748 | IndexA+ Essentials Exam continued username and password, 222 memory upgrade exercise, 388 power problems exercise, 388 power supply exercise, 387 proxy settings configuration, 399
Trang 1726 | Chapter 12: Security+ Exam Prep and Practice
• Access to a DHCP server can provide information about an internal IPaddressing scheme
• DHCP servers must be secured properly and kept up to date with securitypatches, hotfixes, and service packs
• Rogue DHCP servers should be detected and taken offline immediately
• DHCP servers should be configured to send secure dynamic updates to DNSservers
• Only authorized administrators should be permitted to manage DHCP servers
Basics of Cryptography
This subsection covers a summary of highlights from the “Basics of raphy” section in the Security+ Exam Study Guide
Cryptog-Symmetric encryption algorithms
• A symmetric algorithm uses one key for both encryption and decryption
• It is also known as a secret key, a private key, or a shared secret encryption
• It is widely used because of simplicity, easy implementation, and speed
• Symmetric algorithms are divided into stream ciphers and block ciphers
• Stream ciphers encrypt bits of the message, one at a time
• Block ciphers take 64-bit blocks and encrypt them as one unit
• Symmetric algorithms are prone to brute force attacks
Data Encryption Standard (DES)
• DES uses a single 64-bit block of plain text for encryption
• It also uses a 64-bit key—56 bits for data and 8 bits for parity
• DES is known for weak security due to the small size of the key
• 3DES (Triple DES) uses the 56-bit key three times to make the key size larger
Advanced Encryption Standard (AES)
• AES supports a large range of text blocks and key sizes
• Key sizes of 128, 192, and 256 bits are used
• The 128-bit data block is broken into four groups, each with 32 bits
• It is stronger and faster than 3DES and consumes less processing power andmemory
International Data Encryption Standard (IDEA)
• IDEA operates on 64-bit data blocks with a 128-bit subkey
• The encryption and decryption process uses eight rounds with 16-bit keys per round
sub-• It is a faster and more secure algorithm than DES
Asymmetric encryption algorithms
• Asymmetric encryption algorithms are used in public key cryptography
• Two separate keys are used: one for encryption (the public key) and the otherfor decryption (the private key)
Trang 2Security+ Exam Highlighters Index | 727
• The public key can be freely distributed, but the private key must be held instrict confidence
• Asymmetric algorithms are much slower than symmetric algorithms
• Asymmetric algorithms are used for confidentiality, integrity, authenticity,and non-repudiation
• Diffie-Hellman, ElGamal, and RSA are asymmetric algorithms
Hashing algorithms
• Hashing algorithms are used for integrity and authentication of data
• A hashing algorithm, or a hash function, creates a unique digital fingerprintfrom data known as the hash value
• If the original data changes, the hash function will produce a different hashvalue
• The hashing function is considered a one-way process
• Encrypted passwords are stored as hashes in secure networks
• Message Digest 5 (MD5) is a hashing algorithm that uses a 128-bit hashvalue
• Secure Hashing Algorithm 1 (SHA1) uses a 160-bit hash value
transmis-• Authentication refers to the verification of identity
• Non-repudiation means that the sender cannot deny that he sent the message
• Digital signatures are used to ensure data integrity and non-repudiation
Digital certificates
• Certificates are used to identify a user or an organization
• Certificates are based on the X.509 standard
• The Certification Authority (CA) is a PKI that binds a private key to an vidual or organization
indi-• Certificates are used for encryption of email and e-commerce, and for tally signing software
digi-• Certificate policies define how the CA will issue certificates
• Certificate Practice Statements (CPS) describe how the CA plans to managethe certificates that it issues
Trust models
• In a single CA model, there is only one CA that issues and manages certificates
• A hierarchical model is comprised of a root CA (enterprise CA), subordinateCAs, leaf CAs, and end users
• The root CA uses a self-signed certificate
• In the web of trust model, all CAs sign the certificates of each other
Trang 3728 | Chapter 12: Security+ Exam Prep and Practice
Storage of private keys
• Private certificate keys can be stored on hardware devices or software
• Hardware devices such as smart cards or PCMCIA cards can be used to storeprivate keys
• Network operating systems also allow storage of private keys
• In Escrow storage arrangement, the private keys are stored with two differentcompanies, each holding only a part of the keys
Certificate revocation
• Certificates are revoked if they are compromised—for example, when a userleaves a company or if an organization changes the ISP
• When a certificate is revoked, the information is sent to the CA
• The CA publishes the revoked certificate in the certificate revocation list(CRL)
• Online certificate status protocol (OCSP) allows users to checkthe status of aparticular certificate
• In large organizations, multiple CAs maintain a base CRL
• The base CRL is updated using Delta CRLs
Certificate expiry, renewal, suspension, and destruction
• Every certificate has a defined expiry date
• A certificate must be renewed with the CA before the expiry date
• CAs renew certificates either by issuing a new key or by updating the old key
• The CA can renew its own certificate
• If the user will not be using the certificate, it can be suspended to help securethe private key
• When the certificate is no longer needed, it is destroyed
Recovery of private keys
• If a user forgets his private key, it needs to be recovered from storage
• An administrator is designated as a key recovery agent
• In large organizations, two key recovery agents are required for addedsecurity
• When the key recovery process is broken up into multiple key recovery
agents, the process is known as M-of-N Control.
• M-of-N Control states that out of a total of N recovery agents, at least M
must be present for key recovery
Operational and Organizational Security
This subsection covers a summary of highlights from the “Operational and nizational Security” section in the Security+ Exam Study Guide
Orga-Physical security
• Access Control is used to grant physical access to networkequipment toauthorized personnel
Trang 4Security+ Exam Highlighters Index | 729
• Critical servers and network equipment should be kept in a locked room
• These rooms should be equipped with alarm systems
• Log books should be maintained for recording entries to the secure room
• Strong authentication methods such as biometrics should be used
• If outsiders work inside secure rooms, an employee should accompany them
Environment
• The temperature should be kept within limits
• Alarms should be installed to monitor temperature and to sound alerts, ifrequired
• Humidifiers or dehumidifiers, as required, should be installed
• Hardware technicians should wear ESD wristbands
• Good air quality should be maintained inside server rooms
• Equipment should be located in racks on raised floors
• If required, STP cable should be used to protect the equipment from EMI andRFI
• Fire suppression equipment should be used to prevent damage from tal fire breakouts
acciden-• Water sprinklers should not be used in server rooms
Backups
• Data backup is a critical element of a disaster recovery plan
• Backup media should be stored at an offsite location
• The full backup backs up all the data in a single backup job and changes thearchive bit
• It takes longer to back up, but restoration is fast
• An incremental backup method backs up all the data that has changed afterthe last full or incremental backup and changes the archive bit
• The last full backup tape and all incremental tapes after the full backup arerequired to completely restore data
• The differential backup method backs up all the data that has changed afterthe last full backup and does not change the archive bit
• Only the last full backup and the differential backup tapes are required forrestoring data
• The copy backup method copies all the data on the system, but unlike thefull backup, does not change the archive bit
Tape rotation and offsite storage
• Backup tapes are reused in order to reduce costs
• Grandfather-father-son (GFS) is the most commonly used tape rotation plan
• The daily tape set is known as son, the weekly tape set is known as father, and the monthly full backup tape set is known as grandfather.
