325 Flashcards

1
Q

Client Server network

A

Form of internet network that consists of a single central computer functioning as a server and directing several other computers, referred to as clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Peer-to-peer network

A

a group of computers or devices that share resources and access shared resources without centralized control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Local Area Network types

A

Home/Residential, Soho Network, SME Network, Enterprise, Datacenter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Wide area network

A

a computer network in which the computers connected may be far apart, generally having a radius of half a mile or more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Topology

A

The physical or logical structure of the network in terms of nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Types of network topology

A

Star, Mesh, Full Mesh, Partial Mesh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Star Topology

A

Each endpoint node is connected to a central forwarding appliance, such as a switch or router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mesh Topology

A

Requires that each device has a point to point link with every other device on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Full Mesh Network

A

Commonly used in WANs especially public networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Partial Mesh Network

A

Only most important devices interconnected in the mesh, perhaps with extra links for fault tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Simplex

A

Sender can send the data but the sender unable receive the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Full-duplex

A

Data is sent and received simultaneously. It is dual way communication where both directions of communication will happen at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Half-duplex

A

Data is sequentially sent and received. It is a bidirectional communication that is limited to only one sender or reciever at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Logical topology

A

How data travels between nodes on a network. This topology emphasizes the data path that a message takes from one device to another, irrespective of the physical connections between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Addressing

A

Unique identifier for a network node, such as a MAC address, IPv4 address, or IPv6 address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Encapsulation

A

A method by which protocols build data packets by adding headers and trailers to existing data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ethernet

A

System for connecting a number of computer systems to form a local area network, with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Media access control

A

Layer that controls the hardware responsible for interaction with the wired (electrical or optical) or wireless transmission medium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Collision domain

A

Network segment where simultaneous data transmissions collide with one another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Carrier-sense multiple access with collision detection (CSMA/CD)

A

Ethernet protocol that uses carrier sensing to defer transmissions when a collision is detected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Carrier-sense multiple access with collision avoidance (CSMA/CA)

A

Network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be idle. When they do transmit, nodes transmit their packet data in its entirety.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The Protocol field in the IPv4 header

A

specifies the type of data encapsulated in the payload, allowing the receiving host to know how to process it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Three tier architecture

A

The core Server, distribution switches, and access switches which server users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Spine and leaf architechture

A

Two-layer architecture. Every leaf switch is connected to a spine switch in a full mesh topology. The leaf layer contains the access switches that connects to the servers and provide a connection for end users. Overcomes the limitations of three-layer hierarchical architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A hop

A

A packet passing through a router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Hop limit

A

“Time to live” for ipv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

default route

A

A route when no other route matches. Destination: 0.0.0.0/0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

OSI Model

A

the Seven layers defined by the open systems interconnection reference model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

OSI Layers

A

“All People Seem To Need Data Processing” - Application, Presentation, Session, Transport, Network, Data Link, Physical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Protocol Data Unit

A

Chunk of data with protocol-specific headers added at each OSI layer. The basic unit of exchange between entities that communicate using a specified networking protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Physical Layer

A

Responsible for transmission and reciept of signals that represent bits of data. Can be cabled or wireless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Data Link layer

A

Responsible for transferring data between nodes on the same logical segment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Network Layer

A

Responsible for logical network addressing and forwarding, move data around an internetwork.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Transport Layer

A

Responsible for breaking upper-layer data into segments and ensuring reliable data control, error detection, and error correction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Session Layer

A

Provides services for applications that need to exchange multiple messages (dialog control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Presentation Layer

A

Transforms and translates data between the formats used by the network and applications, including data compression and encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Application Layer

A

Provides support to applications requiring network services (file transfer, printing, email, databases, and so on).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Bridge

A

Appliance or application that connects different networks as if they were one network. Inspects destination MAC addresses to decide if a packet should jump to other network segments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Router

A

Intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Firewall

A

Software or hardware device that protects a network segment or individual host by filtering packets to an access control list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Access Control List

A

Collection of ACEs that determines which subjects are allowed or denied access to the object or privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Access Control Entry

A

A particular security identifier that is associated with Access rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Physical layer devices

A

Tranciever, Repeater, Hub, media converter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Data Link layer devices

A

NIC, Bridge, Switch, Wireless Access Point, VLANs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Header fields added by the Data Link layer

A

Source Hardware address, Destination hardware Address, checksum for basic error checking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Network Layer Devices

A

Router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Functions of the Transport Layer

A

Data segmentation and reassembly, reliable message delivery, end to end flow control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Transport Layer Devices

A

Multilayer Switches, Security Appliances, IDSs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Function of the Session Layer

A

The exchange of multiple messages between the client and server. This exchange is called a session or dialog.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Registered Jack

A

Series of jack/plug types used with twisted pair cabling, such as RJ45 and RJ11.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Shielded Twisted Pair

A

Copper twisted pair cabling with screening and shielding elements for individual wire pairs and/or the whole cable to reduce interference. Also referred to as a screened, shielded, or foiled twisted pair.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Digital Certificate

A

Identification and authentication information presented in the X.509 format and issued by a Certificate Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Certificate Authority

A

A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Public Key

A

For Asymmetric encryption, is freely distributed and can be used to perform the reverse encryption ore decryption operation of the linked private key in the pair.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Network Time Protocol

A

Networking protocol for clock synchronization over packet-switched variable latency networks. Uses port 123.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Three types of Precision Time Protocols

