1. Networking Concepts Flashcards
This part of the OSI model transmits raw bit streams over a physical medium, including cables, connectors, and signaling standards.
Layer 1 - Physical
This part of the OSI model is responsible for node-to-node data transfer, framing, MAC addressing, and error detection (not correction).
Layer 2 - Data Link
This part of the OSI model handles logical addressing (IP), routing, and packet forwarding across networks.
Layer 3 - Network
This part of the OSI model ensures reliable end-to-end communication with segmentation, flow control, and error correction (e.g., TCP/UDP).
Layer 4 - Transport
This part of the OSI model establishes, maintains, and terminates communication sessions between applications.
Layer 5 - Session
This part of the OSI model translates, encrypts, compresses, or formats data for delivery between systems.
Layer 6 - Presentation
This part of the OSI model provides network services directly to end-user applications, including protocols like HTTP, FTP, and SMTP.
Layer 7 - Application
Which OSI layer is responsible for IP addressing and routing?
A. Transport
B. Network
C. Data Link
D. Presentation
B. Network
At which OSI layer do MAC addresses operate?
A. Physical
B. Network
C. Data Link
D. Session
C. Data Link
Which layer ensures reliable transmission of data segments, handles flow control, and retransmissions?
A. Transport
B. Network
C. Session
D. Application
A. Transport
Which OSI layer is responsible for establishing and managing sessions between applications?
A. Transport
B. Session
C. Application
D. Presentation
B. Session
Which of the following layers deals with syntax, encryption, and compression of data?
A. Session
B. Presentation
C. Application
D. Data Link
B. Presentation
HTTP, FTP, and SMTP protocols operate at which OSI layer?
A. Transport
B. Session
C. Presentation
D. Application
D. Application
Which OSI layer converts bits to electrical signals and defines the hardware elements involved in data transmission?
A. Data Link
B. Network
C. Physical
D. Presentation
C. Physical
Which two layers are primarily responsible for delivering data from one device to another on the same local network? (Choose two)
A. Physical
B. Network
C. Data Link
D. Application
A. Physical and C. Data Link
This appliance directs traffic between different networks and determines the best path for data.
Router
This appliance connects devices on the same network and forwards data based on MAC addresses.
Switch
This appliance monitors and filters incoming/outgoing traffic based on security rules.
Firewall
This appliance monitors traffic for malicious activity and alerts admins without taking action.
Intrusion Detection System (IDS)
This appliance monitors traffic and actively blocks malicious activity in real time.
Intrusion Prevention System (IPS)
This appliance distributes incoming network traffic across multiple servers to improve performance and reliability.
Load Balancer
This appliance acts as an intermediary for requests between clients and servers, often for filtering or caching.
Proxy
This storage device connects to a network and allows file-level access to shared data.
Network-Attached Storage (NAS)
This storage system provides block-level access to data across a dedicated high-speed network.
Storage Area Network (SAN)
This device enables wireless devices to connect to a wired network using Wi-Fi.
Wireless Access Point (AP)
This device manages multiple access points and centralizes configuration for wireless networks.
Wireless Controller
This application distributes content (like video or web data) from edge servers to reduce latency and load times.
Content Delivery Network (CDN)
This function creates an encrypted tunnel over the internet to securely connect remote users or sites.
Virtual Private Network (VPN)
This function prioritizes network traffic based on type, user, or application to ensure performance for critical services.
Quality of Service (QoS)
This function limits the lifespan of a packet by specifying how many hops it can take before being discarded.
Time to Live (TTL)
Which device is responsible for directing data packets between different networks based on IP addresses?
A. Switch
B. Firewall
C. Router
D. Load Balancer
C. Router
Which device forwards traffic based on MAC addresses and is commonly used within LANs?
A. Router
B. Switch
C. Firewall
D. Access Point
B. Switch
Which appliance is designed to analyze traffic and automatically block malicious activity?
A. IDS
B. VPN
C. IPS
D. Proxy
C. IPS
Which device can act as an intermediary to filter or cache internet traffic for users?
A. Load Balancer
B. Proxy
C. Firewall
D. NAS
B. Proxy
Which storage technology provides block-level access over a dedicated high-speed network?
A. NAS
B. SAN
C. CDN
D. VPN
B. SAN
Which wireless device manages and configures multiple access points centrally?
A. Switch
B. Wireless Controller
C. Access Point
D. IDS
B. Wireless Controller
Which application helps reduce latency by distributing content from geographically close servers?
A. QoS
B. VPN
C. CDN
D. SAN
C. CDN
Which function helps prioritize traffic to improve the performance of time-sensitive applications?
A. TTL
B. Load Balancing
C. IDS
D. QoS
D. QoS
What is the main purpose of TTL in a network packet?
A. Encrypt data
B. Determine maximum hops
C. Identify application layer
D. Assign MAC address
B. Determine maximum hops
This cloud concept allows network services like firewalls and load balancers to run as software-based solutions rather than physical appliances.
