N10-009-Section_3

Question 1

IPAM

Answer 1

IP Address Management. IPAM software us used to track and manage IP Addresses

Question 2

SLA

Answer 2

Service Level Agreement - defines the scope and the quality of the service provided

Question 3

Production Configuration

Answer 3

The most current config that is running, the config that will be deployed to new devices

Question 4

Backup Configuration

Answer 4

A backup of the configuration in case an update or config change goes wrong. A VM snapshot

Question 5

Baseline/Golden Configuration

Answer 5

A baseline for creating and testing production configurations

Question 6

SNMP

Answer 6

Simple Network Management Protocol - Tool that allows us to manage network devices - Requires an agent on the device

Question 7

Managed Device

Answer 7

A device setup for SNMP - UPD 161, Encrypted TSL 10161 Listening ports

Question 8

SNMP Manager

Answer 8

Software to manage SNMP devices - UDP 162 and TLS 10162

Question 9

MIB

Answer 9

Management Information Base - A device will keep a database of information ready for requests from a management device

Question 10

Get (SNMP)

Answer 10

The NMS sending a “Get” request to the device

Question 11

Trap (SNMP)

Answer 11

Setup on the device itself. A trigger that will report to the manager if a certain criteria is met

Question 12

Walk (SNMPWalk)

Answer 12

Batch process of Get - Asking several requests

Question 13

SNMP v1

Answer 13

First, Structured tables, in-the-clear, no encryption, limited commands, no encryption

Question 14

SNMP Community

Answer 14

Organization of Managed Devices

Question 15

NMS

Answer 15

In networking, an NMS (Network Management System) is a software or hardware solution designed to monitor, manage, and maintain computer networks. It provides tools and functionalities that help administrators oversee the performance, health, and configuration of network devices such as routers, switches, servers, and other IT infrastructure components.

Question 16

SNMP v2c

Answer 16

SNMPv2c (Simple Network Management Protocol version 2c) is an enhancement over SNMPv1, providing improvements such as better performance and more efficient error handling, but it still has security limitations. The “c” in SNMPv2c stands for community-based security, which means that it uses community strings (like in SNMPv1) for authentication, rather than more advanced methods like those introduced in SNMPv3. Not Encrypted like V3

Question 17

SNMP v3

Answer 17

SNMPv3 (Simple Network Management Protocol version 3) is the latest version of SNMP and addresses many of the security vulnerabilities found in earlier versions (SNMPv1 and SNMPv2c). While SNMPv1 and SNMPv2c rely on community strings for authentication, SNMPv3 introduces features for enhanced security, including authentication, encryption, and access control.

Question 18

OID (SNMP)

Answer 18

Object ID - A MIB will contain a database of information with OIDs so a query knows how to ask for certain data. Looks like 1.3.6.1.2.11.23 - each number refers to a category of data

Question 19

Community Strings (SNMP)

Answer 19

In SNMP (Simple Network Management Protocol), community strings act as passwords for controlling access to network devices. They are used to authenticate and authorize management stations (like network monitoring tools) to interact with network devices such as routers, switches, and servers. These community strings are sent in plaintext (in SNMP versions 1 and 2c), which makes them vulnerable to interception.

Question 20

Authentication (SNMP)

Answer 20

Authentication (SNMP) refers to the methods used to verify and secure the identity of users or devices communicating via the Simple Network Management Protocol (SNMP). Authentication ensures that only authorized entities can access or manage network devices such as routers, switches, and servers through SNMP.

Question 21

NetFlow

Answer 21

Summary of stats based on the flows of traffic traversing the network. Works with a probe and collector, the probes are placed somewhere in the network and report back to the collector. Software then queries the collector for data

Question 22

SIEM

Answer 22

System Information and Event Management - Takes all kinds of network data and puts them in a management console that can be used to view and analyze.

Question 23

List the 2 important parts of SIEM

Answer 23

Aggregation: we can grab data from different places and are storing, Correlation: checking for patterns in the data that might reveal issues or other occurences

Question 24

Syslog

Answer 24

Syslog (System Logging Protocol) is a standardized protocol used for collecting, forwarding, and storing log messages from various devices within a network, such as routers, switches, firewalls, and servers. It provides a way for devices to log events and send those logs to a centralized server, known as a Syslog server, for monitoring, analysis, and troubleshooting.

