NETWORK SECURITY AND ADMINISTRATION

INSTRUCTIONS: IN YOUR GROUP ATTEMPT ANY THRE QUESTIONS AND USE

OTHER QUESTIONS FOR REVISION. SUBMISSION SHOULD BE DONE DURING
EXAMS TIME

Question One
a) Differentiate the following:(10mk)
i)Internetwork and Network
- Network: A network is a collection of interconnected devices or nodes that can communicate and share
resources with each other.
- Internetwork: An internetwork, also known as an internet (with a lowercase "i"), is a collection of multiple
networks interconnected using routers and other networking devices to form a larger network. The Internet
(with an uppercase "I") is the largest example of an internetwork, connecting numerous networks globally.
ii)Brouter and router
- Router: A router is a networking device that forwards data packets between networks. It operates at the
network layer (Layer 3) of the OSI model and makes decisions based on IP addresses to direct traffic to its
intended destination.
- Brouter: A brouter, short for "bridge router," is a device that combines the functions of a router and a
bridge. It can make routing decisions based on IP addresses like a router and also has the capability to
handle MAC addresses like a bridge. Brouters were more common in older networks but are rarely used
today.
iii)Hub and repeater
- Hub: A hub is a basic networking device that operates at the physical layer (Layer 1) of the OSI model. It
connects multiple devices in a network and broadcasts data to all connected devices. It does not perform any
packet filtering, which can lead to network congestion and collisions.
- Repeater: A repeater is also a networking device that operates at the physical layer (Layer 1). Its primary
function is to regenerate and boost signals to extend the distance over which data can travel on a network.
Unlike a hub, a repeater does not broadcast data to all connected devices; it simply regenerates the signal.
iv)Local Area Network and Wide Area Network
- LAN: A Local Area Network (LAN) is a network that covers a small geographical area, such as an office
building, school, or home. LANs are usually privately owned and allow devices to communicate and share
resources within the same location.
 - WAN: A Wide Area Network (WAN) is a network that covers a large geographical area, often spanning
multiple cities, countries, or continents. WANs connect multiple LANs and use public or private
communication links to enable data transmission over long distances.

v)Windowing and Sequencing

- Windowing: Windowing is a flow control mechanism used in network communication to manage the
amount of data that can be sent from the sender to the receiver before receiving an acknowledgment. It helps
in optimizing data transmission and avoiding overwhelming the receiver with too much data.
- Sequencing: Sequencing refers to the process of assigning unique sequence numbers to data packets to
ensure that they are received and processed in the correct order at the receiver's end. Sequencing is essential
for reliable data transmission and error recovery.
b) The IT manager Umma has approached you to assist in designing the new campus LAN. With an aid
of a clear diagram, show the design of this LAN maintaining all the required network devices.
[8marks]

[Router]
|
.....................
. .
. .
[Switch]-----[Switch]---[Switch]---[Switch]---[Switch]
| | | | |
[PC1] [PC2] [PC3] [PC4] [PC5]
```

In this campus LAN design, multiple switches are connected to a central router. Each switch is connected to
several PCs. The router provides connectivity to the wider network, such as the internet or other
interconnected networks. The switches facilitate local communication within the LAN and ensure efficient
data transmission between devices.
ii. Explain distributed network management. [4 marks]
Distributed network management refers to the practice of delegating management tasks and
responsibilities to multiple network devices or entities rather than centralizing all management functions. In
this approach, network management tasks are distributed across different devices, reducing the load on any
single management entity and enhancing fault tolerance and scalability.
-With distributed network management, various network devices, such as switches, routers, and access points,
can have built-in management capabilities. Each device can monitor its own performance, collect data, and
communicate with other devices to ensure efficient network operation.
-This approach to network management provides flexibility, resilience, and ease of scalability as the network
grows.
-It also reduces the reliance on a single point of failure for managing the entire network.
C) Describe what is involved in fault management of a network. [4 marks]
-Fault management in a network involves the detection, isolation, and resolution of network issues, faults, or
errors. It aims to ensure the continuous and reliable operation of the network . Fault management includes the
following steps:

1. **Fault Detection:** Monitoring tools and techniques are used to detect abnormalities, errors, or
performance issues in the network.
2. **Fault Isolation:** Once a fault is detected, the network administrator must isolate the source of the
problem. This may involve troubleshooting, testing, and analyzing network components to identify the root
cause of the issue.
3. **Fault Resolution:** After identifying the cause of the fault, appropriate actions are taken to resolve the
issue. This may include applying configuration changes, rebooting devices, replacing faulty hardware, or
updating software.
4. **Notification and Reporting:** Fault management systems may also include mechanisms for notifying
network administrators or support teams about the detected faults. Reports and logs are generated to track
the history of faults and their resolutions.
A Company has 85 stand alone computers. They are connected to the internet. The computers have
Windows 98 and XP. They require a server so that they can share the printer. They occupy
8th, 9th and 10th floor. In view of these:
(i) Explain the server and its importance in these scenario. (2 Marks)
1. **Printer Sharing:**
2. **Resource Management:**
3. **Centralized Data Storage:**
4. **Backup and Recovery:**
5. **User Authentication and Security:**
(ii) List and explain any three (3) networking devices that will be needed.(6 Marks)
1. **Switches:**
2. **Router:**
3. **Access Points (Wireless):**
d) Explain the network design process. (3 Marks)
1. **Requirements Gathering:**
2. **Topology Design:**
3. **choose network devices:**
4. **Cabling and Physical Network devices connectivity:**
5. **Configuring the IP Addresses:**
6. **Network Security:**
7. **Testing and Validation:**
8. **Documentation:**
e) Most businesses actually have only a few requirements for their network. Explain the five requirements.
(5 marks)
1. **Reliability and Availability:**
2. **Scalability:**

3. **Performance:**
4. **Security:**
5. **Ease of Management:**
f) Outline five network design issues. [5 marks]
1. **Topology Selection:**
2. **Bandwidth Requirements:**
3. **Network Security:**
4. **Redundancy and High Availability:**
5. **Network Growth and Future Needs:**
g) System administrators use a group policy object (GPO) to configure use and computer operating
environment remotely. State your functions of group policies. [4 marks]
1. **User and Computer Configuration:** GPOs can be used to define settings and configurations for
both user accounts and computer objects in the Active Directory domain.
2. **Centralized Policy Management:** GPOs allow network administrators to centrally manage and
enforce security policies, user rights, and desktop configurations across the entire domain.
3. **Security Settings:** GPOs can enforce security settings such as password policies, account lockout
policies, and Windows Firewall rules to enhance network security.
4. **Software Deployment:** Group policies can be used to deploy software applications and updates to
user workstations automatically.
5. **Folder Redirection and Roaming Profiles:** GPOs can redirect user folders (e.g., My Documents) to
a network location, ensuring data centralization and backup. Roaming profiles allow users to access their
personalized settings from any domain-joined workstation.
QUESTION TWO
a)Differentiate between an end system and an intermediate system. (2mks)
1. **End System:** An end system, also known as a host, is a device or computer that interacts directly with
users and consumes network services. It is the source or destination of data in the network. End systems include
devices like laptops, desktops, smartphones, and servers.
2. **Intermediate System:** An intermediate system, also known as a network device or network node, does
not directly interact with end-users. Instead, it facilitates data forwarding, routing, and network management
functions. Examples of intermediate systems are routers, switches, firewalls, and bridges
b) Troubleshooting is an important aspect when dealing with computer network.
Describe how it is done. (4 Marks)
Troubleshooting a computer network involves identifying and resolving network issues to ensure smooth
operation. The process includes the following steps:
1. **Identify the Problem:**
2. **Check Physical Connectivity:**
3. **Ping Test:**
4. **Check IP Configurations:**
5. **Check Network Devices:**
6. **Check Network Services:** network services such as DNS, DHCP, and HTTP.
7. **Review Network Logs:**
8. **Update Firmware and Software:**
9. **Disable Security Software:**
10. **Restart Devices:** Sometimes, a simple restart of devices can resolve temporary network glitches.
11. **Packet Capture and Analysis:** Use network analysis tools like Wireshark to capture and analyze
packets to identify the source of network problems.
12. **Document the Resolution:**
c) Hostname search path is used by Red Hat Linux to search for IP addresses assigned to hostnames.
To configure the hostname search path so that the local host(/etc/hosts) file is used to resolve local
hostnames, and the ISP domain services to resolve Internet domain services. State the steps (5
marks)
To configure the hostname search path in Red Hat Linux to use the local host (/etc/hosts) file to resolve local
hostnames and the ISP domain services to resolve Internet domain services, follow these steps:
1. Open the **"/etc/resolv.conf"** file using a text editor (e.g., vi or nano).

2. Add the following lines to the file:

search localdomain your_isp_domain
3. Replace **"your_isp_domain"** with the actual domain provided by your ISP.

4. Save the file and exit the text editor.

5. Restart the network service to apply the changes:
```bash
sudo service network restart
d) Using a diagram, explain the OSI model. (8 Marks)
The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the functions of a
telecommunication or computing system into seven distinct layers. Each layer serves specific purposes and
communicates with adjacent layers. The layers, from the bottom to the top, are:
1. **Physical Layer:** Responsible for transmitting raw bits over a physical medium, such as cables or wireless
signals. It deals with electrical, mechanical, and physical aspects of data transmission.
2. **Data Link Layer:** Provides error detection, framing, and physical addressing (MAC addresses) to
organize data into frames for transmission over the physical layer.
3. **Network Layer:** Handles routing and forwarding of data packets between different networks. It uses
logical addressing (IP addresses) to deliver packets to their destinations.
4. **Transport Layer:** Ensures reliable and error-free data transfer between applications running on different
devices. It segments data into smaller units (segments) and manages flow control and error recovery.
5. **Session Layer:** Establishes, maintains, and terminates sessions or connections between applications on
different devices. It manages session synchronization and checkpointing.
6. **Presentation Layer:** Responsible for data translation, encryption, and compression to ensure that data
from different systems can be presented and understood properly.
7. **Application Layer:** Provides network services directly to end-users and applications. It enables
communication between networked applications, such as web browsers, email clients, and file transfer protocols.
e) Explain the four network design goals. (6 marks)
Network design goals are the objectives and principles that guide the process of planning and creating a network
infrastructure to meet specific requirements. Here are the six key network design goals:
1. Scalability:
2. Reliability:
3. Performance:
4. Security:
5. Manageability:
6. Cost-Effectiveness:
f) Discuss three major functions of a domain controller as applied in active directory’s
physical structure. [6 marks]
1. **User Authentication:**
2. **User Authorization:**
3. **Group Policy Management:**
4. **User and Computer Account Management:**
5. **Network Resource Management:**
6. **Security and Auditing:**
g) Discuss any four (4) success factors of Network Development Life Cycle (NDLC). (6 Marks)
1. **Clear Objectives:** Define clear and measurable objectives for the network project, aligning them with
business needs and goals.
2. **Detailed Planning:** Thoroughly plan the network design, including requirements analysis, resource
allocation, timeline, and budget.
3. **Stakeholder Involvement:** Engage key stakeholders, including end-users and management, to ensure
their needs and expectations are considered during the development.
4. **Team Collaboration:** Foster effective communication and collaboration among network development
team members to ensure smooth project execution.
5. **Adaptability:** Remain flexible and adaptable to changing requirements and technological advancements
during the development process.
6. **Risk Management:** Identify potential risks and develop strategies to mitigate them, ensuring the project
stays on track.

