT examines the contents of the NetBIOS
name cache and gives MAC address.

NETSTAT - Is a W indow s, Linux, and Unix command-line tool that displays netw ork connections (both incoming
and outgoing), routing tables, and a number of netw ork interface statistics. It is used for finding problems in the
netw ork and to determine the amount of traffic on the netw ork as a performance measurement.

Domain 5.2: Network Scanners

Packet Sniffers - A packet sniffer is a device or softw are used to capture packets traveling over a netw ork

converted by W eb2PDFConvert.com
 Packet Sniffers - A packet sniffer is a device or softw are used to capture packets traveling over a netw ork
connection. The packets are logged and can be decoded in order to provide information and statistics about the
traffic on the netw ork or netw ork segment. These tools are used for troubleshooting difficult netw ork problems,
monitoring netw ork traffic, and detecting intrusion attempts. Also know n as Packet Analyzers.

Intrusion Detection Software - This w as covered earlier in domain 3.1.

Intrusion Prevention Software - This w as covered earlier in domain 3.1.

Port Scanners - A port scanner is a program designed to probe netw ork hosts for open ports. This is often used
by administrators to verify security policies of their netw orks and by attackers to identify running services on a host
that can be exploited to gain access.

Domain 5.3: Hardware Tools

Cable Testers - Cable testers are electronic devices used to test a cable's integrity by checking for opens and
shorts w hich can cause connectivity problems.

Protocol Analyzers - This tool is used to monitor netw ork traffic and display packet and protocol statistics and
information. As far as w e're concerned, it is pretty much the same thing as a packet sniffer. Most tools sold today
combine the functions of the listening device (packet sniffer) and the analytical device (packet analyzer).

Certifiers - Certifiers are a tool that tests cables in order to ensure that they w ill perform the job intended. This
includes checking the speed loads that it can handle.

TDR (Time Domain Reflectometer) - Sends a signal dow n a cable and measures the distance that the signal
travelled before bouncing back (like sonar). Used to find opens and shorts in cables.

OTDR (Optical Time Domain Reflectometer) - Similar to the TDR above, how ever, this is used to test fiber optic
cables w ith light.

Multimeter - A multimeter, also know n as a volt/ohm meter, is an electronic measuring instrument used to
measure voltage, current and resistance.

Toner Probe - Most w ill detect opens and shorts like a cable tester, but this tool is mainly used to locate the
termination points of cables.

Butt Set - A portable telephone that connects to a line using alligator clips and is used to test telephone circuits.

Punch Down Tool - A punch dow n tool is used to connect cabling such as telephone and ethernet to w all jacks.

Cable Stripper - Fairly self explanatory. A tool used to strip the jackets off of cables in order to expose the w ire
that can be connected to connectors or w all jacks.

Snips - Special scissors used for cutting cable.

Voltage Event Recorder - Captures and logs electrical current information for devices w hich can then be
accessed on a PC. Mostly used for mission critical devices such as those found in a hospital.

Temperature Monitor - W e aren't entirely sure w hat CompTIA is referring to w ith this. There are all kinds of
temperature monitors from CPU temperature monitoring softw are to devices that monitor the temperature of a
server room.

Domain 6.0: Network Security

Domain 6.1: Hardware and Software Security Devices
The topics covered in this section are already covered elsew here in this guide.

Domain 6.2: Firewalls

Application Layer vs. Network Layer – An application layer firew all w orks at the application layer of a protocol
stack. (This is true for both the OSI model and the Internet Protocol Suite (TCP/IP)) Sometimes referred to as a
proxy-based firew all or proxy server, it can be softw are running on a computer or server or as a stand-alone piece
of hardw are. The main function of the application layer firew all is to analyze traffic before passing it to a gatew ay
point. A netw ork layer firew all is sometimes referred to as a packet filter and these w ill operate at the netw ork
layer. The devices w ill not allow packets to pass the firew all unless they match the rule set as configured by the
firew all administrator. Netw ork layer firew alls can be either stateful or stateless.

