CH-11-13 Network Security – Network+ Guide to Networks : Book Guide

This Document Contains Chapters 11 to 13 Network+ Guide to Networks, 6th Edition Chapter 11 Solutions Review Questions 1. You work for a retailer that sells household goods online. The company has decided to redesign its network for better security. Included in this redesign is the addition of a new firewall. Assuming the firewall is placed between the Internet connection and the Web server, which of the following should be included in the firewall's configuration so that customers can still reach the Web site? a. Allow incoming UDP-based transmissions to port 23. b. Allow incoming TCP-based transmissions to port 80. c. Allow outgoing TCP-based transmissions to port 88. d. Allow outgoing UDP-based transmissions to port 1024. 2. Which of the following is the most secure password? a. 12345ABC b. dolphins c. !tlzOGS557x^^L d. A1B2C333 3. You are alerted that suddenly 100% of the resources on your two core routers are being used and no legitimate traffic can travel into or out of your network. What kind of security attack are you most likely experiencing? a. IP spoofing b. Brute force attack c. Flashing d. Denial-of-service attack 4. What type of device guards against an attack in which a hacker modifies the IP source address in the packets he's issuing so that the transmission appears to belong to your network? a. Packet-filtering firewall b. Proxy server c. NAT gateway d. Router 5. Which of the following devices can improve performance for certain applications, in addition to enhancing network security? a. Packet-filtering firewall b. NAT gateway c. Proxy server d. Router 6. If a firewall does nothing more than filter packets, at what layer of the OSI model does it operate? a. Transport b. Network c. Data Link d. Session 7. Which of the following encryption methods provides the best security for data traveling over VPN connections? a. PPTP b. L2TP c. IPSec d. SLIP 8. Which of the following criteria could a router's ACL use for denying packets access to a private network? a. Source IP address b. Authentication header c. RTT d. Source MAC address 9. Which of the following NOS logon restrictions is most likely to stop a hacker who is attempting to discover someone's password through a brute force or dictionary attack? a. Total time logged on b. Time of day c. Period of time after which a password expires d. Number of unsuccessful logon attempts 10. Which of the following can automatically detect and deny network access to a host whose traffic patterns appear suspicious? a. IPS b. NAT gateway c. Proxy server d. Router 11. If you are entering your account number and password in a Web form to check your bank account balance online, which of the following encryption methods are you most likely using? a. PGP b. SSL c. SSH d. Kerberos 12. Which of the following encryption techniques is incorporated into IP version 6? a. SSH b. SSL c. Kerberos d. IPSec 13. Which of the following is one reason WEP is less secure than 802.11i? a. WEP is only capable of 16-bit keys, whereas 802.11i can use keys up to 128 bits long. b. WEP uses only one encryption method, whereas 802.11i combines two encryption methods for data in transit. c. WEP uses the same key for authentication and encryption every time a client connects, whereas 802.11i assigns keys dynamically to each transmission. d. WEP does not require clients to specify an SSID, whereas 802.11i requires clients to specify an SSID plus a user name and password for the network's access server. 14. Using a 20-bit key is how many times more secure than using an 18-bit key? a. Two times b. Three times c. Four times d. Eight times 15. How many keys are required for public key encryption? a. One b. Two c. Four d. None 16. You are designing an 802.11n wireless network for a local cafe. You want the wireless network to be available to the cafe's customers, but not to anyone with a wireless NIC who happens to be in the vicinity. Which of the following security measures require customers to enter a network key to gain access to your network via the access point? a. SSL b. IPSec c. TLS d. WPA2 17. Which of the following requires port-based authentication? a. Kerberos b. RADIUS c. WEP d. WPA 18. Which of the following plays a crucial role in the public key infrastructure? a. IDS b. Certificate authority c. VPN concentrator d. PGP 19. Which of the following techniques would prevent an FTP bounce attack? a. Configuring your firewall to deny requests to ports 20 and 21 b. Performing a port scan of your network using NMAP c. Configuring the FTP service to require a password. d. Restricting the size of your FTP server’s memory allocation table 20. You have decided to add a honeypot to your network. Where on the network would you place it? a. On your company’s Web server b. In a decoy DMZ c. Between the access server and RADIUS server d. Attached to a workgroup switch Hands-On Projects Project 11-1 In this project students explore Web resources to find out about the latest security threats to the most common networking software and hardware. This project requires workstations that have access to the Internet and are running modern Web browsers. Steps 1 – 6: Students read about recent security threats related to Microsoft products via the Microsoft TechNet advisory service and are encouraged to consider the potential repercussions of these vulnerabilities. Steps 7 – 11: Students read about current security alerts released by CERT. Project 11-2 In this project students experiment with eavesdropping on wireless connections using the protocol analyzer application, Wireshark. Each student’s workstation should be running the Windows 7 operating system, have a functional wireless NIC, a modern Web browser, Internet access, and have the Wireshark application installed. (However, Wireshark can also run on other operating systems, including Linux, and this project could be easily altered to work with other operating systems.) In addition, each classroom should have an access point configured to broadcast its SSID and, at first, to not use WEP, WPA, WPA2, or any other encryption method. Steps 1 – 9: Students make certain their wireless LAN connection is properly configured to associate with the classroom access point and to not to use encryption. They then initiate a connection via the access point. Steps 10 – 13: Students launch Wireshark and instruct the program to begin capturing packets. Note: If workstations contain more than one NIC, students must choose the correct wireless NIC from the drop-down list of