Contents
1. Networking Fundamentals
1.1 Compare and contrast the Open Systems
Interconnection (OSI) model layers and encapsulation
concepts.
1.2 Explain the characteristics of network topologies
and network types.
1.3 Summarise the types of cables and connectors and
explain which is the appropriate type for a solution.
1.4 Given a scenario, configure a subnet and use
appropriate IP addressing schemes.
1.5 Explain common ports and protocols, their
application, and encrypted alternatives.
1.6 Explain the use and purpose of network services.
1.7 Explain basic corporate and datacenter network
architecture.
1.8 Summarise cloud concepts and connectivity options.
2. Network Implementations
2.1 Compare and contrast various devices, their
features, and their appropriate placement on the
network.
2.2 Compare and contrast routing technologies and
bandwidth management concepts.
2.3 Given a scenario, configure and deploy common
Ethernet switching features.
2.4 Given a scenario, install and configure the
appropriate wireless standards and technologies.
3.0 Network Operations
3.1 Given a scenario, use the appropriate statistics and
sensors to ensure network availability.
3.2 Explain the purpose of organisational documents
and policies.
3.3 Explain high availability and disaster recovery
concepts and summarise which is the best solution.
4.0 Network Security
4.1 Explain common security concepts.
4.2 Compare and contrast common types of attacks.
4.3 Given a scenario, apply network hardening
techniques.
4.4 Compare and contrast remote access methods and
security implications.
4.5 Explain the importance of physical security.
5.0 Network Troubleshooting
5.1 Explain the network troubleshooting methodology.
5.2 Given a scenario, troubleshoot common cable
connectivity issues and select the appropriate tools.
5.3 Given a scenario, use the appropriate network
software tools and commands.
5.4 Given a scenario, troubleshoot common wireless
connectivity issues.
5.5 Given a scenario, troubleshoot general networking
issues.
1. Networking Fundamentals
1.1 Compare and contrast the Open
Systems Interconnection (OSI) model
layers and encapsulation concepts.
OSI model
Layer 1 - Physical: Turns physical signals
(light/electricity) into data/bits. Accounts for bit sync,
bit rate control, physical topologies & transmission
mode (i.e. half/full duplex or simplex). Layer 1 devices
include hubs, repeaters, modems & cables.
Layer 2 - Data Link (MAC frames): Responsible for
communication between physical devices that are
directly connected, and encapsulates sender &
receivers MAC address in frame headers. Functions
include framing, physical addressing, error control,
flow control & access control. Layer 2 devices include
NIC's and switches.
Layer 3 - Network (IP packets): Transmits data
between hosts on different networks and handles
packets and packet routing. Works with IP addresses.
Layer 3 devices include routers.
Layer 4 - Transport (Segments with port numbers):
Responsible for end to end delivery of messages.
Provides acknowledgement of of successful data
transmission or re-transmits data if needed. Uses
segmentation, and the data type is referred to as
segments. Looks after flow & error control and adds
source and destination port numbers to the segment
header. The transport layer is managed by the OS. It is
referred to as the heart of the OSI model.
Layer 5 - Session: Responsible for the establishment,
maintenance, and termination of connections.
Mediates the communication between hosts and adds
synchronisaton points to transmissions. Looks after full
duplex/half duplex settings. Handled by network
applications.
Layer 6 - Presentation: Also referred to as the
translation layer. Data is extracted to or from a format
compatible with the adjacent layers. Handles
translation (i.e. from ASCII to EBCDIC),
encryption/decryption, and compression.
Layer 7 - Application: Produces/displays data that is
to be/has been transferred over the network. Usually
implemented via protocols rather than literal desktop
applications.
Data encapsulation and decapsulation within the OSI model
context
Ethernet frame header: Preamble > SFD (Start of
Frame Delimiter) > Destination MAC Address > Source
MAC address > Frame Length > Data > CRC (Cyclic
Redundancy Check aka Checksum)
Internet Protocol (IP) header: Version (IP Version) >
Header Length > Priority and Type of Service > Packet
Length > Identification > Flags > Fragmented Offset
(for reassembly fragmented packets) > TTL > Protocol
(TCP/UDP) > Source IP > Destination IP > Options
TCP/UDP headers
TCP: Source Port > Destination Port >
Sequence Number > Acknowledgement
Number > DO (Data Offset) > RSV (Reserved)
> Flags (URG: Urgent > ACK:
Acknowledgement > PSH: Push > RST: Reset >
SYN: Synchronise > FIN: Finish) > Window >
Checksum > Urgent > Options
UDP: Source Port > Destination Port >
Datagram Length > Checksum
TCP flags: URG: Urgent > ACK: Acknowledgement >
PSH: Push > RST: Reset > SYN: Synchronise > FIN:
Finish
Payload: Layer 2: (MAC) Frames > Layer 3: (IP) Packets
> Layer 4: (Ports) Segments
Maximum Transmission Unit (MTU): 1500 bytes unless
using Jumbo Frames which can be up to 9000 bytes.
1.2 Explain the characteristics of
network topologies and network types.
Mesh: Each host is physically connected with all other hosts on
the network. Cabling requirements expand exponentially unscalable.
Star/hub-and-spoke: Each host is physically connected with a
central node such as a router, hub, or switch.
Bus: All devices connected to a common half-duplex link that
terminates at both ends.
Ring: The same as bus topology, however all nodes connect to
two other nodes, meaning that the common link does not
terminate and forms a ring.
Hybrid: The combination of two or more topologies.
Network types and characteristics
Peer-to-peer: Interconnected devices directly sharing
resources with one another.
Client-server: Centralised servers providing resources
to multiple clients.
LAN: Local Area Network
MAN: Metropolitan Area Network
WAN: Wide Area Network
WLAN: Wireless Local Area Network
PAN: Personal Area Network
CAN: Campus Area Network
SAN: Storage Area Network
SDWAN: Software Defined Wide Area Network
MPLS: Multiprotocol Label Switching
mGRE: Multipoint Generic Routing Encapsulation
Service related entry point
Demarcation point: Physical network boundary point
between telecom and private network.
Smartjack: Network demarcation terminals that
provide diagnostic capabilities.
Virtual network concepts
vSwitch: A virtual switch.
vNIC: A virtual NIC.
NFV: Network Function Virtualisation. The
replacement of physical network devices with virtual
versions.
Hypervisor: Software that creates and runs virtual
machines.
Provider links
Satellite: Self explanatory.
DSL: Digital Subscriber Line - data over telephone
lines.
Cable: Data over coax/cable TV infrastructure.
Leased line: A dedicated communication channel
between two sites.
Metro-optical: MAN over fibre.
1.3 Summarise the types of cables and
connectors and explain which is the
appropriate type for a solution.
Copper
Twisted pair: Two wires are twisted together to reduce
electromagnetic interference.
