Answer Description

A Media Access Control (MAC) is a globally unique id assigned to a network device. It is physically 'engraved' into the network device by the manufacturer and is often called the hardware or physical address. It consists of 6 bytes which is 48 bits (6 * 8 = 48).

Wikipedia

A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sublayer of the data link layer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator. MAC addresses are primarily assigned by device manufacturers, and are therefore often referred to as the burned-in address, or as an Ethernet hardware address, hardware address, or physical address. Each address can be stored in hardware, such as the card's read-only memory, or by a firmware mechanism. Many network interfaces, however, support changing their MAC address. The address typically includes a manufacturer's organizationally unique identifier (OUI). MAC addresses are formed according to the principles of two numbering spaces based on extended unique identifiers (EUIs) managed by the Institute of Electrical and Electronics Engineers (IEEE): EUI-48—which replaces the obsolete term MAC-48—and EUI-64. Network nodes with multiple network interfaces, such as routers and multilayer switches, must have a unique MAC address for each NIC in the same network. However, two NICs connected to two different networks can share the same MAC address.

Answer Description

CHAP (Challenge Handshake Authentication Protocol) uses a 3-way handshake to authenticate the opposing end of a connection, and will periodically repeat the authentication process during the connection.

Wikipedia

In computing, the Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol originally used by Point-to-Point Protocol (PPP) to validate users. CHAP is also carried in other authentication protocols such as RADIUS and Diameter. Almost all network operating systems support PPP with CHAP, as do most network access servers. CHAP is also used in PPPoE, for authenticating DSL users. As the PPP sends data unencrypted and "in the clear", CHAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the user's name, CHAP challenge, CHAP response, and any other information associated with the PPP session. The attacker can then mount an offline dictionary attack in order to obtain the original password. When used in PPP, CHAP also provides protection against replay attacks by the peer through the use of a challenge which is generated by the authenticator, which is typically a network access server. Where CHAP is used in other protocols, it may be sent in the clear, or it may be protected by a security layer such as Transport Layer Security (TLS). For example, when CHAP is sent over RADIUS using User Datagram Protocol (UDP), any attacker who can see the RADIUS packets can mount an offline dictionary attack, as with PPP. CHAP requires that both the client and server know the clear-text version of the password, although the password itself is never sent over the network. Thus when used in PPP, CHAP provides better security as compared to Password Authentication Protocol (PAP) which is

Answer Description

The administrator would adjust the power level controls, so the signal does not extend into the parking lot.

Answer Description

A packet sniffer will record network traffic onto a storage device for later review. This will allow you to save and analyze the employees network traffic.

Wikipedia

A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. A packet analyzer used for intercepting traffic on wireless networks is known as a wireless analyzer or WiFi analyzer. While a packet analyzer can also be referred to as a network analyzer or protocol analyzer these terms can also have other meanings. Protocol analyzer can technically be a broader, more general class that includes packet analyzers/sniffers. However, the terms are frequently used interchangeably.

Answer Description

Honeypot is a part of the infrastructure heavily monitored to attract hackers and learn about the exploits used on the network.

Wikipedia

In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site which contains information or resources of value to attackers. It is actually isolated, monitored, and capable of blocking or analyzing the attackers. This is similar to police sting operations, colloquially known as "baiting" a suspect.The main use for this network decoy is to distract potential attackers from more important information and machines on the real network, learn about the forms of attacks they can suffer, and examine such attacks during and after the exploitation of a honeypot. It provides a way to prevent and see vulnerabilities in a specific network system. A honeypot is a decoy used to protect a network from present or future attacks.

Answer Description

The agent is the software on the devices in need of monitoring on a network, that uses Simple Network Management Protocol (SNMP) to send a notification to the administrator.

Wikipedia

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB), which describes the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications. Three significant versions of SNMP have been developed and deployed. SNMPv1 is the original version of the protocol. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility and security. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

Answer Description

Blocking certain ports can restrict specific types of network traffic, for example blocking port 80 would restrict the HTTP protocol. It is important to know however that this only blocks the default HTTP port and another could be used to bypass this measure.

Answer Description

A firewall will allow you to filter a network or areas of a network based on ports as well as the data inside of each packet.

Wikipedia

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Answer Description

Worm is a self replicating malicious code. Trojan requires a trigger to execute, while spam is typically just a nuisance and spyware records your information.