Stateful vs. Stateless – Stateful firew alls maintain pertinent information about any active sessions they have w ill
speed packet processing using this information. This might include source and destination IP address, UDP or TCP
ports, and other details about the connection such as the session initiation, type of data transfer and so forth.
W ith Stateful processing if a packet does not match a currently established connection, it w ill be evaluated
according to the rule set for new connections. If it does match it w ill be allow ed to pass w ithout needing to be
compared to the rule sets in use. Stateless firew alls treat all of the packets on the netw ork in isolation and
independently from all of the other traffic on the w ire. They have no w ay to know if any given packet is part of an
existing connection, is trying to establish a new connection, or is just a rogue packet.

Scanning Services – the process that is used by all firew alls to review the packets that are passing through
them. Sometimes they w ill just review the header information or they may be configured to look at the data as
w ell. More advanced firew alls might also combine virus detection and / or other forms of malw are detection as part
of their scanning process to halt the transmission of suspect packets through the device.

converted by W eb2PDFConvert.com
of their scanning process to halt the transmission of suspect packets through the device.

Content Filtering – generally used at the application level to restrict or prevent access to w ebsites that are not
approved for w ork use, to block sites w ith objectionable material, or on a corporate black list for one reason or
another. Content could be filtered in many different w ays from suspect keyw ords, images on the site,
dow nloadable files present, or site content labeling as defined by the w ebsite host itself (e.g. an adult site that
defines itself as such – the content filter w ould review the site content level and apply the filter).

Signature Identification – a method of indentifying certain types of traffic based on a know n behavior of that
traffic. A firew all w ould know based on the signature definition comparison w hether the traffic should be allow ed to
pass as permitted (e.g. http traffic or DNS traffic) or w hether to deny traffic (e.g. repeated attempts to connect to
multiple systems from multiple sessions, appearing as a possible Distributed Denial of Service (DDoS) attack.

Zones – demarcation points from one netw ork type to another. Netw orks internal to a company are considered
internal zones or intranets. A netw ork external to the internal netw ork is generally considered “the internet” or
external zones. If there is a netw ork that the company manages that is not a part of the internal intranet but is in
place betw een the intranet and the internet this is called the demilitarized zone or the DMZ. The main purpose of
this zone is to act as an additional layer of security buffer betw een the intranet and the internet.

Domain 6.3: Network Access Security

ACL (Access Control List) - An ACL is a table in an operating system or netw ork device (such as a router) that
denies or allow s access to resources.
MAC Filtering - This method controls access based on the unique MAC address assigned to all netw ork
devices.
IP Filtering - This method controls access based on the IP addresses (or a range of addresses) of netw ork
devices.
SSL VPN (Secure Sockets Layer virtual private network) - This is a VPN that runs on SSL and is accessible via
https over a w eb brow ser. It allow s users to establish secure remote access sessions from virtually any Internet
connected brow ser. Unlike a traditional VPN, this method does not require the use of IPSec. The benefit of this
solution is that it allow s clients to access a corporate netw ork from nearly anyw here w hich is not practical w ith a
typical VPN.

VPN (Virtual Private Network) - A VPN is a netw ork that uses a

public telecommunication infrastructure, such as the Internet, to
provide remote offices or individual users w ith secure access to their
organization's netw ork. A VPN w orks by using the shared public
infrastructure w hile maintaining privacy through security procedures
and tunneling protocols such as the Layer Tw o Tunneling Protocol
(L2TP) or IPSec. In effect, the protocols, by encrypting data at the
sending end and decrypting it at the receiving end, send the data
through a "tunnel" that cannot be "entered" by data that is not
properly encrypted.

L2TP (Layer 2 Tunneling Protocol) - L2TP is an extension of the Point-to-Point Tunneling Protocol (PPTP) used
on VPNs. L2TP merges the best features of tw o other tunneling protocols: PPTP from Microsoft and L2F from Cisco
Systems. As a tunnelling protocol, L2TP does not include encryption, but is often used w ith IPsec provide VPN
connections from remote users to a remote netw ork.