• A full backup is taken every week; differential or incremental backups aretaken every day; and another full backup is taken every month
Trang 5730 | Chapter 12: Security+ Exam Prep and Practice
• When the month changes, the tapes used for the first weekin the previousmonth are reused
• The grandfather tape set is not reused
• Offsite storage of backup tapes protects critical data in the event of a disaster
Alternate sites
• An alternate site is a temporary facility away from the original location
• It enables administrators to restore a working network on short notice
• A hot site is equipped with necessary hardware, software, networkdevices, andtelephone lines, which allows organizations to resume business immediately
• A warm site is equipped with necessary hardware, but the hardware andsoftware must be configured and data must be restored to make the siteoperational
• A cold site contains only partial hardware, software, and networkdevices andneeds to be built from scratch
• The cold site requires the maximum amount of time to be set up
Business continuity plan
• A business continuity plan is developed after assessment of risks, threats, anddisasters
• The disaster recovery plan defines the procedures to recover after a disasterstrikes
• The business recovery plan describes the procedures to resume business tions at an alternate site after a disaster
func-• The business resumption plan describes the procedures to resume functions
of critical systems in order to begin business again
• The contingency plan describes the procedures to resume business after adisaster strikes or when additional unforeseen events take place during therecovery process
High availability and fault tolerance
• High availability refers to providing maximum uptime and availability of work services
net-• Network load balancing is used to distribute load across several servers
• Server clustering is used to provide system fault tolerance
Disk fault tolerance
• RAID systems are used to provide fault tolerance for hard disks in a server
• RAID 1 uses two disks with 50 percent disk utilization
• RAID 5 uses 3 to 32 disks and also supports the hot swapping of disks
Acceptable use policy
• Acceptable use policy describes the guidelines for users for appropriate use ofcomputers
• Users should not indulge in activities that might damage the image of thecompany
Trang 6Security+ Exam Highlighters Index | 731
• Users should not print any confidential documents
• Users should not transmit confidential information over the Internet
Due care policy
• A due care policy describes how the employees should handle hardware andsoftware
• Employees should be given guidelines on how to properly use equipment
• Organizations can also monitor an end user’s Internet usage and email
• Critical data is also considered private and confidential
Separation of duties
• This policy ensures that critical tasks are not assigned to a single person
• No single person should have control over a task from beginning to end
• Monopolization of duties should be prevented
• Separation of duties makes users experts in their respective fields
Need-to-know policy
• This policy defines restricted access to information
• Users should be given permissions based on the principle of least privilege
• Excessive information to employees might result in inappropriate handling
Password management policy
• This policy describes how employees should manage their passwords
• A password is the employee’s key to gaining access to the organization’sresources
• Use of blank passwords should not be allowed
• Passwords should have at least eight characters
• A password should be made up of a combination of upper- and lowercase ters, special characters, and numbers
let-• Employees should be forced to change their passwords regularly
• Employees should not be allowed to reuse old passwords
• Administrators should use normal user accounts when not performing anyadministrative tasks
• Only designated IT employees should have administrative privileges
Trang 7732 | Chapter 12: Security+ Exam Prep and Practice
Service Level Agreement (SLA)
• An SLA is usually signed between the organization and a third party that isproviding critical services
• It can also be used inside an organization describing what the companyexpects from its IT staff
• It describes the expected level of performance and confidentiality
• SLAs may also often include information on the maximum allowed time for computer systems
down-Incident response policy
• This policy describes how employees will respond to unexpected incidentsinvolving personal and organizational safety and security
• It describes how incidents are to be handled without causing a panic
• It asks the following common questions:
— Who will investigate and analyze the reasons behind the incident?
— Who will find an immediate and acceptable solution to the problemcaused by the incident?
— What other documents can be referred to in order to help resolve theproblem?
trans-• All electronic crimes are reported to the incident response team
• The first responder identifies and protects the crime scene
• The investigator establishes a chain of command/chain of custody, conducts
a search, and maintains the integrity of the evidence
• The crime scene technician preserves volatile evidence, duplicates computerdisks, shuts down the system for transportation, and logs activities
• Crime scene data is protected from being damaged
• Steps are taken to preserve the volatile data first
• Photographs of screens are taken
• Images of hard disks are made using accepted imaging tools
Trang 8Security+ Exam Highlighters Index | 733
• The system is shut down normally
• Photographs of the existing system setup are taken before moving
• Each piece of hardware is unplugged and tagged
• Appropriate safety procedures are followed when handling hardware
• Smaller pieces of hardware are placed inside antistatic plastic bags
• Equipment is kept away from strong EMI and RFI
Collection of evidence
• Collection of evidence is the process of identifying, locating, and processingevidence
• Appropriate documentation is made
• The crime scene is secured and unauthorized entry is prohibited
• The evidence is identified and secured
• The investigation team examines the evidence and takes steps for collection
• Evidence is collected from audit logs, screen displays, and recovered datafiles
Education and training
• Educating and training users helps to create a safe and secure working ronment
envi-• Users must know available methods to communicate to their peers, theirsupervisors, management, and employees in other departments
• Users should be made aware of rules, regulations, and security issues whenworking on computers
• Online resources help educate, train, and keep users informed
Risk identification
• A risk is the possibility of incurring some loss due to unexpected situations
• Riskidentification is the process of identifying assets, risks, threats, and nerabilities in a system
vul-• Organizations need to take steps to identify all types of assets and make anevaluation
• After identifying assets, the type and severity of risks associated with eachtype of asset should be identified and assessed
• The likelihood of occurrence of a risk within one year is called the AnnualRate of Occurrence (ARO)
• The dollar value of the loss is known as Single Loss Expectancy (SLE)
• Multiplying ARO and SLE gives a value of Annual Loss Expectancy (ALE)
• The formula for calculating the loss resulting from a risk is ALE=ARO x SLE
Threat identification
• Identification of risks leads to identification of possible threats to a system
• Threats include incidents involving vandalism, theft of equipment or data,and physical or software intrusions
• Appropriate steps should be taken to avoid potential threats
Trang 9734 | Chapter 12: Security+ Exam Prep and Practice
Vulnerabilities
• Vulnerability is defined as the weakness of a system
• It can lead to exposure of critical and confidential information
• Vulnerabilities can lead to internal malicious activities or even outside rity attacks
secu-• Every software application and all hardware devices are vulnerable if not figured and secured properly
con-Security+ Exam Practice Questions
1 Removal of nonessential services and protocols helps in all of the followingexcept:
❍ A Securing the system
❍ B Network performance
❍ C System performance
❍ D Reduction of administrative overheads
Answer D is correct When you remove nonessential services and protocolsfrom a system, it does not reduce administrative overheads In fact, moreadministrative efforts are required to detect and disable or remove nonessen-tial services and protocols from different servers across the network
