Networking Concepts (Chapter 1) Flashcards

Question

Router

Answer 1

Responsible for making forwarding decisions between routers based on Layer 3 (Network layer) IP addresses. - can learn routes location and store them in routing table - can use rewrite layer 2 (Data Link Layer) depending on the network medium type ( WiFi, ethernet, ect) - built in Wireless Access Points

Answer 2

Makes forwarding decisions based on Layer 2 MAC address, builds MAC address tables based on frames coming into its ports Layer 3 switch allows for routing capabilities.

Answer 3

Software or hardware appliance that separate the untrust network (internet) from your trusted network by enforcing rules to filter out unwanted traffic. - Usually provides Network Address Translation (NAT) - can work from layer 2-7

Answer 4

Intrusion Detection System (IDS) Is a software or hardware appliance that is responsible for analyzes network traffic for malicious signatures which is log to a dashboard - software (Hosts IDS/ HIDS) - network appliance ( Network IDS/ NIDS)

Answer 5

Intrusion Prevention System (IPS) Is a software or hardware appliance that is responsible for analyzing packets and reports findings to a dashboard, placed at strategic location on the network to act as a choke point to cut off malicious traffic from the network. - Uses signatures database - can detect zero base attacks - can be software (Host IPS/ HIPS) or network appliance (Network/ NIPs)

Answer 6

A device that distributes incoming traffic among multiple servers based on quantity of traffic, which is used to improve the over all performance of the service and provides redundancy.

Answer 7

Service that fetched content on behalf of the client, prevents the client from accessing the internet. Works at layer 7

Answer 8

Network Attached Storage (NAS) a set of storage devices that are set up in a Raid that act as a file storage system on a network

Answer 9

An array of disks that are connected to network servers, that acts as the dedicated storage for all devices on the network. The storage can be divided into smaller **Logical Unit Numbers** that act as a partitions which the servers use as their dedicated storage

Answer 10

iSCSI is a common interface type that is used to connect to Storage Array by send sending SCSI commands as IP payloads

Answer 11

Wireless Access Point - acts as bridge between wireless and wired networks

Answer 12

**Standalone** - independent, acts as a single AP with one SSID ** Controller-Based** - Lightweight, centrally managed via a controller, with multiple SSIDs **Cloud-Managed** - multi-site, remote management **Mesh AP** - Multiple APs that uses the same SSID on different channels, large coverage area

Answer 13

Used to manage multiple wireless access points (WAP), by centrally controlled configuration and allows for load balancing of client load or radio interference.

Answer 14

A WiFi repeater that connects to a WAP and repeats the signal and extends it's coverage

Answer 15

Is a distributed network of servers that are strategically placed around the globe that cache web content and services to be accessed quickly from nearby users.

Answer 16

**Caching & Distribution** - caches static content - reduces latency **Availability & Reliability** - provides redundancy and load balancing **Security features** - protection against malicious attacks **Traffic Offloading** - handles request for static content this reducing load for original server

Answer 17

A stream of network packets that are hidden inside of other encrypted packets

Answer 18

A set of networking techniques that prioritizing network traffic of a certain type (voice, video, data)

Answer 19

A limited amount of hops that a packet can take via routers to reach it's destination before that packet is destroyed

Answer 20

The act of taking functionality of network components (routing, switching, load balancing, firewalls, ect) and implementing each part as a software rather than hardware. - defacto approach of cloud based networking services

Answer 21

Is a secure, isolated environment within a public cloud that allows users to perform tasks that would normally require a data centre

Answer 22

**Isolated Network Environment** **Customizable Network Configuration** **Enhanced Security** **Scalable & flexible** ** Direct Connectivity Options** **Cost Effective**

Answer 23

A type of Access Control List for cloud networking that is used to allow or deny traffic to and from a specific resource on the virtual network.

Answer 24

Are network contents that provides connectivity between cloud resources and external network (internet) by enabling secure and efficient data transfer.

