Appendix C 756 Correct answers and explanations: A. Answer A is correct, because subnet C has a network address of 192.168.3.0/24 and the address of 192.168.3.155 is an appropriate client IP address for this subnet. Incorrect answers and explanations: B, C, and D. Answer B is incorrect, because 192.168.3.1 is an appropriate IP address for this subnet, but it is already configured on the router as the default gateway for the segment. Answer C is incorrect, because 192.168.3.0 is not a valid client IP address. Answer D is incorrect, because 192.168.3.255 is a broadcast address and cannot be configured on a client machine as a valid IP address. You are the administrator for the network shown in Figure 12.12. 9. You receive a help desk call from the user of Computer8, stat- ing that she cannot browse the Internet or access a shared folder located on Computer5. Upon investigating the issue, you find that Computer7 is able to access the Internet and other shared resources, but Computer8 cannot ping any other hosts on the network. Based on this information, which of the following are likely points of failure that you should investigate? (Each selection represents a complete choice. Select all that apply.) A. The NIC installed in Computer8 B. The network cable attaching Computer8 to the network FIGurE 12.12 Computer5 192.168.1.101 255.255.255.0 Computer6 192.168.1.102 255.255.255.0 Router A Computer1 192.168.3.101 255.255.255.0 Computer2 192.168.3.102 255.255.255.0 Computer3 192.168.4.100 255.255.255.0 Computer4 192.168.4.101 255.255.255.0 Router B Computer7 192.168.2.100 255.255.255.0 Computer8 192.168.2.101 255.255.255.0 Subnet C Gateway: 192.168.3.1 Subnet A Gateway: 192.168.1.1 Subnet B Gateway: 192.168.2.1 Subnet D Gateway: 192.168.4.1 Appendix C 757 C. The NIC installed in Router A attached to Subnet B D. The TCP/IP configuration of Computer7 Correct answers and explanations: A and B. Answer A is correct, because the issue appears to be localized to Computer8. Since other computers on the network are not having connectivity problems and since Computer8 cannot ping any other hosts, even on the local segment, it is possible that the NIC installed on Computer8 will have failed. Answer B is correct, because the issue appears to be localized to Computer8. Since other computers on the network are not having connectivity problems and since Computer8 cannot ping any other hosts, even on the local segment, it is possible that the net- work cable attaching Computer8 to the network will have failed. Incorrect answers and explanations: C and D. Answer C is incorrect, because Computer7 is not having connectivity problems, and if the issue resided with the router other machines on the segment would also display symptoms. Answer D is incorrect; since Computer7 is not having connectivity issues, there is no reason to examine its TCP/IP configuration. You are the administrator of the network shown in Figure 12.13. 10. The firewall in the exhibit was installed by an outside consultant a few weeks ago. Once a month, one of your company’s employees needs to access the FTP site of one of your company’s business partners, ftp.airplanes.com, in order to download large PDF files containing product marketing information. You receive a help desk call from this employee, stating that he is now unable to access this FTP site. The last time he performed this task was before the firewall was installed, and he says that it worked fine then. You are able to ping the ftp.airplanes.com DNS name, and you can access www.airplanes.com, which is located on the same physical machine. What is the best way to restore this employee’s access to the ftp.airplanes.com FTP site? A. Configure a firewall rule allowing traffic to TCP ports 20 and 21. B. Configure a firewall rule allowing traffic to TCP ports 25 and 110. C. Configure a firewall rule allowing all TCP traffic to this employ- ee’s workstation. D. Configure a firewall rule allowing traffic to TCP ports 80 and 443. Correct answers and explanations: A. Answer A is correct, because ports 20 and 21 are used for FTP traffic. By configuring the firewall to allow FTP traffic to pass through the user will be able to transfer the files required successfully. Appendix C 758 Incorrect answers and explanations: B, C, and D. Answer B is incorrect, because ports 25 and 110 are not utilized for FTP. Port 25 is utilized by SMTP and 110 is utilized by POP3. Answer C is incorrect, because allow- ing all TCP traffic to the user’s workstation when only FTP is required is an unnecessary change which leaves the machine vulnerable. Answer D is incorrect, because ports 80 and 443 are not utilized for FTP. Port 80 is uti- lized by HTTP and port 443 is utilized by HTTPS. You are the network administrator for a medium-sized law firm. 11. You have recently deployed a wireless access point (WAP) for use by your internal support staff and attorneys. You have been charged with ensuring that only legitimate users of your company network will be able to access these wireless access points. What are some steps you can take to enable network connectivity to your wire- less access point so that only legitimate users will be able to obtain FIGurE 12.13 Appendix C 759 access? (Each choice represents a complete answer. Choose all that apply.) A. Enable MAC address filtering. B. Enable the default SSID broadcast. C. Enable