Border Gateway Protocol (BGP) is the fundamental routing protocol of the global internet, designed specifically as an Exterior Gateway Protocol (EGP). Its primary function is to exchange routing and reachability information between different Autonomous Systems (AS). An Autonomous System is a collection of connected IP routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the internet. Each AS is assigned a globally unique Autonomous System Number (ASN), which BGP uses as a core component of its path-vector algorithm to make routing decisions and prevent routing loops across the internet.

A. IS-IS: IS-IS (Intermediate System to Intermediate System) is an Interior Gateway Protocol (IGP) that operates within a single autonomous system, not between them.

B. EIGRP: Although EIGRP configuration uses a parameter called an "autonomous system number," it serves as a process identifier to define a specific EIGRP routing domain, not for inter-AS routing in the way BGP does.

C. OSPF: OSPF (Open Shortest Path First) is a classic link-state IGP designed to operate exclusively within a single autonomous system, using areas for hierarchical segmentation.

---

1. Rekhter

Y.

Li

T.

& Hares

S. (2006). RFC 4271: A Border Gateway Protocol 4 (BGP-4). Internet Engineering Task Force (IETF).

Section 1.1

"Introduction": "BGP-4 provides a mechanism for exchanging routing information between autonomous systems (ASes)... An AS is a set of routers under a single technical administration... Each AS is identified by an Autonomous System Number." This document establishes BGP as the protocol for inter-AS routing using ASNs.

2. Moy

J. (1998). RFC 2328: OSPF Version 2. Internet Engineering Task Force (IETF).

Section 1

"Introduction": "OSPF is an interior gateway protocol (IGP). It is meant to be used within a single Autonomous System." This source confirms OSPF's role is confined within an AS.

3. Oran

D. (1990). RFC 1142: OSI IS-IS Intra-domain Routing Protocol. Internet Engineering Task Force (IETF).

Abstract: The document describes a routing protocol for use "within a single routing domain" (i.e.

an autonomous system)

explicitly defining IS-IS as an intra-domain or Interior Gateway Protocol.

4. Savage

D.

Appanna

J.

& Retana

A. (2016). RFC 7868: Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP). Internet Engineering Task Force (IETF).

Section 1.1

"Terminology": "Autonomous System (AS): A routing domain

also known as an EIGRP process." This clarifies that EIGRP's use of the term "AS" refers to its internal routing domain

not the globally unique AS used in inter-domain routing.

5. Balakrishnan

H.

& Kaashoek

M. F. (2018). 6.033 Computer System Engineering

Spring 2018

Lecture 13: Internet Routing. MIT OpenCourseWare.

Slide 13-16: The lecture notes explicitly state

"BGP is the de facto inter-domain routing protocol... Routers are organized into Autonomous Systems (ASes)... Each AS has a unique 16-bit or 32-bit number (ASN)." This academic source contrasts IGPs with BGP and its use of ASNs.

An ad hoc network is a decentralized wireless network where devices connect directly to each other in a peer-to-peer fashion. This mode, also known as an Independent Basic Service Set (IBSS) in the IEEE 802.11 standard, does not require a central access point (AP). In the given scenario, the systems administrator needs to connect two laptops and a printer without an AP. An ad hoc network allows these three devices to form a self-contained wireless network for direct communication, fulfilling the requirement perfectly.

A. Mesh: Mesh networks typically use multiple interconnected access points or dedicated mesh nodes to provide broad coverage, which are explicitly unavailable in this scenario.

B. Infrastructure: Infrastructure mode is the most common Wi-Fi configuration and fundamentally requires a central access point for devices to connect, which the office does not have.

D. Point-to-point: While a connection between two devices can be point-to-point, "ad hoc" is the specific 802.11 term for a multi-device, AP-less network topology as required here.

1. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 7

Section 7.2.1

"802.11 Architecture

" the text defines an ad hoc network as one where "stations connect to each other directly

without the use of an access point."

2. IEEE Std 802.11™-2020. (2020). IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Section 4.3.3

"IBSS

" defines an Independent Basic Service Set as "A BSS that forms a self-contained network and in which STAs communicate directly with one another. An IBSS does not have a backbone connection and operates in ad hoc mode."

