A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches?
A. Spanning tree B. Flood guards C. Access control lists D. Syn flood
Explanation: Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches. Imagine two switches named switch 1 and switch 2 with two network cables connecting the switches. This would cause a network loop. A network loop between two switches can cause a ‘broadcast storm’ where a broadcast packet is sent out of all ports on switch 1 which includes two links to switch 2. The broadcast packet is then sent out of all ports on switch 2 which includes links back to switch 1. The broadcast packet will be sent out of all ports on switch 1 again which includes two links to switch 2 and so on thus flooding the network with broadcast traffic. The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging in redundant networks. The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge. This is done by determining where there are loops in the network and blocking links that are redundant. Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order to find redundant links, STA will choose a reference point called a Root Bridge, and then determines all the available paths to that reference point. If it finds a redundant path, it chooses for the best path to forward and for all other redundant paths to block. This effectively severs the redundant links within the network. All switches participating in STP gather information on other switches in the network through an exchange of data messages. These messages are referred to as Bridge Protocol Data Units (BPDUs). The exchange of BPDUs in a switched environment will result in the election of a root switch for the stable spanning-tree network topology, election of designated switch for every switched segment, and the removal of loops in the switched network by placing redundant switch ports in a backup state.
Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?
A. Trust Model B. Recovery Agent C. Public Key D. Private Key
Explanation: In a bridge trust model allows lower level domains to access resources in a separate PKI through the root CA. A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate. In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs can communicate with one another, allowing cross certification. This arrangement allows a certification process to be established between organizations or departments. Each intermediate CA trusts only the CAs above and below it, but the CA structure can be expanded without creating additional layers of CAs.
A company that was previously running on a wired network is performing office-wide upgrades. A department with older desktop PC’s that do not have wireless capabilities must be migrated to the new network, ensuring that all computers are operating on a single network. Assuming CAT5e cables are available, which of the following network devices should a network technician use to connect all the devices to the wireless network?
A. Wireless bridge B. VPN concentrator C. Default WAP D. Wireless router
A network technician is assisting the security team with some traffic captures. The security team wants to capture all traffic on a single subnet between the router and the core switch. To do so, the team must ensure there is only a single collision and broadcast domain between the router and the switch from which they will collect traffic. Which of the following should the technician install to BEST meet the goal?
A. Bridge B. Crossover cable C. Hub D. Media converter
A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation?
A. Port mirroring B. Spanning tree C. ARP inspection D. VLAN
Correct Answer: B
Explanation: The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.
A technician needs to limit the amount of broadcast traffic on a network and allow different segments to communicate with each other. Which of the following options would satisfy these requirements?
A. Add a router and enable OSPF. B. Add a layer 3 switch and create a VLAN. C. Add a bridge between two switches. D. Add a firewall and implement proper ACL.
Correct Answer: B
Explanation: We can limit the amount of broadcast traffic on a switched network by dividing the computers into logical network segments called VLANs. A virtual local area network (VLAN) is a logical group of computers that appear to be on the same LAN even if they are on separate IP subnets. These logical subnets are configured in the network switches. Each VLAN is a broadcast domain meaning that only computers within the same VLAN will receive broadcast traffic. To allow different segments (VLAN) to communicate with each other, a router is required to establish a connection between the systems. We can use a network router to route between the VLANs or we can use a ‘Layer 3’ switch. Unlike layer 2 switches that can only read the contents of the data-link layer protocol header in the packets they process, layer 3 switches can read the (IP) addresses in the network layer protocol header as well.
An administrator has a physical server with a single NIC. The server needs to deploy two virtual machines. Each virtual machine needs two NIC’s, one that connects to the network, and a second that is a server to server heartbeat connection between the two virtual machines. After deploying the virtual machines, which of the following should the administrator do to meet these requirements?
A. The administrator should create a virtual switch for each guest. The switches should be configured for inter-switch links and the primary NIC should have a NAT to the corporate network B. The administrator should create a virtual switch that is bridged to the corporate network and a second virtual switch that carries intra-VM communication only C. The administrator should create a virtual switch to bridge all of the connections to the network. The virtual heartbeat NICs should be set to addresses in an unused range D. The administrator should install a second physical NIC onto the host, and then connect each guest machine’s NICs to a dedicated physical NIC
A company would like to connect multiple departments into one network operations center (NOC), yet provide each department with autonomy from one another and enable them to share their high speed Internet connection. Which of the following devices would BEST enable the NOC to accomplish this?