Network+ Flashcards

Question

Network security groups:

Answer 1

Allows you to filter network traffic. Can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources.

Answer 2

Consists of a set of ingress and egress security rules that apply to all the VNICs in any subnet that the list is associated with.

Answer 3

A device or node that connects networks by translating protocols.

Answer 4

You can use this so that instances in a private subnet can connect to services outside your VPC, but external services cannot initiate a connection with those instances.

Answer 5

Provides cloud services to just about anyone.

Answer 6

Serves only one customer or organization and can be located on the customer's premises or off the customer's premises.

Answer 7

A mixed computing environment where applications are run using a combination of computing, storage, and services in different environments.

Answer 8

A form of cloud computing where a firm subscribes to a third-party software and receives a service that is delivered online.

Answer 9

Delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model.

Answer 10

Supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model.

Answer 11

Refers to how well a system can adapt to increased demands.

Answer 12

Refers to the ability of a cloud to automatically expand or compress the infrastructural resources on a sudden up and down.

Answer 13

A single instance of a system serves multiple customers.

Answer 14

- An IP network protocol used to determine if a particular service or host is available.

Answer 15

A protocol for sending packets that does error-checking to ensure all packets are received and properly ordered.

Answer 16

A protocol for sending packets quickly with minimal error-checking and no resending of dropped packets.

Answer 17

Method of encapsulation of IP packet in a GRE header which hides the original IP packet.

Answer 18

A set of protocols developed to support the secure exchange of packets between hosts or networks.

Answer 19

An IPsec protocol that authenticates that packets received were sent from the source identified in the header of the packet.

Answer 20

An IPsec protocol that provides authentication, integrity, and encryption services.

Answer 21

Method used by IPSec to create a secure tunnel by encrypting the connection between authenticated peers.

Answer 22

A form of message delivery in which a message is delivered to a single destination.

Answer 23

A form of transmission in which a message is delivered to a group of hosts.

Answer 24

A network addressing and routing method in which incoming requests can be routed to a variety of different locations or "nodes."

Answer 25

Used to transmit a message to any reachable destination in the network without the need to know any information about the receiving party.

Answer 26

- 5.0 GHz. - 2.4 GHz.

Answer 27

- 5.0 GHz frequency band. - Maximum data signaling rate of 54 Mbps.

Answer 28

- 2.4 GHz frequency range. - Maximum data signaling rate of 11 Mbps.

Answer 29

- 2.4 GHz frequency range. - Maximum data signaling rate of 54 Mbps.

Answer 30

- 2.4 GHz frequency band. - 5.0 GHz frequency band. - Maximum data signaling rate of up to 600 Mbps. - Multiple Input / Multiple Output (MIMO).

Answer 31

- 5.0 GHz frequency band. - Maximum data signaling rate of up to 6.933 Gbps. - Multi-User Multiple Input / Multiple Output (MU-MIMO).

Answer 32

- 2.4 GHz frequency band. - 5.0 GHz frequency band. - Maximum data signaling rate of up to 9.607 Gbps. - Multi-User Multiple Input / Multiple Output (MU-MIMO).

Answer 33

- Yagi antenna. - Dish antenna. - Parabolic antenna.

Answer 34

- Radio network distributed over land through cells where each cell includes a fixed location transceiver known as base station. - These cells together provide radio coverage over larger geographical areas.

Answer 35

PoE (Power over Ethernet).

Answer 36

- PoE++. - 4PPoE.

Answer 37

- Uses lasers. - Longer distance and smaller diameter. - Used in telecom and CATV networks.

Answer 38

- Uses LEDs. - Shorter distance and wider diameter. - Used in LAN, security systems, and CCTV.

Answer 39

Allows direct communication between devices over copper wire.

Answer 40

A variant of coaxial cables, which features two inner conductors instead of one and is used for very-short-range high-speed signals.

Answer 41

Insulated copper wire; used to carry high-speed data traffic and television signals.

Answer 42

- Plenum cables are engineered with fire-retardant materials, emitting minimal smoke and toxic fumes in case of fire. - Non-plenum cables often come at a lower cost than plenum cables.

Answer 43

A physical and data layer technology for LAN networking.

Answer 44

A set of rules governing the exchange or transmission of data between devices.

Answer 45

- A high-speed data transfer protocol providing in-order, lossless delivery of raw block data. - Primarily used to connect computer data storage to servers in storage area networks (SAN) in commercial data centers.

Answer 46

Fiber optic transceiver module type supporting duplex 1 Gbps (SFP) or 10 Gbps (SFP+) links.

