Transcription
Copyrighted MaterialOfficial CompTIA Study Guide forNetwork (Exam N10-007)
Copyrighted MaterialAcknowledgementsOfficial CompTIA Study Guide for Network (N10-007)PROJECT TEAMThomas Reilly, Vice President LearningKatie Hoenicke, Director of Product ManagementJames Chesterfield, Manager, Learning Content and DesignBecky Mann, Senior Manager, Product DevelopmentJames Pengelly, Courseware ManagerRob Winchester, Senior Manager, Technical OperationsDISCLAIMERWhile CompTIA, Inc. takes care to ensure the accuracy and quality of these materials, we cannot guarantee theiraccuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, theimplied warranties of merchantability or fitness for a particular purpose. The use of screenshots, photographs ofanother entity's products, or another entity's product name or service in this book is for editorial purposes only.No such use should be construed to imply sponsorship or endorsement of the book by nor any affiliation of suchentity with CompTIA. This courseware may contain links to sites on the Internet that are owned and operated bythird parties (the "External Sites"). CompTIA is not responsible for the availability of, or the content located on orthrough, any External Site. Please contact CompTIA if you have any concerns regarding such links or ExternalSites.TRADEMARK NOTICESCompTIA , Comp TIA Security and the CompTIA logo are registered trademarks of CompTIA, Inc., in theU.S. and other countries. All other product and service names used may be common law or registeredtrademarks of their respective proprietors.COPYRIGHT NOTICECopyright 2018 CompTIA, Inc. All rights reserved. Screenshots used for illustrative purposes are the propertyof the software proprietor. Except as permitted under the Copyright Act of 1976, no part of this publication maybe reproduced or distributed in any form or by any means, or stored in a database or retrieval system, withoutthe prior written permission CompTIA, 3500 Lacey Road, Suite 100, Downers Grove, IL 60515-5439.This book conveys no rights in the software or other products about which it was written; all use or licensing ofsuch software or other products is the responsibility of the user according to terms and conditions of the owner. Ifyou believe that this book, related materials, or any other CompTIA materials are being reproduced ortransmitted without permission, please call 1-866-835-8020 or www.help.comptia.org.
Copyrighted MaterialTable of ContentsTable of ContentsCourse IntroductioniTable of Contents. iiiAbout This Course . ixAbout CompTIA Certifications . xiiiModule 1 / Local Area NetworksModule 1 / Unit 1Topologies and the OSI Model13Key Features of Networks .4Network Topologies .6The OSI Model .11Physical Layer .14Data Link Layer .14Network Layer.17Transport Layer .18Upper Layers .19OSI Model Summary.21Module 1 / Unit 2Ethernet23Transmission Media .24Media Access Control .27Broadcast Domains.28Ethernet Frames .30Ethernet Deployment Standards .32MAC Addressing .35Address Resolution Protocol (ARP) .37Packet Sniffers.40Module 1 / Unit 3Hubs, Bridges, and Switches43Hubs and Bridges .44Switches .47Switch Interface Configuration .50Spanning Tree Protocol (STP) .52Power over Ethernet (PoE) .55Module 1 / Unit 4Infrastructure and Design59Network Infrastructure Implementations .60Planning an Enterprise Campus Network .61Network Hierarchy and Distributed Switching.64Software Defined Networking .66Planning a SOHO Network .67TCP/IP Protocol Suite .69Page iii
Copyrighted MaterialTable of ContentsModule 1 / Unit 5Policies and Best Practices74Procedures and Standards . 75Safety Procedures . 75Incident Response Policies . 78Security and Data Policies . 79Password Policy . 84Employee Policies . 85Module 1 / SummaryLocal Area NetworksModule 2 / IP AddressingModule 2 / Unit 1Internet Protocol919395IPv4 . 96IPv4 Address Structure . 98Subnet Masks . 100IP Routing Basics . 101ipconfig / ifconfig . 103ICMP and ping . 105Module 2 / Unit 2IPv4 Addressing110Broadcast, Multicast, and Unicast . 111Classful Addressing . 112Public versus Private Addressing . 113Subnetting and Classless Addressing . 115Planning an IPv4 Addressing Scheme . 117Public Internet Addressing . 119Variable Length Subnet Masks (VLSM) . 121Module 2 / Unit 3IPv6 Addressing126IPv6 Address Format . 127IPv6 Addressing Schemes . 130IPv6 Address Autoconfiguration . 134Migrating to IPv6. 135Module 2 / Unit 4DHCP and APIPA138IPv4 Address Autoconfiguration . 139Configuring DHCP . 142DHCPv6 . 145Module 2 / SummaryIP AddressingPage iv149
