Network+ Interactive Workbook Ch.7-20 | N10-009

Chapter 7 of 20
IP Addressing
IPv4 uses 32-bit dotted-decimal addresses with public, private, and special-purpose ranges. IPv6 uses 128-bit hexadecimal to solve address exhaustion.
IPv4 Address: Network + Host Decomposition 192 .168 .10 .1 NETWORK PORTION HOST PORTION Binary: Cyan = network bits (1s in mask) | Purple = host bits (0s in mask) 10.0.0.0/8 -- Private A 172.16.0.0/12 -- Private B 192.168.0.0/16 -- Private C
Private vs Public Classification
For each address, select Private or Public.
Chapter 8 of 20
Subnetting & CIDR
Subnetting divides IP address space into smaller segments. CIDR notation (e.g. /26) replaces classful addressing and enables efficient allocation.
Subnet Mask: /26 = 26 ones, 6 zeros /26 boundary Network (26 bits) = 255.255.255.192 Host (6 bits) /26 Subnet Math Host bits: 6 | Total addresses: 2^6 = 64 Usable hosts: 64 - 2 = 62 Subnet mask: 255.255.255.192
Subnet Calculator
IPv4 Address
Prefix (/)
Quick Quiz: /26
What is the subnet mask?
How many usable hosts?
Chapter 9 of 20
IP Routing
Routers forward packets between networks using routing tables. Static routes are manually configured; dynamic protocols learn routes automatically.
Packet Forwarding: Source to Destination R1 10.0.1.1 R2 10.0.2.1 R3 10.0.3.1 Routing Table R2 10.0.3.0/24 via 10.0.2.2 Metric: 1 -- Forwarding... PC DST Each router checks its table before forwarding the packet to the next hop Static Route OSPF (cost) RIP (hops) BGP (AS path)
Routing Concepts Check
Q1: Which routing type requires manual configuration?
Q2: Which protocol uses hop count (max 15)?
Q3: Which protocol uses Link-State Advertisements?
Q4: BGP connects different ______.
Chapter 10 of 20
Routing Protocols
IGPs (RIP, OSPF, EIGRP) route within autonomous systems. BGP routes between them. Each protocol has a distinct metric, algorithm, and convergence behavior.
OSPF Hello Exchange -- Forming Adjacency R1 Area 0 R2 Area 0 HELLO HELLO Adjacency FULL -- LSA Exchange Begins Down Init 2-Way ExStart Loading FULL
Protocol Comparison
ProtocolTypeMetricAlgorithmMax Hop
RIP v2IGP/DVHop countBellman-Ford15
OSPFIGP/LSCost (BW)Dijkstra SPFNone
EIGRPIGP/HybridBW + DelayDUAL255
BGPEGP/PVAS PathBest PathNone
Quick Check
Q1: 16 hops in RIP means...?
Q2: OSPF administrative distance is?
Q3: Which connects different autonomous systems?
Chapter 11 of 20
Switching & VLANs
Switches forward frames using MAC tables. VLANs segment broadcast domains. 802.1Q trunk links carry tagged frames; access ports strip the tag.
802.1Q Trunk -- Tag Added, Carried, Stripped SW1 Access SW2 Access TRUNK (Gi0/1) -- 802.1Q Frame VLAN10 [Tag:VLAN10] Frame No tag 802.1Q adds 4-byte tag (VLAN ID) Tag stripped 802.1Q Tag Structure (4 bytes) TPID (2B: 0x8100) | PCP (3b) | DEI (1b) | VID (12b)
VLAN Port Simulator
Click ports to toggle between VLAN 10 and VLAN 20.
Fa0/1
VLAN 10
Fa0/2
VLAN 20
Fa0/3
VLAN 10
Fa0/4
VLAN 20
Fa0/5
VLAN 10
Trunk: OFF
Trunk ports carry frames from multiple VLANs using 802.1Q tags.
Quick Check
Q1: VLAN tagging standard?
Q2: Layer 2 loop prevention?
Chapter 12 of 20
Wireless Technology
IEEE 802.11 defines Wi-Fi standards across 2.4 GHz and 5 GHz bands. WPA3 with SAE provides the strongest current wireless security.
802.11 Association Process AP 802.11ax Client Wi-Fi 6 Association Sequence: 1. Probe Request 2. Probe Response 3. Auth Request 4. Auth Response 5. Assoc Request 6. Assoc Response WEP - Broken WPA - Legacy WPA2 - Secure WPA3 - Best (SAE) Ch 1, 6, 11 only
Wi-Fi Standards Explorer
Click a standard to see its specs.
Select a standard above.
Quick Check
Q1: 2.4 GHz non-overlapping channels?
Q2: WPA2 encryption algorithm?
Chapter 13 of 20
Network Statistics, Metrics & SNMP
SNMP provides a framework for monitoring and managing network devices. Agents report to managers via GET, SET, and unsolicited Trap messages.