Wikipedia

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these "payload-free" worms can cause major disruption by increasing network traffic and other unintended effects.

Answer Description

Thinnet has a maxiumum transmition of 10 Mbit/s, baseband signaling, and 200 meter max length cable segment. That is why it is known as 10BASE2.

Wikipedia

10BASE2 (also known as cheapernet, thin Ethernet, thinnet, and thinwire) is a variant of Ethernet that uses thin coaxial cable terminated with BNC connectors to build a local area network. During the mid to late 1980s this was the dominant 10 Mbit/s Ethernet standard. The use of twisted pair networks competed with 10BASE2's use of a single coaxial cable. In 1988, Ethernet over twisted pair was introduced, running at the same speed of 10 Mbit/s. In 1995, the Fast Ethernet standard upgraded the speed to 100 Mbit/s, and no such speed improvement was ever made for thinnet. By 2001, prices for Fast Ethernet cards had fallen to under $50. By 2003, Wi-Fi networking equipment was widely available and affordable. Due to the immense demand for high-speed networking, the low cost of Category 5 cable, and the popularity of 802.11 wireless networks, both 10BASE2 and 10BASE5 have become increasingly obsolete, though devices still exist in some locations. As of 2011, IEEE 802.3 has deprecated this standard for new installations.

Answer Description

Increasing antenna gain will increase the amount of energy projected in a certain direction (gain). This will increase the distance of travel, and therefor the overall cell size of the AP.

Wikipedia

In electromagnetics, an antenna's power gain or simply gain is a key performance number which combines the antenna's directivity and electrical efficiency. In a transmitting antenna, the gain describes how well the antenna converts input power into radio waves headed in a specified direction. In a receiving antenna, the gain describes how well the antenna converts radio waves arriving from a specified direction into electrical power. When no direction is specified, gain is understood to refer to the peak value of the gain, the gain in the direction of the antenna's main lobe. A plot of the gain as a function of direction is called the gain pattern or radiation pattern. Antenna gain is usually defined as the ratio of the power produced by the antenna from a far-field source on the antenna's beam axis to the power produced by a hypothetical lossless isotropic antenna, which is equally sensitive to signals from all directions. Usually this ratio is expressed in decibels, and these units are referred to as decibels-isotropic (dBi). An alternative definition compares the received power to the power received by a lossless half-wave dipole antenna, in which case the units are written as dBd. Since a lossless dipole antenna has a gain of 2.15 dBi, the relation between these units is G

Answer Description

Electric cabling can be effected by Electromagnetic Interference (EMO) when nearby other electric cables. Fiber-optic is not affected by EMI because it uses light to transmit data instead of electricity.

Wikipedia

An optical fiber, or optical fibre in Commonwealth English, is a flexible, transparent fiber made by drawing glass (silica) or plastic to a diameter slightly thicker than that of a human hair. Optical fibers are used most often as a means to transmit light between the two ends of the fiber and find wide usage in fiber-optic communications, where they permit transmission over longer distances and at higher bandwidths (data transfer rates) than electrical cables. Fibers are used instead of metal wires because signals travel along them with less loss; in addition, fibers are immune to electromagnetic interference, a problem from which metal wires suffer. Fibers are also used for illumination and imaging, and are often wrapped in bundles so they may be used to carry light into, or images out of confined spaces, as in the case of a fiberscope. Specially designed fibers are also used for a variety of other applications, some of them being fiber optic sensors and fiber lasers.Optical fibers typically include a core surrounded by a transparent cladding material with a lower index of refraction. Light is kept in the core by the phenomenon of total internal reflection which causes the fiber to act as a waveguide. Fibers that support many propagation paths or transverse modes are called multi-mode fibers, while those that support a single mode are called single-mode fibers (SMF). Multi-mode fibers generally have a wider core diameter and are used for short-distance communication links and for applications where high power must be

Answer Description

Windows remote desktop uses RDP (Remote Desktop Protocol) which uses port 3389 as it's default port.

Wikipedia

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile but the support has ended), Linux (for example Remmina), Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists (for example xrdp). By default, the server listens on TCP port 3389 and UDP port 3389.Microsoft currently refers to their official RDP client software as Remote Desktop Connection, formerly "Terminal Services Client". The protocol is an extension of the ITU-T T.128 application sharing protocol. Microsoft makes some specifications public on their website.

Answer Description

TACACS+ is an open standard protocol developed by Cisco that is used to authenticate users across a network.

Wikipedia

Terminal Access Controller Access-Control System (TACACS, ) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks including but not limited to the ARPANET, MILNET and BBNNET. It spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol. TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network. TACACS Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ has largely replaced its predecessors.

Answer Description

E1 lines carry signals over 32 channels at 64kbps. (64kb x 32 = 2048kb = 2mb)

Wikipedia

The E-carrier is a member of the series of carrier systems developed for digital transmission of many simultaneous telephone calls by time-division multiplexing. The European Conference of Postal and Telecommunications Administrations (CEPT) originally standardised the E-carrier system, which revised and improved the earlier American T-carrier technology, and this has now been adopted by the International Telecommunication Union Telecommunication Standardization Sector (ITU-T). It was widely used in almost all countries outside the US, Canada, and Japan. E-carrier deployments have steadily been replaced by Ethernet as telecommunication networks transition towards all IP.

Answer Description

The interface in this situation is a WAN interface. The only option here that is a WAN interface is Serial 0/0/0. Fast Ethernet is a similar option, but is typically used for LAN communications.

Answer Description

WPA2 (WiFi Protected Access v2) supports the use of AES (Advanced Encryption Standard) for encryption.

Wikipedia

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).WPA (sometimes referred to as the TKIP standard) became available in 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2, which became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard. In January 2018, the Wi-Fi Alliance announced the release of WPA3, which has several security improvements over WPA2.As of 2023, most computers that connect to a wireless network have support for using WPA, WPA2, or WPA3.

Answer Description

802.11a uses the 5 GHz frequency range, and is a good alternative when the 2.4 GHz range is unusable.

Wikipedia

IEEE 802.11a-1999 or 802.11a was an amendment to the IEEE 802.11 wireless local network specifications that defined requirements for an orthogonal frequency-division multiplexing (OFDM) communication system. It was originally designed to support wireless communication in the unlicensed national information infrastructure (U-NII) bands (in the 5–6 GHz frequency range) as regulated in the United States by the Code of Federal Regulations, Title 47, Section 15.407. Originally described as clause 17 of the 1999 specification, it is now defined in clause 18 of the 2012 specification and provides protocols that allow transmission and reception of data at rates of 1.5 to 54Mbit/s. It has seen widespread worldwide implementation, particularly within the corporate workspace. While the original amendment is no longer valid, the term "802.11a" is still used by wireless access point (cards and routers) manufacturers to describe interoperability of their systems at 5.8 GHz, 54 Mbit/s (54 x 106 bits per second). 802.11 is a set of IEEE standards that govern wireless networking transmission methods. They are commonly used today in their 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac and 802.11ax versions to provide wireless connectivity in the home, office and some commercial establishments.

Answer Description

Network Address Translation (NAT) hides the internal IP, but also is used to conserve IPv4 addresses, by using one IP address for the entire private network.

Wikipedia

Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. The technique was originally used to bypass the need to assign a new address to every host when a network was moved, or when the upstream Internet service provider was replaced, but could not route the network's address space. It has become a popular and essential tool in conserving global address space in the face of IPv4 address exhaustion. One Internet-routable IP address of a NAT gateway can be used for an entire private network.As network address translation modifies the IP address information in packets, NAT implementations may vary in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior are not commonly documented by vendors of equipment containing NAT implementations.

Answer Description

When using the Dynamic Host Configuration Protocol (DHCP) a client network device is given a lease on an IP address for a certain amount of time. The lease time is set by the DHCP server.

Wikipedia

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.The technology eliminates the need for individually configuring network devices manually, and consists of two network components, a centrally installed network DHCP server and client instances of the protocol stack on each computer or device. When connected to the network, and periodically thereafter, a client requests a set of parameters from the server using DHCP. DHCP can be implemented on networks ranging in size from residential networks to large campus networks and regional ISP networks. Many routers and residential gateways have DHCP server capability. Most residential network routers receive a unique IP address within the ISP network. Within a local network, a DHCP server assigns a local IP address to each device. DHCP services exist for networks running Internet Protocol version 4 (IPv4), as well as version 6 (IPv6). The IPv6 version of the DHCP protocol is commonly called DHCPv6.