Answer 25

**Public Internet** **VPN** **Direct Connect** - dedicated link to a cloud environment

Answer 26

**Public** - shared environment managed by a cloud provider **Private** - dedicated, single-tenant environment **Hybrid** - combines public and private clouds, often with data and applications moving between them based on workload and needs **Community** - a provider-based cloud designed for a group or organisation with shared concerns, requirements or compliance needs

Answer 27

Defines the level of control, management and responsibilities shared between the cloud provider and customer IaaS, PaaS, SaaS

Answer 28

Infrastructure as a Service, Is a could model that provides a client with the hardware required

Answer 29

Platform as as Service is a cloud Model that provides development tool to build an application

Answer 30

Software as a Service is a cloud model that allows a end user to access a application

Answer 31

Increasing or decreasing the capacity of an existing instance, suitable for a server that needs more processing power to handle increased loads

Answer 32

Adding or removing instances of virtual machines, suitable for load balancing

Answer 33

Ability for a cloud environment to expand or contract resources in real time based on demand

Answer 34

A key architectural feature of cloud computing that allows multiple users (VM) to share the same computing resources

Answer 35

A layer 4 protocol (transport layer) that is connection Orientated that provides reliable communication over IP network. By breaking the data down into segments with identified sequence IDs. **Protocol ID 6**

Answer 36

Embedded data on a TCP header that communicated to the sender how big the data segment can be

Answer 37

Is a protocol used in TCP headers to start and end a session between two endpoints with the use of flags **Start** Three way handshake SYN -> SYN/ACK -> ACK **END** Four-way handshake FIN-> ACK -> FIN -> ACK

Answer 38

Is a number embedded into a TCP header that the destination uses to tells the source what the next segment sequence should be.

Answer 39

In the transport layer (Host-to-Host) the data is encapsulated in to segments and a 20-byte header is attached to each that contain: - Source port - Destination port - Sequence Number - Acknowledging Number - Windows Size - Flags - checksum

Answer 40

**URG** - urgent - tells destination to prioritize data **ACK** - Acknowledge - All TCP segments will have ACK apart from the first and the last **PSH** - push - tells destination to directly send this data to the application **RST** - rest - tells destination that source had abruptly lost connection **SYN** - synchronise - used in three way handshake to start connection **FIN** - finish - used in four way handshake to end connection

Answer 41

A Layer 4 protocol (transport layer) that is connectionless orientated that attempts to send datagrams as fast as possible to the destination, relies on source applications to break down data and destination application to request any missing data Embeds destination and source into the header **Protocol ID 17**

Answer 42

Contains 32-bytes of information that consists of; **Source, Destination, checksum** and **length**

Answer 43

A layer 3 protocol (network layer) that is connectionless orientated. **Protocol ID 4** IPv4 - uses 32-bit logical addressing to identify source and destination IPv6 - uses 128-bit hexadecimal to encode source and destination

Answer 44

A layer 3 error reporting protocol of IPv4 and IPv6 used by network devices to generate error messages and manage traffic flow **Protocol ID 1**

Answer 45

**Types** - defines the general purpose or category of the message **Code** - provides specific detail of the context of the message

Answer 46

Used by hosts to notify routers that they are still interested in receiving multicast from upstream server **Protocol ID 2**

Answer 47

Layer 2 connectionless protocol used to map MAC address to IP address to allows network traffic to be sent. Network traffic needs source and destination MAC addresses, IP address and port number inorder to be able to send and receive data. - ARP sends out a broadcast message asking who has a given IP address and for them to send back their MAC address. **Protocol ID N/A**

Answer 48

Is the act of hiding a packet inside of another packet, the original packet becomes the payload of the outside packet

Answer 49

A tunnelling protocol created by Cisco that encapsulates a wide variety of network layer protocol inside point-to-point connections of an IPv4 or IPv6 packet

Answer 50

Most common type of VPN tunneling using ISAKMP and IKE to create a secure tunnel. - IPSEC consists of a Authentication header protocol (AH) and/or Encapsulating Security Payload protocol (ESP)

Answer 51

Digital signs IP packet by calculating a hash (HMAC) to ensure that the payload isn't modified Payload is not encrypted **protocol ID 51**

Answer 52

Encrypts the payload and digital signs TCP or UDP header by calculating a Hash (HMAC) Doesn't change IP header **Protocol ID 50**

Answer 53

Internet Security Association and Key Management Protocol (ISAKMP) is a frame work used by ISEC to form a VPN between to peer devices

Answer 54

Is a protocol used by ISAKMP to negotiate and establish secure communication, by using a Diffie-Hellman handshake to exchange keys and negotiate cryptography parameters

Answer 55

Host-to-Host VPN Packets are not encapsulated inside another

Answer 56

Used for site-to-site VPNs Packets are encapsulated inside another IP packets

Answer 57

A special type of unicast used by IPv6 that sends a packets to the a geographic closest server