Question 25

Port Mirroring

Answer 25

You can duplicate all data coming through a port on another port so you can monitor what data is going in an out

Question 26

SPAN

Answer 26

Switched Port Analyzer. Another name for a Port Mirror

Question 27

DRP

Answer 27

Disaster Recovery Plan

Question 28

Backup Plan Assessment

Answer 28

Records how much data might be lost and how much can be restored

Question 29

RPO

Answer 29

Recovery Point Objective - state of the backup when the data is recovered - how much data will be lost after the recovery

Question 30

RTO

Answer 30

Recovery Time Objective - The amount of time needed to recovery full functionality from when the org ceases to function

Question 31

List the 2 types of data when it comes to backups

Answer 31

Configuration Data and State

Question 32

Configuration Data (Disaster Recovery)

Answer 32

Router settings, configurations

Question 33

State Data (Disaster Recovery)

Answer 33

Example would be convergence between routers, user data from an AD server

Question 34

Full Backup

Answer 34

Backup of everything, takes a long time

Question 35

Differential Backup

Answer 35

Backup all changes since the last full backup - Only need 2 backups to restore - the last full backup and the most recent differential backup - Fewer backups, but larger backups

Question 36

Incremental Backup

Answer 36

Only backs up changes from the last backup of any type - To retore, you need the full backup and all other incremental backups - More backups, but smaller

Question 37

Local Backups

Answer 37

Separate backups stored locally on hard drives

Question 38

Offsite Backup

Answer 38

Backups stored offsite - for safety

Question 39

Cloud Backup

Answer 39

Work great - but takes a while to run - Many cloud providers will do a continuous incremental backup after the initial backup is made

Question 40

MTTF (Disaster Recovery)

Answer 40

Mean Time to Failure - The time between the last and the next failure

Question 41

MTTR (Disaster Recovery)

Answer 41

Mean Time to Recovery/Repair - Downtime, average time to repaire, time from the point of failure to the point of recovery

Question 42

MTBF (Disaster Recovery)

Answer 42

Mean Time Between Failure - Time between the start of the last failure and the start of the next failure - This time will include MTTF and MTTR

Question 43

BCP (Disaster Recovery)

Answer 43

Business Continuity/Contengency Plan - Plan to keep the business going in times of disaster

Question 44

Cold Backup Site

Answer 44

Takes weeks to bring online - just another office space with no operational equipment - pretty much have to set the whole thing up. Cheapest

Question 45

Warm Backup Site

Answer 45

Takes a few days to bring online - some operational equipment/computers but limited

Question 46

Hot Backup Site

Answer 46

Ready to go - maybe take a few hours - the Hot site syncs with the main office so everything is ready - expensive to maintain

Question 47

Cloud Site

Answer 47

Data is in the cloud

Question 48

Backup Site requirements

Answer 48

Make sure its far enough away so that the disaster that effected the main site doesn�t also affect the backup site - needs sufficient internet

Question 49

Order of Restoration (Disaster Recovery)

Answer 49

Sample: Power restored and working, Wired LAN, ISP link, AD/DNS/DHCP, Accounting Servers, Sales and accounting workstations, video production servers, video production workstations, wireless AP

Question 50

Failover

Answer 50

The process of making a backup site happen

Question 51

Alternative Processing Sites (Disaster Recovery)

Answer 51

Larger orgs might have different sites to host certain data - orgs might make deals with other orgs to use resources in time of need

Question 52

Alternative Business Practices (Disaster Recovery)

Answer 52

How to use different accounting software, or how to take credit card payments in the event our main method goes down

Question 53

After Action Reports (Disaster Recovery)

Answer 53

Documentation of everything that happened in a disaster

Question 54

Site Resiliency

Answer 54

The process of moving from site to site to avoid/prevent disaster

Question 55

Active-Passive

Answer 55

Network Redundancy. 2 devices are installed and configured, one is working and the other just waits for the first one to fail then it will take over

Question 56

HA

Answer 56

High Availability - What can and is done to make sure data is always available to access - Load Balancing,

Question 57

Active-Active (HA)

Answer 57

An Active-Active configuration in server or data center environments refers to a setup where multiple servers, typically at least two, are simultaneously active and processing requests. This design aims to increase both availability and load balancing, ensuring that even if one server fails, the other(s) can continue to handle the workload without downtime.

