CompTIA Network+ 009

Domain One, Networking Concepts:

1.2: Compare and contrast network appliances and applications, and

functions.

1. Router
 Definition: A router is a network device that forwards data packets
between computer networks. It routes traffic from the source network to
the destination network using IP addresses.
 Functions:
o Connects different networks, such as connecting a home network to
the internet.
o Routes data packets based on their IP addresses.
o Uses routing protocols (e.g., OSPF, BGP) to determine the best path
for data.
o Provides NAT (Network Address Translation) to allow multiple
devices to share a single IP address.
 Types: Physical routers and virtual routers (running on virtual machines).

2. Switch
 Definition: A switch is a device that connects multiple devices within a
single network, using MAC addresses to forward data only to the intended
recipient.
 Functions:
o Operates at Layer 2 (Data Link Layer) of the OSI model.
o Reduces network traffic by creating collision domains for each port.
o Can operate in Layer 3 as a routing switch (Layer 3 switch).
 Types: Managed (allows configuration) and unmanaged switches.

3. Firewall
 Definition: A firewall is a security device that monitors and controls
incoming and outgoing network traffic based on predetermined security
rules.
 Functions:
o Protects networks from unauthorized access.
o Can be stateful (tracks the state of connections) or stateless.
o Implements rules for traffic filtering based on IP, port, protocol, etc.
 Types: Physical firewalls, virtual firewalls, and next-generation firewalls
(NGFWs).

4. Intrusion Detection System (IDS) / Intrusion Prevention System (IPS)

 Definition: IDS is a monitoring system that detects suspicious activities,
while IPS can take action to prevent threats in real-time.
 Functions:
o IDS: Monitors and alerts on malicious activities without blocking
them.
o IPS: Blocks or mitigates detected threats, such as network attacks,
viruses, and worms.
 Types: Network-based (NIDS), host-based (HIDS), and hybrid.
5. Load Balancer
  Definition: A load balancer distributes network or application traffic
across multiple servers to ensure no single server becomes overwhelmed,
enhancing performance and reliability.
 Functions:
o Provides fault tolerance and scalability.
o Balances traffic based on algorithms like round-robin, least
connections, etc.
o Can manage SSL termination, TCP optimization, and application
firewall functions.
 Types: Physical, virtual, software-based, and hardware-based load
balancers.

6. Proxy
 Definition: A proxy server acts as an intermediary between clients and
servers, forwarding requests and responses while often providing
anonymity, security, and content filtering.
 Functions:
o Improves security by hiding the client’s IP address.
o Caches content to reduce bandwidth usage and improve load times.
o Enforces corporate policies on internet usage.
 Types: Forward proxy, reverse proxy, transparent proxy, and anonymizing
proxy.

7. Network-Attached Storage (NAS)

 Definition: NAS is a dedicated file storage device that provides local area
network (LAN) users with centralized and consolidated disk storage
through a standard Ethernet connection.
 Functions:
o Provides file-level data storage accessible via network protocols
(e.g., SMB, NFS).
o Supports multiple users and devices for data sharing.
o Often used for backup, archiving, and media streaming.
 Types: Consumer-grade, business-grade, and enterprise-grade NAS.

8. Storage Area Network (SAN)

 Definition: SAN is a high-speed network of storage devices that provides
block-level storage, making it accessible to servers.
 Functions:
o Enhances storage performance, scalability, and management.
o Used for data-intensive applications like databases.
o Connects via Fibre Channel, iSCSI, or FCoE (Fibre Channel over
Ethernet).
 Components: Storage devices, interconnecting devices, and storage
management software.

9. Wireless
 Access Point (AP):
o Definition: A device that allows wireless devices to connect to a
wired network using Wi-Fi or Bluetooth.
o Functions: Extends the wireless coverage of a network.
 Controller:
o Definition: A centralized device that manages multiple access
points in a network.
 o Functions: Simplifies the deployment, configuration, and
monitoring of wireless networks.
Applications
 Content Delivery Network (CDN)
o Definition: A CDN is a network of distributed servers that deliver
web content to users based on their geographic location, the origin
of the webpage, and a content delivery server.
o Functions:
 Reduces latency and load times by serving content from the
nearest server.
 Enhances website performance and reliability.
 Provides DDoS protection and load balancing.
Functions
 Virtual Private Network (VPN)
o Definition: A VPN creates a secure, encrypted connection over a
less secure network, such as the internet, allowing remote users to
securely access a private network.
o Functions:
 Ensures data confidentiality and integrity.
 Hides the user's IP address.
 Provides secure access to resources.
 Quality of Service (QoS)
o Definition: QoS is a set of technologies used to manage network
resources and ensure the performance of critical applications by
prioritizing certain types of traffic.
o Functions:
 Reduces latency and packet loss.
 Allocates bandwidth based on traffic priority.
 Ensures consistent performance for voice, video, and critical
data.
 Time to Live (TTL)
o Definition: TTL is a field in the IP header that specifies the
maximum number of hops a packet can take before being
discarded.
o Functions:
 Prevents data packets from circulating indefinitely in the
network.
 Reduces network congestion by discarding "stale" packets.
 Helps with diagnosing routing issues in networking.

1.3 Summarize cloud concepts and connectivity options

1. Network Functions Virtualization (NFV)

 Definition: NFV is a network architecture concept that uses virtualization
technologies to manage and deliver network services traditionally
provided by hardware appliances.
 Functions:
o Virtualizes network services like firewalls, load balancers, and
routers.
o Reduces the need for specialized hardware.
 o Enhances flexibility and scalability by deploying network functions
on standard servers and virtual machines.
 Components: Virtual Network Functions (VNFs), NFV Infrastructure
(NFVI), and NFV Management and Orchestration (MANO).
2. Virtual Private Cloud (VPC)
 Definition: A VPC is a private, isolated section of a cloud provider's
infrastructure where you can launch resources in a virtual network that
you define.
 Functions:
o Provides control over IP address ranges, subnets, route tables, and
network gateways.
o Enhances security by isolating resources from other cloud users.
o Supports connectivity with on-premises data centers via VPN or
Direct Connect.
3. Network Security Groups (NSGs)
 Definition: NSGs are a set of rules used to control inbound and outbound
traffic to Azure resources.
 Functions:
o Provides a way to enforce network access policies at the subnet or
VM level.
o Uses rules based on IP addresses, port numbers, and protocols to
filter traffic.
o Supports stateful filtering, meaning it tracks the state of
connections.
4. Network Security Lists (NSLs)
 Definition: NSLs are a set of firewall rules in Oracle Cloud Infrastructure
(OCI) that control traffic to and from resources in a VCN (Virtual Cloud
Network).
 Functions:
o Similar to NSGs, they provide network security at the subnet level.
o Apply rules based on IP addresses, ports, and protocols to permit or
deny traffic.
5. Cloud Gateways
 Internet Gateway:
o Definition: A gateway that allows communication between
resources in a VPC and the internet.
o Functions:
 Provides a route for internet-bound traffic.
 Essential for enabling internet access for instances in a VPC.
 Network Address Translation (NAT) Gateway:
o Definition: A NAT gateway allows instances in a private subnet to
initiate outbound traffic to the internet while preventing inbound
traffic from the internet.
o Functions:
 Enables private instances to access external services.
 Enhances security by masking private IP addresses.
6. Cloud Connectivity Options
 VPN:
o Definition: A VPN provides a secure connection over a public
network to connect an on-premises network or device to a cloud
network.
o Functions:
 Encrypts data in transit.
 Provides secure access to cloud resources.
  Direct Connect:
o Definition: A dedicated network connection between an on-
premises data center and a cloud provider’s data center.
o Functions:
 Offers high-bandwidth, low-latency connectivity.
 Bypasses the public internet for improved security and
reliability.
7. Deployment Models
 Public:
o Definition: Cloud resources are owned and operated by a third-
party cloud provider and shared across multiple customers.
o Functions:
 Provides scalability and cost-efficiency.
 Suitable for less sensitive workloads.
 Private:
o Definition: Cloud resources are used exclusively by one
organization, either on-premises or hosted by a third party.
o Functions:
 Provides enhanced security and control.
 Suitable for sensitive or regulated data.
 Hybrid:
o Definition: Combines public and private cloud resources, allowing
data and applications to be shared between them.
o Functions:
 Provides flexibility and optimization of resources.
 Enables workload portability and disaster recovery.
8. Service Models
 Software as a Service (SaaS):
o Definition: SaaS delivers software applications over the internet on
a subscription basis.
o Functions:
 Provides ready-to-use applications (e.g., email, CRM) without
managing infrastructure.
 Examples: Google Workspace, Microsoft 365.