2 Which of the following authentication methods is used with timestampedsession tickets?
3 You have been told to develop a system to control how and when a user will
be allowed to connect to a remote access server You should specify whichmedia should be used to connect and to which groups the user shouldbelong Which of the following aspects of computer security are yousupposed to work with?
Trang 10Security+ Exam Practice Questions | 735
4 You have just taken charge of some file servers in your organization Yoususpect that someone is repeatedly trying to get unauthorized access to aconfidential folder on one of the file servers You decide to configure auditing
on this server Which of the following events should you audit?
❍ A Object Access Failure
❍ B Object Access Success
❍ C Logon/logoff Failure
❍ D Logon/logoff Success
Answer A is correct The person is trying to access the folder but is notsuccessful This means that the failure events for object access should berecorded in audit logs It is also a good idea to audit successful object accessevents, just in case someone has obtained legitimate user credentials to accessconfidential information
5 Which of the following is known as a label-based access control method and
is hardcoded into a device?
❍ A The hacker is trying to guess the credentials of the user
❍ B The hacker is trying to get access without having to authenticate
❍ C The hacker is trying to get personal information from the user over thephone
❍ D The hacker is trying to connect to the user’s wireless home network
Answer B is correct A backdoor attackoccurs when a hacker tries to getaccess to a system without having to authenticate Attackers usually perform
a backdoor attackby exploiting some system configuration or softwarevulnerability
7 A programmer has written malicious code that will delete all systems files on
a critical file server This code will execute as soon as the programmer isterminated from the company and his user account is disabled or deleted.What kind of malicious code is this?
Trang 11736 | Chapter 12: Security+ Exam Prep and Practice
8 Which of the following actions best describes the term IP spoofing?
❍ A Trying to guess a password
❍ B Pretending to be someone you are not
❍ C Capturing TCP/IP traffic
❍ D Trying to crack an encryption key
Answer B is correct In an IP spoofing attack, the attacker tries to use a false
IP address in order to make the security system believe that the attacker’smachine is a legitimate host on the network when it is not
9 Which of the following has the necessary privileges to assign permissions to ashared resource when the discretionary access control method is used?
10.An e-commerce web site is using digital certificates Which part of cation, access control, and auditing (AAA) is provided by these certificates?
11.Which of the following transport protocols is used by TACACS+?
Trang 12Security+ Exam Practice Questions | 737
Answer B is correct Wired Equivalent Privacy (WEP) is an 802.1x cation standard The wireless client in this setup is known as the supplicant,and the access point is known as the authenticator The authenticatorforwards the supplicant’s authentication request to a centralized authentica-tion server such as the RADIUS server
authenti-13.You have just received an email, which says that most of the stocks listed onthe NY stockexchange would be sold for $1 on the Fourth of July (Indepen-dence Day) You checkwith some of your friends, and they also received thesame message Which of the following terms best describes this kind ofmessage?
14.You have decided to implement IPSec protocol to provide secure end-to-endcommunication to remote access clients In which of the following modesshould you implement this protocol?
❍ A It provides two levels of authentication
❍ B It works only in IP networks
❍ C It can use RADIUS authentication
❍ D It provides protection against replay attacks
Answer B is correct Unlike PPTP, the L2TP/IPSec combination works in IP,IPX, and SAN networks PPTP works only in IP networks
16.Which of the following is the best method to protect a user from email spam?Select two answers
Trang 13738 | Chapter 12: Security+ Exam Prep and Practice
Answers B and D are correct The best protection against email spam is toeducate users Some messaging applications allow you to configure spamfilters to stop messages that looklike spam at the server itself and protectindividual mailboxes
17.Identify the 802.1x method that can be used for mutual authentication of thesupplicant and the authenticator
Protocol-Trans-18.Which of the following authentication methods are defined by the 802.11wireless standard?
❍ A Open and shared key
❍ B Shared key and private key
❍ C Private key and secret key
❍ D Open key and closed key
Answer A is correct The 802.11 wireless standard defines two tion methods: open authentication and shared key authentication Theshared key authentication is also known as private key or secret keyauthentication
authentica-19.Which of the following is the intent of conducting site surveys?
❍ A To determine all wireless networks in the neighborhood
❍ B To measure the frequency range used by the network
❍ C To determine the speed of the wireless network
❍ D To determine the extent to which the wireless networkgoes beyond thebuilding
Answer D is correct Site surveys help determine the extent to which the less network extends beyond the physical boundary of the building
wire-20.Which of the following is considered the best place for placing wireless accesspoints?
❍ A Away from server rooms
❍ B Inside server rooms
❍ C Away from walls and windows
❍ D B and C
Answer C is correct Wireless access points should be kept away from wallsand windows of the building This helps prevent the wireless signals fromextending beyond the physical boundaries of the building
Trang 14Security+ Exam Practice Questions | 739
Answer D is correct Secure Hypertext Transfer Protocol (HTTPS) uses TCP/
IP port 443, and HTTP uses port 80 If you wish to allow only HTTP traffic,you will need to open port 80 on the firewall and close port 443
22.You were conducting a scan of all active servers in the networkand foundthat several servers are listening on port 80 What should you do with theseservers?
