CompTIA Network+ N10-008 Simulated PBQs - Matching

Freebie Card. +5

This Layer defines the use of a MAC Address? = 2. Data Link

This Layer initiates contact with the destination? = 5. Session

This Layer converts signals to bits? = 1. Physical

This Layer is responsible for formatting data for use by a Network-Aware program? = 6. Presentation

This Layer defines what segment number will be sent or acknowledged? = 4. Transport

This Layer must contain a Source IP Address? = 3. Network

This Layer handles raw data only? = 7. Application

Access Switch = 2. Data Link

Email Server = 7. Application

Router = 3. Network

Computer Workstation = 7. Application

Hub = 1. Physical

Bridge = 2. Data Link

Web Server = 7. Application

Stateful Firewall = 4. Transport

Frame Relay Switch = 2. Data Link

File Server = 7. Application

Used to provide nonsecure remote access from host terminals to various servers & network devices. = 4. TELNET

The email is stored locally and might not sync if accessed from multiple locations. = 11. POP3 (Post Office Protocol)

Delivers administrative alerts to and from network devices. = 12. SNMP (Simple Network Management Protocol)

Provides for the automatic assignment of IP addresses to hosts on a given network. = 20. DHCP (Dynamic Host Configuration Protocol)

Offers a secure authentication of clients to web servers by delivery of requested data. = 17. HTTPS (Hyptertext Transfer Protocol Secure)

Used to provide connectionless network services. = 8. UDP (User Datagram Protocol)

Network layer protocol that makes multicast connections for delivering mass datagrams to groups of clients. = 5. IGMP (Internet Group Management Protocol)

Email is stored on the server and can be accessed from multiple locations. = 6. IMAP (Internet Message Access Protocol)

Used to transfer files in a connection-oriented state. = 1. FTP (File Transfer Protocol)

Used by email servers to deliver email between server systems. = 15. SMTP (Simple Mail Transfer Protocol)

Network layer protocol used by programs such as ping to deliver network messages to requesting clients. = 16. ICMP (Internet Control Message Protocol)

Resolves fully qualified domain names to their unique IP addresses. = 19. DNS (Domain Name Service)

Offers a synchronized time service to all configured network devices. = 10. NTP (Network Time Protocol)

Offers a secure connection from a virtual terminal to remote devices. = 14. SSH (Secure Shell)

Connection-oriented delivery of upper-layer datagrams using acknowledgements. 9. TCP (Transport Control Protocol)

Often used in audio/video delivery of real-time data requiring QoS and tight sequencing. = 18. RTP (Realtime Transport Protocol)

Nonsecure client/server protocol used to retrieve data from web servers to their Clients. = 3. HTTP (Hyptertext Transfer Protocol)

Provides encryption for data above the transport layer and updates the SSL protocol. = 2. TLS (Transport Layer Security)

Used to resolve IP addresses to MAC addresses for purposes of local-area message delivery. = 7. ARP (Address Resolution Protocol)

Manages the initiation of VoIP phone services. = 13. SIP (Session Initiation Protocol)

POP3 = 110 (Post Office Protocol)

HTTP = 80 (Hyptertext Transfer Protocol)

SNMP = 161/162 (Simple Network Management Protocol)

TFTP = 69 (Trivial File Transfer Protocol)

DHCP = 67/68 (Dynamic Host Configuration Protocol)

SSH = 22 (Secure Shell)

RIP = 520 (Routing Information Protocol)

HTTPS = 443 (Hyptertext Transfer Protocol)

FTP = 20/21 (File Transfer Protocol)

SMTP = 25 (Simple Mail Transfer Protocol)

DNS = 53 (Domain Name Service)

TELNET = 23

NTP = 123 (Network Time Protocol)

IMAP = 143 (Internet Message Access Protocol)

RDP = 3389 (Remote Desktop Protocol)

SIP = 5060 (Session Initiation Protocol)

SMB = 445 (Server Message Block)

LDAPS = 636 (Lightweight Directory Access Protocol Secure)

