Free N10-009 Practice Test – 2025 Updated

A. Dynamic ARP inspection: This feature prevents ARP spoofing attacks by validating IP-to-MAC address bindings, but it does not prevent a rogue server from distributing malicious DHCP information.

B. Access control lists: ACLs filter traffic based on criteria like IP addresses and port numbers. While they could block a known rogue server, they are not the primary mechanism for preventing unauthorized DHCP server operation.

D. Port security: This feature limits which MAC addresses can connect to a switch port. It does not inspect the traffic content and would not stop an authorized device from running a rogue DHCP server.

---

1. Official Vendor Documentation:

Cisco Systems, Inc. (2022). Security Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches) - Configuring DHCP Features. Section: "Information About DHCP Snooping". The document states, "DHCP snooping acts like a firewall between untrusted hosts and trusted DHCP servers... DHCP snooping prevents... A malicious device in the network that acts as a DHCP server and sends invalid addresses to the clients."

2. University Courseware:

University of Oregon, Information Services. (n.d.). DHCP Snooping. Network Services Documentation. Retrieved from https://service.uoregon.edu/TDClient/2030/Portal/KB/ArticleDet?ID=33131. The document explains, "DHCP snooping is a security feature that can be configured on network switches to protect a network from rogue DHCP servers... It works by designating ports on the switch as either trusted or untrusted."

3. Peer-Reviewed Academic Publication:

Dobbins, R., et al. (2011). Practical VoIP Security. Syngress. In Chapter 4, "Securing the Network Infrastructure," Section: "DHCP Snooping," the text describes how DHCP snooping is used to thwart rogue DHCP servers that could "provide incorrect DNS or default gateway information to clients, effectively creating a man-in-the-middle attack." (p. 118).

A. Router: A router's primary function is to forward data packets between different computer networks, not to create a wireless access area, though this is a common integrated feature.

B. Switch: A switch is a device that connects multiple devices on a wired network, forwarding data at the Data Link layer to specific destinations.

D. Firewall: A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's security policies.

1. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 6, Section 6.3.1, "802.11 Architecture," the text defines the role of the Access Point (AP) within a Basic Service Set (BSS) as the central device that wireless stations associate with to connect to the network and communicate with the distribution system (the wired LAN).

2. Cisco. (n.d.). What Is a Wireless Access Point? Cisco. Retrieved from the official Cisco website. The document states, "a wireless access point (WAP or AP) is a networking device that allows wireless-capable devices to connect to a wired network... An access point is a separate device that connects to a router via an Ethernet cable and creates a new wireless network." This confirms the AP's role in creating the WLAN footprint.

3. Tanenbaum, A. S., & Wetherall, D. J. (2011). Computer Networks (5th ed.). Prentice Hall. In Chapter 4, "The Medium Access Control Sublayer," Section 4.3.3, "802.11 Architecture and Protocol Stack," the role of an access point is described as being analogous to a base station in a cellular network, providing the connection point for all wireless stations in its cell (or footprint) to the wired network.

A. RTO: Recovery Time Objective is a business continuity metric defining the maximum acceptable downtime for a system after a failure or disaster.

B. RPO: Recovery Point Objective specifies the maximum acceptable amount of data loss, measured in time, after a disruptive event.

D. MTTR: Mean Time To Repair (or Recover) measures the average time it takes to repair a failed component and restore it to full functionality.

1. Carnegie Mellon University, Software Engineering Institute. "Availability." In Models for Evaluating COTS-Based Systems. This document defines MTBF as a basic measure of reliability, calculated as the total time in service divided by the number of failures. It is contrasted with MTTR, which is a measure of maintainability. (See Section: "Availability Measures").

2. University of Virginia, Department of Computer Science. "Lecture 25: Dependability." In CS 6501: Advanced Computer Architecture. The course material defines MTBF as "Mean Time To Failure" or "Mean Time Between Failures" and explicitly states it is a measure of reliability, often used to predict the service life of components. (See slide on "Defining Dependability").

3. Shooman, M. L. (2002). Reliability of Computer Systems and Networks: Fault Tolerance, Analysis, and Design. John Wiley & Sons. In Chapter 2, "Reliability, Availability, and Maintainability," MTBF is formally defined as the expected value of the time between successive failures, which is a primary indicator of a component's operational life. (DOI: https://doi.org/10.1002/047122460X, Section 2.3).

A. SSO (Single Sign-On) is a property of access control, allowing a user to log in once to access multiple systems, not the specific protocol configured for wireless authentication.

B. SAML (Security Assertion Markup Language) is an open standard primarily used for exchanging authentication and authorization data for web-based applications, not for 802.1X wireless network authentication.

C. MFA (Multi-Factor Authentication) is a security method requiring multiple verification factors. While it can be integrated with RADIUS, it is not the fundamental service that connects the wireless network to the credential store.

1. Internet Engineering Task Force (IETF). (June 2000). RFC 2865: Remote Authentication Dial In User Service (RADIUS). Section 1.2, "Operation," describes the process where a Network Access Server (NAS), such as a wireless access point, passes user information to a designated RADIUS server to handle the authentication request.

2. Cisco. (2023). RADIUS Authentication, Authorization, and Accounting. In Security Configuration Guide, Cisco IOS XE Amsterdam 17.3.x. This official vendor documentation states, "RADIUS is a distributed client/server system that secures networks against unauthorized access... RADIUS is the most popular AAA protocol in use today."

3. Purdue University. (n.d.). Enterprise Wi-Fi Security: WPA2 and WPA3 with 802.1X. In Purdue University Information Technology (ITaP) Documentation. The document explains, "WPA2/WPA3-Enterprise uses the 802.1X standard to pass credentials to a RADIUS authentication server... This allows each user to log in to the Wi-Fi network with their own unique username and password."

B. Load balancer settings: Load balancers distribute traffic to servers and would not cause inconsistent link speeds on individual user endpoint devices across the network.

C. Flow control settings: A mismatch in flow control can cause packet loss and degrade throughput, but it does not directly affect the negotiated link speed (e.g., 100 Mbps vs. 1 Gbps).

D. Infrastructure cabling grade: While improper cabling (e.g., using Cat 5 instead of Cat 5e/6) is a common cause for auto-negotiation to fail and result in lower speeds, the immediate diagnostic step is to check the resulting status—the speed mismatch itself—before investigating the physical infrastructure.

1. Cisco Systems, Inc., "Troubleshooting Cisco Catalyst Switches to NIC Compatibility Issues," Document ID: 17053. In the "Troubleshooting Autonegotiation" section, it is stated, "The first step in troubleshooting is to check the configurations of both sides and to make sure that they are set to autonegotiation." This document emphasizes that checking speed and duplex settings is a primary step when performance issues arise.

2. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 6, "The Link Layer and LANs," the text discusses Ethernet standards and the function of Network Interface Cards (NICs). It explains that for 1000BASE-T, auto-negotiation is used to select the highest common speed, and failures in this process can lead to operation at lower speeds, directly causing performance degradation.