Question 58

VRRP (HA)

Answer 58

VRRP (Virtual Router Redundancy Protocol): A standards-based protocol similar to HSRP, designed to allow multiple routers to share a virtual IP address and provide failover in case one router becomes unavailable.

Question 59

HSRP (HA)

Answer 59

HSRP (Hot Standby Router Protocol): A Cisco proprietary protocol that allows multiple routers to work together to present the appearance of a single virtual router to end devices.

Question 60

GLBP (HA)

Answer 60

GLBP (Gateway Load Balancing Protocol): Another Cisco proprietary protocol that provides both redundancy and load balancing by distributing traffic across multiple routers while still maintaining a single virtual gateway IP address.

Question 61

DORA

Answer 61

Steps of DHCP, Discover=Find a DHCP server, Offer=Get an offer, Request=Lock in the offer, Acknowledge=DHCP server confirmation

Question 62

DHCP options

Answer 62

IP address/Subnet/DNS arent the only thing that can be configured using DHCP. There are 256 values that can be configured by DHCP

Question 63

SLAAC (DHCP)

Answer 63

SLAAC (Stateless Address Autoconfiguration) Used in IPv6. Self-Configuration: Devices independently configure their IPv6 addresses using information provided by router advertisements (RAs). These RAs are sent by routers on the network. Stateless: There is no central server keeping track of which devices are assigned which addresses. The router sends a prefix in an RA message and devices combine this prefix with their interface identifier (often derived from the MAC address) to create a unique IPv6 address.

Question 64

Stateless Addressing

Answer 64

Assigning an IPv6 address to yourself, automatically. No separate server, no tracking of IP or MAC addresses, no lease time.

Question 65

NDP

Answer 65

Neighbor Discovery Protocol. Replaces ARP, NDP uses multicast instead of broadcasts.

Question 66

SLAAC

Answer 66

Stateless Address AutoConfiguration. Automatically configures an IP address without a DHCP server for IPv6

Question 67

DAD

Answer 67

Duplicate Address Detection. A process in IPv6 that checks for duplicate IPv6 addresses on the network.

Question 68

RS

Answer 68

Part of NDP. Router Solicitation. An IPv6 device can send out a packet to ask if there are any routers on the network. Sent to ff02::2

Question 69

RA

Answer 69

RA (Router Advertisement) is a message sent by routers in an IPv6 network to inform hosts about network parameters and facilitate automatic configuration. It is part of the Neighbor Discovery Protocol (NDP), which operates in IPv6 (replacing functions previously handled by ARP and DHCP in IPv4). Routers can send unsolicited RAs

Question 70

IPv6 bits

Answer 70

128 address

Question 71

Aggregation (IPv4-6)

Answer 71

Where all networks and subnetworks are layed out logically. 1.x.x.x is the top of the internet, 1.25.x.x and 1.43.x.x are subnetworks connected to it, and 1.25.23.x, 1.43.76.x are sub-subnetworks connected to those. This way, routing can be done quickly and logically. But this doesn�t actually work in practice cause of complexities. IPv6 can properly use aggregation and therefore is faster

Question 72

IPv6 Self-configuration

Answer 72

IPv6 addresses auto configure themselves - No ARP, no NAT, no DCHP (although there is some backwards compatibility)

Question 73

Fe80::

Answer 73

The first section of a link local IPv6 address - fe80:0000:0000:0000

Question 74

Link Local IPv6 Address

Answer 74

The IP address self-generated by each host - The first section of a link local IPv6 address - fe80:0000:0000:0000 - second part is generated from the MAC address through EUI-64

Question 75

EUI-64

Answer 75

An algorithm that turns a MAC address into the last portion of a Link Local IPv6 Address - ff-fe is added to the middle of the MAC address - Some hosts will use a Randomizer to generate the last 4 sections for security reasons

Question 76

List shorthands for IPv6

Answer 76

1. You can drop the leading 0s. 2. You can reduce any long string of 0000s to just “::” but only once in the address

Question 77

List the 2 IPv6 Address for each Host

Answer 77

Link Local Address: Generated by the host - Internet Address: Generated and given by the gateway

Question 78

Subnetmask for IPv6

Answer 78

Is almost always /64 - Everything is CIDR with IPv6

Question 79

Dual Stack (IPv6)

Answer 79

Means you’re running IPv4 and IPv6

Question 80

Neighbor solicitation (IPv6)

Answer 80

A message sent from a client to all clients on an IPv6 network using ICMP v6 to give their MAC and IPv6 Address. The clients will respond and send out neighbor advertisements

Question 81

Neighbor advertisement (IPv6)

Answer 81

Response from clients on an IPv6 network - clients send out their addresses and MAC to everyone else on the network

Question 82

ICMP v6 (IPv6)

Answer 82

ICMP but for IPv6 - Internet Control Message Protocol - Works on the Internet layer of the TCP/IP model. No Port numbers in ICMP. Really isn’t any data - Ping is ICMP, doesn�t really send data, just want to check if someone is there and responding. ARP is also ICMP.