Answer 58

One source to one destination

Answer 59

One destination to multiple destinations

Answer 60

One source to all destination on a network

Answer 61

WiFi uses radio channels with a range of frequency to connect to wireless devices **2.5 GHz band ** - channels overlap apart from: 1,6,11 **5 GHz & 6 GHz band** - no overlapping channels

Answer 62

Is a technique by which adjacent WiFi radio channels of 5 GHz or 6 GHz bands are combined to create a "wider" channel, thus increasing availability bandwidth. A single radio band cannot support multiple channel width at the same time, so all SSIDs connected on the radio band will use the same channel width 5 GHz band = 40 MHz or 80 MHz 6 GHz band = 80 MHz or 160 MHz

Answer 63

Is the theoretically maximum**data rate** support by a WiFi standard

Answer 64

Is the **capacity of the channel**, defined by it's channel width (20 MHz, 40 MHz, 80 MH, 160 MHz), enable a higher data rate

Answer 65

The amount of data transmitted over the network per second, which is influenced by channel width, MIMO configuration and modulation efficiency

Answer 66

WiFi 4 - 2.5/5 GHz bands - upto 600 mb/s - 20, 40 MHz channel width - 14 overlapping channels - 8x8 MIMO (4x4 most common)

Answer 67

WiFi 5 - 2.4/5 GHz bands - upto 3.5Gbps - 20, 40, 80, 160Mhz channel width - upto 25 channels (depending on channel width) - 8x8 MIMO (4x4 most common)

Answer 68

WiFi 6 - 2.4/5/6 GHz bands - upto 9.6 Gbps - 20,40,80,169 MHz channel width - upto 86 channels (depending on channel width) - 16x16 (8x8 most common)

Answer 69

WiFi 7 - 2.4/5/6 GHz bands - upto 46 Gbps - 20, 40, 80, 160, 320 MHz channel width - upto 116 non-overlapping channels

Answer 70

An antenna that has a narrow field of focus (45-90°) for the signal, which allows the signal to travel farther

Answer 71

Has a field of focus of 360°

Answer 72

Multiple In Multiple Out An Access Point that has the ability to use more than one antenna simultaneously to transmit and receive which will increase throughput and improve signal reliability by allowing multiple streams of signals. - If an access point can support 4 antenna then MIMO will use 2 to transmit and 2 to receive

Answer 73

Independent data stream using the same frequency using separate antennas, number of spatial streams depends on antenna configuration (2x2, 3x3, 4x4)

Answer 74

Personal - the WAP is configured with a pre-shared key that the user must enter to connect to the access point Enterprise - WAP acts as a client for end devices (supplicant) to connect to but doesn't allow them to access the network until the user enters their credentials in a captive portal that will be used to authentic the user with a RADIUS server. Once the user is authorised then the device (supplicant) will have access to the network

Answer 75

A simple WLAN (wireless local area network) that consists of one WAP, SSID, Channel - BSSID is the MAC address of the WAP - usually accommodates upto 10 clients

Answer 76

A mesh of BSSs that act as a single WAP with the same SSID - each BSS has a separate BSSID -typically managed by a WLAN controller that sends configuration information, including load balancing user to the AP

Answer 77

**Speed:** upto 1 Gbps **Latency:** 30-50 ms **Frequency bands:** - Voice: low-band 600 MHz - 1 GHz - Data: Mid-band 1 GHz - 3.5 GHz **Key Technology:** Carrier Aggregation, MIMO

Answer 78

**Speed:** upto 10 Gbps **Latency:** 1 - 10 ms **Frequency bands:** - Voice: low-band - Data: Mid-band (6 GHz), mmWave (upto 39 GHz) **Key Technology:** Massive MIMO, Beamforming, network slicing

Answer 79

Is a large antenna array that can service multiple client devices 64-1024 antenna per array

Answer 80

Is a technology used by Massive MIMO that is the heart of 5G which focus radio signals towards a single receiver, multiple smaller streams combined (created by combining antenna from an array) to form a stronger stream

Answer 81

Mobile devices are wirelessly connected to cell towers which are connected to each other and to the core of the network via high speed fiber. The network is divided into land areas called cells that are covered by cell towers Cells have different areas cover depending on their types Macro, Micro, Pico, Femto

Answer 82

- large are coverage **Power output:** 10 - 100w **Urban coverage:** 5-10 km **Rural coverage:** 30 Km

Answer 83

- indoor or dense urban area **Power output:** 1 - 10w **coverage:** 200m - 2km

Answer 84

- indoor or dense urban area **Power output:** 100mw - 1w **coverage:** 100 - 200m

