N10-009 Network Operations Study Guide for the CompTIA Network+

Page 2

Disaster Recovery

Disaster recovery (DR) (or a disaster recovery plan [DRP]) addresses how an organization will respond if a major event or emergency occurs. The DRPs of an organization often vary based on what type of disaster has occurred. You should be able to explain common concepts related to DR.

DR Metrics

DR metrics are quantifiable metrics that can be used to evaluate or guide a DRP, including target recovery points and acceptable losses.

Recovery Point Objective (RPO)

An RPO measures the amount of data lost after a disrupting event, measured in the time from the event to recovery. An RPO is used to identify the amount of data loss that is acceptable to an organization.

Recovery Time Objective (RTO)

An RTO is a metric used to identify the minimum time period after a disrupting event for restoration of function to avoid significant consequences. An RTO establishes a time period for acceptable downtime in a system.

Mean Time to Repair (MTTR)

The MTTR is a metric that provides the average time a vendor takes to repair a device or networking component. It is evaluated starting at the time of the first discovery of the problem and ending with the equipment’s return to operations. An MTTR is used in SLAs as a baseline for vendor compliance.

Mean Time Between Failures (MTBF)

The MTBF metric establishes the average time that elapses between failures for a device or component. MTBF is used to identify and prepare for potential risks to network functionality.

DR Sites

A DR Site is an alternative physical location that can be migrated to in case of a major or catastrophic disaster. DR sites can be either cold, hot, or warm.

Cold Site

A cold site is a facility that is designated as a recovery site for an enterprise. Cold sites are only outfitted with the minimal requirements for functionality, such as electrical supply and communication connections. There are no existing networking devices pre-installed in the facility, meaning all components required for network functionality must be established.

Warm Site

A warm site is a recovery facility site that contains components of a cold site, as well as a fully equipped networking environment with servers, end-user stations, and networking equipment. A warm site requires minimal intervention to become fully functional, such as installing backed-up data from the primary site to the warm site.

Hot Site

A hot site is a fully functional copy of the primary site. A hot site is ready to take over functionality very quickly and is fully synced with the primary site. A hot site, while providing the quickest recovery time, is also the most expensive to maintain.

High Availability Approaches

Risk management is the process of addressing potential risks to an organization through techniques, such as mitigation using redundancy and high availability systems. You should be familiar with these techniques pertaining to facility support and disaster recovery.

Active-Active

An active-active approach to high availability and fault tolerance, which is the ability of a network to remain operational in case of device failure, is one in which all devices, both primary and redundant, are actively performing. An active-active approach provides fault tolerance and high availability by providing multiple devices that can be used to perform functions instead of a specific device or set of devices.

Active-Passive

An active-passive approach to high availability and fault tolerance is one in which a primary device or set of devices is active with a backup or reserved device or set of devices ready and waiting to start when needed. The passive device is allocated only to provide redundancy for the active device.

Testing

There are a number of testing methods and tools commonly used to evaluate the effectiveness of a DRP. You should be familiar with the ones discussed in this section.

Tabletop Exercises

A tabletop exercise is a testing method that involves discussing a DRP step-by-step with involved parties to identify the effectiveness of the proposed plan as well as potential problems or gaps that may arise. Tabletop exercises are also useful in defining the roles and responsibilities of involved entities and providing training for participants.

Validation Tests

A validation test is the process of reviewing the data received from DRP testing to evaluate the effectiveness of the plan, the applicability of the plan, and possible lapses or failures in the plan prior to DRP implementation.

IPv4 and IPv6 Network Services

A network uses numerous services to communicate through IPv4 and IPv6 connections. Given a scenario, you will need to be able to explain the purpose of each of these services, as well as their use within a network.

Dynamic Addressing

Dynamic addressing is the automatic allocation of IP addresses based on the pre-configured scope of the DHCP server. With a dynamically assigned IP address, the IP address assigned to a host can change each time it queries the DHCP server.

Dynamic Host Configuration Protocol (DHCP)

The DHCP is a network service that assigns IP addresses automatically to network-connected hosts. When a new client requests an IP address from a DHCP server, a broadcast signal is sent to the DHCP server, which then assigns a valid IP address to the client based on a pool that is pre-configured by a network administrator.

Reservations

A reservation is an IP address that is set aside for a particular network device’s solitary use, ensuring the device receives the same IP address every time it queries the DHCP server. Reservations are typically based on the device’s media access control (MAC) address, which is why reservations are also called MAC reservations.

Scope

The scope of a DHCP server refers to the consecutive range of IP addresses that a DHCP server can assign to a client. The network administrator can define scope parameters in the DHCP server.

Lease Time

The lease time refers to how long an IP will be assigned to a client before the IP is released. If the client does not renew the lease before its expiration, it must request a new IP address from the DHCP server.

Options

Scope options for a DHCP server include the IP address, subnet mask, and default gateway. They may also include information such as the time-to-live (TTL) duration, the DNS server, and the Trivial File Transfer Protocol (TFTP) server, which the client will be assigned to use. Scope options can be defined by the network administrator within the DHCP server’s configurations.