Question 83

Temporary IPv6 Address

Answer 83

Clients will spin up several IPv6 addresses and can alternate using them for more security

Question 84

Router Prefix (IPv6)

Answer 84

Networks up the tree will generate IPv6 prefixs and info for routers via DHCP v6

Question 85

gTLD/TLD

Answer 85

Generic Top Level Domains. .com .org .edu

Question 86

ccTLD/TLD

Answer 86

Country Code Top Level Domains. .us, .ca, .uk

Question 87

Local Name Resolution

Answer 87

When you might need to override the DNS server, to access a test server, or if the DNS server is misconfigured. Your computer has a hosts file, and it contains a list of IP addresses and host names. The entries in the Hosts file are preferred. Not all apps look to the Hosts file

Question 88

Forward Lookup

Answer 88

Device sends an FQDN to the DNS server, the server responds with an IP address

Question 89

Reverse Lookup

Answer 89

Device sends and IP address to the DNS server, the server responds with an FQDN

Question 90

Recursive DNS Queries

Answer 90

Describes the phenomenon of a DNS server discovering a record. The server will first ask the root DNS server where www.professormesser.com is, the root server will respond with the location of the .com TDL server. The requesting server can then ask the .com server, then the .com server will respond with the location of the professormesser.com nameserver, which will in turn tell the requesting server the IP of www.professormesser.com

Question 91

Resolver (DNS)

Answer 91

The device making a DNS request

Question 92

DNSSEC

Answer 92

DNSSEC (Domain Name System Security Extensions) is a set of extensions to the DNS (Domain Name System) that adds security to prevent certain types of attacks, such as DNS spoofing or cache poisoning. It ensures the authenticity and integrity of DNS responses, protecting against malicious actors who may try to inject fake DNS records into the network.

Question 93

DoH

Answer 93

DoH (DNS over HTTPS) is a protocol that encrypts DNS queries and responses by sending them over HTTPS (the same protocol used for secure web traffic). It enhances privacy and security by preventing third parties from intercepting or tampering with DNS requests.

Question 94

DoT

Answer 94

DoT (DNS over TLS) is another protocol designed to enhance the privacy and security of DNS queries by encrypting them. Similar to DNS over HTTPS (DoH), DoT ensures that DNS queries and responses are transmitted securely, but it uses TLS (Transport Layer Security), the same encryption protocol used to secure other internet communications like HTTPS, instead of HTTPS itself.

Question 95

Secondary Domain Name

Answer 95

Google / totalsem / starpt

Question 96

WWW

Answer 96

As opposed to mail.totalsem.com or ftp.totalsem.com. WWW can indicate the webserver of the domain. WWW is the host (A record) for the website. As ‘totalsem.com’ is the domain, not necessarily the website.

Question 97

Authoritative Server

Answer 97

A kind of DNS server that has final authority within a domain. It�s the server that knows the IP addresses for the domain

Question 98

Root Hints

Answer 98

The list of root servers and their IP addresses. The Root servers are the highest authority in DNS.

Question 99

Interior DNS

Answer 99

A local DNS server that uses an internal domain that isnt out on the internet

Question 100

Lookup zones

Answer 100

Classification of DNS records - Forward lookup, Reverse Lookup

Question 101

Forward Lookup

Answer 101

Forward Lookup Zone - can resolve a name to an IP address - A record, mx record, cname

Question 102

Reverse Lookup

Answer 102

Can resolve IP address back to domain name - a way mail servers can check if the mail came from the place it says it is coming from - the name is the network ID backwards followed by .in-addr.arpa - 50.168.192.in-addr.arpa

Question 103

SOA

Answer 103

Start of Authority - The primary DNS server for the domain

Question 104

Name Server

Answer 104

(NS) - Other DNS servers in the domain

Question 105

A Record

Answer 105

DNS - a host address and name - IPv4 only

Question 106

AAAA Record

Answer 106

DNS - a host address and name - but for IPv6

Question 107

CNAME

Answer 107

Canonical Name - so you don�t have to type www. This is a DNS record that points totalsem.com to www.totalsem.com

Question 108

MX Record

Answer 108

Mail Exchange Record - a special host record for mail.

