Exam Objectives Layer 1 physical layer: - - Where transmission of bytes occurs across the network Devices o Cable o Ethernet o Coaxial o Hubs o Access points The physical layer decides the topology of the network Layer 2 data link layer: - Packages Data into frames and transmits those frames on the network Mac Address’s and ethernet reside on this layer LLC resides on this layer, LLC provides connection services and allows acknowledgment of receipt of messages. Layer 3 the network layer - Forwards and routes traffic using logical addressing The network layer is sometimes also called the routing layer. A device found at layer 3 or the network layer would be a router Forwards packets based on IP address Layer 4 the transport layer - The transport layer is the dividing line between what we call the upper layers of the OSI model and the lower layers of the OSI model When we talk about segments and datagrams we are talking about the transport layer Two protocols in the transport layer are TCP and UDP Layer 5 the session layer - The session layer keeps conversation separate to prevent intermingling of data Layer 6 the presentation layer - The presentation layer formats the data to be exchanged and secures the data with proper encryption Layer 7 – application layer - This layer provides application-level services where users communicate with the computer Examples FTP, Email, Browsers, etc Data Encapsulation - - - Ethernet header o Each Ethernet frame starts with an Ethernet header, which contains destination and source MAC addresses as its first two fields. The middle section of the frame is payload data including any headers for other protocols (for example, Internet Protocol) carried in the frame. Internet Protocol IP Header o An IP header is header information at the beginning of an Internet Protocol (IP) packet. An IP packet is the smallest message entity exchanged via the Internet Protocol across an IP network. IP packets consist of a header for addressing and routing, and a payload for user data. The header contains information about IP version, source IP address, destination IP address, time-to-live, etc. Transmission Control Protocol TCP o Connection oriented protocol User datagram Protocol or PDU o Connection less protocol TCP flags Payload o The actual data in the frame Network Topologies Mesh - A mesh topology is a network setup where each computer and network device are interconnected with one another. This topology setup allows for most transmissions to be distributed even if one of the connections goes down. It is a topology commonly used for wireless networks. Star/hub-and-spoke - A star network is a local area network (LAN) topology in which all nodes -personal computers (PCs), workstations or other devices -- are directly connected to a common central computer that is often referred to as a hub. Therefore, a star network is often referred to as a hub-andspoke network topology. Bus - Bus topology, also known as line topology, is a type of network topology in which all devices in the network are connected by one central RJ-45 network cable or coaxial cable. The single cable, where all data is transmitted between devices, is referred to as the bus, backbone, or trunk. Ring - A ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node – a ring. Data travels from node to node, with each node along the way handling every packet. Hybrid Network types and characteristics - Peer-to-peer o Peers share resources files printers and everything else directly with each other o Administration and back up is difficult - - - - - - - o Benefits low cost, no dedicated resources o This is inefficient for larger networks Client – server o Uses a dedicated server to provide access to files, scanners, printers and other resources o Administration and back up are easy under this model o Disadvantages – higher cost – specialized OS – requires dedicated resources LAN o Connects computers within a limited distance o Like a small office space MAN o Connects scattered locations across a city or metro area WAN o Connects geographically disparate internal networks and consists of lease lines or VPN’s o The internet is the largest WAN available WLAN o A wireless LAN is a wireless computer network that links two or more devices using wireless communication to form a local area network within a limited area such as a home, school, computer laboratory, campus, or office building. PAN o Around a person CAN o Campus area network connects buildings in a business park or university SAN storage area network o Specialized LAN that transfers data at the block level with a special protocol Software defined wide area network SDWAN o Uses a centralized control function to steer traffic securely and intelligently across the WAN and directly to trusted SaaS and IaaS providers Multiprotocol Label Switching MPLS o Allows traffic to be dynamically routed based on load conditions and path availability o This is primarily used by service providers on the backbone of there networks Multipoint generic routing encapsulation mGRE o Enables one node to communicate with many other nodes o Essentially creating a point-to-multipoint link o MGRE is usually combined with DMVPN o MGRE is used to create tunnels from one node to multiple nodes. Service related entry point Demarcation point - Where the internet service provider connection ends and our networks begin From the demarcation point we run a cable to our border