CCNP ENCOR Vocab Flashcards
802.1p
An IEEE specification that defines the use of the 3-bit Priority Code Point (PCP) field to provide different classes of service. The PCP field is contained within the TCI field, which is part of the 802.1Q header.
802.1Q
An IEEE specification that defines two 2-byte fields, Tag Protocol Identifier (TPID) and Tag Control Information (TCI), that are inserted within an Ethernet frame.
802.1x
An IEEE standard for port-based network access control (PNAC) that provides an authentication mechanism for local area networks (LANs) and wireless LANs (WLANs).
access control list (ACL)
mechanism that provides packet classification for quality of service
(QoS), routing protocols, and basic firewall functionality.
access layer
The network layer that gives endpoints and users direct access to the network.
access port
A switch port that is configured for only one specific VLAN and generally connects end-user devices.
address family
A major classification of type of network protocol, such as IPv4, IPv6, or
VPNv4.
address resolution protocol (ARP)
protocol that resolves a MAC address to a specific
IP address.
administrative distance
rating of trustworthiness for a route. Generally, it is associated
with the routing process that installs the route into the RIB.
AMP for Networks
AMP running on Cisco Secure Firewall appliances and dedicated Cisco
AMP appliances for network malware defense.
amplitude
height from the top peak to the bottom peak of a signal’s waveform; also
known as the peak-to-peak amplitude.
anchor controller
The original controller a client was associated with before a Layer 3 intercontroller roam. An anchor controller can also be used for tunneling clients on a guest WLAN or with a static anchor. Traffic is tunneled from the client’s current controller (the foreign controller) back to the anchor.
application programming interface (API)
A set of functions and procedures used for configuring
or monitoring computer systems, network devices, or applications that involves programmatically interacting through software. It can be used for connecting to individual devices or multiple devices simultaneously.
area border router (ABR)
A router that connects an OSPF area to Area 0 (that is, the backbone
area).
AS_Path
BGP attribute used to track the autonomous systems a network has been advertised through as a loop-prevention mechanism.
AS path access control list (ACL)
An ACL based on regex for identifying BGP routes based on the AS path and used for direct filtering or conditional matching in a route map.
atomic aggregate
BGP path attribute which indicates that a prefix has been summarized,
and not all of the path information from component routes was included in the aggregate.
authentication, authorization, and accounting (AAA)
An architectural framework that enables secure network access control for users and devices.
authentication server (AS)
An 802.1x entity that authenticates users or clients based on
their credentials, as matched against a user database. In a wireless network, a RADIUS server is an AS.
authenticator
An 802.1x entity that exists as a network device that provides access to the network. In a wireless network, a WLC acts as an authenticator.
autonomous AP
A wireless AP operating in a standalone mode, such that it can provide a
fully functional BSS and connect to the DS.
autonomous system (AS)
A set of routers running the same routing protocol under a single
realm of control and authority.
backbone area
The OSPF Area 0, which connects to all other OSPF areas. The backbone area is the only area that should provide connectivity between all other OSPF areas.
backup designated router (BDR)
A backup pseudonode that maintains the network segment’s
state to replace the DR in the event of its failure.
band
A contiguous range of frequencies.
bandwidth
The range of frequencies used by a single channel or a single RF signal.
beamwidth
A measure of the angle of a radiation pattern in both the E and H planes, where the signal strength is 3 dB below the maximum value.
BGP community
A well-known BGP attribute that allows for identification of routes for later
actions such as identification of source or route filtering/modification.
BGP multihoming
method of providing redundancy and optimal routing that involves adding
multiple links to external autonomous systems.
BPDU filter
STP feature that filters BPDUs from being advertised/received across the configured port.
BPDU guard
STP feature that places a port into an ErrDisabled state if a BPDU is
received on a portfast-enabled port.
bridge protocol data unit (BPDU)
A network packet that is used to identify a hierarchy and
notify of changes in the topology.
broadcast domain
A portion of a network where a single broadcast can be advertised or
received.
building block
A distinct place in the network (PIN) such as the campus end-user/endpoint block, the WAN edge block, the Internet edge block, or the network services block. The components of each building block are the access layer, the distribution layer, and/or the core (backbone) layer. Also known as a network block or a place in the network (PIN).