Cat 5: 1Gbps, 1000BASE-T, 100MHz
Cat 5e: 1Gbps, 1000BASE-T, 100MHz
Cat 6: 1Gbps, 1000BASE-T, 250Mhz
Cat 6a: 10Gbps, 10GBASE-T, 600Mhz
Cat 7: 10Gbps, 10GBASE-T, 1Ghz
Cat 8: 40Gbps, 40GBASE-T, 2Ghz
Coaxial/RG-6: Single conductor
Twinaxial: Two conductors
Termination standards
TIA/EIA-568A: Green White > Green >
Orange White > Blue > Blue White > Orange
> Brown White > Brown
TIA/EIA-568B: Orange White > Orange >
Green White > Blue > Blue White > Green >
Brown White > Brown
Fibre: Data transmission by light.
Single mode: Used for long range communication (<=
100KM). Uses laser beams.
Multimode: Used for short range communication (<=
2KM). Typically uses LEDs. The core of the fibre is
larger than the wavelength of light, the light splits as
it travels and takes the form of multiple modes.
Connector types
LC (Local Connector): Rectangular and small. Has two
fibres, one each for send and receive. Has clips similar
to an RJ45.
ST (Straight Tip): Round. Use bayonet connectors.
SC (Subscriber Connector): Sometimes referred to as
Square Connector. Unique, spring loaded locking
mechanism.
MT-RJ (Mechanical Transfer Registered Jack):
Smallest fibre connector. Has two fibre connections.
Similar looking mechanism to LC (Local Connector).
APC (Angled Physical Contact): Has a slight angle,
lower return loss.
UPC (Ultra Physical Contact): Not angled. High return
loss.
RJ11: 6P2C, used for DSL & analogue telephone
connections.
RJ45: 8P8C
F-type: Used with cable modems, DOCSIS, generally
RG-6, threaded connector.
Transceivers/media converters: Layer 1 devices.
Convert network signals to different types i.e copper >
fibre, fibre > copper. Transceivers are defined by the
capability to both transmit and receive data.
Transceiver type
SFP (Small Form-factor Pluggable): 1Gbps.
SFP+ (Enhanced Small Form-factor
Pluggable): 16Gbps. Same size as SFP.
QSFP (Quad Small Form-factor Pluggable):
Four channel SFP. 4Gbps.
QSFP+ (Enhanced Quad Small Form-factor
Pluggable): 40Gbps.
Cable management
Patch panel: Intermediate connector between
hosts and switches.
Fibre distribution panel: Used for
accommodating fiber cable terminations,
connections and patching.
Punchdown block
66: Usually used for analogue voice.
Left is patched to right.
110: Replaced 66 blocks. Supports
Cat5 & Cat6 cables. Metal bites into
insulator.
Krone: European alternative to 110
block.
BIX (Building Industry Cross
Connect): Has been updated over the
years, supports Cat6.
Ethernet standards: Baseband - single frequency.
Copper
10BASE-T: 10 Mbps. Two pair. Cat3
minimum. 100 meter max.
10BASE-TX: 100 Mbps. Two pair. Cat5
minimum. 100 meter max.
1000BASE-T: 1 Gbps. Four pair. Cat5
minimum. 100 meter max.
10GBASE-T: 10 Gbps. Four pair. Cat6
minimum. 100 meter max.
40GBASE-T: 40 Gbps. Four pair. Cat8
minimum. 30 meters max.
Fibre
100BASE-FX: 100 Mbps. Laser. 400
meters half-duplex, 2 kilometres fullduplex.
100BASE-SX: 100 Mbps. LED. 300
meters max.
1000BASE-SX: 1 Gbps. Short
wavelength laser. 550 meters.
1000BASE-LX: 1 Gbps. Long
wavelength laser. 5 kilometres.
10GBASE-SR: 10 Gbps. Multimode
fibre. 400 meters.
10GBASE-LR: 10 Gbps. Single mode
fibre. 10 kilometres.
WDM (Bidirectional Wavelength
Division Multiplexing): Bidirectional
communication over a single strand of
fibre for multiple types of signals. Uses
different wavelengths for each carrier.
CWDM (Coarse Wavelength Division
Multiplexing): 10GBASE-LX4.
DWDM (Division Wavelength Division
Multiplexing): 160 signals, up to 1.6
Tbps.
1.4 Given a scenario, configure a subnet
and use appropriate IP addressing
schemes.
Public vs. Private
RFC1918: Defines private IP address ranges.
10.0.0.0 to 10.255.255.255. 16,777,216
addresses.
172.16.0.0 to 172.31.255.255. 1,048,576
addresses.
192.168.0.0 to 192.168.255.255. 65,536
addresses.
Network Address Translation (NAT): The changing of
an IP address as it progresses through a network,
usually from private to public or vice versa.
Port Address Translation (PAT): Translation of port
numbers from source to destination and vice versa.
IPv4 vs IPv6
Automatic Private IP Addressing (APIPA): Link local
address. Automatically assigned. Unable to
communicate with the router and therefore external
networks. 169.254.1.0 to 169.254.254.255. Picked
randomly from range/automatically assigned.
Extended Unique Identifier (EUI-64): Extends the MAC
address into a 64 bit value. The MAC address is split
into two 3 byte halves. A value of 'FFFE' is placed in
between these halves to make the address 64 bits in
length. The 7th bit of the of the first half of the MAC
address is flipped to distinguish the address as a local
address rather than a globally unique address.
Multicast: One to many of many communication (only
those who want it).
Unicast: One to one communication.
Anycast: One to one of many communication (data is
delivered only to the closest device with the correct
anycast address).
Broadcast: One to all communication.
Link local: Same as APIPA.
Loopback: 127.0.0.1 - the address of the machine
you're using.
Default gateway: The IP address of the device which
provides a gateway out of the network. The router.
IPv4 subnetting: https://www.youtube.com/playlist?
list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE
Classless (variable length subnet mask): See CIDR
notation.
Classful
A: Leading bits: 1 - 127. Subnet mask:
255.0.0.0.
B: Leading bits: 128 - 191. Subnet mask:
255.255.0.0
C: Leading bits: 192 - 223. Subnet mask:
255.255.255.0
D: Leading bits: 224 - 239. Used for multicast.
E: Leading bits: 240 - 254. Reserved.
Classless Inter Domain Routing (CIDR): Ones on the
left (network), zeroes on the right (host).
IPv6 concepts: 128 bit address. First half of address (the first
64 bits) is typically associated with the subnet. The second half
is created by combining 1. The first three bytes of the MAC
address (with the 7th bit flipped), 2. FFFE, 3. The last 3 bytes of
the MAC address.
Tunnelling: 6to4 addressing allows sending of IPv6
traffic over an IPv4 network. 4to6 does the opposite.
No NAT and requires router relays. Teredo
(Windows)/Miredo (Linux/BSD/macOS) allow
tunnelling of IPv6 through NATed IPv4 networks with
no special routers needed.
Dual stack: Running both IPv4 and IPv6
simultaneously.
Shorthand notation: Leading zeroes are optional.
Groups of zeroes can be removed and replaced with a
double colon (this can only be done once per address).
Router advertisement: IPv6 has no broadcast
functionality and therefore no ARP. Instead, this is is
managed by Neighbour Discovery Protocol (NDP)
using multicast.
Stateless address autoconfiguration (SLAAC): The
automatic configuration of IP addresses (without a
DHCP server).