interfaces in the Capture dialog box in Wireshark or no data will be captured. Steps 14 – 18: Students open a browser and navigate to the text-based RFC for 802.1x (RADIUS). Steps 19 – 22: In Wireshark, students stop the capture and view the data captured by Wireshark, noting that the RFC text they viewed in a browser window appears plainly as part of the HTTP stream they captured. Project 11-3 This project picks up where Project 11-2 left off. For this project, students need a Windows 7 workstation that has the protocol analyzer program Wireshark installed. Also, for this project, the access point should be configured to broadcast its SSID and to use WPA2 encryption. Steps 1 – 4: Students reconfigure their wireless connections so that they use WPA and the correct passphrase. Step 5: After reassociating with the access point, students repeat Steps 10 through 22 from Project 11-2, setting Wireshark to capture traffic, and then generating traffic to analyze. Step 6: Students review the (encrypted) data they obtained from the second capture and compare it to the data they viewed in Project 11-2. Case Projects Case Project 11-1 The credit union has a head start on some security measures, such as cameras and a security policy. Potential security risks include: • RRAS server (does it require sufficient credentials for authentication?) • Firewall (is it configured properly?) and Internet access • Web-based transactions (what are the security measures—such as strong encryption—for protecting data via the Internet?) • Security policy (is it effective, current, thorough, and enforced?) Are secure passwords enforced (for example, the minimum length and complexity requirements)? Is there a team in place for dealing with security breaches? • Users’ access to resources. Is it limited to only what the users need? Is the access restricted to certain times of day or duration based on the users’ needs? • Trusted relationships between Linux database hosts and other servers. Are these relationships limited to only the necessary privileges? • The T1 link between offices. Are the routers configured to limit what type of traffic can go in and out via the T1 connection? • Windows Server 2008 R2 operating system. Is the NOS being consistently updated with security service packs or patches from Microsoft? • Linux operating system – is it being consistently updated according to the vendor’s recommendation? A checklist for their posture assessment should include (at least): • List of who has permissions to which directories on what server(s) • Justification for each group and individual permission • Windows Server 2008 R2 operating system – e.g., are all the default passwords (such as the administrator account’s) changed? • Linux operating system check • Review of the corporate security policy to make sure it’s current and thorough and that all users understand its implications • Description of what happens when security is breached, and assignment of a security response team • Policies for logging into the remote access server (password restrictions, time of day restrictions, number of concurrent users, resource restrictions, etc.) • Firewall policies (what filters are present for inbound and outbound traffic?) Case Project 11-2 Some techniques that will help wireless security include WPA or WPA2, creating an access list for the access points (if they are also wireless routers), preventing the access points from broadcasting their SSIDs, etc. Security can be stricter for employee WLANs, since access is limited to internal users. Public WLANs, for example, are not conducive to access list limitations, for example. Case Project 11-3 An expansion of 10 users would probably be best serviced by a VPN solution, since the credit union already has an Internet connection established. With so few users, it probably doesn’t make sense to lease office space (depending on what area of the country they’re in, and the cost of office space). In either case, though, security must be implemented at the point where VPN or remote users connect to the headquarters’ network. With a remote office, it might be an ISDN line with a remote access server. For a VPN, a similar remote access server could be used on the other side of their Internet connection. In both cases a RADIUS server might be a good way of centrally authenticating all remote users. If placed at the headquarters, this radius server could be used for the east side office as well as home workers. It would provide another layer of security (in addition to the firewall) for Internet access. Network+ Guide to Networks, 6th Edition, Lab Manual Chapter 11 Solutions. Lab 11.1 Review Questions 1. Which of the following best describes authentication? a. The process of verifying the precise spelling of a username b. The process of accepting and matching a username with unique account information, such as a password c. The process of replicating user logon information from one domain controller to the others on a network d. The process of tracking a user’s logon habits and collecting that information in an audit log 2. How does knowing about failed logon attempts help a network administrator’s security efforts? a. The information could help her determine whether stricter password requirements need to be implemented. b. The information could help her refine the NOS schema. c. The information could help her determine whether an unauthorized user is attempting to log on with that username. d. The information could help her predict the likelihood of future security breaches. 3. Which of the following tools allows you to view security events that have occurred on a Windows Server 2008 computer? a. Event Viewer b. Authentication Log c. Domain Security Policy d. Domain Controller Security Policy 4. In the context of Windows networking, why must failed logon attempts be recorded by a domain controller instead of by any random server on the network? a. Only a domain controller has the resources necessary to record and hold the volume of information that auditing requires. b. Domain controllers contain a complete set of Windows Server 2008 computer administrative tools, whereas other servers do not. c. Domain controllers typically provide Web and remote access, enabling a network administrator to remotely audit events on a network. d. Domain controllers authenticate users. 