 Infrastructure as a Service (IaaS):

o Definition: IaaS provides virtualized computing resources over the
internet, including virtual machines, storage, and networking.
o Functions:
 Allows users to rent virtualized hardware resources.
 Examples: Amazon Web Services (AWS), Microsoft Azure.
 Platform as a Service (PaaS):
o Definition: PaaS provides a platform allowing customers to
develop, run, and manage applications without dealing with
infrastructure.
o Functions:
 Supports application development with built-in infrastructure
and services.
 Examples: Google App Engine, Heroku.
9. Scalability
 Definition: Scalability is the ability of a system to handle increased load
or demand by adding resources.
 Functions:
 o Ensures systems can grow to accommodate more users or
workload.
o Can be achieved through vertical scaling (adding resources to a
single instance) or horizontal scaling (adding more instances).
10. Elasticity
 Definition: Elasticity is the ability of a cloud system to automatically scale
resources up or down based on current demand.
 Functions:
o Provides cost efficiency by scaling resources according to usage.
o Ensures application performance and availability during varying
load conditions.
11. Multitenancy
 Definition: Multitenancy is a principle where a single instance of a
software application serves multiple customers or tenants.
 Functions:
o Optimizes resource utilization by sharing infrastructure.
o Ensures data isolation and security between different tenants.

1.4 Explain Common networking ports, protocols, services, and traffics

Protocols and Ports

1. File Transfer Protocol (FTP)
o Ports: 20 (Data), 21 (Control)
o Description: Used for transferring files between clients and
servers. Port 20 is used for data transfer, and port 21 is used for
control commands.
2. Secure File Transfer Protocol (SFTP)
o Port: 22
o Description: A secure version of FTP that uses SSH for encryption
and secure file transfers.
3. Secure Shell (SSH)
o Port: 22
o Description: Provides a secure method for accessing remote
systems and executing commands over a network.
4. Telnet
o Port: 23
o Description: Provides a text-based interface for remote access to
systems, but is not secure as it transmits data in plaintext.
5. Simple Mail Transfer Protocol (SMTP)
o Port: 25
o Description: Used for sending email between servers and clients.
6. Domain Name System (DNS)
o Port: 53
o Description: Translates domain names into IP addresses. Uses
both TCP and UDP, typically UDP for queries and TCP for zone
transfers.
7. Dynamic Host Configuration Protocol (DHCP)
o Ports: 67 (Server), 68 (Client)
o Description: Automatically assigns IP addresses and other network
configuration parameters to devices on a network.
8. Trivial File Transfer Protocol (TFTP)
o Port: 69
 o Description: A simple file transfer protocol used for transferring
files with minimal overhead. It operates in UDP mode.
9. Hypertext Transfer Protocol (HTTP)
o Port: 80
o Description: Used for transmitting web pages over the internet.
10.Network Time Protocol (NTP)
o Port: 123
o Description: Synchronizes clocks of computers over a network.
11.Simple Network Management Protocol (SNMP)
o Ports: 161 (General), 162 (Trap)
o Description: Used for network management and monitoring. Port
161 is used for queries and commands, and port 162 is used for
receiving traps (alerts).
12.Lightweight Directory Access Protocol (LDAP)
o Port: 389
o Description: Used for accessing and managing directory services.
13.Hypertext Transfer Protocol Secure (HTTPS)
o Port: 443
o Description: A secure version of HTTP that uses SSL/TLS to encrypt
data transmitted over the web.
14.Server Message Block (SMB)
o Port: 445
o Description: Provides shared access to files, printers, and other
resources on a network.
15.Syslog
o Port: 514
o Description: Used for logging and monitoring system messages
and events.
16.Simple Mail Transfer Protocol Secure (SMTPS)
o Port: 587
o Description: A secure version of SMTP that uses TLS/SSL for
encrypting email transmissions.
17.Lightweight Directory Access Protocol over SSL (LDAPS)
o Port: 636
o Description: An encrypted version of LDAP using SSL/TLS for
secure directory access.
18.Structured Query Language (SQL) Server
o Port: 1433
o Description: Used for SQL Server database communication.
19.Remote Desktop Protocol (RDP)
o Port: 3389
o Description: Provides a graphical interface for remote access to
Windows systems.
20.Session Initiation Protocol (SIP)
o Ports: 5060 (Non-secure), 5061 (Secure)
o Description: Used for initiating, maintaining, and terminating real-
time sessions such as VoIP.
Networking Concepts
1. Internet Protocol (IP) Types
o Internet Control Message Protocol (ICMP):
 Purpose: Used for network diagnostics and error reporting
(e.g., ping).
o Transmission Control Protocol (TCP):
  Purpose: Provides reliable, connection-oriented
communication with error recovery and flow control.
o User Datagram Protocol (UDP):
 Purpose: Provides connectionless, low-latency
communication without guaranteed delivery.
o Generic Routing Encapsulation (GRE):
 Purpose: Encapsulates a wide variety of network layer
protocols into point-to-point connections.
o Internet Protocol Security (IPSec):
 Purpose: Provides security for IP communications through
encryption and authentication.
 Components:
 Authentication Header (AH): Provides packet-level
authentication.
 Encapsulating Security Payload (ESP): Provides
encryption and optional authentication.
 Internet Key Exchange (IKE): Manages the
establishment of security associations and keys.
2. Traffic Types
o Unicast:
 Description: One-to-one communication between a single
sender and a single receiver.
o Multicast:
 Description: One-to-many communication where data is
sent from one sender to multiple specified receivers.
o Anycast:
 Description: One-to-nearest communication where data is
sent to the closest of several potential receivers.
o Broadcast:
 Description: One-to-all communication where data is sent to
all devices in a network segment

1.5 Compare and Contrast Transmission media and transceivers

Wireless Networking
1. 802.11 Standards
o 802.11a: Operates in the 5 GHz band, providing speeds up to 54
Mbps.
o 802.11b: Operates in the 2.4 GHz band, providing speeds up to 11
Mbps.
o 802.11g: Operates in the 2.4 GHz band, providing speeds up to 54
Mbps. It is backward compatible with 802.11b.
o 802.11n: Operates in both 2.4 GHz and 5 GHz bands, providing
speeds up to 600 Mbps with MIMO (Multiple Input Multiple Output)
technology.
o 802.11ac: Operates in the 5 GHz band, providing speeds up to
several Gbps with wider channels and advanced modulation.
o 802.11ax (Wi-Fi 6): Operates in both 2.4 GHz and 5 GHz bands,
providing higher efficiency, capacity, and speeds up to 9.6 Gbps.
2. Cellular
o Definition: Cellular networks use cell towers to provide coverage
over wide areas and enable mobile communication.
o Generations:
 2G: Provided digital voice and basic data services.
  3G: Enhanced data rates for mobile internet.
 4G/LTE: Provides high-speed data services and improved
internet connectivity.
 5G: Offers significantly higher speeds, lower latency, and
supports a greater number of connected devices.
3. Satellite
o Definition: Satellite communication uses satellites to transmit data
over long distances, including remote and underserved areas.
o Types:
 Geostationary Satellites (GEO): Orbit at a fixed point
above the Earth, providing stable and continuous coverage.
 Low Earth Orbit (LEO): Orbit closer to Earth, reducing
latency and improving signal quality.
 Medium Earth Orbit (MEO): Balances coverage and
latency, often used for navigation systems like GPS.
Wired Networking
1. 802.3 Standards
o 802.3: Defines Ethernet standards for wired networking.
o Common Standards:
 802.3u: Fast Ethernet (100 Mbps)
 802.3ab: Gigabit Ethernet (1 Gbps over twisted-pair cabling)
 802.3ae: 10 Gigabit Ethernet
 802.3an: 10 Gigabit Ethernet over copper
2. Single-mode vs. Multimode Fiber
o Single-mode Fiber:
 Description: Has a small core (about 8-10 microns) and uses
a laser to transmit data. Ideal for long-distance transmissions.
o Multimode Fiber:
 Description: Has a larger core (about 50-62.5 microns) and
uses LEDs. Suitable for shorter distances due to modal
dispersion.
3. Direct Attach Copper (DAC) Cable
o Definition: A type of high-speed cable used for short-distance
connections in data centers.

