1. Explain what is attenuation?
The progressive weakening of a signal as it travels over a cable or other medium. The longer the distance a signal travels, the weaker the signal gets, until it becomes unreadable by the receiving system
2. Explain what are the advantages of OSI modal?
☛ Defines the process for connecting two layers, promoting interoperability between vendors.
☛ Separates a complex function into simpler components.
☛ Allows vendors to compartmentalize their design efforts to fit a modular design, which eases implementations and simplifies troubleshooting
3. Tell me what is the difference between a hub and a switch?
At first glance it may be difficult to judge the difference between a hub and a switch since both look roughly the same. They both have a large number of potential connections and are used for the same basic purpose- to create a network. However the biggest difference is not on the outside, but on the inside in the way that they handle connections. In the case of a hub, it broadcasts all data to every port. This can make for serious security and reliability concerns, as well as cause a number of collisions to occur on the network. Old style hubs and present-day wireless access points use this technique. Switches on the other hand create connections dynamically, so that usually only the requesting port can receive the information destined for it. An exception to this rule is that if the switch has its maintenance port turned on for an NIDS implementation, it may copy all data going across the switch to a particular port in order to scan it for problems. The easiest way to make sense of it all is by thinking about it in the case of old style phone connections. A hub would be a 'party line' where everybody is talking all at the same time. It is possible to transmit on such a system, but it can be very hectic and potentially release information to people that you don't want to have access to it. A switch on the other hand is like a phone operator- creating connections between ports on an as-needed basis.
The twin to TCP is UDP- User Datagram Protocol. Where TCP has a lot of additional under-the-hood features to make sure that everybody stays on the same page, UDP can broadcast 'into the dark'- not really caring if somebody on the other end is listening (and thus is often called a 'connectionless' protocol). As a result, the extra heavy lifting that TCP needs to do in order to create and maintain its connection isn't required so UDP oftentimes has a faster transmission speed than TCP. An easy way to picture the differences between these two protocols is like this: TCP is like a CB radio, the person transmitting is always waiting for confirmation from the person on the other end that they received the message. UDP on the other hand is like a standard television broadcast signal. The transmitter doesn't know or care about the person on the other end, all it does care about is that its signal is going out correctly. UDP is used primarily for 'small' bursts of information such as DNS requests where speed matters above nearly everything else. The above listing for TCP also contains counterparts for UDP, so it can be used as a reference for both.
Although you may never have heard of this program, but if you have ever dealt with Apple devices you've seen its effects. Bonjour is one of the programs that come bundled with nearly every piece of Apple software (most notably iTunes) that handles a lot of its automatic discovery techniques. Best described as a hybrid of IPX and DNS, Bonjour discovers broadcasting objects on the network by using mDNS (multicast DNS) with little to no configuration required. Many admins will deliberately disable this service in a corporate environment due to potential security issues, however in a home environment it can be left up to the user to decide if the risk is worth the convenience.
6. Explain what is a subnet mask?
A subnet mask tells the network how big it is. When an address is inside the mask, it will be handled internally as a part of the local network. When it is outside, it will be handled differently as it is not part of the local network. The proper use and calculation of a subnet mask can be a great benefit when designing a network as well as for gauging future growth.
An IDS is an Intrusion Detection System with two basic variations: Host Intrusion Detection Systems and Network Intrusion Detection Systems. An HIDS runs as a background utility in the same as an anti-virus program for instance, while a Network Intrusion Detection System sniffs packets as they go across the network looking for things that aren't quite ordinary. Both systems have two basic variants- signature based and anomaly based. Signature based is very much like an anti-virus system, looking for known values of known 'bad things' while anomaly looks more for network traffic that doesn't fit the usual pattern of the network. This requires a bit more time to get a good baseline, but in the long term can be better on the uptake for custom attacks.
8. Do you know what is telnet?
Also known as the program that can give your admin nightmares, telnet is a very small and versatile utility that allows for connections on nearly any port. Telnet would allow the admin to connect into remote devices and administer them via a command prompt. In many cases this has been replaced by SSH, as telnet transmits its data in cleartext (like ftp). Telnet can and does however get used in cases where the user is trying to see if a program is listening on a particular port, but they want to keep a low profile or if the connection type pre-dates standard network connectivity methods.
9. Explain what are Shadow Copies?
Shadow copies are a versioning system in place on Windows operating systems. This allows for users to go back to a previously available version of a file without the need for restoring the file from a standard backup- although the specific features of shadow copies vary from version to version of the OS. While it is not necessary to use a backup function in conjunction with Shadow Copies, it is recommended due to the additional stability and reliability it provides. Please note- Shadow Copies are not Delta Files. Delta files allow for easy comparison between versions of files, while Shadow Copies store entire previous versions of the files.
10. Do you know what is /etc/passwd?
/etc/passwd is the primary file in Unix/Linux operating system that stores information about user accounts and can be read by all users. /etc/shadow many times is used by the operating system instead due to security concerns and increased hashing capabilities. /etc/shadow more often than not is highly restricted to privileged users.
