1212 Final Part 2

Questions and Answers

What is the primary purpose of the ping command?

• To discover the MAC address of a device
• To verify network connectivity between hosts (correct)
• To send data packets to multiple devices
• To configure IP addresses on a network

If a workstation cannot ping any hosts on a remote network, what should be the next step?

• Check the MAC address of the workstation
• Change the IP address of the workstation
• Ping another host on the same subnet
• Use the tracert command to verify the path (correct)

What do you verify when you ping the local address 127.0.0.1?

• Correct installation and configuration of TCP/IP (correct)
• DHCP server configuration
• Access control list permissions
• Physical connectivity to the network

Which part of an IPv6 address identifies the specific interface of a device?

Interface ID (C)

Which of the following is an example of a unicast address?

An address assigned to a single interface for one-to-one communication (D)

What does the DHCP scope define in a network?

The configuration information applied to devices receiving IP addresses. (D)

What is the purpose of exclusion addresses in DHCP?

To maintain static IP configurations for critical devices. (D)

What acronym is helpful to remember the four steps in the DHCP process?

DORA (D)

How does a DHCP client respond to multiple offers from different servers?

It accepts the first offer and ignores the others. (D)

What happens to an IP address when a client's lease expires and the device is off the network for a long time?

The IP address is released back into the pool for reassignment. (A)

What does the subnet mask identify in an IP address?

The network and host portions of the IP address (B)

How can you detect a rogue DHCP server on a network?

By observing multiple IP address lease offers (C)

What is the function of the /release switch in ipconfig?

To release the current IP address from the DHCP lease (D)

What is the main purpose of the Dynamic Host Configuration Protocol (DHCP)?

To assign unique IP addresses across devices (D)

What does Automatic Private IP Addressing (APIPA) signify?

The device could not obtain an IP address from a DHCP server (B)

What is the primary function of a captive portal?

To force user agreement to terms or a fee before network access. (D)

Which wireless authentication method uses a passphrase for user validation?

Pre-shared key (PSK) (C)

Which frequency range typically has longer transmission distances but lower data rates?

2.4 GHz (A)

What technology helps increase bandwidth by using multiple antennas for both the transmitter and receiver?

MIMO (A)

What is a potential consequence of increasing the power of a wireless access point?

Increased transmission distance with potential instability (A)

Which protocol is used by L2TP for encryption?

IPsec (C)

What is a primary feature of a site-to-site VPN?

Encryption of data from hosts within a site (D)

What type of device is typically used as a VPN concentrator?

Dedicated server (B)

What distinguishes the Authentication Header (AH) from the Encapsulating Security Payload (ESP) in IPsec?

AH is used for authentication, while ESP provides data encryption (B)

Which port does PPTP typically use for its connections?

TCP port 1723 (B)

What does WPA2-PSK use to encrypt data in a wireless network?

Advanced Encryption Standard-Counter Mode with Cipher Block Chaining Message Authentication Code (A)

Which of the following describes the role of a supplicant in an 802.1x setup?

It is the device communicating with the authenticator. (B)

What is the primary function of RADIUS in a wireless network?

To provide centralized user authentication and authorization (C)

What makes WPA3 more secure than WPA2?

It employs the Simultaneous Authentication of Equals standard. (C)

What is a potential limitation of MAC address filtering?

It does not secure the network from SSID broadcast detection. (C)

Flashcards

DHCP Scope

A configuration information applied to each device receiving an IP configuration via DHCP on a network.

IP Range

A range of IP addresses that a DHCP server is allowed to assign to clients on a network.

Reservation

A specific IP address that has been manually reserved for a device by the DHCP server.

DHCP Reservation

A method for assigning an IP address to a device using its MAC address.

DHCP Process

The process of a device requesting and obtaining an IP address from a DHCP server on a network. This process involves four steps.

Bluetooth

The ability to communicate wirelessly between two devices over short distances, typically a few meters.

Captive Portal

An authentication method that requires users to accept terms or pay a fee before connecting to a wireless network.

Radio Frequency Identification (RFID)

A method of wireless communication using radio waves to transmit data between an RFID tag and a special reader.

Wi-Fi Protected Setup (WPS)

A wireless authentication method that enables automatic connection between a device and an access point.

Near Field Communication (NFC)

A short-range communication method allowing devices to interact within a few centimeters.

Ping

A network protocol that enables devices to communicate with each other, often used for troubleshooting network connectivity issues by sending ICMP echo requests to a remote host.

ARP (Address Resolution Protocol)

A network protocol that allows devices to discover the MAC address of another device on the same network.

Tracert (Windows) or Traceroute (Mac)

A command that traces the route a packet takes to reach a destination host, helping identify network bottlenecks or problems along the path.

IPv6 Address

A unique 128-bit identifier that identifies a device on the internet, designed to accommodate the growing number of devices.

IPv6 Tunneling

A method of allowing IPv6 networks to communicate through existing IPv4 infrastructure, enabling seamless transition.

WPA2-Personal

A wireless security standard that uses a pre-shared key (passphrase) for authentication. WPA2-Personal is commonly used in homes and small businesses.

802.1x

A wired network authentication protocol that activates the port a user is connected to. If authentication fails, the port remains off.

RADIUS Server

A specialized server responsible for authenticating users to a network. It centralizes user account and authentication information, allowing wireless clients to roam between cells and authenticate using the same account information.

WPA2

A method of securing a wireless network that uses a passphrase to protect the network. It uses AES-CCMP to encrypt all data.

Perfect Forward Secrecy

A cryptographic method that generates a new key for every transmission, making the handshake much more secure from hackers.

DHCP (Dynamic Host Configuration Protocol)

A protocol that allows a central server to automatically assign IP addresses to devices on a network, simplifying network management.

Rogue DHCP Server

A rogue DHCP server is an unauthorized server on a network that tries to hand out IP addresses, potentially causing conflicts and disrupting network operations. It can be accidentally installed or malicious.

APIPA (Automatic Private IP Addressing)

An IP address range that a device automatically assigns to itself when it can't get an IP address from a DHCP server. This allows basic communication within the local network but prevents access to the internet.

IP Configuration Issue

A network configuration issue where a device is unable to communicate with other devices on the network. This can be caused by incorrect IP addresses, subnet masks, or default gateway settings.

DNS (Domain Name System)

A component of the TCP/IP protocol suite that translates domain names (like google.com) into IP addresses (like 172.217.160.142) that computers can understand.

What is a VPN?

A virtual private network (VPN) is a type of network that uses encryption to securely send IP traffic over the TCP/IP network. VPNs use a tunneling protocol that encrypts packet contents and wraps them in an unencrypted packet.

Describe a site-to-site VPN

A site-to-site VPN connects routers on the edge of each site, establishing a VPN with the router at the other location. Data from hosts within the site are encrypted before being sent to the other site. Individuals hosts are unaware of the VPN.

Explain the characteristics of PPTP

PPTP uses standard authentication protocols like CHAP and PAP, supports only TCP/IP. It is supported by most operating systems and servers and uses TCP port 1723.

Describe the characteristics of L2TP

L2TP supports multiple protocols, not just IP, and uses IPsec for encryption. It isn't supported by older operating systems, and uses TCP port 1701 and UDP port 500.

What is the role of IPsec?

IPsec is used for authentication and encryption in VPNs. It uses Authentication Header (AH) for authentication, Encapsulating Security Payload (ESP) for data encryption, and Internet Key Exchange (IKE) for connection negotiation.

Study Notes

IP Configuration Issues

• Incorrect Subnet Mask: Can cause IP communication problems if devices on the same subnet have different subnet masks. This prevents correct network address identification.
• Missing Default Gateway: Prevents communication with hosts outside the local subnet.
• Rogue DHCP Server: An unauthorized DHCP server on the network can cause IP address conflicts and network instability.
• DHCP Server Issues: Problems like insufficient IP address space, incorrect scope configuration, or server malfunctions can prevent a DHCP server from assigning addresses.
• IP Address Conflicts: Duplicate IP addresses on a subnet prevent communication between devices.
• Incorrect or Invalid IP Addresses: Using reserved addresses, or ones not within the subnet's range can result in issues.
• Leased IP Address: If this is being used the address cannot be reassigned, even if the device disconnects.
• Incorrect Hostname: Will cause issues with name resolution if not using DNS.

Incorrect Subnet Mask and IP Communication Issues

• An incorrect subnet mask on a device prevents it from correctly identifying the network address and host address portion of an IP address.
• This prevents communication with devices on the same subnet.
• Two devices must have the same network ID portion of the IP address to be on the same subnet.

DHCP Server Issues Preventing Proper IP Address Assignment

• Insufficient IP address space: The DHCP server runs out of available IP addresses.
• Incorrect scope configuration: The DHCP server's configuration settings are incorrect.
• DHCP server malfunctions: The DHCP server is not functioning correctly.

ipconfig /release Switch Function

• The /release switch with ipconfig releases the currently assigned IP address from the DHCP server.

Detecting a Rogue DHCP Server

• Monitor network traffic for unusual DHCP activities.
• Analyze DHCP logs for unexpected entries or conflicts.

Identifying APIPA Use

• A device using APIPA will have an address in the 169.254.x.x range.

Ping and Tracert Differences

• ping checks if a host is reachable, and if a network connection exists.
• tracert traces the route a packet takes to a destination.

Failed Ping Test Significance

• A failed ping test indicates that a connection between two hosts is not established or the host is unreachable.

When to Use Tracert

• Use tracert (Windows) or traceroute (Mac) when you need to pinpoint the location of a network problem by identifying points at which packets are not being forwarded correctly.

tcpdump Function

• tcpdump is a command-line tool for capturing and analyzing network traffic.

Difference Between Static and Dynamic IPs

• Static IP addresses are manually configured and do not change.
• Dynamic IP addresses are automatically assigned by protocols such as DHCP.

IPv6 Need

• IPv6 is needed to address the exhaustion of IPv4 addresses.

IPv6 Address Format

• An IPv6 address is a 128-bit address written as eight groups of four hexadecimal digits, separated by colons. Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Simplifying IPv6 Addresses

• Leading zeros in groups of four hexadecimal digits can be omitted.
• Consecutive zeros can be replaced with two colons. Example: 2001:0db8:85a3::8a2e:0370:7334

Two Parts of an IPv6 Address

• Prefix ID: First 64 bits, identifying network/subnet information.
• Interface ID: Last 64 bits, uniquely identifying the device.

IPv6 Communication over IPv4

• Tunneling. IPv6 packets are encapsulated within IPv4 packets to traverse IPv4 networks.

Stateful vs. Stateless Autoconfiguration

• Stateful autoconfiguration relies on a DHCPv6 server for IP address assignment.
• Stateless autoconfiguration uses a mechanism to automatically generate IP addresses.

Wireless Network Standard

• IEEE 802.11 standard defines how wireless networks operate.

Wireless Channels (2.4 GHz, 5 GHz)

• 2.4 GHz has 3 non-overlapping channels.
• 5 GHz has 24 non-overlapping channels.

WPA2 Encryption Algorithm

• Advanced Encryption Standard (AES) - Counter Mode with Cipher Block Chaining Message Authentication Code (CCMP).

Wireless Access Method (Button)

• Wi-Fi Protected Setup (WPS) allows a device to connect to a wireless network by pressing a button.

Remote Access VPN vs. Host-to-Host VPN

• Remote access VPN uses a VPN concentrator to allow multiple hosts to connect to a network. Host-to-host establishes a secure connection between two specific host computers.

Site-to-Site VPN Devices

• Routers on the edge of the networks are configured to establish the VPN tunnel.

VPN Protocols and Encryption

• PPTP: Uses standard authentication protocols (like CHAP, PAP) and TCP port 1723. Encryption method(s) not explicitly specified.
• L2TP: Uses IPsec for encryption and TCP port 1701 and UDP port 500.