WEP or WPA encryption. D. Enable the DHCP server on the wireless access point. Correct answers and explanations: A and C. Answer A is correct, because enabling MAC address filtering will only allow machines that have had their MAC addresses added to authorized lists to connect to the network. Answer C is correct, because by configuring WEP or WPA encryption machines connecting to the environment will be required to have the access keys configured. Incorrect answers and explanations: B and D. Answer B is incorrect, because by allowing a network’s SSID to be broadcasted, all machines within range will be able to detect the wireless network and attempt to connect. Broadcast the default SSID does not enhance security. Answer D is incorrect, because enabling a DHCP server on the wireless access point will not restrict unauthorized users from connecting to the wireless access point. You are the administrator of the network shown in Figure 12.14. 12. You receive a call from the users of Computer5 and Computer6, stating that they cannot access any resources on the Internet. No other users on the network are reporting outages. Based on this diagram, what is most likely causing this connectivity issue? A. The network cable attaching Computer5 to the network B. The 192.168.1.1 interface on Router A C. The 192.168.4.1 interface on Router B D. The 192.168.5.1 interface on Router A Correct answers and explanations: B. Answer B is correct, because the loss of Internet connectivity is occurring with all the machines on a particu- lar segment, and the common connectivity point to the internet for all the effected machines is the 192.168.1.1 interface on Router A, this interface is the most likely the cause of the connectivity issue. Incorrect answers and explanations: A, C, and D. Answer A is incor- rect, because Computer5 is not the only machine experiencing problems, which indicates that the issue is more widespread than a single network cable. Answer C is incorrect, because the machines on the 192.168.4.0 net- work are not experiencing any connectivity problems, so it is unlikely that Appendix C 760 this interface is causing the problem. Answer D is incorrect, because the machines on the 192.168.5.0 network are not experiencing any connectivity problems, so it is unlikely that this interface is causing the problem. You are the administrator of the network shown in Figure 12.15. 13. The user of Computer1 is unable to access a shared resource located on Computer3. Computer1 is able to access shared resourc- es on other subnets on the internal network as well as the Internet. Computer3 is able to access shared resources on Computer5 and Computer7, as well as resources on the Internet. When you ping Computer1 from Computer3, you receive a “Request Timed Out” message. Based on this information, what is the most likely cause of the connectivity issue? A. The router interface attached to Subnet D is malfunctioning. B. The router interface attached to Subnet C is malfunctioning. FIGurE 12.14 Appendix C 761 C. Router B does not have a route from Subnet C to the Internet. D. Router B does not have a route from Subnet C to Subnet D. Correct answers and explanations: D. Answer D is correct, because Computer1, from Subnet C is able to connect anywhere in the network except for Subnet D, and Computer3 is able to connect anywhere in the network except for Subnet C. This shows that Subnet C and Subnet D are unable to connect through Router B. Incorrect answers and explanations: A, B, and C. Answer A is incorrect, because Computer3 is able to connect to the Internet and other subnets, therefore the router interface for Subnet D must be functioning correctly. Answer B is incorrect, because Computer1 is able to connect to the Internet and other subnets, therefore the router interface for Subnet C must be FIGurE 12.15 Appendix C 762 functioning correctly. Answer C is incorrect, because connectivity from Subnet C to the Internet is functioning since Computer1 is able to connect to the Internet. A user connected to Subnet B is able to use the resources housed 14. on a machine named ServerA which is located on Subnet W without trouble. When the same user is working from a differ- ent location, their machine obtains an IP address from DHCP on Subnet D and they are no longer able to connect to ServerA. You have been attempting to determine the problem. So far you have utilized the ipconfig tool to verify the IP configuration of both the server and the client, and both appear correct. Which of the follow- ing troubleshooting steps would be a logical next choice? Choose all that apply. A. From the user workstation on Subnet D ping the default gateway B. From ServerA ping the default gateway C. From the user workstation ping another machine on the same subnet as ServerA D. From the user workstation ping the loopback address Correct answers and explanations: A and C. Answer A is correct, because by pinging the default gateway on Subnet D allows you to ensure that the user workstation is able to reach the gateway in order to transmit packets for deliver to remote subnets. Answer C is correct, because by pinging another machine on the same subnet as ServerA you can determine if the connectiv- ity problem is isolated to communications with ServerA or if it is a commu- nications problem between Subnet D and Subnet W. Incorrect