site_logo

previous next


  1. A+ Core 1 Practice Tests
  2. A+ Core 2 Practice Tests
  3. Network+ Practice Tests
  4. Security+ Practice Tests

Distinguishing & Differentiating Network Design Elements & Compounds, Using Common Protocols

1.3 Distinguish and differentiate network design elements and compounds

DMZ (DeMilitalized Zone) : It is a place separate from the LAN where servers reside that can be reached by users on the Internet. If a company intends to host its own servers to be accessed from public Internet, a DMZ is most preferred solution. The network segment within the DMZ is secured by two firewalls, one interfacing with the public Internet, and the other interfacing the internal corporate network. Thus, a DMZ provides additional layer of security to internal corporate network. The type of servers that are hosted on DMZ may include web servers, email servers, file servers, DNS servers, etc.

Subnetting : IP addresses can be manipulated to logically create sub networks .Each of this sub network is a distinct portion of a single network. Some advantages are efficient use of IP address space, reducing collision and traffic and increasing security.

VLAN : Just like subnetting VLAN is used to logically segment a network or part of a network. Some advantages are better organization of network, reducing collision, increase in performance and security. This does not require any change in physical location of the workstations. Users from different corner of the network like different floors in a building or even different buildings can belong to same VLAN as it is just logical segmentation.

NAT (Network Address Translation) : It is primarily used to hide internal network from external network, such as the Internet. A NAT basically translates the internal IP addresses to external IP addresses and vice-versa. This functionality assures that external users do not see the internal IP addresses, and hence the hosts.

Telephony : It is the collection of methods by which telephone sevices are provided to an organization or the mechanism by which organization uses telephone services for either voice and/or data communications. Traditionally it included POTS or PSTN services with modems but new it has expanded to PBX, VoIP and VPN.

NAC (Network Access Control) : NAC provides network security by setting the rules by which connections to a network are governed. Computers attempting to connect to a network are denied access unless they comply with rules including levels of antivirus protection, system updates, and so on...effectively weeding out those who would perpetuate malicious attacks. The client computer continues to be denied until it has been properly updated, which in some cases can be taken care of by the NAC solution automatically. This often requires some kind of preinstalled software (an agent) on the client computer, or the computer is scanned by the NAC solution remotely.

Virtulization : A workstation can have multiple operating systems installed on it but can run only one OS at a time but by running virtualization software same workstation can run Windows server along with windows 7 and Linux or any other operating system at the same time. This will allow a developer to test a code on various environments at the same time and he can also move code from one operating system to another with basic copy paste. Each virtual desktop will typically need full network access. Configuring permissions for each virtual desktop can be tricky for administrator. Remote administration often uses virtual desktop to work on a workstation without knowledge of user sitting on the workstation.

Cloud Computing : It is used to offer on-demand services it increase capabilities of a person's computer or an organization's network. Some cloud computing services are free like email services and some are paid services like data storage. Cloud computing services are generally broken down into three categories of services:

  • Software as a Service (SaaS): when users access applications over the Internet that are provided by a third party it is SaaS. There is no need to install the application on the local computer mostly these services run with in web-browser. Example: webmail.

  • Infrastructure as a Service (IaaS): A service that offers computer networking, storage, load balancing, routing, and VM hosting. More and more organizations are seeing the benefits of offloading some of their networking infrastructure to the cloud.

  • Platform as a Service (PaaS): This service provide software solutions to organizations like apllication development in a virtual environment without the cost or administration of a physical platform. Its main use is for easy-to-configure operating systems and on-demand computing.

1.4 Implement and use common protocols

IPSec (Internet Protocol Security) : It authenticates and encrypts IP packets, effectively securing communications between the computers and devices that are used in VPN. IPsec operates at the Network Layer of the OSI model. It differs from SSH, SSL, and TLS in that it is the only protocol that does not operate within the upper layers of the OSI model. It can negotiate cryptographic keys and establish mutual. The two primary security services that are provided by IPSec are:

  • Authentication Header (AH) : AH provides the authentication of the sender

  • Encapsulating Security Payload : ESP provides encryption of the payload.

SNMP (Simple Network Management Protocol) : It enables monitoring of remote systems. There are three main parts of SNMP a manager, an agent, and a database of management information. The manager provides the interface between the human network manager and the management system. The agent provides the interface between the manager and the physical device(s) being managed. The manager and agent use a Management Information Base (MIB) and a set of commands to exchange information.

SSH (Secure Shell) : It is a protocol that can create a secure channel between two computers or network devices, enabling one computer or device to remotely control the other. It is commonly used on Linux and Unix systems, and nowadays also has widespread use on Windows clients. It uses public key cryptography to authenticate remote computers. One computer (the one to be controlled) runs the SSH daemon, while the other computer runs the SSH client and makes secure connections to the first computer (which is known as a server), as long as a certificate can be obtained and validated.