3. MIT OpenCourseWare. (2012). 6.02 Introduction to EECS II: Digital Communication Systems

Fall 2012. Lecture 18: Wireless LANs. The lecture notes differentiate between an infrastructure BSS (with an AP) and an Independent BSS (ad hoc)

stating the latter is a "network of stations

no AP."

When multiple redundant links are connected between Layer 2 switches, a switching loop is created. This results in broadcast storms and MAC address table instability, which will cause the network to fail. The Spanning Tree Protocol (STP), defined in IEEE 802.1D, is the fundamental mechanism designed to prevent these loops. It does so by logically disabling redundant paths, ensuring only one active path exists between any two switches at a time. While the technician's ultimate goal is increased throughput (which is typically achieved with link aggregation), enabling STP is the mandatory first step to make a redundant switched topology stable and operational. Without STP, the network would collapse, making increased throughput impossible.

B. Switch Virtual Interfaces: SVIs are Layer 3 logical interfaces on a switch used to enable inter-VLAN routing; they do not manage physical link redundancy.

C. Native VLAN: The native VLAN is a configuration on an 802.1Q trunk port that specifies how to handle untagged frames; it is unrelated to loop prevention or link aggregation.

D. First Hop Redundancy Protocol: FHRPs (e.g., HSRP, VRRP) provide redundant default gateways for end devices at Layer 3, not for managing Layer 2 switch-to-switch links.

---

1. IEEE Std 802.1D-2004

IEEE Standard for Local and metropolitan area networks—Media Access Control (MAC) Bridges. Clause 17

"Spanning Tree Protocol

" specifies the protocol's function to "provide a single path between any two end stations

to eliminate loops." It details the algorithm for automatically creating a loop-free topology from a network of bridges with redundant links.

2. Bonaventure

O. (2011). Computer Networking: Principles

Protocols and Practice. Section 6.2.3

"Spanning tree protocol." This university-level textbook states

"To preserve connectivity while avoiding loops

the bridges compute a spanning tree... The Spanning Tree Protocol is enabled on all bridges and they exchange messages... to compute the spanning tree." This confirms STP's role in managing redundant links to form a loop-free tree.

3. Cisco Systems

Inc. (2023). Spanning Tree Protocol (STP) on Catalyst Switches Configuration Guide. In the "Information About STP" section

it is stated: "STP is a Layer 2 link-management protocol that provides path redundancy while preventing undesirable loops in a network... When you create redundant links between switches

loops are created. If a loop exists

a switch can forward the same frame multiple times

and the switch MAC address table can be corrupted." This official vendor documentation directly links the creation of redundant links to the necessity of STP for loop prevention.

Multimode fiber (MMF) optic cable operates using a core with a relatively large diameter (typically 50 or 62.5 micrometers). This larger core allows multiple modes, or paths, of light to propagate simultaneously. These light rays enter the core at various angles and travel to the destination by repeatedly reflecting off the boundary of the protective cladding layer. This "bouncing" effect is due to total internal reflection. While effective for shorter distances, this process causes modal dispersion, where different light rays arrive at slightly different times, which limits the cable's maximum bandwidth and distance.

A. Twinaxial: This is a copper-based cable that transmits electrical signals, not light, and is therefore irrelevant to the principle of light reflection.

B. Coaxial: This is a copper-based medium that transmits data via electrical signals, not pulses of light.

C. Single-mode: This fiber optic cable has a very narrow core (around 9 micrometers) that permits only a single path of light, which travels nearly parallel to the fiber's axis, minimizing reflections.

1. Gallager

R. G. (2012). 6.02 Introduction to EECS II: Digital Communication Systems

Lecture 10: Introduction to Optical Communication. MIT OpenCourseWare. Retrieved from https://ocw.mit.edu/courses/6-02-introduction-to-eecs-ii-digital-communication-systems-fall-2012/resources/mit602f12lec10/. Slide 14

"Multimode vs. single-mode fiber

" illustrates how the larger core of multimode fiber supports many propagation paths (modes) that reflect off the cladding.

