Misc Things to Work On Flashcards

1
Q

PKI

A

Public Key Infrastructure:

Gives secure email exchanges & web browsing & solves the problem of having to distribute the keys ahead of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Kerberos

A

Port 88: Provides secure authentication over an insecure network
No passwords sent across network; ticketing system
Domain Controller = KDC (Key Distribution Center)
If authenticated, client is issued a TGT (Ticket Granting Ticket)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

RADIUS

A

Remote Authentication Dial-In User Service:
Centralized administration of dial-up/VPN/Wifi network authentication
Supports EAP & 802.1x
Layer 7: Client-server protocol
UDP, AAA
Doesn’t support remote access protocols
Ports: 1812, 1813 (Authentication Messages, Accounting Messages)
Proprietary Ports: 1645, 1646 (Authentication Messages, Accounting Messages)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TACACS+

A

Terminal Access Controller Access Control System Plus:
Port 49
Performs role of authenticator in an 802.1x network
Supports all network protocols
Cisco proprietary
TCP
Use RADIUS for cross-platform capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

802.1x

A

A standardized framework used for port-based authentication on both wired & wireless networks

Supplicant
User requesting access to the network

Authenticator
Device through which the supplement is requesting access to the network

Authentication Server
Centralized device that performs the authentication (RADIUS/TACACS+ Server)

Most modern NACs use 802.1x
Can encapsulate EAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Packet-Filtering Firewall

A

Permits/denies traffic based on packet header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Firewall: Stateless Packet Inspection

A

Allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Firewall: Stateful Packet Inspection

A

Monitors the active sessions and connections on a network.

The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Clean Agent System

A

Utilizes halocarbon or inert gas to suffocate a fire when the system is activated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Split-View DNS

A

An implementation in which separate DNS servers are provided for security and privacy management for internal and external networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

“Line protocol is down”

A

Means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cross Talk

A

When a signal transmitted on one copper twisted pair in a bundle radiates and potentially interferes with and degrades the transmission on another pair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Classless Routing

A

A type of routing where the router uses the default route to forward traffic if no other specific routes are found

OSPF, RIPv2, EIGRP, IS-IS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Asymmetric Routing

A

Network packets leave via one path and return via a different path

Asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network Interface Commands: Show Route

A

Displays the current state of the routing table on the device
Typically you would use “show ip route”
Displays routing protocol labels in routing table

[160/5]
160 = administrative distance
5 = routing metric (lower the better)

Show ip route 131.119.0.0
Shows metrics for the specified network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Network Interface Commands: Show Config

A

Displays the current system configuration on the screen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Network Interface Commands: Show Interface

A

Displays statistics for the network interfaces on the device
Ex: show interface ethernet 1/1

Make sure bandwidth matches cable type
Otherwise cable may be damaged or wrong type
If using a SAN, make sure MTU > 1500
Check for APIPA = DHCP issue
Check for runts, giants, & errors
Check for collisions
There should be no collisions if operating at full duplex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SDN Layers: Application Layer

A

Focuses on the communication resource requests or info about the network as a whole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SDN Layers: Control Layer

A

Uses the information from the applications & decides how to route a data packet on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

SDN Layers: Infrastructure Layer

A

Contains the network devices that receive info about where to move the data & then perform those movements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SDN Layers: Management Plane

A

Used to monitor traffic conditions & the status of the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Datacenter Hierarchy: Core (1st Tier)

A

Biggest, fastest, most expensive routers
Backbone of network
Merges geographically separated networks into one logical unit
At least 2 routers operating in redundant configuration

23
Q

Datacenter Hierarchy: Distribution/Aggregation (2nd Tier)

A

Boundary Definitions: Implements ACLs/Filters
Define policies for network; Layer 3 switches
Needs to ensure packets are properly routed between subnets

24
Q

Datacenter Hierarchy: Access/Edge (3rd Tier)

A

Used to connect to all endpoint devices

25
Q

Legal Hold

A

A notification sent from an organization’s legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case

26
Q

Securing SNMP

A

Follow least privilege
Always use v3
Combine with whitelisting of MIB
Use authPriv on your devices
Includes authentication & encryption features
Need to use a newer network device that supports cryptography
Strong SNMP passwords
Use ACLs to prevent MIB access (strict control)
Segregate SNMP traffic onto a separate management network or VLAN
Keep system images & software up-to-date