Virtual IP (VIP): An IP address not associated with a physical
network adapter.
Subinterfaces: One physical network interface handling
multiple VLANs.
1.5 Explain common ports and
protocols, their application, and
encrypted alternatives.
Protocols
Ports
Description
File Transfer Protocol
(FTP)
20/21
Transfers files.
Secure Shell (SSH)
22
Facilitates secure, remote,
shell access.
Secure File Transfer
Protocol (SFTP)
22
Provides secure file access,
transfer, and management.
Telnet
23
Unsecured bi-directional
interactive text
communication.
Simple Mail Transfer
Protocol (SMTP)
25
Allows for server to server
email communication.
Domain Name System
(DNS)
53
Decentralised database
used to identify computers.
Dynamic Host
Configuration Protocol
67/68
Automatically assigns IP
addresses.
(DHCP)
Trivial File Transfer
Protocol (TFTP)
69
Simple file transfer
protocol.
Hypertext Transfer
Protocol (HTTP)
80
Transfers hypertext.
Post Office Protocol v3
(POP3)
110
Provides basic mail transfer
functionality.
Network Time Protocol
(NTP)
123
Synchronises clocks among
network devices.
Internet Message Access
143
Protocol (IMAP)
Send, receives, and allows
management of email on a
remote server.
Simple Network
Management Protocol
(SNMP)
161/162
Gathers stats from network
devices. Has notification
functionality.
Lightweight Directory
Access Protocol (LDAP)
389
A protocol for accessing
and maintaining distributed
directory information
services.
Hypertext Transfer
Protocol Secure (HTTPS)
[Secure Sockets Layer
(SSL)]
443
Self explanatory.
Hypertext Transfer
Protocol Secure (HTTPS)
443
[Transport Layer Security
(TLS)]
Self explanatory.
Server Message Block
(SMB)
445
Windows file sharing
protocol.
Syslog
514
A protocol for sending and
receiving system logs.
SMTP TLS
587
Self explanatory.
Lightweight Directory
Access Protocol (over
SSL) (LDAPS)
636
Self explanatory.
IMAP over SSL
993
Self explanatory.
POP3 over SSL
995
Self explanatory.
Structured Query
Language (SQL) Server
1433
Databases.
SQLnet
1521
Databases.
MySQL
3306
Databases.
Remote Desktop
Protocol (RDP)
3389
Microsoft's proprietary
remote system access
protocol.
Session Initiation
Protocol (SIP)
5060/5061 Used for VOIP.
IP protocol types
Internet Control Message Protocol (ICMP): A basic
communication protocol, usually used by network
devices, including routers, to send error messages and
operational information indicating success or failure
when communicating with another IP address. Ping
uses ICMP.
TCP: https://i.ibb.co/wznfjgr/jrbdgx5j7md51.jpg
UDP: https://i.ibb.co/wznfjgr/jrbdgx5j7md51.jpg
Generic Routing Encapsulation (GRE): Creates a
tunnel between two IP endpoints, making them
appear to be directly connected. No encryption.
Internet Protocol Security (IPSec): A VPN protocol.
Provides encryption and security of data over OSI layer
3.
Authentication Header (AH): Includes a hash
of the IP packet and a shared key.
Encapsulating Security Payload (ESP):
Encrypts the packet. Adds a header, trailer,
and an Integrity Check Value.
Connectionless vs connection-oriented: The main
differentiator between TCP & UDP.
1.6 Explain the use and purpose of
network services.
Dynamic Host Configuration Protocol (DHCP): Automatic
assignment of IP addresses to devices on the local network.
Confined to the local subnet. Uses the IPv4 broadcast domain.
Stops at the router.
Scope: A single configurable contiguous pool of IP
addresses that can be leased to clients.
Exclusion ranges: A configurable range of IPs that do
not get leased to clients.
Reservation: See static assignment.
Dynamic assignment: The server has a pool of
addresses to hand out, they get reclaimed after a lease
period (if unused).
Static assignment: Hosts get designated a static IP
address by the DHCP server. Hosts are identified by
MAC address.
Lease time: DHCP addresses renew at the following
times, in the following order - T1: 50% of the lease
time; T2: 87.5% (7/8ths) of the lease time, from any
DHCP server. T2 only takes effect if the original DHCP
server is down.
DHCP relay: Routers can be configured as DHCP
relays in order to extend DHCP functionality beyond
the local subnet.
IP helper/UDP forwarding: See DHCP relay.
DNS: Domain Name System. Used to translate domain names
to IP addresses.
Record types
Address (A vs AAAA): A = IPv4 address; AAAA
= IPv6 address.
Canonical name (CNAME): Aliasing.
Mail exchange (MX): Defines the host name
for a mail server.
Start of authority (SOA): Meta DNS info.
Pointer (PTR): Provides info for reverse DNS
lookups.
Text (TXT): Human readable information.
Commonly used for Sender Policy Framework
(SPF) and Domain Keys Identified Mail (DKIM).
Service (SRV): A record pointing to other
services on the domain (i.e. LDAP, VOIP).
Name server (NS): Lists the nameservers
associated with the domain.
Global hierarchy
Root DNS servers: 13 root server clusters.
Internal vs external: Self explanatory: where are the
DNS servers?
Zone transfers: Zone transfers are used to copy a
domain’s database from a primary server to a
secondary server.
Authoritative name servers: Cached responses are
non-authoritative.
Time to live (TTL): Configured on the authoritative
server. Specifies how long a cache is valid in seconds.
DNS caching: The storage of retrieved DNS results on
a host.
Reverse DNS: Provide the DNS server with an IP
address and receive a Fully Qualified Domain Name
(FQDN) in return.
Reverse lookup: dig -x 93.184.216.34. Provide the
DNS server with an IP address and receive a Fully
Qualified Domain Name (FQDN) in return.
Forward lookup: dig www.example.com. Provide the
DNS server with a FQDN. Receive an IP address in
return.
Recursive lookup: Single query from client. DNS
servers communicate between each other to sort out
the rest.
Iterative lookup: The host initiates all queries.
NTP: Network Time Protocol.
Stratum: Measure of accuracy. Starts at 0, which would
be an atomic clock. Stratum 1 would be a primary
time server. A device that pull time from a Stratum 1
device would be a Stratum 2 device.
Clients: A device that gets its NTP info from an NTP
server.
Server: A device that provides NTP info to NTP clients.
1.7 Explain basic corporate and
datacenter network architecture.
Three-tiered
Core: Web servers, databases, server applications.
Distribution/Aggregation: Manages communication
between users and the core.
Access/Edge: User facing infrastructure. Workstations,
printers.
Software defined networking: Replacing physical networking
devices with virtual versions. Split into separate, functional
layers.
Application layer/management plane: End user facing
management of the control layer.
Control layer: Manages the infrastructure
layer/control plane. Contains internal resources such
as routing tables, session tables, and NAT tables.
Infrastructure layer/data plane: Does the "real"
networking. Virtual switches, routers, and firewalls.
