CST3607 Final Exam

Fall 2020 Final Exam is Thursday, May 20 at 8pm

(Note: This outline of the final exam may change, so check regularly for updates.)

The final exam includes, but is not limited, to the following:

Chapter 13: Security

Network Security Threats

  • What are four primary threats to network security you must be familiar with?
  • Define the type of attacker.

Three Primary Network Attacks

  • What are the three (3) categories network attacks fall into?

Security Program Elements

  • What are the three key elements a security program must cover?

Layer 2 Security Features

  • What are some of the Access Layer functions?
  • What are the eight Layer 2 Security methods?

Authentication Methods

  • What are the five (5) Authentication Methods?

External Authentication Options

  • What are the two (2) most popular options for external AAA?

Managing User Accounts

Security Password Policy Elements

  • Password Management
  • Single Sign-On
    • LDAP (Lightweight Directory Access Protocol)
    • DAP (Directory Access Protocol)
    • X.500
  • Certificates
  • Break-Glass Admin account

User-Authentication Methods

Setting Passwords

Chapter 17: Internet Protocol Version 6 (IPv6)

  • Advantages IPv6 has over IPv4
  • Transition from IPv4 to IPv6 (What are the 3 strategies?)
  • What are the three categories / transmission types of IPv6 addresses and how do they work?
  • What are the types of IPv6 addresses?
    • Which types of IPv6 addresses can’t be routed at all, not even within your organization/LAN?
  • Define and use IPv6 Zero Omission Rule 1 and Rule 2
  • StateLess Automatic Address Configuration (SLAAC)
  • What is the Cisco IOS command to enable IPv6 on a Cisco router?
  • OSPFv3
    • What is the command to configure OSPFv3 on a router?
      • In global configuration mode?
      • In interface configuration mode?

Chapter 18: Troubleshooting IP, IPv6, and VLANs

Cisco IOS Diagnostic Commands

  • show ip interface brief
    • What would the “status” and “protocol” columns display if an interface was not enabled?
    • What would the “status” and “protocol” columns display when an interface is “shutdown?”
    • What would the “status” and “protocol” columns display if an Ethernet interface is enabled, and configured, but the other end of the connection was shutdown?
    • What would the “status” and “protocol” columns display if a Serial interface is enabled, and configured, but the other end of the connection was shutdown?
    • What would the “status” and “protocol” columns display if an interface is enabled, and configured, but the interface was not connected to another device?
    • What would the “status” and “protocol” columns display for a Serial DCE interface, where the clock rate was not set or was zero?

This will not be on the Final Exam: Chapter 9: Enhanced Switched Technologies

  • Spanning Tree Protocol (STP)
    • What is the main purpose of the Spanning Tree Protocol in a switched LAN?
    • Loop avoidance
    • Preventing broadcast storms
    • Convergence (on switches)
    • Name the four Spanning-Tree port states
      • Disabled is not one of the four states. Disabled (technically, is not a transition state). A port in the administratively disabled state doesn’t participate in frame forwarding or STP. A port in the disabled state is virtually nonoperational.
    • Bridge Protocol Data Units (BPDU)
    • Root bridge
    • Non-root bridges
    • Bridge ID
    • Port cost
    • Path cost
    • Switch Port Roles
  • How do you determine the “root bridge” of each VLAN?
  • What command shows the status of your STP network and root bridges?
  • (RSTP) Rapid Spanning Tree Protocol
  • IEEE 802.1w
  • Understand what PortFast and BPDU Guard provide
  • Understand what EtherChannel is and how to configure it
  • Know the the port specific roles that STP assigns to each port on switch/bridge, and how each functions.
    • Designated
    • Root
    • Alternate
    • Blocked port
  • Switch Port Security
    • Switch Port Violation Modes
      • Protect
      • Restrict
      • Shutdown
    • Which switch port violation modes will alert you via SNMP that a violation has occurred on a port?