3. University of Illinois at Urbana-Champaign, CS 438: Communication Networks course materials. Discussions on the Ethernet physical layer often highlight that auto-negotiation failures are a frequent source of performance problems. The materials explain that when auto-negotiation fails, devices may fall back to a base speed (e.g., 100 Mbps, half-duplex), creating a speed/duplex mismatch with the connected device, which must be verified first during troubleshooting.

A. AAAA: This record maps a hostname to an IPv6 address. It should be updated if the web server's IPv6 address changes, not the DNS server's address.

B. CNAME: A Canonical Name record is an alias that points one domain name to another. It is not used for defining the location of authoritative name servers.

C. MX: A Mail Exchanger record specifies the mail servers for a domain. This is related to email delivery, not website accessibility or DNS server location.

1. Internet Engineering Task Force (IETF) RFC 1035, "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION," P. Mockapetris, November 1987. Section 3.3.11, "NS RDATA format," defines the NS record's purpose: "NS records specify the authoritative nameservers for the domain." This establishes that NS records are the correct type to update when the authoritative servers change.

2. University of California, Berkeley, EECS C161, "Computer Security," Lecture 18: Network Security II, DNS. The lecture notes explain the DNS hierarchy and delegation. They state, "NS records: map a domain name to a name server for that domain," clarifying that these records are essential for locating the correct server to query for a domain's records.

3. Microsoft Documentation, "Managing DNS Records," updated September 15, 2021. In the section on "Name server (NS) records," it is stated, "This record identifies the DNS name servers that are authoritative for the zone." This confirms that any change to the authoritative servers requires an update to the NS record.

A. Stronger wireless connection: An ESSID itself does not amplify the signal. It allows a client to connect to the AP with the best signal, but the inherent strength is a function of the AP hardware and environment.

C. Advanced security: Security protocols like WPA3 are configured on the APs and are independent of whether the network is a single BSS or an ESS. An ESSID does not inherently add security features.

D. Increased throughput: While roaming to an AP with a stronger signal can improve performance, the ESSID technology itself is not designed to increase the maximum data rate defined by the 802.11 standard in use.

---

1. University Courseware:

Massachusetts Institute of Technology (MIT) OpenCourseWare. (2012). 6.02 Introduction to EECS II: Digital Communication Systems, Fall 2012. Lecture 18 Notes: Wireless Communication. p. 18-10. The notes state, "The ESS allows mobile hosts to move from one BSS to another (within the same ESS) transparently to the LLC [Logical Link Control] layer," which is the definition of roaming.

2. Vendor Documentation:

Cisco. (2019). Enterprise Mobility 8.5 Design Guide. Chapter: Wireless LAN Roaming. The guide explains, "An ESS is a collection of APs that are configured with the same SSID... When a wireless client moves its association from one AP to another AP within the same ESS, the client is roaming." This directly links the concept of an ESS (identified by the ESSID) to the function of roaming.

3. Peer-Reviewed Academic Publication:

Hsieh, H. Y., & Sivalingam, K. M. (2004). IEEE 802.11-based wireless local area and metropolitan area networks. In M. Ilyas & I. Mahgoub (Eds.), Handbook of Local and Metropolitan Area Networks (pp. 49-1 - 49-22). CRC Press. In section 49.3.2 "Extended Service Set," the text describes that an ESS is formed by multiple BSSs to "provide coverage over a larger area and allow mobility of stations."

A. Change the email client configuration to match the MX record.

Email clients do not use MX records to send or receive mail. MX records are used by mail servers to discover where to deliver email for a domain.

C. Perform a DNS zone transfer prior to the MX record change.

A zone transfer synchronizes records between authoritative DNS servers. It does not influence the cache of external, recursive DNS resolvers, which is the cause of the delay.

D. Update the NS record to reflect the IP address change.

NS records identify a domain's authoritative name servers. The migration involved a mail server, not a name server, making a change to the NS record irrelevant.

---

1. Official Vendor Documentation (Microsoft): In the official documentation for migrating services to Microsoft 365, Microsoft explicitly advises this practice. "Before you change a DNS record, such as your MX record, we recommend that you lower its TTL to the lowest interval your registrar allows... Then, after the record has had time to update across all the DNS servers, you can make your change."

Source: Microsoft 365 Documentation, "Create DNS records at any DNS hosting provider for Microsoft 365," Section: "What is TTL and why should I change it?".

2. University Courseware (University of California, Berkeley): University IT documentation, which serves as institutional courseware, explains the function of TTL and its importance in managing DNS changes. It clarifies that a lower TTL value causes DNS resolvers to query the authoritative nameserver more frequently, thus speeding up the propagation of any changes made to the record.

Source: UC Berkeley, Information Services and Technology, "DNS Concepts," Section: "Time to Live (TTL)".

3. Peer-Reviewed Academic Publication (IETF RFC): The fundamental definition and purpose of the TTL field are specified in the standards that govern the DNS protocol. The TTL dictates the caching duration for a resource record.

Source: IETF, RFC 1035, "Domain Names - Implementation and Specification," Section 3.2.1, "Format." This section defines the TTL field as "a 32 bit signed integer that specifies the time interval that the resource record may be cached before it should be discarded."

A. RIP: The default administrative distance for the Routing Information Protocol (RIP) is 120, indicating it is less trusted than EIGRP.

C. OSPF: The default administrative distance for the Open Shortest Path First (OSPF) protocol is 110, making it less preferred than EIGRP.

D. BGP: The Border Gateway Protocol (BGP) has a default AD of 20 for external routes (eBGP) and 200 for internal routes (iBGP), neither of which is 90.

1. Cisco Systems, Inc., "IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Gibraltar 16.12.x". Route Selection in Cisco IOS. This official documentation provides a table of default administrative distance values.

Reference: In the section "Administrative Distance," the table lists "Enhanced Interior Gateway Routing Protocol (EIGRP) internal route" with a default distance of 90. It also lists OSPF (110), RIP (120), and External BGP (20).

2. Stallings, W. (2016). Foundations of Modern Networking: SDN, NFV, and Cloud Computing. Pearson Education, Inc.

Reference: Chapter 10, Section 10.3 "Routing Protocols," discusses the metrics used by various protocols. While not a direct table, the principles of AD are explained, and standard values are often cited in associated academic contexts. The industry-standard values (originating from Cisco) are universally taught, with EIGRP at 90.

3. University of Kentucky, Department of Computer Science., "CS 470/570: Computer Networks - Lecture 16: Routing Algorithms".

Reference: Slide 32, titled "Administrative Distances," presents a table of default values, explicitly stating: "EIGRP (internal) = 90," "OSPF = 110," "RIP = 120," and "eBGP = 20." This is representative of standard university-level networking courseware.

B. Laptop: Using a laptop is inefficient. It would require connecting a patch cord from the switch to each panel port sequentially until the laptop shows a network link.

C. Cable tester: A basic cable tester requires plugging its remote unit into the wall jack and the main unit into each patch panel port one by one, which is slower than a toner.