IPSec (Internet Protocol Security) - IPsec is a protocol suite that ensures confidentiality, integrity, and
authenticity of data communications across a public netw ork by authenticating and encrypting each IP packet of a
data stream. IPSEC is made of tw o different protocols: AH and ESP. AH (Authentication header) is responsible for
authenticity and integrity, w hile ESP (Encapsulating Security payload) encrypts the payload. IPSec is often used in
conjunction w ith L2TP on VPNs.

RAS (Remote Access Service) - RAS refers to any combination of hardw are and softw are to enable remote
access to a netw ork. A RAS server is a specialized computer w hich aggregates multiple communication channels
together. An example of this w ould be a server that dial-up users dial into. The term w as originally coined by
Microsoft during the W indow s NT era and is now called Routing and Remote Access Service (RRAS).

RDP (Remote Desktop Protocol) - Originally released w ith W indow s NT 4.0 Terminal Services, RDP 4.0 allow ed
users to connect to a computer and remotely control (AKA Shadow ) it. W ith the release of W indow s Vista and
upcoming W indow s Longhorn, version 6.0 w ill allow one to connect to specific applications rather than the entire
desktop of the remote computer. Remote Desktop allow s systems administrators to remotely connect to a user's
computer for technical support purposes, or connect to a server for maintenance and administration purposes. By
default, RDP uses TCP port 3389.

PPPoE (Point to Point Protocol over Ethernet) - In the past, most internet users w ere connected to the
internet via a serial modem using PPP, how ever, current technologies have replaced dial-up internet connections
w ith DSL and cable, for example. In short, PPPoE is a netw ork protocol for encapsulating PPP frames in Ethernet
frames.

PPP (Point to Point Protocol) - Provides a standard means of encapsulating data packets sent over a single-
channel W AN link. Specifically, PPP provides a method for connecting a personal computer to the Internet using a
standard phone line and a modem using a serial connection (Dial-up). PPP replaced SLIP as the standard for dial-up
connections as it supports more protocols than just TCP/IP.

VNC (Virtual Network Computing) - VNC makes it possible to interact w ith a computer from any computer or
mobile device on the Internet. Unlike Microsoft's RDP, VNC offers cross-platform support allow ing remote control
betw een different types of computers. Popular uses for this technology include remote technical support and
accessing files on one's w ork computer from one's home computer, or vice versa.

ICA (Independent Computing Architecture) - ICA is a proprietary protocol for an application server system,
designed by Citrix Systems. Products conforming to ICA are Citrix's W inFrame, Citrix XenApp (formerly called
MetaFrame/Presentation Server), and Citrix XenDesktop products. These permit ordinary W indow s applications to
be run on a W indow s server, and for any supported client to gain access to those applications. Besides W indow s,
ICA is also supported on a number of Unix server platforms and can be used to deliver access to applications

converted by W eb2PDFConvert.com
ICA is also supported on a number of Unix server platforms and can be used to deliver access to applications
running on these platforms. There is a w ide range of clients supported including W indow s, Mac, Unix, Linux, and
various Smartphones.

Domain 6.4: Methods of User Authentication

PKI (Public Key Infrastructure) - A public key infrastructure (PKI) is the combination of softw are, encryption
technologies, processes, and services that enable an organization to secure its communications and business
transactions. PKI uses a public and a private cryptographic key pair that is obtained and shared through a trusted
authority. The public key infrastructure provides for a digital certificate that can identify an individual or an
organization and directory services that can store and, w hen necessary, revoke the certificates.

Kerberos - Invented by MIT, this protocol has been evolving in the Unix w orld for over a decade and has become
a standard in W indow s operating systems. Kerberos is a netw ork authentication protocol w hich utilizes symmetric
cryptography to provide authentication for client-server applications. The core of a Kerberos architecture is the KDC
(Key Distribution Server) that serves as the trusted third party and is responsible for storing authentication
information and using it to securely authenticate users and services. In order for this security method to w ork, it is
paramount that the KDC is available and secure. The clocks of all hosts involved must be synchronized as w ell.

AAA - AAA commonly stands for “authentication, authorization and accounting”.