DNS(Domain Name System) : Resolves IP addresses to host names.

SSL (Secure Socket Layer) / TLS (Transport Layer Security) : These are cryptographic protocols that provide secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP. These protocols rely on a PKI for the obtaining and validating of certificates. These are called Application Layer Protocol. Two types of keys are required when any two computers attempt to communicate with the SSL or TLS protocols: A public key and a session key. Asymmetric encryption is used to encrypt and share session keys, and symmetric encryption is used to encrypt the session data.

TCP/IP (Transmission Control Protocol/Internet Protocol) : It is suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also supportTCP/IP.

FTPS (FTP Secure) : FTPS uses SSL or TLS to make secure connections. FTPS can work in two modes: explicit and implicit. In explicit mode the FTPS client must explicitly request security from an FTPS server and then mutually agree on the type of encryption to be used. In implicit mode, there is no negotiation, and the client is expected to already know the type of encryption used by the server. In general, implicit mode is considered to be more secure than explicit mode.

SFTP (Secure FTP) : SFTP is the SSH File Transfer Protocol. It is an extension of the SSH protocol, which uses port 22. Contrast this with FTPS, which is FTP Secure or FTP-SSL, which uses port 443.

SCP (Secure Copy) : It is a way of transferring files securely between two hosts it utilizes SSH. It runs on port 22 by default.

ICMP (Internet Control Message Protocol) : The Internet Control Message Protocol (ICMP) protocol is classic example of a client server application. The ICMP server executes on all IP end system computers and all IP intermediate systems (i.e routers). The protocol is used to report problems with delivery of IP datagrams within an IP network. It can be sued to show when a particular End System (ES) is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The protocol is also frequently used by Internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the specified destination address.

IPv4 Vs Ipv6

IPv4 IPv6
addresses are 32-bit in length addresses are 128-bit in length
IP addresses are numeric
only		 uses a long string of numbers and letters in the IP address
Address is a 32-bit number made up of four octets (8-bit numbers) in decimal notation, separated by periods. A bit can either be a 1 or a 0 (2 possibilities), so the decimal notation of an octet would have 28 distinct possibilities IPv6 addresses are broken down into eight 16-bit sections, separated by colons. Because each section is 16 bits, it can have 216 variations (65,536 distinct possibilities)
Example: 1.160.10.240 Example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

1.5 Identify commonly used default network ports

Protocol IP protocol Port Used
FTP (File Transfer Protocol) TCP 21
SFTP (Secure FTP) SCTP,TCP 22
FTPS (FTP Secure) FTP 443
TFTP (Trivial FTP) UDP 69
Telnet TCP 23
https (Hyper Text Transfer Protocol) TCP 80
https (https Secure) TCP 443
SCP (Secure Copy) SCTP, TCP 22
SSH (Secure SHell) SCTP, TCP 22
SMTP (Simple Mail Transfer Protocol) TCP 25
DNS (Domain Name Service)) UDP 53
SNMP (Simple Network Management Protocol) TCP, UDP 161
SNMP Trap (Simple Network Management Protocol Trap ) TCP, UDP 162
ISAKMP (VPN) - Internet Security Association and Key Management Protocol (virtual private network) UDP 500
TACACS (Terminal Access Controller Access-Control System) TCP,UDP 49
POP3 ( Post Office Protocol version 3) TCP 110
NNTP (Network News Transfer Protocol) TCP 119
IMAP4 (Internet message access protocol version 4) TCP 143
Kerberos UDP 88
Kerberos UDP 88
Syslog TCP,UDP 514
L2TP (Layer 2 Tunneling Protocol) UDP 1701
PPTP (Point-to-Point Tunneling Protocol) TCP 1723
RDP (Remote Desktop Protocol) TCP, UDP 3389

NetBIOS (Network Basic Input/Output System) : NetBIOS, or Network Basic Input/Output System, allows for session-layer communication on the OSI model. NetBIOS is primarily concerned with two functions: naming and starting/stopping NetBIOS "sessions." Since NetBIOS is not actually a networking protocol (it's an API) it is not routable and therefore nodes are only visible to other nodes within the same subnet.

previous next



simulationexams.com ad


certexams.com ad

Disclaimer:TutorialsWeb.com is neither associated nor affiliated with CompTIA® or any other company. A+, Network+, Security+, Server+ are trademarks of CompTIA® organization and duly acknowledged. The Cram Notes material is a copyright of TutorialsWeb.com and the same is not approved or endorsed by respective certifying bodies.