Network Functions Virtualization (NFV)
This is a logically isolated section of a cloud provider’s network that simulates a traditional on-premises network.
Virtual Private Cloud (VPC)
These are firewall-like rules that control inbound and outbound traffic at the virtual machine or instance level.
Network Security Groups
These are rule sets used to control traffic at the subnet level in a cloud network.
Network Security Lists
This gateway connects a cloud environment to the public internet.
Internet Gateway
This gateway allows private cloud resources to access the internet using private IP addresses, translating them to public IPs.
NAT Gateway
This cloud connectivity option creates a secure encrypted tunnel between on-premises and cloud environments.
VPN
This cloud connectivity option establishes a dedicated, private physical connection between an organization and the cloud provider.
Direct Connect
This deployment model delivers services over the public internet from a cloud provider.
Public Cloud
This deployment model is used by a single organization and offers more control and security.
Private Cloud
This deployment model combines on-premises infrastructure with public cloud services.
Hybrid Cloud
This service model provides end-user applications over the internet without requiring local installation.
Software as a Service (SaaS)
This service model offers virtualized computing resources like servers and storage.
Infrastructure as a Service (IaaS)
This service model provides a framework for developers to build, deploy, and manage applications.
Platform as a Service (PaaS)
This concept refers to the ability to increase or decrease cloud resources as needed.
Scalability
This cloud capability automatically adds or removes resources in real time based on current demand.
Elasticity
This cloud feature allows multiple customers to share the same computing resources securely and efficiently.
Multitenancy
Which cloud concept allows network appliances to run as virtualized services?
A. SaaS
B. Elasticity
C. NFV
D. Direct Connect
C. NFV
Which cloud service model allows users to rent virtual servers and storage?
A. SaaS
B. PaaS
C. NFV
D. IaaS
D. IaaS
What does a Virtual Private Cloud (VPC) provide?
A. Dedicated physical network access
B. A shared public internet IP pool
C. Isolated virtual network in the cloud
D. Private WAN encryption
C. Isolated virtual network in the cloud
Which cloud feature allows for automatic resource allocation based on real-time demand?
A. Scalability
B. Elasticity
C. Multitenancy
D. NFV
B. Elasticity
Which service model provides access to applications like email or word processing online?
A. IaaS
B. SaaS
C. NFV
D. PaaS
B. SaaS
Which option provides a dedicated, private connection between an organization and the cloud provider?
A. VPN
B. Direct Connect
C. Internet Gateway
D. VPC
B. Direct Connect
Which concept allows multiple customers to share the same infrastructure securely?
A. Hybrid Cloud
B. Multitenancy
C. Direct Connect
D. VPC
B. Multitenancy
Which gateway allows private cloud resources to access the internet using public IPs?
A. Direct Connect
B. Internet Gateway
C. NAT Gateway
D. VPN
C. NAT Gateway
This protocol uses ports 20 and 21 to transfer files over a network without encryption.
File Transfer Protocol (FTP)
This encrypted file transfer protocol operates over port 22.
Secure File Transfer Protocol (SFTP)
This secure command-line protocol also uses port 22 for remote administration.
Secure Shell (SSH)
This unencrypted command-line access protocol uses port 23.
Telnet
This protocol, using port 25, is used to send emails.
Simple Mail Transfer Protocol (SMTP)
This protocol resolves domain names to IP addresses over port 53.
Domain Name System (DNS)
This protocol dynamically assigns IP addresses using ports 67 and 68.
Dynamic Host Configuration Protocol (DHCP)
A simplified file transfer protocol that operates over port 69 without authentication.
Trivial File Transfer Protocol (TFTP)
This protocol delivers web content using port 80.
Hypertext Transfer Protocol (HTTP)
This protocol syncs clocks between networked devices using port 123.
Network Time Protocol (NTP)
This protocol collects and manages network data using ports 161 (requests) and 162 (traps).
Simple Network Management Protocol (SNMP)
This protocol is used for directory services and authentication over port 389.
Lightweight Directory Access Protocol (LDAP)
This encrypted version of HTTP uses port 443.
Hypertext Transfer Protocol Secure (HTTPS)
Used for file sharing on Windows networks over port 445.
Server Message Block (SMB)
This protocol sends system logs over port 514.
Syslog
This is a secure version of SMTP using port 587.
Simple Mail Transfer Protocol Secure (SMTPS)
This protocol provides secure directory access over port 636.
Lightweight Directory Access Protocol over SSL (LDAPS)
This protocol is used to manage Microsoft SQL Server over port 1433.
Structured Query Language (SQL) Server
This protocol provides remote desktop access over port 3389.
Remote Desktop Protocol (RDP)
This protocol initiates VoIP and video calls using ports 5060 (unencrypted) and 5061 (encrypted).
Session Initiation Protocol (SIP)
This protocol is used for sending error and status messages, like ping.
Internet Control Message Protocol (ICMP)
A connection-oriented transport protocol that ensures reliable delivery.