RADIUS (Remote Authentication Dial In User Service) - RADIUS is a netw orking protocol that provides
centralized Authentication, Authorization, and Accounting (AAA) management and provides a method that
allow s multiple dial-in Netw ork Access Server (NAS) devices to share a common authentication database.
RADIUS is often used by ISPs and enterprises to manage access to the Internet or internal netw orks, and
w ireless netw orks. Microsoft's answ er to corporate w ireless security is the use of RADIUS authentication
through its Internet Authentication Services (IAS) product.
TACACS+ (Terminal Access Controller Access-Control System) - TACACS+ is a proprietary Cisco security
application that provides centralized validation of users attempting to gain access to a router or netw ork
access server. The TACACS+ protocol provides authentication betw een the netw ork access server and the
TACACS+ daemon, and it ensures confidentiality because all protocol exchanges betw een a netw ork access
server and a TACACS+ daemon are encrypted. W hereas RADIUS combines authentication and authorization
in a user profile, TACACS+ separates the tw o operations. Another difference is that TACACS+ uses the
Transmission Control Protocol (TCP) w hile RADIUS uses the User Datagram Protocol (UDP).
802.1X - 802.1X is an IEEE Standard for port-based Netw ork Access Control (PNAC). This standard is designed to
enhance the security of w ireless local area netw orks (W LANs) by providing an authentication framew ork that
allow s a user to be authenticated by a central authority. It is used for securing w ireless 802.11 access points and
is based on the Extensible Authentication Protocol (EAP).

CHAP (Challenge Handshake Authentication Protocol) - A type of authentication protocol used on PPP
connections. CHAP uses a 3-w ay handshake in w hich the authentication agent sends the client program a key to
be used to encrypt the user name and passw ord. CHAP not only requires the client to authenticate itself in the
beginning, but sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder.

MS-CHAP (MicroSoft Challenge Handshake Authentication Protocol) - This is Microsoft's version of CHAP and is
a one-w ay encrypted passw ord, mutual authentication process used in W indow s operating systems. Like the
standard version of CHAP, MS-CHAP is used for PPP authentication, but is considered by some to be more secure.
MS-CHAPv2 w as released to solve many of the problems and deficiencies of the first version.

EAP (Extensible Authentication Protocol) - EAP is an extension to the Point-to-Point Protocol (PPP) w as
developed in response to an increasing demand to provide an industry-standard architecture for support of
additional authentication methods w ithin PPP. EAP is an authentication framew ork, not a specific authentication
mechanism that is typically used on w ireless netw orks. It provides some common functions and negotiation of
authentication methods, called EAP methods. There are roughly 40 different methods defined. Commonly used
methods capable of operating in w ireless netw orks include EAP-TLS, EAP-SIM, EAP-AKA, PEAP, LEAP and EAP-TTLS.
W hen EAP is invoked by an 802.1X enabled Netw ork Access Server (NAS) device such as an 802.11 W ireless Access
Point, modern EAP methods can provide a secure authentication mechanism and negotiate a secure Pair-w ise
Master Key (PMK) betw een the client and NAS. The PMK can then be used for the w ireless encryption session w hich
uses TKIP or CCMP (based on AES) encryption. Strong EAP types such as those based on certificates offer better
security against brute-force or dictionary attacks and passw ord guessing than passw ord-based authentication
protocols, such as CHAP or MS-CHAP.

Domain 6.5: Issues That Affect Device Security

Physical Security – physical security is just as it sounds, locks on the doors, cameras everyw here, and so forth.
Depending on the depth of security needed there may be additional layers of security such as an access badge
that operates a door that is additionally checked by a guard. You might have a dual door entrance such as a “man
trap” w here the first door you badge opens and you w alk through it and it must completely close before the next
door a few feet in front of you becomes operational to bade through.

Restricting Local and Remote Access – A lot of local access restriction w ill come from physical security measures
but you can also set systems to not allow local login at the console except for certain specific account names in the
domain or certain specific account names in the local accounts database. W ith respect to remote access you can
also mange the same principle of least privilege by only allow ing remote access to just the individuals that
absolutely need it as part of their role responsibly and by denying everyone else. Those that are allow ed the
access should then still need to provide at least a username and passw ord in order to authenticate to the remote
system.