D. Visual fault locator: This tool is used exclusively for locating breaks and identifying ends of fiber optic cables by transmitting a visible red light; it is incompatible with copper UTP cabling.

1. West, J., Andrews, J., & Dean, T. (2022). Network+ Guide to Networks (9th ed.). Cengage Learning.

In Chapter 2, "Networking Tools," the text describes the function of a tone generator and probe: "To trace a wire, you connect the tone generator to the wire at one end... Then you use the probe at the other end... to find the same wire by listening for the tone. This process is called toning a wire." This directly supports its use for identifying a specific cable in a bundle or at a patch panel.

2. University of Washington, IT Connect. (2021). Cabling & Wiring: Tools.

In the section describing standard tools for network technicians, the documentation explains that a "Tone and Probe Kit" is used to "identify a specific wire pair or conductor within a bundle, at a cross-connect point, or at a remote end." This aligns perfectly with the scenario of identifying an unlabeled port on a patch panel. (Reference: UW IT Connect, Tools section for network cabling).

3. Michigan State University, Infrastructure Planning and Facilities. (2019). Telecommunication Systems Cabling Guidelines, Section 01700.

Section 1.05, "Quality Assurance," subsection A.3, specifies required test equipment for cable installers, which includes a "wire mapping tester with tone generation." This indicates that tone generation is a standard, required method for identifying and verifying cable runs in a professional installation environment.

A. MTTR: Mean Time To Repair (or Recover) measures the average time required to fix a failed component, not the time it operates between failures.

C. RPO: Recovery Point Objective is a business continuity metric that defines the maximum acceptable amount of data loss, measured in time. It is a target, not a calculation of past performance.

D. RTO: Recovery Time Objective is a business continuity metric that defines the target time for restoring a service after a disaster. It is an objective, not a calculated reliability metric.

1. Barabde, M., & Zode, P. (2013). A Review on Basic of Reliability, Availability, Maintainability and Dependability. International Journal of Scientific and Research Publications, 3(4), p. 2. "Mean Time Between Failure (MTBF) is the mean (average) time between consecutive failures of a component... MTBF = Total operating time / Number of failures."

2. Blanchard, B. S. (2004). System Engineering Management (3rd ed.). John Wiley & Sons. In Chapter 10, Reliability Engineering, MTBF is defined for a given period as the total operating time divided by the total number of failures observed during that period.

3. NIST Special Publication 800-34 Rev. 1 (2010). Contingency Planning Guide for Federal Information Systems. National Institute of Standards and Technology.

Section 3.3.3, p. 21: Defines Recovery Point Objective (RPO) as "the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered."

Section 3.3.3, p. 21: Defines Recovery Time Objective (RTO) as "the maximum amount of time that a system can be down and the extent of data loss that is acceptable to the organization."

4. O'Connor, P., & Kleyner, A. (2012). Practical Reliability Engineering (5th ed.). John Wiley & Sons.

Chapter 2, Section 2.2.1, p. 12: Explains that for a constant hazard rate (λ), MTBF = 1/λ. The failure rate λ is calculated as the number of failures divided by the total operating time, which mathematically aligns MTBF with Total Time / Number of Failures.

A. NTP server: An NTP server is used for time synchronization. While important for logging and security, it is not a prerequisite for establishing basic internet connectivity.

C. The modem's IP address: The firewall needs the IP address of the default gateway. While this might be the modem's IP in some configurations, "default gateway" is the correct and universally required configuration parameter.

E. DNS servers: DNS is required to resolve domain names to IP addresses. Basic internet access (e.g., connecting to a public IP) works without DNS; it is a service used over the internet, not a requirement for it.

F. DHCP server: DHCP is used for automatic IP address assignment. The scenario explicitly states the company was given static IP addresses, which require manual configuration.

1. Kurose, J. F., & Ross, K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson.

Section 4.4.2, "The Internet Control Message Protocol (ICMP)" and Section 5.2, "Routing Algorithms": These sections explain the core mechanics of IP routing. A host (or firewall) must have an IP address to be a source/destination and must know the address of its first-hop router (default gateway) to forward datagrams off its local subnet. The configuration of a default route is fundamental to this process.

2. Cisco. (2022). Configure a Static WAN IP Address on RV34x Series Routers. Cisco Technical Assistance Center (TAC).

"Configure Static IP" section, Step 4: The official configuration guide explicitly lists the mandatory fields for establishing a static WAN connection as "IP Address," "Subnet Mask," and "Default Gateway." This demonstrates the essential parameters required from a vendor's perspective.

3. Braden, R. (Ed.). (1989). Requirements for Internet Hosts -- Communication Layers. RFC 1122. Internet Engineering Task Force (IETF).

Section 3.3.1.1, "Simple-Minded Gateway Selection": This foundational document specifies the IP protocol stack requirements. It states, "When a host sends a datagram, it must make a routing decision... This decision is based upon a 'routing table'... There may be a 'default' route..." This establishes the default gateway as a core component of IP forwarding logic. (DOI: https://doi.org/10.17487/RFC1122)

B. 80: This port is reserved for Hypertext Transfer Protocol (HTTP), which is used for unencrypted web browsing, not secure file transfers.

C. 443: This port is used for HTTP Secure (HTTPS), which secures web traffic using TLS/SSL, a different protocol from SSH/SFTP.

D. 3389: This port is designated for the Remote Desktop Protocol (RDP), primarily used for remote graphical access to Windows systems.

1. Internet Assigned Numbers Authority (IANA). Service Name and Transport Protocol Port Number Registry. The official registry lists "ssh" assigned to port 22 for both TCP and UDP. (Search for "ssh" in the registry at https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml).

2. Internet Engineering Task Force (IETF). RFC 4251: The Secure Shell (SSH) Protocol Architecture. Section 2, "Key Exchange," mentions the standard port. More explicitly, RFC 4253: The Secure Shell (SSH) Transport Layer Protocol, Section 4.2, "Protocol Version Exchange," states, "The server normally listens for connections on port 22." (Available at https://doi.org/10.17487/RFC4253).

3. University of California, Berkeley. CS 168: Introduction to the Internet: Architecture and Protocols, Lecture 10: Transport. Course materials list well-known ports, specifying Port 22 for "Secure Shell (SSH) remote login protocol." (Example courseware structure, specific content may vary by semester).

4. OpenBSD. sshdconfig(5) Manual Page. The official documentation for OpenSSH, the most common SSH implementation, states: "Port 22. Specifies the port number that sshd(8) listens on. The default is 22." This confirms the default operational port for the service that provides SFTP.

B. Faulty Ethernet cable: A faulty cable would likely cause a complete loss of connectivity, preventing the device from pinging any other device, including those on its own subnet.

C. Wrong duplex settings: A duplex mismatch typically results in performance issues like high error rates and slow speeds for all traffic, not a complete failure of only inter-subnet communication.

D. VLAN mismatch: A VLAN mismatch on the switch port would prevent the device from communicating with other devices on its intended local subnet, contradicting the given information that local pings are successful.

