Network Concepts

Question 1

CSMA/CA

Answer 1

Carrier Sense Multiple Access/Collision Avoidance

It is a media access control (MAC) protocol in which a node verifies the absence of other traffic before transmitting on a shared transmission medium, such as an electrical bus or a band of the electromagnetic spectrum.

Question 2

CSMA/CD

Answer 2

Carrier Sense Multiple Access/Collision Detection

It is a media access control (MAC) protocol in which a node verifies the absence of other traffic before transmitting on a shared transmission medium, such as an electrical bus or a band of the electromagnetic spectrum.

Question 3

WAF

Answer 3

A Web Application Firewall protects web applications by monitoring and filtering traffic

Question 4

WPA

Answer 4

WiFi Protected Access

Question 5

DLP

Answer 5

Data Loss Prevention

Question 6

UTM

Answer 6

Unified Threat Management

Question 7

OSPF

Answer 7

Open Shortest Path First

Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS).

Question 8

OSI

Answer 8

Open System Interconnection Model

Question 9

TPM

Answer 9

Trusted Platform Module

Question 10

ACL

Answer 10

Access Control List.

Operates in levels 3 and 4 of the OSI model.

Question 11

STP

Answer 11

Span Tree Protocol

Question 12

SNAT

Answer 12

Source Network Address Translation or Static Network Address Translation

Question 13

NAT

Answer 13

Network Address Translation

Question 14

PAT

Answer 14

Port Address Translation

Question 15

IDF

Answer 15

Intermediate Distribution Frame

Question 16

ICMP

Answer 16

Internet Control Message Protocol

Question 17

GSM

Answer 17

Global System for Mobile Communication

GSM (Global System for Mobile communication) is a digital mobile network that is widely used by mobile phone users in Europe and other parts of the world.

Question 18

TDM

Answer 18

Time Division Multiplexing

Time-division multiplexing (TDM) is a method of transmitting and receiving independent signals over a common signal path by means of synchronized switches at each end of the transmission line so that each signal appears on the line only a fraction of time in an alternating pattern

Question 19

CDMA

Answer 19

Code Division Multiple Access

Everybody communicates at the same time. Each call uses a different code. Codes are used to filter each call on the receiving side.

Question 20

PSTN

Answer 20

Public Switched Telephone Network

Question 21

ARP

Answer 21

Address Resolution Protocol

Question 22

Banner Grabbing

Answer 22

When a malicious user gains access to an open port and uses it to probe a host to gain information and access, as well as learn details about running services

Question 23

Sticky MAC

Answer 23

Port security feature where dynamically learned MAC address are retained when an interface comes back online

Question 24

SIEM

Answer 24

Security Information and Event Manager

Software that can be configured to evaluate data logs from IDP and IPS firewalls and proxy servers in order to detect significant events that require the attention of IT staff.

Question 25

DOCSIS

Answer 25

Data Over Cable Service Internet Specification

Speeds up to 70 Mbps download. 7 Mbps upload.

Question 26

NDA

Answer 26

Non-Disclosure Agreement

Question 27

IRP

Answer 27

Identity Registration Protocol

Protocol designed to eliminate conflicts with protocols using the same ports by allowing applications to register their name, email address, UserID, current IPv6 and other information with the company’s Domain Identity Registry server.

Question 28

SLA

Answer 28

Service-Level Agreement

Question 29

OTDR

Answer 29

Optical Time Domain Reflectometer

Question 30

SIP

Answer 30

Session Initiator Protocol

It is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.
Ports 5060 and 5061

Question 31

NTP

Answer 31

Network Time Protocol

Question 32

H.323

Answer 32

VoIP standard that handles initiation, setup, and delivery of VoIP sessions
Port 1720

Question 33

SMB

Answer 33

Service Message Block

It is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network

Question 34

RTP

Answer 34

Real-Time Transport Protocol

It is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

Question 35

IPsec

Answer 35

IP Security

It is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).
IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session

Question 36

CSU/DSU

Answer 36

Channel Service Unit/ Data Service Unit

It is a hardware device about the size of an external modem that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa.