Copyrighted MaterialModule 3 / InternetworkingModule 3 / Unit 1Routing151Table of Contents153Routing Basics .154Routing Algorithms and Metrics .158Dynamic Routing Protocols .160Administrative Distance and Route Redistribution . 164IPv4 and IPv6 Internet Routing .165High Availability Routing .166Installing and Configuring Routers .167Routing Troubleshooting Tools .169Module 3 / Unit 2TCP and UDP177Transmission Control Protocol (TCP) .178User Datagram Protocol (UDP) .181TCP and UDP Ports .181Port Scanners .183Protocol Analyzers .188Module 3 / Unit 3Name Resolution and IPAM191Host Names and FQDNs .192Domain Name System .194Configuring DNS Servers .196Resource Records .198Name Resolution Tools .203IP Address Management (IPAM) .206Module 3 / Unit 4Monitoring and Scanning208Performance Monitoring .209Network Monitoring Utilities .210Logs and Event Management .213Simple Network Management Protocol .217Analyzing Performance Metrics.220Patch Management .222Vulnerability Scanning .224Module 3 / Unit 5Network Troubleshooting228Troubleshooting Procedures .229Identifying the Problem .230Establishing a Probable Cause .232Establishing a Plan of Action .235Troubleshooting Hardware Failure Issues .237Troubleshooting Addressing Issues .240Troubleshooting DHCP Issues .244Troubleshooting Name Resolution .245Troubleshooting Services.247Module 3 / SummaryInternetworking249Page v
Copyrighted MaterialTable of ContentsModule 4 / Applications and SecurityModule 4 / Unit 1Applications and Services251253TCP/IP Services . 254HTTP and Web Servers. 255SSL / TLS and HTTPS. 256Email (SMTP / POP / IMAP) . 260Voice Services (VoIP and VTC) . 262Real-time Services Protocols . 264Quality of Service . 267Traffic Shaping . 269Bottlenecks and Load Balancing . 270Multilayer Switches . 272Module 4 / Unit 2Virtualization, SAN, and Cloud Services275Virtualization Technologies . 276Network Storage Types . 280Fibre Channel and InfiniBand . 282iSCSI . 284Cloud Computing . 285Configuring Cloud Connectivity . 288Module 4 / Unit 3Network Security Design293Security Basics . 294Common Networking Attacks. 296Network Segmentation and DMZ . 300Virtual LANs (VLAN) . 303VLAN Trunks . 305Network Address Translation (NAT) . 309Device and Service Hardening . 313Honeypots and Penetration Tests . 316Module 4 / Unit 4Network Security Appliances319Basic Firewalls. 320Stateful Firewalls . 321Deploying a Firewall . 323Configuring a Firewall . 326Deploying a Proxy . 328Intrusion Detection Systems (IDS) . 331Denial of Service . 336Module 4 / Unit 5Authentication and Endpoint SecurityPage vi340Authentication and Access Controls . 341Social Engineering . 343Authentication Technologies . 346PKI and Digital Certificates . 351Local Authentication . 353RADIUS and TACACS . 355Directory Services . 356
Copyrighted MaterialEndpoint Security .359Network Access Control .360Module 4 / SummaryApplications and SecurityModule 5 / Operations and InfrastructureModule 5 / Unit 1Network Site ManagementTable of Contents365367371Network Cabling Solutions .372Distribution Frames .374Change and Configuration Management .376Network Documentation and Diagrams .378Labeling .381Physical Security Devices .382Business Continuity and Disaster Recovery .386Network Link Management .389Power Management .391Backup Management .394Module 5 / Unit 2Installing Cabled Networks397Twisted Pair Cable (UTP / STP / ScTP) .398Twisted Pair Connectors .401Wiring Tools and Techniques .403Cable Testing Tools .404Troubleshooting Wired Connectivity .407Other Copper Cable Types .409Fiber Optic Cable and Connectors .412Transceivers and Media Converters.416Module 5 / Unit 3Installing Wireless Networks419Wireless Standards (IEEE 802.11).420Wireless Network Topologies .423Wireless Site Design .424Troubleshooting Wireless Connectivity .428Wireless Security .433Wi-Fi Authentication .435Extensible Authentication Protocol .437Troubleshooting Wireless Security .440Wireless Controllers .442Module 5 / Unit 4Installing WAN Links445Wide Area Networks (WAN) .446Telecommunications Networks .448Modern Telecommunications Networks .451Local Loop Services.453Installing WAN Links .458Wireless WAN Services .462Internet of Things .464Page vii