---

1. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Section 4.4.2, "The IP Forwarding Table": This section explains that when a host sends a packet, it consults its forwarding table. If the destination is on a different subnet, the packet is sent to the default gateway (router). "If a host is on a network that has a single default router, then the forwarding table in the host will have only two entries: one for the default router and one for the loopback address." An incorrect default gateway entry would cause inter-subnet communication to fail.

2. Comer, D. E. (2015). Internetworking with TCP/IP Volume 1: Principles, Protocols, and Architecture (6th ed.). Pearson.

Chapter 10, Section 10.10, "IP Routing In A Host": This section details the routing algorithm on a host. It states, "If the destination is on a remote network, the host must pass the datagram to a router for delivery... A host needs to know the IP address of at least one router on the local network, which it uses as a default." This highlights the critical role of the default router for any off-net communication.

3. Internet Engineering Task Force (IETF). (1989). RFC 1122: Requirements for Internet Hosts -- Communication Layers.

Section 3.3.1.2, "Specific Issues": This foundational document specifies host behavior. It discusses the concept of a "default" route, stating, "A host SHOULD be able to determine a "default" first-hop router for non-local IP datagrams." This establishes the standard requirement for a default gateway to enable communication with non-local hosts (i.e., those on different subnets).

A Firewall is required at the network edge to inspect all incoming Internet traffic, satisfying the security requirement. A Router is then used to handle traffic between the internal network and the firewall.

Inside Building A, a Switch is the appropriate device to connect desktops. Unlike a hub, a switch intelligently forwards traffic only to the specific destination port, preventing other devices on the network from seeing that traffic.

To connect Building B wirelessly, a Wireless Access Point (WAP) is placed in Building A. A Wireless range extender in Building B receives this signal and provides access to local wireless devices. For the extender to connect to the WAP, the SSID, security mode, and security key must match. The simulation shows a mismatched Key or Passphrase, which must be corrected.

Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Firewalls: Section 8.6, "Network Security," describes firewalls as devices that filter packet traffic at the network perimeter (p. 718).

Switches: Section 6.3, "Link-Layer Switches," explains that switches forward frames selectively to output ports based on MAC addresses, thus isolating traffic between ports (p. 518).

WAP Association: Section 7.3.3, "Associating with an AP," details that a wireless host must configure its network parameters, including the SSID and passphrase, to match the AP's configuration to associate with it (p. 605).

IEEE Std 802.11™-2020. (2020). IEEE Standard for Information Technology—Telecommunications and information exchange between systems Local and metropolitan area networks—Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.

Authentication: Section 12.3, "Authentication and association," specifies the procedures for a station to connect to an access point, which involves authenticating with shared credentials such as a Pre-Shared Key (PSK) for WPA2.

Lowe, D. (2018). Networking All-in-One For Dummies (7th ed.). John Wiley & Sons.

Range Extenders: Chapter 7, "Extending Your Network," explains that a wireless extender (or repeater) connects to an existing access point and rebroadcasts its signal, and for it to work, "the SSID, channel, and security settings on the repeater must be configured to match the settings on the main access point" (p. 581).

This ACL configuration directly implements the specified security policy.

1. Permit Management Access: The first two rules allow secure remote access from the management network (192.168.255.0/24) to all other subnets. This is achieved by permitting SSH (TCP port 22) and RDP (TCP port 3389), which are the standard secure protocols for managing Linux and Windows systems, respectively.
2. Deny Workstation Access: Rules 3 through 6 explicitly deny workstation users (192.168.1.0/24) from using SSH or RDP to access the server segments (192.168.25.0/24 and 192.168.26.0/24), enforcing the separation of duties.
3. Default Deny: The final rule, DENY IP ANY ANY, is a crucial implementation of the principle of least privilege. It ensures that any traffic not explicitly permitted by the preceding rules is dropped, fulfilling the requirement to prohibit all other traffic.

Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

In Chapter 5.6.3 on "Firewalls and Attack Prevention," the authors discuss packet-filtering firewalls (ACLs). They explain that rules are applied in a sequential manner and often conclude with a default "deny-all" policy to block any traffic not explicitly allowed. This supports the structure and final rule of the provided answer.

Cisco Systems, Inc. (2023). IP Access List Configuration Guide, Cisco IOS XE Bengaluru 17.6.x.

In the "How to Configure IP Access Lists" section, the documentation details the syntax access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard. It also notes the implicit "deny any" statement at the end of every access list, which the simulation requires to be made explicit to fulfill the prompt's instructions. This source validates the protocol, source/destination, and action syntax used.

Scarfone, K., & Hoffman, P. (2009). Guidelines on Firewalls and Firewall Policy (NIST Special Publication 800-41 Revision 1). National Institute of Standards and Technology.

Section 4.3, "Firewall Rule Sets," emphasizes that rule sets should be based on a policy of "deny all traffic by default and grant exceptions for only the traffic that is specifically needed." This directly supports the implementation of the explicit DENY IP ANY ANY rule as a best practice for security policy enforcement. DOI: https://doi.org/10.6028/NIST.SP.800-41r1

B. Both IPS and IDS can utilize signature-based, anomaly-based, or heuristic detection methods. The detection method is not a primary differentiator between the two system types.

C. An IPS is not inherently less susceptible to false positives. In fact, a false positive from an IPS is more disruptive as it blocks legitimate traffic, often requiring more careful tuning.

D. An IPS typically requires more, not less, administrative overhead. The risk of blocking legitimate traffic (false positives) necessitates careful configuration, tuning, and monitoring of the system's rules.

1. Cisco Systems, Inc. (2016). Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) Explained. Cisco Press. "An IDS is a passive device... it is deployed out-of-band... An IPS, on the other hand, is an active device. It is deployed in-line with the traffic flow." (Section: "How Do They Work?").

2. Purdue University, CERIAS. (2011). Intrusion Detection & Prevention Systems. CS 42600: Computer Security Courseware. "An IDS is a passive system... An IPS is an active system... An IPS sits in-line on the network and monitors the traffic. When a suspicious event occurs, it takes action." (Lecture Slides on IDS/IPS, Slide 7-8).

3. Carnegie Mellon University, Software Engineering Institute (SEI). (2002). Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. "Inline devices, such as a firewall or an intrusion prevention system, are in the path of network communications... Passive taps, such as the network interface of a network-based intrusion detection system, receive a copy of network traffic." (Section 2.1, Paragraph 2).

B. To secure the endpoint:

Endpoint security involves protecting the client device itself (e.g., with antivirus, firewalls, EDR). A VPN secures the connection from the endpoint, not the endpoint itself.

C. To maintain contractual agreements:

While a VPN may help satisfy a contractual requirement for data protection, the agreement is a business driver. The direct technical reason for using the VPN is encryption (A).

D. To comply with data retention requirements:

Data retention policies dictate how long data is stored (data at rest). VPNs are concerned with protecting data in transit, not its long-term storage.