Answer 85

- indoor or dense urban area **Power output:** 10 - 100mw **Coverage:**: 30 - 50m

Answer 86

Inexpensive and easy to install - max 100m - protected against EMI - should have a repeater every 85m

Answer 87

Wraps the wire pairs in a conducting metal shield to help prevent against EMI and RFI - Thicker and more expensive than UTP

Answer 88

Cat 5 - 100Mbps @ 100m 1000BASE-XT Cat 5e - 1Gbps @ 100m 1000BASE-T Cat 6 - 1Gbps @ 100m 1000BASE-T Cat 6 - 10Gbps @ 50m 10GBASE-T Cat 6A - 10Gbps @ 100m 10GBASE-T CAT 8 - 40Gbps @ 5 - 30m

Answer 89

Is a cable material standard that ensures that the material used doesn't give off any toxic smoke during a fire

Answer 90

Original standard for ethernet which consists of an inner copper wire covered by and insulation and braided shield which helps to protect against EMI

Answer 91

Similarly to coaxial Cable but has 2 inner copper cores which are twisted together for differential signals - 10-400Gbps

Answer 92

Twinaxial Cable that are have transceiver modules attached (SFP+, QSFP+, QSFP28) attached at both ends to allow for upto 400 Gbps

Answer 93

Is a connector with 4 pins (Red, Green, Black & Yellow) that is used for landlines

Answer 94

A connector that has 8 pins that is used to terminate all unshielded twisted pair and shielded twisted pair cables

Answer 95

-White + Green -Green -White + Orange -Blue -White + Blue -Orange -White + Brown -Brown

Answer 96

-White & Orange -Orange -White & Green -Blue -White & Blue -Green -White & Brown -Brown

Answer 97

A cable that consists of long thin strands of glass that is surrounded by cladding that has a different reflection index. Light is shot through the glass that is used to transmit data

Answer 98

A fiber optics cable that has a large core that transmits light generator by VSCEL array that creates multiple beam of lights. The light gets reflected off the cladding which results is signal degradation over time - used for short distance - cables come in OM1,2,3,4,5

Answer 99

A fiber optic cable that consists of a small core that transmits light created by a laser which makes a single beam of light that gets reflected very few times. - used for long distances - cable types: OS1,2

Answer 100

- subscriber cable - Local Connector - Ferrule Connector - Stick and Twist - Multi-fiber push on

Answer 101

Used to terminate the many strands of a backbone cable to a fiber optic patch panel by separating each fiber optic core of the backbone cable into smaller optic cables

Answer 102

- Do all components support the same ethernet standard (switch port, transceiver, cable) - Verify that the transceiver is supported by the **switch manufacturer** - Transceiver is compatible with the **type of fiber cable** ( multimode, single mode) - Ensure receiver can handle the required **distance** - might need backwards compatibility - switch port can support the transceiver **power requirement** - ensure cable and transceiver is suitable for the correct**environment** - Latency - signal integrity

Answer 103

Converts one cable type into another

Answer 104

A compact, hot-swappable fiber optic transceiver that can support speeds of upto **4.25 Gbps** and a max distance of **150km**.

Answer 105

A compact, hot-swappable fiber optic transceiver that can support speeds up to **10 Gbps** and a max distance of **80Km**

Answer 106

A compact, hot-swappable fiber optical transceiver that consist of a break out cable that transitions a **single cable into four 1 Gbps lanes**

Answer 107

A compact, hot-swappable fiber optic transceiver that splits can split a cable into different lanes with different speeds - 1 x 40 Gbps - 4 x 10 Gbps

Answer 108

A hot-swappable fiber optic transceiver that can split a cable into multiple speeds - 4 x 25 Gbps - 2 x 50 Gbps - 1 X 100 Gbps

Answer 109

Is a fiber optic transceiver that supports full duplex by sending 2 different light frequency through the cable

Answer 110

Storage area Network can be connected using, Ethernet, Fiber Channel or iSCSI by using the same cabling, connector and transceiver that the protocol uses

Answer 111

Is the layout of a network that described how devices connect and communicate. **Physical Topology:** - layout of physical connection between devices on a network **Logical Topology** - layout of how data moves between devices of a network

Answer 112

**Point-to-point** - a topology in which devices are connected directly to each other **Star** - a topology where devices on a network are connected to a central node that (switch) that directs the traffic over the network **Mesh** - a type of topology that used multiple nodes to direct traffic over the network (aka star topology with redundancy)

