All concepts Flashcards

Question

What equipment is in and what is Layer 1 of OSI?

Answer 1

Data cables, cat6, etc. Layer 1 is the first layer of the Open Systems Interconnect (OSI) Model. Layer 1 consists of the various networking hardware and transmission technologies being employed by networks.

Answer 2

Switching, MAC addresses, etc. Layer 2 refers to the second layer of the Open Systems Interconnection (OSI) Model, which is the data link layer. This is where data packets are encoded and decoded into actual bits. It is the protocol layer that enables the transfer of data between adjacent network nodes in a network segment, such as a local or wide area network

Answer 3

IP Addresses, routing, etc. Layer 3 refers to the third layer of the Open Systems Interconnection (OSI) Model, which is the network layer. For IP addressing and routing. Layer 3 is responsible for all packet forwarding between intermediate routers, as opposed to Layer 2 (the data link layer), which is responsible for media access control and flow control, as well as error checking of Layer 1 processes

Answer 4

TCP/UDP. Layer 4 refers to the fourth layer of the Open Systems Interconnection (OSI) Model, known as the transport layer. It provides the transparent transmission or transfer of data between end systems or hosts and is responsible for end-to-end error recovery, as well as flow control. As the name suggests, the transport layer ensures complete data transfers.

Answer 5

Session Management. Layer 5 refers to the fifth layer of the Open Systems Interconnect (OSI) Model, and is known as the session layer. As the name suggests, this layer is dedicated to connection sessions and is the layer that establishes and manages the connections between two or more applications. Layer 5 coordinates, sets up and subsequently terminates communications between applications. The session layer is in charge of dealing with session connection and coordination

Answer 6

WMV,JPEG, MOV, etc Layer 6 refers to the sixth layer of the Open Systems Interconnect (OSI) Model and is known as the presentation layer. Works with presentation components of applications like WMV, JPG, MOV, etc.

Answer 7

HTTP, SMTP, etc. Layer 7 refers to the seventh and topmost layer of the Open Systems Interconnect (OSI) Model known as the application layer. This is the highest layer which supports end-user processes and applications. Layer 7 identifies the communicating parties and the quality of service between them, considers privacy and user authentication, as well as identifies any constraints on the data syntax. This layer is wholly application-specific

Answer 8

A broadcast domain is a collection of devices that receive broadcast traffic from each other.

Answer 9

Short for carrier sense multiple access/collision detection, CSMA/CD is a MAC (media access control) protocol. It defines how network devices respond when two devices attempt to use a data channel simultaneously and encounter a data collision. The CSMA/CD rules define how long the device should wait if a collision occurs. The medium is often used by multiple data nodes, so each data node receives transmissions from each of the other nodes on the medium.

Answer 10

Carrier-sense multiple access with collision avoidance (CSMA/CA) in computer networking, is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by beginning transmission only after the channel is sensed to be "idle". When they do transmit, nodes transmit their packet data in its entirety. It is particularly important for wireless networks, where the collision detection of the alternative CSMA/CD is not possible due to wireless transmitters desensing their receivers during packet transmission.

Answer 11

A collision domain is a network segment connected by a shared medium or through repeaters where simultaneous data transmissions collide with one another.

Answer 12

single unit of information transmitted among peer entities of a computer network. A PDU is composed of protocol-specific control information and user data. In the layered architectures of communication protocol stacks, each layer implements protocols tailored to the specific type or mode of data exchange.

Answer 13

In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction.[1] The MTU relates to, but is not identical to the maximum frame size that can be transported on the data link layer, e.g. Ethernet frame.

Answer 14

In computer networking, telecommunication and information theory, broadcasting is a method of transferring a message to all recipients simultaneously. Broadcasting can be performed as a high-level operation in a program, for example, broadcasting in Message Passing Interface, or it may be a low-level networking operation, for example broadcasting on Ethernet.

Answer 15

In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously.

Answer 16

transmission of a data package or an audiovisual signal to a single recipient.

Answer 17

VLANs allow network administrators to automatically limit access to a specified group of users by dividing workstations into different isolated LAN segments. When users move their workstations, administrators don't need to reconfigure the network or change VLAN group

Answer 18

Trunking, a term frequently used in IT and telecommunications, refers to a network configuration that efficiently conveys data between multiple entities without using one-to-one links

Answer 19

The purpose of a tagged or "trunked" port is to pass traffic for multiple VLAN's, whereas an untagged or "access" port accepts traffic for only a single VLAN. Generally speaking, trunk ports will link switches, and access ports will link to end devices

Answer 20

The concept behind port mirroring is quite simple. When you configure a switch, you reserve one port. Then you configure the switch to “mirror” all traffic that passes through to that reserved port. Whenever the switch processes a packet, it makes a copy and sends it to whatever is connected to the aforementioned port.

Answer 21

The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. In order to do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge.

Answer 22

Defines what kind of power draw devices create, and what they actually require, and networks they can be on. On a PoE network, VOIP devices and wireless is supported. On a PoE+ network, Pan/Tilt/Zoom cameras, video IP phones, and alarm systems are supported.

Answer 23

A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces. The purpose is to protect a subnet from attacks by having three access "doors".

Answer 24

The MAC address table is a way to map each port to a MAC address. This makes it efficient to forward traffic directly to a host. Without the MAC address table, traffic would be forwarded out each port, like a hub

Answer 25

The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address.

Answer 26

A simple routing protocol that uses distance or hop count as its primary metric for determining the best forwarding path. RIP, IGRP and EIGRP are examples.

Answer 27

Router Information Protocol (RIP) uses a distance-vector algorithm to decide which path to put a packet on to get to its destination. Each RIP router maintains a routing table, which is a list of all the destinations the router knows how to reach. Each router broadcasts its entire routing table to its closest neighbors every 30 seconds

Answer 28

EIGRP is a simple CISCO protocol to understand and deploy. It's IPv6-ready, scales effectively in a well-designed network, and provides extremely quick convergence times.

Answer 29

The OSPF (Open Shortest Path First) protocol is used to distribute IP routing information throughout a single Autonomous System (AS) in an IP network.

Answer 30

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet.

Answer 31

Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from dynamic routing traffic.

Answer 32

Dynamic routing is a networking technique that provides optimal data routing. Unlike static routing, dynamic routing enables routers to select paths according to real-time logical network layout changes. Dynamic routing uses multiple algorithms and protocols. The most popular are Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Dynamic routing protocols allow routers to share information about the network with other routers to allow them to select the best path to reach a destination.

Answer 33

A default route is the route that takes effect when no other route is available for an IP destination address.

Answer 34

numeric label that is used to identify and locate a network interface of a computer or a network node participating in an computer network using IPv6. IP addresses are included in the packet header to indicate the source and the destination of each packet. The IP address of the destination is used to make decisions about routing IP packets to other networks. Size is 128 bits.

Answer 35

Tunneling is a way to move packets from one network to another. Tunneling works via encapsulation: wrapping a packet inside another packet.

Answer 36

Dual stack means that devices are able to run IPv4 and IPv6 in parallel. It allows hosts to simultaneously reach IPv4 and IPv6 content, so it offers a very flexible coexistence strategy.

Answer 37

Router advertisements contain a list of subnet prefixes that is used to determine if a host is on the same link (on-link) as the router. The list of prefixes is also used for autonomous address configuration. Flags that are associated with the prefixes specify the intended uses of a particular prefix.

Answer 38

Neighbor discovery functions are used by IPv6 nodes (hosts or routers) to discover the presence of other IPv6 nodes, to determine the link-layer addresses of nodes, to find routers that are capable of forwarding IPv6 packets, and to maintain a cache of active IPv6 neighbors.

Answer 39

Traffic shaping (also known as packet shaping) is bandwidth management technique that delays the flow of certain types of network packets in order to ensure network performance for higher priority applications. Traffic shaping essentially limits the amount of bandwidth that can be consumed by certain types of applications. It is primarily used to ensure a high quality of service for business-related network traffic.

Answer 40

Quality of service is the description or measurement of the overall performance of a service, such as a telephony or computer network or a cloud computing service, particularly the performance seen by the users of the network.

Answer 41

Way of classifying networks with Quality of Service (QoS).

Answer 42

Class of Service (CoS) is a 3 bit field in an ethernet frame header when a VLAN tag is present. Quality of Service uses the CoS value to differentiate and police network traffic. This field specifies a priority value between 0 and 7, inclusive, that can be used by Quality of Service (QoS) to differentiate traffic.

Answer 43

Network Address Translation (NAT) and Port Address Translation (PAT) are the protocols used to map the unregistered private (inside local) address of an internal network to a registered public (inside global) address of an external network before transferring the packet.

Answer 44

In computer networking, port forwarding or port mapping is an application of network address translation that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.

Answer 45

In computer security, an access-control list is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.

Answer 46

A distribution switch is a distribution layer switch, which uplinks to upper layer core switch and links down to the access/edge switch.

Answer 47

Packet-switched networks move data in separate, small blocks -- packets -- based on the destination address in each packet. When received, packets are reassembled in the proper sequence to make up the message. Circuit-switched networks require dedicated point-to-point connections during calls.

Answer 48

Software-defined networking technology is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring, making it more like cloud computing than traditional network management.

Answer 49

A public network is a network to which anyone can connect. The best, and perhaps only pure, example of such a network is the Internet. A private network is any network to which access is restricted. A corporate network or a network in a school are examples of private networks

Answer 50

Loopback addresses, enable the Server and Client processes on a single system to communicate with each other. When a process creates a packet with destination address as loopback address, the operating system loops it back to itself without having any interference of NIC. On such loopback reserved address is 127.0.0.1

Answer 51

A default gateway = that node that connects a network to the internet.

Answer 52

A virtual IP address is an IP address that doesn't correspond to an actual physical network interface. Uses for VIPs include network address translation, fault-tolerance, and mobility.

Answer 53

A subnet mask is used to divide an IP address into two parts. One part identifies the host (computer), the other part identifies the network to which it belongs.

Answer 54

Class A addresses are for networks with large number of total hosts. Class A allows for 126 networks by using the first octet for the network ID. The first bit in this octet, is always zero. The remaining seven bits in this octet complete the network ID. The 24 bits in the remaining three octets represent the hosts ID and allows for approximately 17 million hosts per network. Class A network number values begin at 1 and end at 127. ``` Public IP Range: 1.0.0.0 to 127.0.0.0 First octet value range from 1 to 127 Private IP Range: 10.0.0.0 to 10.255.255.255 Subnet Mask: 255.0.0.0 (8 bits) Number of Networks: 126 ```

Answer 55

Class B addresses are for medium to large sized networks. Class B allows for 16,384 networks by using the first two octets for the network ID. The first two bits in the first octet are always 1 0. The remaining six bits, together with the second octet, complete the network ID. The 16 bits in the third and fourth octet represent host ID and allows for approximately 65,000 hosts per network. Class B network number values begin at 128 and end at 191. Public IP Range: 128.0.0.0 to 191.255.0.0 First octet value range from 128 to 191 Private IP Range: 172.16.0.0 to 172.31.255.255 Subnet Mask: 255.255.0.0 (16 bits) Number of Networks: 16,382 Number of Hosts per Network: 65,534

Answer 56

Class C addresses are used in small local area networks (LANs). Class C allows for approximately 2 million networks by using the first three octets for the network ID. In a class C IP address, the first three bits of the first octet are always 1 1 0. And the remaining 21 bits of first three octets complete the network ID. The last octet (8 bits) represent the host ID and allows for 254 hosts per network. Class C network number values begins at 192 and end at 223. Public IP Range: 192.0.0.0 to 223.255.255.0 First octet value range from 192 to 223 Private IP Range: 192.168.0.0 to 192.168.255.255 Special IP Range: 127.0.0.1 to 127.255.255.255 Subnet Mask: 255.255.255.0 (24 bits) Number of Networks: 2,097,150 Number of Hosts per Network: 254

