Bridging course

Question 1

exploit

Answer 1

takes advantage of a vulnerability

Question 2

origin authentication

Answer 2

message is not a forgery and comes from who it is stated to come from, HMAC (hash message authentication code) is used for this

Question 3

CSMA/CD

Answer 3

1. device listens to ensure channel is idle
2. device sends RTS message to AP
   3a. receives CTS message from AP
   3b. if no CTS received, waits random amt of time and sends again, repeats as necessary
3. device transmits data
4. each transmission acknowledged, if not ack receiveed transmission restarts

Question 4

Frequency channel saturation techniques

Answer 4

Direct-sequence spread spectrum (DSSS)- modulation technique to spread signal over a larger frequency band - used by 802.11b devices

Frequency hopping spread spectrum: rapidly transmites between various channels, devices must be synced in order to work. 802.11 used this, so do walkie talkies and bluetooth

orthogonal Frequency Division multiplexing this is a subset of frequency division multiplexing in which a single channel uses multiple channels on adjacent frequencies

Question 5

data-integrity

Answer 5

guaruntees the message was not altered, MD5 is SHA hashing algorithms are used for this

Question 6

name and describe the three categories of APIs

Answer 6

open API or public API: publicly available, some API providers require the client to get a free key. this is to help control the API request received and processed

internal or private APIs: used by and organization organizations organization

partner APIs: between a company and its business partners

Question 7

wireless standards

Answer 7

802. 11 2.4 ghz speed 2 mbs
803. 11a 5 ghz speed 54 mbs
804. 11b 2.4 ghz speed 11 mbs
805. 11g 2.4 ghz 54mbs
806. 11n 2.4/5 ghz 150-600 mbs
807. 11 ac 6 ghz 1.3 gbps
808. 11 ax 2.4/5 ghz knows as high efficency wireless, capable of 1/7 GHZ as well, newest standard

Question 8

JSON

Answer 8

popular format used by web services to provide public data. can be used with most modern programming languages including python

syntax rules:
hierarchical structure
braces to hold objects and brackets for arrays
data is written as key/value pairs

keys are marked by double quotation marks, multiple key and value pairs are separated by commas

Question 9

dynamic ARP inspection

Answer 9

requires DHCP snooping binding table to operate
can inpect source mac, dest mac, and IP address
to enable all must be entered on same command line

Question 10

URI

Answer 10

Uniform resource identifier

makes up the entire https/https request to include the protocol, hostname, path and file name, and the fragment

Question 11

wireless security methods

Answer 11

WEP: no longer secure
WPA: uses TKIP, more secure than WEP
WPA2: uses AES for encryption, standard for security
WPA3: introduced in 2018, mitigation against dictionary attacks, individualized encryption

Question 12

client/server client operations

Answer 12

post - create
get -read
put/patch-update
delete - delete

Question 13

name common data formats

Answer 13

JSON
XML
YAML

Question 14

JSON-RPC

Answer 14

javascript object notation -remote procedure call

rpc is when one system requests and another system executes code and returns information

strengths: simplicity

Question 15

assets

Answer 15

anything of value to the organization

Question 16

intent based networking

Answer 16

translation: what does the business want, and how do those translate into actual polices

Activation: this is the installation of the policies created in translation onto the physical devices.

assurance: this is a constant process to ensure the intent is being met through verification and validation loop

Question 17

CAPWAP

Answer 17

IEEE standard protocol that enables WLC to manage mult WLCs, encapsulates and fowards traffic bt ap and WLC

can use IPV4 or IPV6 but uses IPV4 by default

can use UDP port 5246 and 5347
CAPWAP tunnles use different ip protocols IPv4 uses protocol 17 and ipv6 uses protocol 136

Question 18

vulnerabiltiy

Answer 18

weakness in a system, that could be exploited by a threat

Question 19

DHCP snooping

Answer 19

deliniates between trusted and untrusted sources on ports, if untrusted DHCP traffic is limited

Question 20

mitigation

Answer 20

counter-measure to reduce potential threat or risk

Question 21

threat

Answer 21

potential danger to the company’s assets

Question 22

passive and active discover mode

Answer 22

passive: normal function, router sends beacon with SSID sec settings and supported standards
active: client sends SSID and supported standards to AP then receives access

Question 23

XML

Answer 23

similar to HTML
self descriptive use of tags
unlike html no predefined tags or structure

Question 24

XML-RPC

Answer 24

extensible markup language- remote procedure call

protocol developed prior to SOAP, later evolved into what became SOAP

strengths: well established simplicity

Question 25

overlay v underlay in IBN

Answer 25

overlay is the logical fabric

underlay is the physical topology of the network

Question 26

XML-RPC

Answer 26

extensible markup language- remote procedure call

Question 27

symmetric encryption algorithms

Answer 27

DES, uses stream cypher
3DES repeats DES three times
AES. more efficient that 3DES, popular symmetric alogrimth
software optimized enc algortihtm, alternative to those above, less CPU intesive
Rivest ciphers series RC, RC4 is most popular variation, used to encrypt HTTPS and TLS

Question 28

RESTCONF

Answer 28

rest- like API for managing and configuring network devices using http. Uses Yang data modelling and netconf defined datastores

Question 29

TFTP

Answer 29

simpler than FTP but less capable, does not offer authentication or directory visibility

message categories:
RRQ- request to read
WRQ- request to write 
DATA- contains block file of data
ACK -used by peer to ack each block of data
Error- used to indicate error

Question 30

split MAC architecture

Answer 30

AP MAC functions: beacons and probe responses, packet acks and retransmissions, frame queing and packet prioritization, mac layer data enc and decr

WLC functions: authentication, association and re assocaiton of clients, frame translation to other protocols, termination of 802.11 traffic onto a wired interface.