Provides a graphical user interface to a remote user. = RDP (Remote Desktop Protocol)

Used in VoIP to initiate a telephone service request. = SIP (Session Initiation Protocol)

Provides connection-oriented data file transfers. = FTP (File Transfer Protocol)

Predecessor to DHCP that provided IP addresses automatically. = BOOTP

Provides for connectionless data file transfer. = TFTP (Trivial File Transfer Protocol)

Provides the ability to remotely monitor and manage network devices. = SNMP (Simple Network Management Protocol)

Provides for retrieval of email using an “always-connected” session. = IMAP (Internet Message Access Protocol)

Provides for transfer of email between email servers. = SMTP (Simple Mail Transfer Protocol)

Requires a login to secure access to a website. = HTTPS (Hyptertext Transfer Protocol Secure)

Provides for an email client to access email remotely as prompted by the user. = POP3 (Post Office Protocol)

Provides secure connection to be able to manage remote devices. = SSH (Secure Shell)

Provides for improved streaming audio/video delivery over the internet. = RTP (Realtime Transfer Protocol)

Manages multicast groups = IGMP (Internet Group Management Protocol)

Provides for clock sync across a domain. = NTP (Network Time Protocol)

Older method of accessing remote devices, has no security built in. = TELNET

Authentication and encryption process for retrieving web pages securely. = TLS (Transport Layer Security)

Provides access to files through a web browser. = HTTP (Hyptertext Transfer Protocol)

Maps an IP address to a MAC address = ARP (Address Resolution Protocol)

Serves as a resource to match up fully qualified domain names with an IP address? = Domain Name Server (DNS)

Provides a way to receive, store, and forward email messages on behalf of email clients? = Email Server

Substitutes public addresses for private addresses? = Network Address Translation Server (NAT)

Caches recently visited web pages to reduce bandwidth consumption and speed up response times? = Web Proxy

Automatically provides IP addresses to requesting clients? = DHCP Server (Dynamic Host Configuration Protocol)

Performs data file transfers based on connection-oriented rule set? = FTP Server (File Transfer Protocol)

Provides for authentication and resources authorization to users logging into a network? = Domain Controller

Provides a secure connection that encryptions the original data and all the original headers? = VPN Server (Virtual Private Network)

Used to provide a common time to network nodes? = NTP Server (Network Time Protocol)

The broadcast packet that is used to elicit a DHCP offer from an DHCP server? = DHCPDiscover

The max amount of time that a client is forced to renew its DHCP address? = 7/8

Causes all local DHCP addresses to be refreshed and renewed with the DNS server? = ipconfig /registerdns

Additional info that a DHCP server can provide the client for max use of TCP/IP settings? = DHCPOption

The period of time that a client can cliam an IP address provided by DHCP? = Lease Period

An attempt by a DHCP Server to present a requesting client a valid IP Address from its scope or pool of available addresses? = DHCPOffer

The last step in a successful DHCP IP address assignment? = DHCPack

The initial socket address that makes it possible for hosts to process the packet to find out if they are configured by DHCP server? =
255.255.255.255:67

An IP address that a specific MAC address is assigned and which cannot be assigned to any other MAC address? = Reservation

Command that directs a computer to reinitialize contact with the DHCP server and restart the lease period timer? = ipconfig /renew

Client response to accept a DHCP server offer? = DHCPRequest

This term refers to monitoring and data collection in an enterprise for purpose of controlling devices through direct automation or indirectly overrides. = Supervisory Control and Data Acquisition (SCADA)

Dedicated circuits of limited size that used in small endpoint devices such as thermostats, sensors, and remote control devices. = Programming Logic Circuit (PLC)

Mobile devices use this for close proximity transactions. = Near Field Communication (NFC)

Use of radio waves that are strong enough to create a current in an antenna ‘tag’ that can cause it to respond over a very short range. = Radio Frequency Identification (RFID)

Weak RF signal used in measuring distance to an object useful in asset tracking. = Ultra Wide Band (UWB)

ZigBee low power, short range, standard for sensing and control within networks that are relatively small in size. = ZWave