A

Grandmaster is authoritative. Boundary has interfaces in PTP segments. Ordinary has a single interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Trunking

A

Connecting switches together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Port Bonding

A

Multiple ports are connected and perceived as a single whole by the switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Port mirroring

A

Copies traffic from one interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

SPAN

A

Switch Port Analyzing Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Ethernet frames payload

A

Frames support more than 1,500 bytes, up to 9216 in a jumbo frame

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Jumbo Frames

A

Larger payload of an ethernet frame, and must be supported by the switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Ethernet flow control

A

As a non- deterministic form of communication, control is maintained by speed or IEEE.802.3x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Port Security

A

Prevents unauthorized use from a switch interface. Designed to restrict network access by filtering MAC addresses. It allows administrators to define which devices are permitted to connect to specific switch ports. Keeps a list of confirmed MAC sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Straight-through cables

A

Used for patch cables, and to connect workstations to network devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

MDI

A

Media Dependant Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

MDI-X

A

Media Dependant Crossover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

10BASE-T and 100BASETX Straight Through cables

A

Won’t use pins 4,5,7,8. From the MDI, 1,2 are Transmitting. And 3,5 are receiving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

1000Base-T

A

For gigabyte cables, all four sets are transmitting and receiving data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Ethernet crossover cables

A

For MDI to MDI, or MDI-X to MDI-X. Connects 1-3, 2-6, 3-1, 4-7, 5-8, 6-2, 7-4, 8-5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Auto-MDI-X

A

Automatically performs crossover on modern ethernet devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

MIMO

A

Multiple Input Multiple Output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

MU-MIMO

A

Multiple User MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

802.11A

A

5GHz MTT PS and total is 54 Mbit/s. No MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

802.11B

A

2.4GHz MTT PS and total is 11 Mbit/s. No MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

802.11G

A

2.4 GHz MTT PS and total is 54 MBits. No MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

802.11n

A

5GHz / 2.4 GHz and MTT PS is 150 MBits. Total is 600 MBits. 4xMIMO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

802.11ac

A

5GHz and MTT PS is 867 MBits, Total is 6.9 GBits. 8xDL MU-MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

802.11ax

A

5/2.4 GHz MTT PS is 1,201 MBits and total is 9.6 GBits. 8xDL and UL-MU-MIMO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Orthogonal Frequency-division multiple access

A

Similar to cellular communication, and improves high-density installations (OFDMA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Channels

A

Groups of non overlapping frequencies numbered by the IEEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Bandwidth

A

the width of a frequency defined in MHz. Defined by 802.11 standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Extended Service Set

A

An ESS is a collection of multiple BSSs working together as a single network, typically managed by a controller. It allows for larger coverage areas and seamless roaming between different BSSs under the same network SSID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Basic Service Set

A

BSSID is a unique identifier associated with a specific SSID within a BSS. It is formatted like a MAC address and serves to uniquely identify the network’s access point and SSID combination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Independent basic service set

A

IBSS is a basic service set, ad hoc connection for temporary or long term communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Physical network map

A

follows the physical wire and devices to simplify troubleshooting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Distribution frames

A

Passive cable termination, a series of punch down blocks or patch panels that can simplify network extensions or troubleshooting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Main Distribution Frame

A

central hub of a network. Located at the primary entry point for internet connection, houses key equipment like routers, switches, and patch panels that manage and route the data to and from the external world to the internal network. Termination point for WAN links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Patch Panel

A

Allows for easy access and cable Identification,for troubleshooting and fault isolation in a server room.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Intermediate Distribution Frame

A

the IDF plays a supporting role to the MDF, acting as a relay point that extends the connectivity from the MDF to specific areas, floors, or sections of a building that the main distribution frame cannot reach directly due to distance limitations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Severity levels

A

defined levels of events to force priority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Runt

A

frames that are less than 64 bytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Giant frame

A

frames that are more than 1518

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

CRC error

A

failed the Frame Check sequence resulting from failed cable or port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Netflow

A

Gathers traffic statistics from all traffic flows, that is exported to a collector program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

continuity of operations planning

A

The planning, coordination and performing of essential functions during a range of emergencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

System Life Cycle

A

managing asset disposal, information disposal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Standard operating procedures

A

Backup procedures that are planned for event outages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Password policy

A

Company policies regarding password setup, age, size, and lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Remote access policy

A

External communications is difficult to control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Onboarding procedures

A

The process of integrating employees into an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Offboarding procedures

A

The process of separating employees out of an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Data Loss Prevention

A

involves multiple technologies that can catch sensitive data before it leaves the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Fault Tolerance

A

Maintain uptime in the case of failure. It adds complexity. Single device fault tolerance is built on RAID, UPS, and NICs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Redundant Array of Inexpensive Disks

A

Data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

Load balancer

A

A device with a Virtual IP, and connects users to servers as they are online. Can switch traffic to alternative nodes, reduce bottlenecks, and allow for failover services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

Port Aggregation

A

Multiple links to a single switch to use 2gigs from the connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

Fire suppression

A

The amount of electronics used in a data center complicate fire suppression which uses and prefers modern liquids and gasses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Cold Site

A

no hardware, no data, no people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

Hot Site

A

Duplicate site, architecture, and hardware meant to speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

Warm Site

A

Might have hardware, racks, or HVAC. Not hot or cold.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

Cloud site

A

use an established cloud provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

Active-Passive

A

two devices are installed and configured, only one operating at a single time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