Question Three
a)Discuss a router, its importance and any four (4) characteristics of a router. (6 Marks)
A router is a network device that operates at the network layer of the OSI model and is used to connect multiple
networks together.
-Its primary function is to forward data packets between different networks, determining the best path for each
packet to reach its destination.
**Characteristics of a Router:**
1. **Routing:** Routers use routing tables to determine the best path for data packets to travel between different
networks.
2. **Network Address Translation (NAT):** Routers can perform NAT, which allows multiple devices on a
private network to share a single public IP address when communicating with external networks.
3. **Packet Filtering:** Routers can be configured to filter and block certain types of traffic based on rules
defined in access control lists (ACLs).
4. **Interconnect Networks:** Routers enable the interconnection of diverse networks with different
addressing schemes and protocols.
b)Using a diagram, explain the operations of internet bus.(4 Marks)
The term "Internet Bus" is not a standard networking concept. However, based on the context, it might refer to
the Internet's backbone infrastructure that connects various internet service providers (ISPs) and networks
together. In this context, the Internet Bus can be represented as follows:
```
ISP1 --- ISP2 --- ISP3 --- ISP4 --- ISP5 --- ISP6
```
-Each ISP operates its network, and the Internet Bus represents the interconnection between these ISPs. Data
packets traverse the Internet Bus to reach their destination from one ISP's network to another.
c)Discuss the types of Networks.(6 Marks)
1. **Local Area Network (LAN):**
2. **Wide Area Network (WAN):**
3. **Metropolitan Area Network (MAN):**
4. **Wireless Local Area Network (WLAN):**
5. **Virtual Private Network (VPN):**
6. **Campus Area Network (CAN):**
d)Discuss the Network design and set up goals.[5 marks]
The goals of network design and set up are to create a reliable, efficient, and scalable network infrastructure that
meets the organization's requirements. Key goals include:
1. **High Availability:** 2. **Scalability:**
3. **Security:** 4. **Performance:**
5. **Manageability:**

e)Explain any five problems that affect the network performance.[5 marks]
1. **Bandwidth Limitations:**
2. **Network Congestion:**
3. **Hardware Failures:**
4. **Network Configuration Errors:**
5. **Security Attacks:**
f)A hierarchical design is used to group devices into multiple networks. The networks are organized in a layered
approach. The hierarchical design model has three basic layers:. Discuss [6 marks]
1. **Access Layer:** This layer connects end-user devices, such as computers and printers, to the network. It
focuses on providing user access to network resources.
2. **Distribution Layer:** The distribution layer aggregates traffic from access layer switches and makes
decisions about how to forward traffic between different network segments.
3. **Core Layer:** The core layer provides high-speed connectivity between different distribution layer devices
and ensures efficient data transfer throughout the network.

Question Four
a)Using appropriate diagrams, explain the following:
(i)Fibre optic cables(2 Marks)
Fibre optic cables are used for transmitting data as pulses of light, providing high-speed and long-distance
data transfer. The core of a fibre optic cable is made of glass or plastic, surrounded by a cladding material
that reflects the light back into the core. The cable is protected by an outer jacket.
(ii)Coaxial cables(2 Marks)
Coaxial cables consist of a central copper conductor surrounded by an insulating material, a woven or
braided shield, and an outer protective jacket. They are used for cable television, networking, and broadband
internet connections.
b)Explain four (4) applications of computer network.(4 Marks)
1. **Internet and World Wide Web (WWW)**:
2. **Communication and Collaboration**:
3. **Online Gaming and Entertainment**:
4. **Remote Access and Virtual Private Networks (VPNs)**:
1. **File Sharing:** Networks enable users to share files and resources, making collaboration easier and
improving productivity.
2. **Internet Access:** Networks provide access to the internet, allowing users to browse websites, send
emails, and access online services.
3. **Print Sharing:** Multiple users can share a single printer connected to the network, reducing hardware
costs.
4. **Centralized Data Storage:** Networks facilitate centralized data storage and backups, ensuring data
availability and security.
c)Discuss the operations of EDDI network.(3 Marks)
EDDI "Extended Data Link Interface," is a network technology that allows multiple devices to share a
single display, keyboard, and mouse. It is commonly used in classrooms and training facilities to connect
multiple student workstations to a single instructor workstation.
d)Explain network security and how auditing helps in enhancing it.(3 Marks)
Network security refers to the protection of network resources and data from unauthorized access, use, or
disruption.
Auditing involves monitoring, assessing and analyzing network activities to identify security threats and
vulnerabilities.
e)Explain any three (3) network topologies.(6 Marks)
1. **Bus Topology:** All devices are connected to a single communication line, forming a linear
arrangement. Data is broadcasted to all devices on the bus.
2. **Star Topology:** All devices are connected to a central hub or switch. Data travels through the hub,
allowing easy troubleshooting and scalability.
3. **Ring Topology:** Devices are connected in a circular manner, forming a closed-loop. Data travels in a
unidirectional path through each device.
f)Explain the importance of wireless network.(4 Marks)
1. **Mobility:** Wireless networks allow users to connect to the internet and access resources without being
tied to a specific location.
2. **Flexibility:** Wireless networks are easier to install and expand compared to wired networks,
providing flexibility in network design.
3. **Cost-Effectiveness:** Wireless networks eliminate the need for extensive cabling, reducing
infrastructure costs.
4. **Remote Access:** Wireless networks enable remote access to corporate resources, enhancing
productivity for remote workers.

Question Five
a. i. Define the concept of computer network. (3 marks)
A computer network is a collection of interconnected devices (such as computers, printers, routers) that can
share data, resources, and information. It enables communication and collaboration between users, facilitates
resource sharing, and provides access to the internet.
ii. Discuss the top-down design approach to analyze design a network.
(4 marks)
The top-down design approach involves starting with a high-level overview of the network's requirements
and objectives, and then breaking it down into smaller components and tasks. It includes the following steps:

1. **Defining Requirements:** Identify the network's goals, performance expectations, and user needs.
2. **Designing High-Level Architecture:** Create a conceptual diagram of the network's major components
and their interactions.
3. **Defining Subsystems:** Break down the high-level architecture into subsystems, such as LANs, WANs,
and servers.
4. **Detailed Design:** Develop detailed designs for each subsystem, specifying hardware, software, and
configurations.
5. **Implementation:** Implement the network based on the detailed designs.
6. **Testing and Validation:** Verify that the network meets the defined requirements.
7. **Maintenance and Optimization:** Regularly maintain and optimize the network to ensure its
performance and security.