Secure Shell (SSH) – Application Layer protocol in the Internet Protocol Suite that allow s data to be exchanged
using a secure channel betw een tw o netw orked devices and w as designed as a replacement for Telnet and other
insecure remote shells, w hich send information including account name information and passw ords in clear text.

Hypertext Transfer Protocol Secure (HTTPS) – Application Layer protocol in the Internet Protocol Suite that
functions on port 443 by default and uses the standard Hypertext Transfer Protocol w ith the SSL/TLS protocol to
provide encryption and secure identification of the server w hich allow s the server / client communications to be
secured. An everyday example of this w ould be anytime you purchase something online and the shopping w ebsite
takes you from the regular store front pages defined as http:// and redirects you to their secured servers at
https://

Simple Network Management Protocol version 3 (SNMPv3) – Application Layer protocol in the Internet

converted by W eb2PDFConvert.com
 Simple Network Management Protocol version 3 (SNMPv3) – Application Layer protocol in the Internet
Protocol Suite that is used mostly in netw ork management systems to monitor netw ork attached devices. Version 3
provides important security features that the prior versions did not including message integrity that ensures
packets w ere not altered, authentication that verifies that the inbound data is from an expected source system as
w ell as encryption for the traffic stream itself.

Secure File Transfer Protocol (SFTP) – sometimes called SSH file transfer protocol is a netw ork protocol that
provides secured, encrypted file transfer capability over TCP port 22 by default.

Secure Copy Protocol (SCP) – Application Layer protocol in the Internet Protocol Suite that leverages the
Secure Shell (SSH) protocol using TCP port 22 by default to copy files from system to system on the same netw ork
or across different netw orks.

Telnet - Application Layer protocol in the Internet Protocol Suite that w as traditionally used to connect dumb
terminals to mainframe systems. Today it is sometimes used to connect to headless netw ork equipment such as
sw itches and routers by using a command w indow . It is a client server protocol that runs on port 23 by default, and
does not encrypt any data sent over the connection.

Hypertext Transfer Protocol (HTTP) – Application Layer protocol in the Internet Protocol Suite that is the
standard protocol in use on the W orld W ide W eb. Operating on port 80 by default, internet clients contact a w eb
server and request pages back from that server to their w eb brow sers w hich render the returned content from the
connection call.

File Transfer Protocol (FTP) – Application Layer protocol in the Internet Protocol Suite that uses port 20 for
data connections and listens on port 21. Often FTP is set up for anonymous access for the putting and getting of
files. Even w hen user name identification is required and passw ord authentication is request to systems using FTP
it is done via clear text.

Remote Shell (RSH) – a command line program w hich can execute shell commands as another user and on
another computer across a computer netw ork. All of the commands that are sent are done in clear text and any
authentication is also sent over the w ire unencrypted. Secure Shell (SSH) is the secure replacement for this utility.

Remote Copy Protocol (RCP) – a Unix based command line utility that is used to copy data from one system to
another. The utility sends unencrypted information over the netw ork including any applicable account and
passw ord information. It has been replaced by Secure File Transfer Protocol (SFTP) w hich is sometimes called SSH
file transfer protocol.

Simple Network Management Protocol versions 1 or 2 (SNMP) – Application Layer protocol in the Internet
Protocol Suite that is used for system management and configuration. Version 1 w as originally introduced in the
late 80s and does not have really any applicable security features available. Authentication is performed using the
“community string", w hich is effectively nothing more than a passw ord and that w as transmitted in clear text.
Version 2 did offer some improvements in performance, security, and confidentiality but it did this through a “party-
based” security system that w as considered overly complex and it w as not w idely accepted as a result.

Domain 6.6: Common Security Threats

DoS (Denial of Service) - A DoS attack is a common type of attack in w hich false requests to a server overload it
to the point that it is unable to handle valid requests, cause it to reset, or shut it dow n completely. There are many
different types of DoS attacks including Syn Flooding and Ping Flooding.