Relay/IP Helper

A DHCP relay is the forwarding of a DHCP request to the DHCP server from devices that are not on the LAN of the DHCP server for IP address allocation. For example, a client device that is not directly in contact with the DHCP server can send out a broadcast signal requesting an IP address from the DHCP server, and the router connected to the client will receive that request and relay the request to the DHCP server.

9 DHCP Relay.svg

Retrieved from: https://commons.wikimedia.org/wiki/File:DHCP_Relay.svg

IP helper is used to configure relaying devices, such as routers, to send DHCP requests to a predefined bank of DHCP servers for IP allocation.

Exclusions

An exclusion or exclusion range is a set of IP addresses that can be assigned as off limits to clients requesting IP addresses, such as IP addresses that are statically assigned or reserved, like router IP addresses.

Stateless Address Autoconfiguration (SLAAC)

SLAAC is an IPv6 function that allows a device to automatically create its own stateless unicast address from its link-local address rather than requiring manual address assignment. SLAAC sends a router solicitation (RS) message to the router, and the router returns a router advertisement (RA) message. SLAAC takes the provided router IPv6 prefix and the indicated prefix length and combines it automatically with its EUI-64 identifier to create a unicast address. The EUI-64 is a 64-bit addressing mode used in IPv6 addresses that uses the hardware network address of a device to create an IPv6 address.

Name Resolution

Name resolution is the process of translating a plaintext web address, such as UnionTestPrep.com, into an IP address.

Domain Name System (DNS)

A DNS server is a network device that translates hostnames into IP addresses through a process called name resolution. While a DNS server can be used internally, it is most often used externally on the internet. A hostname and its associated domain name, which is connected with a specific IP address on the internet, is called a fully qualified domain name (FQDN).

Domain Name Security Extensions (DNSSEC)

The DNSSEC is a suite of protocol extensions that provides increased security to DNS through cryptographic data authentication and data integrity. It uses a digital signature to authenticate DNS data.

DNS over HTTPS (DoH) and DNS over TLS (DoT)

DoH provides DNS security on the internet by encrypting DNS data and DNS queries over a Hypertext Transfer Protocol Secure (HTTPS) connection, disguising the query as typical HTTPS traffic on port 443. DoT also encrypts DNS communications but uses a dedicated Transport Layer Security (TLS) port, typically port 853, for transmission.

Record Types

A DNS record type is a method of organizing DNS listings into different categories depending on the function of the entry. All record types include information on a specific hostname or domain name. DNS records are stored in zone files, which are plaintext files. There are a number of record types you should know:

  • address (A)—An A record shows the hostname or domain name and its associated IP address. An A record is used to show IPv4 addresses. For example, the A record for example.com returns an IP address of 93.184.216.34.

  • AAAA—An AAAA record works like the A record, but for IPv6 addresses.

  • canonical name (CNAME)—A CNAME record points an alternate domain name (also known as an alias) to another domain name and its corresponding A or AAAA record. For example, ng.example.com returns a CNAME record of example.com, which can be used to retrieve its A record.

  • text (TXT)—A TXT record is used by the domain name owner to store text values that can be used to verify domain ownership.

  • nameserver (NS)—An NS record stores the location of the definitive DNS server for a domain name. In other words, the NS record is used to point a query to the correct DNS server, which can provide the A record for a domain.

  • pointer (PTR)—A PTR record is used for reverse lookup. A PTR record stores the IP address with the domain name instead of storing a domain name with the IP address like an A record.

Zone Types

A DNS zone type is a distinct, separately managed section of the DNS namespace that has a specific functionality. There are four zone types: primary, secondary, reverse lookup, and stub. The zone type specifies how DNS records are stored and managed within the DNS hierarchy.

The global hierarchy is the scheme by which domain name parts are categorized from most important to least. The DNS hierarchy is as follows: root level, top-level domains, second-level domains, subdomains, and host.

The root level is indicated by the dot (.) and points to one of the 13 root DNS name servers. The top-level domains are organized either by organizational hierarchy (e.g., com, net, org) or geographic hierarchy (e.g., uk, fr, jp) and are the first place looked at to resolve a DNS query. The second-level domain is the primary domain name, such as Google or Amazon. In the subdomain are the aliases by which a domain can be known. Finally, there is the host or individual clients of a domain.

10 DNS Global Hierarchy.jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:Sjsu-edu-domain.jpg

A DNS server can be queried by using either the domain name or an IP address:

  • forward—A forward lookup occurs when a domain name is resolved into an IP address.

  • reverse—A reverse lookup (or reverse DNS) occurs when an IP address is resolved into a domain name.

Authoritative vs. Non-Authoritative

An authoritative name server is responsible for containing the records of domain names and their associated IP addresses. The authoritative name server is also responsible for responding to recursive DNS server requests. Once the request is received, the authoritative name server looks up the appropriate IP address and sends the response back to the recursive name server to relay to the client.

A non-authoritative name server is one that can provide DNS resolution by communicating with an authoritative name server. A non-authoritative name server does not own the domain, and any changes to the domain would have to be made to the authoritative name server first and then passed down to the non-authoritative server.

