N10-009-Section_1 Flashcards

Question 1

Q

What does OSI stand for

Answer

A

Open Systems Interconnect model is a standard of the international organization for standardization (ISO) - General purpose framework that characterizes and standardizes how computers communication with

Question 2

Q

Answer

A

e another over a network. Each layer serves the layer above it and is served by the layer below it

Question 3

Q

What does ISO stand for

Answer

A

International Organization for Standardization

Question 4

Q

List the 7 layers of the OSI Model

Answer

A

Application, Presentation, Session (Upper layers), Transport, Network, Data-Link, Physical

Question 5

Q

Describe the Application Layer

Answer

A

The Software

Question 6

Q

Describe the Presentation Layer

Answer

A

How the Software packages the data to be sent out

Question 7

Q

Describe the Session Layer

Answer

A

The connection session over which data is sent

Question 8

Q

Describe the Transport Layer

Answer

A

Includes TCP/UDP, Port numbers

Question 9

Q

Describe the Network Layer

Answer

A

IP Addresses, Routers

Question 10

Q

Describe the Data-Link Layer

Answer

A

MAC Addresses, Switches

Question 11

Q

Describe the Physical Layer

Answer

A

Ethernet Cables, Hubs

Question 12

Q

DLC

Answer

A

Data Link Control protocols. The category of layer 2 protocols that use MAC address to route info over a network. It defines how DLC organizes

Question 13

Q

What is TCP?

Answer

A

Transmission Control Protocol - A connection oriented protocol with a 3 way handshake

Question 14

Q

What is the TCP 3 way handshake

Answer

A

Client will send a Syn packet to the server, 2. server will send back a SYN/ACK response,3. Client sends an ACK back to the server. The connection is established and will stay open until someone closes it

Question 15

Q

What is UDP?

Answer

A

User Datagram Protocol - Connectionless Protocol - Data is just sent, no verification

Question 16

Q

What is the IP Packet?

Answer

A

The IP part of an Ethernet Frame - Dest IP, Source IP, Dest Port, Source Port, Sequence, ACK, Data

Question 17

Q

What are PDUs?

Answer

A

Protocol Data Units - Parts of a Frame that are used in different protocols

Question 18

Q

Describe the Ethernet Frame

Answer

A

A chunk of data sent across an ethernet network - 1500 bytes - Dest MAC, Source MAC, Dest IP, Source IP, Dest Port, Source Port, Sequence, ACK, Data, FCS

Question 19

Q

What is the TCP segment?

Answer

A

Same as UDP Datagram, but used in TCP - Dest Port, Source Port, Sequence, ACK, Data

Question 20

Q

What is the UDP datagram?

Answer

A

Same as TCP segment, but used in UDP - Dest Port, Source Port, Sequence, ACK, Data

Question 21

Q

ASIC

Answer

A

An ASIC (Application-Specific Integrated Circuit) in networking is a specialized hardware chip designed to perform specific tasks efficiently, particularly related to network packet processing and forwarding. Unlike general-purpose processors, ASICs are purpose-built for high-speed and low-latency operations in networking equipment such as routers, switches, and firewalls.

Question 22

Q

NGFW

Answer

A

Next Generation Firewall. As opposed to a traditional firewall that only filters traffic based on port number an NGFW can filter traffic on the application level as well.

Question 23

Q

IDS

Answer

A

Intrusion Detection System - could be a computer or software - watches for suspicious activity on a network

Question 24

Q

IPS

Answer

A

Active IDS - Intrusion Prevention - The device/software will actually do something to stop/reject the intrusion

Question 25

Q

TCP Offload

Answer

A

Refers to the load balancing of TCP related tasks. A Load Balancer can distribute TCP tasks to a certain server allowing the other servers to handle the rest of the data

Question 26

Q

SSL Offload

Answer

A

Refers to the load balancing of SSL related tasks. A Load Balancer can distribute TCP tasks to a certain server allowing the other servers to handle the rest of the data

Question 27

Q

Load Balancer

Answer

A

A Load balancer can distribute traffic among several servers. It can also perform tasks like TCP and SSL offloading to take those tasks away from the servers themselves. Can also provide Caching so requests don�t always have to go to the servers, and traffic prioritization. Content Switching, application-centric balancing, certain requests always go to certain servers.

