Lesson 12: Ensuring Network Availability

Question 1

Define SSH (Secure Shell)

Answer 1

Application protocol supporting secure tunneling and remote terminal emulation and file copy (SFTP). SSH runs over TCP port 22.

Question 2

What is a SSH host key?

Answer 2

A public/private key pair used to identify an SSH server

Question 3

What purpose does an SSH host key serve?

Answer 3

To identify the SSH server and set up a secure channel for the client to submit authentication credentials

Question 4

What are the various methods to authenticate with an SSH server?

Answer 4

1. Username/password
2. Public key authentication
3. Kerberos

Question 5

What commands starts the SSH server on a device?

Answer 5

sshd

Question 6

What command creates a host key?

Answer 6

ssh-keygen

Question 7

What command is used to store private keys?

Answer 7

ssh-agent

Question 8

What command is used to connect a ssh client to a host?

Answer 8

ssh hostname or IP

Question 9

What command is used to transfer a file using ssh?

Answer 9

scp Username@Host:RemoteFile /Local/Destination

Question 10

What is Telnet?

Answer 10

Application protocol supporting unsecure terminal emulation for remote host management. Telnet runs over TCP port 23.

Question 11

Why is Telnet unsecure?

Answer 11

Telnet connections are not encrypted and are vulnerable to packet sniffing and replay

Question 12

What port does RDP use?

Answer 12

TCP port 3389

Question 13

Define Network Time Protocol (NTP)

Answer 13

Application protocol allowing machines to synchronize to the same time clock that runs over UDP port 123

Question 14

How do client hosts receive time?

Answer 14

Using Simple NTP (SNTP) over UDP port 123; can’t act as a time source

Question 15

What windows command is used to configure NTP?

Answer 15

w32tm

Question 16

What is the file to configure for NTP in linux?

Answer 16

/etc/ntp.conf

Question 17

Define a bottleneck

Answer 17

Troubleshooting issue where performance for a whole network or system is constrained by the performance of a single link, device, or subsystem

Question 18

Define Simple Network Management Protocol (SNMP)

Answer 18

Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default

Question 19

What is needed for SNMP?

Answer 19

SNMP Agents and a SNMP monitor

Question 20

What is the purpose of an SNMP agent?

Answer 20

Installed on a device for monitoring/management, maintains a Management Information Database (MIB) that holds device statistics referred to by a numeric object identifier (OID)

Question 21

What is a Object Identifiers (OID)

Answer 21

A unique numeric value assigned to each statistic stored in a management information database (MIB)

Question 22

How is an SNMP agent configured?

Answer 22

With the community name of the computers allowed to manage the agent and the IP address or hostname of the server running the management system

Question 23

What is the function of a community name?

Answer 23

Acts as a password

Question 24

Define an SNMP monitor

Answer 24

A management software that allows to oversee network activity by polling agents for data for their management information databases (MIB)

Question 25

What are the two ways an SNMP monitor can poll data from a SNMP agent?

Answer 25

1. Get
2. Trap

Question 26

What is the get function in a SNMP monitor?

Answer 26

The software queries the agent for a single object identifier (OID) at regular intervals

Question 27

What is the trap function in a SNMP monitor?

Answer 27

The agent informs the monitor of a notable event once a set threshold is reached

Question 28

What port does the SNMP monitor use for the get functnction?

Answer 28

UDP port 161

Question 29

What port does the trap function use for a SNMP monitor?

Answer 29

UDP port 162

Question 30

What do system logs typically contain?

Answer 30

Records startup events, changes to the OS, kernel processes, and driver

Question 31

What do application logs typically contain?

Answer 31

Data from specific services such as DNS, HTTP

Question 32

What do audit logs typically contain?

Answer 32

authentication attempts, privilege authorization/escalation

Question 33

Define a log collector

Answer 33

Aggregates event messages from devices that are configured to send logs to it

Question 34

Define Syslog

Answer 34

Application protocol and event logging format enabling different appliances and software applications to transmit logs or event records to a central server

Question 35

What port does Syslog use?

Answer 35

UDP port 514

Question 36

What is the range of syslog severity levels?

Answer 36

1-7

Question 37

What is a logging level configuration?

Answer 37

determines the level at which events are recorded or forwarded on each host

Question 38

What is a heartbeat test?

Answer 38

A mechanism that probes a device to ensure it is available

Question 39

Define Quality of Service (QoS)

Answer 39

The use of mechanisms or technologies that control network traffic and ensure the performance of critical applications with limited network capacity

Question 40

What functions does Quality of Service (QoS) offer?