Transmission Control Protocol (TCP)
A connectionless transport protocol that is faster but doesn’t guarantee delivery.
User Datagram Protocol (UDP)
Encapsulates packets for tunneling through IP networks.
Generic Routing Encapsulation (GRE)
A suite of protocols that secure IP communications through encryption and authentication.
Internet Protocol Security (IPSec)
An IPSec protocol that provides authentication and integrity, but no encryption.
Authentication Header (AH)
An IPSec protocol that provides encryption, integrity, and authentication.
Encapsulating Security Payload (ESP)
The key management protocol used in IPSec to establish secure sessions.
Internet Key Exchange (IKE)
A one-to-one communication between a single sender and a single receiver.
Unicast
A one-to-many communication to multiple specific recipients.
Multicast
A one-to-nearest communication that routes to the closest node in a group.
Anycast
A one-to-all communication sent to all devices on the network segment.
Broadcast
Which protocol uses port 443 to secure web traffic?
A. HTTP
B. FTP
C. HTTPS
D. SSH
C. HTTPS
Which protocol is used to send system logs over port 514?
A. SNMP
B. Syslog
C. LDAP
D. SMTP
B. Syslog
What is the primary function of DHCP?
A. File sharing
B. Email delivery
C. IP address assignment
D. DNS resolution
C. IP address assignment
Which protocol uses port 22 for secure remote login and file transfer?
A. Telnet
B. FTP
C. SSH
D. HTTP
C. SSH
Which protocol is used for resolving domain names to IP addresses?
A. SMTP
B. DNS
C. DHCP
D. SNMP
B. DNS
Which port is used by SQL Server?
A. 3389
B. 1433
C. 161
D. 514
B. 1433
Which of the following is a connection-oriented protocol that ensures reliable delivery?
A. UDP
B. TCP
C. ICMP
D. GRE
B. TCP
Which protocol is used to encapsulate data for tunneling across IP networks?
A. ICMP
B. IPSec
C. GRE
D. SNMP
C. GRE
Which IPSec protocol ensures encryption, integrity, and authentication?
A. AH
B. ESP
C. GRE
D. IKE
B. ESP
Which term describes traffic sent from one device to all others in the same network segment?
A. Unicast
B. Multicast
C. Anycast
D. Broadcast
D. Broadcast
What type of traffic is directed to the nearest device in a group?
A. Unicast
B. Multicast
C. Anycast
D. Broadcast
C. Anycast
Which protocol operates on ports 20 and 21 and transfers files without encryption?
A. SFTP
B. FTP
C. SCP
D. SMB
B. FTP
Which protocol uses port 25 and is used to send email messages?
A. IMAP
B. SMTP
C. SNMP
D. SFTP
B. SMTP
Which protocol is used for initiating voice or video communication sessions?
A. RDP
B. SIP
C. SMB
D. TFTP
B. SIP
This set of standards defines wireless LAN communication, including 802.11a/b/g/n/ac/ax.
802.11 Standards
This wireless technology enables data transmission over mobile networks like 4G and 5G.
Cellular
This wireless technology uses orbiting satellites to provide network connectivity.
Satellite
This set of IEEE standards governs Ethernet communication over twisted pair and fiber.
802.3 Standards
This type of fiber uses a single path of light for long-distance, high-bandwidth connections.
Single-mode Fiber
This type of fiber uses multiple paths of light and is suited for shorter distances.
Multimode Fiber
This copper cable directly connects servers and storage with minimal latency, often using Twinax.
Direct Attach Copper (DAC) Cable
This is a type of DAC cable made with two inner conductors and is used in short-distance high-speed networking.
Twinaxial Cable
This older cable type uses a central conductor and shielding, commonly found in cable internet.
Coaxial Cable
This refers to the maximum data transfer rates supported by various media types.
Cable Speeds
This cable jacket type is fire-resistant and emits minimal toxic smoke; required in air-handling spaces.
Plenum Cable
This cable jacket type is not rated for fire-resistance and is cheaper but limited in use.
Non-Plenum Cable
This protocol is commonly used for LAN communication over twisted pair or fiber.
Ethernet
This high-speed network protocol is primarily used in storage area networks (SANs).
Fibre Channel (FC)
This hot-swappable transceiver module supports Ethernet and fiber and is commonly used in switches and routers.
Small Form-Factor Pluggable (SFP)
This transceiver module supports four channels and is commonly used in high-speed data centers.
Quad Small Form-Factor Pluggable (QSFP)
This fiber optic connector uses a push-pull mechanism and is square-shaped.
Subscriber Connector (SC)
This small fiber optic connector resembles an RJ45 and is commonly used in SFP modules.
Local Connector (LC)
This fiber optic connector uses a bayonet-style twist lock and is cylindrical.
Straight Tip (ST)
This fiber optic connector supports multiple fibers in a single rectangular connector.
Multi-fiber Push On (MPO)
This RJ-style connector is used with telephone lines.
RJ11
This RJ-style connector is used for Ethernet networking.
