A. Dynamic ARP inspection: This feature prevents ARP spoofing attacks by validating IP-to-MAC address bindings, but it does not prevent a rogue server from distributing malicious DHCP information.

B. Access control lists: ACLs filter traffic based on criteria like IP addresses and port numbers. While they could block a known rogue server, they are not the primary mechanism for preventing unauthorized DHCP server operation.

D. Port security: This feature limits which MAC addresses can connect to a switch port. It does not inspect the traffic content and would not stop an authorized device from running a rogue DHCP server.

---

1. Official Vendor Documentation:

Cisco Systems, Inc. (2022). Security Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches) - Configuring DHCP Features. Section: "Information About DHCP Snooping". The document states, "DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers... DHCP snooping prevents... A malicious device in the network that acts as a DHCP server and sends invalid addresses to the clients."

2. University Courseware:

University of Oregon, Information Services. (n.d.). DHCP Snooping. Network Services Documentation. Retrieved from https://service.uoregon.edu/TDClient/2030/Portal/KB/ArticleDet?ID=33131. The document explains, "DHCP snooping is a security feature that can be configured on network switches to protect a network from rogue DHCP servers... It works by designating ports on the switch as either trusted or untrusted."

3. Peer-Reviewed Academic Publication:

Dobbins, R., et al. (2011). Practical VoIP Security. Syngress. In Chapter 4, "Securing the Network Infrastructure," Section: "DHCP Snooping," the text describes how DHCP snooping is used to thwart rogue DHCP servers that could "provide incorrect DNS or default gateway information to clients, effectively creating a man-in-the-middle attack." (p. 118).

A. Router: A router's primary function is to forward data packets between different computer networks, not to create a wireless access area, though this is a common integrated feature.

B. Switch: A switch is a device that connects multiple devices on a wired network, forwarding data at the Data Link layer to specific destinations.

D. Firewall: A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's security policies.

1. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 6, Section 6.3.1, "802.11 Architecture," the text defines the role of the Access Point (AP) within a Basic Service Set (BSS) as the central device that wireless stations associate with to connect to the network and communicate with the distribution system (the wired LAN).

2. Cisco. (n.d.). What Is a Wireless Access Point? Cisco. Retrieved from the official Cisco website. The document states, "a wireless access point (WAP or AP) is a networking device that allows wireless-capable devices to connect to a wired network... An access point is a separate device that connects to a router via an Ethernet cable and creates a new wireless network." This confirms the AP's role in creating the WLAN footprint.

3. Tanenbaum, A. S., & Wetherall, D. J. (2011). Computer Networks (5th ed.). Prentice Hall. In Chapter 4, "The Medium Access Control Sublayer," Section 4.3.3, "802.11 Architecture and Protocol Stack," the role of an access point is described as being analogous to a base station in a cellular network, providing the connection point for all wireless stations in its cell (or footprint) to the wired network.

A. RTO: Recovery Time Objective is a business continuity metric defining the maximum acceptable downtime for a system after a failure or disaster.

B. RPO: Recovery Point Objective specifies the maximum acceptable amount of data loss, measured in time, after a disruptive event.

D. MTTR: Mean Time To Repair (or Recover) measures the average time it takes to repair a failed component and restore it to full functionality.

1. Carnegie Mellon University, Software Engineering Institute. "Availability." In Models for Evaluating COTS-Based Systems. This document defines MTBF as a basic measure of reliability, calculated as the total time in service divided by the number of failures. It is contrasted with MTTR, which is a measure of maintainability. (See Section: "Availability Measures").

2. University of Virginia, Department of Computer Science. "Lecture 25: Dependability." In CS 6501: Advanced Computer Architecture. The course material defines MTBF as "Mean Time To Failure" or "Mean Time Between Failures" and explicitly states it is a measure of reliability, often used to predict the service life of components. (See slide on "Defining Dependability").

3. Shooman, M. L. (2002). Reliability of Computer Systems and Networks: Fault Tolerance, Analysis, and Design. John Wiley & Sons. In Chapter 2, "Reliability, Availability, and Maintainability," MTBF is formally defined as the expected value of the time between successive failures, which is a primary indicator of a component's operational life. (DOI: https://doi.org/10.1002/047122460X, Section 2.3).

A. SSO (Single Sign-On) is a property of access control, allowing a user to log in once to access multiple systems, not the specific protocol configured for wireless authentication.

B. SAML (Security Assertion Markup Language) is an open standard primarily used for exchanging authentication and authorization data for web-based applications, not for 802.1X wireless network authentication.

C. MFA (Multi-Factor Authentication) is a security method requiring multiple verification factors. While it can be integrated with RADIUS, it is not the fundamental service that connects the wireless network to the credential store.

1. Internet Engineering Task Force (IETF). (June 2000). RFC 2865: Remote Authentication Dial In User Service (RADIUS). Section 1.2, "Operation," describes the process where a Network Access Server (NAS), such as a wireless access point, passes user information to a designated RADIUS server to handle the authentication request.