b. Explain the following terms and their advantages:- (4 marks)

i. Ring topology with the help of a suitable diagram.
Ring topology is a network configuration where devices are connected in a circular manner, forming a closed-
loop. Each device is connected to two neighboring devices, and data travels in a unidirectional path through
the ring. Advantages of ring topology:
- Simple and easy to install.
- Uniform data distribution, preventing data collisions.
- Suitable for small networks with limited devices.
ii. Virtual private network
A VPN is a secure private network established over a public network (usually the internet). It provides
encrypted communication between remote users or sites, ensuring data confidentiality and privacy.
Advantages of VPN:
- Secure data transmission over untrusted networks.
- Cost-effective alternative to dedicated private lines.
- Enables remote access to corporate resources.
c. i.Discuss the concept of WAN and explain the characteristics.(6 marks)
A WAN is a network that covers a large geographical area, connecting multiple LANs or networks across
cities or countries.
Characteristics of WAN:
- Extensive geographical coverage.
- Utilizes public and private telecommunication links.
- Higher latency and lower bandwidth compared to LANs.
ii.Explain the function of gateway. (3 marks)
A gateway is a network device that connects different networks with different protocols, allowing data
translation and enabling communication between networks.
- It performs protocol conversion and packet encapsulation, enabling seamless data transfer between diverse
networks.
d. i.Explain the importance of DHCP server.(2 marks)
The DHCP (Dynamic Host Configuration Protocol) server automatically assigns IP addresses to devices on
a network’
-simplifying IP management.
-It is essential for large networks as manually configuring IP addresses is not favorable.
-It is not a time-consuming and error-prone
ii. Define protocols and explain their importance in a networking. (4 marks)
Protocols are a set of rules and conventions that govern communication between devices in a network. They
define how data is formatted, transmitted, and received, ensuring interoperability and reliable data exchange.
iii. Outline the tcp//ip layered protocol architecture. (4 marks)
The TCP/IP protocol suite consists of four layers: Application Layer, Transport Layer, Internet Layer, and
Link Layer.
e. Briefly state the five network classes. (5 marks)
The five network classes are classifications of IP addresses based on their address space and the number of
host addresses they can accommodate:
- Class A: Starts with the binary prefix 0, provides a large number of host addresses, suitable for large
networks.
- Class B: Starts with the binary prefix 10, provides a moderate number of host addresses, suitable for
medium-sized networks.
- Class C: Starts with the binary prefix 110, provides a smaller number of host addresses, suitable for small
networks.
- Class D: Starts with the binary prefix 1110, reserved for multicast addresses.
- Class E: Starts with the binary prefix 1111, reserved for experimental purposes.
f. Explain in details what you understand by Integrated Service Digital Network (ISDN). [5 marks]
-ISDN is a telecommunications technology that allows digital transmission of voice, video, and data over
existing telephone lines. It provides higher data rates and better voice quality than traditional analog systems.
g. “ISDN is a half-baked solution to data communication problems”. Do you agree with
this statement? Discuss your answer, giving clear examples. [10 marks]
Disagree. ISDN offered significant improvements over traditional analog systems, providing faster data rates
and better voice quality.
-However, it faced challenges with limited bandwidth and high costs, which were addressed by the
development of broadband technologies.
-While ISDN was an important step in digital communication, it has been largely replaced by more advanced
and cost-effective broadband solutions such as DSL and fiber-optic networks

Question Six
a) Discuss any four functions of computer networks. (4 marks)
1. **Resource Sharing:**
2. **Communication:**
3. **Data Transfer:**
4. **Centralized Management:**

b) Explain the four elements of network management. (5 marks)

1. **Fault Management:** Involves monitoring network components to detect and address faults or
failures promptly, minimizing network downtime.
2. **Configuration Management:** Involves maintaining accurate and up-to-date configuration data
for network devices and services, ensuring consistency and reliability.
3. **Performance Management:** Involves monitoring network performance metrics, identifying
bottlenecks, and optimizing network resources for efficient operation.
4. **Security Management:** Involves implementing security measures, monitoring for security
breaches, and enforcing policies to protect network assets and data.
c) Explain the method that may be used to send signals across long distances.(5 marks)
Fiber-Optic Communication: Fiber-optic cables use light signals to transmit data across long
distances. The process involves:
1. **Modulation:** Data signals are converted into light pulses by modulating a light source (laser or
LED).
2. **Propagation:** Light signals travel through the core of the fiber-optic cable, which has high
refractive index, ensuring total internal reflection.
3. **Demodulation:** At the receiver end, the light pulses are converted back into electrical signals
using a photo-detector.
d) Cisco Enterprise Architectures can be used to further divide the three-layer hierarchical design into
modular areas. The modules represent areas that have different physical or logical connectivity.
Discuss the three layers. (6 marks)
1. **Access Layer:** This layer provides connectivity for end devices (PCs, laptops, phones) and
includes network switches or wireless access points. It focuses on user access and can implement
security policies and VLANs.
2. **Distribution Layer:** The distribution layer aggregates the traffic from multiple access layer
switches and provides routing and policy-based connectivity. It also filters and forwards traffic to the
core layer.
3. **Core Layer:** The core layer is the high-speed backbone of the network and ensures fast and
reliable data transfer between distribution layer devices. It does not perform packet filtering or policy
enforcement.
f) Explain the process of promoting a computer to a domain controller. (6 marks)
1. **Install Windows Server OS:** Ensure that the computer you want to promote meets the minimum
system requirements and install the appropriate version of Windows Server on it.
2. **Set a Static IP Address:** Assign a static IP address to the server to ensure it has a consistent and
unique network identity within the domain.
3. **Join the Domain:** Join the server to the existing domain to become a member of the domain.

4. **Access Server Manager:** Open Server Manager from the Start menu or through the desktop
taskbar.
5. **Add Roles and Features:** In Server Manager, click on "Add roles and features" from the
dashboard. This will launch the "Add Roles and Features Wizard."
6. **Select Role-Based or Feature-Based Installation:** Choose "Role-Based or Feature-Based
Installation" and select the target server you want to promote as a domain controller.
7. **Select Active Directory Domain Services:** In the "Add Roles and Features Wizard," navigate to
"Active Directory Domain Services" from the list of roles. Check the box next to it to select the role.
8. **Install AD DS:** Proceed with the installation of Active Directory Domain Services by following
the prompts in the wizard. This will install the necessary components for the domain controller.
9. **Promote to Domain Controller:** After AD DS installation is complete, the wizard will prompt
you to promote the server to a domain controller. Select "Promote this server to a domain controller."
10. **Deployment Configuration:** In the "Deployment Configuration" section of the promotion
wizard, choose the deployment operation based on whether you are adding a new domain controller to an
existing domain or creating a new domain in a new forest.
11. **Domain Controller Options:** Specify the domain name and the domain controller type (new
domain controller or additional domain controller). Set the Directory Services Restore Mode (DSRM)
password for recovery purposes.
12. **DNS Options:** Choose the appropriate DNS settings based on your network configuration. Ensure
that DNS is properly configured before proceeding.
13. **Additional Options:** Set the NetBIOS domain name and choose the folder path for the AD DS
database, logs, and SYSVOL.
14. **Review Configuration:** Review all the configuration settings to ensure they are accurate. Make
any necessary changes if required.
15. **Prerequisites Check:** The wizard will perform a prerequisite check to ensure that all
requirements are met. Address any issues identified in the report.
16. **Promote the Server:** Once all checks pass, click "Install" to begin the promotion process. The
server will be promoted to a domain controller, and the Active Directory database will be replicated.
 g) The TCP/IP has become an industry-standard protocol that is widely used. State and explain reasons
that make the protocol so popular. [8 marks]
1. **Global Standardization:**
2. **Scalability:**
3. **Flexibility:**
4. **Open Architecture:**
5. **Robustness and Reliability:**
6. **Support for Multiple Protocols:**
7. **Easy Integration with the Internet:**

Question Seven
a) Define the term “network topology”. (4 marks)
-**Network Topology:** Network topology refers to the physical or logical arrangement of devices, nodes,
and communication links in a computer network. It defines how the network is structured and how data flows
between different devices and components.
-Different types of network topologies offer unique advantages and limitations based on their configurations.
b) Discuss how a bus topology works with a suitable diagram. (6 marks)
- In a bus topology, all devices in the network are connected to a common communication medium, which is
typically a single cable or wire.
- The communication medium acts as a backbone to which devices are attached, forming a linear arrangement.
- Each device on the network can send and receive data over the common communication medium.
- When a device transmits data, the signal travels along the medium, and all other devices receive the signal.
However, only the intended recipient processes the data.
- The bus topology is simple and cost-effective, as it requires minimal cabling. However, it can be prone to
collisions and can experience performance degradation as the number of devices increases.
c) State any five key technical skills required for a network security professional. (5 marks)
1. **Firewall Management:**
2. **Intrusion Detection and Prevention Systems (IDPS):**
3. **Vulnerability Assessment and Penetration Testing:**
4. **Security Incident Response:**
5. **Secure Network Design:** -Implementing VPNs, and using secure protocols.
d) TCP/IP suite is divided into four layers. Discuss. (6 marks)
The TCP/IP suite is divided into four layers, which are also known as the Internet protocol stack. These layers
are responsible for specific network functions and provide a hierarchical structure to facilitate data
communication.
 1. **Application Layer:** nclude HTTP, SMTP, and FTP.
2. **Transport Layer:** It uses TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
3. **Internet Layer:** It uses IP (Internet Protocol) addresses
4. **Link Layer:** It interacts directly with the network hardware, such as network interface cards (NICs).
e) Large network design projects are normally divided into three distinct steps. discuss the steps. (6
marks)
1. **Requirements Gathering and Analysis:**
2. **Network Design and Planning:**
3. **Implementation and Testing:**
f) Explain any three factors to be considered in designing a computer network.(6 marks)
1. **Scalability:** 2. **Redundancy and High Availability:**
3. **Security:** 4. **Traffic Management and Quality of Service (QoS):**
5. **Network Segmentation:** Divide the network into smaller segments or VLANs
g) Discuss the concept domain in reference to computer network. (4 marks)
-A domain refers to a grouping of network resources, such as computers, servers, and users, that are under
centralized control and share a common security policy.
-Domains are typically managed by a domain controller, which is a server responsible for authentication, user
access control, and policy enforcement.
-Domains play a crucial role in the organization of large networks, especially in the context of Windows-based
environments.
-Each domain has a unique domain name, and users within the domain authenticate themselves with a
username and password to access network resources.
-Domains allow for centralized management, which simplifies user administration, policy enforcement, and
resource access.
-They also facilitate the implementation of security measures, group policies, and network-wide configurations.