27
Q

ACL Tips

A

Block incoming requests from internal/private loopback & multicast IP ranges
Block incoming requests from protocols that should only be used locally
Block all IPv6 traffic
Or allow it to only authorized hosts/ports if using IPv6
Cisco ACLs
Www = HTTP (port 80)
Domain = DNS (port 53)

28
Q

HSRP vs. VRRP

A
HSRP = 1 active, 1 standby
VRRP = 1 active, many standby
29
Q

Coax Limitations

A

Coaxial
100Mbps, 500 meters

Twinaxial
10Gbps, 5 meters
Newer: 100Gbps, 7 meters

30
Q

Networking Tools: Attenuation

A

Copper = cable certifier

Fiber = fiber light meter

31
Q

Networking Tools: Interference

A

Copper/Fiber = Spectrum analyzer

32
Q

Networking Tools: Decibel Loss

A

Copper = cable certifier, cable analyzer

Fiber = fiber light meter

33
Q

Fiber: Dry vs. Wet Cleaning

A

Dry Cleaning: Best for dust/dirt on connector

Wet Cleaning: Best for oil residue (ex: fingerprints)

34
Q

Parabolic vs. Directional Antennas

A

Parabolic works best outside (greater signal strength)

Directional is better for inside use

35
Q

CSU/DSU

A

Used to terminate the digital signals at a customer’s demarcation point

36
Q

Demarcation Point

A

The entrance facilities where your WAN connection will enter your building

37
Q

Teredo Tunneling

A

Used to give IPv6 connectivity to a computer with only an IPv4 connection

38
Q

Route Believability Metrics

A
Directly Connected = 0
Statically Configured = 1
EIGRP = 90
OSPF = 110
RIP = 120
External EIGRP = 170
Unknown/Unreachable = 255
39
Q

Link Lights: Activity Light

A

Status of link while in use
Off = no link or connection
Orange = connection established
Blinking orange = data activity occurring over link/connection

40
Q

Link Lights: Speed Light

A

Off
Slow, 10Mbps

Orange
100Mbps

Green
1Gbps

41
Q

IPv6: Dual Stack

A

Devices are able to run IPv4 and IPv6 in parallel

42
Q

Subinterfaces

A

A virtual interface created by dividing one physical interface into multiple logical interfaces

43
Q

RTO

A

Recovery Time Objective:
Time and service level within which a business process must be restored after a disaster to avoid unacceptable consequences

44
Q

RPO

A

Recovery Point Objective:

Interval of time during a disruption before data lost exceeds the BCP’s maximum allowable threshold or tolerance

45
Q

QSFP vs. QSFP+

A
QSFP = 40Gbps
QSFP+ = 41.2Gbps
46
Q

Neighbor Discovery Protocol

A

Used by IPv6 to learn the layer 2 addresses on the network
Router Solicitation - used by hosts
Router Advertisement - used by routers
Neighbor Solicitation - used by nodes
Neighbor Advertisement - used by nodes
Redirect - Routers informing host of better first-hop routers

47
Q

GRE

A
Generic Routing Encapsulation:
VPN/Tunneling System
Site-to-site private connection
Allows any protocol
Not secure on its own

mGRE = multipoint GRE (can be combined with DMVPN)

48
Q

RFC1918

A

Private IP addresses reserved

  1. 0.0.0/8
  2. 16.0.0/12
  3. 168.0.0/16
49
Q

DNS Record: SOA

A

Start of Authority:

Indicates which Domain Name Server (DNS) is the best source of information for the specified domain

50
Q

Connectionless Protocols

A

ICMP, UDP, IP, IPX

Connection-oriented protocols:
TCP, SSH, SSL

51
Q

VTP

A

VLAN Trunking Protocol:
Shares VLAN information to all switches in a network. VTP enables you to configure the VLAN on a VTP server for centralized configuration and management. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain

52
Q

SOW

A

Statement of Work:

A document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines

53
Q

SAN: iSCSI Switching

A

Set MTU to 9000 on each of the participants in the SAN

54
Q

VLAN Hopping Methods

A

Double tagging

Switch spoofing