2. Corning Incorporated. (n.d.). Multimode Optical Fiber. Corning Optical Communications. In the product descriptions and technical specifications for multimode fibers like ClearCurve®

it is explained that light travels in multiple pathways or modes

which involves reflection from the core-cladding interface.

3. Forouzan

B. A. (2013). Data Communications and Networking (5th ed.). McGraw-Hill. In Chapter 6

Section 6.3

"Guided Media

" the subsection on "Optical Fiber" describes multimode propagation as multiple beams from a light source moving through the core in different paths

reflecting off the cladding. Figure 6.13 specifically illustrates this reflection.

The scenario requires a cloud model that provides a complete development and deployment environment, including a runtime, developer tools, and databases, while offloading the management of the underlying infrastructure. Platform as a Service (PaaS) is designed for this exact purpose. In a PaaS model, the cloud provider manages the servers, storage, networking, and the platform software (operating systems, middleware, runtime environments). This allows developers to focus exclusively on writing and managing their applications without the responsibility of system administration tasks like security patching and updates for the platform itself.

A. Container as a service: CaaS is a specialized service focused on managing containerized applications. While it abstracts some infrastructure, the developers might still be responsible for patching the OS within the container image.

B. Infrastructure as a service: With IaaS, the developers would be responsible for managing and patching the operating systems, runtime, and middleware, which directly contradicts the requirement to avoid these tasks.

D. Software as a service: SaaS delivers ready-to-use software applications to end-users. This model is for consuming an application, not for developing and building a new one as described in the scenario.

---

1. National Institute of Standards and Technology (NIST). (2011). The NIST Definition of Cloud Computing (Special Publication 800-145).

Page 2

Section 2

"Platform as a Service (PaaS)": "The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages

libraries

services

and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network

servers

operating systems

or storage

but has control over the deployed applications and possibly configuration settings for the application-hosting environment." This directly supports the choice of PaaS.

2. Armbrust

M.

Fox

A.

Griffith

R.

Joseph

A. D.

Katz

R.

Konwinski

A.

... & Zaharia

M. (2009). Above the Clouds: A Berkeley View of Cloud Computing (Technical Report No. UCB/EECS-2009-28). University of California at Berkeley.

Page 4

Section 3.1

"Classes of Utility Computing": The report distinguishes the service models. It describes PaaS as providing "higher-level abstractions for developers to build applications upon

" contrasting it with IaaS where the user manages "virtual machine instances" and the associated OS. This aligns with the developers' need for a managed platform.

3. Massachusetts Institute of Technology (MIT) OpenCourseWare. (2018). 6.824 Distributed Systems

Spring 2018

Lecture 19: Cloud Computing.

Lecture Notes/Slides: The course materials differentiate the cloud service models by the "dividing line of responsibility." For PaaS

the line is drawn above the OS/middleware

meaning the provider is responsible for everything below the application code

which matches the question's requirements.

Classless Inter-Domain Routing (CIDR) notation, such as /21, represents the number of leading '1' bits in a subnet mask. An IPv4 subnet mask consists of 32 bits, divided into four 8-bit octets. A /21 mask means the first 21 bits are '1's, and the remaining 11 bits are '0's.

In binary, this is:

11111111.11111111.11111000.00000000

Converting each octet to decimal gives:

- 11111111 = 255

- 11111111 = 255

- 11111000 = 128 + 64 + 32 + 16 + 8 = 248

- 00000000 = 0

Therefore, the correct dotted decimal notation for a /21 subnet mask is 255.255.248.0.

A. 255.255.224.0 represents a /19 mask, as it has 19 leading '1' bits (11111111.11111111.11100000.00000000).

B. 255.255.240.0 represents a /20 mask, as it has 20 leading '1' bits (11111111.11111111.11110000.00000000).

D. 255.255.252.0 represents a /22 mask, as it has 22 leading '1' bits (11111111.11111111.11111100.00000000).

1. Fuller

V.