❍ A Identify rogue HTTP servers and disable them
❍ B Identify rogue DNS servers and disable them
❍ C Identify rogue DHCP servers and disable them
❍ D Identify rogue LDAP servers and disable them
Answer A is correct Port 80 is used by HTTP service If a number of serversare listening on port 80, this means that HTTP is configured on these servers.You need to identify the servers that are not supposed to host HTTP serviceand disable them
23.You receive an email from a software vendor letting you know that a newsecurity update is available on its web site for its messaging application.Which of the following actions should you take immediately? Select twoanswers
❏ A Download and install the update immediately on all email servers
❏ B Immediately inform your manager that you need to install the update
❏ C Download the update and read the accompanying instructions
❏ D Install the update on a nonproduction email server and test it for bugs.Answers C and D are correct Updates, hotfixes, and service packs should betested on nonproduction servers before they are installed on productionservers Sometimes the updates contain bugs that might leave the productionservers inaccessible or open to external threats
24.A large number of employees burn CDs on their desktops and take themhome You suspect that some employees might be burning CDs with confi-dential corporate data as well What should you do?
❍ A Remove CD burners from all desktops
❍ B Askmanagement to design a policy restricting burning of CDs oncompany computers
❍ C Email all employees that this is not a good practice
❍ D Askthe security department to conduct physical checks of allemployees when they leave
Answer B is correct The best way to protect confidential data, and to preventdata theft and other illegal activities (such as burning of music CDs on
Trang 15740 | Chapter 12: Security+ Exam Prep and Practice
company computers) is to design a security policy that restricts all such ities The management should make sure that the policy is enforced for allemployees
activ-25.Most of the employees in the marketing department have laptop computers.They take their laptops with them when traveling These laptops have confi-dential marketing information that needs to be protected You are afraid that
if any of the laptops are stolen, the confidential data can be leaked and usedagainst the organization Which of the following is the best method to protectdata stored on laptops?
❍ A Encrypt the data
❍ B Compress the data
❍ C Make data read-only
❍ D Archive the data
Answer A is correct The data stored on laptop computers should beencrypted so that if the laptop is stolen, the data is secure from being readand used by a third person
26.The organization you workfor has strict security requirements for allcomputer users User authentication is performed using digital keys Theorganization wants users to authenticate using 128-bit keys Which of thefollowing devices would you recommend to provide the best security for theprivate keys?
28.In which area of the networkshould you place private web servers, domaincontrollers, and database servers?
❍ A Intranet
❍ B Extranet
❍ C VLAN
❍ D DMZ
Trang 16Security+ Exam Practice Questions | 741
Answer A is correct All critical servers that are to be used internally should
be placed in the intranet Servers that should be accessible from outside theorganization should be placed inside the DMZ
29.Your networkhas several critical servers that are accessible from the Internet.The servers have been the targets of attackers in the past You want to keepthe attackers away from your actual network but still want to monitor theiractivities How can you accomplish this?
❍ A Create a honeypot for the attacker
❍ B Block all internal and external access to the servers
❍ C Block all internal access to the servers
❍ D Block all external access to the servers
Answer A is correct In order to monitor the activities of the attackers andstill keep the servers secure from them, you need to create a honeypot Ahoneypot is a server that appears to be a critical server, but it actually is not.This server contains dummy information that seems interesting to theattacker
30.Which of the following describes the function of a VLAN?
❍ A A VLAN is used to create a DMZ to secure critical servers
❍ B A VLAN can be used to create a tunnel through the Internet
❍ C A VLAN is used to create network segments for enhanced security
❍ D A VLAN is used to hide internal addressing schemes from the Internet.Answer C is correct A Virtual Local Area Network(VLAN) creates separatebroadcast domains in an internetwork It is a logical grouping of networkdevices, which is based on functions rather than physical location It addsanother layer of security for the network
31.You have installed an intrusion detection system on one of the productionservers to monitor malicious activities of applications and users only on thatserver What kind of IDS is this?
host-32.You have detected an attackon one of your organization’s web serversrunning Microsoft’s Internet Information Server 6.0 (IIS 6.0) What shouldyou do immediately? Select two answers
❏ A Call Microsoft Help and Support
❏ B Call the police
❏ C Preserve all evidence
❏ D Disable IIS 6.0
❏ E Shut down the server
Trang 17742 | Chapter 12: Security+ Exam Prep and Practice
Answers B and C are correct An attackon the web server of an organization
is considered a criminal activity Depending on the severity of the incident, ifthe situation calls for it, you must call the police and preserve all evidencethat might be helpful in investigations
33.You have just been informed that one of your web servers has stoppedresponding due to an attack When you check the event logs on the server,you don’t find any clues related to the attack Which of the following parts ofserver hardening likely has not been implemented?
34.You have been asked to design mechanisms for creating a secure computingenvironment Each user and computer must be authenticated and all networktraffic must be encrypted The first thing you need to lookat is the strength of
an encryption algorithm Which of the following components directly affectthe strength of an encryption algorithm? Select two answers
❏ A The number of data bits
❏ B The experience of the hacker
❏ C The size of the encryption key
❏ D The security of the private key
❏ E The software available to the hacker
Answers C and D are correct The size of the encryption key and its securityare two main factors that directly affect the strength of the encryption algo-rithm The longer the size of the key, the more time it takes for the hacker tocrack it Similarly, keys must be stored securely to prevent their compromise
35.Which of the following is the main weakness of symmetric encryptionalgorithms?
❍ A The size of the keys
❍ B The distribution of keys
❍ C The vulnerability to attacks
❍ D Processing capabilities
Answer B is correct The main weakness of symmetric encryption algorithms
is distribution of the private key Since the same key is used for both tion and decryption, sending the key to the other party securely is the mainproblem
Trang 18encryp-Security+ Exam Practice Questions | 743
36.Which of the following are properties of a one-way hashing algorithm? Selecttwo answers
❏ A It is not possible to factorize it
❏ B It can produce the same output from any two inputs
❏ C It is not possible to reverse the function
❏ D It is difficult to get the input if output is given
❏ E It can be used with symmetric algorithms
Answers C and D are correct One-way hashing algorithms are not ible It is not possible to determine the input even if the output is given andthe algorithm is known
revers-37.A digital certificate issued to an organization for conducting on-line business
is about to expire What should the organization do in order to continueusing digital certificates?
❍ A Renew the certificate
❍ B Get a new certificate
❍ C Revoke the certificate
❍ D Destroy the certificate
Answer A is correct The organization must renew the certificate in order touse it before it expires The issuing CA should be contacted for the purpose.The organization cannot use an expired certificate to conduct onlinebusiness
38.Which of the following is used to allow users to access resources on differentservers in the domain when they log on to their computers?
