Recently you feel your network has been attacked by people sending out of spec packets to your firewall in order to get past the firewall rules. You have decided that you will capture all the packets on the firewall segment with network monitor to analyze the TCP headers for proper use. If you capture a packet that is the first part of a legitimate three way handshake between two Windows 2000 professional computers, what will the SEQ and ACK values be for the initializing packet?

You have used a diagnostic utility to run a trace between two nodes on your network. During the trace, you are running a packet capture utility and notice the TTL is reaching zero on the trace. What will the router that identified the TTL as zero return to the host that originated the trace command?

You suspect an increase in malicious traffic on your network. You run several packet captures to analyze traffic patterns and look for signs of intruders. While studying the packets, you are currently looking for ICMP Messages. You choose to use the IP Protocol ID to locate different kinds of packets. What is the IP Protocol ID of ICMP?

In your network, you manage a mixed environment of Windows, Linux, and UNIX computers. The clients run Windows 2000 Professional while the Servers are UNIX and Linux based with custom applications.
During routine administration you successfully ping several nodes in the network. During this you are running a packet capture for further analysis. When examining one of the frames you notice that the Ethernet address for the source is 1ED0.097E.E5E9 and that for the destination is 1ED0.096F.5B13. From this information you gather that:

The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Independent Audit and are describing it to your coworkers. Which of the following best describes an Independent Audit?

In your organization a decision has been made to implement a multicasting application. You are configuring your firewall to allow this application to flow through in both directions. What address range are you going to address on the firewall?

In order to properly manage the network traffic in your organization, you need a complete understanding of protocols and networking models. In regards to the 7-layer OSI model, what is the function of the Transport Layer?

During a network analysis session, you capture several TCP/IP sessions. You focus your analysis on the IP Headers. In an IP Header, what is the function of the first four bits?

You are configuring the IP addressing for your network. One of the subnets has been defined with addresses already. You run ifconfig on a host and determine that it has an address of 10.12.32.18/14. What is the broadcast address for this network?

You are training some network administrators to analyze log files. Some of the logs present IP addresses in binary. You explain the usefulness of reading addresses in multiple formats. You demonstrate several conversions between decimal and binary. What is the decimal equivalent of the following binary IP address:

11001111.10001010.01101101.01110001