Copyrighted MaterialTable of ContentsModule 5 / Unit 5Configuring Remote Access468Remote Access Services (RAS) . 469MPLS and PPP. 472SIP Trunks. 474Virtual Private Networks (VPN) . 475SSL / TLS / DTLS VPNs . 477IPsec . 478Internet Key Exchange / ISAKMP . 482Remote Access Servers . 483Remote Administration Tools . 485Managing Network Appliances . 489Remote File Access . 491Module 5 / SummaryOperations and InfrastructurePage viii495Taking the Exam497Answers for Review Questions508Glossary527Index547
Copyrighted MaterialAbout This CourseAbout This CourseThis course is intended for those wishing to qualify with CompTIA Network certification.CompTIA is a not-for-profit trade association with the purpose of advancing theinterests of IT professionals and IT channel organizations and its industryleading IT certifications are an important part of that mission. CompTIA'sNetwork Certification is a foundation-level certification designed for ITprofessionals with around 1 year's experience whose job role is focused onnetwork administration.This exam will certify the successful candidate has the knowledge and skillsrequired to troubleshoot, configure, and manage common network devices;establish basic network connectivity; understand and maintain networkdocumentation; identify network limitations and weaknesses; and implementnetwork security, standards, and protocols. The candidate will have a basicunderstanding of enterprise technologies, including cloud and virtualizationtechnologies.CompTIA Network Exam Objectives BlueprintCourse OutcomesThis course will teach you the fundamental principles of installing, configuring,and troubleshooting network technologies and help you to progress a career innetwork administration. It will prepare you to take the CompTIA Network N10007 exam by providing 100% coverage of the objectives and content exampleslisted on the syllabus. Study of the course can also help to prepare you forvendor-specific technical support qualifications and act as groundwork for moreadvanced training.On course completion, you will be able to: Describe the features of different network protocols and products for LANs,WANs, and wireless networks. Understand the functions and features of TCP/IP addressing and protocols. Identify threats to network security and appropriate countermeasures andcontrols. Install and configure network cabling and appliances. Manage, monitor, and troubleshoot networks.Target Audience and Course PrerequisitesCompTIA Network is the first certification IT professionals specializing innetwork administration and support should earn. Network is aimed at ITprofessionals with job roles such as network administrator, network technician,network installer, help desk technician and IT cable installer.Page ix
Copyrighted MaterialAbout This CourseTo get started with this course, you should have successfully completed"CompTIA A Study Guide" courses and obtained A certification, and / orhave around 9-12 months' experience of IT administration. It is not necessarythat you pass the A exams before completing Network certification, but it isrecommended.Regardless of whether you have passed A , it is recommended that you havethe following skills and knowledge before starting this course: Configure and support PC, laptop, mobile (smartphone / tablet), and printdevices. Know basic network terminology and functions (such as Ethernet, TCP/IP,switches, routers). Configure and manage users, groups, and shared resources in a simpleSOHO network. Understand the use of basic access control measures, such asauthentication, security policy, encryption, and firewalls.About the Course MaterialThe CompTIA Network exam contains questions based on objectives andexample content listed in the exam blueprint, published by CompTIA. Theobjectives for the N10-007 exam are divided into five domains, as listedbelow. Each domain has a weighting, indicating its relative importance interms of questions in the exam:CompTIA Network Certification Domain AreasWeighting1.0 Networking Concepts23%2.0 Infrastructure18%3.0 Network Operations17%4.0 Network Security20%5.0 Network Troubleshooting and Tools22%This course is divided into five modules, each covering a different subjectarea:Page x Module 1 / Local Area Networks Module 2 / IP Addressing Module 3 / Internetworking Module 4 / Applications and Security Module 5 / Operations and Infrastructure