2. Cisco. (2023). RADIUS Authentication, Authorization, and Accounting. In Security Configuration Guide, Cisco IOS XE Amsterdam 17.3.x. This official vendor documentation states, "RADIUS is a distributed client/server system that secures networks against unauthorized access... RADIUS is the most popular AAA protocol in use today."

3. Purdue University. (n.d.). Enterprise Wi-Fi Security: WPA2 and WPA3 with 802.1X. In Purdue University Information Technology (ITaP) Documentation. The document explains, "WPA2/WPA3-Enterprise uses the 802.1X standard to pass credentials to a RADIUS authentication server... This allows each user to log in to the Wi-Fi network with their own unique username and password."

B. Load balancer settings: Load balancers distribute traffic to servers and would not cause inconsistent link speeds on individual user endpoint devices across the network.

C. Flow control settings: A mismatch in flow control can cause packet loss and degrade throughput, but it does not directly affect the negotiated link speed (e.g., 100 Mbps vs. 1 Gbps).

D. Infrastructure cabling grade: While improper cabling (e.g., using Cat 5 instead of Cat 5e/6) is a common cause for auto-negotiation to fail and result in lower speeds, the immediate diagnostic step is to check the resulting status—the speed mismatch itself—before investigating the physical infrastructure.

1. Cisco Systems, Inc., "Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues," Document ID: 17053. In the "Troubleshooting Autonegotiation" section, it is stated, "The first step in troubleshooting is to check the configurations of both sides and to make sure that they are set to autonegotiation." This document emphasizes that checking speed and duplex settings is a primary step when performance issues arise.

2. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 6, "The Link Layer and LANs," the text discusses Ethernet standards and the function of Network Interface Cards (NICs). It explains that for 1000BASE-T, auto-negotiation is used to select the highest common speed, and failures in this process can lead to operation at lower speeds, directly causing performance degradation.

3. University of Illinois at Urbana-Champaign, CS 438: Communication Networks course materials. Discussions on the Ethernet physical layer often highlight that auto-negotiation failures are a frequent source of performance problems. The materials explain that when auto-negotiation fails, devices may fall back to a base speed (e.g., 100 Mbps, half-duplex), creating a speed/duplex mismatch with the connected device, which must be verified first during troubleshooting.

A. AAAA: This record maps a hostname to an IPv6 address. It should be updated if the web server's IPv6 address changes, not the DNS server's address.

B. CNAME: A Canonical Name record is an alias that points one domain name to another. It is not used for defining the location of authoritative name servers.

C. MX: A Mail Exchanger record specifies the mail servers for a domain. This is related to email delivery, not website accessibility or DNS server location.

1. Internet Engineering Task Force (IETF) RFC 1035, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION," P. Mockapetris, November 1987. Section 3.3.11, "NS RDATA format," defines the NS record's purpose: "NS records specify the authoritative nameservers for the domain." This establishes that NS records are the correct type to update when the authoritative servers change.

2. University of California, Berkeley, EECS C161, "Computer Security," Lecture 18: Network Security II, DNS. The lecture notes explain the DNS hierarchy and delegation. They state, "NS records: map a domain name to a name server for that domain," clarifying that these records are essential for locating the correct server to query for a domain's records.

3. Microsoft Documentation, "Managing DNS Records," updated September 15, 2021. In the section on "Name server (NS) records," it is stated, "This record identifies the DNS name servers that are authoritative for the zone." This confirms that any change to the authoritative servers requires an update to the NS record.

A. Stronger wireless connection: An ESSID itself does not amplify the signal. It allows a client to connect to the AP with the best signal, but the inherent strength is a function of the AP hardware and environment.

C. Advanced security: Security protocols like WPA3 are configured on the APs and are independent of whether the network is a single BSS or an ESS. An ESSID does not inherently add security features.

D. Increased throughput: While roaming to an AP with a stronger signal can improve performance, the ESSID technology itself is not designed to increase the maximum data rate defined by the 802.11 standard in use.

---

1. University Courseware:

Massachusetts Institute of Technology (MIT) OpenCourseWare. (2012). 6.02 Introduction to EECS II: Digital Communication Systems, Fall 2012. Lecture 18 Notes: Wireless Communication. p. 18-10. The notes state, "The ESS allows mobile hosts to move from one BSS to another (within the same ESS) transparently to the LLC [Logical Link Control] layer," which is the definition of roaming.

2. Vendor Documentation:

Cisco. (2019). Enterprise Mobility 8.5 Design Guide. Chapter: Wireless LAN Roaming. The guide explains, "An ESS is a collection of APs that are configured with the same SSID... When a wireless client moves its association from one AP to another AP within the same ESS, the client is roaming." This directly links the concept of an ESS (identified by the ESSID) to the function of roaming.

3. Peer-Reviewed Academic Publication:

Hsieh, H. Y., & Sivalingam, K. M. (2004). IEEE 802.11-based wireless local area and metropolitan area networks. In M. Ilyas & I. Mahgoub (Eds.), Handbook of Local and Metropolitan Area Networks (pp. 49-1 - 49-22). CRC Press. In section 49.3.2 "Extended Service Set," the text describes that an ESS is formed by multiple BSSs to "provide coverage over a larger area and allow mobility of stations."