Question Eight
a) Discuss the Client Server based model of network outlining the benefits with a diagram. (6 marks)
The client-server model is a network architecture where clients (end-user devices) request services or resources
from a centralized server. In this model, the server manages and provides services to multiple clients, acting as a
central repository of data, applications, or resources.

**Benefits:**
1. **Centralized Management:**
2. **Resource Sharing:**
3. **Scalability:**

b) Explain any three benefits of Wide Area Network.(6 marks)

1. **Geographical Coverage:**
2. **Centralized Resources:**
3. **Cost-Effectiveness:**

c) Explain OSI (Open Systems Interconnection) layered protocol.(8 marks)

The OSI model is a conceptual framework that standardizes network communication into seven layers. Each
layer has specific responsibilities, and data is passed down through these layers before transmission and back up
after reception.
The layers are as follows:
1. **Physical Layer:** Deals with the physical transmission of data over the network medium.
2. **Data Link Layer:** Provides error detection and correction, MAC address assignment, and data framing.
3. **Network Layer:** Responsible for routing packets across different networks using logical addressing.
4. **Transport Layer:** Ensures reliable data delivery between devices through segmentation, flow control,
and error recovery.
5. **Session Layer:** Establishes, maintains, and terminates sessions between applications.
6. **Presentation Layer:** Handles data format conversion, encryption, and compression for data exchange
between applications.
7. **Application Layer:** Provides network services directly to end-user applications, including file transfer,
email, and remote access.
d) What is the principle difference between connectionless communication and connection-o
communication?[4 marks]
- **Connectionless Communication:** In connectionless communication, data is transmitted without
establishing a dedicated connection between the sender and receiver. Each data packet is independently routed
and may take different paths to reach its destination. UDP (User Datagram Protocol) is an example of a
connectionless protocol.
- **Connection-Oriented Communication:** In connection-oriented communication, a dedicated connection
is established between the sender and receiver before data transmission. This connection is maintained
throughout the session, ensuring reliable and ordered delivery of data. TCP (Transmission Control Protocol) is
an example of a connection-oriented protocol.
e) State the five key requirements that may only affect a portion of the network (5 marks)
1. **Security Policies:** Implementing specific security measures, such as access controls and firewalls, to
protect critical network segments or sensitive data.
2. **Quality of Service (QoS):** Configuring network devices to prioritize traffic on certain segments to ensure
optimal performance for critical applications or services.
3. **Network Segmentation:** Dividing the network into smaller segments using VLANs to isolate and control
traffic flow, enhancing security and performance.
4. **Bandwidth Management:** Implementing bandwidth allocation and usage policies to prevent bandwidth-
intensive applications from impacting other network segments.
5. **Redundancy:** Introducing redundancy and failover mechanisms in critical segments to ensure high
availability and fault tolerance.
f) Briefly describe THREE key technical security mechanisms that are commonly employed to provide
security in networked systems. [6 Marks]
1. **Firewalls:** Firewalls act as a barrier between a trusted internal network and untrusted external
networks, such as the internet. They examine incoming and outgoing network traffic and apply a set of
rules to allow or block specific data packets based on predefined security policies. F
2. **Virtual Private Networks (VPNs):** VPNs create secure and encrypted tunnels over public
networks, such as the internet, to enable secure remote access to the organization's internal network.
3. **Intrusion Detection and Prevention Systems (IDPS):** IDPS monitor network traffic in real-
time to identify and respond to suspicious or malicious activities.

g) With regard to TCP/IP protocol suit, explain the functions of the following protocols: [8 marks]
(i) User Datagram Protocol (UDP).
UDP is a connectionless transport layer protocol that provides unreliable, fast, and simple data
transmission between devices. It is commonly used for applications that can tolerate data loss or where
reliability is managed at the application level. Examples of UDP-based applications include DNS
(Domain Name System) and VoIP (Voice over IP).
(ii) Transmission Control Protocol (TCP).
TCP is a connection-oriented transport layer protocol that ensures reliable and ordered delivery of
data between devices. It establishes and manages connections, performs error detection and correction,
and guarantees that data packets are received in the correct order. TCP is commonly used for
applications where data integrity and reliability are critical, such as web browsing, email, and file
transfer.

Question Nine
a) What is the key distinguishing characteristic between a stream cipher and a block
Ciphers? [3 Marks]
 - **Stream Cipher:** A stream cipher encrypts data one bit or one byte at a time. It generates a
stream of pseudorandom bits or bytes, known as the keystream, which is combined with the plaintext
using the XOR operation to produce the ciphertext. Stream ciphers are generally faster and more
suitable for encrypting data of indefinite or unknown length.
- **Block Cipher:** A block cipher encrypts data in fixed-size blocks, typically 64 or 128 bits at a
time. The plaintext is divided into blocks, and each block is encrypted independently. Block ciphers
are more secure than stream ciphers due to their larger key space and have well-defined security
properties for specific block sizes.
b) Define network prioritization and explain how you can prevent failures. (5 marks)
Network prioritization, also known as Quality of Service (QoS), is the process of assigning different
priorities to different types of network traffic. It ensures that critical data, such as real-time video
conferencing or voice calls, receives higher priority and consistent performance over less time-
sensitive traffic, such as file downloads.
To prevent failures in network prioritization, the following steps can be taken:
1. **Traffic Classification:**
2. **Bandwidth Allocation:**
3. **Queuing and Scheduling:** I
4. **Congestion Management:**
5. **Monitoring and Optimization:**

c) Differentiate between a threat and a vulnerability in relation to computer network security. [3 Marks]
- **Threat:** A threat refers to any potential danger or harmful event that can exploit a vulnerability
in a system or network. Threats can be intentional (cyberattacks, hacking, malware) or unintentional
(natural disasters, power failures) and may cause harm to data, systems, or network operations.
- **Vulnerability:** A vulnerability is a weakness or flaw in a system or network that can be
exploited by a threat to compromise the confidentiality, integrity, or availability of resources.
d) A company employee has been using the password “APPLE” for the past six months to access a
database. Discuss why this poses a security risk and suggest ways in which the company could
improve password management. [3 Marks]
1. **Enforce Password Complexity:** Require passwords to meet specific complexity criteria, such
as a minimum length, a mix of uppercase and lowercase letters, numbers, and special characters.
2. **Implement Password Rotation:** Mandate users to change their passwords regularly, reducing
the window of vulnerability if passwords are compromised.
 3. **Two-Factor Authentication (2FA):** Implement 2FA, where users need a second form of
verification (e.g., one-time passwords, biometrics) in addition to passwords for access, enhancing
security.
e) A 10-PC office LAN is planned. Explain three features the network administrator would help select
network interface cards for the PCs. [6 marks]
Network administrators consider several features while selecting NICs for PCs:
1. **Data Transfer Rate:** NICs should support high data transfer rates to handle increasing
network traffic efficiently.
2. **Interface Type:** Choose between Ethernet, Wi-Fi, or other interfaces based on the network
infrastructure and PC connectivity requirements.
3. **Wake-on-LAN (WoL) Support:** WoL allows administrators to wake up PCs remotely for
management tasks, improving power efficiency.
4. **Compatibility:** Ensure NICs are compatible with the PC's hardware and operating system.
5. **Security Features:** Look for NICs with built-in security features like hardware-based
encryption and MAC address filtering to enhance network security.
f) Discuss the factors that determine the number of users a network server can support. [6 marks]
1. **Server Hardware:** The processing power, memory (RAM), and storage capacity of the server
influence the number of concurrent users it can handle.
2. **Network Bandwidth:** The server's network interface and available bandwidth affect how much
data it can transmit and receive from clients.
3. **Application Demands:** Resource-intensive applications can put more strain on the server,
limiting the number of concurrent users.
4. **Network Traffic:** The volume of incoming requests and data transfers impacts server load and
performance.

5. **Server Workload Balancing:** Load balancing techniques distribute user requests across
multiple servers, increasing the overall capacity.
g) KAFTEC ITC’s database server runs on Pentium 133MHz with IGB IDE hard disk and 16M RAM students
have complained about the slow response speed. What steps would you take as network administrator to improve
the speed of the server? Explain the expected impact of each step. [8 marks]
To improve the speed of the database server, the network administrator can take the following steps:
1. **Hardware Upgrade:** Upgrade the server's hardware components, such as CPU, RAM, and
hard disk, to improve processing and data access speeds.
2. **Optimize Database Configuration:** Tune the database configuration settings for better
performance, including buffer sizes, cache settings, and indexing.
 3. **Defragmentation:** Perform regular disk defragmentation to optimize data storage and retrieval.
4. **Network Optimization:** Ensure the network infrastructure is optimized for efficient data
transfer between clients and the server.
5. **Query Optimization:** Review and optimize database queries to reduce response times.
6. **Data Archiving:** Archive older or infrequently accessed data to reduce the database size and
improve performance.
7. **Caching:** Implement data caching techniques to store frequently accessed data closer to the
server, reducing the need for repeated database queries.
8. **Load Balancing:** Distribute the database workload across multiple servers using load
balancing to improve overall performance and response times.