o Types:
 Twinaxial Cable: A type of DAC with two conductors for
high-speed Ethernet and Fibre Channel connections.
4. Coaxial Cable
o Description: Consists of a central conductor, insulating layer,
metallic shield, and outer insulation. Commonly used for cable TV
and broadband internet.
o Types:
 RG-6: Used for cable TV and satellite signals.
 RG-59: Used for analog video signals.
5. Cable Speeds
o Ethernet Cables:
 Cat5: Up to 100 Mbps
 Cat5e: Up to 1 Gbps
 Cat6: Up to 10 Gbps for short distances
 Cat6a: Up to 10 Gbps for longer distances
 Cat7: Up to 10 Gbps with shielding to reduce interference
6. Plenum vs. Non-Plenum Cable
o Plenum Cable:
  Description: Designed for installation in air ducts or spaces
with high fire risk. It has a fire-resistant jacket.
o Non-Plenum Cable:
 Description: Used in non-air-handling spaces. It has a
standard jacket and is not fire-resistant.
Transceivers
1. Protocol
o Ethernet: Used for network communication in wired Ethernet
networks.
o Fibre Channel (FC): Used for high-speed network communication
in storage area networks (SANs).
2. Form Factors
o Small Form-Factor Pluggable (SFP):
 Description: A compact, hot-swappable transceiver used for
network communication, supporting various network
protocols.
o Quad Small Form-Factor Pluggable (QSFP):
 Description: A high-density transceiver module supporting
higher data rates (e.g., 40 Gbps, 100 Gbps) for data center
and high-performance networks.
Connector Types
1. Subscriber Connector (SC)
o Description: A push-pull optical fiber connector used in
telecommunications and data communications.
2. Local Connector (LC)
o Description: A small form-factor optical fiber connector with a
latch, commonly used in data centers and telecommunications.
3. Straight Tip (ST)
o Description: An older optical fiber connector with a bayonet-style
coupling mechanism, used in telecommunications.
4. Multi-Fiber Push On (MPO)
o Description: A high-density optical fiber connector that can
accommodate multiple fibers in a single connector, used in data
centers for high-speed connections.
5. Registered Jack (RJ)11
o Description: A connector used for telephone lines and some
modems. Typically has 6 positions and 2 or 4 contacts.
6. RJ45
o Description: A connector used for Ethernet networks. Typically has
8 positions and 8 contacts, supporting twisted-pair cables.
7. F-Type
o Description: A coaxial connector used for cable television and
broadband internet connections.
1.6
1. Mesh Topology
 Definition: In a mesh topology, each node is connected to every other
node, either directly or indirectly.
 Types:
o Full Mesh: Every device is connected to every other device. This
offers high redundancy and reliability but can be expensive to
implement.
o Partial Mesh: Only some nodes are interconnected. This reduces
costs while still providing some redundancy.
  Use Cases: Often used in WANs (Wide Area Networks) for high availability
and redundancy.
2. Hybrid Topology
 Definition: A combination of two or more different topologies (e.g., star,
ring, bus) in a single network.
 Benefits: Flexibility in design, scalability, and the ability to tailor the
network to specific requirements.
 Use Cases: Common in large organizations where different departments
may require different topologies.
3. Star/Hub and Spoke Topology
 Definition: All nodes are connected to a central hub (or switch), which
acts as a repeater for data.
 Benefits: Easy to manage and troubleshoot; if one link fails, it doesn't
affect the entire network.
 Use Cases: Widely used in home networks and corporate networks where
central management is desired.
4. Spine and Leaf Architecture
 Definition: A network architecture commonly used in data centers. The
leaf switches connect to servers and storage devices, while spine switches
connect to each leaf switch.
 Benefits: Provides low-latency and high-bandwidth connections,
facilitating efficient data transfer across the network.
 Use Cases: Ideal for cloud computing and large-scale data centers.
5. Point-to-Point Topology
 Definition: A direct connection between two nodes or devices.
 Benefits: Simple and provides a dedicated link, resulting in high data
transfer rates and low latency.
 Use Cases: Common in WAN links, leased lines, and some types of fiber
optic connections.
6. Three-Tier Hierarchical Model
o Core Layer:
o Provides high-speed and reliable data transport between different
distribution layer devices.
o Acts as the backbone of the network.
o Distribution Layer:
o Aggregates data from the access layer and routes it to the core
layer.
o Implements policies such as filtering and routing.
o Access Layer:
o Provides endpoints (devices like PCs and printers) access to the
network.
o Responsible for user access control and policies.
7. Collapsed Core
o Definition: A network design where the core and distribution layers are
combined into a single layer.
o Benefits: Simplifies the network architecture, reduces costs, and lowers
latency.
o Use Cases: Often used in smaller networks or environments where
scalability is less critical.
Traffic Flows
North-South Traffic:
o Refers to data flows between clients and servers (e.g., data entering
or leaving a data center).
 o Typically involves routing traffic through the core layer.
East-West Traffic:
o Refers to data flows between servers within the same data center.
o Important for data center performance and scalability, emphasizing
the need for efficient interconnectivity between servers.

1.7

Public vs. Private IP Addressing

 Public IP Address:
o An IP address that can be accessed over the internet. It is globally
unique and assigned by Internet Service Providers (ISPs).
o Used for identifying devices on the public internet.
 Private IP Address:
o An IP address used within a private network and not routable on the
internet.
o Used for internal communications within local networks (e.g., home,
office).
o Ranges defined by RFC1918 (see below).
2. Automatic Private IP Addressing (APIPA)
 Definition: A feature in Windows that automatically assigns an IP address
in the 169.254.0.0/16 range when a DHCP server is not available.
 Purpose: Allows devices to communicate on a local network without
manual IP configuration.
3. RFC1918
o Definition: A document that defines the IP address ranges reserved for
private use.
o Private IP Address Ranges:
o Class A: 10.0.0.0 to 10.255.255.255
o Class B: 172.16.0.0 to 172.31.255.255
o Class C: 192.168.0.0 to 192.168.255.255
4. Loopback/Localhost
 Loopback Address:
o Typically represented as 127.0.0.1 for IPv4, this address is used to
test network software without physically sending packets over the
network.
 Localhost:
o Refers to the hostname that maps to the loopback IP address,
allowing applications to communicate with themselves.
5. Subnetting
 Definition: The practice of dividing a larger network into smaller,
manageable sub-networks (subnets).
 Purpose: Enhances routing efficiency, improves security, and organizes
networks.
Variable Length Subnet Mask (VLSM)
 Definition: A subnetting method that allows different subnets to have
different subnet masks, enabling more efficient use of IP addresses.
 Benefit: Reduces waste of IP addresses by allowing networks to be sized
appropriately based on need.
Classless Inter-domain Routing (CIDR)
 Definition: A method for allocating IP addresses and IP routing that
replaced the older system based on classes (A, B, C).
 Notation: Uses a format like 192.168.1.0/24, where "/24" represents the
subnet mask (255.255.255.0).
  Benefit: Enables more flexible and efficient IP address allocation.
6. IPv4 Address Classes
 Class A:
o Range: 0.0.0.0 to 127.255.255.255
o Default Subnet Mask: 255.0.0.0
o Supports a large number of hosts (over 16 million).
 Class B:
o Range: 128.0.0.0 to 191.255.255.255
o Default Subnet Mask: 255.255.0.0
o Supports around 65,000 hosts.
 Class C:
o Range: 192.0.0.0 to 223.255.255.255
o Default Subnet Mask: 255.255.255.0
o Supports up to 254 hosts.
 Class D:
o Range: 224.0.0.0 to 239.255.255.255
o Used for multicast groups, not for regular host addressing.
 Class E:
o Range: 240.0.0.0 to 255.255.255.255
o Reserved for experimental purposes, not for general use.