gateway or our router Smart Jack - Provides information on the network status Virtual network Concepts -VSwitch - a virtual switch or vswitch enables one virtual machine or VM to communicate with another. Virtual switches are also used to establish connections between virtual and physical networks and to carry a VM’s traffic to other VM’s or a physical network. - Virtual network interface card vNIC - A virtual network interface card (vNIC) represents the configuration of a VM connected to a network. A VM can be configured to have multiple vNICs. - NVF network function virtualization NFV Network functions virtualization is a network architecture concept that leverages the IT virtualization technologies to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create and deliver communication services. - Hypervisor A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and processing. Provider links - - - - - Satellite o Communication to a satellite o Useful for remote sites o This connection can have high latency Digital subscriber line DSL o Copper coaxial connection usually o DSL uses telephone lines to provide connectivity o Download speed is faster than upload speed Cable o Copper or coaxial connection usually o Cable broadband Leased Line o A leased line, also known as a dedicated line, connects two locations for private voice and/or data telecommunication service. A leased line is not a dedicated cable; it is a reserved circuit between two points. The leased line is always active and available for a fixed monthly fee. o Leased lines can span short or long distances. They always maintain a single open circuit, as opposed to traditional telephone services that reuse the same lines for many different conversations through a process called switching. Metro-optical o If you’re part of a company that has many different locations in a single city, you can usually connect those together at higher speeds using Metro Ethernet, or Metro-E. This is a type of connectivity that’s usually within a very small geographic area, but it does allow you to connect those locations using very high-speed networks. Another nice part about metro Ethernet is that it is Ethernet. At both sides of the connection, the provider simply hands you off an Ethernet connection that you can plug into a normal Ethernet switch Summarize the types of cable and connectors and explain what the appropriate type for a solution is Copper - - - - - - - twisted pair o two wires with equal and opposite signals o transmit+ and transmit- or receive+ and receive – o the twist is the secret its always moving away from noise and interference this way cat 5 o fast ethernet o 100base-TX o 100mpbs o 100 meters cat 5e o gigabit ethernet o 1000base-t o 1000 mbps o 100 meters cat 6 o using cat6 at 100 meters will limit the speed from 10GBPS to 1GBPS cat 6a o 10Gbase-T o 10 GBPS o 100 meters cat 7 o 10GBase-t o 10 gbps o 100 meters Coaxial RG-6 o This is used in television/digital cable o And high speed internet over cable /cable modem connections Twinaxial o Have two inner conductors o This cable is common on 10 gigabit ethernet SFP+ cables o Twinaxial cables are used for very short range high speed connections between devices - Full duplex Five meters limited distance Low cost Low latency compared to twisted pair Termination standards o o o o The standard itself mentions times when you may want to use T568A colors and T568B colors. So it’s important that you punch down or use the same standard on both ends of the cable. You don’t want to use T568A on one side and 568B on the other. That creates a lot of confusion. And you may find that the cable is not working as expected. TIA/EIA-568A TIA/EIA-568B Many orgs traditionally use 568B Fiber - - single mode o single mode fiber is used for longer distances o maximum distance is 40 kilometers o is more expensive then multimode multimode o this deals with shorter distances o distances can reach in the 200-to-500-meter range Connector types - - local connector LC o sometimes called a love connector o two connections on the end o two ends a transmit and receive straight tip ST (fiber) o used for fiber o twist on connector o stick and twist - - - - - - - subscribers connect SC (fiber) o used for fiber o snap in kind of connection o stick and click mechanical transfer MT o fiber connector o very small openings registered jack RJ o a registered jack is a standardized telecommunication network interface for connecting voice and data equipment to a service provided by local exchange carrier or long distance carrier Angled physical contact APC o The crossings and cable connectors are green o Fiber connection o Light is reflected at an angle o SC connectors use APC more Ultra-physical contact UPC o The crossings and cable connectors are blue o Fiber connection o No angling o MTRJ uses UPC more RJ11 o Connector type used for voice application RJ45 o Connector type used for ethernet F-type connector o Twist on connector o Coaxial R connector commonly used for cable television, and cable modems Transceiver type o Small form factor pluggable SFP Commonly used to provide 1 Gbit fiber o Enhanced form factor pluggable SFP+ The same size as SPF Supports data rates up to 16 Gbit/s Common with 10 gigabit ethernet o Quad small form factor pluggable QSPF 4 channel SFP four 1 gbit connections o Enhanced quad small form factor pluggable QSFP Is a four channel SFP + four 10Gbit/sec Cable management - Patch panel patch bay o - a patch panel in a LAN is a mounted hardware assembly that contains ports that are used to connect and manage incoming and outgoing LAN cables Fiber distribution panel o Used for managing and organizing fiber optic cables within an enterprise network Punch down block o 66 Type of punch down block used to connect sets of wires in a telephone system Pretty much retired o 110 Network punch down block standard for today’s networks smaller and provide a broader frequency bandwidth o Krone Punch down tool o Bix Punch down tool Ethernet standards - - Copper o 10base-t Supports 10 megabits per second Maximum length 100 meters o 100base-tx Uses category 5 UTP cable 100 mbps speed o 1000base-t 100 meters Category 5 enhanced o 10gbase-t Category 6 Unshielded: 55 meters Shielded 100 meters o 40gbase-t Category 8 Shielded only 30 meters Fiber o 100base-fX Fast ethernet over optic fiber cables 100 mbps o 100base-sx 300 meters max length 100 mbps o o o o o o o o 1000base-sx Multimode fiber 500 meters 1000 mbps 1000base-lx Single mode fiber Maximum distance of 100 meters 10Gbase-sr 10gbase-lr Wavelength division multiplexing Combines multiple signals into one signal and sends over a single fiber optic strand using different wavelengths of the laser light source Coarse wavelength division multiplexing (CWDM) Up to 18 channels Up to 10 GBPS with ethernet UP to 16 GBPS with fiber Used to connect switches and routers over longer distances then you could with a copper cable Dense wavelength division multiplexing (DWDM) Up to 80 channels Up to 8 TBPS Used in major internet service providers Bidirectional wavelength division multiplexing (WDM) Combines multiple signals into one signal and sends over a single fiber optic strand using different wavelengths of the laser light source Given a scenario, configure a subnet and use appropriate IP addressing schemes Public vs Private - - - RFC1918 o In Internet networking, a private network is a computer network that uses a private address space of IP addresses. These addresses are commonly used for local area networks in residential, office, and enterprise environments. Both the IPv4 and the IPv6 specifications define private IP address ranges. NAT o NAT stands for network address translation. It's a way to map multiple local private addresses to a public one before transferring the information. Organizations that want multiple devices to employ a single IP address use NAT, as do most home routers. PAT o NAT translates the inside local addresses into inside global addresses; similarly, PAT translates the private unregistered IP addresses into public registered IP addresses. However, unlike NAT, PAT also uses source port numbers, allowing multiple hosts to share a single IP address while using different port numbers IPv4 vs IPv6 - Automatic private IP Addressing APIPA o A link local address o o o - - - - - - - - Can only communicate to other local devices No forwarding by routers If you are assigned an APIPA address you are not allowed to communicate out to the internet o Routers are not able to forward these IP address's o APIPA address range is 169.254.0.1 - 169.254.255.254 Extended unique identifier (EUI-64) o EUI-64 (Extended Unique Identifier) is a method we can use to automatically configure IPv6 host addresses. An IPv6 device will use the MAC address of its interface to generate a unique 64-bit interface ID. Multicast o Multicast networking is based on the simple concept that a single packet can be sent by a server and it will be received by many receivers. Multicast is different from broadcast because it's more selective. Unicast o In computer networking, unicast is a one-to-one transmission from one point in the network to another point; that is, one sender and one receiver, each identified by a network address. Unicast is in contrast to multicast and broadcast which are one-tomany transmissions. Anycast o An anycast network is two or more servers advertising the same IP address from different locations. Why would we want to do this? Serving traffic from a single location often lacks the redundancy required for critical or latency-sensitive applications that serve users around the world. Broadcast o In computer networking, broadcast traffic is a type of data sent to all computers and devices on a network or subnetwork. It is used in situations where all possible network destinations need to be reached or when the address of a specific computer is unknown. Link local o In computer networking, a link-local address is a network address that is valid only for communications within the subnetwork that the host is connected to. Loopback o The IP address 127.0. 0.1 is called a loopback address. Packets sent to this address never reach the network but are looped through the network interface card only. This can be used for diagnostic purposes to verify that the internal path through the TCP/IP protocols is working. Default gateway o In the networking world, a default gateway is an IP address that traffic gets sent to when it's bound for a destination outside the current network. On most home and small o o o business networks—where you have a single router and several connected devices—the router's private IP address is the default gateway. 