❍ A Centralized authentication
❍ B Centralized authorization
❍ C Single sign-on
❍ D Digital certificates
Answer C is correct The term single sign-on refers to the ability of a user to
access resources distributed on several servers in a domain when she logsonto the domain from her desktop She doesn’t need to log on to everyserver, which prevents mistakes made during typing of usernames andpasswords
39.While discussing the disaster recovery plan for the company’s networkservers, your manager has asked you to suggest a backup method that wouldtake the minimum time for the restoration of data Which of the followingbackup types would you suggest?
❍ A Full backup everyday
❍ B Full backup and incremental backup
❍ C Full backup and differential backup
❍ D Incremental and differential backup
Trang 19744 | Chapter 12: Security+ Exam Prep and Practice
Answer A is correct The full backup takes longer to complete but is thefastest when data needs to be restored in case of a disaster When you aretaking full backup everyday, if a disaster strikes, you will need only theprevious day’s full backup tape to fully restore the data
40.Your manager has asked you to suggest whether access to secure serverrooms should be controlled using biometric devices He has asked you tospecify the information that would be needed to access the room when thesedevices are installed Which of the following pieces of information could thebiometric devices require?
❍ A Username and password
❍ B Username and PIN number
❍ C Facial characteristics and password
❍ D Fingerprints, voice patterns, and retina scans
Answer D is correct Biometric devices rely on unique human characteristics
to identify a person Fingerprints, voice patterns, and retina scans vary fromperson to person and are used to enforce strong security
Trang 2015-pin SVGA connectors, 22
25-pin parallel connector, 22
32-Bit versus 64-Bit Bus, 27
IX (Internet Exchange), 143peering, 143
plenum cable, 133PSTN (Public Switched TelephoneNetwork), 145
troubleshooting media, 148practice questions, 231–241recommendations, 4study guide for communication andprofessionalism
active listening, 230asking questions, 230customer contact, 230
Trang 21resolution, native resolution,
aspect ratio, and contrast
Internet Packet Exchange/
Sequenced Packet Exchange
twisted pair cables, 218wireless connectivitytroubleshooting, 222wireless networks, 221study guide for operating systemsASR (Automated SystemRecovery) (Windows XP), 212Basic disks, 208
boot options, advancedprocedure, 211boot sequence procedure, 211Control Panel, 207
desktop icons, 206devices and driversinstallation, 210Disk Management utilities, 212Dynamic disks, 208
file attributes, 209file permissions, 209Linux, 206
MAC OS, 205network installation, 210operational problems, 212
OS installation methods, 209performance optimization, 210post-installation tasks, 210Recovery Console, 211Start menu, 206System Control Panel, 207system management utilities, 213System Restore (WindowsXP), 212
Taskbar, 206troubleshooting procedures, 212Virtual memory, 207
Windows 3.x, 204Windows 95/98/Me/NT/
2000, 205Windows desktop, 206
Trang 22study guide for printers and scanners
dot matrix printers, 214, 217
impact printers, 214
inkjet printing process, 213
laser printers,troubleshooting, 216laser printing process, 213printer interfaces, 214printer software, 215printer supplies, 215scanner components, 215scanner interfaces, 216scanner models, 215scanners problems, 217scanning process, 215solid ink printers, 214thermal printers, 214study guide for safety andenvironmental issuesdisposal procedures, 229equipment handling, 229ESD precautions, 229MSDS (Material Safety DataSheet), 228
safety hazards, 228safety hazards identification, 228safety incidents procedures, 229study guide for security
authentication technologies andprotocols
backups, 226biometrics, 222CHAP (Challenge HandshakeAuthentication Protocol), 223data access security, 225data migration, 226data remnant removal, 226digital certificates, 223encryption, 226filesystem security, 225incident reporting, 227Kerberos, 224key fobs, 223multifactors, 223password management, 226physical security, 227preventive maintenanceprocedures, 227security tokens, 223smart cards, 223social engineering, 227software firewalls, 225spam, 224
spyware, adware, andgrayware, 224Trojan horses, 224
Trang 23748 | Index
A+ Essentials Exam (continued)
username and password, 222
memory upgrade exercise, 388
power problems exercise, 388
power supply exercise, 387
proxy settings configuration, 399
resource access permission
Check Disk exercise, 390command-line utilities, 388Device Manager exercise, 390Disk Defragmenter exercise, 390Event LOG exercise, 391formatting a partition or volumeexercise, 389
hard disk drives, 389Missing Boot Disk and MissingNTLDR errors exercise, 393partitions creation exercise, 389preventive maintenanceexercise, 393Recovery Console exercise, 393REGEDIT and REGEDT32exercise, 391
Remote Desktop exercise, 392System Restore exercise, 392system startup optimizationexercise, 392
Task Manager exercise, 391virtual memory exercise, 392Windows backup exercise, 390study guide for personal computercomponents
adapter cards installationexercise, 386basic diagnostic proceduresexercise, 386
computer components, adding,removing, or upgradingexercise, 383
CPU installation exercise, 385hard disk drive installationexercise, 383
motherboard installationexercise, 384motherboard selectionexercise, 384power supply installationexercise, 384RAM upgrade exercise, 385storage device selectionexercise, 383
Trang 24Index | 749
study guide for printers and scanners
dot matrix printers, 395
impact printers, 395
inkjet printing process, 395
laser printing process, 394
local printer installation, 396
network printer installation, 397
preventive maintenance, 398
printer compatibility, 396
printer driver updates, 397
printer memory upgrades, 397
devices installation and removalexercise, 387
improving battery performanceexercise, 387
LCD components exercise, 387memory upgrade exercise, 388power problems exercise, 388power supply exercise, 387troubleshooting, 388study guide for networksadapter configurationproblems, 400electrical interference, 400IPX/SPX configurationproblems, 400NetWare network, 399network adapters, 398NTFS permissions, 399preventive maintenance, 401proxy settings configuration, 399resource access permissionproblems, 400script settings configuration, 399TCP/IP configuration