1.8

1. Software-Defined Networking (SDN)

 Definition: An architecture that separates the control plane (network
management) from the data plane (data forwarding). This allows for
centralized management and dynamic network configuration.
 Benefits: Increased network agility, simplified management, and
enhanced programmability.
2. Software-Defined Wide Area Network (SD-WAN)
 Definition: A specific application of SDN for managing wide area
networks. It uses a centralized control function to securely and
intelligently direct traffic across the WAN.
Key Features:
 Application Aware: Automatically optimizes traffic based on the type of
application and its requirements (e.g., prioritizing critical applications).
 Zero-Touch Provisioning: Enables easy deployment of devices with
minimal manual configuration, simplifying network setup.
 Transport Agnostic: Supports multiple transport types (MPLS, LTE,
broadband) for improved flexibility and redundancy.
 Central Policy Management: Policies can be defined and enforced
centrally, providing consistency across the network.
3. Virtual Extensible Local Area Network (VXLAN)
 Definition: A network virtualization technology that allows the
encapsulation of Layer 2 Ethernet frames within Layer 4 UDP packets,
enabling the creation of virtualized Layer 2 networks over Layer 3
infrastructure.
Key Features:
 Data Center Interconnect (DCI): VXLAN is often used to connect
multiple data centers, allowing seamless extension of Layer 2 networks
across geographic locations.
 Layer 2 Encapsulation: Facilitates running multiple isolated virtual
networks on the same physical network infrastructure.
4. Zero Trust Architecture (ZTA)
 Definition: A security framework that assumes threats may exist both
inside and outside the network. Access is not automatically trusted and
requires verification.
Key Concepts:
 Policy-Based Authentication: Access is granted based on user identity,
device health, and location rather than just the network perimeter.
 Authorization: Continuous verification of users and devices to ensure
compliance with security policies.
 Least Privilege Access: Users are given the minimum level of access
necessary to perform their tasks, reducing the risk of insider threats.
5. Secure Access Secure Edge (SASE) / Security Service Edge (SSE)
 Definition: A security model that converges networking and security into
a single cloud-based solution, providing secure access to applications and
data regardless of user location.
6. Infrastructure as Code (IaC)
 Definition: The practice of managing and provisioning infrastructure
through code rather than manual processes, enabling automation and
consistency.
Key Components:
 Automation:
o Playbooks/Templates/Reusable Tasks: Predefined scripts and
templates for common tasks streamline deployment and
configuration.
o Configuration Drift/Compliance: Continuous monitoring to
ensure that configurations remain compliant with desired states.
o Upgrades: Automated processes for software and infrastructure
upgrades.
o Dynamic Inventories: Automatically updated lists of resources
available in the infrastructure.
 Source Control:
o Version Control: Tracking changes to code and configuration files
over time.
o Central Repository: A single location for storing and managing
code, making collaboration easier.
o Conflict Identification: Detecting and resolving conflicts that arise
from concurrent changes.
o Branching: Creating separate lines of development to facilitate
features, fixes, or experiments without affecting the main codebase.
7. IPv6 Addressing
 Definition: The next generation of IP addressing designed to address IPv4
address exhaustion and improve routing.
Key Features:
 Mitigating Address Exhaustion: Provides a vastly larger address space
(128 bits vs. 32 bits) to accommodate the growing number of devices.
Compatibility Requirements:
 Tunneling: Techniques that encapsulate IPv6 traffic within IPv4 networks
(e.g., 6to4, Teredo).
 Dual Stack: Running both IPv4 and IPv6 protocols simultaneously on
devices, allowing for gradual transition.
 NAT64: A mechanism that allows IPv6-enabled devices to communicate
with IPv4 services by translating between the two protocols.
Second Domain: Network Implementation 20%

1.1: Characteristics of Routing Technology

1. Static Routing
 Definition: A method of routing where routes are manually configured
and do not change unless manually updated.
 Benefits: Simple to configure, predictable, and does not consume
bandwidth for routing updates.
 Drawbacks: Not scalable; requires manual intervention for changes or
updates to the network.
2. Dynamic Routing
 Definition: A method of routing where routers communicate with each
other to discover and maintain routes automatically.
Key Protocols:
 Border Gateway Protocol (BGP):
o The protocol used to exchange routing information between
autonomous systems (AS) on the internet.
o Uses path vector mechanism and can handle large routing tables.
 Enhanced Interior Gateway Routing Protocol (EIGRP):
o A Cisco proprietary routing protocol that uses a hybrid approach
combining features of distance vector and link-state protocols.
o Utilizes the Diffusing Update Algorithm (DUAL) for route selection
and offers fast convergence.
 Open Shortest Path First (OSPF):
o A link-state routing protocol that uses a hierarchical design (areas)
to optimize routing within an AS.
o OSPF uses Dijkstra’s algorithm to calculate the shortest path first
(SPF).
3. Route Selection
 Administrative Distance:
o A value that indicates the trustworthiness of a routing source. Lower
values are preferred (e.g., OSPF has a distance of 110, EIGRP 20).
  Prefix Length:
o Indicates the size of the network prefix in CIDR notation (e.g., /24
indicates 255.255.255.0). Shorter prefixes represent larger
networks.
 Metric:
o A value used by routing protocols to determine the best path to a
destination. Different protocols use different metrics (e.g., hop
count for RIP, bandwidth for EIGRP).
4. Address Translation
 Network Address Translation (NAT):
o A method of modifying IP address information in packet headers
while they are in transit across a routing device. Used primarily to
map private IP addresses to a public IP address.
 Port Address Translation (PAT):
o A form of NAT that allows multiple devices on a local network to be
mapped to a single public IP address, using different ports to
distinguish traffic.
5. First Hop Redundancy Protocol (FHRP)
 Definition: Protocols designed to ensure high availability of the first hop
router (gateway) for end devices.
Examples:
 Hot Standby Router Protocol (HSRP): A Cisco proprietary protocol that
provides network redundancy by allowing multiple routers to work
together to present a single virtual IP address.
 Virtual Router Redundancy Protocol (VRRP): An open standard
alternative to HSRP, allowing multiple routers to act as a backup for a
virtual IP.
6. Virtual IP (VIP)
 Definition: An IP address that is not tied to a specific physical network
interface. It allows services to be accessible via the same address, even if
the underlying hardware changes.
 Use Cases: Commonly used in load balancing and FHRP scenarios to
ensure continuous availability.
7. Subinterfaces
 Definition: Virtual interfaces created on a physical interface to allow for
multiple IP addresses or VLANs on a single interface.
 Benefits: Enables segmentation of networks and can facilitate inter-VLAN
routing on a single router interface.

1.2 : Configures Switch Technologies and Features

1. Virtual Local Area Network (VLAN)

 Definition: A VLAN is a logical grouping of devices on the same physical
network that can communicate as if they were on the same local network,
regardless of their physical location.
Key Components:
 VLAN Database:
o A configuration table that stores VLAN IDs and their associated
names. This database is used by switches to maintain VLAN
information.
 Switch Virtual Interface (SVI):
o A virtual interface on a switch that represents a VLAN. It provides
Layer 3 IP addressing for the VLAN and enables inter-VLAN routing.
2. Interface Configuration
 Native VLAN:
o The VLAN assigned to an 802.1Q trunk port that is used for
untagged frames. By default, this is VLAN 1. It helps maintain traffic
segregation.
 Voice VLAN:
o A separate VLAN designated for voice traffic (e.g., VoIP). It
prioritizes voice packets to ensure quality of service (QoS).
 802.1Q Tagging:
o A standard for VLAN tagging that adds a 4-byte tag to Ethernet
frames. This tag identifies the VLAN to which the frame belongs,
allowing multiple VLANs to coexist on the same physical link.
 Link Aggregation:
o Combines multiple physical links into a single logical link to increase
bandwidth and provide redundancy. Common protocols include
LACP (Link Aggregation Control Protocol).
 Speed:
o Refers to the data transfer rate of the interface (e.g., 1 Gbps, 10
Gbps). Important for ensuring adequate bandwidth for traffic.
 Duplex:
o Refers to the ability of an interface to send and receive data.
o Half-Duplex: Data can only flow in one direction at a time.
o Full-Duplex: Data can flow simultaneously in both directions.
3. Spanning Tree Protocol (STP)
 Definition: A network protocol that ensures a loop-free topology in
Ethernet networks. STP prevents broadcast storms and ensures that there
is a single active path between two network devices.
 Components:
o Root Bridge: The central reference point in the topology. All
decisions are based on the root bridge.
o Ports: Classified as Root, Designated, or Blocking, depending on
their role in the topology.
4. Maximum Transmission Unit (MTU)
 Definition: The largest size of a packet that can be transmitted over a
network interface. Commonly set to 1500 bytes for Ethernet.
 Jumbo Frames:
o Frames larger than the standard MTU size (greater than 1500 bytes,
often 9000 bytes). Used in high-performance networks to reduce
CPU load and improve throughput.