5. As a network administrator, what should you do if you notice that a user account has experienced multiple failed logon attempts? a. Revoke the user’s logon privileges. b. Change the user’s password. c. Contact the user to find out whether she is having trouble logging on. d. Limit the times of day during which that user account may log on. Lab 11.2 Review Questions 1. Which of the following security risks can potentially be addressed by applying a new patch to a software program? a. Social engineering b. Insecure data transmissions between a Web client and Web server c. IP spoofing d. RF emission over a wireless network 2. Which of the following methods of accessing files over the Internet is the most secure? a. HTTP b. HTTPS c. TFTP d. FTP 3. Which of the following types of software can be patched to improve their security? (Choose all that apply.) a. Router OS b. Web browser c. E-mail client d. Workstation OS 4. Which of the following types of transmission media is the most secure? a. Fiber-optic cable b. Infrared wireless c. Shielded twisted-pair cable d. Coaxial cable 5. Which of the following network enhancements can introduce new security risks? (Choose all that apply.) a. Adding remote access for users who travel b. Adding time-of-day restrictions for logons c. Modifying a tape backup rotation scheme d. Providing Web access to a server’s data files Lab 11.3 Review Questions 1. Which of the following is a potential weakness in using restrictions on either Network layer addresses or Data Link layer addresses to control access to a network or server? a. For a machine on the same network, both Network and Data Link layer addresses may be configured manually. b. For a machine on an external network, both Network and Data Link layer addresses may be configured manually. c. Network address restrictions typically require more maintenance. d. Network layer addresses may be configured manually, whereas Data Link layer addresses may not. 2. Which files on a Linux server are used to configure TCP Wrappers? (Choose all that apply.) a. /etc/hosts b. /etc/hosts.allow c. /etc/hosts.deny d. /etc/tcpwrappers 3. Which of the following network security methods provides the greatest resistance to unauthorized external file access on a server? a. A central computer room that is accessible only to authorized personnel through hand scanning b. An NOS that is configured to allow logons only during the hours of 8:00 a.m. to 5:00 p.m. c. An NOS that requires users’ computers to have an address that matches one belonging to their LAN segment to log on to the server d. A proxy server that disguises transmissions issued from clients on a private LAN 4. What is the best defense against social engineering? a. A strong security policy and educating users b. Employing Kerberos authentication for all users c. Configuring a firewall to accept transmissions only from certain IP addresses d. Limiting the ports on a server through which client communication may take place 5. In which of the following situations would it be most beneficial for a network administrator to employ network address restrictions on a TCP/IP-based network (that does not use DHCP) to improve security? a. A salesperson accesses a company’s network via a dial-up connection to upload sales data every night. b. A corporate executive frequently travels to a company’s various locations and requires access to confidential information on the server. c. A new employee is working on tutorials in temporary quarters until her office can be completely furnished. d. A contractor works on a project from a cubicle specially designated and furnished for use by consultants. Lab 11.4 Review Questions 1. Encrypted protocols such as SSH do not send passwords over the network. True or False 2. In which of the following situations would it be most beneficial for a network administrator to restrict the time of day during which the users can log on to the network to improve security? a. A salesperson accesses a company’s network via a dial-up connection to upload sales data every night. b. Groups of customer service representatives access customer financial data during regular business hours. c. A corporate executive frequently travels to a company’s various locations and requires access to confidential information on the server. d. A group of engineers is establishing an international office in a country several time zones away from the server’s location. 3. What is the practice of falsifying an IP address called? a. Spoofing b. Faking c. Impersonating d. Configuring a secondary IP address 4. Which of the following encryption methods is commonly used to secure transmissions over virtual private networks (VPNs)? a. Kerberos b. RAS c. PGP d. IPSec 5. If someone floods your gateway with so much traffic that it cannot respond to or accept valid traffic, what type of security breach has she caused? a. IP spoofing b. Social engineering c. Denial of service d. Trojan horse Lab 11.5 Review Questions 1. What does SSID stand for? a. Service set identifier b. Security service Internet domain c. Security station identification d. Simple security Internet device 2. WEP, WPA, and WPA2 are all forms of wireless . a. Access b. Routers c. Services d. Encryption 3. What can you use to limit access to certain computers? a. Encryption b. MAC filtering c. Remote administration d. A strong password Lab 11.6 Review Questions 1. What is an organizational unit? a. A department or division within an organization b. A container used to group users with similar permissions and rights c. A container used to group similar objects such as users or groups d. An organization 2. If a user is assigned Read permissions to a folder, what may he do with the folder’s contents? (Choose all that apply.) a. View the listing of files in the folder. b. Launch executable files in the folder. c. Delete files in the folder. d. View the contents of files in the folder. 3. If a user is assigned Modify permissions to a folder, what may she do with the folder’s contents? (Choose all that apply.) a. View the list of files in the folder. b. Launch executable files in the folder. c. Delete files in the folder. d. View the contents of files in the folder. 4. Which of the following is a potential advantage of delegating user administration to another user? (Choose all that apply.) a. The network administrator can concentrate on more important network maintenance issues. b. One or more users in each department can handle user administration for their department. c. It allows large network administration departments to delegate tasks. d. It allows each user in a department to handle the administration of his own account. 5. By default, what permissions do users in the Everyone group have to a newly shared Windows Server 2008 folder? a. Read and Execute only b. List Folder Contents only c. Full Access d. By default, users have no rights to newly shared folders. 