Primary vs. Secondary

The primary DNS server stores the original DNS record with the original read/write zone file version. The secondary DNS server is the backup to the primary and only holds read-only copies for redundancy.

Recursive

A recursive lookup (or recursive DNS query) occurs when the receiving DNS server for a query communicates with multiple DNS servers to locate the corresponding IP address of a queried domain name.

11 Recursive Survey.jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:Recursive.jpg

Hosts File

A host file functions like a DNS server but with static entries for hosts and servers. The host file is a text file that contains mapping between domain names and IP addresses.

Time Protocols

A time protocol is a method for time synchronization that allows devices on a network to sync clocks for consistency. While NTP is the most commonly used time protocol, you should also be familiar with PTP and NTS.

Network Time Protocol (NTP)

The NTP is a synchronization protocol that synchronizes all devices on a network to a specific time. NTP ensures network synchronicity and is used for security and log tracking.

Precision Time Protocol (PTP)

The PTP allows for sub-microsecond synchronization precision, exceeding the capabilities of NTP, by using hardware timestamps to measure the delay between devices. PTP is commonly used for systems that require extremely high accuracy, such as financial trading systems, industrial control systems, and cellular tower communications.

Network Time Security (NTS)

NTS secures NTP synchronization from unauthorized servers by applying cryptographic security to NTP in client-server mode.

Network Access and Management

Creating secure connections between a network and clients requesting access is vital to maintaining network security. You should be able to compare and contrast different access and management methods and their associated security implications.

Site-to-Site VPN

A site-to-site VPN, also referred to as an intranet VPN, creates a private connection between remote sites and the primary trunk of a network over a public connection such as the internet. Communications by remote sites to the trunk are sent through the VPN tunnel and automatically encrypted.

Client-to-Site VPN

A client-to-site VPN, also referred to as a remote access VPN, allows for a secure connection between a client device and the home network over a public connection using a remote access client installed on the client device. While a client-to-site VPN does use the internet for connection, the only communications that are routed through the VPN tunnel are those between the home network and the remote client.

Clientless

A clientless VPN is a remote access method that uses an SSL/TLS-enabled web browser for home network access, eliminating the need for a remote access client to be installed on the client device for VPN connection.

Split Tunnel vs. Full Tunnel

A client-to-site VPN can be configured in two ways: split tunnel or full tunnel. In a split tunnel configuration, the client device evaluates transmissions and decides, using the VPN tunneling rules of the split tunnel, if the transmission should be routed through the VPN tunnel or directly connected. A full tunnel configuration sends all traffic, including internet traffic, through the home network VPN tunnel.

With a split tunnel configuration, since only some of the transmissions are routed through the VPN tunnel, the transmissions not sent through the tunnel are exposed to any potential threats on the internet, leaving the client device open to attack. A full tunnel is more secure for the client device since all transmissions are sent through the VPN tunnel. However, this also means that all internet activity will be subject to the security protocols and monitoring of the home network, which can significantly reduce performance.

Connection Methods

A connection method refers to how an external device accesses hosts, servers, and other network resources.

Secure Shell (SSH)

The SSH protocol provides confidentiality and data integrity by connecting devices via a secure channel, encrypting and transmitting data with public-key cryptography. SSH is used to secure remote connections using the Telnet protocol. Telnet is a highly insecure remote connection method that sends all data in plaintext.

Graphical User Interface (GUI)

A GUI is an interactive interface that allows the end user to control an application or system through user-friendly buttons or menus. For example, a remote desktop service is software or a feature of an OS that provides connectivity to a machine remotely through a GUI. It provides full access to the desktop as if it was physically accessed from a remote location.

Application Programming Interface (API)

An API is a tool that allows communication between separate applications through a defined set of rules and protocols. An API allows disparate systems to communicate with one another without requiring internal mapping of each system or application. For example, an application could use an API to communicate with a GPS mapping application instead of building GPS mapping directly into the application.

Console

A console connection is a physical connection method that is used to connect computing devices, such as a PC or laptop, to a network router or switch console serial communication port via a rolled or rollover cable, which is a cable where the pinouts on each side are exactly opposite one another. Console cables come in multiple end connector configurations, including RJ45 to DB9, RJ45 to USB-C, and RJ45 to RJ45, among others.

12 Console Connection.png

Retrieved from: https://commons.wikimedia.org/wiki/File:Rollover_cable.png

Jump Box/Jump Host

A jump box, jump host, or jump server is a system that allows for connection to a private network in a separate security zone. The jump box is highly secure and provides remote connections between two or more security zones, providing controlled access between zones.

In-Band vs. Out-of-Band Management

In-band management of remote connections to a network is management done from within the network, commonly using protocols such as SNMP or Telnet/SSH. Out-of-band management is the management of devices and servers on the network from outside of the network. Out-of-band management technologies connect directly to a network device, such as a network server, and allow for management, automation, and orchestration of the network without using network resources.

Previous
Return to Study Guides

All Study Guides for the CompTIA Network+ are now available as downloadable PDFs

Upgrade to Premium