Answer 47

- Small, high-density pluggable interface used for high-speed data transmission. - It connects between network devices and fiber optic or copper cables, providing multiple channels for simultaneous data transmission.

Answer 48

Fiber-optic cable connector that corresponds to the mini form-factor standard.

Answer 49

Push/pull connector used with fiber optic cabling.

Answer 50

Bayonet-style twist-and-lock connector for fiber optic cabling.

Answer 51

Accommodates multiple fibers in a single physical connector interface.

Answer 52

Connector wired for one telephone line.

Answer 53

A common connector or plug used on the end of the network cable.

Answer 54

Used with Coaxial Cabling.

Answer 55

Every computer connects to every other computer; no central connecting device is needed.

Answer 56

A physical topology that combines characteristics of more than one simple physical topology.

Answer 57

A network topology where all devices are connected to a central hub or switch, which manages the data flow between them.

Answer 58

A newer network topology that consists of just two layers.

Answer 59

A data transmission that involves one transmitter and one receiver.

Answer 60

- Access layer: Provides access points for hosts to connect to the network. - Distribution layer: Acts as an intermediary between the Core Layer and the Access Layer, and keeps local traffic confined to local networks. - Core layer: Handles and transports huge amounts of data quickly and reliably and connects multiple end networks together.

Answer 61

A network design where the core and distribution layers are collapsed or combined into a single layer of switches.

Answer 62

Data transmission pattern that describes data flow between local network endpoints and external networks and services, such as the World Wide Web, cloud services, etc.

Answer 63

Transfer of data packets from server to server within a data center.

Answer 64

A networking feature in operating systems that enables DHCP clients to self-configure an IP address and subnet mask automatically when a DHCP server isn't available.

Answer 65

Defined the 3 ranges of private IPv4 Addresses: - 10.0.0.0 - 10.255.255.255 /8 - 172.16.0.0 - 172.31.255.255 /16 - 192.168.0.0 - 192.168.255.255 /32

Answer 66

- Used to test the IP stack on the local computer. - Can be any address from 127.0.0.1 through 127.255.255.254.

Answer 67

- Public networks are "open" access networks prioritizing accessibility and availability over network performance and security. - Private networks are "closed" and secure networks prioritizing network safety, confidentiality, and performance over accessibility and ease of use.

Answer 68

The act of dividing a network into smaller logical subnetworks.

Answer 69

- The capability to specify a different subnet mask for the same Class A, B, or C network number on different subnets. - VLSM can help optimize available address space.

Answer 70

- Allows network administrators to expand the number of network nodes assigned to an IP address. - Based on the idea that IP addresses can be allocated and routed based on their network prefix rather than their class.

Answer 71

1.x.x.x to 126.x.x.x

Answer 72

128.x.x.x - 191.x.x.x

Answer 73

192.x.x.x - 223.x.x.x

Answer 74

224.x.x.x - 239.x.x.x

Answer 75

240.x.x.x - 255.x.x.x

Answer 76

The entire network, including all security devices, is virtualized.

Answer 77

An extension of the SDN practices to connect to entities spread across the internet to support WAN architecture especially related to cloud migration.

Answer 78

Refers to systems or technologies that have built-in information about individual applications, allowing them to better interact with these applications.

Answer 79

A software component is unaware regarding the specific nature of the components or input with which it interacts.

Answer 80

- Mechanism which allows unconfigured devices to automatically load deployment files upon power-on, including system software, patch and configuration files. - Eliminates the need for onsite, manual configuration and deployment.

Answer 81

Practice of managing access policies from a single, centralized location.

Answer 82

The technology used in creating this tunnel between nodes on an SDN computer network.

Answer 83

Technology that connects two or more data centers together over short, medium, or long distances using high-speed packet-optical connectivity.

Answer 84

The encapsulation or framing of data for transmission over the physical medium.

Answer 85

An approach to access control in IT networks that does not rely on trusting devices or network connections; rather, it relies on mutual authentication to verify the identity and integrity of devices, regardless of their location.

Answer 86

Security model in ASP.NET Core that decouples authorization and application logic. It centers around three main concepts: policies, requirements, and handlers.

Answer 87

The process of giving someone permission to do or have something.

Answer 88

User is only given access needed to perform job.

Answer 89

A new type of network architecture that combines both network security and wide area network (WAN) capabilities into a single solution.

Answer 90

A collection of integrated, cloud-centric security capabilities that facilitates safe access to websites, software-as-a-service (SaaS) applications and private applications.

Answer 91

- A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration. - Automation and source control.