192.168.1.1 The router that allows you to communicate outside of your local subnet The default gateway must be an IP address on the local subnet IPv4 Subnetting - - Classless (variable length subnet mask) Classful o A o B o C o D o E Classless inter-Domain Routing notation IPv6 concepts - Tunneling Dual stack Shorthand notation Router advertisement Stateless address configuration SLAAC Virtual IP VIP Sub interfaces Explain common ports, and protocols their application and encrypted alternatives File transfer protocol FTP Ports 20,21 Provides insecure file transfers Secure shell SSH Port 22 Provides secure remote control of another machine using a text based environment Secure file Transfer Protocol Port 22 SFTP Provides secure file transfers. Tunneling file transfers through SSH Telnet Port 23 Provides insecure remote control of another machine. Remote access via the command prompt Simple Mail Transfer protocol SMTP Port 25 Provides the ability to send emails over the network Domain Name Service DNS Port 53 Dynamic Host Control Protocol Converts domain names to IP addresses and IP addresses to domain names Ports 67,68 Automatically provides network parameters to your clients, such as their assigned IP address, subnet mask, default gateway, and the DNS server they should use Trivial file transfer protocol Port 69 TFTP Used as a lightweight file transfer method for sending configuration files or network booting of an operating system. Usually used for sending or receiving config files from a router or switch Hyper Text Transfer Protocol Used for insecure web browsing Port 80 Post office protocol version Port 110 3 POP3 Used for receiving incoming emails Network Time Protocol NTP Port 123 Used to keep accurate time for clients on the network Network basic input/output Port 139 system NetBIOS Used for file or printer sharing in a windows network Internet Mail application Protocol IMAP Port 143 A newer method of retrieving incoming emails which improves upon the older POP3 / operates over TCP/IP SNMP simple network management protocol Ports 161,162 Used to collect data about network devices and monitor their status LDAP lightweight directory access protocol LDAP Ports 389 Used to provide directory services to your network Hypertext transfer protocol Port 443 secure HTTPS Used for secure web browsing Server message block SMB Port 445 Used for Windows file and printer sharing services System logging protocol syslog Port 514 Used to send logging data back to a centralized server Simple mail transfer protocol transport layer security SMTP TLS Port 587 Secure and encrypted way to send emails Lightweight directory access Port 636 protocol secure Provides secure directory services Internet Message Access Protocol over SSL Port 993 Secure and encrypted way to receive emails POP3 over SSL Port 995 Secure and encrypted way to receive emails Structured query language server protocol SQL Port 1433 Used for communication from a client to the database engine Sqlnet protocol Port 1521 Used for communication from a client to an oracle database MySQL Port 3306 Used for communication from a client to MySQL database engine Remote desktop protocol RDP Port 3389 Provides graphical remote control from another client to a server Session initiation protocol SIP Ports Used to initiate Voip and video calls 5060,5061 IP protocol types - - - - - - ICMP o The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues. ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner. TCP o o UDP o Connection oriented protocol that uses a three-way handshake Transport layer protocol User Datagram Protocol (UDP) is a communications protocol that is primarily used to establish low-latency and loss-tolerating connections between applications on the internet. UDP speeds up transmissions by enabling the transfer of data before an agreement is provided by the receiving party. o UDP is very good for audio and visual streaming Generic routing encapsulation GRE o Used as a simple and effective way to create a tunnel called a GRE tunnel over a public network o GRE tunnels do not provide us with any encryption o Multicast traffic forwarding – GRE tunnels can be used to forward multicast traffic, whereas a VPN cannot. Because of this, multicast traffic such as advertisements sent by routing protocols can be easily transferred between remote sites when using a GRE tunnel. Internet protocol security IPSEC o Used to protect one or more data flows between peers, uses encryption o Implementing IPSEC gives you the following security controls Data confidentiality Data integrity Origin authentication Anti replay o IP sec uses two protocols to achieve encryption AH and ESP Authentication header AH o A protocol within IPSec that provides integrity and authentication Encapsulating security payload ESP o Provides encryption and integrity for the data packets sent over IPsec Connection less vs connection oriented o TCP is connection less UDP is not Explain the use and purpose of network services DHCP - - - - - - Scope o A list of valid IP addresses available for assignment or lease to a client computer or endpoint device on any given subnet Exclusion ranges o An exclusion is an address or range of addresses taken from a DHCP scope that the DHCP server is not allowed to hand out. Reservations o A reservation is a specific IP addresses that is tied to a certain device through its MAC address. For example, if we have a workstation on the network that requires a certain IP address, but we don’t want to go through to trouble of assigning it statically, then we can create a reservation for it. Dynamic assignment o Automatically assigned by DHCP from a list of scope IP addresses Static assignment o When the DHCP assignment is configured by an admin Lease time o How long the IP lease lasts Scope options o Subnet mask o IP o Default router default gateway o DNS server o Lease time Available leases o The leases that are available when a client joins the network DHCP relay o DHCP relay is used when the client device and the DHCP server are not located on the same subnet or network IP helper / udp forwarding o User Datagram Protocol (UDP) forwarding is a feature used in Cisco IOS software to forward broadcast and multicast packets received for a specific IP address. DNS - record types Address A vs AAAA - - - - - - - o A – links a hostname to an IPV4 address o AAAA – links a hostname to an IPV6 address Canonical name CNAME o Points a domain name to another domain or subdomain Mail exchange MX o Directs email to a mail server Start of authority (SOA) o Stores important information about a domain or zone Pointer (PTR) o Corelates an IP address with a domain name, these are essentially the opposite of A records Text (TXT) o Adds text into the DNS Service (SRV) o Specifies a host and port for a specific server Name server (NS) o Type of DNS server that stores all the DNS records for a given name. Global hierarchy o Root Answers requests in the root zone o Top-level domain .com .net o Second-level domain Diontraining.com google.com o Subdomain Support.diontraining.com o Host Refers to a specific machine Root DNS servers o A root name server is a name server for the root zone of the Domain Name System of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate toplevel domain. Internal vs. external o Internal DNS – Allows cloud instances on the same network to access each other using internal DNS names o External – records created around a domain name from a central authority and used on the public internet Zone transfers o Sends DNS records data from the primary nameserver to a secondary nameserver o Uses the TCP protocol to do this Authoritative name servers o The authoritative nameserver contains information specific to the domain name it serves Time to live (TTL) - - - o How long the record is stored in the DNS server DNS caching o DNS cache refers to the temporary storage of info about previous DNS lookups on a machine OS or web browser Reverse DNS/reverse lookup/forward lookup o Reverse DNS lookup – A DNS query for the domain name associated with a given IP address o Forward DNS lookup – using an internet domain name to find an IP address Recursive lookup/iterative lookup o Recursive DNS lookup – where one DNS server communicates with several other DNS servers to hunt down an IP address and return it to the client NTP - Stratum o The NTP stratum is a representation of the hierarchy of time servers in an NTP network Clients o Computers, workstations Servers o Server that keeps the time stored on it Explain basic corporate and datacenter network architecture Three-tiered - - - Core o Big fast expensive routers are in the core of the network o The core is the backbone of the network Distribution aggregation layer o This layer provides boundary definition by implementing ACL’s and policies o Layer three switches are usually at this layer o This layer makes sure the packet are being properly routed Access / edge o This layer connects endpoint devices o There are regular switches at this layer Spine and leaf - - Software defined network o Enables the network to be intelligently and centrally controlled or programmed using software applications Top-of-rack switching o The switches are located at the top of the rack Back bone Traffic flows - North-South o North – traffic exiting the datacenter - o South – traffic that is coming into the datacenter East-West o Refers to traffic flow within a datacenter - Branch office vs on premises datacenter vs colocation Storage area networks - - - Connection types Fiber channel over ethernet o Computer networking technology that encapsulates fiber channel frames over ethernet networks. This allows fiber channel to use 10 gigabit ethernet networks while preserving the fiber channel protocol Fiber channel o High speed data transfer protocol providing in order lossless delivery of raw block data o Primarily used to connect computer data storage to servers in storage area networks o Connects storage to servers Internet small computer systems interface ISCSI Summarize cloud concepts and connectivity options Deployment models - - - Public o Systems and users interact with devices on public networks such as the internet and other clouds o Examples are GCP, AWS, Azure Private o Systems and users only have access with other devices inside the same private cloud or system Hybrid o Mixture of both private and public clouds Community o collaborative effort where infrastructure is shared between several organizations from a specific community with community concerns Server models - Software as a service o Users interact with a web based application and the details of how it works are hidden - - - o Google docs is a good example Infrastructure as a service o Allows for the outsourcing of infrastructure of the servers and desktops to a service provider Platform as a service o Provides a platform for companies that develop applications without the need for infrastructure o Digital ocean is an example of this Desktop as a service o Provides a desktop environment that is accessible through the internet in the form of a cloud desktop or virtual desktop environment Infrastructure as code - Automation/Orchestration o Orchestration is cloud-based automation o Orchestration is the process of arranging or coordinating the installation and configuration of multiple systems Connectivity options - - - - - Virtual private network o Establishes a secure connection between on premises network, remote offices, client devices, and the providers global network Private direct connection to cloud provider o extends pre-existing on premise data center into the providers network to directly connect to your virtual private cloud network Multitenancy o Allowing customers to share computing resources in a public or private cloud Elasticity o Attempts to match the resource allocated with the actual amount of resource needed at any given point in time / elasticity is focused on meeting the sudden increase and decreases in the workload Scalability o Handles the growing workload required to maintain good performance and efficiency for a given software or application Security implications o Multitenancy might cause your data to be hosted on the same physical server as other orgs data Compare and contrast various devices, their features, and their appropriate placement on the network Networking devices - - - - - - - Layer 2 switch o Forwards traffic based on MAC address o Switches have many ports and a lot more features in today’s network Layer 3 capable switch o These can-do layer 2 switching and layer 3 routing Router o Routes traffic between IP subnets o OSI layer 3 devices because it makes routing decisions based on IP o Routers are often used to connect diverse network types such as LAN, WAN, copper, fiber Hub o Layer 1 device – resides on the physical layer of the OSI model o Hub is half duplex Access point o This is not to be confused with a wireless router, a wireless router is a router and an access point in a single device o An access point is a bridge, this means it extends the wired network onto the wireless network o OSI layer 2 devices Bridge o This was the precursor to a switch – imagine a switch with two to four ports o Can connect different topologies o OSI layer 2 device distributes traffic based on MAC addresses Wireless Lan controller o Network component that manages wireless network access points and allows wireless devices to connect to the network o It offers central control over network elements o Centralized management of access points Load balancer o A network load balancer distributes network traffic across multiple WAN links, virtual machines, or server to avoid overloading any single host without using complex routing protocols o Useful for SSL offload o Caching - - - - - - - - o Can provide QOS and prioritization Proxy server o A device that sits in the middle of the communication and make the request for us o Useful features include, access control, caching, URL filtering, content scanning Cable modem o Cable modems use DOCSIS data over cable service interface specification o Cable modems can support data, voice and video connections DSL modem o DSL modem uses telephone lines o Download speed is faster them upload speed Repeater o If you need to expand the network signal beyond the standard range you can use a repeater o Repeaters receive the signal, regenerate the signal, and resends the signal o Commonly used to boost the signal over a fiber or copper connection o Can also convert media o Layer 1 device Voice gateway o The voice gateway is used to connect the enterprise VOIP network with the telecommunications provider Media converter o Converts media so if you needed fiber to convert to copper you would use this device Intrusion prevention system o Monitors network traffic and responds to security events Intrusion detection device o Monitors network traffic without blocking or stopping anything o Passive Firewall o Can be software or hardware based and be virtual or physical devices o Uses a set of rules defining the types of traffic permitted or denied through the device VPN headend o This device is purpose built to provide VPN services Networked devices - - Voice over internet protocol o Turns our voice traffic into regular network traffic o Essentially each phone is a network device o VOIP phone usually use POE Printer Physical access control devices Cameras Heating ventilation and air condition Internet of things IOT Industrial control systems SCADA Compare and contrast routing technologies and bandwidth management concepts Routing - - - - - - - Dynamic Routing – essentially listens for subnet information from other routers o Routing internet protocol RIP Distance vector protocol Updates every 30 seconds RIP is very easy to configure Runs over UDP o Open Shortest Path first OSPF Link state routing protocol Large, scalable routing protocol o Enhanced interior gateway routing protocol EIGRP Distance vector protocol Cisco Hybrid of distance vector and link state protocols that uses bandwidth and delay o Border gateway protocol BGP Hybrid routing protocol Determines routes based on paths, network policies, or configured rule sets Link state o Link state routing protocols will take speed into account o Used in larger networks Distance vector o Routing protocols that determine the best route based on how far another router is away. The deciding vector is distance. o How many hops away is another network o Relatively little configuration