1.3: Select and Configure Wireless Devices and Technologies

1. Locations
 Intermediate Distribution Frame (IDF):
o A hub for connecting and managing cabling between the main
distribution frame (MDF) and end-user devices. Typically located on
each floor of a building to minimize cable lengths to workstations.
 Main Distribution Frame (MDF):
o The primary hub for connecting external lines to the internal
network. It houses critical network equipment and serves as the
main point for connecting to telecommunication services.
2. Rack Size
 Definition:
 o Racks are used to house network equipment such as switches,
routers, and servers. Common sizes include 19-inch racks, which
can vary in height (measured in rack units, or RU).
3. Port-Side Exhaust/Intake
 Considerations:
o Proper airflow management is critical for cooling. Equipment should
be installed to ensure that exhaust and intake ports are
appropriately aligned to prevent overheating.
4. Cabling
 Patch Panel:
o A panel with ports for connecting incoming and outgoing cables. It
simplifies management and organization of network cables, allowing
for easy reconfiguration.
 Fiber Distribution Panel:
o A panel used to manage fiber optic connections. It organizes,
protects, and distributes fiber cables, often used in high-speed
network environments.
5. Security
 Lockable:
o Ensuring that racks and enclosures are lockable is vital for securing
sensitive equipment from unauthorized access and tampering.
6. Power
 Uninterruptible Power Supply (UPS):
o A backup power supply that provides emergency power during
outages. It protects equipment from power surges and maintains
uptime for critical systems.
 Power Distribution Unit (PDU):
o A device that distributes electrical power to multiple devices from a
single power source. PDUs are essential for managing power supply
in data centers.
 Power Load:
o The total amount of electrical power consumed by equipment. It’s
important to calculate power loads to ensure that circuits are not
overloaded.
 Voltage:
o The electrical potential provided to equipment. Ensure compatibility
with the equipment’s voltage requirements to avoid damage.
7. Environmental Factors
 Humidity:
o Maintaining optimal humidity levels (typically 45-55%) is crucial to
prevent corrosion and static electricity that can damage equipment.
 Fire Suppression:
o Fire safety systems, such as sprinklers or gas-based suppression
systems, should be in place to protect equipment and
infrastructure.
 Temperature:
o Proper temperature control is essential, generally kept between
68°F to 72°F (20°C to 22°C) for most networking equipment to
ensure reliable operation.
Domain 3: Network Operations 19%

1.1: Purpose of Organizational Processes and Procedures

1. Documentation
 Physical vs. Logical Diagrams:
o Physical Diagrams: Show the actual layout of the physical
components in the network (e.g., hardware, cabling, locations).
o Logical Diagrams: Represent how data flows through the network,
illustrating the relationships between devices and systems.
 Rack Diagrams:
o Visual representations of equipment layout in racks. They help with
planning, organizing, and managing equipment placement and
airflow.
 Cable Maps and Diagrams:
o Detailed representations of cable runs, connections, and
terminations. These diagrams assist in troubleshooting and
maintenance.
 Network Diagrams:
o Layer 1: Depicts the physical connections and layout (cables,
devices).
o Layer 2: Illustrates data link layer connections (switches, VLANs).
o Layer 3: Shows network layer connections (routers, IP addressing).
 Asset Inventory:
o Hardware: Documentation of all physical devices in the network
(e.g., routers, switches).
o Software: Inventory of installed software applications and
operating systems.
o Licensing: Tracking of software licenses and compliance.
o Warranty Support: Documentation of warranty statuses and
support agreements for hardware.
 IP Address Management (IPAM):
o A system for managing IP address allocation, tracking usage, and
ensuring efficient address space utilization.
  Service-Level Agreement (SLA):
o A formal agreement between a service provider and a client that
outlines expected service levels, performance metrics, and
responsibilities.
 Wireless Survey/Heat Map:
o Visual representation of wireless signal strength and coverage
areas, helping to identify dead spots and optimize placement of
access points.
2. Life-Cycle Management
 End-of-Life (EOL):
o The stage when a product is no longer manufactured or sold,
signaling the need for replacement planning.
 End-of-Support (EOS):
o The point when a product no longer receives updates or support
from the manufacturer, requiring transition planning.
 Software Management:
o Patches and Bug Fixes: Regular updates to address
vulnerabilities and improve performance.
o Operating System (OS): Management of the OS versions and
updates in the network.
o Firmware: Keeping device firmware up to date for security and
functionality.
 Decommissioning:
o The process of safely retiring and removing hardware or software
from service, ensuring data security and proper disposal.
3. Change Management
 Request Process Tracking/Service Request:
o A structured approach to managing changes in the network
environment, including tracking requests for changes and their
approvals.
4. Configuration Management
 Production Configuration:
o The current, operational settings of network devices as they are in
use.
 Backup Configuration:
o Copies of the configurations that can be restored in case of failure
or issues.
 Baseline/Golden Configuration:
o The standard or optimal configuration settings used as a reference
for compliance and performance. It helps in maintaining consistency
across devices.

1.2: Use Network Monitoring Technologies

1. Methods
 SNMP (Simple Network Management Protocol):
o Traps: Alerts sent from devices to the management system when
certain events occur, such as a device failure or threshold being
exceeded.
o Management Information Base (MIB): A database of network
management information, structured hierarchically, used by SNMP
for monitoring.
o Versions:
  v2c: Improved performance and security features over v1 but
lacks strong security.
 v3: Introduces enhanced security features, including
authentication and encryption.
o Community Strings: Password-like strings used to access MIB
data; commonly used in v1 and v2c.
o Authentication: In v3, SNMP supports user authentication and
encryption for secure communication.
 Flow Data:
o Network traffic data collected to analyze patterns and flows in
network usage, often used for monitoring and reporting.
 Packet Capture:
o The process of intercepting and logging network packets to analyze
traffic and diagnose issues.
 Baseline Metrics:
o Anomaly Alerting/Notification: Setting performance baselines for
network metrics and generating alerts when deviations occur,
indicating potential issues.
 Log Aggregation:
o Syslog Collector: A centralized logging system that collects log
messages from various devices for analysis.
o Security Information and Event Management (SIEM): A
solution that aggregates and analyzes security data from across the
network to identify threats and incidents.
 Application Programming Interface (API) Integration:
o Using APIs to allow different software applications to communicate
and share data, facilitating automation and management tasks.
 Port Mirroring:
o A technique that duplicates traffic from one port to another for
monitoring purposes, allowing analysis of traffic without impacting
performance.
2. Solutions
 Network Discovery:
o Ad Hoc: Informal, on-demand discovery of devices in the network.
o Scheduled: Regularly planned network discovery processes to
identify and catalog devices systematically.
 Traffic Analysis:
o The process of monitoring and analyzing network traffic to
understand usage patterns, detect anomalies, and optimize
performance.
 Performance Monitoring:
o Continuous assessment of network performance metrics, including
latency, bandwidth usage, and error rates, to ensure optimal
operation.
 Availability Monitoring:
o Tracking the operational status of network devices and services to
ensure they are up and running, often using ping tests and other
health checks.
 Configuration Monitoring:
o The practice of tracking changes in network device configurations to
ensure compliance, security, and to detect unauthorized
modifications.

3.3: Explain Disaster Recovery Plan

1. DR Metrics
 Recovery Point Objective (RPO):
o The maximum acceptable amount of data loss measured in time. It
defines how frequently data backups should occur to ensure
minimal data loss in case of a disaster.
 Recovery Time Objective (RTO):
o The maximum acceptable downtime following a disaster. It specifies
the time within which systems and applications must be restored to
normal operation.
 Mean Time to Repair (MTTR):
o The average time taken to repair a failed component or system. It
includes the time taken for diagnosis, repair, and restoration of
service.
 Mean Time Between Failures (MTBF):
o The average time between failures of a system. It is a measure of
system reliability and is calculated as the total operational time
divided by the number of failures.
2. DR Sites
 Cold Site:
o A backup facility that has no active servers or data; it requires
significant setup and data restoration time to become operational
after a disaster.
 Warm Site:
o A backup facility that has hardware and infrastructure in place but
requires data updates and configuration to become fully
operational. It strikes a balance between cost and recovery time.
 Hot Site:
o A fully operational backup facility that mirrors the primary site,
maintaining up-to-date data and capable of immediate failover. It
offers the quickest recovery but at a higher cost.
3. High-Availability Approaches
 Active-Active:
o A setup where multiple systems or sites are simultaneously
operational, sharing the load and providing redundancy. If one fails,
the other can take over seamlessly.
 Active-Passive:
o A setup where one system is active, while another is on standby.
The passive system takes over only when the active system fails,
making it a cost-effective solution but with longer recovery times.
4. Testing
 Tabletop Exercises:
o Simulated discussions of disaster scenarios involving key
stakeholders. They focus on reviewing and evaluating DR plans,
roles, and response strategies without actual implementation.
 Validation Tests:
o Hands-on tests of DR procedures and systems to ensure they
function as intended. This includes testing backup and restoration
processes, failover capabilities, and overall recovery strategies.