Question 28

Q

Proxy Server

Answer

A

Device or software that runs on a server that acts as an intermediary between 2 other parts of a network - provides caching, content filtering, access control, acts sort of like a firewall. Proxy Servers are application specific, Web Proxy, FTP proxy, VOIP proxy

Question 29

Q

Forward Proxy Server

Answer

A

Forward proxy will take requests or data from a client and forward it out - Clients are aware of the proxy. Clients will need to be configured to use the proxy - Hides the Client

Question 30

Q

Transparent Proxy

Answer

A

Is in-line between clients and the internet so there is no configuration, clients have to go through the proxy to get out

Question 31

Q

Reverse Proxy Server

Answer

A

Proxy server represents the web server and not the client - used to protect the server from malicious actors - Can balance the load for high volume sites - protect against DoS attacks - Hides the server

Question 32

Q

NAS

Answer

A

Network Attached Storage - file level storage

Question 33

Q

SAN

Answer

A

Storage Area Network - Block level storage - big brother of NAS

Question 34

Q

Wireless LAN Controller

Answer

A

A switch or some software that allows you to configure all of your Access Points at once

Question 35

Q

CDN

Answer

A

Content Delivery Network. A server that can cache large amounts of data so that users don�t have to stream data from across the world, the just stream from the closest CDN

Question 36

Q

VPN

Answer

A

An Encrypted Tunnel to a proxy server. VPNs use a Concentrator or Head-end for clients to connect to.

Question 37

Q

VPN Concentrator / Head-end

Answer

A

A dedicated device that acts as an endpoint for the network. Performs high-speed encryption/decryption

Question 38

Q

QoS

Answer

A

Quality of Service. Traffic Shaping or Packet Shaping, can prioritize and control traffic

Question 39

Q

TTL

Answer

A

Time To Live. A way to stop a task if its taking too long or in danger of causing a loop. Could be applied to cached materials. TTL is measured in hops, each router the packet passes through will decrease the TTL by 1

Question 40

Q

Routing Loops

Answer

A

Can happen especially with static routes. TTL can help to prevent this.

Question 41

Q

Elasticity

Answer

A

Cloud. Can scale up or down as needed very quickly

Question 42

Q

Multitenancy

Answer

A

Cloud. Many different clients are using the same cloud infrastructure

Question 43

Q

NFV

Answer

A

Network Function Virtualization. The virtualization of network hardware

Question 44

Q

VPC

Answer

A

Virtual Private Cloud - Your own little cloud, router/firewall, switch that all connect to the internet. You can use a VPN to connect to a VPC for more security

Question 45

Q

Transit Gateway

Answer

A

VPCs are connected with a Transit Gateway. A “cloud router”

Question 46

Q

VPC Gateway

Answer

A

A VPC gateway will connect your VPC to external networks or can facilitate communication between components inside the VPC. Two common Types of VPC Gateways are Internet Gatway (IGW, connects your VPC to the public internet) and Virtual Private Gateway (VGW, connects your VPC to an external private network like an on-prem data center)

Question 47

Q

VPC NAT Gateway

Answer

A

Allows VPCs to connect to the internet without exposing them to inbound internet traffic. Outbound traffic only.

Question 48

Q

VPC Endpoint

Answer

A

Direct connected between cloud provider networks. AWS to some other cloud provider.

Question 49

Q

NSL

Answer

A

VPC. Network Security List. Rules that can control access to VPCs based on protocols and ports. Lists are applied to all VPCs on all subnets. They are very broad and can become difficult to manage.

Question 50

Q

NSG

Answer

A

VPC. Network Security Group. Gives more granularity than a Network Security List. You can apply access control rules to a specific VNIC.