Loss of signal as it moves through obstacles such as walls or other interference. = Structure Attenuation

Catch all term to signify industrial automation in which multiple components are designed tow ork together for a coordinated purpose. = Industrial Control System (ICS)

A method of maintaining and updating source code in IOT devices. = Firmware Over the Air (FOTA)

An endpoint of a system that communicates with the master terminal unit or a SCADA system to provide telemetry data and receive control instructions. = Remote Terminal Unit (RTU)

Ports that have been administratively configured to be in the same broadcast segment. = VLAN (Virtual Local Area Network)

The use of a single port to transmit and receive data for multiple VLANs. = Trunking

An Ethernet networking protocol used to define the parameters that are used to create Virtual Local Area Networks. = 802.1q

A field inserted into a frame that indicates the VLAN number that the frame should be confined to when Switched to other ports. = VLAN Tagging

The result of a frame being repetitively forwarded on a redundant network connection. = Switching Loop

A protocol that mitigates the presense of switching loops by allowing only a single best path through a switch fabric. = STP (Spanning Tree Protocol)

Recently resolved IP address to MAC address mappings. = ARP Table

The database of all known and active MAC addresses along with their port and VLAN identifier. = MAC Address Table

Ethernet ports that cary up to 15 watts of electrical power suitable for a small network node to safely operate. = POE (Power over Ethernet)

Ethernet ports designed to carry up to 25 watts of electric power for use of nodes requiring an electric power source. POE+ (Power over Ethernet Enhanced)

Use of secondary port to monitor and copy network packets for analysis. = Port Mirroring

Use of logic software to allow virtual machines to communicate with each other, often within the same host system. = Virtual Switch

Automatic Private IP Address = 169.254.4.220

Loopback Address = 127.0.0.1

Class A Public = 2.2.2.2
(1.0.0.0 to 127.0.0.0)

Class B Public = 154.50.3.4
(128.0.0.0 to 191.255.0.0)

Class C Public = 222.2.2.2
(192.0.0.0 to 223.255.255.0)

Class A Private = 10.90.9.140
(10.0.0.0 to 10.255.255.255)

Class B Private = 172.16.2.2
(172.16.0.0 to 172.31.255.255)

Class C Private = 192.168.234.2
(192.168.0.0 to 192.168.255.255)

Class D Multicast = 224.0.0.10
(240.0.0.0 to 255.255.255.255)

Default Class A Subnet Mask = 255.0.0.0

Default Class B Subnet Mask = 255.255.0.0

Default Class C Subnet Mask = 255.255.255.0

Broadcast = 255.255.255.255

The address that replaces the broadcast IPv4 address and allows for machines to contact all machines with a specific service to offer, such as a Router or DNS server. = Anycast Address

The protocol that handles the built-in security that IPv6 incorperates to encrypt packet data. = IPSec

The process of reducing the IPv6 address to its shortest possible format. = Address Truncation

An address that can be assigned manually to ensure that an address stays on a private network and is not routed. = Unique Local Address

A type of unicast address that the client computer gives to itself, similar to APIPA in IPv4. = Link Local Address

Similar to IPv4, a single address on a single interface forming a direct line of communication. = Unicast Address

A routable address used to set up a host to host link on the public Internet. = Global Unicast Address

An address that is used to receive data that is intended for many destination simultaneously. = Multicast Address

The process of placing an IPv6 datagram inside an IPv4 packet header for use by IPv4 networks. = Tunneling

A periodic message sent to a network segment providing information about the network address and other network parameters. = Router Advertisement (RA)

A method of learning data linke layer addresses for IPv6 machines located in the same physical or broadcast domain. = Neighbor Discovery (ND)

A host generated message to force an IPv6 gateway device to advertise its network capabilities. = Router Solicitation (RS)

2001: 0000:0035:0C1F:0000:0C3F:1CBE:00F1 ====== 2001::35:C1F:0:C3F:1CBE:F1
2001: 0000:0001:0000:0000:0000:000:0002 ====== 2001:0:1::2