& Li

T. (2006). Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan. RFC 4632. Internet Engineering Task Force (IETF).

Section 3

"CIDR Notation": This section defines the / notation (e.g.

/21) to represent the number of contiguous

high-order '1' bits in the network mask. The conversion process described in the explanation aligns with this standard.

2. Dordal

P. L. (2019). An Introduction to Computer Networks. Loyola University Chicago

Department of Computer Science.

Chapter 9.2

"IP Subnets": This chapter details the concept of subnet masks and the relationship between prefix length (CIDR notation) and the dotted-decimal representation. The table of common subnet masks confirms that a prefix of /21 corresponds to 255.255.248.0.

3. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Chapter 4

Section 4.4.2

"Obtaining a Block of Addresses": This section explains how CIDR is used to allocate IP address blocks and defines the prefix notation. The examples provided illustrate the direct conversion between the prefix length and the dotted-decimal subnet mask

consistent with the calculation for /21.

The question describes a standard data center cooling strategy known as hot aisle/cold aisle containment. In this design, equipment racks are aligned in rows with their fronts facing one aisle (the cold aisle) and their rears facing the other (the warm/hot aisle). Cool air is supplied to the cold aisle and drawn into the equipment's intake vents. The equipment's fans then expel hot exhaust air into the warm aisle, where it is returned to the cooling units. A "port-side exhaust" system, common in network switches, expels hot air from the same side as the network ports. To maintain thermal efficiency, this exhaust must be oriented towards the designated warm aisle to prevent the recirculation of hot air into equipment intakes.

A. The patch panel: Patch panels are passive components that do not require specific airflow for cooling. Orienting an exhaust towards them is irrelevant to thermal management.

B. The front of the IDF: The front of an Intermediate Distribution Frame (IDF) or rack is typically the cold aisle. Directing hot exhaust here would contaminate the cool air supply.

D. The administrator console: An administrator console's location is determined by operational needs, not thermal management. Directing hot exhaust at it would be improper and create an uncomfortable workspace.

1. ASHRAE TC 9.9. (2021). Thermal Guidelines for Data Processing Environments (5th ed.). ASHRAE. In Chapter 4

"Data Center Thermal Management

" the guide details the hot-aisle/cold-aisle arrangement

stating

"The goal of this configuration is to manage the air-flow in the data center to prevent the mixing of cold supply air with hot equipment exhaust air" (Section 4.2.1).

2. Cisco Systems

Inc. (2022). Cisco Nexus 9300-EX

9300-FX/FX2/FXP

and 9300-GX Platform Hardware Installation Guide. In the "Airflow and Cooling" section

it describes fan modules for "port-side exhaust airflow (air enters the chassis through the fan tray and power supplies and exits through the port end of the chassis)." This design requires placing the port side of the switch into the hot aisle.

3. Koomey

J. G. (2007). Estimating Total Power Consumption by Servers in the U.S. and the World. Stanford University. In the section "Improving infrastructure efficiency

" the paper discusses best practices

including hot/cold aisle separation

noting that it "prevents the hot exhaust air from servers from mixing with the cold air being supplied to them

which is a common problem in data centers" (p. 11).

IEEE 802.11n/ac data rates scale directly with the RF channel width that the AP advertises. A 20 MHz-wide channel tops out at ≈86 Mbps for one spatial stream, while an 80 MHz channel can exceed 400 Mbps. If the newly configured autonomous AP was left at the default 20 MHz (or forced to 2.4 GHz with only 20 MHz channels) while the other APs use 5 GHz 80 MHz channels, the observed download result of ~75 Mbps versus 500 Mbps is expected. DNS, DHCP, or authentication parameters do not influence layer-1/2 throughput once the client is associated.

B. DNS server issues – DNS affects name resolution latency, not sustained TCP throughput once an IP address is obtained.

C. Authentication failure – If authentication failed, the client could not associate and run the speed test at all.

D. Incorrect DHCP settings – Bad DHCP would block or mis-route traffic entirely, not selectively cap wireless PHY rates.

1. IEEE Std 802.11ac-2013

Table 22-30 “Single-Stream MCS Rates vs Channel Width” (shows 86.7 Mbps @20 MHz; 433.3 Mbps @80 MHz).