Active-Active devices

A

two devices are installed and configured, with both cooperating at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Diverse paths

A

multiple redundant paths across a network, from ISPS, firewalls, routers, switches, load balancers, and web servers. To maintain redundancy and fault tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

FHRP - First hop redundancy protocol

A

A computer setting to use a different gateway should the default gateway fail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

CIA Triad

A

Confidentiality, Availability, Integrity. The fundamentals of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

Confidentiality

A

Certain information should be limited. Encryption and access controls help restrict access to resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

Integrity

A

That the data is stored and transferred as intended and that any modification is authorized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

Availability

A

That information is accessible to those authorized to view or modify it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

Vulnerability

A

A weakness that could be accidentally triggered or intentionally exploited to cause a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

Threat

A

The potential for someone or something to exploit a vulnerability and breach security. A threat may be intentional or unintentional. The person or

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

Risk

A

The likelihood and impact of a threat actor exercising a vulnerability. Assessing Risk helps you decide which vulnerabilities to prioritize patching and what additional security measures to implement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

Data At rest

A

The state in which data is in some sort of persistent storage media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

Data in use

A

The state in which data is present in volatile memory such as system ram, cpu registers, and cache.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

Data In Transit

A

The state in which data is transmitted over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

Encryption

A

Encoded messages so only proper recipients can read them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

Access controls

A

Programs that specify roles to limit access or controls to users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

Steganography

A

Conceal information within another piece of information. Associated with hiding information within an image.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

Hashing

A

mapped data of an arbitrary length to a fixed length. If it’s modified it will be a different hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

Digital Signature

A

Mathematical scheme to verify the integrity of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Non-Repudiation

A

Authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Zero day attacks

A

vulnerability that has never been identified or published in a new or unreleased product or application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

Threat

A

A vulnerability that can be exploited. Could be intentional or accidental. Most are external to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

Insider threat

A

A threat actor that has access to the internal processes or procedures. Ameliorated by Least Privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Physical Controls

A

Keep people away from technology. Door locks, fences, rack locks, cameras

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Technical controls

A

Hardware and software safety measures. Firewalls, AD authentication, Disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

Vulnerability assessment

A

an evaluation of a system’s security and ability to meet compliance requirements based on the configuration state of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

Honeypot

A

A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also called a honeynet or honeyfile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

Cybersecurity audit

A

Ensure a security posture aligns with established standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

Data Locality

A

Establishing policies and tools that ensure data is stored within a specific national or state border.This is often required to comply with data sovereignty and protect data privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

Physical segmentation

A

separate devices to prevent users from accessing another customer’s resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

Logical segmentation

A

VLANs to force a customer to only be able to interact with their own resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

Screened Subnet/demilitarized zone

A

Public access to resources, but no access to the org’s internal network. A physical or logical subnetwork that contains and exposes an organization’s external-facing (public-facing) services to an untrusted, usually larger, network such as the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

Separation of Duties

A

Split knowledge, no individual has complete knowledge of a function or resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

Network Access Control

A

Security solutions whose primary function is to authenticate and authorize devices before they gain full access to the network. Supports network visibility and access management through policy enforcement on devices and users of corporate networks.

147
Q

IEE 802.1x

A

port based NAC. Physical interface authentication. Individual ports can be disabled. Addresses communication between a supplicant to an authenticator, and the auth server.

148
Q

Supplicant

A

A user who is trying to log into a IEE 802.1x server

149
Q

Authenticator

A

Passes a supplicant’s credentials against an authentication server

150
Q

Local Authentication

A

A manual process where passwords are kept on the local device. Not impacted by server downtime.

151
Q

Multi-factor authentication

A

Can be expensive. More than one factor, could be a token, biometric, codes, or smartphone application

152
Q

Remote authentication Dial-in User Service

A

AAA protocol that is widely supported and offers centralized authentication for users.

153
Q

Terminal Access Controller Access-Control System

A

Created to control dialup lines in ARPANET. TACACS+ released in 1993.

154
Q

Lightweight Directory access protocol

A

protocol for reading and writing directories over an IP network.

155
Q

Kerberos

A

Network authentication protocol, no need to reauth for subsystems. Manual and protected against on-path or replay attacks.

156
Q

SSO with Kerberos

A

single auth without username or password using backend ticketing. Complicated as a result of its cryptography

157
Q

Address Resolution Protocol

A

Communication protocol used for discovering the link layer addresses, such as MAC address, or IPv4 address. Critical function in TCP/IP.

158
Q

On-path network attack

A

Man in the middle attack, traffic redirection, ARP poisoning.

159
Q

Wireless evil twins

A

looks legitimate

160
Q

Malware

A

Software of many forms that are malicious in purpose.

161
Q

Types of malware

A

Virus, ransomware, worm, trojan horse, rootkit, keylogger.

162
Q

Ransomware

A

Your data is unavailable until the hijackers are paid and release the files.

163
Q

Hashing a password

A

Hashes as fixed length strings are not convertible, and will not have collisions

164
Q

VLAN Hopping

A

An attack where the attacker is able to send traffic from one VLAN to another by either double tagging the traffic, or conducting switch spoofing.

165
Q

DNS poisoning

A

Corrupting the DNS cache to redirect users to malicious websites.

166
Q

ARP spoofing

A

Targets the local network to redirect traffic to malicious websites.

167
Q

SSL stripping

A

Downgrades HTTPS connections to HTTP.