Question Ten
a) Routers or multilayer switches, located at the distribution layer, provide many functions critical for
meeting the goals of the network design. State these functions. (5 marks)
**Functions of Routers or Multilayer Switches at the Distribution Layer:**
1. **Inter-VLAN Routing:** Routers facilitate communication between different VLANs, ensuring efficient
data flow between network segments.
2. **Traffic Segmentation:** Routers help segregate network traffic, preventing broadcast storms and
improving network performance.
3. **Quality of Service (QoS):** Routers can prioritize network traffic based on applications or services,
ensuring critical data receives higher priority.
4. **Security and Access Control:** Routers apply access control lists (ACLs) to restrict unauthorized
access to specific network resources.
5. **Redundancy and Load Balancing:** Routers can be configured with multiple links to provide
redundancy and load balancing, enhancing network reliability.
6. **Wide Area Network (WAN) Connectivity:** Routers enable connectivity between the local network
and remote sites over the WAN.

b) Discuss the six-step process to server analysis and optimization. [12 marks]
1. **Baseline Performance Measurement:** Measure the server's performance under typical loads to
establish a performance baseline.
2. **Identify Bottlenecks:** Identify components (e.g., CPU, memory, storage, network) that may cause
performance bottlenecks.
3. **Systematic Testing:** Conduct systematic testing under varying conditions to observe how the server
handles different workloads.
 4. **Resource Allocation:** Optimize resource allocation by adjusting settings, such as CPU affinity,
memory allocation, and disk caching.
5. **Tuning and Configuration:** Fine-tune server settings, database configurations, and application
parameters to maximize performance.
6. **Continuous Monitoring and Evaluation:** Continuously monitor server performance and repeat the
optimization process as needed to maintain optimal performance.
c) State any four factors you will consider before choosing a network operating system.[4 marks]
1. **Compatibility:** Ensure the network operating system is compatible with the existing hardware and
software in the organization.
2. **Scalability:** Consider the ability of the network operating system to accommodate future growth and
expansion.
3. **Security:** Evaluate the security features and mechanisms offered by the network operating system to
protect against threats.
4. **Vendor Support:** Assess the level of vendor support and availability of updates, patches, and
technical assistance.
d) Compare UNIX and Windows NT for PCs and indicate which of the two operating
systems you would select for a small firm that plans a 20-PC intranet.[6marks]
UNIX:
- Offers robust security features and strong user access controls.
- Well-suited for multi-user environments and large-scale servers.
- Generally used in enterprise-level environments and requires more technical expertise.
- Better support for command-line interfaces and scripting.
Windows NT:
- Provides a user-friendly graphical interface and is easier to use for non-technical users.
- Ideal for small to medium-sized businesses and simple network setups.
- Better compatibility with various applications and hardware.
- Offers Active Directory for centralized user management in Windows Server editions.

-For a small firm planning a 20-PC intranet, Windows NT may be a more suitable choice due to its user-friendly
interface and compatibility with common applications.

e) Justify by giving THREE reasons why a network administrator may decide to create VLANS in a
network [6 Marks]
1. **Security Segmentation:** VLANs provide a logical separation of network traffic, reducing the risk of
unauthorized access and potential security breaches.
2. **Broadcast Domain Control:** VLANs limit the broadcast domain, preventing broadcast storms and
improving network performance.
3. **Improved Network Management:** VLANs simplify network management by allowing administrators
to group devices based on their functions or departments.
f) When designing the network security system, fundamental IT systems security principles should be taken
into account. Explain the following; layered protections, defense in multiple place and defense through
diversification (9 marks)
- **Layered Protections:** Employ multiple layers of security measures to create a defense-in-depth
strategy, ensuring that if one layer is breached, others can still protect the network.
- **Defense in Multiple Places:** Distribute security mechanisms throughout the network to prevent single
points of failure and enhance overall security resilience.
- **Defense through Diversification:** Utilize diverse security technologies, protocols, and tools to
minimize vulnerabilities and reduce the likelihood of widespread compromise.
g) Briefly describe the purpose of the following information security policies when implemented in an
organization. [14 marks]
(i)Information classification
-Defines how sensitive information should be labeled, handled, and protected based on its sensitivity level.
(ii) Access control
-Specifies rules and procedures for granting or revoking access to specific resources based on users' roles and
permissions.
(iii) Backup
- Outlines the process and schedule for regular data backups to ensure data integrity and facilitate disaster
recovery.
(iv)Asset disposal
-Guides the proper and secure disposal of hardware and data, minimizing the risk of data leaks or
unauthorized access.
(v) Clear desk
- Instructs employees to keep their work areas tidy and free of sensitive information to prevent unauthorized
access.
(vi) Incidence response
- Outlines the procedures and responsibilities for responding to security incidents promptly and effectively.
(vii) Log review
- Specifies the regular review and analysis of system logs to detect and investigate any potential security
incidents or anomalies.
Question Eleven
a) While giving examples, give key differences between Discretionary access control and
mandatory access control. [4 Marks]
Discretionary Access Control (DAC):
- Allows owners of resources to set access permissions for those resources.
- Owners can grant or revoke access rights to other users.
- Commonly used in home networks and small businesses.
- Examples include file and folder permissions on Windows or Linux systems.

Mandatory Access Control (MAC):

- Access permissions are determined by a central authority or security policy.
- Users have limited control over access rights and cannot change permissions.
- Commonly used in government and military environments with strict security requirements.
- Examples include government security classifications (e.g., Top Secret, Secret).
b) Explain four main tasks of network administrator. [4 marks]
1. **Network Setup and Configuration:**
2. **Network Security Management:**
3. **Network Monitoring and Troubleshooting:**
4. **User Support and Training:**
c) State and explain four factors that affect the scope of network management. [8 marks]
1. **Network Size and Complexity:** The larger and more complex the network, the broader the scope of
network management.
2. **Technological Advancements:** The introduction of new technologies and devices may expand the
scope of network management to accommodate them.
3. **Organizational Structure:** The network management scope may differ based on the organization's
hierarchy, departments, and reporting structure.
4. **Budget and Resources:** The availability of budget and resources can influence the extent of network
management activities an organization can undertake.
d) With regard to Microsoft Windows NT4.0, what is Remote Access Service (RAS)?
Remote Access Service (RAS) in Windows NT 4.0 enables users to access the network remotely through
dial-up connections. It allows users to connect to the corporate network from a remote location using a modem
and a telephone line. RAS provides authentication, authorization, and accounting for remote users and
facilitates secure access to network resources
e) Briefly explain the AGLP group strategy that helps the network administrator to manage a large
Windows NT network. [5 marks]
The AGLP group strategy is a best practice for managing access permissions in a large Windows NT
network. It stands for:

- **Account:** Place user accounts in global groups based on their job roles or functions.
- **Global Group:** Place global groups in local groups, representing specific resource permissions.
- **Local Group:** Assign local groups to resources, granting them appropriate permissions.
- **Permission:** Define the necessary permissions for the local groups on resources.

-Using AGLP simplifies permission management by organizing users into global groups based on their roles
and then assigning those global groups to local groups with specific resource permissions.
f) UmmaUniversity has purchased the following IP address 197.5.20.0. It requires 50 hosts
per network. (Note: show your working, clearly outlining the steps you used)
i) Determine the number of usable hosts in the network (5 marks)
- The given IP address is 197.5.20.0.
- To accommodate 50 hosts per network, we need 6 bits for host addresses (2^6 = 64, minus network and
broadcast addresses).
- The subnet mask will be /26 (32 - 6 = 26 bits for the network portion).

Number of Usable Hosts in Each Subnet:

- With 6 bits for hosts, there are 64 addresses in each subnet.
- Subnet 1: 197.5.20.1 to 197.5.20.62 (62 usable hosts)
- Subnet 2: 197.5.20.65 to 197.5.20.126 (62 usable hosts)
- Subnet 3: 197.5.20.129 to 197.5.20.190 (62 usable hosts)

ii) Determine the number of subnet (1 mark)

Number of Subnets: 2^6 = 64 subnets.
iii) Determine the range of the first three subnets (3 marks)
Range of the First Three Subnets (assuming they start from 0, 64, and 128):
- Subnet 1: 197.5.20.0 to 197.5.20.63
- Subnet 2: 197.5.20.64 to 197.5.20.127
- Subnet 3: 197.5.20.128 to 197.5.20.191

g) Explain the difference between the following:[4 marks]

i. Workgroup and domain.
 - Workgroup: A group of computers connected on a peer-to-peer basis, each managing its own user accounts
and resources.
- Domain: A centralized network model with a server (domain controller) managing user accounts and
resources.

ii. Server and workstation.

-Server: A computer with specialized hardware and software designed to provide services to other computers
in the network.
- Workstation: A standard computer used by individual users to perform tasks and access network
resources.

iii.Interactive logon & remote logon.

-Interactive Logon: Occurs when a user physically interacts with a computer at its location to log in.
- Remote Logon: Occurs when a user accesses a computer or network remotely over a network connection
to log in.
Iv. Physical disk & logical disk.
- Physical Disk: The physical hardware component, such as a hard drive or solid-state drive, where data is
stored.
- Logical Disk: A partition or volume created on a physical disk and assigned a drive letter, used to
organize and manage data.