Question 109

SVR Record

Answer 109

Server Record - Service location record - Points to a server that has a service -

Question 110

TXT Record

Answer 110

Just some text - used to be just like a notes sections in the DNS software - but now SPF and DKIM use the text records

Question 111

PTR

Answer 111

Reverse of an A record - Maps IP address to FQDN. Used to perform Reverse Lookups

Question 112

SPF

Answer 112

SPF (Sender Policy Framework) is a DNS record type used to prevent email spoofing by specifying which mail servers are authorized to send emails on behalf of a domain.

Question 113

DKIM

Answer 113

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the recipient to verify that an email was sent by the legitimate owner of the domain and that it hasn’t been tampered with during transit. It does this by adding a digital signature to the email. Public Key goes in the DKIM TXT record

Question 114

NS Record

Answer 114

NameServer records. Points to the NameServers

Question 115

NTP

Answer 115

Network Time Protocol - Uses UDP to synchronize time - Uses Port 123 - synchronizes time through time zones

Question 116

PTP

Answer 116

PTP (Precision Time Protocol) is a network protocol used to synchronize clocks across a computer network with high accuracy. It is defined in IEEE 1588 and is widely used in applications requiring precise timing, such as telecommunications, industrial automation, financial systems, and scientific experiments. Usually runs on a separate piece of hardware

Question 117

NTS

Answer 117

NTS (Network Time Security) is a security extension to the Network Time Protocol (NTP), designed to enhance the security of time synchronization over the internet. It was introduced to address vulnerabilities in NTP that could be exploited by attackers, such as man-in-the-middle attacks, time spoofing, and denial-of-service (DoS) attacks.

Question 118

NTS-KE

Answer 118

Network Time Security Key Exchange. Another server that authenticates the NTP requests and responses via TLS. The client will ask the NTS-KE server for an authentication cookie, it will then take that cookie to the NTP server for a valid timestamp

Question 119

VPN Concentrator

Answer 119

An Encryption/Decryption access device, often integrated into a firewall.

Question 120

Endpoint 1 (VPN)

Answer 120

The virtual NIC a VPN creates on your laptop

Question 121

Endpoint 2 (VPN)

Answer 121

The VPN server at the location you are connecting to

Question 122

VPN Tunnel

Answer 122

The connection of endpoint 1 to endpoint 2

Question 123

PPTP

Answer 123

Point to Point Tunneling Protocol - A kind of VPN Protocol used by Microsoft

Question 124

L2TP/IPsec

Answer 124

Layer 2 Tunneling Protocol Over IPSec - Used mostly by Cisco

Question 125

SSTP

Answer 125

SSL Tunneling Protocol - More common

Question 126

IKEv2

Answer 126

IKEv2, or Internet Key Exchange version 2, is a protocol used to set up secure, authenticated communications for virtual private networks (VPNs). Developed by the Internet Engineering Task Force (IETF), IKEv2 is part of the IPsec (Internet Protocol Security) suite, which provides a framework for secure communications over IP networks.

Question 127

Client-to-Site VPN

Answer 127

Model of VPN - Traditional Office use VPN - Connects a computer to the office

Question 128

Site-to-Site VPN

Answer 128

Always on, a VPN tunnel from two sites where all data is always encrypted while travelling through the tunnel

Question 129

Clientless VPN

Answer 129

Usually runs inside of a browser running HTML5. Doesn�t require any client.

Question 130

Split Tunnel

Answer 130

Only some (work) traffic goes through the VPN Concentrator

Question 131

Full Tunnel

Answer 131

All traffic coming from your machine goes to the VPN Concentrator

Question 132

TightVNC

Answer 132

Tight Virtual Network Computing - a kind of RDP - VNC is cross platform, Windows to Mac

Question 133

TightVNC Port

Answer 133

5900

Question 134

Jump box/Server

Answer 134

A single server through which you can connect to many servers. SSH/VPN to the jump server