CAPWAP
standards-based tunneling protocol that defines communication between a lightweight AP and a wireless LAN controller.
carrier signal
The basic, steady RF signal that is used to carry other useful information.
channel
An arbitrary index that points to a specific frequency within a band.
Cisco Advanced Malware Protection (AMP)
Cisco malware analysis and protection solution that goes beyond point-in-time detection and provides comprehensive protection for organizations across the full attack continuum: before, during, and after an attack.
Cisco Express Forwarding (CEF)
method of forwarding packets in hardware through the
use of the FIB and adjacency tables. CEF is much faster than process switching.
Cisco Identity Services Engine (ISE)
Cisco security policy management platform that provides highly secure network access control to users and devices across wired, wireless, and VPN connections. It allows for visibility into what is happening in the network, such as who is connected (endpoints, users, and devices), which applications are installed and running on endpoints (for posture assessment), and much more.
Cisco SAFE
A framework that helps design secure solutions for the campus, data center, cloud, WAN, branch, and edge.
Cisco Secure Client
VPN client that is an 802.1x supplicant that can perform posture
validations and that provides web security, network visibility into endpoint flows within Cisco Secure Network Analytics, and roaming protection with Cisco Umbrella.
Cisco Secure Email
Cisco solution that enables users to communicate securely via email
and helps organizations combat email security threats with a multilayered approach across the attack continuum.
Cisco Secure Firewall
next-generation firewall (NGFW) with legacy firewall capabilities
such as stateful inspection as well as integrated intrusion prevention, application-level inspection, and techniques to address evolving security threats, such as advanced malware and application-
layer attacks.
Cisco Secure Malware Analytics
malware sandbox solution.
Cisco Secure Network Analytics
Cisco collector and aggregator of network telemetry data (NetFlow data) that performs network security analysis and monitoring to automatically detect threats that manage to infiltrate a network as well as threats that originate within a network.
Cisco Secure Web Appliance
An all-in-one web gateway that includes a wide variety of protections that can block advanced threats from both suspicious and legitimate websites.
Cisco Talos
The Cisco threat intelligence organization
Cisco TrustSec
next-generation access control enforcement solution developed by
Cisco that performs network enforcement by using Security Group Tags (SGTs) instead of IP addresses and ports. In SD-Access, Cisco TrustSec Security Group Tags are referred to as Scalable Group Tags.
Cisco Umbrella
Cisco solution that blocks requests to malicious Internet destinations
(domains, IP addresses, URLs) using Domain Name System (DNS).
Client density
The relative number of client devices served by an AP and its antenna, as determined by the antenna’s RF coverage pattern.
collision domain
set of devices in a network that can transmit data packets that can collide with other packets sent by other devices (that is, devices that can detect traffic from other devices using CSMA/CD).
command-line interface (CLI)
A text-based user interface for configuring network devices
individually by inputting configuration commands.
Common Spanning Tree (CST)
single spanning-tree instance for the entire network, as
defined in the 802.1D standard.
configuration BPDU
The BPDU that is responsible for switches electing a root bridge and
communicating the root path cost so that a hierarchy can be built.
container
isolated environment where containerized applications run. It contains the application along with the dependencies that the application needs to run. It is created by a container engine running a container image.
container image
file created by a container engine that includes application code along with its dependencies. Container images become containers when they are run by a container engine.
content addressable memory (CAM)
high-performance table used to correlate MAC addresses to switch interfaces that they are attached to.
control plane policing (CoPP)
policy applied to the control plane of a router to protect
the CPU from high rates of traffic that could impact router stability
cookbook
Chef container that holds recipes.
core layer
network layer, also known as the backbone, that provides high-speed connectivity between distribution layers in large environments.
Datagram Transport Layer Security (DTLS)
communications protocol designed to provide authentication, data integrity, and confidentiality for communications between two
applications, over a datagram transport protocol such as User Datagram Protocol (UDP). DTLS is based on TLS, and it includes enhancements such as sequence numbers and retransmission
capability to compensate for the unreliable nature of UDP. DTLS is defined in IETF RFC 4347.
dBd
dB-dipole, the gain of an antenna, measured in dB, as compared to a simple dipole antenna.
dBi
dB-isotropic, the gain of an antenna, measured in dB, as compared to an isotropic reference antenna.
dBm
dB-milliwatt, the power level of a signal measured in dB, as compared to a reference signal power of 1 milliwatt.