Copyrighted MaterialAs you can see, the course modules do not map directly to the CompTIA examdomains. Instead, we try to present topics and technologies in the order thatwill make it easiest for you to understand them. Each module and each unitstarts with a list of the CompTIA domain objectives and content examples thatwill be covered so that you can track what you are learning against the originalCompTIA syllabus.About This CourseEach unit in a module is focused on explaining the exam objectives andcontent examples. Each unit has a set of review questions designed to testyour knowledge of the topics covered in the unit. Answers to the reviewquestions are provided on the course support website.At the back of the book there is an index to help you look up key terms andconcepts from the course and a glossary of terms and concepts used.The following symbols are used to indicate different features in the coursebook:IconMeaningA tip or warning about a feature or topic.A reference to another unit or to a website wheremore information on a topic can be found.Review questions to help test what you havelearned.Making a Study PlanIf you are completing this course as self-study, you need to plan your studyhabits. The best way to approach the course initially is to read through thewhole thing quite quickly. On this first reading, do not worry if you cannot recallfacts, get two similar technologies mixed up, or do not completely understandsome of the topics. The idea is to get an overview of everything you are goingto need to know. The first reading shouldn't take you too long - a few hours isplenty of time. You don't have to do it at one sitting, but try to complete theread through within about a week.When you have completed your first read through, you should make a studyplan. For your study plan keep in mind the following things: How much you know about network technologies already. How much time you have to study each day or each week. When you want to (or have to) become CompTIA Network Certified.Page xi
Copyrighted MaterialAbout This CourseIn your study plan, you'll identify how much time you want to spend on eachunit and when you're going to sit down and do that study. We recommend thatyou study no more than one or two units per day. Studying a unit meansreading it closely, making notes about things that come to mind as you read,using the glossary to look up terms you do not understand, then using thereview questions to test and reinforce what you have learned.Only you can decide how long you need to study for in total. Network Certification is supposed to represent the knowledge and skills of someonewith 9-12 months of practical network support experience. If you cannot getthat experience, you will need to do a corresponding amount of study to makeup.You also need to think about where you are going to study. You need to findsomewhere comfortable and where you are not subject to interruptions ordistractions. You will also need a computer or tablet with an Internetconnection for the review and practical activities.Preparing for the ExamsWhen you've completed reading the units in detail, you can start to prepare forthe exam. The "Taking the Exam" chapter contains tips on booking the test, theformat of the exam, and what to expect.Page xii
Copyrighted MaterialAbout CompTIA CertificationsAbout CompTIACertificationsCompTIA is the certification globally trusted to validate foundational, vendorneutral IT security knowledge and skills. As a benchmark for best practices inIT security, this certification covers the essential principles for netwo
authentication, security policy, encryption, and firewalls. About the Course Material : The CompTIA Network exam contains questions based on objectives and example content listed in the exam blueprint, published by CompTIA. The objectives for the N10-007 exam are divided into five : domains, as listed below. Each domain has a : weighting
