Misc Things to Work On

Question 1

PKI

Answer 1

Public Key Infrastructure:
Gives secure email exchanges & web browsing & solves the problem of having to distribute the keys ahead of time

Question 2

Kerberos

Answer 2

Port 88: Provides secure authentication over an insecure network
No passwords sent across network; ticketing system
Domain Controller = KDC (Key Distribution Center)
If authenticated, client is issued a TGT (Ticket Granting Ticket)

Question 3

RADIUS

Answer 3

Remote Authentication Dial-In User Service:
Centralized administration of dial-up/VPN/Wifi network authentication
Supports EAP & 802.1x
Layer 7: Client-server protocol
UDP, AAA
Doesn’t support remote access protocols
Ports: 1812, 1813 (Authentication Messages, Accounting Messages)
Proprietary Ports: 1645, 1646 (Authentication Messages, Accounting Messages)

Question 4

TACACS+

Answer 4

Terminal Access Controller Access Control System Plus:
Port 49
Performs role of authenticator in an 802.1x network
Supports all network protocols
Cisco proprietary
TCP
Use RADIUS for cross-platform capabilities

Question 5

802.1x

Answer 5

A standardized framework used for port-based authentication on both wired & wireless networks

Supplicant
User requesting access to the network

Authenticator
Device through which the supplement is requesting access to the network

Authentication Server
Centralized device that performs the authentication (RADIUS/TACACS+ Server)

Most modern NACs use 802.1x
Can encapsulate EAP

Question 6

Packet-Filtering Firewall

Answer 6

Permits/denies traffic based on packet header

Question 7

Firewall: Stateless Packet Inspection

Answer 7

Allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.).

Question 8

Firewall: Stateful Packet Inspection

Answer 8

Monitors the active sessions and connections on a network.

The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules.

Question 9

Clean Agent System

Answer 9

Utilizes halocarbon or inert gas to suffocate a fire when the system is activated

Question 10

Split-View DNS

Answer 10

An implementation in which separate DNS servers are provided for security and privacy management for internal and external networks

Question 11

“Line protocol is down”

Answer 11

Means that the specified interface has been correctly configured and enabled, but the Ethernet cable might be disconnected from the switchport.

Question 12

Cross Talk

Answer 12

When a signal transmitted on one copper twisted pair in a bundle radiates and potentially interferes with and degrades the transmission on another pair

Question 13

Classless Routing

Answer 13

A type of routing where the router uses the default route to forward traffic if no other specific routes are found

OSPF, RIPv2, EIGRP, IS-IS

Question 14

Asymmetric Routing

Answer 14

Network packets leave via one path and return via a different path

Asymmetric routing doesn’t cause any routing issues necessarily, but they do cause issues with dropped packet flows by our security devices like firewalls and unified threat management systems

Question 15

Network Interface Commands: Show Route

Answer 15

Displays the current state of the routing table on the device
Typically you would use “show ip route”
Displays routing protocol labels in routing table

[160/5]
160 = administrative distance
5 = routing metric (lower the better)

Show ip route 131.119.0.0
Shows metrics for the specified network

Question 16

Network Interface Commands: Show Config

Answer 16

Displays the current system configuration on the screen

Question 17

Network Interface Commands: Show Interface

Answer 17

Displays statistics for the network interfaces on the device
Ex: show interface ethernet 1/1

Make sure bandwidth matches cable type
Otherwise cable may be damaged or wrong type
If using a SAN, make sure MTU > 1500
Check for APIPA = DHCP issue
Check for runts, giants, & errors
Check for collisions
There should be no collisions if operating at full duplex

Question 18

SDN Layers: Application Layer

Answer 18

Focuses on the communication resource requests or info about the network as a whole

Question 19

SDN Layers: Control Layer

Answer 19

Uses the information from the applications & decides how to route a data packet on the network

Question 20

SDN Layers: Infrastructure Layer

Answer 20

Contains the network devices that receive info about where to move the data & then perform those movements

Question 21

SDN Layers: Management Plane

Answer 21

Used to monitor traffic conditions & the status of the network

Question 22

Datacenter Hierarchy: Core (1st Tier)

Answer 22

Biggest, fastest, most expensive routers
Backbone of network
Merges geographically separated networks into one logical unit
At least 2 routers operating in redundant configuration

Question 23

Datacenter Hierarchy: Distribution/Aggregation (2nd Tier)

Answer 23

Boundary Definitions: Implements ACLs/Filters
Define policies for network; Layer 3 switches
Needs to ensure packets are properly routed between subnets

Question 24

Datacenter Hierarchy: Access/Edge (3rd Tier)

Answer 24

Used to connect to all endpoint devices

Question 25

Legal Hold

Answer 25

A notification sent from an organization’s legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case