2. Cisco Systems

“802.11ac: The Fifth Generation of Wi-Fi – Technical White Paper”

Rev 2

2014

pp. 4-5 (relation of channel width to data throughput).

3. MIT OpenCourseWare

6.829 Computer Networks

Lecture “Wireless Networks”

slides 23-25 (impact of 20/40/80 MHz channels on achievable throughput).

An evil twin attack involves an attacker setting up a rogue Wireless Access Point (WAP) that masquerades as a legitimate one by using the same SSID. The primary objective is to trick users into connecting to the malicious WAP. Once a user connects, the attacker is in a man-in-the-middle (MITM) position, allowing them to intercept, inspect, and modify the victim's network traffic. A common goal of this interception is to present a fake captive portal or spoofed websites to steal sensitive information, most notably login credentials for various online services.

A. DNS poisoning: This is a technique that can be executed through an evil twin to redirect users, but it is a method, not the ultimate objective of stealing data.

C. ARP spoofing: This is a separate type of man-in-the-middle attack that manipulates MAC-to-IP address mappings on a local network and is not the defining goal of an evil twin.

D. Denial of service: While an evil twin can be used to cause a denial of service, the more common and valuable objective is the interception and theft of data.

---

1. University Courseware:

Wentz

B. (2017). Lecture 15: Network Security II (Wireless

DoS). MIT OpenCourseWare

Course 6.857 Computer and Network Security. The lecture notes describe the evil twin attack as a method to "sniff traffic

steal credentials via fake login pages." (See slide/section on "Evil Twin APs").

2. Official Vendor Documentation:

Cisco. (n.d.). What Is an Evil Twin Attack?. Cisco Security Documentation. In the section "How does an evil twin attack work?"

the document states a primary goal is to "Steal usernames and passwords" by monitoring traffic or using phishing pages.

3. Peer-Reviewed Academic Publications:

Cunha

Í.

et al. (2016). Evil Twin Attacks and Defense Mechanisms in Wi-Fi Networks. In Security in Computing and Communications (pp. 58-70). Springer

Cham. Section 2

"Evil Twin Attack

" explains that the attacker's goal is to "obtain sensitive information from the victim

such as login credentials or credit card numbers." (DOI: https://doi.org/10.1007/978-3-319-45741-36)

A screened subnet, also known as a Demilitarized Zone (DMZ), is a perimeter network architecture designed to create a secure buffer between an organization's internal network and an untrusted external network, such as the internet. It uses one or more firewalls to create a separate, isolated network segment for hosting public-facing services (e.g., web, email servers). This design explicitly isolates the internal network, preventing direct traffic from the internet and accomplishing the engineer's goal of creating a boundary network.

A. Trusted zones: This is a general firewall policy concept for classifying networks by trust level (e.g., inside, outside, DMZ), not the specific architectural solution itself.

B. URL filtering: This is an application-layer security function that blocks access to specific websites and has no role in creating a segregated network architecture.

C. ACLs: Access Control Lists are sets of rules that filter traffic. They are a fundamental component used to implement a screened subnet, but they are not the architectural solution.

1. National Institute of Standards and Technology (NIST). (2009). Special Publication 800-41 Revision 1: Guidelines on Firewalls and Firewall Policy. Section 3.3.3

"Screened Subnet Firewall

" p. 3-6. This section states

"The screened subnet architecture adds a layer of security... by adding a perimeter network that further isolates the internal network from the Internet. This perimeter network is called the demilitarized zone (DMZ)."

2. Stallings

W.

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson. In Chapter 21.1

"Firewall Characteristics

" the text describes the DMZ (screened subnet) architecture as a common configuration for "external services

such as a Web server or an e-mail server."

3. Teare

D. (2004). Implementing Cisco PIX Firewalls. Cisco Press. Chapter 3

"Firewall and Network Address Translation Basics

" describes the DMZ as a "buffer network" and states

"The most secure firewall design is the screened subnet." This highlights its role as a primary solution for creating a boundary network.