Question Twelve
a) Extended ACLs can filter based on multiple criteria, explain the criteria. (6 marks)
1. **Source IP Address:**This allows restricting or permitting traffic from specific source addresses.
2. **Destination IP Address:** Filtering based on the destination IP address of packets. This allows controlling
traffic directed to specific destinations.
3. **Protocol:** Filtering based on the transport layer protocol (e.g., TCP, UDP, ICMP). It allows permitting or
denying traffic based on the type of protocol.
4. **Source Port:** Filtering based on the source port number in the packet header. This helps control specific
services or applications based on their source port.
5. **Destination Port:** Filtering based on the destination port number in the packet header. It enables
controlling access to specific services or applications based on their destination port.
6. **TCP Flags:** Filtering based on specific TCP flags set in the packet header, such as SYN, ACK, FIN,
RST, etc. This allows fine-grained control over TCP connections.
 b) Firewalls are often deployed to provide a basic level of security when internal and external users
attempt to access the Internet via the server farm. To properly secure server farms, a more thorough
approach must be followed. Discuss the approaches. (10 marks)
1. **Segmentation:** Segment the server farm into different zones based on security requirements. Use
firewalls and security policies to control traffic between zones and limit access to sensitive resources.
2. **Intrusion Prevention Systems (IPS):** Deploy IPS devices to detect and prevent known attacks and
unusual activities targeting the server farm.

3. **Access Control Lists (ACLs):** Implement strict ACLs on routers and switches to control traffic flow to
and from the server farm.
4. **Application Firewalls:** Utilize application firewalls to inspect and filter application-specific traffic,
protecting against application-level attacks.
5. **Load Balancers:** Implement load balancers to distribute traffic across servers, enhancing availability and
resilience against DDoS attacks.
6. **Encryption:** Encrypt sensitive data transmitted between the server farm and clients to prevent data
interception.
7. **Monitoring and Logging:** Implement robust monitoring and logging systems to track network and server
activities, enabling timely response to potential threats.
c) state five benefits of a hierarchal network design. ( 5 marks)
1. **Scalability:**
2. **Redundancy and Resilience:**
3. **Efficient Traffic Flow:**
4. **Simplified Network Management:**
5. **Enhanced Security:**
c) Create a Supernet from the following networks: 192.168.55.244 and 192.168.140.120 [8 Marks]
A supernet is a contiguous block of IP addresses that is formed by aggregating smaller subnets. To create a
supernet from the given networks, we need to find the common bits in their subnet masks:

1. Convert the subnet masks to binary form:

- 192.168.55.244: 255.255.255.0 → 11111111.11111111.11111111.00000000
- 192.168.140.120: 255.255.255.0 → 11111111.11111111.11111111.00000000

2. Identify the common bits: The common bits in the subnet masks are the first 24 bits.

3. Create the supernet: The supernet will be 192.168.0.0/22, as it covers the ranges of both networks:
 - 192.168.55.244 belongs to the subnet 192.168.0.0/22
- 192.168.140.120 belongs to the subnet 192.168.0.0/22

d) Discuss rapid spanning protocol. (5 marks)

Rapid Spanning Tree Protocol (RSTP) is an evolution of the original Spanning Tree Protocol (STP). RSTP
reduces the convergence time in a switched network by using the following techniques:

1. **Port Roles:** RSTP introduces alternate and backup port roles, which are faster to transition to forwarding
state than the blocking state of STP.

2. **Port States:** RSTP simplifies the port states to only two states: discarding and forwarding, reducing the
number of transitions.
3. **Fast Transition:** RSTP minimizes the time to converge by transitioning ports faster to the forwarding
state when there are changes in the network topology.
4. **Bridge Protocol Data Units (BPDU) Optimization:** RSTP optimizes BPDU exchange and processing,
allowing quicker detection of topology changes.
5. **Link Types:** RSTP distinguishes between point-to-point and shared segments, further improving the
convergence time.

e) Human element is an important consideration in any security issue because it contributes heavily to
realization of attacks primarily because a human attacker is behind the development of an attack tool
and will still be the one run the first attack command.Social engineering is an instance of human
element in computer security.
(i) Describe how password pilfering attack may be carried out using social engineering. [4 Marks]
A password pilfering attack uses social engineering and involves tricking a user into revealing their password
through manipulative tactics. For example, an attacker may impersonate a trusted entity, such as IT support, and
contact the user via email or phone, asking for their password to "verify" their identity or solve an issue.
(iii) Describe THREE other techniques for password pilfering and corresponding preventive measures.
[6 Marks]
1. **Phishing Attacks:** Attackers create fake websites or emails that mimic legitimate ones to trick users into
entering their passwords. Preventive Measure: Educate users about phishing and encourage them to verify
website URLs and email senders.
2. **Keylogging:** Malicious software installed on a user's computer records keystrokes, including passwords.
Preventive Measure: Use up-to-date antivirus software and educate users about downloading from trusted
sources.
3. **Shoulder Surfing:** Observing someone entering their password in public places. Preventive Measure:
Encourage users to shield their passwords while entering them and be vigilant about their surroundings.

g) Identity spoofing attacks allow attackers to impersonate a victim without using the victim’s passwords.
Describe THREE forms/types of Network spoofing attacks.[6 Marks

1. **IP Spoofing:** Attackers forge the source IP address in packets to impersonate a trusted source or evade
filtering measures.
2. **ARP Spoofing:** Attackers send falsified Address Resolution Protocol (ARP) messages to associate their
MAC address with a legitimate IP address, intercepting traffic intended for the legitimate host.
3. **DNS Spoofing:** Attackers alter DNS responses to redirect users to malicious websites, leading to phishing
or other attacks.

**Advantages of OSI Model:**

1. **Modularity:**
2. **Standardization:**
3. **Simplified Troubleshooting:**
4. **Ease of Protocol Development:**
5. **Future Proofing:

Question Thirteen
a) Briefly discuss virtualization . ( 5marks)
Virtualization is the process of creating a virtual version of something, such as an operating system, server,
storage device, or network resource. It enables multiple virtual instances to run on a single physical system,
allowing for better resource utilization, isolation, and flexibility. The main points to discuss are:

- **Resource Consolidation:** Virtualization allows multiple virtual machines (VMs) to share the resources of
a single physical host, reducing hardware costs and energy consumption.
- **Isolation and Security:** Each VM operates independently of others, providing better security and isolation
for applications and data.
- **Flexibility and Scalability:** Virtual machines can be easily created, modified, and migrated, providing
flexibility in resource allocation and scalability for changing demands.
- **Snapshot and Backup:** Virtualization allows for easy snapshots and backups of entire VMs, facilitating
disaster recovery and testing environments.
- **Hardware Independence:** Virtual machines are decoupled from physical hardware, enabling applications
to run on different platforms without modification.

b) Explain how you can provide additional security to networking devices at the access layer. (6 marks)
To provide additional security at the access layer, the following measures can be taken:
- **Port Security:** Enabling port security on switch ports to limit the number of MAC addresses allowed,
preventing unauthorized devices from connecting.
- **802.1X Authentication:** Implementing 802.1X authentication for devices connecting to the network,
requiring user credentials or digital certificates for access.
- **MAC Address Filtering:** Creating a list of authorized MAC addresses and allowing only these addresses
to access the network.
- **VLAN Segmentation:** Implementing VLANs to segregate and isolate different groups of devices,
preventing unauthorized access to sensitive network segments.
- **Port-based Access Control:** Using Access Control Lists (ACLs) to control traffic flow on specific switch
ports, limiting traffic to only what is necessary.

- **Device Inventory and Management:** Maintaining an up-to-date inventory of authorized devices and
monitoring the network for any unauthorized or suspicious devices.

c) State the four key benefits of creating a server farm. (4 marks)

- **High Availability:** Server farms distribute traffic across multiple servers, ensuring continuous service
even if one server fails.
- **Scalability:** Server farms can easily accommodate increased demand by adding more servers.
- **Load Balancing:** Server farms use load balancers to distribute incoming traffic evenly across multiple
servers, preventing overloading on individual servers.
- **Redundancy:** Server farms often employ redundant components, such as power supplies and network
connections, to enhance reliability.

d) Illustrate using a diagram a basic security model that can be used to protect networks. [8 Marks]

The diagram would typically illustrate a multi-layered security model that includes the following components:
1. **Perimeter Security:** Firewalls, intrusion prevention systems, and demilitarized zones (DMZ) safeguard
the network from external threats.
2. **Network Access Control:** Access control lists (ACLs), VLANs, and 802.1X authentication control
traffic within the network.
3. **Data Encryption:** Encrypted communication channels (e.g., VPNs, SSL/TLS) ensure secure data
transmission.
4. **Identity and Access Management:** Centralized user authentication and authorization mechanisms secure
access to resources.
5. **Security Monitoring:** Intrusion detection systems (IDS) and security information and event management
(SIEM) monitor and respond to security incidents.

e) Briefly describe THREE physical controls that need to be put in place in order to protect
networked resources in an organization. [6 Marks]
- **Physical Access Control:** Restricting physical access to server rooms or network closets using access
cards or biometric authentication.
- **Surveillance and Monitoring:** Installing security cameras and monitoring systems to monitor physical
access and activities.
- **Environmental Controls:** Maintaining proper environmental conditions, such as temperature and
humidity, to ensure equipment reliability.

f) Describe while giving examples THREE types of controls that can be used to manage security risks in
an organization. [6 Marks]
- **Preventive Controls:** These controls aim to prevent security incidents from occurring. Examples include
firewalls, access controls, and encryption.
- **Detective Controls:** These controls focus on identifying and detecting security incidents. Examples
include intrusion detection systems (IDS) and security logs.
- **Corrective Controls:** These controls are applied after a security incident to mitigate its impact and restore
normal operations. Examples include backup and disaster recovery plans.

g) The diagram below illustrates a Three-way handshake mechanism employed by applications that use
TCP at transport layer. Explain what is happening in each of the

tasks pointed by arrows [9 Marks]