Spine and leaf: Services connect to leaf switches, leaf switches
connect to spine switches. Spine switches are fully meshed with
leaf switches. Leaf switches do not connect to each other. Spine
switches do not connect to each other.
Top-of-rack switching: A conceptual hierarchical
topology. Leaf switches are "on top" of hosts, etc.
Traffic flows
North-South: Traffic that is travelling in/out of the
datacenter.
East-West: Traffic between devices in the same
datacenter.
Network locations
Branch office: Local.
On-prem datacenter: A wholly self managed
datacenter.
Colocation: Your hardware in a datacenter managed
by another company.
Storage Area Networks (SAN): Appears as a local device to
end users. Block level storage/access. Requires a lot bandwidth,
may use an isolated network.
Connection types
Fibre Channel over Ethernet (FCoE): No
special hardware required, integratable with
FC setups.
Fibre Channel (FC): A specialised high speed
topology used for SANs. 2, 4, 8, and 16Gbps
transfer rates. Requires a special FC switch.
Internet Small Computer Systems Interface
(iSCSI): SCSI over a network.
1.8 Summarise cloud concepts and
connectivity options.
Deployment model
Public: Available publicly over the internet.
Private: Your own (virtualised) datacenter.
Hybrid: A mixture of private and public.
Community: Resources shared by several
organisations.
Service models
Software as a Service (SaaS): On demand, externally
hosted software.
Infrastructure as a Service (IaaS): Self managed
remote hardware.
Platform as a Service (PaaS): Serverless. No
management required, ready for development.
Desktop as a Service (DaaS): PC becomes a thin client.
Infrastructure as code: Using code to define and deploy
remote infrastructure. Entire servers can be deployed and/or
destroyed instantly.
Automation/Orchestration: Saltstack, Ansible etc.
Connectivity options
Virtual Private Network (VPN): Site to site encrypted
tunnelling.
Private-direct connection to cloud provider: Virtual
Private Cloud (VPC) endpoint to cloud provider.
Multitenancy: Shared hosting.
Elasticity: Rapid scaling of resources.
Scalability: See elasticity.
Security implications: Need to be adjusted according to the
context.
2. Network Implementations
2.1 Compare and contrast various
devices, their features, and their
appropriate placement on the network.
Networking devices
Layer 2 switch: Layer 2 device. Forwards packets based
on destination MAC addresses.
Layer 3 capable switch: Layer 3 device. Managed
switch. Switch/router/firewall, all in one.
Router: Layer 3 device. Routes traffics between IP
subnets.
Hub: Layer 1 device. Half duplex. Any incoming traffic
is repeated out to all other ports.
Access Point: Layer 2 device. Extends a wired network
onto a wireless network.
Bridge: Layer 2 device. A switch with not many ports
(2 to 4).
WLAN controller: Provides centralised management of
WAPs.
Load balancer: Distributes request load between
multiple web servers. Provides redundancy and fault
tolerance.
Proxy server: Usually sits between users and the
external network. Handles requests and responses on
the users behalf.
Cable modem: A modem that connects to a cable
service over DOCSIS (Data Over Cable Service
Interface Specification.
DSL modem: Commonly ADSL. Uses telephone lines.
Repeater: Layer 1 device. Receives a signal, amplifies,
and forwards.
Voice gateway
Media converter: Layer 1 device. Converts between
network mediums i.e. copper > fibre or vice versa.
Intrusion Prevention System (IPS)/Intrusion Detection
System (IDS): Analyses network traffic. IDS alerts when
attacks occur, IPS prevents attacks.
Firewall: Layer 2/3 devices. Filters traffic by port
number, IP address, or application.
VPN headend: A purpose built VPN gateway.
Networked devices
VOIP phone: Self explanatory.
Printer: Self explanatory.
Physical access control devices: Devices that control
physical access to rooms etc. Card readers, biometric
authenticators, pin pads.
Cameras: Self explanatory.
Heating, Ventilation, and Air-Conditioning (HVAC)
sensors: Self explanatory.
Internet of Things (IoT): The trend of connecting
random things that don't need to be networked, to the
internet. VLAN'd.
Refrigerators: Self explanatory.
Smart speakers: Self explanatory.
Smart thermostats: Self explanatory.
Smart doorbells: Self explanatory.
Industrial control systems/Supervisory Control And
Data Acquisition (SCADA): Control of
factory/farm/warehouse/manufacturing equipment,
commonly seen on
https://computernewb.com/vncresolver/
2.2 Compare and contrast routing
technologies and bandwidth
management concepts.
Routing
Dynamic routing: Handle the updating of routing
tables within routers by seeking other routers nearby
while simultaneously advertising their own presence.
Protocols: Determine the optimal routing
path.
Routing Internet Protocol (RIP):
Distance vector routing protocol
(takes the path with fewest hops).
Enhanced Interior Gateway Routing
Protocol (EIGRP): Distance vector
routing protocol (takes the path with
fewest hops).
Open Shortest Path First (OSPF): Link
state routing protocol. Takes
bandwidth into account, will take the
fastest route to destination
disregarding the number of hops
required.
Border Gateway Protocol (BGP):
Hybrid protocol. Uses distance vector
+ link state criteria, plus network
policies and/or configured rule sets to
determine the optimal path to
destination.
Link state vs distance vector vs hybrid: See
above for explanation and examples.
Static routing: You define where the next hop
will be by manually editing the routing table.
In routing tables, lower numbers in the metric
column have higher priority. Administrative
distance numbers also are prioritised with
lower numbers first - administrative distances
prioritise different routing protocols.
Default route: Used if there are no valid
options in the routing table. The gateway of
last resort.
Exterior vs interior: In relation to the local
network.
Time To Live (TTL): A number attached to
packets that reduces by 1 at every hop. When
it reaches 0, the packet is destroyed. Prevents
indefinite loops from occurring.
Bandwidth management
Traffic shaping: The prioritising of traffic according to
protocol/application.
Quality of Service (QoS): Same as traffic shaping.
2.3 Given a scenario, configure and
deploy common Ethernet switching
features.
Virtual Local Area Network (VLAN): Segmentation of single
physical networks into multiple logical networks.
Voice VLAN: A separate VLAN for VOIP data that can be
prioritised over general data.
Port configurations:
Port tagging/802.1Q: The addition of a tag to the L2
frame with VLAN info.
Port aggregation:
Link Aggregation Control Protocol (LACP):
Used in the management of Link
Aggregation/Port Bonding, which is
aggregation of multiple switch ports in order
to make them act as a single interface.
Duplex: Full duplex Ethernet can send and receive
data simultaneously. Half duplex Ethernet can send
and receive data, but not at the same time. Simplex
Ethernet can only send information in one direction.
Speed: Self explanatory? Ethernet/ports can be built to
handle different speeds. 10/100/1,000/10,000
Flow control: Implemented when data is being
transmitted faster than it can be accepted at the
receiving end. A PAUSE frame is sent, halting the
transmission of data for a specified amount of time
(represented by a two-byte unsigned integer (aka up
to 65535 seconds).
Port mirroring: Mirroring a copy of packets seen on
one switch port (or entire VLAN), to a network
monitoring connection on another switch port. Can be
also be implemented on virtual hardware.