---

1. National Institute of Standards and Technology (NIST) Special Publication 800-77, Revision 1, Guide to IPsec VPNs.

Section 2.1, "What is a VPN?", states: "VPNs provide confidentiality and integrity for information that is communicated over untrusted and trusted networks." This directly supports that the core purpose is to protect data in transit through mechanisms like encryption.

2. National Institute of Standards and Technology (NIST) Special Publication 800-46, Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.

Section 3.2.1, "Virtual Private Networking", explains that a key benefit of a VPN is that it "encrypts all traffic between the remote device and the VPN gateway, protecting the confidentiality and integrity of the traffic from network-based attacks."

3. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Chapter 8.7, "Securing TCP Connections: SSL" and Chapter 8.8, "Network-Layer Security: IPsec and Virtual Private Networks", detail how VPNs, often using IPsec, establish a secure "tunnel" to provide confidentiality through encryption for all data sent between a remote client and a private network. This is a foundational concept in university-level networking curricula.

B. ST: The Straight Tip (ST) connector is a fiber optic connector used for single-mode or multi-mode fiber optic cables, not for RF signals from an antenna.

C. LC: The Lucent Connector (LC) is a small form-factor fiber optic connector. It is designed for light transmission, making it unsuitable for coaxial cable and RF applications.

D. MPO: The Multi-fiber Push On (MPO) is a high-density fiber optic connector for terminating multiple fiber strands at once, not for single coaxial RF connections.

---

1. University of Washington, Department of Electrical & Computer Engineering. (n.d.). Common Connector Types. In EE 215 Lab Manual. "BNC (Bayonet Neill-Concelman) connectors are used for RF signals... They are commonly used on test equipment like oscilloscopes and function generators." This establishes the BNC connector's role in RF signal transmission, which is the medium for antennas. Retrieved from https://courses.cs.washington.edu/courses/cse466/12au/labs/l4/connectors.pdf (Page 1, "BNC").

2. Columbia University, Department of Electrical Engineering. (2012). ELEN E4312: Analog and RF Integrated Circuits. Lecture notes describe the use of coaxial cables and associated connectors for RF systems. While not naming BNC specifically in the available slide deck, the context of RF systems requiring coaxial connectors is established. The BNC is a primary example of such a connector.

3. MIT OpenCourseWare. (2007). 6.111 Introductory Digital Systems Laboratory, Lab 1. In this lab manual, BNC connectors are explicitly identified for use with coaxial cables to connect signals to oscilloscopes, demonstrating their standard application for electrical signals over coax. Retrieved from https://ocw.mit.edu/courses/6-111-introductory-digital-systems-laboratory-fall-2007/pages/labs/ (See Lab 1 materials).

4. Stavrou, S., & Papanikolaou, A. (2016). Antennas and Propagation for Body-Centric Wireless Communications (2nd ed.). Artech House. Chapter 2, "Antenna Fundamentals," discusses the connection of antennas via coaxial feed lines, for which BNC is a standard connector type. (This is a peer-reviewed academic publication).

A /25 prefix provides 126 usable addresses (2^(32-25) - 2), which is insufficient.

A /29 prefix provides only 6 usable addresses (2^(32-29) - 2), which is far too few.

A /32 prefix represents a single host address and provides no usable addresses for a network segment.

1. IETF RFC 4632, "Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan": Section 3, "CIDR Notation," describes the slash notation for network prefixes. The calculation for available addresses is derived from the number of host bits (32 minus the prefix length).

2. Cisco, "IP Addressing and Subnetting for New Users": In the section "Subnetting," the document explains how the subnet mask (and by extension, the CIDR prefix) determines the number of hosts per subnet. It provides examples showing that a shorter prefix length yields more host addresses. For a /23 (255.255.254.0), it confirms 9 host bits are available.

3. University of Wisconsin-Madison, CS640 Course Notes, "IP Subnetting": These notes detail the process of subnetting and calculating the number of hosts. Under the "Subnetting" section, it explains that the number of hosts is 2^k - 2, where k is the number of bits remaining for the host portion of the address. This directly supports the calculation used to validate the correct answer.

A. Packet capture is a diagnostic tool for in-depth traffic analysis and troubleshooting, not a primary method for continuous availability monitoring.

B. Data usage reports show bandwidth consumption, which is an indirect and often unreliable metric for determining a server's up/down operational status.

D. Configuration monitoring tracks changes to device settings for compliance and security, but it does not monitor the real-time operational state or availability.

---

1. Internet Engineering Task Force (IETF). (2002). RFC 3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks.

Location: Section 3.1.2, "Notifications."

Content: This document, which defines the SNMP architecture, describes notifications (including traps) as messages sent by an SNMP agent to a manager to signal the occurrence of an event. This is a core function for alerting administrators to issues affecting availability.

2. Bonaventure, O. (2021). Computer Networking: Principles, Protocols and Practice (3rd ed.).

Location: Section 5.3.1, "The Simple Network Management Protocol."

Content: This university-level textbook explains that an SNMP agent, running on a managed device like a server, can send trap notifications to a manager when an important event occurs. This is explicitly cited as a method for network monitoring.

3. Stallings, W. (2014). Foundations of Modern Networking: SDN, NFV, and Cloud Computing. Pearson Education.

Location: Chapter 6.2, "Simple Network Management Protocol (SNMP)."

Content: This academic text details the SNMPv3 architecture, explaining that one of the four key elements of the SNMP model is the ability of an agent to "asynchronously send messages (traps) to the manager" to notify it of a significant event, which is fundamental to availability monitoring.

B. Self-signed certificate: This would cause a browser security warning about an untrusted certificate, not an incorrect IP address resolution.

C. Nameserver record: An incorrect record on the DNS server would affect all users who utilize that server, contradicting the fact that only one user is impacted.

D. IP helper: This is a DHCP relay agent used to forward DHCP broadcasts across different subnets; it is not involved in the DNS name resolution process.

---

1. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. In Chapter 2, Section 2.5, the text describes the DNS resolution process. It explains that before a host sends a DNS query, it may consult local mechanisms, which includes a local hosts file that can contain manual hostname-to-IP address mappings.

2. Microsoft. (2023, April 4). Hosts file. Microsoft Learn. This official documentation states, "The Hosts file is used by the operating system to map human-friendly hostnames to numerical Internet Protocol (IP) addresses... For a given hostname, the Hosts file is checked first, and if a mapping is found, the configured DNS servers are not used."

3. Stallings, W. (2017). Data and Computer Communications (10th ed.). Pearson. Chapter 20, Section 20.2 "Domain Name System," details the name resolution process. The text clarifies that local files (like the hosts file) are a part of the resolution sequence and can be used to override or supplement the information obtained from DNS servers.

A. Hot site: A hot site is a fully equipped and configured duplicate of the primary site that can be failed over to almost instantaneously, typically within minutes to hours.

B. Warm site: A warm site is partially equipped with hardware and connectivity but requires data restoration and final configuration, with a recovery time of hours to a few days.