RJ45
This threaded coaxial connector is commonly used for cable modems and TVs.
F-Type
This coaxial connector uses a bayonet-style locking mechanism and is often used for video or legacy Ethernet.
Bayonet Neill–Concelman (BNC)
Which IEEE standard defines Ethernet over twisted pair and fiber?
A. 802.11
B. 802.3
C. 802.15
D. 802.1X
B. 802.3
Which fiber type is designed for short-distance communication using multiple paths of light?
A. Single-mode
B. Multimode
C. Coaxial
D. DAC
B. Multimode
Which type of cable is fire-resistant and suitable for use in air ducts?
A. Non-Plenum
B. Coaxial
C. Shielded Twisted Pair
D. Plenum
D. Plenum
Which connector is most commonly used for Ethernet networking?
A. RJ11
B. F-type
C. RJ45
D. SC
C. RJ45
Which type of transceiver supports four channels and is used in high-speed data centers?
A. SFP
B. QSFP
C. BNC
D. MPO
B. QSFP
Which protocol is typically used in a SAN environment for high-speed data transfer?
A. Ethernet
B. Fibre Channel
C. TCP/IP
D. SNMP
B. Fibre Channel
Which connector uses a push-pull design and is square-shaped, common in fiber optic networks?
A. ST
B. RJ11
C. SC
D. BNC
C. SC
Which of the following transmission media is used in Direct Attach Copper (DAC) connections?
A. Coaxial
B. Fiber
C. Twinaxial
D. Plenum
C. Twinaxial
Which wireless technology provides long-distance communication using satellites?
A. Cellular
B. Wi-Fi
C. Satellite
D. ZigBee
C. Satellite
Which connector is commonly used with coaxial cables for cable modems and TVs?
A. SC
B. F-Type
C. RJ45
D. MPO
B. F-Type
This topology connects every node directly to every other node, offering high redundancy.
Mesh
This topology combines two or more topologies (e.g., mesh and star) for flexibility and scalability.
Hybrid
In this topology, all devices connect to a central node (like a switch or hub) that manages communication.
Star / Hub and Spoke
This modern data center topology has spine switches connected to all leaf switches to reduce latency.
Spine and Leaf
This is the simplest topology with a dedicated link between two devices.
Point to Point
This architecture uses three layers—core, distribution, and access—to segment traffic and functions.
Three-Tier Hierarchical Model
This layer of the hierarchical model provides fast switching and routing between distribution layers.
Core Layer
This layer aggregates traffic from the access layer and applies routing policies.
Distribution Layer
This layer provides endpoint access, typically involving switches or wireless access points.
Access Layer
This architecture merges the core and distribution layers into a single layer to reduce complexity.
Collapsed Core
This traffic flow refers to data traveling between endpoints and centralized resources like servers or the cloud.
North-South Traffic
This traffic flow refers to data moving laterally between devices within the same data center or layer.
East-West Traffic
This topology is highly fault-tolerant because multiple redundant paths exist between devices.
Mesh
This topology is expensive and complex to implement due to the number of connections required.
Mesh
This topology allows organizations to combine different topologies based on specific needs for flexibility and scalability.
Hybrid
This topology is commonly used in enterprise environments where some segments use star and others use mesh.
Hybrid
This topology is simple to manage and isolate faults, since all devices connect to a central point.
Star / Hub and Spoke
A downside of this topology is that a central device failure can take down the entire network.
Star / Hub and Spoke
This topology reduces bottlenecks in east-west traffic in large-scale data centers.
Spine and Leaf
In this topology, spine switches are at the top level and connect to every leaf switch without connecting to each other.
Spine and Leaf
This topology is ideal for direct connections between two locations, such as site-to-site links or two routers.
Point to Point
This topology lacks redundancy, as only a single path exists between devices.
Point to Point
This architecture separates core, distribution, and access functions for modularity and scalability.
Three-Tier Hierarchical Model
This model improves network performance and design by localizing traffic within layers.
Three-Tier Hierarchical Model
This architecture simplifies network design by combining core and distribution layers, reducing cost and complexity.
Collapsed Core
This architecture is common in smaller enterprise networks that don’t need full three-tier separation.
Collapsed Core
North-south traffic typically describes communication between internal users and external servers or cloud applications.
North-South Traffic
East-west traffic refers to lateral communication between internal resources, such as between virtual machines or application tiers.
East-West Traffic
East-west traffic optimization is a key goal of spine-leaf and software-defined network designs.
East-West Traffic
Which network topology connects every device directly to every other device?
A. Star
B. Mesh
C. Point to Point
D. Hybrid
B. Mesh
Which topology combines multiple types of topologies in one network design?
A. Spine and Leaf
B. Hybrid
C. Star
D. Mesh
B. Hybrid
Which data center topology connects each leaf switch to all spine switches for high performance?
A. Hub and Spoke
B. Three-Tier
C. Spine and Leaf
D. Mesh
C. Spine and Leaf
In the three-tier model, which layer is responsible for high-speed backbone connectivity?