Port security: Prevents unauthorised MAC addresses
from accessing the switch. AKA MAC address
whitelisting.
Jumbo frames: The typical MTU of an Ethernet frame
is 1,500 bytes. Jumbo Frame compatibility bumps this
up to 9,000 bytes.
Auto Medium Dependent interface crossover (MDIX): _Implements MDIX via software (so you don't
need to use a crossover cable).
Media Access Control (MAC) address tables: A table used
internally by layer 2 devices, which links MAC addresses to
physical ports/interfaces.
Power over Ethernet (PoE)/Power over Ethernet plus (PoE+):
Self explanatory. The + version increases the wattage.
Spanning Tree Protocol: No TTL for Ethernet frames - only IP
packets - so loops can occur in switches and other layer 2
devices. STP identifies whether a loop would be created with
the devices current configuration.
Carrier Sense Multiple Access with Collision Detection
(CSMA/CD): On networks with multiple devices, CSMA/CD
defers data transmission until no other devices are
transmitting when a collision is detected. Jams all traffic and
each device begins to retransmit after a random time.
Address Resolution Protocol (ARP): A protocol for retrieving
MAC addresses via IP addresses.
Neigbhour Discovery Protocol (NDP): IPv6 version of ARP.
2.4 Given a scenario, install and
configure the appropriate wireless
standards and technologies.
802.11 Standards: 802.11 == WiFi
a: 1999, 5GHz, 54Mbps, 20MHz.
b: 1999, 2.4GHz, 11Mbps, 20MHz.
g: 2003, 2.4GHz, 54Mbps, 20MHz.
n (WiFi 4): 2009, 2.4GHz/5GHz, 150Mbps/600MBps, 4
x MIMO, 20/40/80MHz.
ac (WiFi 5): 2014, 5GHz, 857Mbps/6.9Gbps, 8 x DL
MU-MIMO, 20/40/80/80+80/160MHz.
ax (WiFi 6): 2021, 2.4GHz/5GHz, 1201Mbps/9.6Gbps, 8
x bi-directional MU-MIMO, 20/40/80/80+80/160MHz.
Frequencies and range
2.4GHz: Better range.
5GHz: More bandwidth.
Channels: Groups of frequencies, some overlap. Channel width
can be 20MHz, 40MHz, 80MHz, or 160MHz.
Channel bonding: Combining two adjacent wireless channels
to increase bandwidth/throughput.
SSID (Service Set Identifier)
Basic service set: MAC address of SSID.
Extended service set: One SSID across multiple WAPs.
Independent basic service set (ad-hoc): No AP
required.
Antenna types
Omni: Signal is distributed on all sides. Common.
Directional: Signal is distributed in a single direction.
Provides increased signal distance.
Encryption standards
WiFi Protected Access (WPA): 2002. Replaced WEP.
Every packet gets a 128 bit encryption key.
WiFi Protected Access 2 (WPA2): 2004.
WiFi Protected Access 3 (WPA3): 2018.
Cellular technologies
Code Division Multiple Access (CDMA): Each call used
a different code, which were used to filter the calls on
the receiving side.
Global System for Mobile Communications (GSM):
Had 90% of the market and worldwide coverage. Used
multiplexing.
3G: 1998. Several Mbps.
4G/LTE: 150Mbps. LTE Advanced (LTE-A) increased this
to 300Mbps.
5G: 2020. 100 - 900Mbps. Will eventually reach
10Gbps.
Multiple Input, Multiple Output (MIMO) and Multi User
MIMO (MU-MIMO): MIMO enables multiple streams of traffic
to be transmitted. MU-MIMO enables dedicated streams per
device(?).
3.0 Network Operations
3.1 Given a scenario, use the
appropriate statistics and sensors to
ensure network availability.
Performance metrics/sensors
Device/chassis
Temperature: Self explanatory.
CPU usage: Self explanatory.
Memory: Self explanatory.
Network metrics
Bandwidth: The rate of data transfer.
Latency: Delay between request and response.
Jitter: Time between frames i.e. in video calls.
SNMP: Simple Network Management Protocol is an Internet
Standard protocol used to monitor and manage the network
devices connected over an IP. Different devices like routers,
switches, firewalls, load balancers, servers, CCTV cameras, and
wireless devices communicate using SNMP.
Traps: Network device self monitors/gathers its own
SNMP data (rather than having to be constantly be
polled by a remote workstation). The data on the
device is sent to a remote workstation when a certain
event occurs, or when data gathered reaches a certain
threshold.
Object Identifiers (OIDs): Object Identifier. This is the
data contained within the MIBs.
Management Information Bases (MIBs): A database of
statistics contained within network
infrastructure/devices.
Network device logs
Log reviews
Traffic logs
Audit logs
Syslog: A standard protocol for message
logging. Logs from multiple sources are
consolidated and organised.
Logging levels/severity levels: Not all logs have the
same priority i.e. debug and general information vs
high level critical alerts. Configurable.
Interface statistics/status
Link state (up/down)
Speed/duplex
Send/receive traffic
Cyclic Redundancy Checks (CRCs)
Protocol packet and byte counts
Interface errors or alerts
CRC errors: Cyclic Redundancy Check error - occur
when Ethernet frames are corrupted.
Giants: A frame larger than 1518 bytes (unless using
jumbo frames, which can be up to 9000 bytes).
Runts: An Ethernet frame smaller than the minimum
size (64 bytes).
Encapsulation errors: Occur when Ethernet frames
that use incompatible encapsulation methods are
transferred between devices.
Environmental factors and sensors: Self explanatory.
Temperature: Self explanatory.
Humidity: Self explanatory.
Electrical: Self explanatory.
Flooding: Self explanatory.
Baselines: A standard level of performance for a network used as something to compare to when trying to identify
errors or other patterns in network performance.
NetFlow data: A standard statistics collection method that
involves a probe (a device within the network) and collector (a
device that receives the information from the probe).
Uptime/downtime: A useful data point for troubleshooting.
Defines whether a service/interface is up or down (and for how
long).
3.2 Explain the purpose of
organisational documents and policies.
Plans and procedures
Change management: A formal plan regarding how
to make a change to network.
Incident response plan: A formal plan regarding what
to do if a certain type of incident occurs i.e. security
incident.
Disaster recovery plan: A formal plan regarding what
to do if a disaster occurs.
System life cycle: A plan for physical asset disposal.
Standard operating procedures: Documentation for
standard procedures such as infrastructure downtime,
software upgrades etc.
Hardening and security policies
Password policy: The policy defining minimum
password requirements.
Acceptable use policy: Defines acceptable use of
company assets.
Bring your own device (BYOD) policy: Defines whether
or not employees can bring/use their own device
rather than a device provided by the company.
Remote access policy: Documents security methods
required to be in place when requiring internal
resources from a remote location.
Onboarding and offboarding policy: Policies defining
how onboarding new employees and terminating
current employees should take place.
Security policy: Details all of the policies and
procedures regarding security. Contains many other
policies.
Data loss prevention: Policies defining how sensitive
data is transferred to/from/within a network.