6. In this lab, you grouped users in the same department into organizational units and then used the organizational units to delegate permissions within them. What is another approach you could have used to perform the same task? a. Group each department into separate forests. b. Group each department into separate domains in the same tree. c. Create a new forest for each department. d. Group each department into separate workgroups within the same tree. Network+ Guide to Networks, 6th Edition Chapter 12 Solutions Review Questions 1. You have decided to establish a VoIP system in your home. Which of the following devices is necessary to connect your analog telephone to your VoIP server? a. Codec b. IP-PBX c. Softphone d. ATA 2. Skype, the popular Internet telephony service, provides a user with what type of interface? a. IP phone b. Analog telephone c. Softphone d. IP-PBX 3. A company’s use of VoIP on its WAN to avoid long distance telephone charges is known as: a. Toll bypass b. WAN redirect c. Fee gauging d. Circuit redirect 4. Which of the following is the most popular signaling protocol used on traditional, circuit-switched PSTN connections? a. SIP b. SS7 c. H.323 d. MEGACO 5. Watching a YouTube video on the Web is an example of which of the following types of video-over-IP services? a. Videoconferencing b. Streaming video c. IP multicasting d. IPTV 6. In an IPTV system, which of the following functions does a set top box perform? a. Decodes video signals and issues them to a television b. Determines the appropriate amount of bandwidth necessary to deliver a requested video and adjusts the connection accordingly c. Interprets multicast routing protocols to determine the most efficient means of distributing video signals d. Generates video content based on a subscriber’s channel selection 7. What type of video-over-IP service relies on full-duplex communication? a. Webcasting b. Streaming video c. Videoconferencing d. IPTV 8. What protocol manages addressing for multicast groups? a. IGMP b. MGCP c. MEGACO d. H.245 9. Which of the following protocols would be used by a video bridge to invite a video phone to join a videoconference? a. MGCP b. H.225 c. IGMP d. RSVP 10. Suppose your organization’s PSTN and VoIP systems are integrated, and that your VoIP system adheres to architecture specified in H.323. Which of the following performs translation between the PSTN’s signaling protocols and H.323 on your network? a. H.323 terminal b. H.323 gatekeeper c. H.323 gateway d. H.323 zone 11. You are using Skype to initiate a video call with a friend in another state. Which of the following protocols is generating segments at the Transport layer of this transmission? a. ICMP b. TCP c. FTP d. UDP 12. What function does the H.225 protocol provide, as part of the H.323 VoIP specification? a. Handles call setup, call routing, and call termination b. Controls communication between media gateways and media gateway controllers c. Ensures that signals issued to an H.323 terminal are in a format that the terminal can interpret d. Indicates priority of each IP datagram 13. In SIP, which of the following network elements maintains a database with network address information for every SIP client? a. Redirect server b. Registrar server c. Domain server d. Proxy server 14. Which of the following are reasons for choosing SIP over H.323? (Choose two.) a. SIP is an older, more reliable standard. b. SIP has limited functionality, which makes it more flexible. c. SIP messages use fewer processing resources. d. SIP includes QoS mechanisms that make it more dependable. e. SIP supports a wider range of voice and video codecs. 15. Which of the following devices enable multiple media gateways to communicate? a. VoIP router b. IP-PBX c. MGC d. IP phone 16. At what layer of the OSI model does RTP operate? a. Transport b. Presentation c. Session d. Application 17. What can RTCP do that RTP cannot? a. Issue timestamps for every transmission b. Assign sequence numbers to each packet in a transmission c. Report on the degree of packet loss and delay in a connection d. Modify each IP datagram to assign a priority level 18. How does RSVP help improve QoS? a. It assigns a label to each IP datagram that will be read and modified by every router in the data’s path. b. It continually assesses the status of likely routes in the transmission’s path and dynamically modifies IP datagrams as they’re issued with instructions for following the best path. c. It modifies the Priority field in each IP datagram so that high-bandwidth applications are given precedence over low-bandwidth applications. d. It establishes a path between the sender and receiver that is guaranteed to supply sufficient bandwidth for the transmission. 19. The Traffic Class field in an IPv6 datagram serves the same function as which of the following fields in an IPv4 datagram? a. TTL b. DiffServ c. RSVP d. Padding 20. On a VoIP network that uses the DiffServ QoS technique, which of the following makes certain that a router forwards packets within a given time period? a. Assured Forwarding b. Superior Forwarding c. Expedited Forwarding d. Best-effort Forwarding Hands-On Projects Project 12-1 In this project, students use the Internet to research three offsite VoIP providers (for instance, Nextiva, RingCentral, and Vonage). First, students determine which of the features listed in Step 1 each provider offers. Next, students choose one of the providers to investigate more closely. They research costs for an organization with 10 phone extensions to use the service for a year, then determine how much it would cost an organization of 200 phone extensions to use the service for a year. Finally, students research Skype to learn how it compares to the three business VoIP providers they investigated previously. Project 12-2 In this project students research and design an onsite VoIP solution using Cisco, Avaya, or Nortel equipment. First, they determine what kind of equipment they need for an organization of 50 phone extensions. Then students sketch a VoIP network design for the organization of 50. Next, they determine costs for the equipment and bandwidth needed to make this work, assuming that the solution doesn’t reuse devices that already exist on the network. Finally, they list advantages and disadvantages of using an onsite solution versus an offsite solution. Students should recognize that the largest single drawback to implementing an onsite solution