Answer 40

Prioritize traffic, which includes offering dedicated bandwidth, controlled jitter, and lower latency.

Question 41

How can latency be tested?

Answer 41

1. Ping
2. Pathping
3. mtr

Question 42

Define Jitter

Answer 42

Defined as being a variation in the delay. Jitter manifests itself as an inconsistent rate of packet delivery. Jitter is also measured in milliseconds

Question 43

What is the max latency for VoIP to function properly?

Answer 43

150 ms, 300ms round trip time (RTT)

Question 44

What are the network components Quality of Service (QoS)?

Answer 44

1. Control plane
2. Data plane
3. Management plane

Question 45

Define control plane in Quality of Service (QoS)

Answer 45

Determines how traffic should be prioritized and where is should be switched/routed

Question 46

Define data plane in Quality of Service (QoS)

Answer 46

Performs switching/routing of traffic

Question 47

Define management plane in Quality of Service (QoS)

Answer 47

Monitors traffic conditions

Question 48

What appliance/software is used to apply QoS functions?

Answer 48

A traffic shaper

Question 49

What tools can be used to measure network throughput?

Answer 49

1. iperf
2. Ttcp
3. bwping

Question 50

How can throughput be mesaured manually?

Answer 50

1. Transfer a file between two hosts, record the file size and the time it takes
2. Take the file size and convert to bits, then divide that number by the amount of seconds it took for the file transfer to complete

Question 51

Define a top talker

Answer 51

Interfaces that generate the most outgoing traffic in terms of bandwidth

Question 52

Define a top listener

Answer 52

Interfaces that receive the most incoming traffic

Question 53

What are two bandwidth speed testing tools?

Answer 53

1. Broadband speed checker/test
2. Website performance checker

Question 54

Define a broadband speed checker

Answer 54

Test how fast the local broadband link to the internet is; tests downlink and uplink speeds using latency ping

Question 55

Define a website performance checker

Answer 55

Queries a website to work out how quickly pages load

Question 56

What is NetFlow

Answer 56

A packet analyzer that measures network stats

Question 57

What are the three components of NetFlow?

Answer 57

1. Exporter
2. Collector
3. Analyzer

Question 58

What is the NetFlow exporter function?

Answer 58

Configured on network appliances (switch/router/firewall), and creates a “traffic flow” from each device defined by IP source and destination and protocol type

Question 59

What is the NetFlow collector function?

Answer 59

Aggregates flows from multiple exporters

Question 60

What is the NetFlow analyzer function?

Answer 60

Reports and intercepts information by querying the collector, can also be used to generate alerts/notification

Question 61

What is link state?

Answer 61

Measures whether an interface is up or down

Question 62

What is the reset metric?

Answer 62

The number of times an interface has restarted over the counter period

Question 63

What is the utilization metric?

Answer 63

Data transferred over a period of time, measured in bits per second or as a percentage of available bandwidth

Question 64

What is error rate?

Answer 64

The number of packets per second that cause errors

Question 65

What causes an interface to discard/drop packets/frames?

Answer 65

checksum errors, mismatched MTUs, packets that are too small (runts) or too large (giants), high load, or configuration errors

Question 66

What are the typical causes of a Cyclic Redundancy Check (CRC) error?

Answer 66

Interferance/attenuation, poor cable quality, termination, mismatch cable types

Question 67

What is an encapsulation error?

Answer 67

When frame format is not expected on a link.

Question 68

What causes encapsulation error?

Answer 68

1. Incorrect ethernet/WAN frame type
2. Ethernet trunk interfaces don’t use the same format

Question 69

How many different traffic classes can be defined by 802.1Q Quality of Service?

Answer 69

8 different traffic classes

Question 70

What does a syslog alert with code 2 represent?

Answer 70

Critical level

Question 71

What does a syslog alert with code 5 represent?

Answer 71

A notice indicating that current state could lead to error

Question 72

What does a syslog alert with code 1 represent?

Answer 72

A fault requiring immediate remediation; Critical Error

Question 73

What does a syslog alert with code 3 represent?

Answer 73

Indicates a non-urgent fault

Question 74

What is sufficient bandwidth for VoIP?

Answer 74

100Kbps

Question 74

Define latency

Answer 74

the time it takes for a transmission to reach the recipient, measured in milliseconds (ms)

Question 74

Define Bandwidth

Answer 74

Referred to as the amount of data that can transmitted (measured in Mbps or Gbps)