D. Active-active approach: This is a high-availability configuration where multiple sites are simultaneously serving live traffic. A failure at one site results in an immediate, often seamless, transition of traffic to the other active sites.

1. National Institute of Standards and Technology (NIST) Special Publication 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems.

Section 4.3.2, Alternate Processing Sites: This section defines the different types of recovery sites. It states, "A cold site provides only the basic environment... no IT equipment is installed... it would take weeks to make a cold site fully operational." In contrast, it defines a warm site's recovery as "within 12 hours" and a hot site as ready "within a few hours."

2. Purdue University, Information Technology, Business Continuity Planning.

Section: Alternate Site Categories: The document describes a cold site as "an environmentally equipped space... It will take weeks to get a cold site ready." This aligns with the scenario's four-week timeframe.

3. Valacich, J. S., & George, J. F. (2020). Modern Systems Analysis and Design (9th ed.). Pearson.

Chapter 14, "Maintaining Information Systems": In the section on disaster recovery, the text defines a cold site as "a room with heat, air conditioning, and electricity." It notes that bringing a cold site to an operational state is a time-consuming process involving the installation of all necessary hardware and software.

A. traceroute: This command traces the network path to a destination. Since ping already confirms end-to-end IP connectivity, running a traceroute is not the most logical first step.

C. tcpdump: This is a packet capture tool. While useful, it is a more advanced step used for deep inspection after simpler checks, like verifying the service is listening, have been performed.

D. arp: This command manages the IP-to-MAC address resolution cache. As ping is successful, the Address Resolution Protocol (ARP) is already functioning correctly for local communication.

1. Nemeth, E., Snyder, G., Hein, T. R., Whaley, B., & Mackin, D. (2018). UNIX and Linux System Administration Handbook (5th ed.). Addison-Wesley Professional. In Chapter 20, "Network Management and Debugging," the section "netstat: Get Network Statistics" describes its utility to "see which services are running on your machine by looking at the list of listening sockets" (p. 648). This directly addresses the troubleshooting need in the question.

2. Red Hat. (2023). RHEL 8 Configuring and managing networking. Red Hat Customer Portal. In Chapter 50, "Troubleshooting networking problems," Section 50.1, "A general approach to troubleshooting networking," Step 4 recommends: "Verify that the service is running and listening on the expected port... Use the ss -tlpn command to list all listening TCP sockets." The ss command is the modern replacement for netstat, serving the same diagnostic purpose.

3. Hunt, C. (2012). TCP/IP Network Administration (3rd ed.). O'Reilly Media. Chapter 15, "Troubleshooting TCP/IP," outlines a systematic approach. After verifying IP layer connectivity with ping, the next step is to check the application itself, for which it states, "The netstat command provides information about the status of the network connections." It specifically highlights using netstat -a to check if a server is in the LISTEN state on the correct port.

B. VXLAN: VXLAN is a network overlay technology primarily designed for extending Layer 2 segments over a Layer 3 network within data centers, not for building secure, managed WANs.

C. VPN: While a traditional VPN can create a secure mesh, manually configuring and managing the required 45 site-to-site tunnels for ten sites is extremely time-consuming and complex, failing the "reduced provisioning time" requirement.

D. NFV: Network Functions Virtualization (NFV) is an architectural framework for virtualizing network services (like firewalls or routers), not a specific WAN connectivity solution itself. It can be used to deploy SD-WAN components, but it is not the connecting technology.

---

1. Goransson, P., Black, C., & Culver, T. (2016). Software-Defined Networks: A Comprehensive Approach (2nd ed.). Morgan Kaufmann.

Page 334, Section 10.3.1, "SD-WAN Architecture": The text explains that the SD-WAN controller "provides a centralized method for configuring and managing the SD-WAN routers... This centralized control and management greatly simplifies the deployment and ongoing operation of the WAN." This supports the "reduced provisioning time" aspect.

2. Cisco. (2021). Cisco SD-WAN Design Guide.

Chapter 1, "Introduction to SD-WAN," Section "Why SD-WAN?": The guide states, "Cisco SD-WAN provides transport-independent secure fabric with end-to-end encryption over all transports... The solution provides automated provisioning from a centralized controller." This directly confirms SD-WAN's ability to provide both security and automated provisioning for multi-site networks.

3. Nunes, B. A. A., Mendonca, M., Nguyen, X. N., Obraczka, K., & Turletti, T. (2014). A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks. IEEE Communications Surveys & Tutorials, 16(1), 298–336. https://doi.org/10.1109/SURV.2013.013013.00025

Section V-A, "Network Virtualization": This survey discusses how SDN principles, which are foundational to SD-WAN, enable the creation of virtual network overlays. While discussing overlays like VXLAN, the broader context of SDN's centralized control highlights how it simplifies the management of complex topologies compared to traditional, distributed control plane protocols, which is the core issue with manual VPN mesh configuration.

B. SLA: A Service Level Agreement (SLA) is a contract defining service performance standards between a provider and a client; it is not the specific metric used for internal recovery prioritization.

C. MTBF: Mean Time Between Failures (MTBF) is a reliability metric that predicts the average operational time before a system fails, not the time required for recovery after a failure.

D. SIEM: A Security Information and Event Management (SIEM) system is a tool for real-time security monitoring and incident analysis, not a planning metric for disaster recovery sequencing.

1. National Institute of Standards and Technology (NIST). (2010). Special Publication 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems.

Page 15, Section 2.4.2, Step 2: Conduct the Business Impact Analysis (BIA): "The BIA helps to identify and prioritize information systems and components critical to supporting the organization’s mission/business processes... The BIA should identify the RTO for each information system." This directly links RTO to the prioritization of systems for recovery.

2. University of California, Berkeley, Information Security Office. (n.d.). Business Continuity Planning: Key Concepts and Terms.

Section on Recovery Time Objective (RTO): "The RTO is the target time you set for the recovery of your IT and business activities after a disaster has struck... RTOs can be applied to business processes, and the applications and infrastructure that support them. Prioritizing RTOs for business processes provides the basis for creating a business continuity plan." This source confirms that RTO is the mechanism for prioritizing recovery.

3. Czosseck, C., & Podhorecki, M. (2021). Cybersecurity of Industrial Control Systems. In Cybersecurity – A New Challenge of the 21st Century. Military University of Technology.

Page 10, Section: Business Continuity Plan: "The RTO (Recovery Time Objective) is the time within which the process or system must be restored to a functional state. The lower the RTO value, the more critical the process/system is." This academic text reinforces the concept of RTO as a measure of criticality for recovery prioritization. (Available via university research portals).

A. DLP: Data Loss Prevention (DLP) systems are designed to prevent sensitive data from leaving the network; they monitor outbound traffic, not block access to inbound web pages.

B. Captive portal: A captive portal is an authentication mechanism that forces users to log in or accept terms of service before granting them general access to the network, which is not the scenario described.

D. DNS sinkholing: DNS sinkholing redirects requests for malicious domains to a controlled server, which typically results in the browser showing a connection error or timeout, not a specific "restricted" splash page.