FC00:0000:0030:0000:0C12:56FF:FE00:0031 ====== FC00::30:0:C12:56FF:FE00:31

2001:0000:0000:0001:0000:0000:0000:0002 ====== 2001:0:0:1::2

FF00:0000:1000:0000:0000:0000:0000:0020 ====== FF00:0:1000::20

Use of phone line to deliver dedicated high speed digital services. = DSL

Dedicated leased line technology allowing 1.544 Mbps. = T1

Dedicated leased line services delivering up to 45 Mbps. = T3

Delivery of high speed internet using existing shared medium TV coax. = Cable Broadband

Optical signaling providing 155 Mbps. = OC3

Similar to a T-1 in bandwidth, but can also use ISDN tech and requires more bandwidth to be dedicated to the signaling and control function. = PRI

Data delivery protocol that forwards packets using the data link layer using label switching instead of routing tables. = MPLS

WAN protocol that is non-proprietary and capable of having encrypted authentication. = PPP

Used in delivering a voice telephony service on the Internet. = SIP Trunk

Encapsulates point to point protocol inside Ethernet frames. = PPPoE

Physical point where WAN connection comes into a facility. = Demarcation Point

Use of high speed leased lines managed via software defined network programming to lower costs. = SD-WAN

Creates signals in the 5GHz range. = 802.11a

Better for short distances and limited data for personal area networks (PAN) = 802.15

A name that is used to represent a wireless network to a set of common hosts. = SSID

Creates 11 Mbps signals at a frequency of 2.4GHz. = 802.11b

Uses MIMO to make multiple simultaneous connections while extending distance. = 802.11n

WIFI Protected Access Version 2 (WPA2) Authentication. = 802.11i

Can delivery 54 Mbps at 2.4GHz frequency. = 802.11g

Incorperates Quality of Service to improve telephone service over wireless connections. = 802.11e

Allows multiple wireless access points to work together to extend a wireless network. = ESS

Wireless network in which one device associates itself with another device without the benefit of a wireless access point. = AdHoc

• Offers offsite phone service as if the phones were locally installed. Can be coupled with IP phones for phone-anywhere service as if they are locally attached. No duties for local network administrator to attend to. = Virtual PBX

• Use of a server to act as intermediary in providing clients secure point-to-point network access with tunneled encapsulation. = Virtual Private Network (VPN)

• Use of commercial service to substitute for private service machines. Email and web hosting are popular examples. = Virtual Services

• Leveraging of Remote Procedure Calls (RPCs) to have remote servers perform calculations and return results on demand. = Cloud Computing Service

• Carrier leases its network and billing systems to application service providers or web hosting organizations. Video conferencing on demand is an example. = Network as a Service

• Offsite but online storage of data files on behalf of requesting clients. Redundancy is a key motivator, but anywhere access is another
  advantage. Clients can be small or large. Microsoft OneDrive is an example. = Cloud Storage Service

• Instead of installing applications on every machine, this service provides virtual applications on demand. This can lower the concurrent
  licensing cost of an application. = Virtual Application Server

• Organizations who offer an array of communication-oriented services either locally or remotely. This is a broader category to include specific
  services as well as more generalized such as broadband and DSL providers that might offer VoIP. = Communication Service Provider

• A data link layer emulation in which guest VMs are in the same broadcast domain with each other. = VSwitch

• Software is rented rather than purchased, and data is stored remotely. Google Docs and Microsoft Office 365 are examples. These services
  tend to be platform or OS independent. = Software as a Service

• Telephone services using Internet Protocol and either private or public networks. = VoIP (Voice over Internet Protocol)

• Software technology that can enhance the capabilities of the actual hardware by providing a virtual appliance. = Paravirtualization

• A condition in which a remote desktop is running on the local machine as if it were locally stored. Users can access the desktop GUI of the
  machine from anywhere. = Virtual Desktop

• Method of measuring performance for certain types of traffic such as VoIP phone serivces. = QoS (Quality of Service)