Answer 57

Class D IP addresses are not allocated to hosts and are used for multicasting. Multicasting allows a single host to send a single stream of data to thousands of hosts across the Internet at the same time. It is often used for audio and video streaming, such as IP-based cable TV networks. Another example is the delivery of real-time stock market data from one source to many brokerage companies. Range: 224.0.0.0 to 239.255.255.255 First octet value range from 224 to 239 Number of Networks: N/A Number of Hosts per Network: Multicasting

Answer 58

Class E IP addresses are not allocated to hosts and are not available for general use. These are reserved for research purposes. Range: 240.0.0.0 to 255.255.255.255 First octet value range from 240 to 255 Number of Networks: N/A Number of Hosts per Network: Research/Reserved/Experimental

Answer 59

Within each network class, there are designated IP address that is reserved specifically for private/internal use only. This IP address cannot be used on Internet-facing devices as that are non-routable. For example, web servers and FTP servers must use non-private IP addresses. However, within your own home or business network, private IP addresses are assigned to your devices (such as workstations, printers, and file servers). Class A Private Range: 10.0.0.0 to 10.255.255.255 Class B Private Range: 172.16.0.0 to 172.31.255.255 Class C Private Range: 192.168.0.0 to 192.168.255.255

Answer 60

IP Range: 127.0.0.1 to 127.255.255.255 are network testing addresses (also referred to as loop-back addresses). These are virtual IP address, in that they cannot be assigned to a device. Specifically, the IP 127.0.0.1 is often used to troubleshoot network connectivity issues using the ping command. Specifically, it tests a computer's TCP/IP network software driver to ensure it is working properly.

Answer 61

Variable-Length Subnet Masking (VLSM) amounts to "subnetting subnets," which means that VLSM allows network engineers to divide an IP address space into a hierarchy of subnets of different sizes, making it possible to create subnets with very different host counts without wasting large numbers of addresses.

Answer 62

CIDR notation is also used for the newer IPv6 standard, and the syntax is the same. The only difference is that IPv6 addresses may contain up to 128 bits instead of the 32-bit maximum of IPv4

Answer 63

The Dynamic Host Configuration Protocol is a network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture

Answer 64

The Dynamic Host Configuration Protocol version 6 is a network protocol for configuring Internet Protocol version 6 hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. It is the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.

Answer 65

A static IP address is simply an address that doesn't change. Once your device is assigned a static IP address, that number typically stays the same until the device is decommissioned or your network architecture changes. Static IP addresses generally are used by servers or other important equipment.

Answer 66

With Automatic Private IP Addressing (APIPA), DHCP clients automatically configure an IP address and subnet mask when a DHCP server is not available. The device chooses its own IP address in the range 169.254.

Answer 67

EUI-64 (Extended Unique Identifier) is a method we can use to automatically configure IPv6 host addresses. An IPv6 device will use the MAC address of its interface to generate a unique 64-bit interface ID. However, a MAC address is 48 bit and the interface ID is 64 bit.

Answer 68

When you use DHCP IP reservation, you're telling your Wi-Fi network to assign the same IP address to a specific device whenever that device connects to your network.

Answer 69

A logical topology is how devices appear connected to the user. A physical topology is how they are actually interconnected with wires and cables.

Answer 70

In Wireless Ad hoc network topology, devices are connected without using any additional network infrastructure devices like a wireless Access Point (AP). ... In Wireless Ad hoc network topology, wireless capable devices communicate directly each other without using a wireless Access Point (AP).

Answer 71

An infrastructure topology is used to extend a wired LAN to include wireless devices. In this topology the devices communicate with the wired LAN via base stations called an AP, which acts as a bridge between wired and wireless LANs (WLANs).

Answer 72

A local area network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network not only covers a larger geographic distance, but also generally involves leased telecommunication circuits.

Answer 73

A wireless LAN is a wireless computer network that links two or more devices using wireless communication to form a local area network within a limited area such as a home, school, computer laboratory, campus, or office building.

Answer 74

A metropolitan area network is a computer network that interconnects users with computer resources in a geographic region of the size of a metropolitan area.

Answer 75

A wide area network (WAN) is a large network of information that is not tied to a single location.

Answer 76

A Controller Area Network (CAN bus) is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer.

Answer 77

A storage area network or storage network is a computer network which provides access to consolidated, block-level data storage. SANs are primarily used to access data storage devices, such as disk arrays and tape libraries from servers so that the devices appear to the operating system as direct-attached storage.

Answer 78

A personal area network is a computer network for interconnecting electronic devices within an individual person's workspace. A PAN provides data transmission among devices such as computers, smartphones, tablets and personal digital assistants.

Answer 79

Z-Wave is a wireless communication protocol used primarily in smart home networks, allowing smart devices to connect and exchange control commands and data with each other.

Answer 80

ANT+ takes benefits of low power and low cost transceiver devices available. It supports various network configurations such as peer to peer, tree, star, mesh topologies and network to network connections. It has fast over the air transfer rates. It has a master and slave components.

Answer 81

It is a short-distance wireless network and the primary strength of Bluetooth is communication between devices such as smartphones or tablets and specific Bluetooth-enabled appliances.

Answer 82

Near-Field Communication is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with simple setup that can be used to bootstrap more-capable wireless connections.

Answer 83

IR wireless is the use of wireless technology in devices or systems that convey data through infrared (IR) radiation. Infrared is electromagnetic energy at a wavelength or wavelengths somewhat longer than those of red light. ... IR wireless is used for short- and medium-range communications andcontrol.

Answer 84

RFID (radio frequency identification) is a form of wireless communication that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency portion of the electromagnetic spectrum to uniquely identify an object, animal or person.

Answer 85

IEEE 802.11 is part of the IEEE 802 set of local area network technical standards, and specifies the set of media access control and physical layer protocols for implementing wireless local area network computer communication

Answer 86

5 GHz, maximum bandwidth of 54 Mbps 802.11a uses radio frequencies in the 5 GHz band and supports theoretical throughput of up to 54 Mbps

Answer 87

2.4 GHz, maximum bandwidth of 11 Mbps wireless networking specification that extends throughput up to 11 Mbit/s using the same 2.4 GHz band.

Answer 88

2.4 GHz, maximum bandwidth of 54 Mbps The standard has extended throughput to up to 54 Mbit/s using the same 20MHz bandwidth as 802.11b uses to achieve 11 Mbit/s.

Answer 89

2. 4GHz & 5 GHz, maximum bandwidth of 600 Mbps 802. 11n is a wireless-networking standard that uses multiple antennas to increase data rates. It has a speed of 300 Mbps.

Answer 90

5 GHz, maximum bandwidth of 7 Gbps 802.11ac is a wireless networking standard in the 802.11 set of protocols, providing high-throughput wireless local area networks on the 5 GHz band. 5th generation of Wi-Fi.

Answer 91

GSM (Global System for Mobile communication) is a digital mobile network that is widely used by mobile phone users in Europe and other parts of the world.

Answer 92

Time-division multiple access is a channel access method for shared-medium networks. It allows several users to share the same frequency channel by dividing the signal into different time slots. The users transmit in rapid succession, one after the other, each using its own time slot.

Answer 93

Code-division multiple access is a channel access method used by various radio communication technologies. CDMA is an example of multiple access, where several transmitters can send information simultaneously over a single communication channel. This allows several users to share a band of frequencies.

Answer 94

The 2.4 GHz band provides coverage at a longer range but transmits data at slower speeds.

Answer 95

The 5 GHz band provides less coverage but transmits data at faster speeds

Answer 96

The further you move from your router the lower your Wi-Fi signal and, accordingly, the lower your network’s speed.

Answer 97

The channel bandwidth of a wireless signal determines that signal's data rate. The higher the channel bandwidth, the faster the connection. ... These routers have a higher number of streams for more bandwidth. More bandwidth means top speeds to every connected device.

Answer 98

Channel bonding is a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. Channel bonding is also known as Ethernet bonding, but it is used heavily in Wi-Fi implementations.

Answer 99

MU-MIMO stands for multi-user, multiple input, multiple output, and is wireless technology supported by routers and endpoint devices.

Answer 100

The Omni-Directional antenna emits a spherical shaped signal. This is much like a common light bulb in our homes. This makes the Omni-Directional antenna an ideal choice for many situations. It works great for vehicles on the move, such as campers, RVs, boats, semi-cabs, etc.

Answer 101

Site surveys are inspections of an area where work is proposed, to gather information for a design or an estimate to complete the initial tasks required for an outdoor activity. It can determine a precise location, access, best orientation for the site and the location of obstacles.

Answer 102

Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software.

Answer 103

Platform as a service (PaaS) is a cloud computing model where a third-party provider delivers hardware and software tools to users over the internet.

Answer 104

Infrastructure-as-a-Service, commonly referred to as simply “IaaS,” is a form of cloud computing that delivers fundamental compute, network, and storage resources to consumers on-demand, over the internet, and on a pay-as-you-go basis.

Answer 105

A private cloud consists of cloud computing resources used exclusively by one business or organization. The private cloud can be physically located at your organization's on-site datacenter, or it can be hosted by a third-party service provider.

Answer 106

The public cloud refers to the cloud computing model in which IT services are delivered via the internet. As the most popular model of cloud computing services, the public cloud offers vast choices in terms of solutions and computing resources to address the growing needs of organizations of all sizes and verticals.

Answer 107

A hybrid cloud is a type of cloud computing that combines on-premises infrastructure—or a private cloud—with a public cloud. Hybrid clouds allow data and apps to move between the two environments.

Answer 108

Dedicated network connections between two devices (that no other devices can share) are also called direct connections. Direct networks differ from peer-to-peer networks in that peer networks contain a larger number of devices, among which many point-to-point connections may be made.

Answer 109

Data security consideration involves the protection of data against unauthorized access, modification, destruction, loss, disclosure or transfer whether accidental or intentional.

Answer 110

A cloud is a type of a server, which is remote (usually in Data Centers), meaning you access it via the internet. You are renting the server space, rather than owning the server. A local (regular) server is one that you do buy and own physically, as well as have on site with you.

Answer 111

The "A" stands for "address" and this is the most fundamental type of DNS record: it indicates the IP address of a given domain. For example, if you pull the DNS records of cloudflare.com, the A record currently returns an IP address of: 104.17. 210.9. A records only hold IPv4 addresses.

Answer 112

AAAA records are DNS records that use an IP address to connect a domain to a website, and can be added to your domain at any time. They are similar to A records, but AAAA records point to 128–bit/IPv6 addresses, instead of the IPv4 addresses used by A records.

Answer 113

TXT records are a type of Domain Name System (DNS) record that contains text information for sources outside of your domain. You add these records to your domain settings. You can use TXT records for various purposes. Google uses them to verify domain ownership and to ensure email security.

Answer 114

The SRV record is a Domain Name System (DNS) resource record. It's used to identify computers hosting specific services. SRV resource records are used to locate domain controllers for Active Directory.

Answer 115

A DNS 'mail exchange' (MX) record directs email to a mail server. The MX record indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email). Like CNAME records, an MX record must always point to another domain.

Answer 116

A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.

Answer 117

A DNS Name Server (NS) record specifies the domain name of the name server servicing a particular domain. For example, an NS record with a time-to-live (TTL) of 1100 seconds, and for the com domain serviced by the name server a.gtld-servers.net , would be defined as below: com.

Answer 118

A PTR (or Pointer) record is a security tool. Essentially, when you receive an email, your mail server uses the PTR record that comes in with the email message to check that the mail server sending the email matches the IP address that it claims to be using. This is also known as “reverse DNS lookup”.