is cost. Another drawback is the technical complexity of the solution. Significant advantages are customizability and accountability (because if a VoIP provider’s network fails, or worse, if the provider goes out of business, there is nothing the customer can do about loss of service). Project 12-3 In this project students are asked to apply what they have learned in this chapter and previous chapters to VoIP troubleshooting. Although they might not have learned all the ways VoIP connections and calls can fail, students should be able to apply their understanding of packet switched networks and its potential faults to come up with reasonable suggestions for addressing VoIP problems. Case Projects Case Project 12-1 Some questions for SRSS to consider when evaluating a VoIP solution might include: •What advantages do you expect VoIP to bring to your organization? (Cost savings? Better efficiency? Higher quality or easier contact with clients?) •If you expect to reap cost savings by using VoIP, what are you currently paying for telephone services for all offices and workers and how does this compare to what it might cost to implement VoIP? •What is your current overall technology budget? •What equipment (e.g., servers, routers, and switches) do you already have that could also support VoIP? •How much technical support will you need to implement VoIP (in other words, does anyone currently on staff have the skills to install, configure, and maintain the system)? •Do you expect workers to use VoIP only while at the office, or also while on the road? •If you cannot afford a proprietary VoIP solution, are you prepared to install an open-source system, such as Asterisk? For a social services agency, cost is usually the limiting factor in adopting any new program or technology, and so the key questions are any related to how much the organization can afford to purchase and support VoIP. Case Project 12-2 For this project, students should research some of the most reliable, turnkey VoIP and Video-over-IP solutions available. Ease of use and management should be priorities when assessing systems, as should reliability and the capability for expansion. Students should be able to name every piece of hardware and software required for the system they choose. They should also obtain pricing (if necessary, requesting it from a vendor). Besides VoIP for SRSS staff, videoconferencing might be a good use of the grant money, which may cut travel time and costs and serve remote clients better. Case Project 12-3 In this project, students should draw a WAN that includes videoconferencing equipment, including, at least, videorecording/broadcasting methods where speakers are located, video bridges, gateways, and video phones where necessary. Upon researching the widespread use of videoconferencing, students might determine that leasing a service with worldwide coverage would make more sense than trying to find individual videocasting facilities (for example, at a university), which would need to be leased separately, close to every speaker. Network+ Guide to Networks, 6th Edition, Lab Manual Chapter 12 Solutions Lab 12.1 Review Questions 1. A computer that is sending a video stream is referred to as a video streaming . a. Hub b. Server c. Switch d. Proxy 2. Which protocol is typically used to stream video? a. UDP b. TCP c. HTTP d. FTP 3. For a client to receive a video stream, both the server and client applications must use the same . a. Gateway b. IP address c. Port d. SIP Lab 12.2 Review Questions 1. Why is SIP a popular choice with VoIP vendors? a. It has lower licensing costs. b. It is simpler with lower overhead. c. It is more fault tolerant and robust. d. It was the first standard developed. 2. SIP and H.323 are both examples of . a. Protocols b. Soft phones c. Media gateways d. End devices 3. At what layer does SIP function? a. Transport b. Data Link c. Network d. Application Lab 12.3 Review Questions 1. What are SIP clients? a. Daemons that run on an SIP server b. End-user devices c. Clients that never initiate an SIP connection d. Clients that are used to redirect requests from user agents 2. Hardware devices and software applications can both be SIP clients. True or False 3. What does SIP stand for? a. Service Initialization Protocol b. Session Initialization Protocol c. Service Initiation Protocol d. Session Initiation Protocol Lab 12.4 Review Questions Review Questions 1. Why is the infrastructure for voice and data often integrated into a single system? a. To improve security b. To adhere to local regulations c. To filter outgoing communications d. To avoid redundancy 2. What are client applications for placing VoIP called? a. Soft phones b. Digital phones c. Analog phones d. IP phones 3. Analog telephones require additional hardware to be used with VoIP. True or False Network+ Guide to Networks, 6th Edition Chapter 13 Solutions Review Questions 1. Which of the following symptoms may point to a faulty switch port? a. A group of users consistently experiences delays on the network only at 8:00 a.m. on weekdays. b. A user can save files to a network drive, but receives errors when trying to save files on his hard disk. c. Twelve users in one department complain that they cannot log on to the network. d. A user can send e-mail but can't pick it up. 2. You are helping a user who cannot connect to the Internet from her wireless workstation on your company's LAN. After determining that she is the only user having this problem, and that user error is not the problem's cause, what is the next thing you check? a. Her workstation's wireless connection configuration b. The cabling between her department's switch and the LAN backbone c. Her workgroup's access point d. Her segment's router interface 3. You are working at the help desk and take a call from a user who cannot log on to the network. After verifying that this user is the only person affected, you ask for his username and password and try replicating the problem. When you can successfully log onto the network with his user name and password from your help desk workstation, which of the following causes can you rule out? a. User error b. Faulty cabling between the user's workstation and the wall jack c. Improper protocol configuration on his workstation d. None of the above 4. As a help desk analyst, or first-level support technician, which of the following calls are you most likely to escalate to second-level support personnel? a. A user from the Accounting Department complains that she can't log onto the company's file server. b. A user from the Research Department complains that for the last five hours he has not been able to send or receive e-mail from his smartphone. c. A manager in the Sales Department complains that none of her 112 sales people across the country can connect to the company's VPN. d. A manager in the Human Resources Department complains that all the document templates he saved to the file server appear to be missing. 