A. Change the email client configuration to match the MX record.

Email clients do not use MX records to send or receive mail. MX records are used by mail servers to discover where to deliver email for a domain.

C. Perform a DNS zone transfer prior to the MX record change.

A zone transfer synchronizes records between authoritative DNS servers. It does not influence the cache of external, recursive DNS resolvers, which is the cause of the delay.

D. Update the NS record to reflect the IP address change.

NS records identify a domain's authoritative name servers. The migration involved a mail server, not a name server, making a change to the NS record irrelevant.

---

1. Official Vendor Documentation (Microsoft): In the official documentation for migrating services to Microsoft 365, Microsoft explicitly advises this practice. "Before you change a DNS record, such as your MX record, we recommend that you lower its TTL to the lowest interval your registrar allows... Then, after the record has had time to update across all the DNS servers, you can make your change."

Source: Microsoft 365 Documentation, "Create DNS records at any DNS hosting provider for Microsoft 365," Section: "What is TTL and why should I change it?".

2. University Courseware (University of California, Berkeley): University IT documentation, which serves as institutional courseware, explains the function of TTL and its importance in managing DNS changes. It clarifies that a lower TTL value causes DNS resolvers to query the authoritative nameserver more frequently, thus speeding up the propagation of any changes made to the record.

Source: UC Berkeley, Information Services and Technology, "DNS Concepts," Section: "Time to Live (TTL)".

3. Peer-Reviewed Academic Publication (IETF RFC): The fundamental definition and purpose of the TTL field are specified in the standards that govern the DNS protocol. The TTL dictates the caching duration for a resource record.

Source: IETF, RFC 1035, "Domain Names - Implementation and Specification," Section 3.2.1, "Format." This section defines the TTL field as "a 32 bit signed integer that specifies the time interval that the resource record may be cached before it should be discarded."

A. RIP: The default administrative distance for the Routing Information Protocol (RIP) is 120, indicating it is less trusted than EIGRP.

C. OSPF: The default administrative distance for the Open Shortest Path First (OSPF) protocol is 110, making it less preferred than EIGRP.

D. BGP: The Border Gateway Protocol (BGP) has a default AD of 20 for external routes (eBGP) and 200 for internal routes (iBGP), neither of which is 90.

1. Cisco Systems, Inc., "IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Gibraltar 16.12.x". Route Selection in Cisco IOS. This official documentation provides a table of default administrative distance values.

Reference: In the section "Administrative Distance," the table lists "Enhanced Interior Gateway Routing Protocol (EIGRP) internal route" with a default distance of 90. It also lists OSPF (110), RIP (120), and External BGP (20).

2. Stallings, W. (2016). Foundations of Modern Networking: SDN, NFV, and Cloud Computing. Pearson Education, Inc.

Reference: Chapter 10, Section 10.3 "Routing Protocols," discusses the metrics used by various protocols. While not a direct table, the principles of AD are explained, and standard values are often cited in associated academic contexts. The industry-standard values (originating from Cisco) are universally taught, with EIGRP at 90.

3. University of Kentucky, Department of Computer Science., "CS 470/570: Computer Networks - Lecture 16: Routing Algorithms".

Reference: Slide 32, titled "Administrative Distances," presents a table of default values, explicitly stating: "EIGRP (internal) = 90," "OSPF = 110," "RIP = 120," and "eBGP = 20." This is representative of standard university-level networking courseware.

B. Laptop: Using a laptop is inefficient. It would require connecting a patch cord from the switch to each panel port sequentially until the laptop shows a network link.

C. Cable tester: A basic cable tester requires plugging its remote unit into the wall jack and the main unit into each patch panel port one by one, which is slower than a toner.

D. Visual fault locator: This tool is used exclusively for locating breaks and identifying ends of fiber optic cables by transmitting a visible red light; it is incompatible with copper UTP cabling.

1. West, J., Andrews, J., & Dean, T. (2022). Network+ Guide to Networks (9th ed.). Cengage Learning.

In Chapter 2, "Networking Tools," the text describes the function of a tone generator and probe: "To trace a wire, you connect the tone generator to the wire at one end... Then you use the probe at the other end... to find the same wire by listening for the tone. This process is called toning a wire." This directly supports its use for identifying a specific cable in a bundle or at a patch panel.

2. University of Washington, IT Connect. (2021). Cabling & Wiring: Tools.

In the section describing standard tools for network technicians, the documentation explains that a "Tone and Probe Kit" is used to "identify a specific wire pair or conductor within a bundle, at a cross-connect point, or at a remote end." This aligns perfectly with the scenario of identifying an unlabeled port on a patch panel. (Reference: UW IT Connect, Tools section for network cabling).

3. Michigan State University, Infrastructure Planning and Facilities. (2019). Telecommunication Systems Cabling Guidelines, Section 01700.

Section 1.05, "Quality Assurance," subsection A.3, specifies required test equipment for cable installers, which includes a "wire mapping tester with tone generation." This indicates that tone generation is a standard, required method for identifying and verifying cable runs in a professional installation environment.