3.4: Implement IPv4 and IPv6 Network Services

1. Dynamic Addressing
 DHCP (Dynamic Host Configuration Protocol):
 o Reservations: Assigning a specific IP address to a device based on
its MAC address to ensure it always receives the same IP.
o Scope: The range of IP addresses that the DHCP server can assign
to devices within a network.
o Lease Time: The duration for which an IP address is assigned to a
device. After the lease expires, the address can be reassigned.
o Options: Additional configuration settings provided by DHCP, such
as DNS server addresses, gateway information, and subnet masks.
o Relay/IP Helper: A configuration that allows DHCP requests to be
forwarded to a DHCP server on a different subnet, facilitating IP
address assignment in larger networks.
o Exclusions: Specific IP addresses within the DHCP scope that are
not available for assignment, often used for devices requiring static
addresses.
 Stateless Address Autoconfiguration (SLAAC):
o A method for devices to automatically configure themselves with an
IP address without needing a DHCP server. It uses the prefix
advertised by routers and generates an address based on the
device's MAC address.
2. Name Resolution
 DNS (Domain Name System):
o Domain Name Security Extensions (DNSSEC): A suite of
extensions that adds security to DNS by enabling the validation of
responses to ensure they have not been tampered with.
o DNS over HTTPS (DoH) and DNS over TLS (DoT): Protocols that
encrypt DNS queries to improve privacy and security, preventing
eavesdropping and manipulation.
o Record Types:
 Address (A): Maps a domain name to an IPv4 address.
 AAAA: Maps a domain name to an IPv6 address.
 Canonical Name (CNAME): An alias for another domain
name.
 Mail Exchange (MX): Specifies the mail server responsible
for receiving email for the domain.
 Text (TXT): Allows domain owners to add text information,
often used for verification purposes.
 Nameserver (NS): Indicates the authoritative DNS servers
for the domain.
 Pointer (PTR): Maps an IP address to a domain name
(reverse lookup).
o Zone Types:
 Forward Zone: Used for standard DNS resolution (domain to
IP).
 Reverse Zone: Used for reverse DNS lookups (IP to domain).
 Authoritative vs. Non-authoritative: Authoritative servers
have complete information for their domain, while non-
authoritative servers cache responses.
 Primary vs. Secondary: Primary servers hold the original
zone data; secondary servers obtain copies from the primary
server.
 Recursive: A server that will query other DNS servers on
behalf of the client until it finds the answer.
 Hosts File:
 o A local file that maps IP addresses to hostnames, used for name
resolution before DNS. It allows for manual configuration of address
mappings on individual devices.
3. Time Protocols
 NTP (Network Time Protocol):
o A protocol for synchronizing the clocks of devices over a network to
a common time source, ensuring accurate timekeeping.
 Precision Time Protocol (PTP):
o A protocol designed for high-precision clock synchronization in
networks, often used in applications requiring very accurate timing.
 Network Time Security (NTS):
o An extension to NTP that provides mechanisms for securing time
synchronization against various attacks, ensuring the integrity and
authenticity of time data.

3.5: Network Access Management Methods

1. VPN Types
 Site-to-Site VPN:
o A secure connection established between two or more networks
over the internet. Often used to connect branch offices to a central
office, allowing for seamless access to resources across locations.
 Client-to-Site VPN:
o A secure connection established between a single client (user) and
a remote network, allowing users to access resources as if they
were physically present in that network.
o Clientless: A type of client-to-site VPN that does not require a
dedicated client application on the user's device. Access is often
through a web browser.
o Split Tunnel vs. Full Tunnel:
 Split Tunnel: Only traffic destined for the remote network is
routed through the VPN, while other traffic accesses the
internet directly. This can improve performance and reduce
bandwidth use.
 Full Tunnel: All traffic from the client is routed through the
VPN, providing enhanced security but potentially slower
performance due to the increased load.
2. Connection Methods
 SSH (Secure Shell):
o A protocol used to securely connect to remote devices over an
unsecured network, providing command-line access and secure file
transfers.
 Graphical User Interface (GUI):
o A visual interface that allows users to interact with software through
graphical elements like buttons and menus, often used in network
management tools.
 API (Application Programming Interface):
o A set of protocols and tools that allows different software
applications to communicate with each other, enabling automation
and integration of services.
 Console:
o A direct command-line interface for managing network devices,
often accessed through a physical or virtual terminal.
3. Jump Box/Host:
  A secure intermediate server that acts as a gateway to access devices in a
restricted network. It enhances security by limiting direct access to
sensitive systems, requiring authentication before allowing further
connections.
4. In-band vs. Out-of-Band Management:
 In-band Management:
o Management tasks performed over the same network used for data
traffic. This approach is cost-effective but may pose security risks if
the management traffic is exposed to the same threats as user
data.
 Out-of-Band Management:
o Management tasks performed over a separate, dedicated network
path that is not used for regular data traffic. This approach
enhances security and allows for management access even if the
primary network is down.

Domain 4: Network Security

1.1: Importance of Basic Network Security Concepts:

1. Logical Security
 Encryption:
o Data in Transit: Protects data while it is being transmitted over a
network. Common protocols include TLS (Transport Layer Security)
and VPN (Virtual Private Network) encryption.
o Data at Rest: Protects data stored on devices or servers. Methods
include full disk encryption (e.g., BitLocker, FileVault) and database
encryption.
 Certificates:
o Public Key Infrastructure (PKI): A framework that manages
digital certificates and public-key encryption, enabling secure data
transmission and identity verification.
o Self-Signed Certificates: Certificates that are signed by the entity
creating them rather than a trusted certificate authority (CA). They
are generally used for internal or testing purposes.
 Identity and Access Management (IAM):
 o Authentication: The process of verifying the identity of a user or
device.
o Multifactor Authentication (MFA): Requires multiple forms of
verification (e.g., password, smartphone app, biometric) to enhance
security.
o Single Sign-On (SSO): Allows users to authenticate once and gain
access to multiple applications without re-entering credentials.
o Remote Authentication Dial-in User Service (RADIUS): A
protocol for authenticating and authorizing users who connect to a
network remotely.
o LDAP (Lightweight Directory Access Protocol): A protocol for
accessing and maintaining distributed directory information
services over a network.
o Security Assertion Markup Language (SAML): An open
standard for exchanging authentication and authorization data
between parties, especially for web applications.
o Terminal Access Controller Access-Control System Plus
(TACACS+): A protocol for remote user authentication and
authorization, providing more granular control than RADIUS.
o Time-based Authentication: Involves using time-sensitive tokens,
often seen in MFA.
o Authorization: The process of determining what an authenticated
user is allowed to do.
o Least Privilege: A principle that restricts users to only the access
necessary to perform their job functions.
o Role-Based Access Control (RBAC): A method of restricting
system access based on user roles, ensuring users can only access
resources relevant to their job.
 Geofencing: A technology that creates a virtual boundary around a
physical location, allowing applications to trigger actions when a device
enters or exits the boundary.
2. Physical Security
 Camera: Surveillance systems used to monitor and record activities in
physical spaces, enhancing security.
 Locks: Physical devices used to restrict access to facilities, equipment, or
sensitive information.
3. Deception Technologies
 Honeypot: A decoy system designed to attract attackers, allowing
organizations to study their techniques and prevent future attacks.
 Honeynet: A network of honeypots designed to simulate a complete
environment for attackers, providing deeper insights into attack patterns.
4. Common Security Terminology
 Risk: The potential for loss or damage when a threat exploits a
vulnerability.
 Vulnerability: A weakness in a system that can be exploited by threats.
 Exploit: A piece of software or code that takes advantage of a
vulnerability to cause unintended behavior.
 Threat: Any circumstance or event that has the potential to cause harm
to a system.
 Confidentiality, Integrity, and Availability (CIA) Triad: The three
core principles of information security:
o Confidentiality: Ensuring that sensitive information is accessed
only by authorized individuals.
o Integrity: Maintaining the accuracy and reliability of data.
 o Availability: Ensuring that information and resources are
accessible when needed.
5. Audits and Regulatory Compliance
 Data Locality: The requirement for data to be stored within specific
geographic boundaries, often due to legal or regulatory requirements.
 Payment Card Industry Data Security Standards (PCI DSS): A set of
security standards designed to ensure that companies that accept,
process, or store credit card information maintain a secure environment.
 General Data Protection Regulation (GDPR): A regulation in EU law
on data protection and privacy, aiming to give individuals more control
over their personal data.
6. Network Segmentation Enforcement
 Internet of Things (IoT) and Industrial Internet of Things (IIoT): The
connection of physical devices to the internet, allowing for data collection
and communication, with IIoT focused on industrial applications.
 Supervisory Control and Data Acquisition (SCADA), Industrial
Control System (ICS), Operational Technology (OT): Systems used
for industrial processes and infrastructure management.
 Guest Networks: Segregated networks for visitors to access the internet
without compromising the main network's security.
 Bring Your Own Device (BYOD): A policy allowing employees to use
their personal devices for work purposes, posing challenges for security
management.