Answer 92

- Playbooks/templates/ reusable tasks. - Configuration drift/compliance. - Upgrades. - Dynamic inventories.

Answer 93

- Version control. - Central repository. - Conflict identification. - Branching.

Answer 94

- 128 bit address written in hexadecimal. - 8 octets.

Answer 95

A data transport technique in which a data packet is transferred inside the frame or packet of another protocol, enabling the infrastructure of one network to be used to travel to another network.

Answer 96

A type of network that supports both IPv4 and IPv6 traffic.

Answer 97

Together with DNS64, the primary purpose of NAT64 is to allow an IPv6-only client to initiate communications to an IPv4-only server.

Answer 98

An type of routing used by a network administrator to manually specify the mappings in the routing table.

Answer 99

Allows a router to determine the best route between two nodes automatically and then store this information in a routing table.

Answer 100

The postal service of the Internet. When someone drops a letter into a mailbox, the Postal Service processes that piece of mail and chooses a fast, efficient route to deliver that letter to its recipient.

Answer 101

A dynamic routing protocol designed by Cisco Systems; it is used for automating routing decisions and configuration on computer networks.

Answer 102

An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.

Answer 103

In the event there are multiple routes to a destination with the same prefix length, the route learned by the protocol with the lowest administrative distance is preferred.

Answer 104

The longest-matching route is preferred first.

Answer 105

In the event there are multiple routes learned by the same protocol with same prefix length, the route with the lowest metric is preferred.

Answer 106

A technique that allows private IP addresses to be used on the public Internet.

Answer 107

A port number is tracked with the client computer's private address when translating to a public address.

Answer 108

A networking protocol designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address.

Answer 109

An IP address and a specific port number that can be used to reference different physical servers.

Answer 110

A virtual interface that is created by dividing up one physical interface into multiple logical interfaces.

Answer 111

A logical network that can separate physical devices without regard to the physical location of the device.

Answer 112

Saved in either Flash or NVRAM, depending on the model of switch.

Answer 113

A logical interface on a layer 3 switch that provides layer 3 processing for packets from all switch ports associated with a VLAN.

Answer 114

Untagged traffic that arrives on an 802.1Q trunk port is placed on a VLAN designated as the native VLAN.

Answer 115

A VLAN defined for use by IP Phones, with the Cisco switch notifying the phone about the voice VLAN ID so that the phone can use 802.1Q frames to support traffic for the phone and the attached PC (which uses a data VLAN).

Answer 116

A method of adding a 4-byte tag to Ethernet frames to identify the VLAN that they belong to.

Answer 117

Allows multiple physical connections to be logically bundled into a single logical connection.

Answer 118

- A Layer 2 link management protocol that provides path redundancy while preventing loops in the network. - 5 states (disabled, blocking, listening, learning, forwarding).

Answer 119

The largest packet size supported on an interface.

Answer 120

Usually 9000 bytes long, though technically anything over 1500 bytes qualifies, these frames make large data transfer easier and more efficient than using the standard frame size.

Answer 121

Refers to the range of frequencies occupied by a WiFi channel.

Answer 122

Channels 1, 6, and 11.

Answer 123

It is an extension of 802.11a, allowing for a fourth band frequency (known as UNII-2 Extended).

Answer 124

A Wi-Fi frequency range that has 14 channels.

Answer 125

- At this higher frequency, throughput is faster. - On the negative side, the transmission range is shorter, as the signal gets attenuated by objects such as walls and floors.

Answer 126

A new development in Wi-Fi technology.

Answer 127

A technique used in wireless networks to optimize the distribution of devices between different frequency bands.

Answer 128

A network name that wireless routers use to identify themselves.

Answer 129

MAC address of an access point supporting a basic service area.

Answer 130

An SSID applied to an Extended Service Set as a network naming convention.

Answer 131

Networks composed of multiple Wi-Fi access points that create a wide area network that can be quite large.

Answer 132

A network created when two wireless devices connect to each other directly.

Answer 133

A data transmission that involves one transmitter and one receiver.

Answer 134

Network where devices connect via a central device like a router.

Answer 135

A network security technology for Wi-Fi wireless networks that provides stronger data protection and network access control.

Answer 136

The latest Wi-Fi security standard that tackles the shortcomings of WPA2.

Answer 137

Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet.

Answer 138

- While easy to set up, PSK poses security risks if the key is weak or shared with unauthorized users. - Enterprise authentication, also known as 802.1X or WPA-Enterprise, is a more secure and scalable method.

Answer 139

A device that is separate from other network devices including other autonomous access points and that contains all the intelligence required for wireless authentication, encryption, and management.