Answer 119

2 Answers. If you mean Internal as the DNS that may provide you firewall, it is your own DNS that is resolving (or forwarding requests) in your internal LAN. On the other side, the external DNS is the public DNS that resolves the domain request from internet.

Answer 120

Third-party DNS servers are public DNS servers that are maintained by various operators around the globe, and represent an alternative to the DNS servers provided by our ISP (Internet Service Providers)

Answer 121

The DNS hierarchy, also called the domain name space, is an inverted tree structure, much like eDirectory. The DNS tree has a single domain at the top of the structure called the root domain. ... Below the root domain are the top-level domains that divide the DNS hierarchy into segments.

Answer 122

You can use a Forward Lookup Zone to map a domain with its IP address. On the other hand, a Reverse Lookup Zone will map an IP address to its domain records. These may seem simple but are powerful tools to secure your network and to identify where visitors are coming from.

Answer 123

DHCP Servers support something called a “DHCP Reservation”, which essentially allows you to provide a pre-set IP address to a specific client based on it's physical MAC address. This means that the device will always get the same IP address and it will never change (whereas they typically do on occasion).

Answer 124

The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation.

Answer 125

A DHCP exclusion range is a specified range of IP addresses residing within a DHCP range. ... IP addresses residing within the exclusion range are excluded from the pool of available IP addresses and are un-leasable. The DHCP server is prevented from assigning IP addresses within the exclusion range to network devices.

Answer 126

Scope options are used to set additional network information when a host is assigned an IP address. This can be used to set the default gateway, DNS server, local time server (NTP), and many others. ... Options defined at the scope level will override options set at the DHCP server level.

Answer 127

In short, DHCP Lease Time is the amount of time in minutes or seconds a network device can use an IP Address in a network. The IP Address is reserved for that device until the reservation expires. For computers and other network devices, to communicate on a network they need a unique IP Address.

Answer 128

A DHCP relay agent is a host or router that forwards DHCP packets between clients and servers. Network administrators can use the DHCP Relay service of the SD-WAN appliances to relay requests and replies between local DHCP Clients and a remote DHCP Server.

Answer 129

The Network Time Protocol is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

Answer 130

IP address management is a methodology implemented in computer software for planning and managing the assignment and use of IP addresses and closely related resources of a computer network.

Answer 131

Unshielded twisted pair (UTP) is a ubiquitous type of copper cabling used in telephone wiring and local area networks (LANs). ... There are benefits and tradeoffs to each type of cabling, but broadly speaking, most enterprises favor UTP cable due to its low cost and ease of installation.

Answer 132

(Shielded Twisted Pair) In this case, each pair is covered by a conductive mesh which acts as a screen against interferences and electrical noise. Its impedance is 150 Ohm. The level of protection of the STP to external shocks is greater than the one offered by UTP.

Answer 133

Coaxial cable is a type of copper cable specially built with a metal shield and other components engineered to block signal interference. It is primarily used by cable TV companies to connect their satellite antenna facilities to customer homes and businesses.

Answer 134

In fiber-optic communication, a single-mode optical fiber is an optical fiber designed to carry only a single mode of light - the transverse mode.

Answer 135

Multi-mode optical fiber is a type of optical fiber mostly used for communication over short distances, such as within a building or on a campus. Multi-mode links can be used for data rates up to 100 Gbit/s.

Answer 136

PVC (Polyvinyl Chloride) is what your standard Category 5e and Category 6 cable jacket is constructed of. This PVC jacket when burning or smoldering releases hydrochloric acid and dioxin which are both toxic. Plenum cable is made of Teflon or FEP which gives off much less poisonous gas than PVC when it burns.

Answer 137

The eight-pin RJ45 connector is a standardised interface which often connects a computer to a local area network (LAN). This type of connector was originally developed for telephone communications but is now used in a range of applications. The abbreviation, RJ45, stands for Registered Jack-45

Answer 138

RJ21 uses a 25-pair (50-pin) miniature ribbon connector.

Answer 139

The BNC connector is a miniature quick connect/disconnect radio frequency connector used for coaxial cable.

Answer 140

The DB9 connector (originally named DE-9) is an analog socket, with 9 pins, from the D-Subminiatures (D-Sub) connector family. ... The DB9 connector is mainly used in serial ports.

Answer 141

A DB25 connector is an established parallel port connection in computers often referred to as a printer port. These 25-pin d-subs offer rugged connections of peripherals and have excellent shock and vibration resistance.

Answer 142

A two-wire (signal and ground) coaxial cable connector used to connect antennas and set-top boxes to TVs, VCRs and DVDs. F connector cables typically carry analog NTSC TV signals, and the plug's socket is easily identified by its threads. Plugs come threaded and unthreaded, both of which fit the threaded socket.

Answer 143

A miniaturized version of the fiber-optic SC connector. LC and SC optical connectors use a push-pull plug similar to audio and video plugs and sockets.

Answer 144

A fiber-optic cable connector that uses a bayonet plug and socket. It was the first de facto standard connector for most commercial wiring.

Answer 145

The Subscription Channel (SC) Connector is known for its locking mechanism which gives an audible click when pushed in or pulled out. This push-pull design prevents rotational misalignment.

Answer 146

The SC/PC connector incorporates a Physical Contact (PC) curved polished ferrule end face that greatly reduces backreflection over a ferrule with flat endface.

Answer 147

MTRJ is a Small Form Factor duplex connector. Meaning: It holds two fibers at the same time in a small body. Its body and ferrule are made of plastic and it has male and female versions that stay in place with metal pins.

Answer 148

The small form-factor pluggable is a compact, hot-pluggable network interface module used for both telecommunication and data communications applications. An SFP interface on networking hardware is a modular slot for a media-specific transceiver in order to connect a fiber-optic cable or sometimes a copper cable.

Answer 149

A gigabit interface converter (GBIC) is a transceiver that converts electric currents (digital highs and lows) to optical signals, and optical signals to digital electric currents. The GBIC is typically employed in fiber optic and Ethernet systems as an interface for high-speed networking.

Answer 150

The SFP+ (enhanced small form-factor pluggable) is an enhanced version of the SFP that supports data rates up to 16 Gbit/s.

Answer 151

QSFP also called QSFP+, it stands for Quad (4-channel) Small Form-factor Pluggable Optics Transceiver. It is a compact, hot-pluggable fiber optical transceiver used for 40 Gigabit Ethernet (40GbE) data communications applications.

Answer 152

BiDi transceiver, also known as the bidirectional transceiver, usually consists of two different wavelengths to achieve transmission in both directions on just one fiber (single-mode or multi-mode). Unlike general optical transceivers which have two ports, BiDi transceivers have only one port.

Answer 153

Duplex fiber cable can be regarded as two simplex cables, either single mode or multimode, having their jackets conjoined by a strip of jacket material, usually in a zipcord (side-by-side) style. Use duplex multimode or singlemode fiber optic cable for applications that require simultaneous, bi-directional data transfer(

Answer 154

A 66 block is a type of punchdown block used to connect sets of wires in a telephone system. ... 66 blocks are designed to terminate 22 through 26 AWG solid copper wire

Answer 155

A 110 block is a type of punch block used to terminate runs of on-premises wiring in a structured cabling system.

Answer 156

A patch panel is a piece of hardware with multiple ports that helps organize a group of cables. Each of these ports contains a wire that goes to a different location. Patch panels can be quite small, with just a few ports, or very large, with many hundreds of ports. They can also be set up for fiber optic cables, cat5 cables, RJ45 cables, and many others

Answer 157

Fiber distribution panel, also known as fiber optic patch panel, is mainly used for accommodating fiber cable terminations, connections and patching.

Answer 158

A Category 3 cable (Cat 3 cable) is a type of unshielded twisted pair (UTP) cable that is used for voice and data communications in computer and telecommunication networks.

Answer 159

Category 5 cable (Cat 5) is a twisted pair cable for computer networks. Cat5 cable is able to support networks that are running at 10-100 megabits per second

Answer 160

Cat5e cable is able to support networks that run up to 1 gigabit

Answer 161

CAT6 cables support Gigabit Ethernet segments up to 55 m, but they also allow for use in 10-Gigabit networks over a limited distance.

Answer 162

CAT6A cable allows for the transmission of up to 10Gbps and is fast becoming the cabling infrastructure of choice for VoIP, CCTV and data networks. Specified for use in Class Ea networks, CAT6A cable allows for extremely high data rate transmission of up 10Gbps and at a frequency of 500Mhz.

Answer 163

A Category 7 cable, more commonly known as a CAT 7 or Cat-7 cable, is used for the cabling infrastructure of Gigabit Ethernet. A CAT 7 cable offers performance of up to 600MHz. Put simply, a CAT 7 cable is what we recommend you use when wiring your smart home!

Answer 164

The RG-6 is primarily used for cable and satellite signal transmission for residential or commercial installations. This coax cable is thin and easy to bend for wall or ceiling installations and remains the preferred choice to relay cable television signals.

Answer 165

Although RG59 can be used for cable TV applications (CATV), there is a significant amount of signal loss over higher frequencies when run at longer distances. RG59 is typically used to carry baseband video in CCTV applications . Today RG6 is the more commonly used RG-type.

Answer 166

``` Pin # Wire Color 1 White/Green 2 Green 3 White/Orange 4 Blue 5 White/Blue 6 Orange 7 White/Brown 8 Brown 568-A Color Code ```

Answer 167

``` Pin # Wire Color 1 White/Orange 2 Orange 3 White/Green 4 Blue 5 White/Blue 6 Green 7 White/Brown 8 Brown 568-B Color Code ```

Answer 168

An Ethernet crossover cable is a crossover cable for Ethernet used to connect computing devices together directly. It is most often used to connect two devices of the same type, e.g. two computers or two switches to each other.

Answer 169

Straight-through cable is used to connect computers and other end-user devices (e.g., printers) to networking devices such as hubs and switches. DCE to DTE: straight-through cable is used to connect a computer to a router DTE to DCE or vice versa devices have no cable crossover.

Answer 170

fast data transfer rates up to 100 Mbps.

Answer 171

1000BASE-T is Gigabit Ethernet -- 1 gigabit is 1,000 megabits per second (Mbps) on copper cables, using four pairs of Category 5 (Cat5) unshielded twisted pair (UTP) to achieve the gigabit data rate

Answer 172

1000Base-LX is a type of standard for implementing Gigabit Ethernet networks. The LX in 1000BaseLX stands for long, and it indicates that this version of Gigabit Ethernet is intended for use with long-wavelength transmissions over long cable runs of fiber-optic cabling.

Answer 173

1000BASE-SX is a fiber optic Gigabit Ethernet standard for operation over multi-mode fiber using a 770 to 860 nanometer, near infrared (NIR) light wavelength. The standard specifies a distance capability between 220 meters and 550 meters.

Answer 174

10 Gigabit Ethernet is a group of computer networking technologies for transmitting Ethernet frames at a rate of 10 gigabits per second.

Answer 175

Normally a firewall is installed where your internal network connects to the Internet. Although larger organizations may also place firewalls between different parts of their own network that require different levels of security, most firewalls screen traffic passing between an internal network and the Internet.

Answer 176

The ideal router position will be in a central location, rather than at one end of the home. Since routers broadcast in all directions, you'll want to put it roughly in the middle of your home to get the best coverage and signal strength.

Answer 177

Inside the network between the router and end nodes.

Answer 178

A multilayer switch is a computer networking device that switches on OSI layer 2 like an ordinary network switch and provides extra functions on higher OSI layers.

Answer 179

A WLAN controller manages wireless network access points that allow wireless devices to connect to the network. ... It takes the bandwidth coming from a router and stretches it so that many devices can go on the network from farther distances away.

Answer 180

In computing, load balancing refers to the process of distributing a set of tasks over a set of resources, with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenly overloading some compute nodes while other compute nodes are left idle.

Answer 181

IDS doesn’t alter the network packets in any way, whereas IPS prevents the packet from delivery based on the contents of the packet, much like how a firewall prevents traffic by IP address. Intrusion Detection Systems (IDS): analyze and monitor network traffic for signs that indicate attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems compare the current network activity to a known threat database to detect several kinds of behaviors like security policy violations, malware, and port scanners. Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat.

Answer 182

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.

Answer 183

A VPN concentrator is a type of networking device that provides secure creation of VPN connections and delivery of messages between VPN nodes. It is a type of router device, built specifically for creating and managing VPN communication infrastructures.

Answer 184

The AAA server is a network server that is used for access control. Authentication identifies the user. Authorization implements policies that determine which resources and services an authenticated user may access. Accounting keeps track of time and data resources that are used for billing and analysis.

Answer 185

Unified threat management, commonly abbreviated as UTM, is an information security term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network.

Answer 186

An NGFW inspects Layer 7 traffic and identifies what ports the application packets should be connecting from and if those don't match, the NGFW can block the packets.

Answer 187

An IP PBX is a system that connects telephone extensions to the public switched telephone network and provides internal communication for a business. An IP PBX is a PBX system with IP connectivity and may provide additional audio, video, or instant messaging communication utilizing the TCP/IP protocol stack.

Answer 188

A VoIP gateway is a gateway device that uses Internet Protocols to transmit and receive voice communications. The general term is ambiguous and can mean many different things. There are many such devices. They are quickly becoming the most common type of voice phone service in many areas.

Answer 189

A program residing on a web browser or server that limits the information that can be viewed by the end user.

Answer 190

A virtual switch (vSwitch) is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination. Virtual switches are usually embedded into installed software, but they may also be included in a server’s hardware as part of its firmware. A virtual switch is completely virtual and can connect to a network interface card (NIC).

Answer 191

A virtual firewall is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall.

Answer 192

A virtual network interface is an abstract virtualized representation of a computer network interface that may or may not correspond directly to a network interface controller.

Answer 193

Virtual router is a software-based routing framework that allows the host machine to perform as a typical hardware router over a local area network. A virtual router can enable a computer/server to have the abilities of a full-fledged router by performing the network and packet routing functionality of the router via a software application. Virtual Router Redundancy Protocol (VRRP) may implement virtual routers to increase the reliability of the network. This is done by advertising a virtual router as the default gateway, backed by a group of physical routers.

Answer 194

A hypervisor is a kind of emulator; it is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine

Answer 195

Network-attached storage is a file-level computer data storage server connected to a computer network providing data access to a heterogeneous group of clients. NAS is specialized for serving files either by its hardware, software, or configuration.

Answer 196

A SAN (storage area network) is a network of storage devices that can be accessed by multiple servers or computers, providing a shared pool of storage space.

Answer 197

FCoE uses a lossless Ethernet fabric and its own frame format. It retains Fibre Channel's device communications but substitutes high-speed Ethernet links for Fibre Channel links between devices. It facilitates in Layer 2

Answer 198

Fibre Channel is a high-speed data transfer protocol that provides in-order, lossless delivery of raw block data. It is designed to connect general purpose computers, mainframes and supercomputers to storage devices. Offers connectivity up to up to 32 Gbps

Answer 199

In computing, iSCSI is an acronym for Internet Small Computer Systems Interface, an Internet Protocol-based storage networking standard for linking data storage facilities. It provides block-level access to storage devices by carrying SCSI commands over a TCP/IP network.

Answer 200

InfiniBand is a computer-networking communications standard used in high-performance computing that features very high throughput and very low latency. It is used for data interconnect both among and within computers. Offers connectivity of up to 200 Gbps

Answer 201

In computer networking, jumbo frames are Ethernet frames with more than 1500 bytes of payload, the limit set by the IEEE 802.3 standard. Commonly, jumbo frames can carry up to 9000 bytes of payload, but smaller and larger variations exist and some care must be taken using the term.

Answer 202

Integrated Services Digital Network is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the digitalized circuits of the public switched telephone network

Answer 203

A T3 line is a point-to-point Internet connection capable of transmitting up to 44.736 Mbps. ... Each T1 circuit operates at 1.544 megabits per second (Mbps), for a total connection speed of 44.736 Mbps. A T3 line is also often referred to as a Digital Signal 3 (DS3) connection.

Answer 204

E1 is a standard WAN digital communication format designed to operate over copper facilities at a rate of 2.048 Mbps. E3 is a high-speed WAN digital communication technique designed to operate over copper facilities at a rate of 34.368 Mbps. Both are widely used outside North America. Also called Jupiter Networks.

Answer 205

transmission bandwidth for digital signals that can be carried on Synchronous Optical Networking (SONET) fiber optic networks.[1] Transmission rates are defined by rate of the bitstream of the digital signal and are designated by hyphenation of the acronym OC and an integer value of the multiple of the basic unit of rate, e.g., OC-48.

Answer 206

Digital Subscriber Line is used for digital data transmission and connection to the Internet. It is a type of broadband communication service available to homes and businesses that uses existing phone lines without interrupting telephone use.

Answer 207

A metropolitan-area Ethernet, Ethernet MAN, or metro Ethernet network is a metropolitan area network that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or the Internet.

Answer 208

Cable broadband connects your home to a fibre cabinet in your area. However, instead of using copper wires, cable broadband uses coaxial cables to connect to the cabinet, giving you a much faster internet connection than the traditional copper phone line cables used for ‘superfast’ broadband connections (up to 60Mbps).

Answer 209

Dialup internet service is a service that allows connectivity to the internet through a standard telephone line at speeds up to 56Kbps.

Answer 210

A PRI – or Primary Rate Interface – is an end-to-end, digital telecommunications connection that allows for 23 concurrent transmissions of voice, data, or video traffic between the network and the user. The PRI line, or circuit, is a physical piece of equipment. vs. PRI technology has been around since the 1980s.

Answer 211

Satellite transmission consists of a line-of-sight propagation path from a ground station to a communications satellite (up link) and back to an earth station (down link).

Answer 212

One of the most common physical medias used in networking is copper wire. Copper wire to carry signals to long distances using relatively low amounts of power.

Answer 213

Optical fiber, which has emerged as the most commonly used transmission medium for long-distance communications, is a thin strand of glass that guides light along its length. ... Single mode can carry signals over distances of tens of miles.

Answer 214

Wireless transmission medium that distributes radio signals through the air over long distances such as between cities, regions, and countries. AM/FM radio is broadcast radio. Slower and more susceptble to noise than physical transmission media. Provides flexibility and portability.

Answer 215

MultiProtocol Label Switching (MPLS) is data forwarding technology that increases the speed and controls the flow of network traffic

Answer 216

Asynchronous Transfer Mode (ATM) is a high-speed networking standard that supports voice, video, and data communications.

Answer 217

Frame Relay is a standardized wide area network technology that specifies the physical and data link layers of digital telecommunications channels using a packet switching methodology.

Answer 218

Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol that facilitates communication between network endpoints. PPPoE encapsulates Point-to-Point

Answer 219

In computer networking, Point-to-Point Protocol is a data link layer communication protocol between two routers directly without any host or any other networking in between. It can provide connection authentication, transmission encryption, and data compression.

Answer 220

DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections.

Answer 221

SIP stands for Session Initiation Protocol, and is essentially a way to make and end connections for data and voice transfers over the internet. The ‘trunking’ element is a bit of a red herring, as a trunk used to refer to a bundle of phone lines shared between users.

Answer 222

In telephony, the demarcation point is the point at which the public switched telephone network ends and connects with the customer's on-premises wiring.

Answer 223

The CSU/DSU implements two different functions. The channel service unit (CSU) is responsible for the connection to the telecommunication network, while the data service unit (DSU) is responsible for managing the interface with the DTE. ... A CSU/DSU is the equivalent of the modem for an entire LAN.

Answer 224

Smartjack is a smart and intelligent device placed right between telephone company's demarcation and customer premises. We usually call this kind of device NID but smartjack is different since it has a smart function to test a connectivity check.

Answer 225

A firewall looks like a brick wall. A cloud application looks like a cloud. A terminal looks like a monitor. Other symbols are self-explanatory.

Answer 226

A logical DFD focuses on the business and how the business operates. It describes the business events that take place and the data required and produced by each event. On the other hand, a physical DFD shows how the system will be implemented. Here are the main differences between logical and physical DFD:

Answer 227

A rack diagram, also known as a rack elevation, is a visual representation of the organization of IT equipment within a server rack used to track and manage data center assets.

Answer 228

Documentation that defines the process to evaluate and implement change.

Answer 229

MDF, short for Main Distribution Frame, a cable rack that interconnects and manages the cables entering a building. The cables run through a centralized MDF, then distributed to each individual IDF and then on to specific workstations. IDF: IDF, short for intermediate distribution frame, a cable rack that interconnects and manages the telecommunications wiring between an MDF and workstation devices. These are racks where servers can be located as well. Usually, there is documentation on how these are set up.

Answer 230

Properly labeling your network cables can be critical for a successful installation, as well as for your network in the long run. Using labeled cables helps prevent people from unplugging the wrong cable at the wrong time, which means you lose money and face downtime (which nobody wants).

Answer 231

In the simplest terms, a network performance baseline is a set of metrics used in network performance monitoring to define the normal working conditions of an enterprise network infrastructure. Engineers use network performance baselines for comparison to catch changes in traffic that could indicate a problem.

Answer 232

Network inventory management is the process of keeping records of all the IT or network assets that make up the network. It enables network administrators/businesses to have a physical record of all IT and network equipment within the organization.

Answer 233

Fault tolerance refers to the ability of a system (computer, network, cloud cluster, etc.) to continue operating without interruption when one or more of its components fail. ... Fault-tolerant systems use backup components that automatically take the place of failed components, ensuring no loss of service.

Answer 234

In context of IT operations, the term High Availability refers to a system (a network, a server array or cluster, etc.) that is designed to avoid loss of service by reducing or managing failures and minimizing planned downtime.

Answer 235

Load balancing is defined as the methodical and efficient distribution of network or application traffic across multiple servers in a server farm. Each load balancer sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them.

Answer 236

NIC teaming is the process of combining multiple network cards together for performance, load balancing, and redundancy reasons. Use NIC teaming to group two or more physical NICs into a single logical network device called a bond.

Answer 237

Port aggregation lets you combine two Gigabit Ethernet ports on the router to improve the aggregated file transfer speed.

Answer 238

Clustering refers to the interconnection of servers in a way that makes them appear to the operating environment as a single system. As such, the cluster draws on the power of all the servers to handle the demanding processing requirements of a broad range of technical applications.

Answer 239

A battery backup is a device that your computer or device is plugged into in order to minimize the effect of brownouts, surges, and electrical outages. Once a surge or an outage occurs, a battery backup goes into effect immediately to be able to power the computers and devices for a short period of time.

Answer 240

These keep communications equipment online, so you can continue delivering the level of service your customers demand.

Answer 241

Normally, the dual power supply in a network switch usually refers to full redundancy. The two power supplies will be powered on and work at the same time.

Answer 242

It is duplicated infrastructure where additional or alternate instances of network cuicuits and connections are installed to ensure an alternate path in case of a failure on the primary service.

Answer 243

Cold Site. A cold site is essentially office or datacenter space without any server-related equipment installed. The cold site provides power, cooling, and/or office space which waits in the event of a significant outage to the main work site or datacenter.

Answer 244

A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data.

Answer 245

A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. Hot sites typically involve managed hosting with a colocation data center.

Answer 246

A full backup is the process of making at least one additional copy of all data files that an organization wishes to protect in a single backup operation. The files that are duplicated during the full backup process are designated beforehand by a backup administrator or other data protection specialist.

Answer 247

A differential backup is similar to an incremental backup except that it doesn't reset the archive bit when files are backed up. As a result, each differential backup represents the difference between the last normal backup and the current state of the hard drive.

Answer 248

An incremental backup backs up only those files that were modified since the last time you did a backup. ... When an incremental backup copies each file, it resets the file's archive bit. That way, the file will be backed up again before your next normal backup only when a user modifies the file again.

Answer 249

In computer systems, a snapshot is the state of a system at a particular point in time.

Answer 250

Mean time to repair (MTTR) represents the average time required to repair a failed component.

Answer 251

MTBF (mean time between failures) is a measure of how reliable a hardware product or component is.

Answer 252

The 3 components of SLA are delay, frame delivery rate, and connection availability. These metrics are the benchmarks by which network performance can be measured, whether the frame relay network is private or carrier provided.

Answer 253

Computer systems generate system logs that consist of run-time information of the system. ... The system log is an output written to a file using a separate code segment describing the current run-time information of the system.

Answer 254

Port scanning is a method of determining which ports on a network are open and could be receiving or sending data. It is also a process for sending packets to specific ports on a host and analyzing responses to identify vulnerabilities.

Answer 255

Vulnerability scanning, also commonly known as 'vuln scan,' is an automated process of proactively identifying network, application, and security vulnerabilities. ... The scanning process includes detecting and classifying system weaknesses in networks, communications equipment, and computers.

Answer 256

Patch management is defined as a comprehensive cycle of ensuring baseline data, identifying available patches and known vulnerabilities, reviewing patches for applicability and OEM-vendor approval, designing deployment or mitigation strategies, executing patch deployment and confirmation, and finally re-establishing baselines.

Answer 257

In database technologies, a rollback is an operation which returns the database to some previous state. Rollbacks are important for database integrity, because they mean that the database can be restored to a clean copy even after erroneous operations are performed.

Answer 258

Method of evaluating baselines to make sure that they are still appropriate.

Answer 259

Packet Analysis As the name suggests, in this technique, we analyze the data packets that are transferred over the network. Here, we are not dealing with a summary of the data but are interested in what is contained in each data packet. Using this technique, we inspect the data being transmitted over the network to see if there is any problem associated with it or not. This technique helps one identify the root cause of any problems observed which could be due to an issue with the raw data being transmitted itself rather than other issues such as traffic. How does Packet Analysis work? The method is simple. As we collected data from routers in case of Flow Analysis, we collect the data from SPAN ports(also called as mirror ports). The data collected is the copy of the actual data flowing. It is then analyzed.

Answer 260

These are notifications from flags set to identify an event that has happened. Be aware, it does not tell you what is wrong.

Answer 261

This is the highlighting of alerts and events to human handlers to take a look at defects of the network.

Answer 262

Security information and event management is a field within the field of computer security, where software products and services combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware.

Answer 263

SNMP, short for Simple Network Management Protocol, is a widely used protocol and an essential piece of any network management strategy. IT administrators use SNMP monitoring to detect and manage devices, gain insights into performance and availability, and ensure the health of their network.

Answer 264

MIBs, short for Management Information Bases, are hierarchical databases of information pertaining to monitored devices. They can be accessed through MIB browsers, which retrieve data from SNMP-enabled devices like servers, routers, or switches

Answer 265

error metrics capture the number of erroneous results, usually expressed as a rate of errors per unit time or normalized by the throughput to yield errors per unit of work. ... The most common performance metric is latency, which represents the time required to complete a unit of work

Answer 266

Network utilization is a measurement of how much of the capacity is currently in use. Throughput (sometimes called achievable bandwidth) is a measure of how much of the network can be used at a given time.

Answer 267

The reliability of a communication network path is expressed by the packet loss rate. This metric is equal to the number of packets not received divided by the total number of packets sent.

Answer 268

Throughput measures your network's actual data transmission rate, which can vary wildly through different areas of your network. While your network's bandwidth measures the theoretical limit of data transfer, throughput tells you how much data is actually being sent.

Answer 269

Virtual private network.

Answer 270

Within the term "IPsec," "IP" stands for "Internet Protocol" and "sec" for "secure." The Internet Protocol is the main routing protocol used on the Internet; it designates where data will go using IP addresses. IPsec is secure because it adds encryption* and authentication to this process. It is used with VPNs.

Answer 271

TLS / SSL operates on top of the TCP layer but below the application layer. It can be considered as top sublayer for the Layer-4. DTLS is based on TLS protocol and provides equivalent security guarantees. DTLS protocol provides communications privacy for datagram protocols. Both of these protocols delivers data communication security over computer network. They are widely used in email, web, VoIP and other messaging applications.

Answer 272

A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network. ... With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.

Answer 273

VPN client-to-site connections are used to connect an individual device, such as a laptop or mobile phone, to the company network. The VPN client running on the client connects to the VPN service on the firewall.

Answer 274

Remote Desktop Protocol is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

Answer 275

Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

Answer 276

Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

Answer 277

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Answer 278

Assignment of URLs to websites - occurs during CMS site launch and AWPS collection creation. Redirects from one URL to another URL - typically occur when a URL is no longer valid and the owner wants website visitors to go to a different URL, rather than display an error message. Change to a URL - necessary when a department or unit changes its name, goes through an organizational restructuring, or wants to repurpose the site entirely. Ideally, the website’s URL reflects such changes.t

Answer 279

FTPS, also known as FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to commands and data transfer.

Answer 280

Secure File Transfer Protocol (SFTP) is a file protocol for transferring large files over the web. It builds on the File Transfer Protocol (FTP) and includes Secure Shell (SSH) security components.

Answer 281

Trivial File Transfer Protocol is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network

Answer 282

In systems management, out-of-band management involves the use of management interfaces for managing and networking equipment. Out-of-band management allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources.

Answer 283

modem faces outwards—it’s what connects your LAN to the outside world, the Internet. Through your modem, your LAN connects with the wide area network (WAN), which extends over a large geographical distance, such as Manhattan or any metropolitan area.

Answer 284

The console port (sometimes called the management port) is used by administrators to log into a router directly — that is, without a network connection. The console must be used to install routers onto networks because, of course, at that point there is no network connection to work through.

Answer 285

A document detailing privileged user processes and responsibilities.

Answer 286

A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training.

Answer 287

Onboarding begins once a job candidate agrees to accept a job. It involves all the steps needed to get a new employee successfully deployed and productive. Offboarding is the reverse of onboarding, and it involves separating an employee from a firm. This can include a process for sharing knowledge with other employees.

Answer 288

Network licensing helps ensure that your users have access to the right software at the right time and enables you to control the use of your software. Licensing restrictions also help limit access to systems and programs.

Answer 289

Export control is legislation that regulates the export of goods, software and technology. Some items could potentially be useful for purposes that are contrary to the interest of the exporting country.

Answer 290

A data loss prevention policy defines how organizations can share and protect data. It guides how data can be used in decision making without it being exposed to anyone who should not have access to it. Data loss prevention is broadly defined as technology or processes that: ... Prevents unauthorized access to data.

Answer 291

A remote access policy serves as a guide for remote users connecting to the network. It extends the policies governing network and computer use

Answer 292

Policies to respond to cyber security incidents, to protect systems and data, and prevent disruption of services by providing the required controls for incident handling, reporting, and monitoring, as well as incident response training, testing, and assistance.

Answer 293

BYOD stands for bring your own device. It's an IT policy that allows, and sometimes encourages, employees to access enterprise data and systems using personal mobile devices such as smartphones, tablets and laptops. ... Access, but with IT control over personal devices, apps and stored data.

Answer 294

An acceptable use policy, acceptable usage policy or fair use policy is a set of rules applied by the owner, creator or administrator of a computer network website, or service. That restricts the ways in which the network, website or system may be used and sets guidelines as to how it should be used.

Answer 295

A non-disclosure agreement (NDA) is defined as a legal agreement between at least two parties regarding the use and disclosure of certain non-public information, which is usually proprietary.

Answer 296

The purpose of the Systems Development Life Cycle (SDLC) Policy is to describe the requirements for developing and/or implementing new software and systems and to ensure that all development work is compliant as it relates to any and all regulatory, statutory, federal, and /or state

Answer 297

IT asset disposal is a framework that emphasizes the need to control data and equipment throughout its use, internal transfer, and disposal.

Answer 298

Safety procedures cover specific activities and steps taken to maintain safety. Some are task-specific; others are general descriptions regarding policies. To be effective, safety procedures should be in writing and communicated to employees through training.

Answer 299

The main purpose of motion detection is to sense an intruder and send an alert to your control panel, which alerts your monitoring center. Sensors work when you're not home or when you tell the system you are not there.

Answer 300

Video surveillance is the foundation of modern physical security systems. Integrated with access control, environmental sensors and analytics, you can better defend against threats to people and property and respond more quickly to incidents that do occur.

Answer 301

Asset tagging is the process of affixing tags or labels to assets to identify each one individually and track data from real-time location to maintenance history. These tags can be assigned to both fixed and moveable assets that are spread across multiple sites and warehouses.

Answer 302

The goal of tamper mechanisms is to prevent any attempt by an attacker to perform an unauthorized physical or electronic action against the device.

Answer 303

A badge is a device or accessory, often containing the insignia of an organization, which is presented or displayed to indicate one's access to a site, or room.

Answer 304

Biometrics are used to prevent hacking and data breaches, but in physical security they are being used for access control, authentication and verification. Unlike keys, ID's, proximity cards and passwords biometrics can't be stolen or lost making them a valuable tool for physical security.

Answer 305

Smart cards provide ways to securely identify and authenticate the holder and third parties who want to gain access to the card. For example, a PIN code or biometric data can be used for authentication. They also provide a way to securely store data on the card and protect communications with encryption.

Answer 306

Also known as a hardware token, a key fob provides on-device, one-factor authentication to facilitate access to a system or device, such as a car, computer system, restricted area or room, mobile device, network service or other kind of keyless entry system.

Answer 307

To keep people out that don't have a key.

Answer 308

RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

Answer 309

TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. ... TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server.

Answer 310

Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. ... Since Windows 2000, Microsoft has used the Kerberos protocol as the default authentication method in Windows, and it is an integral part of the Windows Active Directory (AD) service.

Answer 311

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. ... A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain.

Answer 312

The local authentication server is an authentication database that is built in to the system. ... Temporary users include lab users or guests, but you might find the local authentication server useful to create temporary accounts for users who are normally verified by an enterprise AAA server that you plan to disable.

Answer 313

LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication. ... Directory services store the users, passwords, and computer accounts, and share that information with other entities on the network.

Answer 314

Certificate-based authentication is the use of a Digital Certificate to identify a user, machine, or device before granting access to a resource, network, application, etc. In the case of user authentication, it is often deployed in coordination with traditional methods such as username and password

Answer 315

The purpose of auditing and logging is to record and examine activity in information systems that affect information assets. This includes any hardware, software, or procedural controls in place to track such activity as modifying information assets including protected health information within information systems.

Answer 316

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence

Answer 317

802.1X network access control (NAC) enables administrators to provide uniform access control across wired and wireless networks. ... 802.1X defines authentication controls for any user or device trying to access a LAN or WLAN.

Answer 318

Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.

Answer 319

802.1X port-based access control provides port-level security that allows LAN access only on ports where a single 802.1X-capable client (supplicant) has entered authorized RADIUS user credentials. ... Using this option, the port processes all IP traffic as if it comes from the same client.

Answer 320

MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don't want on your Wi-Fi.