o Good for smaller networks Hybrid o This is essentially a little link state and a little distance vector routing protocol Static routing o This is when an Admin configures the router and tells the router where the next destination should be Default route o A default route is a last resort route o A route when no other route matches Administrative distance o The administrative distance value is assigned by the router on a per protocol basis. o The value is used in router to rank routes from most preferred (low AD value) to least preferred (high AD value) o When multiple paths to the same destination are available in its routing table the router uses the route with the lowest administrative distance. Exterior vs interior o OSPF is a interior routing protocol - o EIGRP is an interior routing protocol Time to live TTL o This helps us solve the problem of routing loops o Every time that packet hits a router the TTL decrease by 1 and when it hits the destination its 0 Bandwidth Management - Traffic shaping Quality of service QOS Given a scenario, configure and deploy common ethernet switching features - - - - Data virtual local area network VLAN o A group of devices in the same broadcast domain o You configure the switch points to be separated logically instead of physically o Logically separate your switchports into subnets o VLAN’s cant communicate with each other without a router Voice VLAN o A voice vlan is a vlan that is specifically allocated for users voice data streams Port configurations Port tagging 802.1Q o We refer to this as VLAN truncking o With trunking we can send multiple VLANS across a single trunk and then break them out into the appropriate VLAN on the other side o The process of adding and removing this from a to an 801.1q trunk is relatively straight forward we have our normal ethernet frame that we are sending across. When that hits the trunk were going to add an additional field into this frame called a VLAN header. This VLAN header will contain information about which VLAN is associated with this data. Port aggregation Link aggregation control protocol LCAP Duplex o Half duplex Devices can send and receive data but not at the same time, they either need to be sending or receiving o Full duplex devices can send and receive data at the same time o You can configure the duplex on each individual interface Speed o You will need to configure the speed 10mg 100mb 1000 mg and so on and so forth Flow control Port mirroring Port security Jumbo frames Auto medium dependent interface crossover Media access control address tables Power over ethernet POE - Power over ethernet + Spanning tree protocol STP Carrier sense with multiple access with collision detection CSMA/CD ARP Neighbor discovery protocol Given a scenario, install and configure the appropriate wireless standards and technologies 802.11 standards - A B G N wifi 4 Ac wifi 5 Ax wifi 6 Frequencies and Range - 2.4 GHz 5 GHz Channels - Regulatory impacts Channel Bonding Service Set Identifier SSID - Basic service set Extended service set Independent basic service set Ad-Hoc Roaming Antenna Types - Omni Directional Encryption standards - WiFi protected Access WPA WPA2 Personal Advanced Encryption Standard AES Temporal Key Integrity Protocol TKIP WPA/WPA2 Enterprise AES/TKIP Cellular Technologies - Code division multiple Access CDMA - - Global system for mobile communications GSM Long term evolution LTE o 3G o 4G o 5G Multiple input multiple output MIMO And multi user MIMO MU-MIMO Given a scenario, use the appropriate statistics and sensers to ensure network availability Performance metrics & sensors - Device/Chassis Temperature CPU usage Memory Bandwidth Latency Jitter SNMP - Traps Object identifiers OIDs Management information bases MIBs Network device logs - Log reviews Traffic logs Audit logs Syslog Logging levels / severity levels Interface statistics status - Link state up/down Speed / duplex Send / receive traffic Cyclic redundancy CRCs Protocol packet and byte counts Interface errors or alerts - CRC errors Giants Runts Encapsulation errors Environmental factors and sensors - Temperature Humidity Electrical Flooding Baselines Netflow data Uptime/ Downtime Explain the purpose of organizational documents and policies Plans and procedures - Change management Incident response plan Disaster response plan Business continuity plan System life cycle Standard operating procedures Hardening and security policies - Password policy Acceptable use policy Bring your own device policy Remote access policy Onboarding and offboarding policy Security policy Data loss prevention Common documentation - physical network diagram floor plan Rack diagram Intermediate distribution Frame IDF Frame MDF Logical network diagram Wiring diagram Site survey report Audit and assessment report Baseline configurations Common agreements - Non disclosure agreement NDA Service level agreement - MOU Explain high availability and disaster recovery concepts and summarize what is the best solution - load balancing multipathing network interface NIC teaming redundant hardware clusters - switches hardware firewalls Facilities and infrastructure support - UPS Power distribution unit Generator HVAC Fire Redundancy and high availability concepts - Cold site Warm site Hot site Cloud site Active active vs active passive Multiple ISPs Virtual router redundancy protocol VRRP First hop redundancy protocol Mean time to repair MTTR Mean time