Answer 113

A network design framework that organises a network into 3 logical layers **Core** - backbone of the network **Distribution** - Routing between VLAN **Access** - connectivity of end devices

Answer 114

A network framework designed for smaller networks where the distribution and core layers are combined into a *collapsed core* **Collapsed Core layer** **Access Layer**

Answer 115

A network frame work that consist of only 2 layers **Spin** - interconnects all *leaf switches* - full mesh **Leaf** - aggregate traffic from servers - connects directly to *spine*

Answer 116

Describe the direction and type of data movement within a network. Data flows from **north-south or eat-west**

Answer 117

Is the data flow between clients and servers which is managed by firewalls and load balancer that has a focus on security and scalability Eg: - data flowing from client to distribution switch to network server - data flowing from client to distribution switch to access point to internet

Answer 118

Is the flow of traffic between servers, services or application from within the network which is often managed by high speed switches to accommodate for large volume of internal communication.

Answer 119

Aka controller based networking. Is a software based approach to network manager that centralizes control, by separating the control plane (routing logic) from the data plane (traffic forwarding) allowing configuration to be dynamically and automatically applied across all devices.

Answer 120

A software designed approach to managing multi site WAN that dynamically creates VPNs that are the best routes for the user to access thier end destination. - All connectivity is monitored by a software controller

Answer 121

Is a connection of public networks that is used to move traffic for business operations.

Answer 122

A type of router that are able to take SD-WAN commands in real time. They are connected to the underlay and create VPNs to other edge devices

Answer 123

Is dynamically changing logical Topology of VPNs created by edge devices on top of a public network, that allows secure access to destinations. -The VPNs are created based on demands and ends destination needs and are torn down went no longer needed

Answer 124

**Orchestrator** - consists of a master controller that can control multiple controllers for multiple SD-WAN **Control plane (overlay)** - the system of VPNs that are dynamically created between edge devices **Forwarding plane (underlay)** - the physical network the overlay runs on **Edge** - point where local networks connect to the overlay

Answer 125

Is a stream of messages between the controller and edge devices sent on the underlay as part of internet traffic, Sent as a UPD package (port 443) with DTLS encryption. The controller stream messages to edge devices: - control plane messages - management planes messages - data plane messages - Security Messages - Diagnostic and Troubleshooting messages

Answer 126

Is a type of Virtual LAN that is spread across multiple locations, that has a tunneling mechanism (VPN) that enabled seamless connectivity between all locations

Answer 127

VXLAN create a virtual overlay network (VPN) to an an existing IP network (underlay) by **encapsulating** the frames into a UPD packet with a VXLAN header. The packets are routed over the IP providers backbone network

Answer 128

Is a 24-bit number that is used to uniquely identify every isolated virtual network in a VXLAN environment. It is encoded in the VXLAN header

Answer 129

Is the devices or software component that is responsible for the encapsulating and decapitating for VXLAN VTEP process: **1)** a VM on host-A sends a packets to a VM on host-B within the same VXLAN segment (VNI 5000) **2)** Host-A VTEP encapsulates the frame adding a VXLAN header with VNI 5000 and the IP address for host-B's VTEP **3)** The encapsulated packet is routed over the layer 3 network **4)** host-B's VTEP decapitates the packet and forwards it to target VM

Answer 130

An extension of VXLAN technology that connects multiple data centres

Answer 131

Is an approach to security that assumes that all network traffic may be compromised so that verification is required for every occasion it tries to access data,services or application on the network. **Identify-based security** - Access is based in verifying the identity of a user and device through strong authentication methods and continuous monitoring. **Least Privilege access** - users and devices have the minimum access required to perform their tasks **Micro-Segmentation** - network is divided into multiple smaller segments to isolated resources and minimize the impact of potential breaches

Answer 132

Is a cloud based framework that integrates VPN-TO-LAN capabilities with built in security, to allow a user from an unsecured network to connect to a corporate network securely. ** SASE Consists of:** - SD-WAN - Secure Service Edge (SSE)

Answer 133

Is a centralised security policy enforcement used on SASE **Consists of ** - zero Trust network access (ZTNA) - Secure web Gateway (SWG) - Cloud Access Security Broker (CASB) - Firewall as a service (FWaaS)

Answer 134

A practice that automates the management of software based networking by using code which allows infrastructure (IaaS/PaaS) to be treated the same way as so software code. It separates configurations, policies, profiles, scripts and templates from the hardware which allows them to be accessed via code