Answer 321

The captive portal technique makes the user with a Web browser (HTTP client) to see a special Web page before being granted normal Internet access. The captive portal intercepts all packets regardless of address or port, until the browser is used as a form of authentication device.

Answer 322

In computer security, an access-control list is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.

Answer 323

WPA uses Temporal Key Integrity Protocol (TKIP) for more secure encryption than WEP offered. As the WiFi Alliance made this transition to a more advanced protocol, they had to keep some of the same elements of WEP so older devices would still be compatible.

Answer 324

WPA2 has stronger security and is easier to configure than the prior options. The main difference with WPA2 is that it uses the Advanced Encryption Standard (AES) instead of TKIP. AES is able to secure top-secret government information, so it's a good option for keeping a personal device or company WiFi safe

Answer 325

TKIP uses the RC4 stream encryption algorithm as its basis. The new protocol, however, encrypts each data packet with a unique encryption key, and the keys are much stronger than those of its predecessor.

Answer 326

AES uses a 128-bit key and encrypts data in 128-bit blocks. CCMP/AES uses several enhancements, including temporal keys (TK), packet numbers (PN), nonce [number or bit string used only once], upper layer encryption, and additional authentication data (AAD). ... CCMP is a security protocol.

Answer 327

In cryptography, a pre-shared key is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

Answer 328

Extensible Authentication Protocol (EAP) is used on encrypted networks to provide a secure way to send identifying information to provide network authentication. It supports various authentication methods, including as token cards, smart cards, certificates, one-time passwords and public key encryption.

Answer 329

PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

Answer 330

EAP-FAST is an EAP method that enables secure communication between a client and an authentication server by using Transport Layer Security (TLS) to establish a mutually authenticated tunnel. ... EAP-FAST-based mechanisms are defined to provision the credentials for the TLS extension.

Answer 331

Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) is an IETF open standard that's defined in RFC 5216. More colloquially, EAP-TLS is the authentication protocol most commonly deployed on WPA2-Enterprise networks to enable the use of X. 509 digital certificates for authentication.

Answer 332

The main difference between the two is the actual conduct of the authentication. Shared actually does an actual authentication while open automatically authenticates any client regardless of whether he actually has the correct WEP keys.

Answer 333

In cryptography, a pre-shared key is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.

Answer 334

the use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.

Answer 335

A reflection amplification attack is a technique that allows attackers to both magnify the amount of malicious traffic they can generate and obscure the sources of the attack traffic. This type of distributed denial-of-service (DDoS) attack overwhelms the target, causing disruption or outage of systems and services.

Answer 336

DNS amplification is a Distributed Denial of Service (DDoS) attack in which the attacker exploits vulnerabilities in domain name system (DNS) servers to turn initially small queries into much larger payloads, which are used to bring down the victim's servers.

Answer 337

A distributed denial-of-service (DDoS) attack occurs when multiple machines are operating together to attack one target. DDoS attackers often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large scale attacks. ... In this case, the infected devices are also victims of the attack.

Answer 338

A broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Answer 339

A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Answer 340

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files, should they ever be terminated from the company.

Answer 341

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.

Answer 342

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.

Answer 343

A wardriving attack involves hackers gaining unauthorized access to wireless networks. Hackers can then install malware or steal data from devices connected to the network.

Answer 344

Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.

Answer 345

DNS poisoning (also known as DNS spoofing) is a cyber attack that exploits the domain name system to direct traffic from one domain toward another.

Answer 346

ARP Poisoning is a type of cyberattack that abuses weaknesses in the widely used Address Resolution Protocol (ARP) to disrupt, redirect, or spy on network traffic.

Answer 347

a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.

Answer 348

A Wi-Fi de-authentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

Answer 349

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid.

Answer 350

a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

Answer 351

a method of attacking networked resources on a virtual LAN. The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible.

Answer 352

An on-path attack is an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that's being sent interactively across the network. This is a type of attack that can occur without anyone knowing that anyone is sitting in the middle of the conversation.

Answer 353

a vulnerability is a weakness in a software system. And an exploit is an attack that leverages that vulnerability. So while vulnerable means there is theoretically a way to exploit something (i.e., a vulnerability exists), exploitable means that there is a definite path to doing so in the wild.

Answer 354

Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.

Answer 355

Common password lists exist on the internet and they can be easily guessed.

Answer 356

By updating the firmware, you will be able to explore new features that are added to the device and also have an enhanced user experience while interacting with the device. A firmware update will optimize the performance of firmware or device driver, enhancing the performance of the processor.

Answer 357

Hackers love security flaws, also known as software vulnerabilities. ... Software updates often include software patches. They cover the security holes to keep hackers out.

Answer 358

Many organizations use a process of hashing data into hash files to encrypt important data. Basically converting files into numbers or jibberish.

Answer 359

Many computer break-ins are a result of people taking advantage of security holes or problems with these programs. The more services that are running on your computer, the more opportunities there are for others to use them, break into or take control of your computer through them.

Answer 360

Cyber security protocols are plans, protocols, actions and measures that aim to keep your organization safe from malicious attacks, data breaches and other security incidents. In order to make sure that your organization is protected, you need to employ various protocols and software that work well together.

Answer 361

Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted.

Answer 362

Open ports on a server are a security vulnerability that can potentially allow a hacker to exploit services on your network. ... Securing your network is simplified when you incorporate the principal of least privilege.

Answer 363

digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Management of that is the process to making sure a key is required for both recipient and sender to see same data.

Answer 364

Hardening is the process to eliminate a means of attack by patching vulnerabilities, turning off non-essential services and configuring system with security controls such as password management, file permissions and disabling unused network ports.w

Answer 365

Changing the native VLAN is mostly related to preventing VLAN hopping attacks. If this is of a concern you should use a different native VLAN on trunk ports between switches. For safety, this should be a VLAN not in use in the network. You want every valid VLAN to be tagged between switches.

Answer 366

Spanning tree will designate an interface as a blocked port, if enabling that port was to cause a loop on the network. For example, if the folks on Network Y wanted to talk to Network C, you can see that there's a blocked port going through bridge 11.

Answer 367

Flood guard is a way that you, as the network administrator, can limit the number of devices that can communicate through any particular switch interface. For example, if one device is connected to an interface on a switch, you may set the flood guard to only limit this one MAC address.

Answer 368

BPDU Guard feature is used to protect the Layer 2 Spanning Tree Protocol (STP) Topology from BPDU related attacks. ... When a BPDU Guard enabled port receive BPDU from the connected device, BPDU Guard disables the port and the port state is changed to Errdisable state.

Answer 369

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology.

Answer 370

DHCP snooping blocks unauthorized IP traffic from untrusted ports, and prevents it from entering the trusted network. It validates DHCP client packets from untrusted ports and forwards them to trusted ports in the VLAN.

Answer 371

A screened subnet (also known as a "triple-homed firewall") is a network architecture that uses a single firewall with three network interfaces. ... Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached. Interface 3 connects to an intranet for access to and from internal networks.

Answer 372

Network segmentation with virtual local area networks (VLANs) creates a collection of isolated networks within the data center. Each network is a separate broadcast domain. When properly configured, VLAN segmentation severely hinders access to system attack surfaces.

Answer 373

Privileged user accounts: Privileged user accounts provide administrative or specialized levels of access to enterprise systems and sensitive data, based on elevated levels of permissions. Privileged users: These users are often members of the IT team, but they don't need to be.

Answer 374

File integrity monitoring is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

Answer 375

Role separation is a database server option that allows users to perform different administrative tasks. Role separation is based on the principle of separation of duties, which reduces security risks with a checks-and-balances mechanism in the system.

Answer 376

Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

Answer 377

A honeynet is a decoy network that contains one or more honeypots. It looks like a real network and contains multiple systems but is hosted on one or only a few servers, each representing one environment. For example, a Windows honeypot machine, a Mac honeypot machine and a Linux honeypot machine.

Answer 378

A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment.

Answer 379

1) gather info, 2) duplicate problem if possible, 3) question users, 4) identify symptoms, 5) determine if anything has changed, 6) break down problems into actionable steps.

Answer 380

1) identify a problem, 2) establish a theory of probable cause, 3) test the theory to determine the cause, 4) establish a plan of action to resolve and identify risks, 5) implement a solution or escalate if necessary 6) verify functionality and implement safety measures, 7) document finding, actions, and outcomes.

Answer 381

A crimping tool is a device used to conjoin two pieces of metal by deforming one or both of them to hold each other. The result of the tool's work is called a crimp. An example of crimping is affixing a connector to the end of a cable.

Answer 382

Cable testers verify the electrical connections in a signal cable — confirming things are wired correctly between the ends of the cable.

Answer 383

It is used for inserting wire into insulation-displacement connectors on punch down blocks, patch panels, keystone modules, and surface mount boxes (also known as biscuit jacks).

Answer 384

An Optical Time Domain Reflectometer (OTDR) is a device that tests the integrity of a fiber cable and is used for the building, certifying, maintaining, and troubleshooting fiber optic systems.

Answer 385

An optical power meter (OPM) is a device used to measure the power in an optical signal.

Answer 386

When used with the amplifier probe, the tone generator allows technicians to identify a wire within a bundle, at a cross connect or at a remote end. It can be used on twisted pair, coax, and de-energized AC wiring.

Answer 387

A loopback adapter is required if you are installing on a non-networked computer to connect the computer to a network after the installation. When you install a loopback adapter, the loopback adapter assigns a local IP address for your computer.

Answer 388

A multimeter is a measuring instrument that can measure multiple electrical properties. A typical multimeter can measure voltage, resistance, and current, in which case it is also known as a volt-ohm-milliammeter, as the unit is equipped with voltmeter, ammeter, and ohmmeter functionality.

Answer 389

A spectrum / signal analyzer measures the magnitude of an input signal versus frequency within the full frequency range of the instrument. The primary use is to measure the power of the spectrum of known and unknown signals.

Answer 390

A packet analyzer or packet sniffer is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic.

Answer 391

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Answer 392

A protocol analyzer is a tool used to capture and analyze signals and data traffic over a communication channel. Such a channel varies from a local computer bus to a satellite link, that provides a means of communication using a standard communication protocol.

Answer 393

The main purpose of a Wi-Fi analyzer is to analyze the connection, collect the data, and identify the problems responsible for a weak Wi-Fi signal. Wi-Fi analyzers collect information from different access points and channels within your network and provide a clear overview with visual reports and dashboards.

Answer 394

It tests the bandwidth of a network.

Answer 395

primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, this command displays Help content. You can also use this command to test both the computer name and the IP address of the computer.

Answer 396

The tracert command (spelled traceroute in Unix/Linux implementations) is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where tracert is run to any other computer on the Internet.

Answer 397

nslookup is the name of a program that lets an Internet server administrator or any computer user enter a host name (for example, "whatis.com") and find out the corresponding IP address or domain name system (DNS) record.

Answer 398

Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays Internet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.

Answer 399

Ifconfig is used to configure the kernel-resident network interfaces. It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed. If no arguments are given, ifconfig displays the status of the currently active interfaces.

Answer 400

iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules.

Answer 401

The network statistics ( netstat ) command is a networking tool used for troubleshooting and configuration, that can also serve as a monitoring tool for connections over the network. Both incoming and outgoing connections, routing tables, port listening, and usage statistics are common uses for this command.

Answer 402

tcpdump is a packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it's running on. It runs on Linux and most UNIX-type operating systems. Tcpdump is used for simple filters. It provides decoding of protocol-based packet capturing

Answer 403

The PathPing command is a command-line network utility supplied in Windows 2000 and beyond that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss.

Answer 404

Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.

Answer 405

Using the route command displays or modifies the computer's routing table. For a typical computer that has a single network interface and is connected to a local area network (LAN) that has a router, the routing table is pretty simple and isn't often the source of network problems.