168
Q

DNS spoofing

A

Typically involves creating fake DNS records rather than corrupting the DNS cache.

169
Q

Dictionary attack

A

Use a dictionary to find common words within a password.

170
Q

Virtual Private Network

A

Encrypted data traversing a private network

171
Q

Concentrator

A

Encryption/decryption access device. Often integrated into a firewall.

172
Q

Client-To-Site VPN

A

ON demand VPN from a remote device.

173
Q

Site-to-site VPN

A

Always-on. Firewalls on both sides act as concentrators.

174
Q

Clientless VPN

A

VPN tunnel within HTML5 browser.

175
Q

Full Tunnel

A

All data is from a user is kept inside the organizations network.

176
Q

Split tunnel

A

Users are able to access sites or resources that are not on the organizations network.

177
Q

RDP

A

Remote Desktop Protocol.

178
Q

Asset tracking tabs

A

Records of every asset within an organisation.

179
Q

Troubleshooting

A

Identify, Establish Theory, Test theory, Evaluate.

180
Q

Speed/bandwidth

A

theoretical maximum data rate. Measured in bits per second.

181
Q

The threat types

A

Footprinting, spoofing, DoS, Botnets

182
Q

Footprinting

A

Enumeration of resources on a network to identify potential targets for further attack, spoofing, DoS

183
Q

The attack types

A

Data theft, insider threat, malware attack, password attack, social engineering

184
Q

Identity Access Management

A

Framework of policies and technologies to ensure correct access to correct users.

185
Q

Identification

A

Creating an account or ID that uniquely represents the user, device, or process on the network.

186
Q

Authentication

A

Proving that a subject is who or what it claims to be when it attempts to access the resource. An authentication factor determines what sort of credential the subject can use.

187
Q

Authorization

A

Determining what rights subjects should have on each resource, and enforcing those rights. An authorization model determines how these rights are granted.

188
Q

Accounting

A

Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.

189
Q

Six factors used in Authentication

A

Knowledge, Ownership, Biometric, Behavior, Location, Time.

190
Q

Knowledge factor

A

Something you know (such as a password).

191
Q

Ownership factor

A

Something you have (such as a smart card).

192
Q

Route poisoning

A

Prevents a router from sending packets through a route that has become invalid within computer networks.

193
Q

Human factor

A

Something you are (such as a fingerprint).

194
Q

Behavior factor

A

Something you do (such as making a signature).

195
Q

Location factor

A

Somewhere you are, such as only being able to log into an account from a specific location, known as geofencing.

196
Q

Time factor

A

Somewhen you are (such as only being permitted to start a session during work hours or using an access token before it expires).

197
Q

Multifactor

A

Authentication scheme that requires the user to present at least two different factors as credentials. Specifying two factors is known as 2FA.

198
Q

Public Key Infrastructure

A

Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.

199
Q

Five stages of a Key’s Life Cycle

A

Generation, Storage, Revocation, Expiration and Renewal.

200
Q

Key Generation

A

The creation an asymmetric key pair or symmetric secret key of the required strength, using the chosen cipher.

201
Q

Storage

A

Prevents unauthorized access to a private or secret key and protects against loss or damage.

202
Q

Revocation

A

Prevents use of the key if it is compromised. If a key is revoked, any data that was encrypted using it should be re-encrypted using a new key.

203
Q

Expiration and Renewal

A

Gives the certificate that validates the key a “shelf-life” to increase security. Every certificate expires after a certain period. Certificates can be renewed with the same key pair or with a new key pair.

204
Q

Federated Identity

A

The means of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems.

205
Q

Security Assertion Markup Language

A

An XML-based data format used to exchange authentication information between a client and a service.

206
Q

Supplicant

A

The device requesting access in a 802.11x standard connection, such as a user’s PC or laptop.

207
Q

AAA Server

A

The authentication server, positioned within the local network. This server either holds a database of accounts and credentials or has access to a directory server that can authenticate requests and issue SSO authorizations.

208
Q

Remote Authentication Dial-In User Service

A

AAA protocol used to manage remote and wireless authentication infrastructures.

209
Q

Terminal Access Controller Access Control System

A

Networking protocol that provides centralized AAA management for users, and admins who connect and use a network service.

210
Q

Network Segmentation Enforcement

A

Enforcing a security zone by separating a segment of the network. Could be accomplished using firewalls, VPNs, VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped. Also referred to as segmentation or network segmentation enforcement.

211
Q

Private Server Administrative Networks

A

Devices are subject to strict hardening and configuration management policies. Hosts, user accounts, and traffic with permission to operate in the zone are continually monitored to ensure compliance with security policies.

212
Q

Private Client Network

A

Devices are subject to security policies and monitoring, but the diverse range of technologies and permissions to use public networks make the zone less than fully trusted.

213
Q

Guest

A

Unmanaged devices are allowed to connect, subject to some restrictions and monitoring. This zone is typically untrusted and would not be allowed access to trusted networks.

214
Q

Public Server Network

A

Devices are fully managed but accept connections from unmanaged public clients. Consequently, hosts within this zone are only partially trusted.

215
Q

Public

A

The zone is unmanaged and therefore untrusted.

216
Q

Screened Subnet

A

Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports. Formerly referred to as a demilitarized zone (DMZ), this usage is now deprecated.

217
Q

Intrusion detection system

A

Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network. Also called a network intrusion detection system (NIDS).

218
Q

Intrusion prevention system

A

Security appliance or software that combines detection capabilities with functions that can block attack in an active configuration.

219
Q

Multicast

A

A TCP/IP Technology that sends out packets to devices when streaming to multiple workstations from a single media server. It only sends those to devices that specifically requested the stream rather than the entire network.

220
Q

AAAA records

A

Maps a domain name to IPv6.

221
Q

“A” Records

A

Maps a domain name to IPV4

222
Q

TXT records

A

Are used to store SPF details, which defines which mail servers are authorized to send email on behalf of a domain, helping to prevent email spoofing. And textual information related to the domain, not DNS server details.

223
Q

Mail Exchange Records

A

MX Records specify mail servers for the domain.

224
Q

Name Server Records

A

NS records specify DNS servers for the domain. Used to specify the authoritative DNS servers for a domain or subdomain, guiding external queries to the correct servers for DNS resolution.

225
Q

PTR Records

A

PTR records are used for reverse DNS lookups, not for specifying DNS servers for subdomains.

226
Q

Canonical Name

A

CNAME records alias one domain name to another.

227
Q

Cable Certifier

A

Tests the continuity of a cable and verify that a cable meets its specifications such as the bandwidth, frequency, and length.

228
Q

SYN flag

A

Synchronization: The first packet sent from the sender to a receiver as a means of establishing a TCP connection and initiating a three-way handshake.

229
Q

Simple Mail Transfer Protocol

A

Internet standard communication protocol for electronic mail transmission.

230
Q

Simple Mail Transport Protocol Secure

A

a method for securing the SMTP using transport layer security.

231
Q

Link Aggregation Control Protocol

A

allows the user to combine numerous physical Ethernet links into one logical link, which helps create load balancing in the interfaces

232
Q

Digital Subscriber Line

A

technology for transferring data over voice-grade telephone lines, often referred to as the local loop.

233
Q

Cable Internet

A

usually available along with Cable Access TV (CATV). These networks are sometimes described as hybrid fiber coax (HFC) because they combine a fiber optic core network with coax links to CPE, but are more simply just described as cable broadband.

234
Q

Asymmetric digital subscriber line

A

Enables faster data transmission over coper than conventional modems.

235
Q

Very high-speed digital subscriber line

A

Provides faster transmission over a single copper line.

236
Q

Customer Edge

A

The router that interfaces a WAN. From a customer to the provider’s network.

237
Q

At which OSI layer do WANs use simpler protocols than LANs

A

At the Data Link Layer Wan’s use simpler protocols due to their point-to-point connections.

238
Q

Why use public networks for WAN services?

A

The cost is less than implementing a private solution.

239
Q

Cable Modem Termination System

A

connects all the premises in a street via coaxial cables and routes data traffic through the fiber optic backbone to the Internet Service Provider’s (ISP’s) Point of Presence (PoP), facilitating internet access.

240
Q

Filter in a DSL setup

A

Prevents Noise from affecting voice calls.

241
Q

the primary function of a T-carrier system

A

To enable voice traffic digitization

242
Q

primary advantage of TDM in T-carrier systems

A

It enables the simultaneous transmission of multiple signals over a single transmission path.

243
Q

Very High-Speed DSL2

A

100 MBPS bi-directional

244
Q

Fiber To the curb

A

Service providers use VDSL to achieve higher bit rates at the expense of range, to achieve FTTC.

245
Q

Point to Point Protocol

A

Encapsulation protocol at the Data Link Layer. Encapsulates IP packets for transmission over serial digital lines. Has no security mechanisms, uses other protocols to provision a secure tunnel.

246
Q

Internet Protocol Security

A

Used to secure IPv4 and/or IPv6 communications on local networks and as a remote access VPN protocol. IPSec operates at the Network layer.

247
Q

Transport Mode

A

Mode of IPSec. used to secure communications between hosts on a private network.

248
Q

Tunnel Mode

A

Mode of IPSec. used for communications between VPN gateways across an insecure network. Router configuration.

249
Q

Authentification Header

A

IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.

250
Q

Encapsulating Security Payload

A

IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.

251
Q

Integrity Check Value

A

Small piece of data from a larger set, often a packet or frame, can verify that the data has not been tampered with.

252
Q

Internet Key Exchange

A

Framework for creating a security association (SA) used with IPSec. An SA establishes that two hosts trust one another (authenticate) and agree on secure protocols and cipher suites to use to exchange data.

253
Q

Digital Certificates

A

Are issued to each peer by a mutually trusted certificate authority to identify one another.

254
Q

Pre-shared key

A

when the same passphrase is configured on both peers.

255
Q

Split Tunnel

A

VPN configuration where only traffic for the private network is routed via the VPN gateway.

256
Q

Full Tunnel

A

VPN configuration where all traffic is routed via the VPN gateway

257
Q

TCP flags

A

SYN, PSH, RST, FIN

258
Q

Maximum Transmission Unit

A

Maximum IP Packet to transmit. Not a fragment

259
Q

media converter

A

Layer 1 device that changes one type of connection to another.

260
Q

Jitter

A

network condition that occurs when a time delay in the sending of data packets over a network connection occurs. A variation in the delay of the packets, and can cause some strange side effects, especially for voice and video calls

261
Q

UDP scan

A

is activated with the -sU option on Nmap. Shows A list of open UDP ports on the target device.

262
Q

End systems

A

also referred to as hosts, are the nodes that send and receive data traffic in a network.

263
Q

Emergency Severity levels

A

range from zero to seven, with zero being the most severe and seven being the least severe.

264
Q

Level 0 Emergency

A

is used for an emergency and is considered the most severe condition because the system has become unstable.

265
Q

Level 1 Emergency

A

is used for an alert condition and means that there is a condition that should be corrected immediately.

266
Q

Level 2 Emergency

A

is used for a critical condition, and it means that there is a failure in the system’s primary application and it requires immediate attention.

267
Q

Level 3 Emergency

A

is used for an error condition, and it means that something is happening to the system that is preventing the proper function.

268
Q

Level 4 Emergency

A

is used for warning conditions and it may indicate that an error will occur if action is not taken soon.

269
Q

Level 5 Emergency

A

is used for notice conditions and it means that the events are unusual, but they are not error conditions.

270
Q

Level 6 Emergency

A

is used for information conditions and it is a normal operational message that requires no action.

271
Q

Level 7 Emergency

A

is used for debugging conditions and is just information that is useful to developers as they are debugging their networks and applications.

272
Q

Data Center Interconnect (DCI)

A

best utilizes VXLAN technology between dispersed data centers

273
Q

Ad Hoc networks

A

Enable devices to connect directly, promoting peer-to-peer communication without relying on a centralized access point

274
Q

End systems

A

Also referred to as hosts, are the nodes that send and receive data traffic in a network. They consume the services provided by servers in a client-server network

275
Q

Precision Time Protocol

A

Protocol for clock synchronization throughout a computer network with relatively high precision and therefore potentially high accuracy

276
Q

Autonegotiation

A

Allows devices to automatically select the highest supported connection parameters, including speed, and mode, ensuring compatibility between devices with different Ethernet capabilities. This feature is crucial for maintaining compatibility with older devices that only support 10 Mbps Ethernet interfaces.

277
Q

Three modes of Sessions

A

Simplex, Half-Duplex, or Duplex.

278
Q

supervisory control and data acquisition

A

runs as software on ordinary computers to gather data and manage plant devices and equipment with embedded PLCs, called field devices

279
Q

TTL output field

A

Is in the ping command and shows the value of the counter when the packet arrives at its destination.

280
Q

Link State algorithm

A

Allows a router to store the complete network topology and assess the least-cost paths from this topology database.

281
Q

reverse proxy server

A

provides for protocol-specific inbound traffic. This type of proxy can listen for client requests from the Internet and create the appropriate request to the internal server.

282
Q

Stateful Firewall

A

operates at Layer 5 (Session) of the Open Systems Interconnection (OSI) model. This type of firewall performs circuit-level stateful inspection by maintaining stateful information about the session between two hosts.

283
Q

storage area network

A

Provisions access to storage devices at the block level. A SAN is isolated from the main network. It is only accessed by servers, not by client PCs and laptops

284
Q

Software-defined wide area network

A

An overlay network that provisions a corporate WAN across multiple locations and facilitates secure access to the cloud directly from a remote location.

285
Q

Anycast

A

This form of addressing allows multiple servers to share the same IP address, and when a user attempts to access the service, the network routes the request to the nearest server based on routing protocols like Border Gateway Protocol (BGP). This approach is ideal for achieving high availability and low latency for a global web application, as it automatically directs users to the geographically closest server, improving response times and load distribution across multiple servers.

286
Q

Unicast

A

This form of addressing is used for one-to-one communication between a single sender and a single receiver. While it is the most common form of IP addressing for general internet communication, it does not inherently provide the mechanism for directing users to the nearest server based on geographic location or network latency. Unicast alone would not meet the requirements for high availability and low latency on a global scale without additional routing logic.

287
Q

Broadcast

A

Broadcast addressing is used to send data to all possible destinations within a network segment. This method is not suitable for internet-based applications, as it is limited to local network segments and does not allow for selective routing to the nearest server. Broadcasting would not achieve the goal of directing users to their nearest server for the web application.

288
Q

Multicast

A

Multicast addressing is designed for one-to-many communication, where data is sent from a single source to multiple recipients who have expressed interest in receiving the data. While multicast is efficient for distributing data to multiple recipients simultaneously, it does not provide a solution for directing users to the nearest server based on their geographic location or network latency.

289
Q

Generic Routing Encapsulation

A

Tunneling protocol allows the transmission of encapsulated frames or packets from different types of network protocol over an IPv4 network.

290
Q

Internet Control Message Protocol

A

This protocol reports errors and sends messages about the delivery of a packet.

291
Q

Trivial File Transfer Protocol

A

a connectionless protocol that runs over User Datagram Port (UDP) port 69

292
Q

Secure FTP

A

Raddresses the privacy and integrity issues of FTP by encrypting the authentication and data transfer. Runs over Transmission Control Protocol (TCP) port 22.

293
Q

FTP over Secure Sockets Layer

A

uses either Explicit Transport Layer Security (FTPES) or Implicit Transport Layer Security (FTPS) for secure communication.

294
Q

HTTPS

A

a subset of Hypertext Transfer Protocol (HTTP) that allows for a secure dialog between the client and server using Secure Sockets Layer/Transport Layer Security (SSL/TLS)

295
Q

Remote Desktop Protocol

A

Microsoft’s protocol for operating remote Graphical User Interface (GUI) connections to a Windows machine. RDP uses Network Level Authentication (NLA) which requires the client to authenticate before a full remote session is started.

296
Q

SSH

A

Is a cryptographic network protocol for operating network services securely over an unsecured network. Operates over port 22

297
Q

Telnet

A

Telnet commonly provides remote access to a variety of communications systems. Telnet is often used for remote maintenance of network communications devices. Telnet provides access to a command-line interface on a remote computer using TCP port 23.

298
Q

Multipoint Generic Routing Encapsulation

A

MGRE is a protocol used for connecting multiple remote sites through a Virtual Private Network (VPN). It employs a hub and spoke topology to encapsulate and forward data packets from one remote site to another, making VPN management simpler and more scalable.

299
Q

Multiprotocol Label Switching

A

MPLS is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks. As a scalable and protocol-independent solution, MPLS assigns labels to each data packet, controlling the path the packet follows.

300
Q

Encapsulating security payload

A

Provides confidentiality and/or authentication and integrity. It can be used to encrypt the packet rather than simply calculating a hash.

301
Q

North-South traffic

A

traffic going into the data center from the outside.

302
Q

East-West traffic

A

traffic traveling within a data center but not traveling into a data center

303
Q

Point-to-point protocol

A

encapsulation protocol that works at the Data Link layer (layer 2). PPP has no security mechanisms, so must be used with other protocols to provision a secure tunnel.

304
Q

Classless Inter-Domain Routing

A

CIDR uses bits normally assigned to the network ID to mask the complexity of the subnet and host addressing scheme within the network. This allows CIDR to collapse the company’s three routing entries into one single entry.

305
Q

Variable Length Subnet Masking

A

(VLSM) allows a network designer to allocate ranges of Internet Protocol (IP) addresses to subnets that match the predicted need for numbers of subnets and hosts per subnet.

306
Q

localhost

A

Hostname that refers to the current device being used. It is associated with the loopback address, typically 127.0.0.1, which is used for internal testing and communication within the host. This allows software and services on the same device to communicate with each other using the TCP/IP protocol stack without sending packets over the network.

307
Q

Routing Information Protocol

A

distance vector-based routing protocol. It uses a hop count metric to determine the distance to the destination network. To help prevent looping, the maximum hop count allowed is 15.

308
Q

static route

A

manually added to the routing table and only changes if edited by the administrator. This is ideal for temporary solutions to rapidly set up a route for network testing or quick troubleshooting. Has an AD value of 1 for routing.

309
Q

default route

A

type of static route that identifies the next hop router for a destination and cannot match another routing table entry.

310
Q

Open Shortest Path First

A

OSPF is a link state type of routing protocol ideal for hierarchical systems and networks. OSPF is suitable for organizations with multiple redundant paths between networks. Has a default AD value of 110

311
Q

Interior Gateway Protocol

A

IGP is the protocol that identifies routes within an Autonomous System (AS).

312
Q

Neighbor Discovery (ND) protocol

A

Is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways. A main function is redirection, which enables a router to inform a host of a better route to a particular destination.

313
Q

Enhanced Interior Gateway Routing Protocol

A

EIGRP is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. Rapid convergence, facilitated by its use of a composite metric (combining bandwidth, delay, load, and reliability) for routing decisions, making it efficient and flexible for network changes . Is proprietary to Cisco devices.

314
Q

Effective Isotropic Radiated Power

A

The power at which an access point transmits is configurable. is calculated as the sum of transmit power, antenna cable/connector loss, and antenna gain.

315
Q

Received Signal Strength Indicator

A

RSSI is the strength of the signal from the transmitter at the client end. Most captive portal issues arise because the redirect does not work.

316
Q

Captive Portal

A

Web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Uses RADIUS servers to confirm users.

317
Q

independent basic service set

A

IBSS is an ad hoc topology where the wireless adapter allows connections to and from other wireless devices.

318
Q

PTR record

A

found in reverse lookup zones and is used to resolve an IP address to an associated host name.

319
Q

Mean time between Failures

A

(MTBF) represents the expected lifetime of a product. The calculation for MTBF is the total operational time divided by the number of failures.

320
Q

forward lookup zone

A

used to translate a given a name record and return a related Internet protocol (IP) address.

321
Q

Third-party domain name system

A

another organization is responsible for hosting records. Typically, this would be for external domains.

322
Q

Audit log

A

records the use of authentication and authorization privileges. It will generally record success/fail type events. An audit log might also be described as an access log or security log.

323
Q

forwarder

A

transmits a client query to find a host to another domain name system (DNS) server and routes the replies it gets back to the client.

324
Q

Syslog

A

example of a protocol and supporting software that facilitates log collection. It has become a de-facto standard for logging events from distributed systems.

325
Q

vulnerability

A

a weakness triggered or exploited to cause a security breach; an exploit is a means of using a vulnerability to gain control or damage a system.

326
Q

Single mode cables

A

support data rates up to 10 Gbps or better and cable runs of many kilometers, depending on the quality of the cable and optics.

327
Q

jump box

A

serves as a single administration server, or jump host/server, added to the secure zone to simplify and secure administrative access to servers and appliances exposed to the Internet. It centralizes administrative tasks, reducing complexity and enhancing security by limiting access points.

328
Q

Multimode fiber cables

A

inexpensive to deploy compared to single mode fiber. As such, it does not support high signaling speeds or long distances as single mode and is more suitable for Local Area Networks (LANs) than Wide Area Networks (WANs).

329
Q

Multi-fiber push on connectors

A

MPOs are fiber connectors incorporating multiple optical fibers. These connectors are found primarily in data center environments for consolidating multiple fibers in backbone cabling and supporting parallel optics applications that transmit and receive signals over multiple fibers to achieve higher speeds.