Answer 140

A device that cannot work independently and relies on an external wireless LAN controller (WLC)

Answer 141

Contains an edge switch, a patch panel, and other associated equipment to support the floor and offices nearest to it.

Answer 142

The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects.

Answer 143

- Port side intake is suitable for mounting switches on a rack. - In a rack setup, multiple switches can be installed consecutively, and hot air can be expelled through the rear air vent, maximizing the rack's cooling capacity. - Port side exhaust is suitable for mounting switches on a wall.

Answer 144

A wall-mounted panel of data receptors into which cross-connect patch cables from the punch-down block are inserted.

Answer 145

The fiber equivalent of a patch panel; used to terminate horizontal fiber cabling.

Answer 146

An alternative power supply device that protects against the loss of power and fluctuations in the power level by using battery power to enable the system to operate long enough to back up critical data and safely shut down

Answer 147

A device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment.

Answer 148

An electromotive force or potential difference expressed in volts.

Answer 149

Humidity, fire suppression, and temperature.

Answer 150

A diagram that displays specific connections and explains why a network system functions in a specific manner; used for diagnostics.

Answer 151

- Shows network devices like routers, firewalls, voice gateways, subnets, VLAN IDs, subnet masks, and IP addresses. - It also shows routing protocols, traffic flows, routing domains, and network segments.

Answer 152

A drawing that shows the devices stacked in a rack system and is typically drawn to scale.

Answer 153

General network documentation indicating each cable's source and destination as well as where each network cable runs.

Answer 154

A catalog of assets that need to be protected.

Answer 155

- Planning, tracking, and managing the Internet Protocol address space used in a network. - Integrates DNS and DHCP so that each is aware of changes in the other.

Answer 156

Part of a service contract where the service expectations are formally defined.

Answer 157

A process of planning and designing a wireless network, to provide the required wireless coverage, data rates, network capacity, etc.

Answer 158

Product life-cycle phase where mainstream vendor support is no longer available.

Answer 159

When a device or application is no longer provided with basic service and security support for patching and customer service.

Answer 160

- Software that is permanently stored in a chip. - The BIOS on a motherboard is an example of this.

Answer 161

Refers to the process of officially stopping the use of something and removing it from service.

Answer 162

A process to properly track changes to a system's configuration through its whole lifecycle.

Answer 163

The version of the Cisco device configuration stored in the NVRAM of the system.

Answer 164

- The standard, approved configuration of a system. - It can specify things like the approved operating system, patching levels and installed software.

Answer 165

- An Internet Standard protocol for collecting and organizing information about managed devices on IP networks. - It is an application layer protocol. - Ports 161/162.

Answer 166

- A type of SNMP protocol data unit (PDU). - Unlike other PDU types, with this, an agent can send an unrequested message to the manager to notify about an important event.

Answer 167

A virtual database included in an SNMP-compliant device, containing information about configuration and state of the device that can be queried by the SNMP management station.

Answer 168

SNMP version(s) that use MD5 encryption.

Answer 169

SNMP uses these to establish trust between a network management station and agent on a managed device.

Answer 170

Amounts to nothing more than a password (community string) sent in clear text between a manager and agent.

Answer 171

Anomaly alerting/notification.

Answer 172

The practice of gathering up disparate log files for the purposes of organizing the data in them and making them searchable.

Answer 173

An application that collects and analyzes log data to monitor critical activities in an organization.

Answer 174

A syslog server integrated to SIEM - can receive messages from different systems/devices:

Answer 175

A set of software routines that allows one software system to work with another.

Answer 176

The practice of duplicating all traffic on one port in a switch to a second port.

Answer 177

A setting that when turned on allows a computer to see other computers on a network and to be seen by those other computers.

Answer 178

The process of checking the uptime, functionality, speed, and performance of infrastructure components such as servers and applications.

Answer 179

A process for assessing or testing the level of compliance with the established baseline configuration of software systems or servers.

Answer 180

Used to measure your preparedness and manage expectations during recovery.

Answer 181

- The maximum amount of data that can be lost after a recovery from a disaster before data loss will exceed what is acceptable to an organization. - "How much data can I afford to lose?" - Determines the maximum age of the data or files in backup storage needed to be able to meet the objective specified by the RPO, should a network or computer system failure occur.

Answer 182

The maximum tolerable time to restore an organization's information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system.

Answer 183

The average amount of time a computer repair technician needs to resolve the cause of a failure through replacement or repair of a faulty unit.

Answer 184

The average time until a component fails, cannot be repaired, and must be replaced.