Question 51

Q

Private Cloud

Answer

A

Just within my organization. Apps or resources just in your org

Question 52

Q

Public Cloud

Answer

A

Azure - anyone who wants to join can. An app that you want other people outside of your org to access and use

Question 53

Q

Hybrid Cloud

Answer

A

Little bit of public and private - some of the cloud is segregated as private and other parts are public. Often times a large org with a lot of resources can sell out unused resources of their org

Question 54

Q

Community Cloud

Answer

A

A bunch of smaller orgs can join up and create a cloud as clouds are expensive

Question 55

Q

IaaS

Answer

A

Infrastructure as a service (AWS) - Servers, Firewalls, virtualized. Sometimes called HaaS, Hardware as a Service

Question 56

Q

PaaS

Answer

A

Platform as a service - For developers - Servers/Backups are all created, all that’s left is for the developer to build an app

Question 57

Q

SaaS

Answer

A

Software as a service (O365), no local installation

Question 58

Q

DaaS

Answer

A

Desktop as a service - end user workstations are in the cloud and can be accessed with a thin client - Servers are in the cloud

Question 59

Q

What does TCP/IP stand for

Answer

A

Transmission Control Protocol / Internet Protocol - Developed in the 1960s by the US Department of Defence’s (Dod) Advanced Research Projects Agency (ARPA)

Question 60

Q

Non-ephemeral Ports

Answer

A

0-1023, these port numbers are reserved for common services

Question 61

Q

Ephemeral ports

Answer

A

1024-65535. Free for use

Question 62

Q

What is ICMP?

Answer

A

Internet Control Message Protocol - Works on the Internet layer of the TCP/IP model. No Port numbers in ICMP. Really isn’t any data - Ping is ICMP, doesn�t really send data, just want to check if someone is there and responding. ARP is also ICMP.

Question 63

Q

GRE

Answer

A

GRE (Generic Routing Encapsulation) is a tunneling protocol used in computer networks to encapsulate a wide variety of network layer protocols into point-to-point connections. GRE allows for the creation of virtual tunnels between devices, enabling them to transport packets of data from one network to another over an intermediary network, such as the Internet.

Question 64

Q

Site-to-Site VPN

Answer

A

Takes two networks and connects them with a VPN. Almost always on.

Answer 65

A

IPSec (Internet Protocol Security) is a suite of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a communication session. IPSec operates at the network layer of the OSI model, which means it can secure any application that uses IP, regardless of the application protocol.

Answer 66

A

AH (Authentication Header) is one of the two main protocols used in IPSec (Internet Protocol Security) to provide security services, specifically focusing on data integrity, authentication, and anti-replay protection. While AH ensures the authenticity and integrity of the data, it does not provide encryption of the payload. This means that while AH secures the header and data integrity, the data itself is still transmitted in plaintext.

Answer 67

A

ESP (Encapsulating Security Payload) is one of the two main protocols used in IPSec (Internet Protocol Security) to secure IP communications. Unlike AH (Authentication Header), which only provides authentication and integrity, ESP provides confidentiality (encryption), data integrity, authentication, and anti-replay protection. ESP Encrypts the packet.

Answer 68

A

IKE (Internet Key Exchange) is a protocol used in IPSec to securely establish shared security associations (SAs) between two parties, such as routers, firewalls, or VPN gateways. IKE is responsible for negotiating and setting up the keys and security parameters used for encrypted communication. It allows the two peers to authenticate each other and securely exchange cryptographic keys for the IPSec protocol to use.

Answer 69

A

Uses Diffie-Hellman Key Exchange to create a shared secret key. UDP/500. This process is referred to as ISAKMP (Internet Security Association and Key Management Protocol). Asymmetric Encryption is used to create a shared Symmetric Key. At this point you have a secure symmetric key that can be used for fast encryption/decryption.

