1.8 Summarize evolving use cases for modern network environments.

Question 1

What is SDN?

Answer 1

(Software-defined Network)
- Networking devices have different functional planes of operation (data, contorl, and management planes)
- Splitting the functions into separate logical units to be utilized in a virtual environment.

Question 2

What is SD-WAN?

Answer 2

• (Software-defined Wide Area Network)
• A WAN built for the cloud.
• The data center used to be in one place. Now those services and applications are moved to the could.
• No need to hop through a central point.

Question 3

What does it mean to be application-aware?

Answer 3

The WAN knows which app is in use which makes routing decisions based on the application data.

Question 4

What is zero-touch provisioning?

Answer 4

• Remote equipment is automatically configured.
• Application traffic uses the most optimal path.
• Can change based on traffic patterns and network health.

Question 5

What does it mean to be transport agnostic?

Answer 5

• The underlying network can be any type (Cable modem, DSL, Fiber-based, 5G, etc. It will automatically pick the best choice for the location.

Question 6

What is Central Policy Management?

Answer 6

• Management and configuration on a single console, leaving only one device that needs to be configured
• Changes can be pushed to the SD-WAN routers.

Question 7

What is VXLAN?

Answer 7

• (Virtual Extensible Local Area Network)
• This is a way to connect data centers without worry about the underlying infrastructure (wires, connections, IP Schemes, etc.)
• Designed to support hundreds of thousands of tenants.

Question 8

What is DCI?

Answer 8

• (Data Center Interconnect)
• Connecting multiple data centers together, seamlessly spanning across different geographic distances.
• Connect and segment different customer networks.
• Distribute applications everywhere.

Question 9

VXLAN encapsulation?

Answer 9

This allows two different virtual machines in different locations to feel as though they are directly connected to one another.

Question 10

What is a ZTA?

Answer 10

• (Zero Trust Architecture)
• A holistic approach to security that covers every device, every process, and every person.
• Everything must be verified
• Nothing is inherently trusted
• It uses Multi-factor authentication, encryption, system permissions, additional firewalls, monitoring and analytics, etc.

Question 11

How does authentication fit into ZTA?

Answer 11

Policy-based authentication employs adaptive identity and policy-driven access control.

Question 12

How does authorization fit into ZTA?

Answer 12

• It determines which applications and data are accessible.
• Different rights depending on the user (help desk techs can view the hardware database, help desk managers can modify the database, other users have no access.

Question 13

How does least privilege access fit into ZTA?

Answer 13

• Rights and permissions should be set to the bare minimum.
• All user accounts must be limited.
• Don’t allow users to run with admin privileges.

Question 14

What is SASE / SSE?

Answer 14

(Secure Access Secure Edge / Security Service Edge)
- This is a Next Gen VPN that allows you to securely connect from different locations utilizing cloud services.
- SASE clients are installed on all user devices.

Question 15

What is IaC?

Answer 15

(Infrastructure as Code)
- Describe a networking infrastructure can be configured as a code.
- It allows you to modify the infrastructure and create versions (the same way you version application code).
- Use the description (code) to build other applications instances.

Question 16

Explain automation with regards to IaC.

Question 17

How do you use playbooks/templates/reusable tasks in Automation?

Answer 17

• A Playbook is a set of conditional steps to follow (a broad process) that allows you to investigate a data breach and also recover from ransomware attacks.
• A reusable template
• Can be used to create automated activities.

Question 18

How do you use configuration drift/compliance in Automation?

Answer 18

• Ensure the same configurations for all systems.
• The configuration used in testing should be the same in production.
• IaC provides an identical deployment.

Question 19

How would you use upgrades in Automation?

Answer 19

• Change a configuration with a single line of code.
• Modify configuration and software.

Question 20

How would you use dynamic inventories in Automation?

Answer 20

• Query devices in real-time.
• Manage and make changes based on the results.

Question 21

What is source control with regards to IaC?

Answer 21

• It allows you to manage change
• Developers can create the infrastructure requirements
• You can build and publish the definition.

Question 22

What is Version Control in IaC?

Answer 22

• It allows you to manage ongoing changes to the code (example would by “Git”).

Question 23

How would you leverage a central repository as source control?

Answer 23

• This allows you to track changes across multiple updates.
• Everyone can participate without causing issues with the code.

Question 24

How would you leverage conflict identification as source control?

Answer 24

• Some conflicts may be able to handled automatically by code others may need to have manual intervention.

Question 25

How would you leverage branching as source control?

Answer 25

• This would allow you to move away from the main line of development and work without making changes to the main code.
• You would then branch and merge, branch and merge.

Question 26

Explain what IPv6 is and why we need to use it.

Answer 26

• Estimated 20 billion devices connected to the internet (and growing) and IPv4 supports around 4.29 billion addresses.
• IPv4 address space has been exhausted.
• NAT is the workaround but not permanent fix.

Question 27

How do we mitigate address exhaustion?

Answer 27

IPv6 provides a larger address space with room for growth.

Question 28

What are the compatibility requirements for IPv6?

Answer 28

• Not all devices can talk/communicate with IPv6. This requires an alternate form of communication via Tunneling, Dual Stack, and NAT64.

Question 29

Please explain tunneling with regards to IPv6.

Answer 29

• Encapsulate one protocol within another.
• A migration option designed for temporary use.
• 6 to 4 or 4 to 6 tunneling (requires specialized relay router and no support of NAT; no longer an option for Windows).

Question 30

Please explain dual stack with regards to IPv6.

Answer 30

• Have the option to use both IPv4 and IPv6.
• Running both at the same time
• Interfaces will be assigned multiple address types.
• Application can choose which one is best to use.

Question 31

Please explain NAT64 with regards to IPv6.

Answer 31

• Convert between IPv4 and IPv6.
• Seamless to the end user.
• Uses a NAT64-capable router.
• Works with a DNS64 server to translate DNS requests.

Question 32

What is the Data Plane / Infrastructure Layer?

Answer 32

This is the part of SDN that would process the frames and packets, does the forwarding of traffic, trunking, encrypting and NAT.

Question 33

What is the Control Layer / Plane?

Answer 33

• This is the part of SDN that manages the actions of the data plane.
• It handles the routing tables, session tables, and NAT Tables, as well as dynamic routing protocol updates.

Question 34

What is the difference between VLAN & VXLAN?

Answer 34

VLAN
- Max of 4,000 possible virtual networks
- Fixed Layer 2 domain
- not designed for large scale and dynamic movement of VMs

VXLAN
- Over 16 Million possible virtual networks
- Tunnel frames across a layer 3 network
- Built to accomodate large Virtual environments.

Question 35

What is adaptive identity?

Answer 35

• Consider the source and the requested resources.
• Multiple risk indicators - relationship to the organization, physical location, type of connection, IP addresses, etc.
• Make the authentication stronger, if needed.

Question 36

What is policy-driven access control?

Answer 36

• Combine the adaptive identiy with a predefined set of rules.
• Evaluates each access decision based on policy and other information.
• Grant, deny, or revoke.

Question 37

IPv6 Addresses

Answer 37

• 128-bit addresses
• 16 bits = 2 bytes = 2 octets
• Compressed Form: groups of zeros can be abbreviated with a double colon (only one of these abbreviations allowed per address) and leading zeros are optional.