Question 31

network configuration tools

Answer 31

Ansible: programming lang= python or YAML
agentless, any device cab be controller, creates playbooks
Puppet: programming lang Ruby, supports both agent-based and agentless, devices are manged as puppet master, creates manifest
Chef: programming lang ruby, agent-based, devices are managed Chef Master, creates cookbook
SalstStack : uses python, supports both, devices managed using salt master, creates pillar

Question 32

FTP

Answer 32

uses TCP

port 21 is used for the control connection
port 20 is used for the data connection

uses client server model

4 steps:

1. request- intitated by client
2. response- server says it is ready
3. Transfer- transaction occurs
4. Terminate - success terminate, unsuccessful terminate. ends

Question 33

DTLS

Answer 33

protocol that provides security between the AP and WLC
enabled by default to secure CAPWAP control channel, but disabled on the data channel

data ecryption is enabled on a per AP basis, requires a DTLS liscence to be installed on WLC

Question 34

data non-repudiation

Answer 34

guarantess sender cannot deny they sent the message, implemented through digital signature or certificates

Question 35

YAML

Answer 35

like JSON, considered a superset of JSON
easiest to read and write of the formats studied
uses indentation to define structure

key value pairs are exasperated by a colon
hyphens are used to separate elements in a list

Question 36

BSS ESS

Answer 36

Basic service set: single ap interconnecting wireless clients.
extended service set: connectes disparete BSSs, allows clients to roam

Question 37

restful API applications

Answer 37

developer website: made by the API developer as sort of a how to guide with examples on how to use the API

postman: program for testing and using REST APIs, can be used in browser or standalone
python: APIs can be called from within an python program
network operating system: netconf protocol and restconf protocol are ways the network administrator can interact with the network using python scripts and cisco DNA

Question 38

URN

Answer 38

Uniform resource name

identifies the name space of the resource (www. .html)

Question 39

what are the menu options in cisco’s DNA center

Answer 39

design: model of the network
policy: uses policies to automate and simplify network management
provision: provide new services to users
assurance: proactive monitoring and insights to predict problems and solve them more quickly
platform: uses apis to integrate the preferred it systems to create end-to-end solutions and support for multi-vendor devices

Question 40

802.11 frame structure

Answer 40

frame control: type of wireless frame
duration: remaining duration needed to receive next frame
Address 1-3: 1-MAC of receiving device, 2- MAC of trasmitting device, 3- sometimes contains MAC of destination device such as router to which AP is attached
sequence control: sequence info for fragments
address 4: only used in ad hoc mode
payload: contains data
FCS: layer 2 error control

Question 41

name the types of web service APIs covered in the course

Answer 41

SOAP, REST, XML-RPC, JSON-RPC

Question 42

data confidentiality

Answer 42

only authorized users can read the message, this is implemented through symetric and asymetric encription algorithms

Question 43

vlan attack mitigation technieques

Answer 43

port security: can prevent mac address flooding attacks and DHCP starvation attacks

DHCP snooping: prevnets dhcp starvation and spoofing attacks

dynamic arp inpection: prevents arp spoofing and posioning attacks

ip source guard: prevents mac and ip address spoofing attacks

Question 44

REST

Answer 44

representational state transfer

can use XML, JSON, or YAML
strengths: flexible formatting, most widely used, less verbose

Question 45

name and describe the three different parts of the API request

Answer 45

API Server: the URL for the server that answers the REST request
resources :specifies the API that is being requested, the server may have more than one API, this specifies which one.
query: format-JSON, YAML, XML
Key- the authorization token if required
Parameters- details of the request, what needs to be returned

Question 46

Asymmetric encryption algorithms

Answer 46

Diffie hellman: allows two parties on a key to send each other
Digital signature standard/algorithm DSS/DSA : DSA is a public key
RSA: public key crytopgraphy can be used for both signing an ecrytption, widely uesed in e commerce
Elgammal: based on the DH key agreement, message is 2x the size after encryption
Elliptical curve techniques: advantage is key can be much smaller

Question 47

agent based v agentless

Answer 47

agent based is pull based, agent on the managed device periodically connects with master for its configuration information. changes are made to master and pulled down and executed by the device.

agentless is push based. a config script is run on the master, master connects to the device and executes tasks in the script

Question 48

risk

Answer 48

likelihood of a threat to exploit the vulnerability of the asset. measured by the probability of occurrence.

Question 49

Flex connect APs

Answer 49

connected mode- WLC is reachable, this is normal mode and WLC and remote APs function as expected

standalone mode- occurs when connection between WLC and Aps are lost. AP may assume some duties such as switching traffic locally and performing auth locally

Question 50

JSON-RPC

Answer 50

javascript object notation -remote procedure call

rpc is when one system requests and another system executes