5. To help you identify the area affected by a problem, which of the following questions might provide the answers you need? a. When did the problem first occur? b. How frequently does the problem occur? c. How many users have similar symptoms? d. Does the problem occur at the same time every day? 6. You have recently resolved a problem in which a user could not print to a particular shared printer by upgrading her workstation's client software. Which of the following might be an unintended consequence of your solution? a. The user complains that word-processing files on her hard disk take longer to open. b. The user is no longer able to log on to the network. c. The shared printer no longer allows users to print double-sided documents. d. The shared printer no longer responds to form-feed commands from the print server. 7. You are troubleshooting a problem that you suspect is caused by an Internet gateway failure. Assuming your organization relies on only one Internet gateway, which of the following symptoms would lead you to focus on that gateway as the source of the problem? a. All users on a network are unable to retrieve e-mail. b. Workstations on one segment are experiencing slow response when using collaboration software on the LAN. c. Some users on a segment are receiving errors when they attempt to print to any printer. d. Some workstations on a segment cannot run the same application from the fileserver. 8. Which of the following is an example of a network change that could cause only one group of workstations out of the dozen workgroups in your organization to lose connectivity to a local file server? a. The organization changes its main Internet connection from one carrier to another. b. The configuration on a switch in the telecommunications closet is upgraded. c. The organization upgrades its backbone to 1-Gigabit Ethernet. d. A new backup device is installed and attached to the main file server. 9. Which of the following tools could you use to determine whether a user's workstation is transmitting packets in the proper Ethernet frame type for your network? a. Protocol analyzer b. Continuity tester c. Multimeter d. Tone generator and tone locator 10. Suppose a user on your organization's network has changed the subnet mask value in his network interface's TCP/IP properties. Which of the following symptoms might he report when he calls the help desk? a. He cannot connect to the Internet. b. He cannot print to a shared printer on the network. c. He cannot save a document to the network's file server. d. All of the above 11. Which of the following symptoms would probably be present if a client’s NIC was set to transmit data in half-duplex mode while the switch port to which it was attached was configured for full-duplex mode? a. Excessive normal collisions b. Giants c. Excessive late collisions d. Cross talk 12. Which of the following tools would you use to verify that your new cable meets Cat 6a standards? a. Continuity tester b. Protocol analyzer c. Network monitor d. Tone generator and tone locator 13. What function of a wireless network testing tool measures the amount of interference on a certain channel within a frequency band? a. Network monitor b. Spectrum analyzer c. Site selector d. Protocol analyzer 14. You are troubleshooting a connectivity problem that you believe is related to a faulty cable between a switch and a punch-down block. However, in the disorganized telecommunications closet, it seems impossible to determine which cable belongs to the switch by simply looking at the punch-down block. You decide to use a tone generator and locator to find the cable. Where will you issue the tone? a. At the punch-down block, near where you think the switch's cable might be b. At the end of the cable connected to the switch's management port c. At the end of the cable that connects the workgroup punch-down block with the entrance facility punch-down block d. At the end of the cable connected to the switch's uplink port 15. Which of the following frequently results in negative frame sequence checks? a. Noise b. Excessive nodes on a segment c. Excessive segment length d. Improper flow control 16. You have been asked to help solve a problem that suddenly appeared on your company's network. All data transmission has slowed to a crawl. You suspect a DOS attack or a broadcast storm. Which of the following tools would help you determine the source of either of these problems? a. OTDR b. Cable continuity tester c. Butt set d. Protocol analyzer 17. You are using your wireless LAN connection to copy documents to a shared folder on your company's file server, when suddenly the connection stalls out. You check your wireless connection status, which indicates that you are still associated with your AP. Next, you run a protocol analyzer program on your workstation, which indicates an excessive number of lost or dropped packets between your workstation and the AP. Which of the following causes could be at fault? a. Another user is attempting to log on under your user name. b. The access point has lost power. c. A source of excessive EMI has been introduced. d. Another AP has been added to the network. 18. You are troubleshooting a fiber-optic connection on your 1-Gigabit LAN backbone. You suspect one of your fiber cross-connects is dirty, resulting in poor performance over the backbone. What tool will help you determine the location of the dirty cross-connect? a. Multimeter b. Sniffer c. Network monitor d. OTDR 19. You have decided to take a break from your position at a telephone company's helpdesk and accompany a field technician to learn how to troubleshoot local loops. Which of the following tools will help you verify that a line is receiving dial tone from the CO (central office)? a. OTDR b. Butt set c. Sniffer d. TDR 20. After your Internet service provider makes some changes in the way they connect to their network service provider, your organization’s connection to a customer’s Web site becomes noticeably slower. Which of the following troubleshooting tools helps you identify the number of hops between your office and the customer’s Web site? a. netstat b. dig c. ping d. traceroute