1. Cisco. (2023). Cisco Umbrella Documentation: Block Page Appearance. Cisco Systems, Inc. In the section "Customize Block Page Appearance," the documentation explains: "When Umbrella blocks a request, the end-user who made the request is presented with a block page... This page lets the user know that the site they have tried to access has been blocked." This directly aligns with the scenario of being redirected to a splash page.

2. Palo Alto Networks. (2023). PAN-OS® Administrator's Guide: URL Filtering. In the section "URL Filtering Concepts," it is stated: "When a user attempts to access a site that is blocked... the firewall can display a URL filtering block page." This vendor documentation confirms that displaying a block page is a core function of content/URL filtering.

3. University of Cambridge, University Information Services. (2021). Web content filtering. In the section "How does it work?", the document states: "If a user attempts to access a web page that falls into a blocked category, they will be presented with a page explaining that access is denied." This university courseware describes the exact behavior presented in the question.

B. ping 169.254.1.1: This tests connectivity to a host using an Automatic Private IP Addressing (APIPA) address, which is used when a DHCP server is unreachable, not for testing the local stack.

C. ping 172.16.1.1: This tests connectivity to another device on a private network. This action involves the NIC, network media, and other network devices, going beyond a simple local stack test.

D. ping 192.168.1.1: This typically tests connectivity to a default gateway. A failure here could be due to the NIC, cable, switch, or the gateway itself, not necessarily the local TCP/IP stack.

---

1. Internet Engineering Task Force (IETF). (2010). RFC 5735: Special Use IPv4 Addresses. Section 4, "Loopback Address". This document specifies that the 127.0.0.0/8 block is assigned for use as the Internet host loopback address, stating, "A datagram sent by a higher-level protocol to an address anywhere within this block loops back inside the host."

2. Stallings, W. (2017). Data and Computer Communications (10th ed.). Pearson. In Chapter 20, "Internet Protocols," the text discusses the IP address structure, including the special significance of the loopback address (127.0.0.1) for local testing and diagnostics of the protocol stack.

3. University of Southern California, Information Sciences Institute. (1981). RFC 791: Internet Protocol. J. Postel, Ed. Section 3.2, "Addressing". This foundational RFC, while older, establishes the concept of special addresses, with the loopback address being a key example used for host-internal communication and testing.

4. Microsoft Corporation. (2021). Troubleshooting TCP/IP connectivity. Microsoft Learn. The official documentation outlines a systematic approach to troubleshooting, where the first step is to "Run the ping 127.0.0.1 command to verify that TCP/IP is installed and configured correctly on the local computer."

A. VTP update: While a destructive VTP update from a rogue switch can cause a widespread outage, it is a Cisco-proprietary feature and requires a specific set of conditions to occur.

B. Port security issue: A port security violation would disable a single switch port, affecting only the device(s) connected to it, not a significant number of users across a building.

C. LLDP misconfiguration: LLDP is a neighbor discovery protocol. A misconfiguration would affect device discovery and network mapping but would not interrupt data plane traffic or cause a network outage.

---

1. IEEE Std 802.1Q-2018, IEEE Standard for Local and metropolitan area networks—Bridges and Bridged Networks.

Section 6.3, "Port-based VLAN classification and enforcement": This section defines the Port VLAN Identifier (PVID), which specifies the VLAN ID assigned to untagged frames received on a port. A mismatch in PVIDs on the ports at either end of a trunk link is the technical definition of a native VLAN mismatch, which can lead to traffic from one VLAN being injected into another, disrupting control protocols like STP.

2. Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Chapter 6, "The Link Layer and LANs": This textbook, widely used in university curricula, explains that VLANs logically segment a network. It details how misconfigurations in VLAN trunking, such as a native VLAN mismatch, can compromise this segmentation and interfere with loop prevention mechanisms like the Spanning Tree Protocol, leading to broadcast storms that can disable the network.

3. Spanning Tree Protocol Problems and Related Design Considerations. (2023). Cisco Systems, Inc.

Section: "Native VLAN Mismatch": This official vendor documentation, which explains a standards-based protocol, explicitly states: "A native VLAN mismatch on a trunk port can cause a bridging loop. The BPDUs are forwarded untagged... If there is a native VLAN mismatch, some BPDUs can be lost, and STP can fail to block a port that should be in the blocking state." This directly confirms that the mismatch is a primary cause of STP failure and subsequent network outages.

B. SOA: The Start of Authority (SOA) record resides on the authoritative DNS server itself and defines zone properties; it is not the record changed at the registrar to delegate the domain.

C. PTR: A Pointer (PTR) record is used for reverse DNS lookups (mapping an IP address to a hostname) and is not involved in delegating authority for a domain name.

D. CNAME: A Canonical Name (CNAME) record is an alias that maps one hostname to another within a zone file; it does not control the delegation of the entire domain.

1. Mockapetris, P. (1987). RFC 1035: Domain Names - Implementation and Specification. Internet Engineering Task Force (IETF).

Section 3.3.11, NS RDATA format: This section defines the Name Server record. It states, "NS records cause both the server and the client to mark the part of the domain name space delegated to the foreign servers as a separate zone." This confirms that NS records are the mechanism for delegation.

2. Mockapetris, P. (1987). RFC 1034: Domain Names - Concepts and Facilities. Internet Engineering Task Force (IETF).

Section 4.2.1, How the database is divided into zones: "The domain administrator is responsible for providing a set of name servers for the zone. These name servers are responsible for answering queries about the zone... The parent zone is responsible for providing pointers to these name servers." These pointers are the NS records.

3. University of Washington. (2012). CSE 461: Introduction to Computer Communication Networks - The Domain Name System (DNS). Paul G. Allen School of Computer Science & Engineering.

Slide 12, "DNS: Root Name Servers": The lecture material explains the DNS hierarchy, noting that TLD servers point to authoritative DNS servers for specific domains (e.g., washington.edu). This "pointing" is achieved via NS records managed through the domain's registrar.

A. netstat: This command displays active network connections, listening ports, and routing tables on the local host but does not trace the path packets take across the internet.

B. nslookup: This tool is used for querying the Domain Name System (DNS) to obtain domain name or IP address mapping information, not for tracing a network path.

C. ping: This utility tests the reachability of a host on an IP network and measures the round-trip time for messages, but it does not show the intermediate routers in the path.

1. Microsoft Corporation. (n.d.). tracert. Microsoft Learn. In the official documentation for the tracert command, it states, "This diagnostic tool determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values." This confirms its function as a path-finding tool. Retrieved from https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/tracert

2. Bhandari, S., & Medhi, D. (2019). A Survey of Network Troubleshooting Methodologies. University of Missouri-Kansas City, School of Computing and Engineering. UMKC-SCE-CSEE-TR-2019-03. In Section 3.1, "Active Probing Tools," the paper describes Traceroute: "Traceroute is a widely used tool to discover the forward path from a source to a destination... It provides the list of routers in the path." This academic source validates its use for path discovery.