Answer 70

A

Diffie-Hellman Key Exchange. Used in Phase 1 of IKE, each side creates a private key and derives a public key from it. The public keys are exchanged. Each side then takes their own private key and the public key from the other side and creates a 3rd key known as the Diffie-Hellman key. Each side will have generated the same DH key. This DH key is used to then exchange key material and agreements. Each key then generates a 4th key (a symmetrical key) from the DH key, and this key is used to encrypt everything passing through the Phase 1 tunnel.

Answer 71

A

Coordinates ciphers and key sizes for the encryption. Negotiation of an inbound and outbound SA for IPSec. Phase 2 starts out with each side having a DH key, and the same symmetric key that has never been transmitted, and the phase 1 tunnel. With these keys, each side can negotiate a common cipher between the two. Then a 5th key (IPSEC key, symmetrical key) is created. This key is what is used to encrypt the bulk of the data.

Answer 72

A

A mode of an IPSEC VPN connection. Ipsec header is inserted into the IP packet before the IP header. The data is still encrypted but the IP header is not.

Answer 73

A

A mode of an IPSEC VPN connection. More secure than Transport Mode, there is a new IP header that is encrypted placed in front of the Ipsec header that is placed in front of the entire IP packet. Most implementations of IPSEC will use Tunnel Mode

Answer 74

A

As opposed to multicast, anycast is one-to-one-of-many (multicast is one-to-many-of-many). Multiple devices are setup to receive the anycast, but the anycast data is sent to whoever is closest or whoever it can reach first.

Answer 75

A

Global System for Mobile Communications - relies on TDMA - Oldest cellular technology

Answer 76

A

TDMA (Time Division Multiple Access) is a channel access method used in digital communication systems to allow multiple users or devices to share the same frequency channel by dividing the signal into time slots. Each user or device is allocated a specific time slot to transmit their data, enabling multiple users to use the same frequency band without interference.

Answer 77

A

EDGE (Enhanced Data Rates for GSM Evolution) is a mobile data technology that is an enhancement to the existing GSM (Global System for Mobile Communications) network, offering higher data transmission speeds and improved performance for mobile broadband services. EDGE is often referred to as 2.75G because it sits between 2G (GSM) and 3G (UMTS) technologies.

Answer 78

A

CDMA (Code Division Multiple Access) is a digital cellular technology used in mobile communication systems that allows multiple users to share the same frequency spectrum by assigning unique codes to each user’s data. Unlike other technologies like TDMA (Time Division Multiple Access) or FDMA (Frequency Division Multiple Access), CDMA enables users to transmit simultaneously over the same frequency channel, but each transmission is differentiated by its unique code.

Answer 79

A

Long Term Evolution - is a 4G technology. 150mbps

Answer 80

A

Long Term Evolution Advanced - 300mbps

Answer 81

A

5th Generation - runs on three bands, low, medium, and high - Higher the frequency the faster the speeds. Max 10gbps throughput

Answer 82

A

SFP (Small Form-factor Pluggable) is a compact, hot-pluggable transceiver module used for fiber optic and copper connections in networking equipment, such as switches, routers, and network interface cards (NICs). SFP supports speeds for 1Gbps. SFP modules allow for flexible and customizable network connections, as they can be easily replaced or upgraded to support different transmission speeds, distances, and types of media (fiber or copper).

Answer 83

A

SFP+ (Small Form-factor Pluggable Plus) is a compact, hot-pluggable transceiver module used for fiber optic and copper connections in networking equipment, such as switches, routers, and network interface cards (NICs). SFP supports speeds for 16Gbps. Commonly used for 10G Ethernet.

Answer 84

A

QSFP (Quad Small Form-factor Pluggable) is a type of high-speed transceiver used in networking equipment to support data transmission over optical or copper cables. Its 4x SFP+ modules. 40Gbps

Answer 85

A

Mesh, Star (hub and spoke), Bus, Ring, Hybrid

Answer 86

A

Every host is connected to every other host. Mesh creates fault tolerance

Answer 87

A

Multiple hosts that connects to a central box (hub or switch etc)

Answer 88

A

Oldest, all hosts are connected by a single trunk cable. If the cable breaks everything goes down.