Question 26

Securing SNMP

Answer 26

Follow least privilege
Always use v3
Combine with whitelisting of MIB
Use authPriv on your devices
Includes authentication & encryption features
Need to use a newer network device that supports cryptography
Strong SNMP passwords
Use ACLs to prevent MIB access (strict control)
Segregate SNMP traffic onto a separate management network or VLAN
Keep system images & software up-to-date

Question 27

ACL Tips

Answer 27

Block incoming requests from internal/private loopback & multicast IP ranges
Block incoming requests from protocols that should only be used locally
Block all IPv6 traffic
Or allow it to only authorized hosts/ports if using IPv6
Cisco ACLs
Www = HTTP (port 80)
Domain = DNS (port 53)

Question 28

HSRP vs. VRRP

Answer 28

HSRP = 1 active, 1 standby
VRRP = 1 active, many standby

Question 29

Coax Limitations

Answer 29

Coaxial
100Mbps, 500 meters

Twinaxial
10Gbps, 5 meters
Newer: 100Gbps, 7 meters

Question 30

Networking Tools: Attenuation

Answer 30

Copper = cable certifier

Fiber = fiber light meter

Question 31

Networking Tools: Interference

Answer 31

Copper/Fiber = Spectrum analyzer

Question 32

Networking Tools: Decibel Loss

Answer 32

Copper = cable certifier, cable analyzer

Fiber = fiber light meter

Question 33

Fiber: Dry vs. Wet Cleaning

Answer 33

Dry Cleaning: Best for dust/dirt on connector
Wet Cleaning: Best for oil residue (ex: fingerprints)

Question 34

Parabolic vs. Directional Antennas

Answer 34

Parabolic works best outside (greater signal strength)
Directional is better for inside use

Question 35

CSU/DSU

Answer 35

Used to terminate the digital signals at a customer’s demarcation point

Question 36

Demarcation Point

Answer 36

The entrance facilities where your WAN connection will enter your building

Question 37

Teredo Tunneling

Answer 37

Used to give IPv6 connectivity to a computer with only an IPv4 connection

Question 38

Route Believability Metrics

Answer 38

Directly Connected = 0
Statically Configured = 1
EIGRP = 90
OSPF = 110
RIP = 120
External EIGRP = 170
Unknown/Unreachable = 255

Question 39

Link Lights: Activity Light

Answer 39

Status of link while in use
Off = no link or connection
Orange = connection established
Blinking orange = data activity occurring over link/connection

Question 40

Link Lights: Speed Light

Answer 40

Off
Slow, 10Mbps

Orange
100Mbps

Green
1Gbps

Question 41

IPv6: Dual Stack

Answer 41

Devices are able to run IPv4 and IPv6 in parallel

Question 42

Subinterfaces

Answer 42

A virtual interface created by dividing one physical interface into multiple logical interfaces

Question 43

RTO

Answer 43

Recovery Time Objective:
Time and service level within which a business process must be restored after a disaster to avoid unacceptable consequences

Question 44

RPO

Answer 44

Recovery Point Objective:
Interval of time during a disruption before data lost exceeds the BCP’s maximum allowable threshold or tolerance

Question 45

QSFP vs. QSFP+

Answer 45

QSFP = 40Gbps
QSFP+ = 41.2Gbps

Question 46

Neighbor Discovery Protocol

Answer 46

Used by IPv6 to learn the layer 2 addresses on the network
Router Solicitation - used by hosts
Router Advertisement - used by routers
Neighbor Solicitation - used by nodes
Neighbor Advertisement - used by nodes
Redirect - Routers informing host of better first-hop routers

Question 47

GRE

Answer 47

Generic Routing Encapsulation:
VPN/Tunneling System
Site-to-site private connection
Allows any protocol
Not secure on its own

mGRE = multipoint GRE (can be combined with DMVPN)

Question 48

RFC1918

Answer 48

Private IP addresses reserved
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

Question 49

DNS Record: SOA

Answer 49

Start of Authority:
Indicates which Domain Name Server (DNS) is the best source of information for the specified domain

Question 50

Connectionless Protocols

Answer 50

ICMP, UDP, IP, IPX

Connection-oriented protocols:
TCP, SSH, SSL

Question 51

VTP

Answer 51

VLAN Trunking Protocol:
Shares VLAN information to all switches in a network. VTP enables you to configure the VLAN on a VTP server for centralized configuration and management. When you make a change to the VLAN configuration on a VTP server, the change is propagated to all switches in the VTP domain

Question 52

SOW

Answer 52

Statement of Work:
A document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines

Question 53

SAN: iSCSI Switching

Answer 53

Set MTU to 9000 on each of the participants in the SAN

Question 54

VLAN Hopping Methods

Answer 54

Double tagging
Switch spoofing