330
Q

Session Initiation Protocol

A

SIP is a signaling protocol for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications

331
Q

Spanning Tree Protocol

A

STP is a network protocol that builds a logical loop-free topology for Ethernet networks. Basic function is to prevent bridge loops and the broadcast radiation that results from them. If you have redundant links set up, it is important to utilize STP to prevent loops within the network. If a loop occurs, the performance of the entire network can be degraded due to broadcast storms

332
Q

Collapsed Core

A

Two-tier hierarchical network topology where access layer switches connect directly to a full mesh core layer. This is impractical if there are large numbers of core switches, making the design less scalable.

333
Q

Single mode fiber

A

Fiber optic cable type using LED or vertical cavity surface emitting laser optics and graded using optical multimode types for core size and bandwidth. has a larger core (62.5 or 50 microns) and shorter wavelength light (850 nm or 1,300 nm) transmitted in multiple waves of varying length.

334
Q

Multi mode fiber

A

Fiber optic cable type that uses laser diodes and narrow core construction to support high bandwidths over distances of over 5 km. has a small core (8 to 10 microns) and a long wavelength.

335
Q

Internet Key Exchange version 2

A

IKEv2 is a tunneling protocol within the IPSec protocol suite. It is responsible for setting up Security Association (SA) for secure communication between VPN clients and VPN servers within IPSec.

336
Q

MOBIKE multihoming

A

Mobility and Multihoming Protocol is a feature of IKEv2 that allows a VPN client to maintain an active VPN connection while switching between different network interfaces, such as moving from a Wi-Fi connection to cellular data.

337
Q

top-of-rack switch models

A

ToR switch models designed to provide high-speed connectivity to a rack of server appliances. Used as leaf layer access switches.

338
Q

First Hop Redundancy Protocol

A

FHRP is a protocol used to provide redundancy for the default gateway in a LAN environment.

339
Q

Fibre Channel

A

FC is specifically designed for high-speed data transfer in storage area networks, making it the ideal choice for connecting servers to storage devices.

340
Q

Straight Tip

A

ST fiber connections are commonly used in fiber optic connections in LAN networking applications. Uses a bayonet plug and socket connector that was the de facto standard for most fiber optic commercial installations.

341
Q

Mechanical Transfer Registered Jack

A

MTRJ is a small form factor fiber-optic cable connector which resembles the RJ-45. Commonly used to connect fiber optic cables to a switch or router, but it uses a single connector that houses the Tx and Rx connections.

342
Q

Subscriber Connector

A

SC popular fiber-optic connector due to its low cost, durability, and simple installation for both point-to-point and passive optical networking.

343
Q

Lucent Connector

A

LC is a miniaturized version of the SC connector but is still larger than an MTRJ connector.

344
Q

RJ-45

A

Used by twisted-pair copper cables for local area network and ethernet connections.

345
Q

RJ-11

A

Used by twisted-pair copper cables for telephone applications.

346
Q

Application-aware firewall

A

WAF or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications.

347
Q

Verbose trap

A

A verbose trap may contain all the information about a given alert or event as its payload. Requires more bandwidth to send over the network

348
Q

Granular trap

A

A granular trap contains a unique object identifier (OID) number and a value for that OID.

349
Q

Internet Protocol Security

A

IPsec is a network protocol that encrypts and authenticates data sent over a network.

350
Q

Anycast

A

An IPv6 anycast address is an address that can be assigned to more than one interface (typically different devices). In other words, multiple devices can have the same anycast address. A packet sent to an anycast address is routed to the “nearest” interface having that address, according to the router’s routing table.

351
Q

Multicast

A

can be used with both IPv4 and IPv6.

352
Q

Broadcast

A

Broadcast communication has one sender, but it sends the traffic to every device on the network. Broadcast only works with IPv4.

353
Q

Unicast

A

Unicast communication only has one sender and one receiver. Unicast works with IPv4 or IPv6.

354
Q

Differentiated services

A

Diffserv is a computer networking architecture that specifies a mechanism for classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. Can offer low-latency to VOIP, media streaming, web traffic, or file transfers.

355
Q

Differentiated Services Code Point

A

DSCP is a 6-bit IP header for packet classification purposes. Used on layer 3 for QoS and Diffserv.

356
Q

Class of Service

A

A parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. To assign priorities for Diffserv.

357
Q

Data center interconnect

A

Cconnection between data centers and between the components within them. Provide high bandwidth in order to maximize the utility of the data center. Utilizes VXLAN

358
Q

clientless VPN

A

remote users can securely access corporate resources through a web browser without installing dedicated VPN client software

359
Q

WiFi analyzer

A

WiFi analyzer can determine the wireless network’s signal strength, the frequencies in use, and any possible radio frequency interference.

360
Q

forward zone

A

Maps domain names to their corresponding IP addresses, which is essential for resolving internal domain names efficiently.

361
Q

Data Over Cable Service Interface Specification

A

DOCSIS is an international telecommunications standard that permits the addition of high-bandwidth data transfer to an existing cable television (CATV) system. It is used by many cable television operators to provide cable Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure.

362
Q

Network Time Security

A

NTS is a time synchronization protocol designed to address security vulnerabilities inherent in traditional time synchronization protocols such as NTP and SNTP.

363
Q

Secure Access Service Edge

A

network architecture that combines network security functions with wide-area networking (WAN) capabilities to provide secure access to applications and data for remote users and branch offices.