4.2: Various Type of Attacks and their impact on the network

1. Denial-of-Service (DoS) / Distributed Denial-of-Service (DDoS)

 DoS: An attack that aims to make a service unavailable by overwhelming
it with traffic or exploiting vulnerabilities, causing legitimate users to lose
access.
 DDoS: A type of DoS attack that uses multiple compromised devices
(botnets) to flood a target with traffic, making it harder to mitigate.
2. VLAN Hopping
 An attack that allows an attacker to send packets to a VLAN they are not
authorized to access. This can happen through double tagging (adding two
VLAN tags) or by gaining access to a trunk link.
3. Media Access Control (MAC) Flooding
 An attack that overwhelms a switch with fake MAC addresses, causing it to
enter a fail-open mode. In this mode, the switch broadcasts all traffic to all
ports, allowing attackers to capture sensitive data.
4. Address Resolution Protocol (ARP) Poisoning
 A technique that involves sending false ARP messages to associate the
attacker's MAC address with the IP address of another device. This can
lead to traffic interception or disruption.
5. ARP Spoofing
 Similar to ARP poisoning, it involves sending fake ARP replies to map an
attacker’s MAC address to the IP address of a legitimate device on the
network, enabling man-in-the-middle attacks.
6. DNS Poisoning
 An attack that manipulates DNS records to redirect traffic to malicious
sites, often resulting in users accessing fraudulent websites.
7. DNS Spoofing
 A type of DNS poisoning where an attacker sends a forged DNS response
to a victim's DNS request, leading them to a malicious site.
8. Rogue Devices and Services
 Rogue DHCP Server: An unauthorized DHCP server that assigns IP
addresses to clients, allowing the attacker to control traffic.
 Rogue Access Point (AP): An unauthorized wireless access point that
can intercept or manipulate network traffic.
9. Evil Twin
 A malicious Wi-Fi access point that mimics a legitimate one, tricking users
into connecting to it. This allows attackers to intercept data.
10. On-Path Attack
 Also known as a man-in-the-middle attack, where an attacker intercepts
communication between two parties, allowing them to eavesdrop or alter
the communication.
11. Social Engineering
 A manipulation technique that exploits human psychology to gain
confidential information.
o Phishing: Deceptive emails or messages that trick users into
revealing personal information or clicking on malicious links.
o Dumpster Diving: Searching through trash to find sensitive
information, such as discarded documents or devices.
o Shoulder Surfing: Observing someone’s screen or keyboard to
capture sensitive information (like passwords).
o Tailgating: Gaining unauthorized access to a restricted area by
following someone with legitimate access.
12. Malware
 Malicious software designed to harm, exploit, or otherwise compromise a
system. Types include:
o Viruses: Attach to legitimate files and spread when those files are
shared.
o Worms: Replicate themselves across networks without user
intervention.
o Trojan Horses: Disguise themselves as legitimate software to trick
users into installing them.
o Ransomware: Encrypts user files and demands payment for
decryption.
o Spyware: Secretly monitors user activity and collects personal
information.

4.3 Apply Network Security Feature, Defence Techniques and Solutions

1. Device Hardening
 Disable Unused Ports and Services: Close any network ports and
disable services that are not in use to reduce potential attack vectors.
 Change Default Passwords: Update factory default passwords to
strong, unique passwords to prevent unauthorized access.
2. Network Access Control (NAC)
 Port Security: Restrict network access to specific devices by configuring
switch ports to allow only registered MAC addresses.
 802.1X: A standard for port-based Network Access Control that
authenticates devices before granting them access to the network,
typically using RADIUS for authentication.
 MAC Filtering: A method of controlling access to a network by allowing or
denying devices based on their MAC addresses.
3. Key Management
  The process of generating, distributing, storing, using, and retiring
cryptographic keys. Effective key management ensures the integrity and
confidentiality of data.
4. Security Rules
 Access Control List (ACL): A set of rules that define permissions for
network traffic. ACLs can be applied to routers and switches to filter traffic
based on IP addresses, protocols, and ports.
 Uniform Resource Locator (URL) Filtering: A security measure that
restricts access to specific websites or categories of websites based on
their URLs, often used to block harmful or inappropriate content.
 Content Filtering: Inspects and restricts data transmitted over the
network based on predefined criteria, protecting against unwanted or
harmful data.
5. Zones
 Trusted vs. Untrusted Zones:
o Trusted Zone: A network segment that is secure and trusted,
where devices are authenticated and traffic is monitored.
o Untrusted Zone: A network segment that is considered insecure,
such as the internet, where devices are not authenticated and are
potential threats.
 Screened Subnet: A subnetwork that serves as a buffer between a
trusted network and an untrusted network (often called a DMZ). It typically
hosts servers that need to be accessible from both internal and external
networks.

Domain 5: Network Troubleshooting 24%

1.1 : Troubleshooting Methodology

1. Identify the Problem

 Gather Information: Collect relevant data regarding the issue, including
logs, error messages, and user reports.
 Question Users: Engage with users to understand their experience,
focusing on what they were doing when the problem occurred.
 Identify Symptoms: Note the specific behaviors or indications of the
problem to clarify its nature.
 Determine if Anything Has Changed: Check for recent changes in the
system or environment that might have contributed to the issue.
  Duplicate the Problem, If Possible: Try to recreate the issue to
observe its behavior and conditions.
 Approach Multiple Problems Individually: If there are several issues,
tackle them one at a time to avoid confusion.
2. Establish a Theory of Probable Cause
 Question the Obvious: Consider common issues or simple solutions first
before delving deeper.
 Consider Multiple Approaches:
o Top-to-Bottom/Bottom-to-Top OSI Model: Analyze the problem
from both the application layer down to the physical layer and vice
versa.
o Divide and Conquer: Break the problem into smaller parts to
isolate the cause.
3. Test the Theory to Determine the Cause
 If Theory is Confirmed: Determine the next steps for resolution, which
may involve specific fixes or adjustments.
 If Theory is Not Confirmed: Establish a new theory based on
observations or escalate to more knowledgeable personnel if necessary.
4. Establish a Plan of Action to Resolve the Problem and Identify
Potential Effects
 Create a detailed action plan, considering potential risks and the impact
on users or systems during the resolution process.
5. Implement the Solution or Escalate as Necessary
 Execute the action plan to resolve the issue. If it is beyond your capability,
escalate it to the appropriate team or individual.
6. Verify Full System Functionality and Implement Preventive Measures
If Applicable
 After implementing the solution, check that the system is functioning
correctly and consider preventive measures to avoid future occurrences.
7. Document Findings, Actions, Outcomes, and Lessons Learned
 Record all steps taken, including the problem, analysis, resolution, and
any insights gained, to improve future troubleshooting processes and
knowledge sharing.

1.2: Troubleshoot Common Cabling and Physical interface Issues

Cable Issues
 Incorrect Cable:
o Single Mode vs. Multimode: Single mode fibers are used for
long-distance communication, while multimode fibers are used for
shorter distances due to differing core diameters and light
propagation.
o Category Cables (Cat 5/6/7/8): Different categories indicate the
cable's capability in terms of data transmission speeds and
frequencies. For example, Cat 5 supports up to 100 Mbps, while Cat
6 can handle up to 10 Gbps.
o Shielded Twisted Pair (STP) vs. Unshielded Twisted Pair
(UTP): STP cables are shielded to reduce electromagnetic
interference, while UTP cables are more common and less
expensive.
 Signal Degradation:
 o Crosstalk: Interference from adjacent cables that can lead to signal
distortion.
o Interference: External electromagnetic interference from devices
or power sources can affect signal integrity.
o Attenuation: Loss of signal strength over distance, requiring
repeaters or boosters for long runs.
 Improper Termination: Poorly crimped or terminated cables can lead to
connectivity issues or intermittent failures.
 Transmitter (TX)/Receiver (RX) Transposed: Incorrect wiring at the
ends of the cable can cause communication failures, as the transmit and
receive signals may not align correctly.
2. Interface Issues
 Increasing Interface Counters:
o Cyclic Redundancy Check (CRC): Errors detected by CRC indicate
possible data corruption during transmission.
o Runts: Packets that are smaller than the minimum frame size,
often due to collisions or misconfigurations.
o Giants: Packets that exceed the maximum frame size, which can
cause network disruptions.
o Drops: Packets that are discarded by the switch due to buffer
overflow or other issues.
 Port Status:
o Error Disabled: A port that has been shut down due to a detected
error, requiring manual re-enablement.
o Administratively Down: A port that has been manually disabled,
often for maintenance or configuration purposes.
o Suspended: A port that is temporarily disabled due to specific
conditions, such as security violations.
3. Hardware Issues
 Power over Ethernet (PoE):
o Power Budget Exceeded: The total power required by devices
connected to a PoE switch exceeds the switch’s capacity, leading to
device failure.
o Incorrect Standard: Mismatches between PoE standards (e.g.,
IEEE 802.3af vs. 802.3at) can cause issues in device compatibility
and power delivery.
 Transceivers:
o Mismatch: Using incompatible transceivers (e.g., differing
wavelengths or types) can result in connection failures.
o Signal Strength: Weak or unstable signals from transceivers can
lead to data transmission errors.