problems, 400troubleshooting tools, 399troubleshooting utilities, 399Windows domain, 398Windows workgroup, 398study guide for operating systemsAdvanced Boot Optionsexercise, 393application failures exercise, 393ASR (Automated SystemRecovery) exercise, 393changing file or folder attributesexercise, 389
Check Disk exercise, 390command-line utilities, 388Device Manager exercise, 390Disk Defragmenter exercise, 390Event LOG exercise, 391formatting a partition or volumeexercise, 389
hard disk drives, 389Missing Boot Disk and MissingNTLDR errors exercise, 393
Trang 25Recovery Console exercise, 393
REGEDIT and REGEDT32
exercise, 391
Remote Desktop exercise, 392
System Restore exercise, 392
system startup optimization
exercise, 392
Task Manager exercise, 391
virtual memory exercise, 392
Windows backup exercise, 390
study guide for personal computer
CPU installation exercise, 385
hard disk drive installation
RAM upgrade exercise, 385
storage device selection
exercise, 383
study guide for printers and scanners
dot matrix printers, 395
impact printers, 395
inkjet printing process, 395
laser printing process, 394
local printer installation, 396
network printer installation, 397
preventive maintenance, 398
printer compatibility, 396
printer driver updates, 397
printer memory upgrades, 397
thermal printers, 395user education, 397study guide for securityaccess control, 401access control using groups, 402access levels, 402
auditing, 402authentication technology, 403data access security, 403event logging, 402firewall issues, 403firewalls, 403permissions, 402preventive maintenance, 404restricted spaces, 402security issues, 404social engineering, 404user accounts, 401A+ Exam 220-604personal computer componentspractice questions, 404–414study guide for laptop and portabledevices
Active Matrix LCD display, 387communication technologyexercise, 386
devices installation and removalexercise, 387
improving battery performanceexercise, 387
LCD component exercise, 387memory upgrade exercise, 388power supplies exercise, 387TFT (Thin Film Transistor), 387troubleshooting, 388
study guide for networksadapter configurationproblems, 400electrical interference, 400IPX/SPX configurationproblems, 400NetWare network, 399network adapters, 398NTFS permissions, 399preventive maintenance, 401proxy settings configuration, 399resource access permissionproblems, 400
Trang 26study guide for operating systems
Advanced Boot Options
exercise, 393
application failures exercise, 393
ASR (Automated System
Device Manager exercise, 390
Disk Defragmenter exercise, 390
Event LOG exercise, 391
formatting a partition or volume
exercise, 389
hard disk drives, 389
Missing Boot Disk and Missing
Recovery Console exercise, 393
REGEDIT and REGEDT32
exercise, 391
Remote Desktop exercise, 392
System Restore exercise, 392
system startup optimization
exercise, 392
Task Manager exercise, 391
virtual memory exercise, 392
Windows backup exercise, 390
study guide for personal computer
CPU installation exercise, 385
hard disk drive installation
exercise, 383
motherboard installation
exercise, 384
motherboard selectionexercise, 384power supply installationexercise, 384RAM upgrade exercise, 385storage device selectionexercise, 383study guide for printers and scannersdot matrix printers, 395
impact printers, 395inkjet printing process, 395laser printing process, 394local printer installation, 396network printer installation, 397preventive maintenance, 398printer compatibility, 396printer driver updates, 397printer memory upgrades, 397printer performance, 397printing problem resolution, 398printing process, 394
scanner driver updates, 397scanner models, 396scanner performance, 397scanning process, 396solid ink printing process, 395terminology, 394
thermal printers, 395user education, 397study guide for securityaccess control, 401access control using groups, 402access levels, 402
auditing, 402authentication technology, 403data access security, 403event logging, 402firewall issues, 403firewalls, 403permissions, 402preventive maintenance, 404restricted spaces, 402security issues, 404social engineering, 404user accounts, 401access control exercise, 704Access is Denied message, 369access permission exercise, 382account policies, 371
ACPI (Advanced Configuration and
Power Interface), 58
Trang 27Add Device icon, 321
Add Hardware utility, 317
Add Printer Driver Wizard, 317
Add Printer Wizard, 315
adding/removing laptop-specific
components exercise, 377
Additional Driver button, 317
add-on cards (adapters), 50
Ad-hoc topology, 131
administrator password, 100
ADSL (Asymmetrical DSL), 144, 335
Advanced Boot Options, 98, 100
Advanced Boot Options exercise, 188,
AMD Turion 64 X2 Mobile, 52
AMD’s Mobile Athlon processor, 52
AMR (Audio/Modem Riser), 23
Analyze button, 96
antenna wires, 275
antistatic bag, 256
antistatic straps and pads, 264
antistatic table mats, 264
ASR preparation exercise, 188asymmetric algorithm, 160
AT motherboard power connectors, 25ATA (Advanced Technology
Attachment), 23ATM, 143
attrib command, 278attrib.exe, 107ATX (Advanced Technology
Extended), 19ATX power connectors, 25ATX System Connector, 25audible codes exercise, 376audit policies, 371auditing, 362auditing and logging exercise, 382authentication exercise, 704authentication methods exercise, 190authentication token (security token,
hardware token), 151Automated System Recovery
Wizard, 101, 287Automatic IP Addressing, 330automatic updates configuration
exercise, 189, 381Automatic Updates page, 109Auto-Restart errors, 299A/V jacks, 38
.AVI (audio video files), 79
B
Backup Media Type, 101backup operator groups, 360Backup Utility window, 100bandwidth, 140
bandwidth bottlenecks, 140barcode reader (barcode scanner), 35Base Priority, 290
Basic disks, 283converting to Dynamic disk, 77Extended Partition, 76Primary Partition, 76Basic Input/Output System (see BIOS)basics of cryptography, 590
battery conditioning, 270battery performance, 270biometric devices, 35, 162
Trang 28Index | 753
BIOS (Basic Input/Output System), 21,
162
BIOS firmware exercise, 183
Blue Screen error, 300
Blue Screen of Death, 103
Bluetooth wireless communication
chkdsk.exe (Check Disk), 106, 267
Cisco’s IOS (Internetwork Operating
System), 31