SNMP Communication Model NMS SNMP Manager UDP 161/162 Router SNMP Agent MIB database GET RESPONSE TRAP Trap = unsolicited alert (e.g. link down) SNMPv1/v2c Community string (cleartext) No encryption SNMPv3 Auth (SHA) + Privacy (AES) Recommended for production Key Metrics Uptime, CPU %, BW, Latency Jitter, Packet Loss, Errors
SNMP Simulator
Click an SNMP operation above.
NMS# ready
Quick Check
Q1: Unsolicited SNMP alert message?
Q2: MIB stands for?
Chapter 14 of 20
Organizational Documents & Policies
Policies and plans govern preparation, response, and recovery. BCP, DRP, IRP, and SLAs form the framework for operational resilience.
Change Management Process Request CAB Review Approve Implement Verify Reject Denied
Policy & Plan Browser
Click a card to see its definition.
BCP
DRP
IRP
AUP
SLA
Select a document above.
Quick Check
Q1: Which plan focuses on IT system restoration?
Q2: Employee technology use is governed by?
Chapter 15 of 20
High Availability & Disaster Recovery
HA eliminates single points of failure through redundancy and failover. DR planning defines RTO and RPO targets to guide recovery from major outages.
Active/Standby Failover Sequence Client Traffic Active Server A FAILED Standby Server B ACTIVE VIP: 10.0.0.1 Floats to standby HSRP / VRRP / GLBP First-hop redundancy
HA & Recovery Concepts
Hot Site
Fully operational mirror -- RTO: minutes
Warm Site
Pre-configured hardware -- RTO: hours
Cold Site
Empty facility -- RTO: days/weeks
RTO
Recovery Time Objective (target window)
RPO
Recovery Point Objective (acceptable data loss)
True/False
Select only TRUE statements.
Chapter 16 of 20
Common Security Concepts
The CIA Triad (Confidentiality, Integrity, Availability) anchors all security decisions. Defense-in-depth layers multiple controls to limit blast radius of any single failure.
Firewall Inspection -- Permit / Deny Internet FIREWALL Stateful / NGFW ACL Inspection Internal ALLOW DENY X Confidentiality Encrypt + least priv Integrity Hash + sign Availability Redundancy + HA Defense Depth layers
CIA Triad Explorer
Select a pillar to explore it.
Quick Check
Q1: Data altered without authorization violates?
Q2: A fingerprint scanner is which factor?
Chapter 17 of 20
Common Types of Attacks
Network attacks exploit weaknesses in protocols, software, and human behavior. ARP poisoning, DoS floods, phishing, and MitM are essential N10-009 topics.
ARP Poisoning -- Traffic Diversion Attack Victim 192.168.1.10 Gateway 192.168.1.1 Attacker 192.168.1.99 Expected path ARP: GW=my MAC! Traffic Defense: Dynamic ARP Inspection Defense: DHCP Snooping Defense: Static ARP / Port Security
Attack Identification
Click an attack to see its definition and defense.
Chapter 18 of 20
Network Hardening Techniques
Hardening reduces attack surface: disable unused services, close unnecessary ports, apply patches, enforce strong credentials, and layer firewalls with IDS/IPS.
Port Hardening -- Closing Unused Services Network Device TCP/23 Telnet TCP/21 FTP UDP/161 SNMPv1/v2c TCP/80 HTTP->HTTPS TCP/22 SSH (keep) TCP/512-4 r-services TCP/443 HTTPS (keep) UDP/137-8 NetBIOS TCP/53 DNS (keep) TCP/445 SMB (if unused) Red = Disable | Yellow = Migrate to secure alt | Green = Keep with controls Principle: Whitelist approach -- deny all, permit only what is explicitly needed
Hardening Checklist
Check each control to improve security posture.
Security Posture: 0%
Chapter 19 of 20
Remote Access Security
VPNs create encrypted tunnels over public networks. IPSec secures site-to-site; SSL/TLS VPN serves remote users. Zero Trust rejects implicit network trust entirely.
VPN Tunnel -- Encrypted Remote Access Remote User / Home VPN Client Internet Untrusted Corp VPN Gateway Firewall / ASA ENCRYPTED 🔒 IPSec VPN Layer 3 | AH + ESP Site-to-site common SSL/TLS VPN Layer 4-7 | Port 443 Browser-based access Zero Trust Never trust, always verify No implicit network trust
Remote Access Models
Click a card to see details.
RADIUS
TACACS+
IPSec
SSL VPN
Zero Trust
Split Tunnel
Select a model.
Quick Check
Q1: Zero Trust core principle?
Q2: TACACS+ vs RADIUS: TACACS+ encrypts?
Chapter 20 of 20
Physical Security
Physical security controls protect infrastructure from unauthorized access, theft, and environmental damage. It is the outermost layer of defense-in-depth.
Physical Security Layers CCTV Continuous Recording Badge Smart Card Reader Mantrap Airlock Two-door 🔒 Data Center Physical Zones Perimeter Fence / Gates Cameras Lighting Lobby Badge reader Security guard Visitor log Server Room Biometric + badge Fire suppression Env. sensors MDF/IDF Locked cab. Cable locks Key ctrl
Access Control Simulator
Simulate an access scenario above.
Quick Check
Q1: CCTV cameras are which control type?
Q2: What prevents tailgating at secure entry?