CompTIA Network+ N10-006 Cert Guide (2015)
Appendix C. Exam Essentials
Chapter 1: Computer Network Fundamentals
A network’s purpose is to make connections. Examples would include file sharing, video chatting, e-mail, and Voice over IP (VoIP).
The basic components are a client, which is the device that’s requesting resources; a server, which is providing resources; the media, which could be physical or wireless; and the infrastructure, which could include switches and routers.
A local-area network (LAN) is a geographically close high-speed network. A wide-area network (WAN) provides network connectivity usually through a third-party service provider between two sites that are geographically remote from each other.
The most common physical topology today in a wired LAN is a physical star that uses a Layer 2 switch at the center of that physical star.
For WAN connectivity, common topologies include logical point-to-point and hub-and-spoke.
Chapter 2: The OSI Reference Model
The OSI reference model is not literally used today, but provides a great reference point regarding common protocols that are used, such as TCP/IP.
There are seven layers to the OSI reference model. Starting at the bottom, they are numbered one through seven.
The layers starting from the bottom are physical, data link, network, transport, session, presentation, application.
The physical layer relates to the physical topology as well as the transmission of bits on the network. An unmanaged network hub is an example of a repeater that makes forwarding decisions based on Layer 1 information. By simply repeating the bits, it sees out its other interfaces.
The data link layer is concerned with packaging data into frames and transmitting those frames on the network. On Ethernet, these frames would have Ethernet source and destination addresses included as part of the frame. Switches are used to make forwarding decisions based on Layer 2 information.
The network layer is concerned with logical addressing such as IP Version 4 or IP Version 6 addresses. Inside of the header at Layer 3, the packet will include source and destination IP addresses, which can be used for routing a packet over the network. Routers are used to make forwarding decisions based on Layer 3 information.
The transport layer, when using TCP, can provide connection-oriented and acknowledged communications over the network; if UDP is being used, there would be connectionless unacknowledged communications over the network. Several other protocols operate at Layer 4, but TCP and UDP are the two primary ones used in the IP protocol stack.
Layers five through seven are combined in the TCP/IP protocol stack that we use today, but in the OSI reference model, distinct functions are associated with each layer.
The session layer is responsible for setting up, maintaining, and tearing down sessions between devices on a network.
The presentation layer is responsible for the formatting of data, which may also include encryption.
The application layer is responsible for providing services. If a computer were running a program that wants to print to a network device, the network printing service would be an example of the services that are provided to the computer by the application layer.
In the TCP/IP protocol stack both for IPv4 and IPv6, there are well-known defined protocols and ports for common services such as HTTPS, HTTP, FTP, SSH, and many more.
Chapter 3: Network Components
The most common media today in LANs is unshielded twisted-pair (UTP).
UTP cabling is categorized based on the specification for that cabling. Examples include Category 5, Category 6, and Category 6a.
The most common termination on the end of a copper UTP Ethernet cable is an RJ-45 connection.
The uplinks between switches may be copper or fiber-optic cable.
Fiber-optic cable can be single mode or multimode.
The connectors for fiber cable include ST, SC, LC, MT-RJ, and more.
There are many forms of wireless available in data networks. For LANs, WiFi using frequencies in the 2.4 GHz and 5 GHz ranges is common. WiFi LANs use one or more access points as the radio transmitter and receiver. The access point is physically wired into a switch.
A Layer 2 switch builds a table of MAC addresses that the clients are using so that they can make forwarding decisions based on those MAC addresses.
Routers have either been statically configured or dynamically learned, using a routing protocol, how to forward in the direction of a given Layer 3 IP network.
A VPN concentrator is a device that allows remote users to build a VPN tunnel and connect to the VPN concentrator for access to the network.
A firewall refers to a device that has specific capacity and function to filter traffic between two different areas of a network, such as a private network and the public Internet. Current firewalls today have the ability to use stateful filtering, and many features are often integrated into a single device called a unified threat management (UTM) system. This may include virtual private networks (VPN), firewalls, intrusion-prevention systems (IPS), antimalware, data loss prevention, and other features all bundled into a single physical or logical device.