classful IP addresses, 138
Click on the New Driver tab, 321
Client for Microsoft Networks, 86clock frequency, 27
cmd command, 100, 276CNR (Communications and Networking
Riser), 23cold sites, 357cold spare components, 358cold swapping, 358color management pages, 319command-line functions, 276communication and professionalism
study areas, 15, 250communication security, 588communication skillsactive listening, 174argument avoidance, 177asking questions, 175attitude toward clients, 176body language, 174client confidentiality, 173customer privacy, 173ethical standards of customersupport, 176
facial expressions, 174fax machine usage, 179interruptions, 178monitor handling, 179nonjudgmental listening, 176nontechnical vocabulary, 175organization security policies, 179paraphrasing, 174
printer usage, 179privacy issues, 173problem understanding, 177property use, 178
respect the client, 177telephone usage, 179complementary metal-oxide
semiconductor (CMOS)chip, 21
Completing The Automated System
Recovery Preparation Wizardpage, 101
CompTIA, 181A+ certification, 182Computer Management Console, 106Computer Name and Administrator
Password screen, 86computer name change exercise, 187computer startup with minimum
configuration exercise, 377
Trang 29cps (characters per second), 116
CPU (central processing unit), 21, 25
CPU cooling
fans, 39
liquid cooling system, 39
phase change cooling, 39
thermal compound, 39
CPU socket (see Zero Insertion Force
lever), 258
Create file permission, 343
CRT (cathode ray tube), 33
CSNW (Client Service for
NetWare), 354
D
D channel (delta channel), 336
DAC (Discretionary Access
data transfer speeds, 144
Date and Time screen, 86
DDR SDRAM (double data rate
synchronous dynamic random
access memory), 28
DDR2 SDRAM (double data rate 2
synchronous random access
memory), 28
default gateway, 329, 352
defrag.exe, 105
Defragment button, 96
Demilitarized Zones exercise, 706
Destination Host Unreachable, 347
device driver failure, 300
device drivers, 65Device Manager exercise, 380Device Manager utility, 42, 94, 106, 288Device or Service Failure, 105
device settings page, 319device states, 59DHCP (Dynamic Host Configuration
Protocol), 140, 352DHCP scope, 352
dial-up modem, 143Digital Subscriber Lines, 143digitizers, 275
DIMM (dual inline memory
module), 21, 29DIP (Dual inline package), 25dir command, 277
direct thermal printers, 312directory structure, 285disaster recover plan exercise, 707Disk Cleanup utility, 49
Disk conversion from FAT to NTFS
exercise, 379Disk Defragmenter utility, 286disk maintenance tools exercise, 379disk partition creation exercise, 187disk partitioning and formatting
exercise, 378DISKPART> prompt, 285DiskPart utility, 285diskpart.exe command, 106, 285disks, 30
display devicescolor depth, 32CRT (cathode ray tube), 32installation, 41
integrated video controller, 32laptops, 53
LCD (liquid crystal display), 32monitors, 33
resolution, 32upgrading, 41VDU (video display unit adapter), 32/displaydns, 346
distribution server, 86DNS address, 329DNS (Domain Name System), 332domains, 66
dot matrix (impact printers), printing
process, 312dot pitch, 33
dotted decimal notation, 138
Trang 30Index | 755
DPI (dots per inch), 308
Dr Watson utility (drwtsn32.exe), 104
DRAM (dynamic random access
memory), 28
DRDRAM (Direct Rambus dynamic
random access memory), 29
dual inline memory module (see DIMM)
duplex communication system, 131
DVD (digital versatile disc), 31
email security exercise, 705
EMF (enhanced metafile), 307
ERD (Emergency Repair Disk), 101, 298
Error Reporting utility, 302
ESD (Electrostatic discharge), 169
Ethernet, 57, 269
Ethernet hub (concentrator), 135
even parity bit, 27
network media exercise, 542network topologies exercise, 542networking protocols exercise, 543online practice tests tips, 540Previous/Next button, 541TCP/IP Services exercise, 543tips, 182
wireless network exercise, 542exam preparation tips, 374, 703Exam SYO-101, 585
.EXE (executable files), 79exhaust fans, 275ExpressBus, 56Extended partition, 284
F
fanschipset fan, 38CPU cooling fan, 38front intake fan, 38power supply fan, 38rear exhaust fan, 38video card cooling fan, 39FAT conversion, 368FAT32 conversion, 368FDMA (Frequency Division Multiple
Access), 338FHSS (frequency-hopping spread
spectrum), 337File and Print Sharing for Microsoft
Networks, 86file attributes exercise, 187file permissions configuration
exercise, 188file/folder attributes exercise, 378
Trang 31.DOC (document files), 79
dynamic link library files, 79
List Folder Contents, 81
.LOG (Log files), 79
managment of, 78
Modify permission, 81
.MP3 (audio video files), 79
.MPG (audio video files), 79
Read and Execute permission, 81
Read permission, 81
Read-only attribute, 80
share permissions, 81
Sharing and Security option, 81
.SYS (system files), 79
Application Layer firewalls, 155
Application Layer gateways, 155
Deny by Default, 155NTFS permissions, 155packet filtering, 155problems, 369rules, 369Share permissions, 155stateful inspection, 155firmware, 124, 321flatbed scanners, 313floppy disk (diskette), 30floppy disk drive head cleaner, 50floppy drive, 54
floppy drive power connectors, 24Fluhrer, 620
/flushdns, 346Folder permissions, 360Form Factors, 18format command, 281format.exe, 106fox and hound method, 349fragmentation, 286
FTP, 640FTP (File Transfer Protocol), 332Full Control permission, 361functions keys, 274
fuser assembly, 308
G
G0 (global state)G2 (soft off mode), 59G3 (mechanical off mode), 59S1 (power-hungry sleep mode), 59S2 (power saver sleep mode), 59S3 (standby mode), 59
S4 (hibernate mode), 59
GB (gigabytes), 30GDI (Graphics Device Interface), 307general page, 318
general security concepts, 587GHz (Gigahertz), 27
Gigabit Ethernet, 142, 143
GO (global states)GPF (general protection fault), 104graphic tablet, 275
grayware, 154GSNW (Gateway Service for
NetWare), 354GUI phase (mode), 85, 86
Trang 32Have Disk button, 317
HCL (Hardware Compatibility List), 83
Protocol), 331, 348IDSL (ISDN DSL), 144, 335IEEE 1394 (firewire connector), 22, 134IEEE 802.1x, 364
illegal operations, 104IMAP4 (Internet Message Access
Protocol 4), 331Inaccessible Boot Device, 105infrared technology, 146, 337infrastructure security, 589inkjet paper feed, 311inkjet printers, 310inkjet printers exercise, 189inkjet printhead