1.3: Troubleshoot Common issue with network Services

1. Switching Issues
 Spanning Tree Protocol (STP):
o Network Loops: STP prevents loops in Ethernet networks by
blocking redundant paths, which can cause broadcast storms.
o Root Bridge Selection: The bridge with the lowest bridge ID is
elected as the root bridge, serving as the central point for STP
calculations.
o Port Roles:
 Root Port: The port with the best path to the root bridge.
  Designated Port: The port that has the best path to the
segment and is responsible for forwarding traffic.
 Blocked Port: Ports that are not active to prevent loops.
o Port States:
 Blocking: No traffic is forwarded, but BPDUs are received.
 Listening: Ports listen for BPDUs to ensure no loops will
occur.
 Learning: The switch learns MAC addresses but does not
forward traffic.
 Forwarding: The port actively forwards traffic and learns
MAC addresses.
 Incorrect VLAN Assignment: Misconfigured VLANs can lead to traffic
being sent to the wrong segment, causing communication failures.
 Access Control Lists (ACLs): Improperly configured ACLs can block
legitimate traffic or allow unauthorized access.
2. Route Selection
 Routing Table: A table maintained by routers that contains the routes to
various network destinations, including metrics for determining the best
route.
 Default Routes: A route that is used when no specific route is available
for a destination, often referred to as the "gateway of last resort."
3. IP Addressing Issues
 Address Pool Exhaustion: Occurs when a DHCP server runs out of IP
addresses to assign to clients, resulting in connectivity issues for new
devices.
 Incorrect Default Gateway: If a device is configured with an incorrect
default gateway, it may be unable to communicate outside its local
network.
 Incorrect IP Address: Misconfigured IP addresses can prevent devices
from communicating effectively within the network.
 Duplicate IP Address: When two devices are assigned the same IP
address, it leads to conflicts and connectivity problems.
 Incorrect Subnet Mask: A wrong subnet mask can cause devices to
misinterpret the network, leading to communication failures.

5.4 Troubleshoot Common Performance Issue

1. Congestion/Contention
 Congestion:
o Definition: A state where the demand for network resources
exceeds available capacity, leading to delays and degraded
performance.
o Causes: High traffic volumes, insufficient bandwidth, or inefficient
routing.
o Effects: Increased latency, packet loss, and reduced throughput.
 Contention:
o Definition: Competition among multiple devices or users for shared
network resources.
o Examples: Devices trying to use the same bandwidth on a wireless
network, leading to slow speeds.
2. Bottlenecking
 Definition: A point in the network that limits data flow due to inadequate
capacity.
  Causes: Overloaded routers, insufficient link speed, or slow processing
capabilities of network devices.
 Effects: Slower data transfer rates, increased latency, and potential
packet loss.
3. Bandwidth
 Definition: The maximum rate of data transfer across a network path.
 Throughput Capacity:
o Definition: The actual amount of data successfully transmitted in a
given time frame, which may be lower than the theoretical
bandwidth.
o Factors Influencing Throughput: Network congestion, protocol
overhead, and physical limitations.
4. Latency
 Definition: The time delay from the moment data is sent until it is
received.
 Measurement: Usually measured in milliseconds (ms).
 Effects of High Latency: Can hinder real-time applications like VoIP,
gaming, and video conferencing, leading to poor user experiences.
5. Packet Loss
 Definition: The failure of one or more transmitted packets to arrive at
their destination.
 Causes: Network congestion, faulty hardware, or interference.
 Effects: Can lead to decreased performance in applications requiring data
integrity, such as streaming and voice calls.
6. Jitter
 Definition: The variation in packet arrival times.
 Effects: High jitter can disrupt the quality of voice and video
communications, causing choppy audio or video feeds.
 Measurement: Typically measured in milliseconds (ms).
7. Wireless Network Issues
 Interference:
o Definition: Disruption in wireless signals caused by other devices
or networks.
o Channel Overlap: Overlapping channels can lead to competition
for bandwidth, reducing performance, especially in crowded
environments.
 Signal Degradation or Loss:
o Definition: Weakening of signal strength due to distance, physical
barriers, or interference.
o Effects: Can lead to unreliable connections and decreased data
transfer speeds.
 Insufficient Wireless Coverage:
o Definition: Areas where wireless signals are weak or nonexistent,
often due to limited access point placement.
o Effects: Users may experience dropped connections or inability to
connect.
 Client Disassociation Issues:
o Definition: Loss of connection between a client device and an
access point, often due to interference or signal issues.
o Effects: Can disrupt user experience, requiring reconnection.
 Roaming Misconfiguration:
o Definition: Poorly configured settings that hinder a client’s ability
to switch between access points seamlessly.
 o Effects: May lead to interruptions in service as devices move within
the coverage area.

5.5: Use the Appropriate Tool and Protocols to Solve Networking Issue

Software Tools
1. Protocol Analyzer
 Definition: A tool that captures and analyzes network traffic to diagnose
issues and understand network behavior.
 Examples: Wireshark, tcpdump.
2. Command Line Tools
 ping:
o Function: Tests connectivity to a specific IP address or hostname
by sending ICMP Echo Request packets.
o Use: Helps determine if a host is reachable and measures round-
trip time.
 traceroute/tracert:
o Function: Traces the path packets take to a destination.
o Use: Identifies where delays occur along the route.
 nslookup:
o Function: Queries the DNS to obtain domain name or IP address
mapping.
o Use: Helps troubleshoot DNS-related issues.
 tcpdump:
o Function: Captures packets on a network interface for analysis.
o Use: Useful for diagnosing network issues and monitoring traffic.
 dig:
o Function: A DNS lookup tool providing detailed information about
DNS records.
o Use: Used for troubleshooting DNS issues.
 netstat:
o Function: Displays active connections, listening ports, and routing
tables.
o Use: Helps monitor network statistics and diagnose connectivity
issues.
 ip/ifconfig/ipconfig:
o Function: Displays and configures network interface settings.
o Use: Useful for managing IP addresses and network interfaces.
 arp:
o Function: Displays and manages the ARP cache.
o Use: Helps in resolving IP addresses to MAC addresses.
3. Nmap
 Definition: A network scanning tool used to discover hosts and services
on a network.
 Use: Identifies open ports, running services, and potential vulnerabilities.
4. Link Layer Discovery Protocol (LLDP)/Cisco Discovery Protocol (CDP)
 Definition: Network protocols used for discovering information about
directly connected devices.
 Use: Helps in network topology mapping and troubleshooting.
5. Speed Tester
 Definition: Tools used to measure the speed and performance of an
internet connection.
 Examples: Ookla Speedtest, Fast.com.
Hardware Tools
1. Toner
 Definition: A tool used to trace and identify cables.
 Use: Helps locate cable faults and identify which cables connect to
specific devices.
2. Cable Tester
 Definition: A device used to check the integrity of cables and ensure
proper connectivity.
 Use: Tests for shorts, opens, and miswiring.
3. Taps
 Definition: Devices that allow monitoring of network traffic without
disrupting the flow.
 Use: Used in network monitoring and security assessments.
4. Wi-Fi Analyzer
 Definition: A tool used to analyze wireless network performance.
 Use: Helps identify channel interference, signal strength, and optimal
access point placement.
5. Visual Fault Locator
 Definition: A tool that emits light to identify breaks or faults in fiber optic
cables.
 Use: Helps in troubleshooting fiber optic networks.
Basic Networking Device Commands
1. show mac-address-table
 Function: Displays the MAC address table of the device.
 Use: Helps identify which MAC addresses are associated with which ports.
2. show route
 Function: Displays the routing table.
 Use: Used to understand the paths available for data packets.
3. show interface
 Function: Provides details about the status and statistics of interfaces.
 Use: Useful for monitoring interface health and performance.
4. show config
 Function: Displays the device's configuration settings.
 Use: Helps review and verify device configurations.
5. show arp
 Function: Displays the ARP table.
 Use: Useful for troubleshooting IP to MAC address resolutions.
6. show vlan
 Function: Displays VLAN configuration and status.
 Use: Helps in managing and troubleshooting VLANs.
7. show power
 Function: Displays power consumption details for PoE ports.
 Use: Useful for monitoring power allocation in PoE setups.