• Distributing the packet routing load over multiple pathways. = Load Balancing

• Use of redundant pathways to mitigate failure on a single path. = Fault Tolerance

• Use of the same IP address on multiple devices (such as file servers) to provide redundancy. = CARP (Common Address Redundancy Protocol)

• Software installed to store frequently or recently downloaded Internet content. = Caching Engine

• Network uptime expressed as a percentage, such as 99.999% (five nines of availability). = High Availability

• QoS strategy that reduces latency by use of queuing to intelligently direct latency-sensitive traffic. = Traffic Shaping

• Refers to applications in which delays in packet delivery result in obvious performance flaws. = Latency Sensitivity

• The percentage of the time that the network is generally meeting mission critical demands. = Uptime

• Protocol developed by Cisco to create router redundancy for high-availability networks. = VRRP (Virtual Router Redundancy Protocol)

• Mechanism for managing traffic using the DSCP header field to classify traffic. = DiffServ

• A person or condition within an org possessing potential for harm. = Internal Threat

• A org framework that defines assets to be protected and assigns authority for doing so. = Security Policy

• Generic term for an individual engaged in attempts to circumvent security measures protecting data. = Hacker

• Hardware appliance running software used in logical security to scrutinize and manage data traffic. = Firewall

• Process of monitoring and reporting on network related events involving accessing and using data. = Network Auditing

• Logical digital pattern that provides clues as to the type a purpose of a worm, virus, or malware. = Data Signature

• Physical topology that separates the internal network from the external network. = DMZ

• Points of network access where the exposure to threats can turn into unauthorized intrusion. = Vulnerability

• Ethical hacking authorized by an org as a means of testing and hardening security defenses. = White Hat

• Security policy implementation such that a specific data asset is protected using an authentication process. = Access Control List (ACL)

• Used of mathmatical algorithms to hide data by scrambling its symbols or changing the symbols. = Encryption

• Use of data encapsulation to package data inside another header so as to hide the original header and data. = Tunnel

• Computer appliance with software designed to detect but not necessarily prevent an unauthorized intruder. = IDS (Intrusion DETECTION System)

• Use of mobile devices to discover open wireless hotspots. = War Driving

• Deceptively persuading someone to give up information under false pretense. = Social Engineering

• Any software designed to intercept an encrypted signal for the purpose of revealing its messages. = WPA Cracking

• Signage posted to make mobile users aware of previously discovered hotspots and their security status. = War Chalking

• Another name for a rogue access point because of its ability to mimic the legitimate access point. = Evil Twin

• Exploitation of port 20/21 to gain access to a network. = FTP Bounce

• Wireless access machine placed by a hacker for the purpose of allowing unsecured access into an existing wireless network by extending the
  use of the SSID. = Rogue Access Point

• Overwriting of adjacent memory because of excessive input, thus creating a security hole in which new programs can be introduced. = Buffer Overflow

• Used by intrusion detection systems (DS) to copy data from one switch interface to another one for monitoring and detection of unauthorized
  traffic patterns. = Port Mirroring

• Can be used either ethically or unethically to monitor and copy data flows between two points. = Network Trap

• In a network in which networks are learned dynamically, a vulnerability is created by poisoning the route table for the purpose of redirecting
  traffic to a hackers chosen site. = Fake Router Advertisements

• Intentional vulnerability created by developers in software applications to allow for administrative access. = Back Door

• Gaining higher administrative rights on a device or file than is authorized. = Privilege Escalation

• Unintended vulnerabilities in system programming. = OS Flaw

• Program code that does not run as planned or creates vulnerabilities for threat exploitation. = Application Bug

• Fluctuations of or lack of power to critical circuits. = Electrical

• Potential for physical damage because of inadequate physical security. = Hardware

• Extremes of temperature, humidity, EMI, or RFI = Environmental

• Lack of spare parts for mission critical devices or poor documentation leading to poor repair response. = Maintenance

• Most cmmon protocol for accessing websites. = Unsecure = HTTP (Hyptertext Transfer Protocol)