A. Access
B. Distribution
C. Core
D. Collapsed Core
C. Core
Which type of traffic flow describes data going from users to servers or cloud resources?
A. East-West
B. North-South
C. Hub-Spoke
D. Star
B. North-South
Which architecture simplifies network design by combining the core and distribution layers?
A. Spine and Leaf
B. Mesh
C. Collapsed Core
D. Hybrid
C. Collapsed Core
Which topology has devices connected through a central hub, common in small networks?
A. Star / Hub and Spoke
B. Point to Point
C. Mesh
D. Leaf-Spine
A. Star / Hub and Spoke
What is a key benefit of the point-to-point topology?
A. Redundancy
B. Simplicity
C. Scalability
D. Broadcast support
B. Simplicity
Which traffic flow refers to communication between devices in the same data center layer or segment?
A. North-South
B. East-West
C. Core
D. Leaf-Spine
B. East-West
This type of IP address is routable over the internet and must be unique across the global network.
Public IP Address
This type of IP address is not routable on the internet and is used within internal networks.
Private IP Address
This is a non-routable address range automatically assigned when DHCP fails.
Automatic Private IP Addressing (APIPA)
This set of IP ranges (defined by an RFC) is reserved for internal/private use.
RFC1918
This IP address range (127.0.0.0/8) is used for internal testing and communication with the host machine.
Loopback / Localhost
This subnetting method allows networks to use different subnet mask lengths for more efficient IP allocation.
Variable Length Subnet Mask (VLSM)
This IP addressing method removes the traditional class system, using prefix notation to define networks.
Classless Inter-Domain Routing (CIDR)
This IPv4 class supports extremely large networks with a default mask of /8 and a range from 1.0.0.0 to 126.255.255.255.
Class A
This IPv4 class supports medium-sized networks with a default mask of /16 and a range from 128.0.0.0 to 191.255.255.255.
Class B
This IPv4 class supports smaller networks with a default mask of /24 and a range from 192.0.0.0 to 223.255.255.255.
Class C
This IPv4 class is reserved for multicast traffic (224.0.0.0 to 239.255.255.255).
Class D
This IPv4 class is reserved for experimental use (240.0.0.0 to 255.255.255.254).
Class E
The private IP ranges are: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
RFC1918
These addresses must be assigned by IANA or a regional registry to ensure global uniqueness.
Public IP Address
Used for internal networks and must be translated via NAT for internet access.
Private IP Address
Addresses in the 169.254.0.0/16 range are assigned when a DHCP server is unreachable.
Automatic Private IP Addressing (APIPA)
Used to test TCP/IP stack functionality without accessing the physical network.
Loopback / Localhost
Enables subnetting a subnet for better IP address utilization in hierarchical networks.
Variable Length Subnet Mask (VLSM)
Expresses IP networks using prefix length (e.g., /24) instead of class boundaries.
Classless Inter-Domain Routing (CIDR)
Offers over 16 million host addresses and is used by very large networks.
Class A
Supports up to 65,534 hosts and is often used by large organizations.
Class B
Supports up to 254 hosts and is ideal for small networks.
Class C
Used for multicast groups, not regular unicast communication.
Class D
Experimental and reserved; not used in standard networking.
Class E
Which of the following is a private IP address?
A. 192.0.2.1
B. 172.20.15.10
C. 8.8.8.8
D. 198.51.100.4
B. 172.20.15.10
Which class of IP addresses allows for 16,777,214 hosts per network?
A. Class B
B. Class C
C. Class D
D. Class A
D. Class A
Which IPv4 address is used for loopback testing?
A. 0.0.0.0
B. 169.254.0.1
C. 127.0.0.1
D. 192.168.1.1
C. 127.0.0.1
What does APIPA assign when a device fails to get a DHCP address?
A. 127.0.0.1
B. 0.0.0.0
C. 192.168.1.1
D. 169.254.x.x
D. 169.254.x.x
Which addressing scheme replaces classful addressing with subnet masks in slash notation?
A. VLSM
B. CIDR
C. APIPA
D. NAT
B. CIDR
Which IP class is used for multicast traffic?
A. Class A
B. Class C
C. Class D
D. Class E
C. Class D
Which subnetting technique allows multiple subnet masks within the same network?
A. CIDR
B. NAT
C. VLSM
D. DHCP
C. VLSM
This networking model separates the control plane from the data plane for centralized network management.
Software-Defined Network (SDN)
This WAN architecture applies SDN concepts to wide area networks for greater flexibility and efficiency.
Software-Defined Wide Area Network (SD-WAN)
This feature allows network policies to adjust based on the type or priority of application traffic.
Application Aware
This feature allows devices to be deployed and configured automatically without manual setup.
Zero-Touch Provisioning
This design allows WAN connections to function across multiple underlying transport types (MPLS, LTE, broadband, etc.).
Transport Agnostic
This SDN/SD-WAN feature allows policies to be managed from a centralized controller.
Central Policy Management
This network technology enables Layer 2 communication across Layer 3 boundaries using encapsulation.
Virtual Extensible LAN (VXLAN)
This VXLAN use case connects two geographically separate data centers at Layer 2.
Data Center Interconnect (DCI)
This technique encapsulates Layer 2 Ethernet frames inside Layer 3 packets for greater flexibility.
Layer 2 Encapsulation
This security model enforces granular controls where every user and device must be explicitly verified.
Zero Trust Architecture (ZTA)
This component of ZTA evaluates users or devices before granting access to a network resource.
Policy-Based Authentication
This ZTA principle allows users or devices only the access required for their role—nothing more.
Least Privilege Access
This cloud-delivered framework integrates networking and security functions at the network edge.
Secure Access Service Edge (SASE)
This subset of SASE focuses exclusively on delivering security functions from the cloud.
Security Service Edge (SSE)
This practice uses code to manage and provision IT infrastructure automatically.
Infrastructure as Code (IaC)
In IaC, these prewritten scripts define reusable configurations and automation tasks.
Playbooks/Templates/Reusable Tasks
IaC helps detect and correct unintended changes to configurations over time.
Configuration Drift / Compliance
IaC can automate versioned rollouts of new features or patches.
Upgrades
This technique allows tools to discover and adjust to active resources in real time.
Dynamic Inventories
This tracks changes to infrastructure code over time and allows rollback if needed.
Version Control
This shared space stores infrastructure code and makes it accessible to collaborators.
Central Repository
This version control feature identifies and flags overlapping changes made by multiple users.
Conflict Identification
This technique allows developers to work on separate changes independently before merging.
Branching
This IP addressing standard solves IPv4 exhaustion by expanding the address space.
IPv6
This IPv6 mechanism allows IPv6 and IPv4 to coexist by enabling communication between them.
Dual Stack
This compatibility technique wraps IPv6 packets inside IPv4 for transport.
Tunneling
This protocol translates IPv6 addresses to IPv4 so IPv6 clients can access IPv4-only services.
NAT64
This SDN/SD-WAN feature improves application performance by dynamically routing based on the type of traffic.
Application Aware
Zero-touch provisioning is ideal for branch office rollouts where manual configuration would be too costly or slow.
Zero-Touch Provisioning
Being transport agnostic allows SD-WAN to prioritize business-critical traffic across whatever links are available.
Transport Agnostic
Centralized policy management lets admins enforce consistent configurations across all locations from a single console.
Central Policy Management
VXLAN allows networks to overcome VLAN ID limitations (4096) by supporting up to 16 million segments.
Virtual Extensible LAN (VXLAN)
DCI (Data Center Interconnect) enables seamless Layer 2 connectivity between geographically separate facilities.
Data Center Interconnect (DCI)
Layer 2 encapsulation with VXLAN allows VMs to migrate between sites without changing IPs.
Layer 2 Encapsulation
Zero trust assumes no device or user is inherently trusted, even inside the perimeter.
Zero Trust Architecture (ZTA)
Policy-based authentication uses device posture, user identity, and location to make access decisions.
Policy-Based Authentication
Least privilege access limits the damage a compromised user or device can cause by restricting access.
Least Privilege Access
SASE unifies SD-WAN with cloud-based security tools like CASB, firewall-as-a-service, and secure web gateways.
Secure Access Service Edge (SASE)
SSE delivers security features without SD-WAN functionality, focusing on cloud-native security tools.
Security Service Edge (SSE)
Infrastructure as Code reduces human error by codifying configurations that can be tested and reused.
Infrastructure as Code (IaC)
Playbooks and templates improve consistency by standardizing configuration across multiple environments.
Playbooks/Templates/Reusable Tasks
IaC detects drift when the current configuration deviates from the declared state in code.
Configuration Drift / Compliance
IaC can safely roll out updates by scripting and versioning infrastructure changes.
Upgrades
Dynamic inventory systems (like those used in Ansible) update host lists in real time from cloud platforms.
Dynamic Inventories
Version control systems track all changes, allowing teams to revert to known-good states.
Version Control
A central repository, such as GitHub, serves as the authoritative source for infrastructure code.
Central Repository
Conflict identification occurs when multiple contributors modify the same lines of code.
Conflict Identification
Branching enables developers to work independently on features or fixes without impacting production code.
Branching
IPv6 eliminates the need for NAT by offering a vastly larger address space.
Mitigating Address Exhaustion (IPv6)
Dual stack allows devices to handle both IPv4 and IPv6 traffic during the transition period.
Dual Stack
Tunneling techniques (like 6to4 or ISATAP) enable IPv6 traffic to traverse IPv4 networks.
Tunneling
NAT64 allows IPv6-only clients to access IPv4-only services by translating address formats.
NAT64
Which technology separates the control plane from the data plane for centralized network control?
A. VLAN
B. SDN
C. NAT
D. MPLS
B. SDN
Which solution extends SDN principles to WANs for more efficient routing and policy control?
A. VXLAN
B. SD-WAN
C. OSPF
D. DMVPN
B. SD-WAN
Which SD-WAN feature allows a network to operate over various transport types like MPLS, LTE, or broadband?
A. Dual Stack
B. Application-aware routing
C. Transport Agnostic
D. NAT64
C. Transport Agnostic
What is the purpose of Zero-Touch Provisioning in modern networks?
A. Manually configure all devices
B. Encrypt endpoint traffic
C. Automatically deploy devices without user intervention
D. Prevent configuration drift
C. Automatically deploy devices without user intervention
Which protocol allows Layer 2 networks to be extended across Layer 3 boundaries?
A. GRE
B. SD-WAN
C. VXLAN
D. SNMP
C. VXLAN
What is the main benefit of Zero Trust Architecture (ZTA)?
A. Static IP addressing
B. Centralized authentication
C. Implicit trust for internal devices
D. Continuous authentication and least privilege access
D. Continuous authentication and least privilege access
Which security model allows granular access based on user roles and context?
A. SASE
B. Zero Trust
C. VPN
D. VLAN
B. Zero Trust
Which model delivers both networking and security functions as cloud-based services?
A. SDN
B. SSE
C. MPLS
D. SASE
D. SASE
What does Infrastructure as Code (IaC) enable?
A. Manual server provisioning
B. Static network topologies
C. Automated infrastructure deployment using code
D. Real-time encryption of VLANs
C. Automated infrastructure deployment using code
Which IaC concept ensures that systems match the intended configuration over time?
A. Playbooks
B. Configuration Drift / Compliance
C. NAT64
D. Branching
B. Configuration Drift / Compliance
What allows IPv6 devices to communicate with IPv4-only devices?
A. NAT64
B. Dual Stack
C. VXLAN
D. SD-WAN
A. NAT64
Which IPv6 transition method enables simultaneous use of IPv4 and IPv6?
A. Tunneling
B. Dual Stack
C. NAT64
D. CIDR
B. Dual Stack
Which version control feature helps identify overlapping changes to infrastructure code?
A. Branching
B. Playbooks
C. Conflict Identification
D. Dynamic Inventory
C. Conflict Identification
This Ethernet standard supports 10 Mbps over twisted pair copper cables with a maximum distance of 100 meters.
10Base-T
This Ethernet standard provides 100 Mbps over twisted pair copper cables, typically Cat5 or higher, up to 100 meters.
100Base-TX
A gigabit Ethernet standard that uses twisted pair copper cables (Cat5e or Cat6) with a maximum range of 100 meters.
1000Base-T
A fiber optic Ethernet standard that supports 1 Gbps over multimode fiber (MMF) with a maximum distance of 550 meters.
1000Base-SX
A fiber optic Ethernet standard for 1 Gbps that uses single-mode fiber (SMF) with a range up to 10 kilometers.
1000Base-LX
This Ethernet standard supports 10 Gbps over multimode fiber up to 300 meters.
10GBase-SR
A 10 Gbps Ethernet standard that uses single-mode fiber with a maximum range of 10 kilometers.
10GBase-LR
This copper Ethernet standard supports 10 Gbps over Cat6a or Cat7 cables with a range of up to 100 meters.
10GBase-T
A high-speed Ethernet standard designed for data centers, providing 40 Gbps over multimode fiber up to 150 meters.
40GBase-SR4
An Ethernet standard that supports 40 Gbps over single-mode fiber with distances up to 10 kilometers.
40GBase-LR4
This standard supports ultra-fast data transfer at 100 Gbps using multimode fiber with a maximum distance of 150 meters.
100GBase-SR4
An Ethernet standard designed for long-distance 100 Gbps transmission over single-mode fiber up to 40 kilometers.
100GBase-LR4
A copper-based Ethernet standard that provides up to 2.5 Gbps over existing Cat5e or Cat6 cables.
2.5GBase-T
This standard supports 5 Gbps Ethernet using Cat5e or Cat6 cables, extending the usability of current infrastructure.
5GBase-T
Designed for long-range fiber optic Ethernet, this standard supports 10 Gbps over single-mode fiber with a reach of up to 40 kilometers.
10GBase-ER
A legacy Ethernet standard that provides 10 Mbps over coaxial cable, primarily used in older networks.
10Base2
An Ethernet standard that supports 10 Mbps over coaxial cable using a bus topology with a maximum segment length of 500 meters.
10Base5
This standard uses fiber optic cables to provide Ethernet at 100 Mbps over distances up to 2 kilometers.
100Base-FX
A legacy Ethernet standard running at 10 Mbps over twisted pair copper. Although outdated, it was a popular choice for early LAN networks.
10Base-T
This Fast Ethernet standard reaches speeds of 100 Mbps using twisted pair copper cables like Cat5 or higher. It uses two pairs of wires for transmission.
100Base-TX
A gigabit Ethernet standard that operates over copper cables (Cat5e or Cat6) with a range of 100 meters. It is widely used in modern networks for high-speed LANs.