Answer 185

A separate facility that does not have any computer equipment but is a place where employees can move after a disaster.

Answer 186

A separate facility with computer equipment that requires installation and configuration.

Answer 187

A separate and fully equipped facility where the company can move immediately after a disaster and resume business.

Answer 188

A configuration in which all load balancers are always active.

Answer 189

A configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a "listening mode."

Answer 190

Exercises that simulate an emergency situation but in an informal and stress-free environment.

Answer 191

The process of ensuring that the tested and developed software satisfies the client/user needs.

Answer 192

DHCP lease assignments that enable you to configure a permanent IP address for a client.

Answer 193

The predefined range of addresses that can be leased to any network device on a particular segment.

Answer 194

- The specified amount of time that an IP configuration assigned by DHCP is valid. - It is specified when a device is assigned an IP configuration.

Answer 195

Options that are assigned when the addresses are assigned or renewed, including the default gateway and the primary and secondary DNS servers.

Answer 196

Used to forward request and replies between a DHCP server and client when the server is present on the different network.

Answer 197

IP addresses residing within the exclusion range are excluded from the pool of available IP addresses.

Answer 198

A feature of IPv6 in which a host or router can be assigned an IPv6 unicast address without the need for a stateful DHCP server.

Answer 199

A suite of extensions to the domain name system used to protect the integrity of DNS records and prevent some DNS attacks.

Answer 200

Domain Name System (DNS) over Hypertext Transfer Protocol using Transport Layer Security (HTTPS).

Answer 201

The DNS name resolution service that uses TLS to encrypt communications between the client and server to ensure privacy and confidentiality.

Answer 202

A type of DNS data record that maps the IPv4 address of an Internet-connected device to its domain name.

Answer 203

The DNS record that maps a hostname to a 128-bit IPv6 address.

Answer 204

Sometimes referred to as an Alias, maps an alias DNS domain name to another primary or canonical name.

Answer 205

A DNS record type that specifies the DNS hostname of the mail server for a particular domain name.

Answer 206

Adds text into the DNS.

Answer 207

Indicates which DNS nameserver has the authority.

Answer 208

Maps an IP address to a domain/host name.

Answer 209

A DNS lookup file that holds A records.

Answer 210

- A DNS lookup file that holds A records where the IP addresses must be stored in reverse— with the last octet listed first. - For example, the IP address 1.2.3.4 would be stored in a PTR record as 4.3.2.1.

Answer 211

- Primary and secondary zones where the server holds the records are authoritative. - Forwarded requests are non-authoritative.

Answer 212

- Primary DNS servers contain all relevant resource records and handle DNS queries for a domain. - By contrast, secondary DNS servers contain zone file copies that are read-only, meaning they cannot be modified.

Answer 213

Process by which a DNS server uses the hierarchy of zones and delegations to respond to queries for which it is not authoritative.

Answer 214

File used to resolve FQDNs into IP addresses.

Answer 215

A protocol used to synchronize clocks throughout a computer network.

Answer 216

- Provides cryptographic security for the client-server mode of the Network Time Protocol (NTP). - This allows users to obtain time in an authenticated manner.

Answer 217

Interconnects two sites.

Answer 218

Clients from the Internet can connect to the server to access the corporate network or Local Area Network (LAN) behind the server but still maintains the security of the network and its resources.

Answer 219

Creates a secure, remote-access VPN tunnel using a web browser without requiring a software or hardware client.

Answer 220

- Split tunnel - only some traffic over secure VPN while the rest of the traffic directly accesses the Internet. - Full tunnel - all of the traffic is sent over the secure VPN.

Answer 221

A system on a network used to access and manage devices in a separate security zone.

Answer 222

In-band management uses the same network infrastructure for management traffic, while out-of-band management uses a separate dedicated network.

Answer 223

Any data sent over a network.

Answer 224

Data stored on a drive, in the cloud, or otherwise not currently utilized by the owner, group, or other network personnel.

Answer 225

Digitally signed electronic documents that bind a public key with a user identity.

Answer 226

System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication.

Answer 227

A signed digital certificate that does not depend upon any higher level authority for authentication.

Answer 228

The security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

Answer 229

Using one authentication credential to access multiple accounts or applications.

Answer 230

Protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.

Answer 231

- Protocol that defines how a client can access information, perform operations, and share directory data on a server. - Port 389.

Answer 232

An XML-based standard used to exchange authentication and authorization information.

Answer 233

A family of protocols made by Cisco used for authentication and authorization through a centralized server.

Answer 234

A computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness.