Answer Description

STP (Shielded Twisted Pair) is a type of Ethernet that has an EMI resistant jacket. Because there are a large amount servers, STP is necessary. UTP should be avoided in data centers because they are susceptible to crosstalk. Fiber is incorrect because the question specifies we need a cost effective solutions. Typically, fiber will be used on trunk and backbone connections.

Wikipedia

Twisted pair cabling is a type of wiring used for communications in which two conductors of a single circuit are twisted together for the purposes of improving electromagnetic compatibility. Compared to a single conductor or an untwisted balanced pair, a twisted pair reduces electromagnetic radiation from the pair and crosstalk between neighbouring pairs and improves rejection of external electromagnetic interference. It was invented by Alexander Graham Bell.For additional noise immunity, twisted-pair cabling may be shielded. Cable with shielding is known as shielded twisted pair (STP) and without as unshielded twisted pair (UTP).

Answer Description

RIP (Routing Information Protocol) and OSPF (Open Shortest Path First) are two examples of routing protocols. Routing protocols exchange network routes between routers to form a network map or diagram.

Wikipedia

A routing protocol specifies how routers communicate with each other to distribute information that enables them to select routes between nodes on a computer network. Routers perform the traffic directing functions on the Internet; data packets are forwarded through the networks of the internet from router to router until they reach their destination computer. Routing algorithms determine the specific choice of route. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. The ability of routing protocols to dynamically adjust to changing conditions such as disabled connections and components and route data around obstructions is what gives the Internet its fault tolerance and high availability. The specific characteristics of routing protocols include the manner in which they avoid routing loops, the manner in which they select preferred routes, using information about hop costs, the time they require to reach routing convergence, their scalability, and other factors such as relay multiplexing and cloud access framework parameters. Certain additional characteristics such as multilayer interfacing may also be employed as a means of distributing uncompromised networking gateways to authorized ports. This has the added benefit of preventing issues with routing protocol loops.Many routing protocols are defined in technical standards documents called RFCs.

Answer Description

A Protocol Analyzer, also known as a Packet Sniffer, will record a packet and save it to your computer so you can analyze network traffic at a later time.

Wikipedia

A protocol analyzer is a tool (hardware or software) used to capture and analyze signals and data traffic over a communication channel. Such a channel varies from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol (networked or point-to-point). Each type of communication protocol has a different tool to collect and analyze signals and data. Specific types of protocol analyzers include: A telecom network protocol analyzer A network packet analyzer A bus analyzer An IP load tester

Answer Description

An Evil Twin is a wireless access point that is designed to mimic another Access Point's (AP) configuration in order to trick users into connecting to the incorrect network.

Wikipedia

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam. This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.

Answer Description

URL Filtering will allow you to block or allow a certain domain name.

Wikipedia

A Uniform Resource Locator (URL), colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably URLs occur most commonly to reference web pages (http) but are also used for file transfer (ftp), email (mailto), database access (JDBC), and many other applications Most web browsers display the URL of a web page above the page in an address bar A typical URL could have the form http://www

Answer Description

System port 22 is assigned for Secure shell (SSH). SFTP is an extension of SSH and runs over the same port 22.

Wikipedia

In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers. A port number is always associated with a network address of a host, such as an IP address, and the type of transport protocol used for communication. It completes the destination or origination address of a message. Specific port numbers are reserved to identify specific services so that an arriving packet can be easily forwarded to a running application. For this purpose, port numbers lower than 1024 identify the historically most commonly used services and are called the well-known port numbers. Higher-numbered ports are available for general use by applications and are known as ephemeral ports. Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. In the client–server model of application architecture, multiple simultaneous communication sessions may be initiated for the same service.

Answer Description

HIDS (Host Intrusion Detection System) will detect an attack, but will not prevent or stop it. They will keep record of the attack, and can be set to notify an administrator that an attack has happened.

Wikipedia

An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach. The most well-known variants are signature-based detection (recognizing bad patterns, such as malware) and anomaly-based detection (detecting deviations from a model of "good" traffic, which often relies on machine learning). Another common variant is reputation-based detection (recognizing the potential threat according to the reputation scores). Some IDS products have the ability to respond to detected intrusions. Systems with response capabilities are typically referred to as an intrusion prevention system. Intrusion detection systems can also serve specific purposes by augmenting them with custom tools, such as using a honeypot to attract and characterize malicious traffic.

Answer Description

A .exe file means that file is an executable file. The others are text/photo files which are less likely to be dangerous.

Wikipedia

.exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows, OS/2, and DOS.

Answer Description

Tracert (traceroute) is a diagnostic tool that will display the route and measure transmit times between network devices.

Wikipedia

In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all (usually three) sent packets are lost more than twice; then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point. For Internet Protocol Version 6 (IPv6) the tool sometimes has the name traceroute6 and tracert6.

Answer Description

Dynamic ARP Inspection (DAI) inspects the packets and validates them before forwarding them. This is used to prevent many Address Resolution Protocol (ARP) attacks.

Answer Description

The ipconfig command within the command-line interface will show all current TCP/IP configuration information for the device it is ran on. Microsoft Windows is one of the operating systems that support that command.

Wikipedia

ipconfig (standing for "Internet Protocol configuration") is a console application program of some computer operating systems that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.

Answer Description

Link Aggregation Control Protocol (LACP) will combine multiple physical ports into one logical one. This is used to provide redundancy and minimize downtime.

Wikipedia

In computer networking, link aggregation is the combining (aggregating) of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports. Other umbrella terms used to describe the concept include trunking, bundling, bonding, channeling or teaming. Implementation may follow vendor-independent standards such as Link Aggregation Control Protocol (LACP) for Ethernet, defined in IEEE 802.1AX or the previous IEEE 802.3ad, but also proprietary protocols.

Answer Description

The Windows ping command uses ICMP (Internet Control Message Protocol) echo request to reach a target IP, then the host will reply with an ICMP Reply.

Wikipedia

ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software. Ping measures the round-trip time for messages sent from the originating host to a destination computer that are echoed back to the source. The name comes from active sonar terminology that sends a pulse of sound and listens for the echo to detect objects under water.Ping operates by means of Internet Control Message Protocol (ICMP) packets. Pinging involves sending an ICMP echo request to the target host and waiting for an ICMP echo reply. The program reports errors, packet loss, and a statistical summary of the results, typically including the minimum, maximum, the mean round-trip times, and standard deviation of the mean. The command-line options of the ping utility and its output vary between the numerous implementations. Options may include the size of the payload, count of tests, limits for the number of network hops (TTL) that probes traverse, interval between the requests and time to wait for a response. Many systems provide a companion utility ping6, for testing on Internet Protocol version 6 (IPv6) networks, which implement ICMPv6.

Answer Description

Windows remote desktop uses RDP (Remote Desktop Protocol) which uses port 3389 as it's default port.

Wikipedia

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft Corporation which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software. Clients exist for most versions of Microsoft Windows (including Windows Mobile but the support has ended), Linux (for example Remmina), Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists (for example xrdp). By default, the server listens on TCP port 3389 and UDP port 3389.Microsoft currently refers to their official RDP client software as Remote Desktop Connection, formerly "Terminal Services Client". The protocol is an extension of the ITU-T T.128 application sharing protocol. Microsoft makes some specifications public on their website.

Answer Description

A Media Access Control (MAC) is a globally unique id assigned to a network device. It is physically 'engraved' into the network device by the manufacturer and is often called the hardware or physical address. It consists of 6 bytes which is 48 bits (6 * 8 = 48).

Wikipedia

A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sublayer of the data link layer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator. MAC addresses are primarily assigned by device manufacturers, and are therefore often referred to as the burned-in address, or as an Ethernet hardware address, hardware address, or physical address. Each address can be stored in hardware, such as the card's read-only memory, or by a firmware mechanism. Many network interfaces, however, support changing their MAC address. The address typically includes a manufacturer's organizationally unique identifier (OUI). MAC addresses are formed according to the principles of two numbering spaces based on extended unique identifiers (EUIs) managed by the Institute of Electrical and Electronics Engineers (IEEE): EUI-48—which replaces the obsolete term MAC-48—and EUI-64. Network nodes with multiple network interfaces, such as routers and multilayer switches, must have a unique MAC address for each NIC in the same network. However, two NICs connected to two different networks can share the same MAC address.

Answer Description

In a bus topology, all the workstations connect to one backbone. If the backbone fails, the entire network will go down.

Wikipedia

A bus network is a network topology in which nodes are directly connected to a common half-duplex link called a bus.A host on a bus network is called a station. In a bus network, every station will receive all network traffic, and the traffic generated by each station has equal transmission priority. A bus network forms a single network segment and collision domain. In order for nodes to share the bus, they use a medium access control technology such as carrier-sense multiple access (CSMA) or a bus master.

Answer Description

When determining the default subnet mask of an IP you need to identify which class (A, B, C, etc.) the IP falls under. The first octet of the IP is 172 which falls in the class B range of 128 – 191. The corresponding default subnet for this range is 255.255.0.0. A network architect is not required to use the default and could design the network to use any subnet mask, but the question specifically asks for the default mask.

Wikipedia

Classless Inter-Domain Routing (CIDR ) is a method for allocating IP addresses and for IP routing The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous classful network addressing architecture on the Internet Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addressesIP addresses are described as consisting of two groups of bits in the address: the most significant bits are the network prefix, which identifies a whole network or subnet, and the least significant set forms the host identifier, which specifies a particular interface of a host on that network

Answer Description

TFTP (Trivial-File Transfer Protocol) uses default port 69. Do not confuse this with FTP, which uses 20 and 21.

Wikipedia

Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement. TFTP was first standardized in 1981 and the current specification for the protocol can be found in RFC 1350.

Answer Description

Plenum cable is jacketed in a fire-retardant plastic jacket.

Wikipedia

Plenum cable is electrical cable that is laid in the plenum spaces of buildings. In the United States, plastics used in the construction of plenum cable are regulated under the National Fire Protection Association standard NFPA 90A: Standard for the Installation of Air Conditioning and Ventilating Systems. All materials intended for use on wire and cables to be placed in plenum spaces are designed to meet rigorous fire safety test standards in accordance with NFPA 262 and outlined in NFPA 90A. Plenum cable is required because, if nonplenum cable catches fire, it can release toxic fumes. If those fumes are released in a plenum space, they can spread throughout the building through the air circulation system.Plenum cable is jacketed with a fire-retardant plastic jacket of either a low-smoke polyvinyl chloride (PVC) or a fluorinated ethylene polymer (FEP). Polyolefin formulations, specifically based on polyethylene compounding had been developed by at least two companies in the early to mid-1990s; however, these were never commercialized, and development efforts continue in these yet-untapped product potentials. Development efforts on a non-halogen plenum compound were announced in 2007 citing new flame-retardant synergist packages that may provide an answer for a yet-underdeveloped plenum cable market outside the United States. In 2006, significant concern developed over the potential toxicity of FEP and related fluorochemicals including the process aid perfluorooctanoic acid (PFOA) or C8 such that California has proposed some of these materials as potential human carcinogens. The NFPA Technical Committee on Air Conditioning, in response to

Answer Description

In IPv6, link local addresses belong to the FE80::/10 address block. Link local is the IPv6 equivalent of IPv4's private addressing.

Wikipedia

In computer networking, a link-local address is a unicast network address that is valid only for communications within the subnetwork that the host is connected to. Link-local addresses are most often assigned automatically with a process known as stateless address autoconfiguration or link-local address autoconfiguration, also known as automatic private IP addressing (APIPA) or auto-IP. Link-local addresses are not guaranteed to be unique beyond their network segment. Therefore, routers do not forward packets with link-local source or destination addresses. IPv4 link-local addresses are assigned from address block 169.254.0.0/16 (169.254.0.0 through 169.254.255.255). In IPv6, they are assigned from the block fe80::/10.: 2.4