Common documentation
Physical network diagram: A diagram showing all
network devices and how they are interconnected.
Floor plan: Shows the wired and wireless
networks within a building, including access
points and cabling.
Rack diagram: A logical diagram showing the
devices and layout of a rack.
Intermediate Distribution Frame (IDF)/Main
Distribution Frame (MDF) documentation:
The documenting of the layout of IDFs/MDFs.
Logical network diagram: A diagram showing the
devices and layout of a network.
Wiring diagram: Self explanatory.
Site survey report
Audit and assessment report: A report, following an
audit, to validate existing security policies.
Baseline configurations: A measure of "performance"
over time. Ambiguous.
Common agreements
Non Disclosure Agreement (NDA): Agreement
between parties that certain information will remain
undisclosed.
Service Level Agreement (SLA): The minimum terms
for services provided between parties (usually between
customers and service providers).
Memorandum Of Understanding (MOU): Expresses a
convergence of will between two or more parties,
indicating an intended common line of action. Not a
contract.
3.3 Explain high availability and disaster
recovery concepts and summarise which
is the best solution.
Load balancing: Service load is shared among components. If
a component fails or the load is too high, the service is able
distributed from the remaining components.
Multipathing: Multiple NICs in a server, each connecting to
their own router/switch to provide redundancy.
NIC teaming: Multiple NICs in a server, however the server as
a whole appears as a single NIC.
Redundant hardware/clusters: Having more than one of each
component in the network (i.e. switches, routers, firewalls), so
that if one device fails, an alternate can be switched to (usually
automatically).
Switches
Routers
Firewalls
Facilities and infrastructure support
Uninterruptible Power Supply (UPS): A battery that
sits between equipment and the mains power,
allowing devices to stay powered for a short time if
there is a blackout.
Power Distribution Units (PDUs): A device with
multiple power outlets. Some have network
connectivity.
Generator: Self explanatory.
HVAC: Self explanatory.
Fire suppression: Self explanatory.
Redundancy and High Availability (HA) concepts
Cold site: An empty building/warehouse.
Warm site: A datacenter with empty racks. BYO
hardware.
Hot site: A (managed?) datacenter used for backups,
usually with a 1:1 copy of hardware and data as the
main hardware/data.
Cloud site: Using a cloud provider for typical
datacenter services..
Active-active vs active-passive: Having two devices
synchronised, for redundancy. AA: two devices,
synchronised, used simultaneously; AP: two devices,
synchronised, with only one device in use at a time.
Multiple ISPs/diverse paths: Multiple paths to
and from a destination. Involves advanced
dynamic routing protocols.
Virtual Router Redundancy Protocol
(VRRP)/First Hop Redundancy Protocol
(FHRP):
VRRP: A virtual IP that points to the
router. If the router fails, the IP shifts
to the next available router. The
host/workstation uses the same IP to
reach the router and to it, it appears
nothing has changed.
FHRP: Configuration of multiple
routers to provide redundancy for the
first hop. If a router fails, functionality
is provided by an alternate default
gateway.
Meant Time to Repair (MTR): How long is required to
fix a certain issue?
Mean Time Between Failure (MTBF): Self explanatory.
Recovery Point Objective (RPO): How much data
needs to be available, before the service/system can be
classified as "normal" or "available" or "back up and
running".
Network device backup/restore: Self explanatory.
State: The state of the network device.
Configuration: The configuration of the network
device.
4.0 Network Security
4.1 Explain common security concepts.
Confidentiality, Integrity, Availability (CIA)
Confidentiality: Ensuring information is only available
to certain people.
Integrity: Ensuring data is transferred/stored
unmodified.
Availability: Ensuring access to information is
available.
Threats: People who have the ability to exploit systems.
Internal: Threats from people who are authorised/have
access to systems (i.e. employees).
External: Threats from people who are not
authorised/do not have access to the system (i.e. not
employees).
Vulnerabilities
Common Vulnerabilities and Exposures (CVEs): A
database of known exploits and vulnerabilities.
Zero days: Yet to be published vulnerabilities.
Exploits: Taking advantage of vulnerabilities.
Least privilege: Granting all users the minimal amount of
privileges needed to do their job properly.
Role-based access: People are granted a set of permissions
according to their position in the organisation i.e. manager,
team leader etc.
Zero trust: Every device, for every user, has to be authorised
and approved before gaining access to internal resources
(every time).
Defense in depth
Network segmentation enforcement: Seperation of
networks, to ensure that no single person is able to
access the whole network and all devices on it.
Screened subnet/DMZ: A portion of the network
configured for public access.
Separation of duties: Ensuring that no single person
has "all" of the (security relevant) knowledge.
Network Access Control (NAC): IEEE 802.1X.
RADIUS/EAP. No network communication until
authorised and authenticated (logged-in).
Honeypot: Something designed to attract bad actors.
Authentication methods
Multifactor: Multiple methods of authentication
required.
Terminal Access Controller Access Control System
Plus (TACACS+): An old remote authentication
protocol. Generally used for network devices.
Single Sign On (SSO): Single sign-on is an
authentication scheme that allows a user to log in
with a single ID to any of several related, yet
independent, software systems. True single sign-on
allows the user to log in once and access services
without re-entering authentication factors.
Remote Authentication Dial In User Service (RADIUS):
Provides a centralised server-based database of user
authentication details. Versatile.
LDAP: A protocol for reading and writing directories
over a network.
Kerberos: Authenticate once, trusted by the entire
system.
Local authentication: Authentication credentials are
stored on the local device. Manual and cumbersome
but reliable.
802.1X: See Network Access Control (NAC).
Extensible Authentication Protocol (EAP): An
authentication framework, comes in many flavours,
tightly integrated with IEEE 802.1X.
Risk management
Security risk assessments
Threat assessment: Researching potential
threats.
Vulnerability assessment: Minimally invasive
tests to compare your system/network with a
set of known vulnerabilities.
Penetration testing: Attempting to actively
exploit any vulnerabilities within a
system/network.
Posture assessment: Ensuring a set of
requirements are met before a device is
authorised to interact with the network.
Business risk assessments
Process assessment
Vendor assessment: Assessing the risk of data
sharing with vendors/service providers.
Security Information and Event Management (SIEM): A
centralised (documentation) database in which all security
events and information is recorded.
4.2 Compare and contrast common
types of attacks.
Technology based
Denial of Service (DOS)/Distributed Denial of Service
(DDOS): Forcing a service to fail, usually by
overloading a server with traffic.
Botnet/command and control: A botnet is a
system being maliciously controlled. They are
controlled from centralised servers called
command & control servers.
On path attack/Man In The Middle (MITM): An
attacker sits between a user and a web service,
intercepting traffic.
DNS poisoning: If you can modify the DNS server, or
the client host file, or send fake DNS responses, you
can redirect traffic to wherever you like (rather than
from where it was originally requested).
VLAN hopping: Hopping onto an alternate VLAN on a
network segmented by VLANs. Done by either
pretending to be a trunk connection, or encapsulating
a second VLAN tag within the "actual/legitimate"
VLAN tag (double tagging).