Answer 89

A

Hosts connected in a ring. Frames with travel around the ring to get to the destination. Trouble only happens if there is a break between adjacent hosts.

Answer 90

A

Combined topologies, most popular is Star-Bus (a switch)

Answer 91

A

A series of switches labeled as spine and leaf. Each spine switch connects to each leaf, and vise versa. The leaves connect to the servers or infrastructure. The spines do not connect directly to each other and neither to the leaves. Use a lot in data-centers for top-of-rack switching.

Answer 92

A

A kind of network architecture. Core, Distribution/Aggregation, and Access/Edge

Answer 93

A

Core Layer - The meat of your org. Databases, web servers, applications, stuff everyone needs access to. Core routers.

Answer 94

A

Distribution/Aggregation Layer - The midpoint between the core and the users. Switches that manage the paths to the end users.

Answer 95

A

Access/Edge layer - The workstations, printers, wherever the users connect

Answer 96

A

Smaller than 3 tier, combines the core and distribution layer. For smaller orgs

Answer 97

A

North, South, East, West - North = traffic up to the core and out through the ISP. East/West = traffic going from server to server. South = traffic coming down from the core to the servers

Answer 98

A

Allows multiple devices to use a single public IP address. To conserve public IP addresses. Devices are assigned a private address from the NAT device.

Answer 99

A

RFC 1918 (Request for Comments 1918) is a standard published by the Internet Engineering Task Force (IETF) that defines private IP address ranges for use within private networks. These address ranges are reserved for use in local area networks (LANs) and are not routable on the public internet. The purpose of RFC 1918 is to conserve the limited pool of public IPv4 addresses by allowing private addresses to be used within internal networks without the need for public IP addresses.

Answer 100

A

VLSM (Variable Length Subnet Mask) is a subnetting technique used in IP networking that allows the division of an IP address space into subnets of different sizes, rather than using a fixed subnet size. This enables more efficient use of IP address space by tailoring the subnet mask to match the number of required hosts in each subnet.

Answer 101

A

SDN - The Management Plane is responsible for the administration, configuration, monitoring, and management of a network device. It handles interactions between network administrators and the device and is usually accessed through various management interfaces.

Answer 102

A

SDN - The Control Plane is responsible for making decisions about where and how data packets should be forwarded. It�s the �brains� of the device, determining the best paths for data and updating routing tables or forwarding information bases (FIBs) accordingly.

Answer 103

A

SDN - The Data Plane (also known as the Forwarding Plane) is responsible for the actual forwarding of data packets based on the decisions made by the control plane. It�s the �muscle� of the network device, handling the high-speed movement of data through the network. Trunking, Encrypting, NAT

Answer 104

A

Software-Defined Networking (SDN) is an approach to network management that enables network administrators to manage, configure, and optimize network resources through software-based controllers rather than traditional hardware-centric configurations. SDN separates the control plane (the decision-making component) from the data plane (the part that actually moves packets through the network), which allows for centralized control and a high degree of flexibility.

Answer 105

A

Specializes in the optimization of wide-area networks (WANs), particularly for connecting branch offices, data centers, and cloud environments. Uses software to manage network traffic dynamically over multiple WAN connections (e.g., MPLS, broadband, LTE). SD-WAN is the use of SDN over multiple WANs to connect brand offices of larger organizations. SD-WANs know what application is in use and knows where on the cloud to send traffic for it. Transport agnostic, SD-WAN will handle any medium of connection (Coax, DSL, Fiber)

Answer 106

A

Zero-touch Provisioning - SD-WAN/SDN - Remote equipment is automatically configured by a controller/server when it joins the network

Answer 107

A

Virtual Extensible LAN - Technology that was designed to connect services at different data centers together and deal with differences between those datacenters like IP address schemas and encapsulation of data while it travels between sites.