1000Base-T
Designed for use in data centers and LANs, this standard uses multimode fiber to provide 1 Gbps speeds at distances up to 550 meters.
1000Base-SX
This fiber standard uses single-mode fiber to transmit 1 Gbps over long distances, often used for WAN connections up to 10 kilometers.
1000Base-LX
A short-range fiber standard designed for 10 Gbps Ethernet over multimode fiber. It’s commonly deployed in data centers with runs up to 300 meters.
10GBase-SR
Providing 10 Gbps Ethernet over single-mode fiber, this standard is ideal for long-distance WAN connections, supporting ranges up to 10 kilometers.
10GBase-LR
This standard enables 10 Gbps Ethernet over twisted pair copper cables, using Cat6a or Cat7. It can support up to 100 meters of transmission.
10GBase-T
Designed for high-speed connectivity within data centers, this Ethernet standard supports 40 Gbps over multimode fiber, with distances up to 150 meters.
40GBase-SR4
Using single-mode fiber, this 40 Gbps Ethernet standard is used for long-distance communication, reaching up to 10 kilometers.
40GBase-LR4
Supporting ultra-fast data transfer at 100 Gbps, this standard operates over multimode fiber with a maximum range of 150 meters.
100GBase-SR4
Designed for WAN and metropolitan area networks, this Ethernet standard provides 100 Gbps over single-mode fiber for distances up to 40 kilometers.
100GBase-LR4
Providing an upgrade path for existing networks, this Ethernet standard offers 2.5 Gbps over Cat5e or Cat6 cables for up to 100 meters.
2.5GBase-T
This copper standard supports speeds up to 5 Gbps using Cat5e or Cat6 cables, balancing speed and cost-effectiveness in modern networks.
5GBase-T
An extended range fiber optic Ethernet standard, this provides 10 Gbps over single-mode fiber with a range of up to 40 kilometers.
10GBase-ER
A legacy Ethernet standard operating at 10 Mbps over coaxial cable. Once common in LANs, it is now obsolete.
10Base2
An older Ethernet standard using coaxial cable to provide 10 Mbps over a bus topology, supporting segment lengths up to 500 meters.
10Base5
Designed for Fast Ethernet over fiber optic cable, this standard provides 100 Mbps at distances up to 2 kilometers using multimode fiber.
100Base-FX
Which Ethernet standard provides 10 Mbps over twisted pair copper cables up to 100 meters?
A. 10Base-T
B. 100Base-TX
C. 1000Base-T
D. 10GBase-T
A. 10Base-T
Which Ethernet standard is designed for 1 Gbps transmission using multimode fiber up to 550 meters?
A. 1000Base-SX
B. 1000Base-LX
C. 10GBase-SR
D. 10GBase-LR
A. 1000Base-SX
Which of the following supports 10 Gbps over Cat6a or Cat7 cables up to 100 meters?
A. 10Base-T
B. 100Base-TX
C. 10GBase-T
D. 1000Base-T
C. 10GBase-T
What is the maximum range for 1000Base-LX over single-mode fiber?
A. 550 meters
B. 10 kilometers
C. 300 meters
D. 40 kilometers
B. 10 kilometers
A network engineer needs to establish a 40 Gbps connection in a data center over a distance of 100 meters using multimode fiber. Which standard should be used?
A. 40GBase-SR4
B. 40GBase-LR4
C. 10GBase-T
D. 1000Base-SX
A. 40GBase-SR4
Which Ethernet standard offers speeds of 5 Gbps over Cat5e or Cat6 cables?
A. 2.5GBase-T
B. 5GBase-T
C. 1000Base-T
D. 10GBase-T
B. 5GBase-T
Which legacy Ethernet standard used coaxial cable in a bus topology, supporting 10 Mbps over distances up to 500 meters?
A. 10Base2
B. 10Base5
C. 10Base-T
D. 100Base-FX
B. 10Base5
A company requires a long-distance 10 Gbps link over single-mode fiber. Which standard should they select?
A. 10GBase-SR
B. 10GBase-LR
C. 1000Base-SX
D. 10GBase-T
B. 10GBase-LR
Which Ethernet standard supports speeds of 100 Gbps using multimode fiber over short distances up to 150 meters?
A. 100GBase-SR4
B. 100GBase-LR4
C. 10GBase-SR
D. 40GBase-SR4
A. 100GBase-SR4
A technician needs to provide Fast Ethernet connectivity over fiber for up to 2 kilometers. Which standard is most suitable?
A. 100Base-FX
B. 100Base-TX
C. 1000Base-SX
D. 10Base-T
A. 100Base-FX
In this mode, IPsec protects the payload of the original IP packet, leaving the original IP header intact. This mode is often used for end-to-end communication between devices.
Transport Mode
In this mode, IPsec encrypts and encapsulates the entire IP packet within a new IP header. This mode is commonly used for VPNs to secure communication between networks.
Tunnel Mode