Hands-On Projects Project 13-1 In this project, students use a cable tester to detect a damaged cable. Steps 1 – 2: Students test the cable that they made in Chapter 3 (or another Cat 5 or better patch cable). Steps 3 – 4: Students physically damage the patch cable and try testing it again. Results will vary, and cable tester output will vary according to the type of cable tester used. Project 13-2 In this project, students practice their troubleshooting skills by creating a Physical layer problem with their NIC connection and following the steps in this chapter’s troubleshooting methodology to determine how the problem would be identified. Project 13-3 Students further hone their troubleshooting skills by role playing in this project. This requires students to work in pairs (or small groups). One person should imagine a problem and its consequences, so that he has answers ready for all possible troubleshooting questions. The other person (or people) should ask questions that follow the logical progression of diagnosis outlined in this chapter’s troubleshooting methodology. Examples of potential problems are given in the project. Case Projects Case Project 13-1 The troubleshooter should identify all users who are experiencing the problem. He should also try pinging their default gateway from your workstation. If no response is indicated, he should visit the gateway and try to diagnose its physical connections and gain information from observing its LEDs. If those seem fine, he could log onto the gateway and assess its status or perhaps attach a protocol analyzer to the network on the same segment as the gateway, and analyze the traffic to and from the gateway. For this he will need to filter the traffic according to the gateway’s MAC address. He will also want to find out whether any changes have been made to the gateway or to the closet it resides in. If all of his troubleshooting reveals no problem with the gateway, he will want to contact the office’s Internet service provider to find out if a link is down. He can try a traceroute command to an Internet site to find out where traffic might be stopped. If the problem is with the gateway, this would be difficult to prevent except by providing a duplicate/failover gateway. Case Project 13-2 Since a fellow networking technician asked about the problem the troubleshooter can probably sidestep some of the very first troubleshooting steps and go right to a network monitoring or analyzing technique. The student should suggest using network monitoring software to find out whether any traffic problems are occurring (such as over-utilization or excessive errors). If a network analyzer is available, it could be used to capture and analyze data while a client workstation attempts to request an application or file (under normal load circumstances). The troubleshooter needs to find out whether the problem really exists with the server or if it’s due to a troublesome workstation on the same segment. Therefore, she must narrow down the problem to either the NIC, cable, or traffic characteristics of the server and/or its clients. If she suspects the server NIC is causing excessive errors, she should take down the server and replace it (a preventative measure would be to purchase a server with redundant NICs). If she suspects it’s the cable, she should take down the server and replace it. If she suspects it’s a client problem, she should remove the client from the network (or restrict access) to verify your theory. If this problem were due to a server hard disk malfunctioning, it could have been prevented by using redundant hard disks (or a RAID implementation) in the server. Also, continual network monitoring with preset thresholds would have caught the excessive errors and slower responses long before they became noticeable to the users. This depends on having established a baseline—or previously analyzing the normal functioning of that server and network segment—to be able to determine what is abnormal. Case Project 13-3 In helping Dmitri prioritize the incoming technical support calls, the troubleshooter would probably order them as follows, from the most critical to the least critical (based on how many users they affect or have the potential to affect, which users they affect, and how severely they affect users): • The Albany, New York, location's network appears to have suffered a catastrophic failure. This failure has caused outages for thousands of customers in the upstate New York region. • Half of the workstations in the Marketing Department seem to be infected with a virus, and Dmitri is worried that these users will copy the virus to the network, thus risking widespread data damage. • Three executive users at Dmitri's corporate headquarters in Boston cannot pick up their e-mail, and they are calling every five minutes to ask when the problem will be fixed. • A WAN link is down between the Washington and New York locations, causing traffic to be rerouted from Washington to Boston, then to New York. As a result, customers are complaining about slow performance. • A networked printer that provides services to the Accounting group at the Boston headquarters is not accepting any print jobs. The users have asked Dmitri to troubleshoot the printer. They need to send invoices out to customers by noon. Case Project 13-4 The TCP/IP settings (either a static IP address or the correct DHCP settings) on Selena and Darrell’s laptops were probably correct for that conference room, since their offices were just down the hall. Since the other three executives traveled to that conference room from other buildings, however, their TCP/IP settings probably needed to be changed in order to pick up e-mail from that location. Case Project 13-5 The tracking record should include the following information: • User name and user ID • Date and time of call • User’s location (workgroup area) • User’s contact information (e-mail address and phone number) • Name of the help desk analyst who took the call • A complete description of the problem (including error messages, if applicable) • Steps taken to resolve the problem • A description of the resolution and person responsible for fixing the problem • Recommended changes to avoid the same problem from recurring • Information on a follow-up call, including the help desk analyst who conducted it and its date and time. Network+ Guide to Networks, 6th Edition, Lab Manual Chapter 13 Solutions Lab 13.1 Review Questions 1. What would you ping to determine whether TCP/IP was functioning properly on your computer? a. The gateway