ARP spoofing: Hijacking the ARP procedure in order
to have a certain device appear as another device on
the local network. Synonymous with IP spoofing.
Rogue DHCP: A malicious DHCP server, overriding the
legitimate DHCP server. DHCP snooping can be
activated at the switch to prevent this.
Rogue AP: Unauthorised WAP. Can be used for MITM
attacks.
Evil twin: A malicious wireless access point with a
similar SSID to a legitimate network.
Ransomware: Software that encrypts your files. The
distributor of the software usually requests payment to
unencrypt the data.
Password attacks
Bruteforce: A known hash is compared with
the hashes of many possible iterations of
passwords, until a hash is found.
Dictionary: The same as a bruteforce/hash
attack, but uses words from the dictionary
rather than every single possible iteration of
characters.
MAC spoofing: MAC addresses can be changed.
IP spoofing: See ARP spoofing.
Deauthentication: A DoS attack which prevents users
from connecting to a wireless network. aircrack-ng.
Malware: Malicious software.
Human and environmental
Social engineering
Phishing: The fraudulent practice of sending
emails purporting to be from reputable
companies in order to induce individuals to
reveal personal information, such as
passwords and credit card numbers.
Tailgating: When an authorised person allows
an unauthorised person to access a restricted
(physical) location i.e. through a locked door.
Piggybacking: The same as tailgating, but
with permission from the authorised person.
Shoulder surfing: Someone looking at your
monitor over your shoulder.
4.3 Given a scenario, apply network
hardening techniques.
Best practices
Secure SNMP: SNMPv1 & SNMPv2 do not use
encryption. Use SNMPv3.
Router Advertisement (RA) Guard: IPv6 routers
periodically announce their presence. A malicious
actor could pretend to be a router, opening up
vulnerabilities. Switches can limit RA messages to
certain devices.
Port security: A MAC address whitelist for switches.
Only authorised devices are given access to the
network.
Dynamic ARP inspection: Inspection of ARP packets to
prevent ARP poisoning at the switch level.
Control plane policing: Protection of the control plane
in switches via firewall utilities and rate limiting.
Private VLANs: The limiting or prevention of access
between devices on a VLAN. Used often in public
networks.
Disable unneeded switchports: It's best practice to
administratively disable unused interfaces/switch
ports.
Disable unneeded network devices: Self explanatory.
Change default passwords: Self explanatory.
Password complexity/length: Self explanatory.
Enable DHCP snooping: DHCP is inherently insecure
and unencrypted. Switches can use DHCP snooping to
essentially act as a DHCP firewall, managing the
DHCP connections.
Change default VLAN: Separate user traffic from
administrative traffic.
Patch and firmware management: Self explanatory.
Keep firmware updated.
Access Control List (ACL): Allow or disallow network
traffic based on things such as source IP, destination IP,
port number, time of day, application etc.
Role-based access: Define network access permissions
based on role in the workplace.
Firewall rules
Explicit deny: Explicitly denying traffic based
on certain criteria (see ACL above).
Implicit deny: If traffic isn't explicitly allowed,
it's implicitly denied.
Wireless security
MAC filtering: Traffic filtering based on MAC address.
Self explanatory. Not that secure because MAC
addresses can be changed.
Antenna placement: Limit who can connect to a
network by limiting number of WAPs and placing
them strategically.
Power levels: Limit transmission signal strength to
minimum viable amount. RSSI (receive)/EIRP
(transmit).
Wireless client isolation: Devices connected to a
wireless network are isolated and cannot interact with
each other.
Guest network isolation: A network which can reach
the internet, but no access to internal resources.
Preshared keys (PSKs): A key that can be distributed,
that is used to access a wireless network (rather than
using a password).
Extensible Authentication Protocol (EAP): An
authentication framework with different
implementations. Typically, users authenticate against
a database with credentials individual to them (i.e.
RADIUS).
Geofencing: Restricting access to a wireless network
depending on the users physical location.
Captive portal: A portal requiring authentication
before full network access is granted.
IoT access considerations: It's best practice to put IoT devices
on a separate network.
4.4 Compare and contrast remote access
methods and security implications.
Site to site VPN: Direct network connectivity between sites in
different locations.
Client to site VPN: Access to a network, from remote
device/client. Traffic is encrypted.
Clientless VPN: Connecting to a VPN without client
side software i.e. via a web browser.
Split tunnel vs full tunnel: Full tunnel: all traffic flows
through the VPN endpoint; Split tunnel: only traffic
destined for the private network connected to the VPN
will travel through the VPN connnection - regular
internet traffic will not use the VPN connection.
Remote desktop connection: Access a desktop environment
remotely. VNC/RDP.
Remote desktop gateway: A centralised gateway, requiring
authentication, granting access to multiple remote desktop
connections.
SSH: Encrypted remote shell access.
Virtual Network Computing (VNC): A remote desktop protocol.
Virtual desktop: A desktop where the hardware is in a different
physical location to the user/workstation.
In band vs out of band management: Out of band
management is an alternate way to interface with network
devices that does not require an internet connection i.e. via a
serial cable.
4.5 Explain the importance of physical
security.
Detection methods
Camera: Self explanatory.
Motion detection: Self explanatory.
Asset tags: The attachment of serialised tags to your
devices.
Tamper detection: Sensors that detect whether
hardware has been tampered with i.e. case opened in
UEFI.
Prevention methods
Employee training: Train your employees to snitch on
imposters.
Access control hardware: Self explanatory.
Badge readers: Self explanatory.
Biometrics: Self explanatory.
Locking racks: Self explanatory.
Locking cabinets: Self explanatory.
Access control vestibule: Multiple doors in a row, only
one can be unlocked at a time, prevents tailgating.
Smart lockers: AusPost Parcel Lockers.
Asset disposal
Factory reset/wipe configuration: Self explanatory.
Sanitise devices for disposal: Self explanatory.
5.0 Network Troubleshooting
5.1 Explain the network troubleshooting
methodology.
Identify the problem
Gather information
Question users
Identify symptoms
Determine if anything has changed
Duplicate the problem, if possible
Approach multiple problems individually
Establish a theory of probably cause
Question the obvious
Consider multiple approaches
Top to bottom/bottom to top OSI model
Divide and conquer
Test the theory to determine the cause
If the theory is confirmed, determine the next steps
to resolve the problem
If the theory is not confirmed reestablish a new
theory
Establish a plan of action to resolve the problem and identify
potential effects
Implement the solution or escalate as necessary
Verify full system functionality and, if applicable, implement
preventative measures
Document findings, actions, outcomes, and lessons learned
5.2 Given a scenario, troubleshoot
common cable connectivity issues and
select the appropriate tools.
Specifications and limitations
Throughput: Maximum data rate.
Speed: Maximum data rate.
Distance: Maximum distance of cable type.
Cable considerations
Shielded and unshielded: Shielding prevents
electromagnetic interferences. S = shielded, U =
unshielded, F = foil shielding
Plenum and riser-rated: Plenum rated cable doesn't
use PVC (or uses less toxic PVC), so as to be safer if a
fire occurs.