Answer 406

The Address Resolution Protocol(ARP) is a communication protocol used to discover the data-link layer address(Layer 2 address like Media Access Control(MAC) address) associated with an Internet layer address(Layer 3 address like IPv4 address).

Answer 407

The command dig is a tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information. This tool can be used from any Linux (Unix) or Macintosh OS X operating system. The most typical use of dig is to simply query a single host.

Answer 408

Attenuation is the loss of signal strength in networking cables or connections. This typically is measured in decibels (dB) or voltage and can occur due to a variety of factors. It may cause signals to become distorted or indiscernible.

Answer 409

Latency meaning in networking is best thought of as the amount of time it takes for a packet of data to be captured, transmitted, processed through multiple devices, then received at its destination and decoded. ... Latency is measured in milliseconds, or during speed tests, it's referred to as a ping rate.

Answer 410

Jitter is when there is a time delay in the sending of these data packets over your network connection. This is often caused by network congestion, and sometimes route changes. Essentially, the longer data packets take to arrive, the more jitter can negatively impact the video and audio quality.

Answer 411

Crosstalk can be found at the cable ends where the wires run parallel into the connector. Interference that occurs at the transmitting end is called NEXT (near-end crosstalk) and at the receiving end, it is FEXT (far-end crosstalk).

Answer 412

EMI, is the disruption of operation of an electronic device by an electromagnetic field. Usually this occurs when an electronic device is in proximity to an EM field which disrupts the radio frequency spectrum.

Answer 413

An open circuit is one that is damaged or is not physically connected. A short circuit occurs when two exposed cables touch creating a useless and possibly harmful circuit.

Answer 414

Improperly terminated cables. Essentially the pins are wrong on the connectors.

Answer 415

The Ethernet cabling used to connect to the network are all rated according to the specification they support. It is important to look at the cable sheath for the specification it supports. A Cat5 cable on a Cat 6 network will not perform as expected.

Answer 416

You can use a loopback plug to diagnose a bad port or failed adapter. It is possible that the port has bent pins creating intermittent connections or no connection at all.

Answer 417

When the connectors meet at the port, they are of the wrong type, causing a mismatch of data, to a lesser degree.

Answer 418

In a crossover cable, two pairs of the wires are reversed; the TX and RX (transmit and receive). TX/RX reverse occurs when a cross-over cable is used with two devices that should be using a straight-through cable.

Answer 419

A duplex mismatch occurs when two devices connected by Ethernet do not properly negotiate their connection. Ethernet has the option of running at different speeds (10, 100, or 1 Gbps) and has the option of running half-duplex or full-duplex. ... A duplex mismatch will cause constant packet loss.

Answer 420

Either replace them altogether or take off the covering and splice together and reconnect.

Answer 421

Bend them back.

Answer 422

When it comes to tackling network bottlenecks, networking pros have often relied on a limited number of techniques: Increase link throughput, configure port channeling, or integrate quality of service (QoS).

Answer 423

A VLAN mismatch occurs when two connected switchports have different VLAN configurations. For example, switch 1 port 1 is configured for native VLAN: 1, allowed VLANs: all. This port connects to switch 2 port 48 which is configured for native VLAN: 1, allowed VLANs: 1 and 2 only. Mismatched native VLANs on opposite sides of a trunk can inadvertently create "VLAN hopping." This is often a method of intentional attack used to sneak into a network and is an open security risk. How to simply fix? IDK.

Answer 424

Signal reflection occurs when a signal is transmitted along a transmission medium, such as a copper cable or an optical fiber. Some of the signal power may be reflected back to its origin rather than being carried all the way along the cable to the far end. This happens because imperfections in the cable cause impedance mismatches and non-linear changes in the cable characteristics. These abrupt changes in characteristics cause some of the transmitted signal to be reflected. WE fix with replacement of cable.

Answer 425

Refraction is the change in direction of propagation of a wave when the wave passes from one medium into another, and changes its speed. Light waves are refracted when crossing the boundary from one transparent medium into another because the speed of light is different in different media. We fix this by minimizing the impediments of mediums.

Answer 426

Absorption is when the signal strength loses power as it passes through a medium. All materials will absorb the signal at different rates. To fix we minimize different mediums along a path.

Answer 427

Latency determines how fast the contents within a pipe can be transferred from the client to the server and back. We reduce this by stopping services that do not need to be running (often in the background), reducing router, caching, and limiting transmission mediums.

Answer 428

jitter is caused by inconsistent latency time of information packets, jitter can be eliminated by lowering your latency rates.

Answer 429

This is a lessening of the signal. The most common way of dealing with this problem is to use repeaters(a device used to regenerate or replicate a signal)and hubs that will boost the signal strength ad hence prevent attenuation of the signals. This will also increase the maximum range that the signal can travel.

Answer 430

Different types of antennas generate signals in different manners. Directional antennas are made to focus RF into areas for coverage whereas Omni-directional antennas are designed to provide 360 degrees of coverage. We fix by getting the right attenna for our need.

Answer 431

Incorrect aiming greatly limits signal delivery. We fix by repositioning the antennas to deliver the signal better.

Answer 432

Wi-Fi interference is any signal outside of the configured Wi-Fi network that impairs the normal operation of the Wi-Fi network. ... The most common source of Wi-Fi interference is other Wi-Fi signals outside of the network operator's control. This can happen when a signal is using the same channel. Tips to Fix WiFi Interference - Relocate your wireless router away from nearby routers, appliances and dense building materials. - Unplug the appliances and devices when not in use. - Avoid using too many wireless gadgets at the same time within close proximity of each other. - Try using different wireless frequency (5GHz vs. 2Ghz)

Answer 433

Adjacent-Channel interference occurs when devices from overlapping channels are trying to talk over each other. We fix this by changing the channels.

Answer 434

the most common cause is too many people/devices using the network at once. This can be remedied with load balancing, MAC filtering, and VLANs.

Answer 435

Use repeaters.

Answer 436

Both the access point and the client must use the same frequency Wireless devices communicate with each other on one frequency. Certainly, if you were creating a new WiFi environment you would use 5 GHz technology to provide the best performance. The fact is that you will most likely be working in a mixed environment using the 2.4 GHz and 5 GHz frequencies. The wireless standards that cover these frequencies are 802.11ac in the 5 GHz range with Gigabit throughput capability and 802.11b/g/n at 2.4 GHz. 802.11n can operate in both frequency ranges with a throughput of 600 Mbps and is backward compatible with 802.11g at a speed of 54 MHz and 802.11b at 11 Mbps. The WLAN will slow to the lowest supported standard. To achieve the best performance, you would only allow 5 GHz connections to the access point. This setting would disregard all 2.4 GHz transmissions due to the frequency mismatch.

Answer 437

Restart the router, update network driver, etc. Mismatched frequencies are not the only impediment to wireless connectivity. When configuring a wireless client, you must be sure that you are accessing the correct SSID (Security Set Identifier). The SSID will not be visible unless it is broadcasted.

Answer 438

Make sure to enter the right one.

Answer 439

Make sure to enter the right one. Wireless signals are broadcast openly making them subject to interception. The signals are encrypted to secure communications. Early encryption types like WEP and WAP are insecure and your network should use at least WPA2. If the client security is set to something other than that of the access point it will not connect to the network.

Answer 440

Generic routing encapsulation (GRE) provides a private path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets. GRE tunneling is accomplished through tunnel endpoints that encapsulate or de-encapsulate traffic.

Answer 441

Multiprotocol Label Switching, or MPLS, is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks.

Answer 442

Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN). ... Tunnel Mode encrypts the whole packet including header info and source, and is used between networks.

Answer 443

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. The best way to avoid ransomware include proactive measures like the following: Don’t click on any URL or open an attachment you are not expecting. Implement an email content filtering service Install a web content filtering service Invest in leading end point security software solutions

Answer 444

The “fiber bend radius” of a fiber optic cable is the term for how sharply a cable can safely bend at any given point. All cabling has a fiber bend radius, and the bend radius may be different according to different types or different make of cables. Yes this is a real problem and creates scenarios where more bending causes higher attenuation.

Answer 445

VTP (VLAN Trunking Protocol) is a Cisco proprietary protocol used by Cisco switches to exchange VLAN information. ... VTP enables you to create the VLAN only on a single switch. That switch can then propagate information about the VLAN to every other switch on the network and cause other switches to create it.

Answer 446

Electrostatic discharge (ESD) is the transfer of electrons from one object to another. This can create interference of signal (aka noise).

Answer 447

A wavelength mismatch occurs when transmissions are optimized for one type of cable but sent over a different type of cable.

Answer 448

Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses. The arp –s command adds a static permanent address to the ARP cache. This will allow the administrator to access the firewall.

Answer 449

A patch antenna is a type of radio antenna with a low profile, which can be mounted on a flat surface. A patch antenna is typically mounted to a wall or a mast and provides coverage in a limited angle pattern.

Answer 450

A Yagi antenna is a directional antenna that improves radiation in a single direction, and such radiation can be either transmission or reception of energy, such as cell signal.

Answer 451

The main advantage of a parabolic antenna is that it has high directivity. It functions similarly to a searchlight or flashlight reflector to direct the radio waves in a narrow beam, or receive radio waves from one particular direction only. ... They are also used in radio telescopes.

Answer 452

Firmware is a specific class of computer software that provides low-level control for a device's specific hardware.

Answer 453

Incoming traps are used to inform an SNMP manager when an important event happens at the Agent level. A benefit of using Traps for monitoring and managing alarms is that they trigger instantaneously, rather than waiting for a status request from the manager.

Answer 454

Channel bonding splits your web traffic at the packet level among multiple internet connections. This means that channel bonding will be effective even for the user trying to stream a large movie because traffic is split at a low level.

Answer 455

This allows any IP address and port to access the said IP address. Very non-secure.

Answer 456

The Link Aggregation Control Protocol (LACP) enables you to assign multiple physical links to a logical interface, which appears as a single link to a route processor.

Answer 457

A proximity card is a physical card used to get access to a physical area such as a network closet. It is a “contactless” smart card that can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and “contact” type smart cards. The proximity cards are part of the Contactless card technologies. Held near an electronic reader for a moment they enable the identification of an encoded number.

Answer 458

Network Admission Control (NAC) can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking user credentials. For example, a client’s OS, Windows Registry settings, AD membership status, and version of antivirus software could be checked against a set of requirements before allowing the client to access a network. This process of checking a client’s characteristics is called posture assessment.

Answer 459

Data and network

Answer 460

A fully qualified domain name (FQDN) represents a domain name of a host or IP address(es).

Answer 461

IEEE 802.1D is the Ethernet MAC bridges standard which includes Bridging, Spanning Tree and others.

Answer 462

The ICMP echo request and the ICMP echo reply messages are commonly known as ping messages. ... The ping command sends an ICMP echo request to a device on the network, and the device immediately responds with an ICMP echo reply.

Answer 463

Toner probes are specifically used to trace cables hidden in floors, ceilings, or walls. They can also be used to track cables from the patch panels to their destinations.

Answer 464

Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

Answer 465

In the stateless inspection, the firewall also does not examine an entire packet but instead decides whether the packet satisfies existing security rules.

Answer 466

Data loss prevention (DLP), per Gartner, may be defined as technologies which perform both content inspection and contextual analysis of data sent via messaging applications such as email and instant messaging, in motion over the network, in use on a managed endpoint device, and at rest in on-premises file servers

Answer 467

Smartjack is a smart and intelligent device placed right between telephone company's demarcation and customer premises. We usually call this kind of device NID but smartjack is different since it has a smart function to test a connectivity check.