Viruses - A Computer Virus is a program that can copy itself and infect a computer w ithout the permission or
know ledge of the user. A Computer Virus has 2 major characteristics: the ability to replicate itself, and the ability to
attach itself to another computer file. Every file or program that becomes infected can also act as a Virus itself,
allow ing it to spread to other files and computers. The term "computer virus" is often used incorrectly as a catch-all
phrase to include all types of Malw are such as Computer W orms, Trojan Horses, Spyw are, Adw are, and Rootkits.
There are many different anti-virus programs available to prevent and remove viruses. Since new threats are
created almost constantly, it is important to keep the virus definition files updated for your softw are.

Worm - W orms are stand alone programs that do not need other programs in order to replicate themselves like
a virus w hich relies on users to inadvertently spread it. Viruses and W orms can be prevented by installing anti-virus
softw are w hich can be run on servers, clients, firew alls and other devices.

Attackers - W e aren't entirely sure w hat CompTIA is referring to w ith this term so w e w ill offer a general
definition. The term attackers refers to any person or group of people that cause harm on individual computers,
netw orks, and the internet. This could include hackers, virus and malw are creators, and anyone else w ho attempts
to interfere w ith normal computer and netw ork operations.

Man in the Middle - These attacks can include the interception of email, files, passw ords and other types of data
that can be transferred across a netw ork. This is a form of Data Theft attack.

Smurf - This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping
messages in an attempt to cause massive netw ork traffic. To accomplish this, the attacker sends ICMP echo
packets to broadcast addresses of vulnerable netw orks w ith a forged source address pointing to the target (victim)
of the attack. All the systems on these netw orks reply to the victim w ith ICMP echo replies w hich w ill overload it.
These types of attacks are very easy to prevent, and as a result, are no longer very common.

Rogue Access Point - This term most often refers to unauthorized access points that are deployed w ith malicious
intent. But in general, it w ould refer to any unauthorized device regardless of its intent. Types of Rogue APs could
include one installed by an employee w ithout proper consent, a misconfigured AP that presents a security risk, AP
from neighboring W LANs, or one used by an attacker. To prevent the installation of rogue access points,
organizations can install w ireless intrusion prevention systems to monitor the radio spectrum for unauthorized
access points.

Social Engineering (Phishing) - Social engineering describes various types of deception used for the purpose of
information gathering, fraud, or computer system access. Phishing, a form of social engineering, is the fraudulent

converted by W eb2PDFConvert.com
information gathering, fraud, or computer system access. Phishing, a form of social engineering, is the fraudulent
process of attempting to acquire sensitive information such as usernames, passw ords and credit card details by
masquerading as a trustw orthy entity in an electronic communication such as email, chat, or instant messaging.

Mitigation Techniques - For the purposes of this guide, w e can't cover all of the various options to prevent
security breaches, so w e'll keep it brief w ith the follow ing:
Policies and Procedures – an outline in a group, organization or across an enterprise w hich outlines different
sets of standards and actions. These w ill often define acceptable use of netw ork systems and repercussions
for violations. Generally they are drafted by system and netw ork administrators as an outline of service and
use and legal w ill generally tighten up the actual meaning. Management w ill ultimately need to follow up w ith
approval authorization and w ho w ill actually enforce them.
User Training – skills that need to be communicated to the end user community that are using the netw ork
resources and connected systems. This training usually consists of rudimentary explanations of expected and
acceptable use and w hat the procedures are for violations. Additionally, it w ill include some basic level of
explanation of security threats and how user interaction can help defend the netw ork as w ell as make it
more at risk w hen the w rong actions are taken.
Patches and Updates – operating system updates and application fixes that are released to enhance
security features or to fix know n issues w ith softw are. Generally, most of the patches and some of the
updates are released in order to correct recently discovered security deficiencies in the code. These updates
are alw ays delivered by the application ow ner unless a specific agreement is made betw een the application
ow ner and another vendor. Users and administrators w ould generally dow nload these updates manually to
install onto systems or set up some type of automated system for delivery to managed systems and devices.

ADVERTISE | PARTNERSHIPS | PRIVACY POLICY | DISCLAIMER | ©1998-2014 | CONTACT

IT Showcase

converted by W eb2PDFConvert.com