A Domain Name Service (DNS) server is a device that can resolve a name such as www.CBTNuggets.com to an IP address. DNS is one of the most often used protocols on the Internet today.
Dynamic Host Configuration Protocol (DHCP) servers provide IP address assignment dynamically to hosts on a network.
A proxy server acts on behalf of some other device. A local proxy server could be placed between clients and the Internet. A proxy server could also be used in front of a server or group of servers that want to load balance their resources when they receive client requests.
Content engines can cache previously retrieved information to make the subsequent access to the same data much quicker because it is now cached.
We can virtualize everything. Desktops, hosts, servers, firewalls, and even routers and switches can be virtualized. This means that the devices are not running on their own dedicated physical hardware but are running as some type of a virtual machine logically sharing the physical resources of a bigger system.
A Voice over IP (VoIP) solution can take analog voice, digitize it, forward it over a data network, and then convert it back to analog for the benefit of the recipient. Voice networks traditionally are going to use a separate VLAN so that special treatment and quality of service can be applied to that time-sensitive traffic.
Chapter 4: Ethernet Technology
Wired LANs today are going to be using full-duplex, with hosts connected to switch ports for high-speed Layer 2 switching.
By default, all the ports on a switch are on the same Layer 2 domain, often referred to as a broadcast domain.
A switch can be carved up into multiple Layer 2 broadcast domains and have individual ports on that switch assigned to respective broadcast domains. These broadcast domains are referred to as virtual local-area networks, or VLANs. For a host to reach devices outside of its local VLAN and local Layer 3 subnet, the services of a Layer 3 router are required.
A trunk is an interswitch connection that can carry multiple VLANs over the trunk. The association for frames with their correct VLAN while crossing the trunk is done by using 802.1Q tagging for each of the frames as it crosses the trunk.
Spanning Tree Protocol is used to identify when there are parallel paths within the same VLAN. It prevents those parallel paths from creating Layer 2 loops. Without spanning tree, if there are parallel Layer 2 paths, a single broadcast could loop the network endlessly.
The port states used by Spanning Tree Protocol include blocking, listening, learning, and forwarding.
Multiple links can be bonded together using a technique called link aggregation. Some vendors refer to this as EtherChannel. An open standard for negotiating in setting up a link aggregation is called Link Aggregation Control Protocol (LACP).
Port monitoring is sometimes referred to as port mirroring. It allows us to copy all the frames that are sent or received on a switch port over to another port where we can have a protocol analyzer such as Wireshark capture them. Then we can analyze them.
802.1X is a protocol that we can use to authenticate a user at the switch port before allowing any of the host’s data traffic to be sent to the network.
First-hop redundancy protocols such as Host Standby Router Protocol (HSRP), Common Address Redundancy Protocol (CARP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP) can be used to provide a fault tolerance for the host’s default gateway on a given subnet.
Chapter 5: IPv4 and IPv6 Addresses
IP Version 4 and IPv6 are both representations of binary numbers. An IPv4 address is 32 bits. An IPv6 address is 128 bits. The mask function is the same for both of these protocols. The mask represents how many of these bits in the IP address are being used to represent the network segment that is common to all the devices on that same network. The remaining host portion, or host ID, represents the individual host, such as a workstation on a specific network.
IPv4 uses classes of addresses, such as Class A, Class B, and Class C. The default mask is /8, /16, or /24, respectively, for these three classes. IPv6 does not use the concept of classes. The traditional mask that will normally see an IPv6 address is /64, which means that half of the address is used for the network and the other half represents the host on that network.
IPv4 uses broadcasts, and MAC address resolution IPv4 uses Address Resolution Protocol (ARP). IPv6 does not use broadcasts or ARP but instead uses multicast and the Neighbor Discovery Protocol (NDP) for resolution of MAC addresses on other IPv6 devices on the local network.