IPsec Protocols (AH, ESP) Difference

• Authentication Header (AH): Authenticates the IP packet.
• Encapsulating Security Payload (ESP): Encrypts the IP packet's data.

HDD vs. SSD

• HDD: Physical, mechanical drive storing data on spinning disks.
• SSD: Flash memory based, no moving parts.

Windows Drive Partitions

• Master Boot Record (MBR): Older, limited to 2 TB.
• GUID Partition Table (GPT): Modern, supports larger volumes.

MBR Disk Limitations

• Maximum drive size is 2 TB.

Windows Disk Management Utility

• Used to manage and configure storage devices in a Windows system.

Storage Spaces and Storage Pools

• Storage Spaces: Windows feature for combining drives into an aggregated logical drive space for users.
• Storage Pools: A collection of physical storage devices used by Windows Storage Spaces technology and act as one large source.

Storage Pool Configurations

• Simple: Increases data throughput, no redundancy.
• Mirror: Increases performance and protects against drive failure by replicating data.
• Parity: Provides data redundancy and protects against single drive failure.
• Dual Parity Provides redundancy and protects against two simultaneous drive failures.

OneDrive Overview

• Cloud storage service integrated with Windows.
• Users get free initial storage space (5 GB). Additional storage is available for purchase.

OneDrive Configuration

• Requires a Microsoft account for access.
• Files/folders can be synced to the cloud automatically.

OneDrive Data Access

• Files can be accessed via File Explorer, web browser, or mobile app.
• Deleted files can be recovered from the Recycle Bin (within 3-93 days depending on account tier).

Local Storage Management

• Upgrade Disk Drives: Consider using SSDs or NVMe drives for faster performance.
• Upgrade Disk Interface: Upgrade to faster interfaces (like PCIe, for example).
• Disk Cleanup: Removes temporary files to free up space.
• Optimize Drives: Defragment files to improve access time. (Not necessary for SSDs)
• Check Disk: Verifies file system integrity & fixes errors (chkdsk).

File Attributes

• Metadata associated with files that provide specific details about the file.
• Common attributes include Archive, Compressed, Directory, Encrypted, Hidden, Read-Only, System, Temporary, Offline, and Not Content Indexed.

Sharing Files and Folders

• Share permissions: Limit network access to files and folders.
• NTFS permissions: Offer granular control over local and networked folders/files.
• Share permissions take precedence over NTFS permissions when accessed over the network.
• Best practice: Use the principle of least privilege and groups to manage access.

Basic Input/Output System (BIOS) Boot

• Power On Self-Test (POST): Verifies hardware components' integrity and initializes devices.
• Boot Loader: Loads the OS kernel from the active partition.
• Operating System (OS) Startup: Loads device drivers and services, configures environment.

Unified Extensible Firmware Interface (UEFI) Boot

• More advanced boot specification than BIOS.
• Contains several phases: Security, Pre-EFI, Driver Execution Environment, Boot Device Selection, Transient System Loader, and Run Time.

Startup Error Facts

• Several error causes (hardware, software, etc) often involve a corrupted MBR or boot sector, potentially fixable with command prompt utilities.
• Boot logs can be useful in diagnosing startup problems.

System Recovery Procedures

• Repair tools, including Startup Repair, System Restore, System Image Recovery, and Reset this PC, are frequently implemented in WinRE.
• Choose a recovery method depending on the nature of the error and what the user wishes to preserve (or not preserve).
• Use an official Microsoft support tool to repair a corrupted MBR or boot sector.

Boot Configuration Data (BCD)

• A database that records bootable operating systems.
• BCDEdit is a command-line tool to manage BCD for various systems.

System Recovery Procedures/Recommendations

• Revert Windows updates, reset the PC, use system restore points, or restore from an image backup, depending on the specific issues(s) discovered.

Description

This quiz covers key concepts related to IP configuration issues, including subnet masks, default gateways, and DHCP server challenges. Test your understanding of how incorrect settings can lead to network communication problems and conflicts. Perfect for networking students and professionals.