cleaning, 310parking, 311stepper motor, 311inkjet printing next line, 311inkjet printing process, 310input devices, 34
input devices exercise, 184input/multimedia device installation, 42input/multimedia device
replacement, 42insufficient permissions, 369Intel Centrino Duo, 52internal components inspection
exercise, 376Internet Telephony, 146Invalid Boot Drive, 301I/O ports and expansion bus slots
exercise, 184
IP addresses, 138, 329, 352
IP addressing, 86
IP Telephony, 146ipconfig /all, 346ipconfig command, 283ipconfig /flushdns, 347IPX addresses, 139IPX/SPX configuration, 353IPX/SPX (Internet Packet Exchange/
Sequenced PacketExchange), 137, 330ISA (Industry Standard
Architecture), 23ISDN adapter (terminal adapter), 143,
336ISP (Internet Service Provider), 334
IX (Internet Exchange), 334
Trang 33laptop display exercise, 186
laptop motherboard, processor, and
CCFL (Cold Cathode FluorescentLight), 271
CCFT (Cold Cathode FluorescentTube), 271
dendrites, 270Ethernet, 269external devices, 271hot-swappable devices, 272infrared technology, 268internal devices, 271inverter, 271LCD backlight, 271LCD components, 270LCD (liquid crystal display), 270LCD screen, 271
lithium ion battries, 269mAH (milliAmp-Hour), 270memory effect, 270
memory upgrades, 272NiCad (nickel cadmiumbatteries), 270NIMH (nickel-metal hydridebatteries), 269non-hot-swappable devices, 272TFT (Thin Film Transistor), 270video card, 271
video controller card, 271WAN (cellular wide areanetwork), 268laptops and portable devices study
areas, 247laptops study areas, 8laser beam, 111laser printercleaning, 309components, 308conditioning, 309developing, 309fusing, 309transferring, 309writing unit, 309laser printingprocess, 309process exercise, 189
Trang 34Level 1 Cache (L1 Cache), 26
Level 2 Cache (L2 Cache), 26
local print provider, 307
local security policies, 370
local security policy exercise, 383
Log Filtering, 293
logic assembly (see electronic control
package (logic assembly))
MAC (Mandatory Access Control), 358
MAC (Media Access Control), 135
Manage Documents permission, 361
Manage Printers permission, 361
Master Boot Record (MBR), 97
MAU (Media Access Unit), 131
cleaning, 46laptops, 55mechanical mouse, 34optical mouse, 34opto-mechanical mouse, 34touch screen, 55
touchpad, 55touchpoint, 55trackball, 55wireless mouse (cordless mouse), 34Micro ATX, 19
Micro DIMM, 29Microcode (microprogram), 26Micro-Flip Chip Ball Grid Array (Micro-
FCBGA) socket, 51microprocessor, 25
Microsoft Windowsdesktops, 69interfaces, 69performance optimization, 94system files, 75
virtual memory, 94Windows 1, 65Windows 2, 66Windows 2000 Professional, 66Windows 3.1, 66
Windows 3.11, 66Windows 3.x, 66Windows 95, 66Windows 98, 66Windows for Workgroups, 66Windows Indexing Service, 80Windows ME (MillenniumEdition), 66Windows NT (New Technology), 66Windows NT Server, 66
Windows NT Workstation, 66Windows Professional X64, 67Windows Server 2000 operatingsystems, 66
Trang 35milliAmp-Hour (mAH) rating, 52
Mini PCI bus, 55
minifloppy disk, 30
Missing Boot Disk, 301
Missing Registry entry, 105, 302
display devices (monitors), 32
expansion bus slots, 22
external cache memory, 21
external disk drives, 31
floppy and hard disk drive
Jack), 134multicore processor, 26multimedia devices, 35multiple-boot system, 84multiple-choice, multiple answer, 182,
374, 703multiple-choice, single answer, 182,
374, 703mydomain.com, 340
N
NetBEUI (NetBIOS Extended User
Interface), 138, 139, 330NetBIOS (Network Basic Input/Output
System), 330NetWare file permissions, 343Network, 419, 541
network adapters, 339network bridge, 135network browsers configuration, 343network cables and connectors
exercise, 190Network+ certification, 417network configuration, 84network connectivity, 338network connectivity exercise, 381Network+ Exam
Ad-hoc wireless network, 431
AP (Access Point), 431backbone, 429basic service set, 431bus topology, 429advantages, 429disadvantages, 429cables
10 Gigabit Ethernet, 442
100 Mbps Ethernet, 441
1000 Mbps (1 Gigabit)Ethernet, 4421000BaseT, 4421000BaseX, 442
Trang 36single mode fiber optic cable, 439
SR (Short Range optical
technology), 442
STP (shielded twisted pair), 438
Thicknet (thick coaxial
cable), 437
Thinnet (thin coaxial cable), 437
twisted pair cables, 437
UTP (unshielded twisted
disaster recovery exercise, 545
fault tolerance exercise, 544
troubleshooting utilitiesexercise, 545using the arp commandexercise, 545using the netstat commandexercise, 546
WAN technologies exercise, 543hubs (switches), 428
infrastructure configuration, 432infrastructure wireless networks, 432Internet access technology
ADSL (Asymmetrical DSL), 479Application Server Mode, 483APs (wireless Access Points), 481Broadband (Broadband InternetAccess), 479
carrier protocols, 482DSL (ISDN DSL), 479DSL (Subscriber Line), 478encapsulating protocols(tunneling protocols), 482HDSL (High Data Rate DSL), 479hotspots, 481
intranet, 483latency problems, 480Microsoft, 483, 488Microsoft Terminal Services, 483PPP (Point-to-Point
Protocol), 481PPPoE (PPP over Ethernet), 482propagation delays, 480PSTN (Public Switched TelephoneNetwork), 480
PVDN (Private Virtual Dial-upNetwork), 483
RADSL (Rate Adaptive DSL), 479RAS (Remote Access
Service), 481RDP (Remote DesktopProtocol), 483
Trang 37Remote Desktop feature, 483
RRAS (Routing and Remote
wireless Internet access, 480
WISP (wireless Internet service
provider), 480
xDSL, 478
LAN (local area network), 425
MAN (metropolitan area
AP (Access Point), 452
AR (All-Route frame), 449bridge, 449
bridging loops, 450convergence, 451CSU (Channel Service Unit), 451Cut Through switch, 448distance vector routingprotocol, 450DSU (Data Service Unit), 451dynamic routing, 450Ethernet hub (concentrator), 447FHSS (frequency-hopping spreadspectrum), 455
firewalls, 454Fragment Free switch, 449gateways, 451
hardware-based firewalls, 454hop, 451
hop count, 451ISDN adapter (terminaladapter), 452ISDN (Integrated Services DigitalNetwork), 452
learning bridges, 449link state routing protocols, 451LSA (Link State
Advertisements), 451MAU (Media Access Unit), 449media converters, 454
modems, 453Modulator/Demodulator, 453MSAU (Multi-Station AccessUnit), 449
network adapter, 452Network layer (Layer 3), 450NIC (Network InterfaceCard), 452
NLSP (NetWare Link StateProtocol), 451
OPSPF (Open Shortest PathFirst), 451
passive hub, 448poison reverse, 451protocol translators, 451routers, 450