• Alternative to Telenet = Secure = SSH (Secure Shell)

• Displays a lock symbol at the bottom of a web browser. = Secure = HTTPS (Hypertext Transfer Protocol Secure)

• Originally designed to be used on telephone networks for remote consoles. = Unsecure = Telnet

• Designed for management of network devices. = Unsecure = SNMPv1 (Simple Network Management Protocol)

• SSH-based version of File Transfer Protocol = Secure = SFTP (Secure File Transfer Protocol)

• Uses SSH to allow files to be copied directly from system to system. = Secure = SCP (Secure Copy Protocol)

• Copies files between systems. = Unsecure = RCP (Remote Copy Protocol)

• Upgraded version of the original network management system using MIBs. = Secure = SNMPv3 (Simple Network Management Protocol)

• Remote command line execution, typically used on Linux Systems = Unsecure = RSH (Remote Shell)

• Routing protocol for small to medium-sized networks. = Unsecure = RIPv1

• Used to resolve IP addresses to domain names. = Unsecure = DNS (Domain Name Service)

• Used to retrieve email for a client. = Unsecure = POP3

• Attempt to render part of all of a network/network device useless by artificially creating congestion. = DoS/DDoS

• Unsolicited email whose intent is to procure information about the user, often in the form of passwords and account information. = Phishing

• Ping request is given a spoofed source address so that replies overwhelm the spoofed victim. = Smurf

• Type of malware that replicates itself without user intervention. = Worms

• Substitution of another IP address in place of a real one for purpose redirecting or misleading. = Spoofing

• Malware that requires a host machine to replicate itself to other hosts. Usually instigates the replication unknowingly. = Virus

• Type of malware that poses as legitimate program in hopes that the user will activate it. = Trojan Horse

• Virus that hides inside documents, such as word processing or spreadsheet files. = Macro Viruses

• Programs that install as part of a “free” program and which gather information about a user’s application usage, including websites visited. = Spyware

• Used by hackers to trick employees into giving up information under false pretense. = Social Engineering

• Any unauthorized programming code covertly installed without the users consent. = Malware

• Port 7 attack intended to overwhelm the resources of the receiving machine. = ICMP Flood

• Use of hardware or software to copy all data packets on a circuit for the purpose of examining contents. = Packet Sniffing

• Intruder can intercept sent messages in a specific session and capture (store), manipulate, or just view the data. = Man in the Middle

• Active capture of data packets for the purpose of discovering usernames, passwords, port numbers, and so on. = Sniffing Attack

• Type of program that is used to block access to data, or the workstation itself unless a demand is met. = Ransomware

• Changes an RC4 encryption key periodically to enhance security. = Dynamic WEP

• Message framework used by WPA-Enterprise for authentication. = EAP

• Uses AES instead of TKIP = WPA2

• Client side request for authentication for the purpose of gaining access to the network. = Supplicant Role

• Uses TKIP to check for key tampering. = WPA

• Verifies a client’s credentials to access the network itself, previous to any other network resources. = Authenticator Role

• Block-based cipher encryption at either 128 bits or 256 bits. = AES

• Specifies port-based access control for either wireless or wired connections. = 802.1x

• Modifies WEP by wrapping an RC4 encryption packet in additional code = TKIP

• Keeps its encryption key as configured = Static WEP

• Process that is programmed to check and enforce credentials required to access network resources. = Authentication Server

• Use of a wireless receiver to identify SSIDs in an area. = War Driving

• Drawing symbols in public areas to identify SSIDs by their availability. = War Chalking

• Wireless encryption standard in all devices that use the WIFI Trademark. = WPA2

• The use of a public and a private key pair in which both parties know the public key but neither party knows the other’s private key. = Asymmetric Encryption

• Early attempt at providing wireless authentication but no longer considered secure. = WEP

• Used by WPA in conjunction with a 128 bit per packet key which is generated automatically for each packet. = TKIP-RC4

• Use by WPA2 to provide stronger data integrity than what WPA provides. = CCMP-AES

