6.11.8 SOHO Configuration Practice Questions

Which of the following are good reasons to enable NAT?
To translate between Internet IP addresses and the IP address on your private network.

Explanation

NAT translates the Internet IP addresses and the IP addresses on your private network. This allows for multiple computers to share the single IP address used on the Internet. Firewalls prevent unauthorized users from accessing private networks connected to the Internet, including the DHCP server. A proxy server caches web pages.

Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT router?
169.254.0.1 – 169.255.254

Explanation

169.254.0.1 – 169. 254.255.254 is the range of IP addresses assigned to Windows DHCP clients if a DHCP server does not assign the client an IP address. This range is known as the Automatic Private IP Addressing (APIPA) range. The other three ranges listed in this question are defined as the private IP addresses from RFC 1918 which are commonly used behind a NAT server.

You have a computer that is connected to the Internet through a NAT router. You want to use a private addressing scheme for your computer. Which of the following IP addresses could you assign to the computer?
172.18.188.67
192.168.12.253
10.0.12.15

Explanation
Of the addresses listed here, the following are in the private IP address ranges: 10.0.12.15 (private range = 10.0.0.0 to 10.255.255.255) 172.18.188.67 (private range = 172.16.0.0 to 172.31.255.255)192.168.12.253 (private range = 192.168.0.0 to 192.168.255.255).

You recently installed a small office home office wireless router. To avoid security holes and bugs, what should you do to the router?
Update the firmware.

Explanation
You should update the firmware on the router to fix bugs or security holes. You will typically download the firmware and use a Web browser to update the firmware. Enable the DHCP service to assign IP addresses to hosts on the private network. Enable NAT so multiple computers can share the single IP address used on the Internet. Configure port triggering to dynamically open incoming ports based on outgoing traffic from a specific private IP address and port.

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?
WPA2

Explanation

Wi-Fi Protected Access 2 (WPA2) is currently the most secure wireless security specification. WPA2 includes specifications for both encryption and authentication. WPA was an earlier implementation of security specified by the 802.11i committee. WEP was the original security method for wireless networks. WPA is more secure than WEP, but less secure than WPA2. Kerberos is an authentication method, not a wireless security method.

A customer has called and indicated that he thinks his neighbour is connecting to his wireless access point (WAP) to use his high-speed Internet connection. Which of the following will help resolve this issue?
Disable SSID broadcast on the WAP.
Implement WPA2

Explanation
You should disable SSID broadcast. Disabling SSID broadcast will make the WAP not appear when the unauthorized user is looking for available wireless networks. Implementing WPA2 will enable encryption and authentication on the WAP. Without the correct passphrase, the neighbour will not be able to connect to the wireless access point. Changing the signal channel sometimes helps eliminate interference problems with neighbouring wireless systems. however, network cards automatically detect the channel, so changing the channel offers no security benefits. By itself, 802.11g is no more secure than any other wireless networking standard.

You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop?
TKIP encryption.
Preshared key.

Explanation
To connect to the wireless network using WPA, you will need to use a preshared key and TKIP encryption. When using a preshared key with WPA, it is known as WPA-PSK or WPA Personal. AES encryption is used by WPA2. The channel is automatically detected by the client. The Basic Service Set Identifier (BSSID) is a 48-bit value that identifies an AP in an infrastructure network or a STP in an ad hoc network. The client automatically reads this and uses it to keep track of APs when roaming between cells.

You have a small wireless network with less than 50 client computers. You upgraded the hardware on two wireless devices so you can use a better security standard than WEP. Now you need to implement the new security standard. You need the greatest amount of security with the least amount of effort, and without replacing any of the wireless infrastructure. What should you do?
Configure each client with the same key.
Implement WPA2-AES.

Explanation

In this case, implementing WPA2 with AES and using the same pre-shared key on each client provides the greatest amount of security with the least amount of effort, and does not require the replacement of any of the wireless infrastructure. WPA-2 Enterprise uses 802.1x for authentication and requires the configuration of an authentication server. WPA2 is more secure than WPA-PSK.

Which of the following is the primary device needed to set up a SOHO network?
Wireless router

Explanation
A wireless router, or wireless access point is the primary device that is needed to set up a SOHO network. The router is the device that provides the connection that computers, printers, and mobile devices use to communicate with each other. (A wireless router can be a multi functioning device that also function as a modem, 4 port switch, NAT router, DHCP server, and a firewall.).

A cable or DSL modem provides the needed Internet connection, but a modem only gives one device access to the Internet. A SOHO network isn’t possible unless the device you connect to the modem is a wireless router. A NAT router, a DHCP server, and a firewall are all very useful SOHO network services; wireless routers are available that include these functions.

List the general steps that are used to configure a SOHO router and set up the network. (Assume that the wireless router does not also function as a modem.).
Configure the Internet connection.

Configure the wireless router.

Enable NAT.

Configure DHCP

Secure the SOHO network.

Explanation
The general steps you would use to configure a SOHO router and set up the network are as follows:

– Configure the Internet connection- Begin by connecting the wireless router to the DSL or cable modem that provides the Internet connection, using the router’s WAN port. If the router does not automatically detect and configure the Internet connection follow the configuration instructions provided by the Internet Service Provider.

– Configure the wireless router- Before setting up the network, the default administrator username and password should be changed and the firmware on the router should be updated to fix bugs or security vulnerabilities.

– Enable NAT- Before the network host devices (computers, mobile devices, and printers) can receive IP addresses, NAT must be enabled on the router. NAT allows multiple computers to share a single public IP address used on the Internet. The host devices will communicate with each other using private network addresses from of the private address ranges.

– Configure DHCP- After NAT is configured to use a range of private network addresses, DHCP can be configured to assign IP addresses from that range to the host devices.

– Secure the SOHO network- Secure the SOHO network by; configuring the firewall on the router, configuring content filtering and parental controls, and physically securing the router.

There are other wireless communication technologies, but Wi-Fi based on the 802.11 standard is the only practical option for the typical SOHO environment. A SOHO network does not need a server so you will generally not configure a network server. A SOHO network only uses one subnet, so there is no need to design a subnetting scheme. Using a wireless router means the physical network star topology is already determined.

When you enable quality of service (QoS) on a SOHO network, which of the following is an example of a network feature that could be implemented?
Give VoIP network traffic higher priority and more bandwidth than HTTP (web browser) traffic.

Explanation
Enable quality of service (QoS) on a SOHO network allows you to prioritize certain network communications over others. For example, you could give VoIP network traffic higher priority and more bandwidth than HTTP (web browser) traffic.

Enabling and configuring a demilitarized zone (DMZ) would allow you to cause all incoming port traffic to be forwarded to a specified DMZ host. Enabling the Universal Plug and Play (UPnP) and media content. Configuring content filtering and parental controls allows you to prevent hosts from accessing specific websites or using a specific Internet service, such as chat, torrent, or gaming applications.