address b. The near side of the router c. The loopback address d. The far side of the router 2. Which of the following responses to a ping command issued on a Windows-based computer indicates that the ping test was successful? a. Packets: Sent = 4, Received = 4, Lost = 0 (0%) b. Packets: Sent = 0, Received = 0, Lost = 0 (0%) c. Packets: Sent = 0, Received = 0, Lost = 4 (100%) d. Packets: Sent = 4, Received = 4, Lost = 4 (100%) 3. When you issue a ping command, what Application layer protocol sends a message to the destination host? a. ARP b. RARP c. SNMP d. ICMP 4. Suppose you were troubleshooting a network connectivity problem between a workstation on a private LAN and a server on the Internet. As part of a logical troubleshooting methodology, what address would you ping after determining that the TCP/IP stack on the workstation was functioning properly? a. The workstation’s loopback address b. The workstation’s default gateway c. The private LAN’s Internet name server d. The Internet server you’re trying to reach 5. In the scenario described in question 4, as part of a logical troubleshooting methodology, what address would you ping second? a. The workstation’s loopback address b. The workstation’s default gateway c. The private LAN’s Internet name server d. The Internet server 6. Which of the following is the loopback address in IP version 4 addressing? a. 127.0.0.1 b. 1.1.1.1 c. 127.0.0.0 d. 10.0.0.0 7. What type of message would you receive if you were trying to ping www.comptia.org from a Windows XP computer and misspelled the host’s name as www.conptia.org in the ping command syntax? a. Host www.conptia.org not responding b. Ping request could not find host www.contia.org. Please check the name and try again. c. Reply from www.conptia.org: bytes= 0 d. Unknown host www.conptia.org Lab 13.2 Review Questions 1. Which of the following commands can reveal the number of hops a packet takes between a source and target node? a. ipconfig b. ping c. tracert d. ifconfig 2. Which of the following commands can indicate whether a host is unreachable? a. ping b. ipconfig c. ifconfig d. winipcfg 3. Which of the following commands would you use to determine the relative location of network congestion between your Windows workstation and an Internet host? a. netstat b. nbtstat c. tracert d. ipconfig 4. If you attempted the tracert command on an Internet host and that host was not connected to the network, which of the following would the tracert command’s response contain? a. Destination host unreachable b. Unknown host c. Host not responding d. Request timed out 5. What does a hop represent in the context of a tracert command? a. An Internet client b. A modem, hub, switch, or router c. A router d. A carrier’s POP Lab 13.3 Review Questions 1. Which of the following comes first in the series of steps recommended for a logical approach to network troubleshooting? a. Establish what has changed on the network. b. Implement a solution. c. Establish the symptoms. d. Identify the affected area. 2. If a client workstation has been assigned the wrong IP address, which of the following will be true? a. The client can connect to other nodes on the LAN, but it cannot connect through its default gateway to the Internet. b. The client can ping the loopback address successfully, but it cannot connect to other nodes on the LAN. c. The client cannot ping the loopback address successfully, nor can it connect to other nodes on the LAN. d. The client can connect to other nodes on its LAN segment, but it cannot connect to nodes on other segments. 3. Which of the following commands reveal TCP/IP addressing information on a Windows Server 2008 computer? a. ipconfig b. winipcfg c. ifconfig d. netipcfg 4. If the LED on a workstation’s NIC is blinking green, which of the following is true? a. The workstation is connected to the network and successfully exchanging data over its connection. b. The workstation is connected to the network but is not currently exchanging data over its connection. c. The workstation is connected to the network but is experiencing errors when attempting to exchange data over the network. d. The workstation is not successfully connected to the network. 5. Of the following troubleshooting actions, which one would come first in a logical troubleshooting methodology? a. Replace a faulty memory chip on a server. b. Determine whether a problem is limited to a segment or affects the whole network. c. Summarize your solution in a troubleshooting database. d. Determine whether your solution results in any other problems. Lab 13.4 Review Questions 1. What does the nslookup command reveal? a. A client’s current connections b. A client’s routing table entries c. The IP address of a given host name or vice versa d. The NetBIOS name based on a computer’s IP address 2. If the link light on a switch port is not lit, what can you assume about the client connected to that switch’s port? a. There are no connectivity problems with the client. b. The client cannot exchange data with the network. c. The client can exchange data only with other nodes on its segment. d. The client can exchange Network layer data, but not Transport layer data. 3. If a client does not have the correct DNS server address specified in its TCP/IP properties, which of the following will occur? a. The client cannot log on to or exchange data with the network. b. The client can exchange data with nodes on its local network, but not with nodes on other networks. c. The client can exchange data with nodes on local and external networks, but not by name. d. The client can exchange data with most, but not all, nodes on both its local and external networks by name. 4. What would happen if you assigned your Web server a new IP address that didn’t match its DNS entry? a. It would be unavailable to clients. b. It would be available only to local clients but not to clients accessing it over the Internet. c. It would be available to clients accessing it over the Internet but not to local clients. d. It would still be available to all clients. 5. Which of the following tools issue a simple pass/fail indication for a Cat 5 UTP cable? a. Cable checker b. Time domain reflectometer c. Multimeter d. Tone generator 6. Suppose you ping the IP address of a known Web server, and the response to your command indicates that the Web server is responding. It then follows that the Web server would successfully respond to HTTP requests from clients. True or False Solution Manual for Network+ Guide to Networks Tamara Dean 9781133608196, 9781133608257, 9781337569330