Routers are used to make forwarding decisions based on Layer 3 addresses such as IPv4 and IPv6.
The process of subnetting involves taking a network and carving it up into smaller logical networks. It is a common practice to associate a single subnetwork with a single VLAN.
Chapter 6: Routing IP Packets
Routers make forwarding decisions based on Layer 3 addresses.
Routers can build a routing table based on having a directly connected network, having a static route being configured on them, or using a routing protocol to learn routing information from other routers.
Routing protocols include interior gateway protocols such as Open Shortest Path First (OSPF) Protocol, Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), and Intermediate System-to-Intermediate System (IS-IS) Protocol. Border Gateway Protocol (BGP) is an external routing protocol that connects service providers on the Internet today.
Address translation, specifically Network Address Translation (NAT), can be used to hide one or more devices behind a router or firewall that is performing NAT. This enables us to extend the life of IPv4 because a single globally routable IP address can support thousands of private IP addresses being translated to a single IP address. To do this, a subset of NAT called Port Address Translation (PAT) is used.
Multicast is the forwarding of packets to a group address instead of a single host address. By using multicast, a single packet could reach many recipients who need to see that information.
Chapter 7: Wide-Area Networks
Wide-area connection types include circuit switched, leased lines, packet switched, and Multiprotocol Label Switching (MPLS)-provided services.
ATM, Frame Relay, and ISDN are examples of WAN connection options.
The public switched telephone network (PSTN) with plain old telephone service (POTS) can also be used for slow speed communications.
Digital subscriber line (DSL) and cable modems can provide high-speed connectivity to the Internet, which could then be used, in combination with a VPN for security, to build a WAN connection between two sites or hosts that are both connected to the Internet.
Wireless communications could also be used for WANs, or at least for connectivity to the service provider that is providing the WAN services. This could include satellite.
Point-to-Point Protocol (PPP) can be used over point-to-point connections, which have traditionally been serial but also now include Ethernet using PPPoE. PPP can use authentication mechanisms such as Challenge Handshake Authentication Protocol (CHAP).
Chapter 8: Wireless LANs
Wireless networks include a wireless access point, which has a radio for sending and receiving signals. Many home units will have the router and wireless access point and switch all integrated into a single device. In a corporate network, a wireless LAN controller would manage multiple access points, with each of those access points being physically wired into a Layer 2 switch.
The antennas can be omnidirectional or unidirectional or a combination of both for the access points.
The 2.4-GHz range and the 5-GHz range have been allocated as available space and are used commonly by LAN WiFi.
Common WiFi standards include 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac.
The basic service set or extended service set is the method used to identify wireless LANs.
Signal interference or signal degradation would need to be planned for, and a site survey before and after deploying wireless is typically performed.
Wireless security using WPA2/802.11i should be done to properly authenticate and secure the communications over the wireless network.
Chapter 9: Network Optimization
High availability is synonymous with fault tolerance and usually means having at least two devices that are able to perform a specific function. This is in preparation for one of the devices failing and having the remaining device be able to still provide the network services.
Fault-tolerance examples for a user’s default gateway include HSRP, CARP, VRRP, and GLBP. Fault tolerance should also be implemented for critical servers and systems.
Quality of service (QoS) can be implemented on our network switches and routers to provide preferential treatment to some types of traffic in the event of congestion on the network. Likely candidates for preferential treatment include voice and video that are sensitive to time delays.
Chapter 10: Command-Line Tools
Command-line interface (CLI) tools such as ARP can be used to look at the Layer 3-to-Layer 2 mapping on an Ethernet network for most Windows- and Linux-based devices.
Ipconfig and ifconfig can be used to look at the current Layer 3 address information on a local host on a Windows- or Linux-based operating system, respectively.
Nbtstat shows the NetBIOS information on a Windows computer.