Answer 108

A

DCI (Data Center Interconnect) using VXLAN (Virtual Extensible LAN) refers to the use of VXLAN technology to connect or interconnect multiple data centers, enabling them to operate as a single unified network. This approach allows organizations to extend their Layer 2 networks over a Layer 3 infrastructure, which is essential for creating a highly scalable, flexible, and efficient network architecture between geographically dispersed data centers.

Answer 109

A

Layer 2 Encapsulation in VXLAN (Virtual Extensible LAN) refers to the process of encapsulating Layer 2 Ethernet frames inside Layer 3 UDP packets. This encapsulation is crucial for creating overlay networks in a VXLAN architecture, enabling Layer 2 communication over a Layer 3 IP infrastructure. By using this encapsulation technique, VXLAN provides network virtualization and allows data centers or remote sites to connect their Layer 2 networks, even if the underlying physical infrastructure is based on Layer 3.

Answer 110

A

ZTA (Zero Trust Architecture) is a security framework that assumes no implicit trust for any user, device, or system�whether inside or outside the network perimeter. In a Zero Trust Architecture, trust is never assumed; instead, it is continuously verified and validated, often through a combination of user authentication, device verification, and access policies. The principle of ZTA is based on the idea of “never trust, always verify.”

Answer 111

A

Policy-Based Authentication in the context of Zero Trust Architecture (ZTA) refers to the use of dynamic, context-driven policies to determine whether an entity (such as a user, device, or application) should be authenticated and granted access to network resources. In ZTA, authentication is not a one-time process; it�s an ongoing, continuous verification based on predefined policies that account for various factors like user identity, device security posture, location, and behavior. Time of day could be a factor for authentication as well.

Answer 112

A

Part of a Policy Based Authentication. Looks at whos trying to authenticate to the network, where they are at the time of auth, type of connection, IP address. Uses all of that together to determine the level of authentication

Answer 113

A

Authorization in Zero Trust Architecture (ZTA) refers to the process of determining what resources and actions a user, device, or application is allowed to access after successful authentication. In a Zero Trust model, authorization is based on granular, policy-driven rules that evaluate multiple factors, such as the user’s identity, device health, location, and behavior, to enforce least-privilege access to resources.

Answer 114

A

SASE (Secure Access Service Edge) (A next gen VPN) is a cloud-based security architecture that combines networking and security services into a unified, integrated model. SASE delivers a comprehensive suite of capabilities to support modern, distributed workforces, remote access, and secure connections for users, devices, and applications, regardless of their location. The goal of SASE is to enable secure and optimized access to applications and data while simplifying the management of networking and security infrastructure.

Answer 115

A

SSE (Security Service Edge) is a subset of the SASE (Secure Access Service Edge) framework, focusing primarily on delivering cloud-based security services without the networking components (like SD-WAN). SSE focuses on providing essential security capabilities that protect users, devices, and applications while they access corporate data and resources, especially as the workforce becomes increasingly distributed.

Answer 116

A

Infrastructure as Code is the practice of managing and provisioning computing infrastructure through machine-readable scripts rather than through manual configuration. IaC treats infrastructure setup (e.g., creating servers, networking, storage) as code, which is then version-controlled, tested, and executed just like application code.

Answer 117

A

Playbooks, templates, and reusable tasks are key components of Automation in Infrastructure as Code (IaC), and they help streamline the process of defining and managing infrastructure. These components enable the automation of infrastructure provisioning, configuration, and management tasks, making it easier to implement and maintain consistent environments. Can use to recover from ransomware, or investigate a data breach

Answer 118

A

Security, Orchestration, Automation, and Response. Part of IaC. A management consol that allows management and monitoring of playbooks

Answer 119

A

Configuration Drift and Compliance in the context of Infrastructure as Code (IaC) refer to the challenges and practices associated with maintaining consistency and ensuring that infrastructure configurations adhere to predefined standards, even as environments evolve over time. IaC can help prevent configuration drift by applying a standardized config across the board

Answer 120

A

Automation in Infrastructure as Code (IaC) refers to the practice of managing and provisioning IT infrastructure (like servers, networks, databases, and more) through automated scripts or code, rather than manually configuring hardware and software. IaC enables teams to define their infrastructure using machine-readable configuration files that can be versioned, reused, and managed just like application code. Automation in IaC improves consistency, reduces human error, and accelerates the deployment process.