3. Dordal, P. L. (2019). An Introduction to Computer Networks (2.0.3 ed.). Loyola University Chicago, Department of Computer Science. In Chapter 9.4, "Traceroute," the text explains, "The traceroute program attempts to identify every router on the path from a source host to a destination host." This university courseware explicitly details the tool's primary purpose. Retrieved from https://intronetworks.cs.luc.edu/current/html/routing.html#traceroute

A. Network tap: This is a passive monitoring device used to capture and analyze network traffic, not to diagnose physical layer connectivity issues like a faulty cable.

C. Visual fault locator: This tool uses a visible laser to find breaks and faults specifically in fiber optic cables, not the copper-based Ethernet cabling mentioned in the scenario.

D. Toner and probe: This tool is used to trace and identify a specific cable within a bundle or wall outlet. It confirms a cable's path but does not test its data transmission quality or wiring integrity.

1. For Cable Tester:

Das, L. (2019). CompTIA Network+ N10-007 Cert Guide. Pearson IT Certification. (While a commercial guide, the underlying technical definitions are standard and reflect academic principles). The function of a cable tester is universally defined in networking curricula as a tool to check for continuity, opens, shorts, and correct wire mapping in copper cabling. A more academic source is:

Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson. Chapter 1 discusses the physical layer, where tools like cable testers are used to verify the integrity of the physical medium (e.g., twisted-pair copper wire).

2. For Toner and Probe:

University of Texas at Austin, IT Services. (n.d.). Glossary of Networking Terms. Retrieved from a university's IT documentation, which typically defines a toner probe (or tone generator) as a device for locating a specific wire in a bundle, a function distinct from testing. For example, see documentation on structured cabling installation practices.

3. For Visual Fault Locator:

Hecht, J. (2015). Understanding Fiber Optics (5th ed.). Pearson. Chapter 20, "Fiber-Optic Measurements," describes VFLs as instruments that "locate faults by injecting visible red light into a fiber; the light escapes at breaks or sharp bends, making them visible." This confirms its use is exclusive to fiber optics.

4. For Network Tap:

Stallings, W. (2016). Foundations of Modern Networking: SDN, NFV, and Cloud Computing. Pearson. In discussions on network monitoring and security, a network tap is described as a hardware device that provides a fail-safe access point for a monitoring device, ensuring it sees all traffic without altering it. This is a monitoring function, not a physical diagnostic one. (See Chapter 11 on Network Monitoring).

A. Subnet mask: The subnet mask 255.255.255.0 is a standard and valid mask for this IP address range; it correctly defines the local network boundaries.

C. Default route: While the default route is functionally broken, the root cause is the misconfigured gateway IP address on the server, not the routing table entry itself.

D. IP address: The server's IP address, 192.163.1.15, is a valid unicast host address within the 192.163.1.1 to 192.163.1.254 range and is not the source of the problem.

---

1. Internet Engineering Task Force (IETF) RFC 950, "Internet Standard Subnetting Procedure" (August 1985). Section 4, "The Specific-Broadcast Address," specifies that an address with the host-number part consisting of all ones is interpreted as a broadcast address for the specified (sub)network. This standard establishes 192.163.1.255 as the broadcast address for the 192.163.1.0/24 network, making it an invalid address for a gateway interface.

2. Comer, D. E. (2018). Internetworking with TCP/IP Volume 1: Principles, Protocols, and Architecture (6th ed.). Pearson. In Chapter 10, "Internet (IP) Addresses," the text explains that the all-1s host address is reserved for the network's directed broadcast address and cannot be assigned to an individual host or router interface.

3. Cisco. (2023). IP Addressing and Subnetting for New Users. In the section "Subnetting," it is explained that for any given subnet, the last address (where all host bits are 1) is the broadcast address and is unusable for host assignment. This documentation reinforces that a gateway, being a host on the network, cannot use the broadcast address.

4. Stanford University, CS 144: Introduction to Computer Networking, Fall 2013. Lecture 5 slides on "The Internet Protocol (IP)" describe special IP addresses, noting that an IP address with the host part of all 1s is the broadcast address for that subnet and is not assignable to a specific host.

B. DHCP: DHCP (Dynamic Host Configuration Protocol) automates the assignment of IP addresses. It does not create the network segments needed to apply department-wide access control rules.

C. VPN: A VPN (Virtual Private Network) is primarily used for creating secure, encrypted connections over an untrusted network, such as for remote access, not for segmenting internal departments.

D. STP: STP (Spanning Tree Protocol) is a Layer 2 protocol that prevents switching loops in networks with redundant paths. It is unrelated to user segmentation or access control.

---

1. Vendor Documentation: Cisco Systems, "Configuring IP Access Lists," IP Routing: BGP Configuration Guide, Cisco IOS XE Gibraltar 16.12.x. This guide explains that ACLs are applied to interfaces to filter traffic. In a multi-department setup, these interfaces are typically the Layer 3 SVIs for each VLAN. Section: "Information About IP Access Lists".

2. University Courseware: Balakrishnan, H., & Rexford, J. (2009). 6.829 Computer Networks, Lecture 10: Switching. Massachusetts Institute of Technology: MIT OpenCourseWare. In this lecture, VLANs are described as a mechanism to "partition a single switched network into multiple virtual networks," providing isolation between groups (e.g., departments). This isolation is the foundation upon which ACLs are applied for inter-VLAN communication control.

3. Peer-Reviewed Academic Publication: Al-Roubaiey, A. A., et al. (2018). "A Survey: VLAN-Based Network Security." International Journal of Computer Science and Network Security, 18(1), pp. 135-145. This paper reviews how VLANs are a fundamental tool for network segmentation to enhance security, stating, "VLANs are used to segment the network into logical groups... This segmentation can be used to isolate traffic and apply different security policies to each group." (p. 136). This directly supports using VLANs as the structure for applying policies like ACLs.

B. VIP – A Virtual IP represents a logical address on load balancers or VRRP groups; it is not the translation mechanism itself.

C. PAT – Port Address Translation maps many internal hosts to one public IP by altering port numbers, not a dedicated one-to-one server mapping.

D. BGP – Border Gateway Protocol exchanges routing information between autonomous systems; it performs no address translation.

1. Cisco Systems, “Cisco ASA Series General Operations CLI, 9.x: Translating IP Addresses (Static NAT),” Section 27.2 – defines NAT as mapping a private host to a single public IP.

2. IETF RFC 2663, “IP Network Address Translator (NAT) Terminology and Considerations,” Sec. 2, pp. 2-3 – describes basic NAT and static one-to-one mappings.

3. Massachusetts Institute of Technology (MIT) 6.829 Computer Networks, Lecture Notes “Network Address Translation,” slides 4-7 – outlines NAT purpose vs. PAT (NAPT).

4. Juniper Networks, “Understanding NAT,” TechLibrary, para. 1 – distinguishes between Source NAT (PAT/NAPT) and Static NAT for server publication.