Voice over Internet Protocol (VoIP) is the technology to send your voice (analog data) over the internet (digital data) to an end user. It enables users to use the Internet as the transmission medium for voice calls at a very low cost.
The process of routing is done by the devices known as Routers. Routers are the network layer devices.
13. What is the difference between RIP and IGRP?
RIP depends on number of hops to determine the best route to the network while, IGRP considers many factors before decides the best route to take i.e. bandwidth, reliability, MTU and hops count.
14. Explain what is difference between Half-Duplex and Full-Duplex Communications?
In half-duplex communication data travels in only one direction at a time.
In full-duplex mode two systems that can communicate in both directions simultaneously are operating.
A set of standards that define all operations within a network. There are various protocols that operate at various levels of the OSI network model such as transport protocols include TCP.
16. Explain what is HTTP and what port does it use?
HTTP or HyperText Transfer Protocol, is the main protocol responsible for shiny content on the Web. Most webpages still use this protocol to transmit their basic website content and allows for the display and navigation of 'hypertext' or links. While HTTP can use a number of different carrier protocols to go from system to system, the primary protocol and port used is TCP port 80.
If you did any multiplayer PC gaming in the 90s and early 2000s, you likely knew of the IPX protocol as 'the one that actually works'. IPX or Internetwork Packet Exchange was an extremely lightweight protocol, which as a result for the limits of computers of the age was a very good thing. A competitor to TCP/IP, it functions very well in small networks and didn't require elements like DHCP and required little to no configuration, but does not scale well for applications like the Internet. As a result, it fell by the wayside and is now not a required protocol for most elements.
18. Tell me how does Tracert work and what protocol does it use?
Tracert or traceroute depending on the operating system allows you to see exactly what routers you touch as you move along the chain of connections to your final destination. If you end up with a problem where you can't connect or can't ping your final destination, a tracert can help in that regard as you can tell exactly where the chain of connections stop. With this information, you can contact the correct people- whether it be your own firewall, your ISP, your destination's ISP or somewhere in the middle. Tracert, like ping, uses the ICMP protocol but also has the ability to use the first step of the TCP three-way handshake to send out SYN requests for a response.
19. Tell me why would you add local users when on a domain machine?
Giving a user as few privileges as possible tends to cause some aggravation by the user, but by the same token it also removes a lot of easily preventable infection vectors. Still, sometimes users need to have local admin rights in order to troubleshoot issues- especially if they're on the road with a laptop. Therefore, creating a local admin account may sometimes be the most effective way to keep these privileges separate.
20. Explain what is the difference between a print server and a network attached printer?
A print server can refer to two different options- an actual server that shares out many different printers from a central administration point, or a small dedicated box that allows a legacy printer to connect to a network jack. A network attached printer on the other hand has a network card built into it, and thus has no need for the latter option. It can still benefit from the former however, as network attached printers are extremely useful in a corporate environment since they do not require the printer to be connected directly to a single user's system.
21. Explain why is it easier to maintain permissions via groups instead of individually?
As you can see from the demonstration up above, if you try to work out permissions for every single person in your organization individually you can give yourself a migraine pretty quickly. Therefore, trying to simplify permissions but keep them strong is critical to administering a large network. Groups allow users to be pooled by their need to know and need to access particular information. In this way, it allows the administrator to set the permissions once- for the group- then add users to that group. When modifications to permissions need to be made, its one change that affects all members of that group.
22. What basic set-up equipment is needed for VoIP?
For general VoIP set up we require the following things:
☛ Broadband connection
☛ VoIP phone
☛ Nexton soft-switches
☛ Router
☛ Audiocodec
☛ Astric server
23. Do you know what is the difference between communication and transmission?
Communication is a process of sending and receiving data by an externally connected data cable whereas transmission is a process of sending data from source to destination.
24. Explain what is difference between packet switch and circuit switch network?
To make a baseband network practical for many computers to share, the data transmitted by each system is broken up into separate units called packets. When your computer transmits data it might be broken up into many packets, and the computer transmits each packet separately. When all of the packets constituting a particular transmission reach their destination, the receiving computer reassembles them back into original data. This is the basis for a packet-switching network.
Circuit-switching means that the two systems wanting to communicate establish a circuit before they transmit any information. That circuit remains open throughout the life of the exchange, and is only broken when the two systems are finished communicating. Circuit switching is more common in environments like the public switched telephone network (PSTN), in which the connection between your telephone and that of the person you're calling remains open for the entire duration of the call.
25. Tell me what is FTP and what port does it use?
FTP or File Transfer Protocol, is one of the big legacy protocols that probably should be retired. FTP is primarily designed for large file transfers, with the capability of resuming downloads if they are interrupted. Access to an FTP server can be accomplished using two different techniques: Anonymous access and Standard Login. Both of these are basically the same, except Anonymous access does not require an active user login while a Standard Login does. Here's where the big problem with FTP lies however- the credentials of the user are transmitted in cleartext which means that anybody listening on the wire could sniff the credentials extremely easily. Two competing implementations of FTP that take care this issue are SFTP (FTP over SSH) and FTPS (FTP with SSL). FTP uses TCP ports 20 and 21.