Answer 121

A

Upgrades in the context of Automation (IaC) refer to the process of automating the updating and patching of infrastructure, applications, and configurations to ensure that the systems remain secure, efficient, and up-to-date. This can involve updating software versions, applying security patches, scaling resources, or making other changes to keep the infrastructure in line with the evolving requirements of the organization.

Answer 122

A

Dynamic Inventories in the context of Automation (IaC) refer to the capability of automatically generating and maintaining a list of infrastructure components (e.g., servers, virtual machines, network devices) that are part of the environment, without having to manually define them. These inventories are usually created in real-time based on the current state of the infrastructure, which can be crucial for scaling, managing, and automating complex environments.

Answer 123

A

Source Control (Version Control) in the context of Infrastructure as Code (IaC) is the practice of using version control systems (VCS) like Git to track and manage changes to IaC scripts, configuration files, and templates over time. Just like software code, infrastructure code (e.g., Terraform configurations, Ansible playbooks, CloudFormation templates) is stored in source control repositories, enabling teams to collaborate, version, and audit infrastructure changes effectively.

Answer 124

A

Version Control in the context of Source Control (IaC) is a fundamental practice that involves managing changes to Infrastructure as Code (IaC) configurations over time. Version control systems (VCS) like Git, Mercurial, or Subversion are used to track, manage, and organize the changes made to IaC scripts, templates, and configuration files. This allows teams to maintain a clear history of infrastructure changes, collaborate efficiently, and ensure that configurations are reproducible and auditable.

Answer 125

A

A Central Repository in the context of Source Control (IaC) refers to a centralized version-controlled storage location where all Infrastructure as Code (IaC) files, scripts, templates, and configurations are stored. This repository serves as the single source of truth for infrastructure definitions and provides a central point for collaboration, versioning, and management of the code that automates the provisioning and management of infrastructure.

Answer 126

A

Conflict Identification in the context of Source Control (IaC) refers to the process of detecting and resolving conflicts that arise when multiple team members make changes to the same infrastructure code or configuration files. These conflicts can occur when two or more contributors modify the same lines of code or sections of infrastructure definitions (e.g., Terraform, Ansible, or CloudFormation templates) in incompatible ways.

Answer 127

A

Branching in the context of Source Control (IaC) refers to the practice of creating separate lines of development within a version control system (e.g., Git) to work on different features, changes, or versions of Infrastructure as Code (IaC) independently. Branching allows teams to develop and test changes in isolation without affecting the main or production codebase, enabling collaborative work on infrastructure configurations and allowing safer rollouts of infrastructure updates.

Answer 128

A

One protocol can be encapsulated within another so that devices that can’t handle IPv6 can still be reached.

Answer 129

A

When a device can use both IPv4 and IPv6 at the same time. Interfaces are assigned both an IPv4 and IPv6 address and can use either one dynamically.

Answer 130

A

NAT that translates IPv4 and IPv6. Requires a specialized router in the middle to translate. Uses a specialized DNS server called DNS64

Answer 131

A

A special DNS server that can translate IPv6 DNS requests to IPv4 by reaching out to a traditional IPv4 DNS server, it will then translate the response and forward it on to the IPv6 device that made the request.

Answer 132

A

To send IPv6 over an existing IPv4 network. Creates an IPv6 Address based on the IPv4 address. Requires Relay routers, no NAT support, No longer available on Windows. Pretty old stuff, not really used anymore

Answer 133

A

Tunnel IPv4 on an IPv6 network. Old, not found much any more

Brainscape's Knowledge GenomeTM

N10-009-Section_1 Flashcards

Brainscape's Knowledge Genome^TM