Advanced Networking Devices

Question 1

PPTP

Answer 1

A protocol that works with PPP to provide a secure data link between computers using encryption.

Question 2

L2TP

Answer 2

A VPN protocol developed by Cisco that can run on almost any connection imaginable. L2TP has no authentication or encrtption but uses IPsec for all its security needs.

Question 3

in-band management

Answer 3

Allows configuration over the network.

Question 4

out-of-band management

Answer 4

One port is dedicated as a management port. configuration can only be done via that port.

You’ll find out-of-band management options –management URL, modem connection, console port – on switches and on routers. CompTIA uses the term console router to describe a router with out-of-band management capabilities.

Question 5

Trunking

Answer 5

is the process of transfering VLAN traffic between two or more switches. To do this you will need to configure a trunk port on each switch that will then carry all traffic, regardless of VLAN number, between all switches in a LAN

IEEE 802.1Q is the trunk standard

Question 6

VLAN Tagging

Question 7

multi-layer switch port addressing:

Answer 7

A switch opterating at layer 3 requires each port to have an IP address, because the routing table uses the IP addess to determine where to send packets. Cisco uses the terms switchport and router port to differentiate betweec the two types of ports.

Question 8

Load Balancing

Answer 8

Means making a bunch of servers look like a single server, creating a server cluster.

DNS load balancing

Content Switch

QoS and Traffic Shaping

Port Bonding (link aggregation/NIC bonding/NIC teaming/port affrefation)

Question 9

IDS

Answer 9

Intrusion Detection System – is an application (often running on a dedicated box) that inspects a copy of packets, looking for active intrusions. An IDS functions inside the network. Sits outside the flow of traffic.

An IDS in promiscuouus mode inspects a copy of every pcket on a network.

Question 10

NIDS

Answer 10

Network Bases IDS – consists of multiple sensors placed around the network, often on one or both sides of the router.

NIDS scans using signature files, thus it is a signature-based IDS

Question 11

HIDS

Answer 11

Host-based IDS – is software running on individual systems that monitors for events such as system file modification or registry changes.

A host-based IDS watches for suspicious behavior on systems, thus it is behavior-based IDS

Question 12

IPS

Answer 12

Intrusion Preventions System – sit directly in the flow of traffic. Can directly stop an attack while it si gappening.

The network bandwidth and latency take a hit.

Question 13

Proxy Server

Answer 13

sits between clients and external servers, essentially pocketing the repuests from the clients for server resources and making those requests itself. The client computers never touch the outside servers and thus stay protected from any unwanted activity.

Question 14

Forward Proxy Server

Answer 14

Acts on behalf of clients, getting information from various sources and handing that informaition to the clients.

Question 15

Reverse Proxy Server

Answer 15

Acts on behalf or its servers

Question 16

Traffic Shaping

Answer 16

Controlling the flow of packets into or out of the network according to the type of packet or other rules.

Question 17

802.1X

Answer 17

Port Authentication