Cable application
Rollover cable/console cable: DB9 connectors. Usually
used for configuring network devices (these days).
Crossover cable: Used to communicate directly
between NICs (without having a router between
devices).
PoE: Power over Ethernet.
Common issues
Attenuation: The diminishing of signal strength over
distance.
Interference: Self explanatory. EMI.
Decibel loss: See attenuation.
Incorrect pinout: Self explanatory. A cable tester can
diagnose pinout issues.
Bad ports: Refers to physical (RJ45) ports/interfaces.
Open/short: Open circuit/short circuit.
LED status indicators: Indicate connectivity.
Incorrect transceivers: Important to match single
mode/multi mode receivers when using fibre. Different
light wavelengths also use different transceivers.
Duplexing issues: TX & RX should be set to the same
duplex configuration to prevent issues.
TX/RX reversed: Self explanatory.
Dirty optical cables: Self explanatory.
Common tools
Cable crimper: Crimps connectors to twisted pair
cables.
Punchdown tool: Used for punching down cables into
wiring blocks.
Tone generator: Generates a tone at one end of a
wire, to help identify where the other end of the wire
terminates.
Loopback adapter: Loop an output back into an input
on the same device. Used for testing physical ports.
Optical Time Domain Reflectometer (OTDR): Use to
estimate cable lengths, check impedance and identify
breaks or splices in the cable.
Multimeter: Used to check voltage.
Cable tester: Tests a cable to make sure its able to
transmit data and that the pinout is correct.
Wire map
Tap: Used to duplicate packet capture - similar to a
hub.
Fusion splicers: Allows two separate fibre cables to be
connected together permanently.
Spectrum analysers: Analyses wireless frequency
spectrums.
Snips/cutters: Self explanatory.
5.3 Given a scenario, use the
appropriate network software tools and
commands.
Software tools
WiFi analyser: Provides the ability to capture and
analyse WiFi network info/packets.
Protocol analyser/packet capture: WireShark.
Bandwidth speed tester: Speed test websites.
Port scanner: Software to scan a network for IP
addresses and open ports. nmap.
iperf: Bandwidth tester.
NetFlow analysers: Allows the gathering of
network/traffic statistics from NetFlow probes that
have been installed on the network.
Trivial File Transfer Protocol (TFTP) server: A bare
minimum file transfer protocol.
Terminal emulator: Self explanatory.
IP scanner: Software to scan a network for IP
addresses and open ports. nmap.
Command line tool
ping: Test reachability via ICMP and shows round-trip
time.
ipconfig/ifconfig/ip: IP/interface information.
nslookup/dig: Lookup information from DNS servers.
nslookup has been deprecated in favour of dig.
traceroute/tracert: Determines the route a packet
takes to a destination.
arp: Used to grab MAC addresses known by the local
machine. 'arp -a' to view the ARP cache.
netstat: Displays local TCP connections, routing tables,
and other statistics.
hostname: Shows the FQDN and IP address of the
device in use.
route: Shows the devices routing table. netstat -r on
macOS.
telnet: Unencrypted text based remote
communication. Useful for checking whether a port is
open.
tcpdump: Used to capture packets.
nmap: Port scanner.
Basic network platform commands
show interface: Show the interfaces on a device.
show config: Show the device configuration.
show route: Show the devices routing table.
5.4 Given a scenario, troubleshoot
common wireless connectivity issues.
Specifications and limitations
Throughput: Maximum data rate.
Speed: Maximum data rate.
Distance: Receivers distance from the access point.
Received Signal Strength Indication (RSSI) signal
strength: The strength of the received signal.
Effective Isotropic Radiated Power (EIRP)/power
settings: The strength of the transmitted signal.
Considerations
Antennas
Placement: Where are the antennas?
Type: Is it omnidirectional or unidirectional?
Polarisation: The orientation of the antenna in
relation to the earth i.e. horizontal or vertical.
TX & RX should have the same orientation.
Channel utilisation: If there are many users on a single
wireless channel, traffic congestion can occur.
AP association time: The time it takes for a device to
associate with an access point.
Site survey: Determine the wireless equipment and
usage in a certain area.
Common issues
Interference:
Channel overlap: If a channel on one access
point overlaps with the bandwidth being used
on another wireless device in the same area,
interference will occur.
Antenna cable attenuation/signal loss: Attenuation
that occurs between the wireless access point and the
switch or other device.
RF attenuation/signal loss: The further away you are
from the antenna, the weaker the signal will become.
Wrong SSID: Self explanatory.
Incorrect passphrase: Self explanatory.
Encryption protocol mismatch: Self explanatory.
Insufficient wireless coverage: Self explanatory.
Captive portal issues: Occur when user reaches data
limit, or exceeds allowed timeframe.
Client disassociation issues: A DOS attack that
prevents legitimate users from connecting to wireless
networks.
5.5 Given a scenario, troubleshoot
general networking issues.
Considerations
Device configuration review: Self explanatory.
Routing tables: If set incorrectly, traffic won't be routed
properly.
Interface status: Individual interfaces have their own
settings and statuses.
VLAN assignment: Is the device connected to the right
VLAN?
Network performance baselines: Gathering
information about the baseline network performance
can help identify trends and issues in network
performance.
Common issues
Collisions: Two devices trying to communicate at the
same time. Occurs by default on half-duplex
networks/devices such as hubs.
Broadcast storm: Large numbers of broadcasts can
cause performance issues.
Duplicate MAC address: Will cause issues. Unlikely to
occur.
Duplicate IP address: Usually occur only when IP
addresses have been set statically, or when there are
multiple DHCP servers on the same LAN.
Multicast flooding: If multicast is incorrectly
configured, multicast will flood all devices i.e. like a
broadcast.
Asymmetrical routing: When packets take a different
route on their transmitting/receiving paths. Can cause
issues with NAT & firewalls.
Switching loops: When switches create a loop on the
network that constantly sends traffic back and forth
between two switches (i.e. causing an infinite loop). No
TTL with Layer 2 communications to prevent this..
Routing loops: A loop between routers: Router A has
the next hop set to Router B, and Router B has the next
hop set to Router A.
Rogue DHCP server: DHCP is insecure, anyone can
spin up a DHCP server and start handing out IPs.
IP settings issues
Incorrect gateway
Incorrect subnet mask
Incorrect IP address
Incorrect DNS
Missing route: No next hop or default hop is set in the
routing table.
Low optical link budget: Lack of light on fibre
connections. Occurs when distances are too great, or
when there is an issue with the connectors.
Certificate issues: Certs may be expired, or the
certificate may be linked to the wrong domain name.
Certs will be invalid if the date & time is wrong on
your system.
Hardware failure: Self explanatory.
Host-based/network-based firewall settings: Self
explanatory.
Blocked services, ports, or addresses: Self
explanatory.
Incorrect VLAN: Self explanatory.
DNS issues: No URLs will resolve.
NTP issues: If times are wrong, or unsynchronised
between client & server, many things will fail.
BYOD challenges: Difficult to secure. Use MDM.
Licensed feature issues: Software licences may not be
maintained during nuke & paves.
Network performance issues: Many factors.