Netstat shows IP-based connection information on a Windows or Linux computer.
Nslookup allows testing of DNS resolution for Windows- and Linux-based devices.
Ping verifies basic network connectivity between two points on the network.
The route command can allow the creation, deletion, or viewing of routes on a Windows or Linux host.
The tracert command is a Windows command that can show the routers in the path between the PC and a remote target.
The traceroute command is the Linux equivalent to Window’s tracert.
The man command is the command related to documentation built in to most Linux-based operating systems.
The dig and host commands are Linux-based commands that can verify DNS resolution.
Chapter 11: Network Management
Testing tools can be used to verify components of a computer network.
Tools include cable testers, cable certifiers, and connectivity software.
Electrostatic discharge wrist straps should be used whenever handling sensitive equipment. Crimpers can be used to terminate the end of a UTP cable that is connecting to an RJ-45 connector.
Multimeters can be used to check voltage current continuity and other electrical attributes.
Protocol analyzers can be used to dig into the details of the protocols that are being used on your network.
Reflectometers for copper and fiber can be used for cable verification and to indicate where a problem may exist in the cable.
A toner probe can help identify which (from a selection of many cables) is the endpoint that goes to the remote location where the toner is generating signal.
Configuration management and change control management should be formal policies that are communicated and understood by everyone involved.
Baselines for all critical systems including their configurations and the protocols normally expected across the networks should be established and used as a reference point.
Network documentation should be readily available and kept current.
Users should have security awareness training and should have all accepted and signed acceptable use policy (AUP) agreements.
Simple Network Management Protocol (SMNP) can be used for the monitoring of network devices.
Syslog can be configured on many network devices to send transactions of events to a centralized syslog server.
Chapter 12: Network Security
Confidentiality, data integrity, and availability are three critical aspects desired for most networks.
Confidentiality is provided by encryption services. Data integrity is often provided by hashing services. Availability is provided by lessening the effect or possibility of downtime due to attack in addition to having fault tolerance to prevent a single point of failure from stopping network services.
Virtual private networks (VPNs) that use IPsec provide authentication and confidentiality via encryption and data integrity via hashing.
Examples of physical controls include locks on doors and physical security guards.
Examples of administrative controls include separation of duties, accounting, and policies, including change control.
Examples of technical controls include access control lists (ACLs), authentication, VPNs, and other security-related implementations on a device such as a firewall or UTM system.
A risk assessment should be done to identify vulnerabilities, and then the appropriate countermeasures should be put in place to reduce the risk of those potential vulnerabilities causing loss.
Environmental and safety controls and procedures should be implemented.
User awareness training is one of the most significant countermeasures the company can implement.
Procedures for incident handling along with the responsibilities of those involved should be planned out, communicated, and tested.
Intrusion prevention systems and vulnerability scanners can be used to identify threats and potential vulnerabilities on the network.
Chapter 13: Network Troubleshooting
A structured troubleshooting methodology should be established and followed.
Using the OSI reference model as a guide, we might use a bottom-up approach, beginning with the physical layer.
Another approach is a top-down approach, where one application (such as HTTP) works across the network but another application (such as DNS) does not. The fact that HTTP works verifies that basic connectivity and routing between the client and the server is not the problem. In that case, it could be the application or service (DNS in this example) that is either blocked or not currently functioning on the remote side.
Wireless networking could be impacted due to interference or competition with the radio frequency that is currently in use.
Using the baseline for the normal configuration and the normal activity on the network is useful in comparing against the current configurations.
When a problem occurs in the network, you should identify the last time it worked and look for any changes that happened between the time it last worked and the current problem you are experiencing.
A good change control procedure will require documentation of rollback procedures that can be implemented when needed and that can assist in restoring a network to its previous functional state.
Command-line tools such as ping, tracert/traceroute, and nslookup can assist us in isolating a problem on the network.
Physical tools like multimeters, cable testers, and probes can help us isolate physical problems.