• Encapsulates Extensible Authentication Protocol inside a Transport Layer Security tunnel. = PEAP

• A symmetric cryptographic protocol widely used in protecting privacy and integrity of web application data. = TLS

• Uses tickets to provide the identity of the communcating machines to each other. = Kerberos

• Automatically generated symmetric secret code used by both sides of a data session to create a secure channel before data is sent. = Preshared Key

• FIPS approved encryption that is a combination of substitution and permulation resulting in a fast, safe compulation. = AES

• End station to end station networking protocol suite used by IPv6 natively to authenticate and encrypt packets in transit. = IPSec

• Use of multiple honeypots used in trandem for larger network monitoring. = Honeynet

• Used to attack, detect, and counteract uninvited intrusions into information networks. = Honeypot

• Ensures that anything not permitted (in ACLs) is denied. = Implicit Deny

• Set of programming code files designated to fix recently discovered program vulnerabilities. = Security Update

• Packet filter based on matching data in packet header fields as defined in a security policy. = Access Control List

• User of attack mitigation at the workstation, server, and network access levels, both logical and physical. = Layered Defense

• Controlled access to geographically based data devices. = Physical Security

• Standalone firewall device that probes network devices to look for device activity and traffic patterns deemed to be suspicious. = Behavior-based Appliance

• Standalone firewall device programmed to examine traffic flows for virus like bit patterns. = Signature-based Appliance

• Dedicated network intrusion system for detection of threats and attacks, often in real time. = Network-based Appliance

• Use of workstation-level software to scan for viruses, worms, adware, malware, and so on. = Host-based Security

• Professional-level network scanner for examining open ports and other network vulnerabilities. = NESSUS

• Open source scanning tool for discovering hosts with open ports/services on a network. = NMAP

• Plan to be employed by an org to achieve acceptable levels of servce following a disruption of one or more of its systems. = Business Continuity

• Operational implementation of a business continuity plan to reestablish full operational status of critical systems. = Disaster Recovery

• The degree to which an individual component of a system can fail without causing systemic failure. = Fault Tolerance

• Ability of a network traffic controller to avoid congestion by parsing packets across available routes. = Load Balancing

• Power continuity system that is instantly capable of both detecting a loss of current and then compensating for it for some defined time period. = UPS

• Server system in which the fault tolerance is high and immediately recoverable. = Hot Sites

• Group of servers enabled with the ability to monitor each other and achieve both load balancing and fault tolerance. = Clustering

• Average amount of time required to bring all critical processes back to being fully operational. = MTTR (Mean Time To Repair)

• The average operational life expectancy of a hardware component. = MTBF (Mean Time Before Failure)

• Data recovery strategy in which all data can be recovered from the last full backup plus one other set of backup files. = Differential Backup

• Data recovery strategy in which a full resotration of all data requires a full backup plus restoring multiple chronologically successive backups. = Incremental Backup

• Verify TCP/IP settings, including DNS server. = ipconfig /all

• Test connection with a remote machine. = ping

• Discover the MAC address of a network device. = arp -a

• Determine how a computer is choosing to send packets to local or remote destinations. = route print

• Compare the number of broadcast packets to unicast packets. = netstat -e

• Attempt to acquire an automatically assigned IP address. ipconfig /renew

• Discover whether a connection to resolve a domain name to its IP address has recently been attempted. = ipconfig /displaydns

• Display the list of all active connections. = netstat -a

• Display the path to a remote desitnation. = tracert

• Display statistics for all protocols currently in use. = netstat -s

• Query a DNS server from Linux or Unix host machine for information about host addresses and name servers. = dig

• Displays Linux host's interface configuration settings. = ifconfig

1. Information Gathering

2. Identify Symptoms

3. Question Users

4. Determine if anything has changed.

5. Establish a Theory of probable cause.

6. Test the theory to determine cause.

7. Establish a Plan to Action or resolve the problem and identify potential effects.

8. Implement the Solution or Escalate as necessary.

9. Verify Full System Functionality and if applicable implement preventitive measures.

10. Document Findings, Actions, and Outcomes