Question Fourteen
a) State any five rules for designing and applying ACLs. ( 5marks)
1. **Specificity:** ACLs should be as specific as possible, targeting only the necessary traffic and avoiding
unnecessary restrictions. Use standard ACLs for source-based filtering and extended ACLs for more granular
control.
2. **Sequence Order:** Order ACL entries carefully, as the router or switch processes them in order. Place
more specific rules before more general ones to avoid unintended consequences.
3. **Testing and Validation:** Always test and validate ACLs in a lab or test environment before applying
them to the production network. This helps avoid potential disruptions caused by misconfigurations.
4. **Comments and Documentation:** Document the purpose and intent of each ACL rule using comments.
This provides clarity to other administrators and helps in future troubleshooting.
5. **Regular Review and Maintenance:** Regularly review ACLs to ensure they are up-to-date and
relevant. Remove obsolete rules and adjust ACLs to accommodate changes in the network.

b) State and explain what needs to be considered in providing basic connectivity at the access layer. (6
marks)
To provide basic connectivity at the access layer, consider the following:

1. **Physical Connectivity:** Ensure that network devices are physically connected to the network
infrastructure, such as switches and access points.
2. **VLAN Configuration:** Assign devices to appropriate VLANs based on their function and security
requirements.
3. **IP Address Assignment:** Use DHCP or static IP address assignment to provide devices with unique IP
addresses for communication.
4. **Network Access Control:** Implement port security, 802.1X authentication, or MAC address filtering
to control access to the network.
c) State and explain any four wireless implementation recommended practices. (6marks)
1. **Wireless Security:** Enable WPA2 or WPA3 encryption with a strong passphrase to secure wireless
communications. Disable WEP and open networks, as they offer minimal security.
2. **Guest Network Segregation:** Create a separate guest network with limited access to internal
resources, reducing the risk of unauthorized access.
3. **Signal Coverage and Overlapping Channels:** Plan the wireless access point (AP) placement to
ensure adequate signal coverage and avoid channel interference.
4. **Firmware and Security Updates:** Regularly update wireless AP firmware and security patches to
address vulnerabilities and ensure optimal performance.

c) Microsoft active directory offers some features that make it a highly flexible directory service. Discus
the five major features [10 marks]
1. **Single Sign-On (SSO):** Active Directory allows users to sign in once and access various resources
(files, applications, etc.) within the network without repeatedly providing credentials.
2. **Group Policy:** Active Directory uses Group Policy to enforce security settings, software installations,
and other configurations across multiple devices or users within an organizational unit.
3. **LDAP Directory Services:** Active Directory is built on the Lightweight Directory Access Protocol
(LDAP), which facilitates directory management and user authentication.
4. **Domain Services:** Active Directory provides domain services, enabling centralized user management,
authentication, and authorization within a domain environment.
5. **Trust Relationships:** Active Directory supports trust relationships between domains, enabling secure
communication and resource access between different domains in a forest.

d) Define network troubleshooting and discuss three major troubleshooting techniques as applied in
networking. [8 marks]
Network troubleshooting is the process of identifying and resolving issues affecting network performance
and connectivity. Three major troubleshooting techniques are:

1. **Ping and Traceroute:** Use ping to test basic network connectivity between devices and traceroute to
identify the path taken by packets and locate potential bottlenecks.
2. **Packet Capture and Analysis:** Use network monitoring tools like Wireshark to capture and analyze
network packets to identify anomalies and errors.
 3. **Device and Interface Checks:** Physically inspect network devices and interfaces to ensure proper
cabling, link status, and interface configurations.

f) Define a network operating system (NOS) and give two examples of NOS (4 marks)
A network operating system (NOS) is a specialized operating system designed to manage and coordinate
network resources and services. Examples include Windows Server and Linux-based systems like Ubuntu
Server. NOS provides features such as file and print sharing, user authentication, security, and centralized
management of network resources.
g) Explain any four benefits of firewall. (4 marks)

1. **Network Security:**
2. **Access Control:**
3. **Content Filtering:**
4. **Virtual Private Network (VPN) Support:**

Question Fifteen

a) Discuss any four key factors that drive the need for better network design and management. (6 marks)
1. **Increasing Network Complexity:**
2. **Growing Network Traffic:**
3. **Security Concerns:**
4. **Changing Business Requirements:**

b) Standard and extended ACLs serve as the basis for other, more complex types of ACLs. With Cisco
IOS Software, you can configure three complex ACL features. Discuss the features. (6 marks)
1. **Time-Based ACLs:** These ACLs allow administrators to define time-based rules, controlling
access based on specific time intervals or schedules. For example, certain services may be allowed only
during business hours and blocked during non-business hours.
 2. **Object Groups:** Object groups group together multiple IP addresses, services, or other objects
under a single name, simplifying the creation and management of ACL rules. This feature enhances the
clarity and scalability of ACL configurations.
3. **Named ACLs:** Named ACLs offer more flexibility and readability compared to numbered
ACLs. Administrators can assign meaningful names to ACLs, making it easier to understand their
purpose and intent.

c) You have been given an IP address 172.16.1.1 determine Network address, the range of addresses you can
assign to individual hosts, Broadcast address , Network address & Subnet mask (6 marks)
**IP Address Calculation for 172.16.1.1:**

- Network Address: 172.16.1.0

- Range of Addresses for Hosts: 172.16.1.1 to 172.16.1.254 (excluding network and broadcast
addresses)
- Broadcast Address: 172.16.1.255
- Subnet Mask: The subnet mask is determined by the network class, but for a /24 subnet, it would be
255.255.255.0.

d) Differentiate between static IP-addressing and dynamic IP addressing. (3 marks)

- **Static IP Addressing:** In this method, network devices are manually assigned fixed IP addresses.
The configuration remains constant until manually changed. It provides consistency but can be
challenging to manage in large networks.
- **Dynamic IP Addressing:** In this method, IP addresses are automatically assigned to devices
using DHCP (Dynamic Host Configuration Protocol). The DHCP server dynamically allocates IP
addresses from a pool, simplifying management and allowing flexible IP address assignments.
e) Discuss the design methodology used by network designers. (6 marks)
1. **Requirements Gathering:**
2. **Network Analysis:**
3. **Network Design:**
4. **Implementation:**
5. **Testing and Validation:**
6. **Documentation:**

f) Define the following terms in network security (5 marks)

 i. Firewall
1. **Firewall:** A security device or software that monitors and controls incoming and outgoing
network traffic based on predefined rules, protecting the network from unauthorized access and
malicious activities.
ii. Network security
2. **Network Security:** The practice of implementing measures to protect network resources, data,
and communication from unauthorized access, disruption, or modification.
iii. VPN
3. **VPN (Virtual Private Network):** A secure encrypted connection that allows remote users or
branch offices to access the organization's network over the internet as if they were directly connected to
the local network.
iv. Data encryption v. network admin
4. **Data Encryption:** The process of converting plaintext data into ciphertext using cryptographic
algorithms to ensure data confidentiality during transmission and storage.
5. **Network Admin:** Short for Network Administrator, an IT professional responsible for managing
and maintaining the organization's network infrastructure, ensuring its availability, security, and
performance.

QUESTION SIXTEEN
a) There are many configuration tools available in the market, each one with a different set of features
and different complexity levels. Describe factors to be considered before choosing a configuration
management tools. [8 marks]
1. **Functionality and Features:**
2. **Scalability:**
3. **Ease of Use:**
4. **Integration and Compatibility:**
5. **Vendor Support and Community:**
6. **Security:**
7. **Reporting and Monitoring:**
8. **Cost and Licensing:**
b) Explain an IP address conflict as applied in networking [2 marks]
An IP address conflict occurs when two or more devices in a network are assigned the same IP
address. This conflict can lead to communication issues, as the network may not know which device to
direct data to when it receives requests for that IP address. IP address conflicts can result from
 manually assigning static IP addresses without proper planning or when a DHCP server assigns an IP
address that is already in use by another device.

c) Explain the design considerations for the network enterprise edge. (6 marks)
The enterprise edge is the part of the network that connects the internal network to external networks,
such as the internet or other remote locations.
When designing the enterprise edge, the following considerations are essential:

1. **Security:** Implement robust security measures, such as firewalls, intrusion detection/prevention

systems, VPNs, and access control lists, to protect the internal network from external threats.
2. **Redundancy:** Incorporate redundant connections and failover mechanisms to ensure high
availability and minimize downtime.
3. **Bandwidth and Traffic Management:** Plan for sufficient bandwidth to accommodate the
expected network traffic, and implement traffic shaping and prioritization to manage bandwidth
effectively.
4. **Address Translation:** Use Network Address Translation (NAT) to conserve public IP address
space and provide an additional layer of security.
5. **Remote Access:** Facilitate secure remote access for authorized users through technologies like
VPNs or terminal services.
6. **Load Balancing:** Implement load balancing techniques to distribute traffic across multiple
servers to ensure optimal performance and prevent overloading of individual servers.

d) Differentiate between IP address and MAC address. (3 marks)

- **IP Address:** An IP (Internet Protocol) address is a numeric address assigned to each device on a
TCP/IP network. It identifies the device's network interface and allows it to communicate with other
devices over the internet or local network. IP addresses are hierarchical and can be dynamic (assigned
by DHCP) or static (manually configured).
- **MAC Address:** A MAC (Media Access Control) address is a unique hardware address assigned
to each network interface card (NIC) by the manufacturer.
e) Describe how you can set up a Local Area Network of 15 computer in 20 x 20 metres
square room. [5 marks]
**Setting up a Local Area Network (LAN) in a 20 x 20 Metres Square Room:**
-To set up a LAN in a 20 x 20 meters square room for 15 computers, follow these steps:
 1. **Network Layout:** Plan the layout of the room and determine the placement of computers,
network switches, and network cabling. Ensure proper ventilation and cable management.
2. **Network Switch:** Install a network switch with enough ports to accommodate all 15
computers. Connect the switch to a power source and to the uplink port on an existing network router
or modem for internet connectivity.

3. **Cabling:** Run Ethernet cables from each computer's Ethernet port to the network switch. Use
Cat6 or higher cables for Gigabit speeds and reliability.
4. **IP Address Assignment:** Decide whether to use static IP addresses or DHCP for IP address
assignment. For a small network, DHCP is generally easier to manage.
5. **Network Services:** Configure the router or modem with necessary network services, such as
DHCP, DNS, and firewall rules.
6. **Connectivity Testing:** Test the connectivity between all computers and the internet (if
applicable) to ensure proper network functioning.
f) Explain any four network troubleshooting tools. [4 marks]
1. **Ping:** A basic tool that sends an ICMP echo
request to a target device to check if it is reachable and measure the round-trip time.
2. **Traceroute:** Traceroute identifies the path that packets take from the source to the destination,
helping to identify network hops and potential points of failure.
3. **Network Sniffer/Protocol Analyzer:** A network sniffer captures and analyzes packets on the
network, providing detailed information about network traffic and potential issues.
4. **Netstat:** Netstat displays active network connections, open ports, and routing tables, helping to
identify network usage and potential issues.
g) Differentiate the following (8 marks)
i. local user & domain user account
A local user account is specific to a single computer and can be used only on that computer, while a
domain user account is managed centrally in a domain controller and can be used to log in to any
computer within the domain.
ii. DHCP server & DHCP Client
A DHCP server assigns IP addresses to network devices automatically, while a
DHCP client is a device that requests and obtains an IP address from the DHCP server.
iii. Hub & router
A hub is a simple network device that connects multiple devices in a network, whereas a
router is a more intelligent device that routes data between different networks and can perform
network address translation and other functions.
 iv. baseband & broad band

Baseband transmission sends digital signals over a single channel, while

broadband transmission uses multiple channels to transmit analog or digital signals simultaneously.

QUESTION SEVENTEEN

a) Explain the meaning of network security and hence describe the principle network security defenses
(10 marks)
Network security refers to the protection of computer networks and their resources from unauthorized access,
misuse, modification, or disruption. It involves the implementation of various measures, policies, and
technologies to safeguard the integrity, confidentiality, and availability of network data and services.
**Principle Network Security Defenses:**
1. **Firewalls:** Firewalls act as a barrier between a trusted internal network and untrusted external networks,
filtering incoming and outgoing traffic based on predefined security rules.
2. **Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS):** IDS monitors network
traffic for suspicious activities, while IPS can actively block or prevent such activities in real-time.
3. **Encryption:** Encryption ensures that data transmitted over the network remains secure and confidential,
even if intercepted.
4. **Virtual Private Networks (VPNs):** VPNs create secure, encrypted tunnels over public networks,
enabling secure remote access and data transmission.
5. **Access Control Lists (ACLs):** ACLs define rules and permissions that control who can access specific
network resources.
6. **Antivirus and Antimalware Solutions:** These software tools detect and remove malicious software to
protect the network from malware threats.
7. **Security Policies:** Well-defined security policies outline rules, guidelines, and procedures for network
security, ensuring that employees and users adhere to best security practices.
8. **Authentication Mechanisms:** Implementing strong authentication methods, such as multi-factor
authentication, prevents unauthorized access to network resources.
9. **Patch Management:** Regularly applying software updates and patches helps to address known security
vulnerabilities and enhances network security.
10. **Logging and Monitoring:** Network administrators monitor network activities and log events to detect
suspicious behavior and respond to security incidents promptly.
b) Describe any five goals that you need to establish before undertaking a network design (10 marks)
1. **Requirements Gathering:**
2. **Network Topology and Layout:**
3. **Resource Allocation:**
4. **Security Planning:**
5. **Redundancy and High Availability:**
c) Network management process consists of five fundamental are: according to
international standards organizations (150) discuss each (10 marks)
1. **Fault Management:** 2. **Configuration Management:** 3. **Accounting Management:**
4. **Performance Management:** 5. **Security Management:**

d) in a given network many devices share the same piece of network media; devices vie
for time on the cable through a process called media access. Discuss the two
common media access methods (10 marks)
1. **Carrier Sense Multiple Access/Collision Detection (CSMA/CD):** Used in Ethernet networks,
CSMA/CD is a contention-based media access method. Devices listen for carrier signals before transmitting data.
If two devices transmit simultaneously and a collision occurs, they stop, wait for a random time, and then attempt
to retransmit.
2. **Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA):** Commonly used in wireless
networks, CSMA/CA is a contention avoidance media access method. Devices send a request-to-send (RTS)
signal to reserve the channel before transmitting data. Other devices wait for the clear-to-send (CTS) signal
before attempting to transmit, reducing collisions.
e) Describe the benefits of aggregating routes in large networks [4 Marks]
- Reduced Routing Table Size: Aggregating routes can significantly reduce the size of the routing table,
simplifying routing operations and reducing memory and processing requirements on routers.
- Improved Network Convergence: Aggregation reduces the number of routes that need to be advertised and
processed, resulting in faster network convergence in case of link failures or route changes.
- Enhanced Scalability: Aggregating routes makes the network more scalable as the routing table remains
manageable even in large and complex networks.
- Reduced Control Plane Traffic: Aggregation reduces the amount of control plane traffic, freeing up network
resources and improving overall network performance.
f) Which command would you type on a windows operating system’s command prompt
when you want to access the IP address of the host [2 Marks]
 ipconfig
g) Describe TWO limitations of dividing a LAN into subnets and using routers to link the
subnets [4 Marks]
1. **Increased Complexity:** Subnetting and routing introduce additional complexity to the network design,
requiring careful planning and configuration.
2. **Routing Overhead:** Routers need to process and forward packets between subnets, adding latency and
potential congestion in the network.
3. **Management Overhead:** Managing multiple subnets and routers can be more challenging than managing
a single flat network.
4. **Broadcast Traffic:** Broadcast traffic doesn't traverse routers, so larger subnets may experience increased
broadcast traffic, affecting network performance.

QUESTION EIGHTEEN

a) Network requirements translate into four primary network design goals. Explain each (6 marks)
1. **Scalability:**
2. **Reliability:**
3. **Performance:**
4. **Security:**
b) Explain any four reasons that may lead to sub-netting or segmenting of a network (6 marks)
1. **Efficient Use of IP Addresses:**
2. **Reduced Broadcast Traffic:**
3. **Improved Network Security:**
4. **Enhanced Network Performance:**
c) Use the given the IP address to answer the question that follow; IP address 196.100.10.33
(4 marks)
i) Identify the address class
ii) Identify the network portion
iii) Identify the Host portion
iv) Identify the default subnet mask
**IP Address 196.100.10.33:**
- Address Class: Class C (IP addresses starting with 192-223 are Class C).
 - Network Portion: 196.100.10 (The first three octets represent the network
portion).
- Host Portion: 33 (The last octet represents the host portion).
- Default Subnet Mask: 255.255.255.0 (Default subnet mask for Class C
addresses is /24).
d) Explain network management and highlight the typical activities involved (4 marks)
Network management involves planning, organizing, and controlling network
resources to ensure efficient network operations and performance.
Typical activities include:
1. **Monitoring:**
2. **Configuration Management:**
3. **Performance Management:**
4. **Security Management:**
5. **Fault Management:**
6. **Accounting Management:**
7. **Backup and Recovery:**

e) Given the following IP196.168.1.127 with a custom subnet mask 255.255.255.224.

-Remember:

- Class A: 1-127
- Class B: 128-191
- Class C: 192-223
- Class D: 224-239 (reserved for multicast)
- Class E: 240-255 (reserved for experimental use)
- Address Class: Class C (IP addresses starting with 192-223 are Class C).
- Network Portion: 196.168.1 (The first three octets represent the network portion).
- Host Portion: 127 (The last octet represents the host portion).
- Custom Subnet Mask: 255.255.255.224 (The custom subnet mask /27 indicates that the first 27 bits are used for
the network portion).

g) Given the IP 156.233.42.56 with a subnet mask of 7 bits

i) Deduce the network class justifying your answer (2 marks0
 ii) Determine the possible number of usable hosts and usable subnets. Show
your working (6 marks)
To determine the network class for the IP address 156.233.42.56 with a subnet mask of 7
bits, we need to examine the first octet of the IP address. The valid ranges for the first octet
of each IP address class are:
-In this case, the first octet of the given IP address (156) falls within the range of Class B
addresses (128-191). Therefore, the network class for the given IP address is Class B.

Now, let's determine the possible number of usable hosts and usable subnets with a 7-bit
subnet mask (255.255.254.0 in binary).

- Number of Host Bits: With a 7-bit subnet mask, there is only one bit available for host
addresses (2^1 = 2).
- Number of Usable Hosts: The number of usable hosts in each subnet is 2^(number of host
bits) - 2 (minus two to exclude the network and broadcast addresses). In this case, there are
(2^1) - 2 = 2 - 2 = 0 usable hosts since the subnet mask has only one bit for host addresses.
- Number of Subnet Bits: With a 7-bit subnet mask, there are 7 bits available for subnetting
(2^7 = 128).
- Number of Usable Subnets: The number of usable subnets can be calculated using the
formula 2^(number of subnet bits). With 7 bits for subnetting, there are 2^7 = 128 usable
subnets.