Answer 468

The signal-to-noise ratio is a measure used in science and engineering that compares the level of the desired signal to the level of background noise. SNR is defined as the ratio of signal power to noise power, often expressed in decibels.

Answer 469

The dig (domain information groper) command is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the queried name server(s).

Answer 470

DHCP Snooping is a security technology on a Layer 2 network switch that can prevent unauthorized DHCP servers from accessing your network.

Answer 471

OCSP stands for Online Certificate Status Protocol and is used by Certificate Authorities to check the revocation status of an X. 509 digital certificate.

Answer 472

VPN concentrators are used to connect many remote networks and clients to a central corporate network. They are used to protect the communications between remote branches or remote clients -- such as workstations, tablets, phones and IoT devices -- to corporate networks.

Answer 473

Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.

Answer 474

The advantage of wireless bridges over E1/T1 lines is that wireless bridges support higher bandwidth than E1/T1 lines, and E1/T1 lines tend to be more expensive in the long term. A wireless bridge supports a maximum of 54 Mbps of bandwidth. Wireless bridges provide connectivity between two geographically separated LANs. They can be deployed for either point-to-point or point-to-multipoint wireless local area networks (WLANs). Wireless bridges can interconnect locations up to a distance of 25 miles (40.2 Kms) with the integration of high-gain antennas.

Answer 475

The main purpose of a VPN concentrator is to terminate the VPN tunnels. The main purpose of a DNS server is to resolve host names and IP addresses. The main purpose of a DHCP server is to provide dynamic IP addresses. The main purpose of a proxy server is to manage Internet requests and cache Web content.

Answer 476

It is important for a company to have a policy for reviewing baselines periodically, because network traffic may change over an extended period. Reviewing baselines is an important tool in identifying abnormal behavior. You would first need to establish a baseline. To establish a baseline, you would monitor network traffic (or some other metric) for a predetermined amount of time. This establishes what the “normal” amount of traffic is for that period of time. By comparing network traffic against the baseline, you can identify spikes that might indicate abnormal behavior.

Answer 477

An Authentication Header (AH) protocol digitally signs and encapsulates each packet sent from the network within another packet.

Answer 478

In Public Key Infrastructure (PKI), an issuer is the entity that signs a certificate. Signing a certificate verifies that the name and key in the certificate are valid. PKI is a system designed to securely distribute public keys. A PKI typically consists of the following components: certificates, a key repository, a method for revoking certificates, and a method to evaluate a certificate chain, which security professionals can use to follow the possession of keys. Chain of custody might be used in proving legal cases against hackers. Most organizations implement PKI using a PKI Web service so that a third party is responsible for issuing and managing certificates.

Answer 479

You should implement split horizon to prevent routing loops. Split-horizon route advertisement prevents routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. None of the other options would solve the routing loop issue.

Answer 480

Rapid Spanning Tree Protocol (RSTP) is a network protocol that ensures a loop-free topology for Ethernet networks. Nowadays it is a popular solution to implement redundant networks in critical systems for Energy, Aerospace or Factory Automation.

Answer 481

Network Discover Protocol (NDP) covers different kinds of network communication such as router solicitation, router advertisement and neighbor solicitation or advertisement.

Answer 482

Datagram Transport Layer Security is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery.

Answer 483

In computing, Virtual Network Computing is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.

Answer 484

Enhanced Interior Gateway Routing Protocol is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers.

Answer 485

DMZ Network is a perimeter network that protects and adds an extra layer of security to an organization's internal local-area network from untrusted traffic. A common DMZ is a subnetwork that sits between the public internet and private networks.

Answer 486

Port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection

Answer 487

A trunk port is a type of connection on a switch that is used to connect a guest virtual machine that is VLAN aware. Generally, all frames that flow through this port are VLAN tagged. The exception to this is when a trunk port is granted access to the untagged VLAN set (native VLAN ID).

Answer 488

Port Address Translation (PAT) is an extension of Network Address Translation (NAT) that permits multiple devices on a LAN to be mapped to a single public IP address to conserve IP addresses.

Answer 489

Software-defined networking technology is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring, making it more like cloud computing than traditional network management.

Answer 490

(N*(N-1))/2

Answer 491

Infrastructure mode is a wireless network framework that has a central WLAN access point / router at the heart of the network. In infrastructure mode, wireless devices communicate with each other through an WLAN access point/router.

Answer 492

Time Division Multiple Access (TDMA) is a digital modulation technique used in digital cellular telephone and mobile radio communication. ... In simplest terms, TDMA enables multiple users to share the same frequency by dividing each cellular channel into different time slots.

Answer 493

(Code-Division Multiple Access) refers to any of several protocols used in second-generation and third-generation (3G) wireless communications.

Answer 494

DomainKeys Identified Mail, or DKIM, is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient.

Answer 495

A Cloud access security broker, or CASB, is cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers.

Answer 496

An SPF record or SPF TXT record is a record that is part of your domain's DNS — similar to a DMARC record. It contains a list of all the IP addresses that are permitted to send email on behalf of your domain

Answer 497

The Management Information Base (MIB) is part of the Simple Network Management Protocol and is a description of manageable objects within a network device.

Answer 498

ISCSI means Internet SCSI. ISCSI uses TCP (Transmission Control Protocol) which enables it to be used over TCP/IP networks such as Ethernet.

Answer 499

RTS/CTS (Request To Send / Clear To Send) is the optional mechanism used by the 802.11 wireless networking protocol to reduce frame collisions introduced by the hidden node problem.

Answer 500

Devices of different types are connected with a straight-through cable (patch cable). In this case, it is used to connect two devices of the same type. It is for this reason that the interface will display the line protocol down status.

Answer 501

Split horizon DNS (also known as Split Brain DNS) is a mechanism for DNS servers to supply different DNS query results depending on the source of the request. This can be done by hardware-based separation but is most commonly done in software. In this question, we want external users to be able to access the website by using a public IP address. To do this, we would have an external-facing DNS server hosting a DNS zone for the website domain. For the internal users, we would have an internal-facing DNS server hosting a DNS zone for the website domain. The external DNS zone will resolve the website URL to an external public IP address. The internal DNS server will resolve the website URL to an internal private IP address.

Answer 502

remote access service (RAS) is any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices. A remote access service connects a client to a host computer, known as a remote access server.

Answer 503

Serial cables use the RS-232 protocol which defines the functions of the 9 pins in a DB-9 connector.

Answer 504

Used at the Network layer to identify each host.

Answer 505

The attacker exploits the vulnerabilities within a web application that constructs LDAP messages or statements, which are based on user input.

Answer 506

It is an attack of a network to gain unauthorized access to a database by creating or retrieving information stored in the database application. Common uses: Authentication bypass - allowing a user to log in to a system without a valid user credential. Information disclosure - retrieves confidential information from the database. Compromise data integrity- The attacker is able to manipulate information stored in the database.

Answer 507

Next Generation Firewall (NGFW) A next-generation firewall is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection, an intrusion prevention system.

Answer 508

(Evolved) High Speed Packet Access, or HSPA+, or HSPA (Plus), or HSPAP is a technical standard for wireless broadband telecommunication. ... HSPA+ can achieve data rates of up to 42.2 Mbit/s. It introduces antenna array technologies such as beamforming and multiple-input multiple-output communications (MIMO).

Answer 509

Very high bit rate DSL line Upload speed = 16 Mbps Download speed = 52 Mbps Max reach < 1,500 meters POTS support = Yes

Answer 510

Symmetric DSL Upload speed = 2.3 Mbps Download speed = 2.3 Mbps Max reach = 6,700 meters POTS support = No

Answer 511

Asymmetric DSL Upload speed = 800 KBps Download speed = 8 Mbps Max reach = 5,500 meters POTS support = Yes

Answer 512

High bit rate DSL Upload speed = 1.54 MBps Download speed = 1.54 Mbps Max reach = 3,650 meters POTS support = No

Answer 513

UDSL (Unidirectional DSL) is a proposal from a European company. It's a unidirectional version of HDSL. Upload speed = 1.54 MBps Download speed = 1.54 Mbps Max reach = 3,650 meters POTS support = No

Answer 514

Basic Rate Interface (BRI) is a digital communications technology that transmits data and feature-rich voice and quality video over a standard telephone line, a ISDN technology.

Answer 515

N-ISDN (Narrowband Integrated Switch digital Network) was an attempt to replace the analog telephone system with a digital one. ... It describes telecommunication that carries voice information in a narrow band of frequencies.

Answer 516

PRI (Primary Rate Interface) and SIP (Session Initiating Protocol) are two methods used to connect your business to a regional telephone network. Both methods require PBX (Private Branch Exchange) equipment where the interchange between your office or facility and public lines takes place.

Answer 517

B-ISDN (Broadband ISDN) is the broadband transmission counterpart of Integrated Services Digital Network (ISDN).

Answer 518

A wireless wide area network (WWAN) is a specific type of network that sends wireless signals beyond a single building or property.

Answer 519

Multiprotocol Label Switching, or MPLS, is a networking technology that routes traffic using the shortest path based on “labels,” rather than network addresses, to handle forwarding over private wide area networks.

Answer 520

DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections.

Answer 521

A CSU/DSU is the equivalent of the modem for an entire LAN. The CSU/DSU implements two different functions. The channel service unit (CSU) is responsible for the connection to the telecommunication network, while the data service unit (DSU) is responsible for managing the interface with the data transmission interface.

Answer 522

RSTP, Rapid Spanning Tree Protocol, is an OSI layer-2 protocol defined in the IEEE Standard 802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected Ethernet switches, and disables the links which are not part of that tree, leaving a single active path between any two network devices.

Answer 523

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. ... The physical router that is forwarding packets at any given time is called the Primary/Active router.

Answer 524

Link Aggregation Control Protocol is an IEEE standard defined in IEEE 802.3ad. LACP lets devices send Link Aggregation Control Protocol Data Units (LACPDUs) to each other to establish a link aggregation connection. ... Both devices must support LACP for you to set up a dynamic LAG between those devices. This combines multiple ports into a single logical channel.

Answer 525

Hot Standby Router Protocol (HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway. ... The protocol establishes an association between gateways in order to achieve default gateway failover if the primary gateway becomes inaccessible.

Answer 526

A double-conversion on-line UPS converts power twice. First, AC input, with all of its voltage spikes, distortion, and other anomalies, is converted into DC. A double-conversion on-line UPS uses a capacitor to stabilize this DC voltage and store energy drawn from the AC input. Second, DC is converted back into AC that is tightly regulated by the UPS. This AC output can even have a different requency from the AC input. All of the power provided to the load equipment goes through this double-conversion process when AC input is present.

Answer 527

Virtual network computing (VNC) is a type of remote-control software that makes it possible to control another computer over a network connection.

Answer 528

Mean time between failures is the predicted elapsed time between inherent failures of a mechanical or electronic system, during normal system operation. MTBF can be calculated as the arithmetic mean time between failures of a system.

Answer 529

Datagram Transport Layer Security is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery.

Answer 530

Bridge Protocol Data Units are frames that contain information about the spanning tree protocol. A switch sends BPDUs using a unique source MAC address from its origin port to a multicast address with destination MAC.

Answer 531

iptables is a command-line firewall utility that uses policy chains to allow or block traffic. a very powerful security tool used to block unwanted traffic, allow desired traffic, redirect packets to alternate TCP/UDP ports, redirect packets to alternate IP addresses, protect against Denial of Service attacks (DoS) and so much more. This is considered a stateful firewall.

Answer 532

Netcat functions as a back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through Netcat or use it as a backdoor into other networked systems

Answer 533

Simple Network Management Protocol, v2 = a good step ahead, data type enhancements, built transfers, still-in-the-clear. It gathers statistics to and from network devices, by udp 161