answers and explanations: B and D. Answer B is incorrect, because the user workstation while connected to Subnet B is able to suc- cessfully connect to ServerA, demonstrating that ServerA can use its default gateway successfully so pinging it is not required. Answer D is incorrect, because if the user workstation can successfully connect to the server from other subnets this demonstrates that the TCP/IP stack on the user worksta- tion is working properly, so pinging the loopback address in order to validate the installation of the local TCP/IP stack would not move the troubleshoot- ing a long any further. Your e-mail server is having network connectivity problems. You 15. have replaced the NIC and reconfigured the IP address. The last step that you take is to start the e-mail services and all services Appendix C 763 have now started successfully without generating error messages. Which of the following actions will allow you to verify that the e-mail services are successfully accepting inbound e-mail? A. Telnet from a client machine to port 25 on the e-mail server. B. Telnet from a client machine to port 23 on the e-mail server. C. Use POP3 to create an e-mail queue and validate that e-mail passes through it successfully. D. Use IMAP4 to send Internet e-mail to the server. Correct answers and explanations: A. Answer A is correct, because the telnet command can be used to verify that a port on a particular machine is open. Issuing the telnet command on port 25 will validate that the SMTP services which are responsible for inbound e-mail are up and functioning. Incorrect answers and explanations: B, C, and D. Answer B is incorrect, because port 23 is the default telnet port and you cannot determine if e-mail services are functioning correctly by telenetting to port 23. Answer C is incorrect, because POP3 is a protocol used to receive e-mail from server to a client. It is not used to create or validate queue. Answer D is incorrect, because IMAP4 is a protocol used to receive e-mail from server to a client. This page intentionally left blank 765 10Base2, 72–73, 84 10Base5 (Thicknet), 72–73 10BaseT, 74 10BaseFL, 74 100BaseFX, 75 1000BaseLX, 75 1000BaseSX, 75 1000BaseCX, 75 1000BaseT, 75 100BaseTX, 75 10 Gigabit Ethernet, 71 6to4 protocol, 601 32-bit IP address, 288, 301, 302, 308 8086 16-bit processor, 9 A AAA. See Access control, authentication, and auditing Access, 3 Access control, authentication, and auditing (AAA), 431–432 Access control lists (ACLs), 132, 385 Access controls, 411, 432–433 Access points (APs), 172, 184, 190, 192, 197, 198, 210 rogue, 208, 212, 213 wireless, 180 Acknowledgment (ACK), 184 ACL. See Access control lists Acorn computer, 10 Active attacks on wireless networks, 207–212 Active Directory, 448 Active hubs, 102–103, 582 troubleshooting, 590 Ad hoc network configuration, 189–190 Adapters, 107 Address resolution protocol (ARP), 122, 213, 214, 246, 599 cache, 340 InARP, 341 poisoning, 431 proxy, 341 RARP, 341 requester, 340 responder, 340 spoofing, 214, 426–427 using, 340–341 ADSL. See Asymmetric digital subscriber line Advanced Research Projects Agency Network (ARPANet), 9, 258, 346 AIEE. See American Institute of Electrical Engineers AirSnort, 209, 213–215 Altair 8800, 10 American Institute of Electrical Engineers (AIEE), 639 Analog modems, 108–109 Analog signaling vs. digital signaling, 240–242 API. See Application program interface APIPA. See Automatic private IP addressing Apple II computer, 11 Application layer, troubleshooting, 614–620, 624 DHCP for, 617 DNS for, 617 FTP for, 615 HTTP for, 616–617 NNTP for, 617 of OSI model, 252–253 SMTP for, 616 SNMP for, 615–616 Telnet protocol, 616, 619 Application layer gateway firewalls, 393, 399–400 benefits of, 399 drawbacks of, 399 operation of, 400 Application level firewalls, 128–129 Application program interface (API) NetBIOS, 257 at session layer, 610 telephony, 257 WinSock, 257, 268–269 APs. See Access points Arcnet, 72–73 ARP. See Address resolution protocol arp command, 536–538 ARPANet. See Advanced Research Projects Agency Network ArpWatch, 214 Asymmetric digital subscriber line (ADSL), 369 Attachment unit interface (AUI), 72 Attack signature database, 389 Attenuation, 52, 89 Auditing, 433–434 AUI. See Attachment unit interface Authentication, 433 802.1x methods, 199, 458–461 802.11 methods, 195–200 open, 195–196 shared-key, 195–196 802.11i, 197–200 biometrics, 441 CHAP, 454–455 cleartext, 436 EAP, 462–464 Kerberos, 445–447 LDAP, 447–454 methods multifactor, 438–439 one-factor, 434–436 single sign-on (SSO), 439 two-factor, 437–438 mutual, 199, 457–458 open, 195 PAP, 454 PEAP, 464–466 per-packet, 199–200 port, 160–161, 164 RADIUS, 441–444 and remote access policies, 440–441 systems, 439–440 TACACS, 455 TACACS+, 455–456 Index . employees needs to access the FTP site of one of your company’s business partners, ftp.airplanes.com, in order to download large PDF files containing product marketing information. You receive a help. is correct, because the loss of Internet connectivity is occurring with all the machines on a particu- lar segment, and the common connectivity point to the internet for all the effected machines. explanations: A. Answer A is correct, because the telnet command can be used to verify that a port on a particular machine is open. Issuing the telnet command on port 25 will validate that the SMTP services