between failure MTBF Recovery time objective RTO Recovery point objective RPO Network device backup/restore - State Configuration Explain common security concepts Confidentiality integrity availability CIA Threats - Internal External Vulnerabilities - Common vulnerabilities CVE Zero day Exploits Lease privilege Role based access Zero trust Defense in depth - Network segmentation enforcement Screened subnet or DMZ Separation of duties Network access control Honeypot Authentication methods - Multifactor Terminal access control system plus TACACS+ Single sign on SSO Remote authentication dial in user service RADIUS LDAP Kerberos Local authentication 802.1x Extensible authentication protocol EAP Risk management - Security risk assessment Threat assessment Vulnerability assessment Penetration testing Posture assessment Business risk assessment Process assessment Vendor assessment Security information and event management SIEM Compare and contrast common types of attacks Technology based - - Denial of service DOS Distributed denial of service DDOS Botnet command and control On path attack MITM DNS poisoning VlAN hoping ARP spoofing Rogue DHCP Rogue access point Evil twin Ransomware Password attacks o Bruteforce o Dictionary MAC spoofing IP spoofing Deauthentication Malware Human and environmental - Social engineering Phising Tailgating Piggybacking Shoulder surfing Given a scenario apply network hardening techniques Best Practices - Secure SNMP Router advertisement RA guard Port security Dynamic arp inspection Control plan policing Private VLANs Disable unneeded switch ports Disable unneeded network services Change default passwords Password complexity lengths Enable DHCP snooping Change default VLAN Patch and firmware management - Access control lists Role based access Firewalls rules o Explicit deny o Implicit deny Wireless security - MAC filtering Antenna placement Power levels Wireless client isolation Guest network isolation Preshared keys PSKs EAP Geofencing Captive portal IOT access consideration Compare and contrast remote access methods and security implications - site-to-site VPN client-to-site VPN clientless VPN split tunnel vs full tunnel remote desktop connection remote desktop gateway SSH Virtual network computing VNC Virtual desktop Authentication and authorization considerations Explain the importance of physical security Detection methods - Camera Motion detection Asset tags Tamper detection Prevention methods - Employee training Access control hardware Badge readers Biometrics - Locking racks Locking cabinets Access control vestibule Smart lockers Asset disposal - Factory reset/wipe configuration Sanitize devices for disposal Explain the network troubleshooting methodology Identify the problem - Gather information Questions users Identify symptoms Determine if anything has changed Duplicate the problem if possible Approach multiple problems individually Establish the theory of probable cause - Question the obvious Consider multiple approaches Top to bottom / bottom to top OSI model Divide and conquer Test the theory to determine the cause - If the theory is confirmed determine the next steps to resolve the problem If the theory is not confirmed re-establish a new theory or escalate Establish a plan or action to resolve the problem and identify potential effects Implement the solution or escalate as necessary Verify full system functionality and if applicable implement preventative measurements Document findings actions outcomes and lessons learned Given a scenario troubleshoot common cable connectivity issues and select the appropriate tools Specification and limitations - Throughput Speed - Distance Cable considerations - Shielded and unshielded Plenum and riser-rated Cable application - Rollover cable / console cable Crossover cable Power over ethernet Common issues - Attenuation Interface Decibel DB loss Incorrect pinout Bad ports Open/short Light emitting diode LED status indicators Incorrect transceivers Duplexing issues Transmit and receive TX/RX reverse Dirty optical cables Common tools - Cable crimper Punchdown tool Tone generator Loopback adapter Optical time domain reflector OTDR Multimeter Cable testing Wire map Tap Fusion splicers Spectrum analyzers Snips/cutters Cable stripper Fiber light meter Given a scenario use the appropriate network software tools and commands Software tools - WIFI analyzer Protocol analyzer packet capture - Bandwidth speed test Port scanner Iperf Netflow analyzers TFTP server Terminal emulator IP scanner Command line tool - Ping Ipconfig / ifconfig / ip Nslookup / dig Traceroute / tracert Arp Netstat Hostname Route telnet tcpdump nmap Basic network commands - show interface show config show route Given a scenario troubleshoot common wireless connectivity issues Specification and limitations - throughput speed distance received signal strength indication RSSI effective isotropic radiated power EIRP considerations - - antennas o placement o type o polarization channel utilization AP association time Site survey Common issues - Interface Channel overlap Antenna cable attenuation RF attenuation / signal loss Wrong ssid Incorrect passphrase Encryption protocol mismatch Insufficient wireless coverage Captive portal issues Client dissociation issues Given a scenario troubleshoot general networking issues Considerations - Device configuration review Routing tables Interface status VLAN assignment Network performance baseline