Question 37

IP Helper

Answer 37

Internet Protocol Helper (IP Helper)

Assists network administration of the local computer by enabling applications to retrieve information about the network configuration of the local computer, and to modify that configuration. IP Helper also provides notification mechanisms to ensure that an application is notified when certain aspects of the local computer network configuration change.

Question 38

Jumbo Frame

Answer 38

Usually 9000 bytes long or anything over 1500. Used in SAN systems.

Question 39

MTU

Answer 39

Maximum Transmission Unit

Question 40

DLP

Answer 40

Data Lost Prevention

Question 41

AUP

Answer 41

Acceptable Use Policy

Question 42

NDA

Answer 42

Non-Disclosure Agreement

Question 43

SLA

Answer 43

Service-Level Agreement

Question 44

Data Exfiltration

Answer 44

Unauthorized transfer of data from a computer or other device.

Question 45

GRE

Answer 45

Generic Routing encapsulation

It is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.

Question 46

LACP

Answer 46

Link Aggregation Control Protocol

It is a standards-based method to control the bundling of several physical network links together to form a logical channel for increased bandwidth and redundancy purposes.

Question 47

EAP-PEAP

Answer 47

EAP-Protected Extensible Authentication Protocol (EAP-PEAP) is a protocol that creates an encrypted (and more secure) channel before the password-based authentication occurs.

Question 48

Network Baselines

Answer 48

Network Baselines are ideal performance metrics obtained by measuring your network for a particular time period. Baseline statistics provide a way to validate your current network status by determining recommended performance standards, hence, helping admins to find the “normal” operating level of network devices.

Question 49

MDIX

Answer 49

Medium Dependent Interface Crossover.

Automatically can convert a straight through connection to crossover.

Question 50

BGP

Answer 50

Border Gateway Protocol (Advanced distance-vector or path vector. EGP Type)

Refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). As networks interact with each other, they need a way to communicate. This is accomplished through peering. BGP makes peering possible.

Question 51

LLDP

Answer 51

Link Layer Discovery Protocol

It is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on a local area network.

Question 52

Performance Baseline

Answer 52

Performance measurements as the benchmark to compare all future measurements.

Question 53

MITM

Answer 53

Man-In-the-Middle

Question 54

SCP

Answer 54

Secure Copy Protocol

It helps to transfer computer files securely from a local to a remote host. It is somewhat similar to the File Transfer Protocol “FTP”, but it adds security and authentication.

Question 55

IS-IS

Answer 55

Intermediate System to Intermediate System.

EGP Type. Advanced distance-vector or path vector. It is a single autonomous system (AS), also called a routing domain, that consists of end systems and intermediate systems. End systems are network entities that send and receive packets. Intermediate systems send and receive packets and relay (forward) packets.

Question 56

VRRP

Answer 56

Virtual Router Redundancy Protocol

It is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

Question 57

OC-1 Circuit

Answer 57

Optical Carrier-1. It is a type of high-speed dedicated circuit.
The base speed for OC-1 is 51.84 Mbps. Using this as a base we have the following:
OC-2 circuit is 51.84 * 3 = 155.52 Mbps
OC-3 circuit is 51.84 * 12 = 622.08 Mbps
So on and so for

Question 58

TDM

Answer 58

Time Division Multiplexing

It is a method of transmitting and receiving independent signals over a common signal path by means of synchronized switches at each end of the transmission line so that each signal appears on the line only a fraction of time in an alternating pattern.

Question 59

DSCP

Answer 59

Differentiated Services Code Point

(DSCP) is a means of classifying and managing network traffic and of providing quality of service (QoS) in modern Layer 3 IP networks. It uses the 6-bit Differentiated Services (DS) field in the IP header for the purpose of packet classification.

Question 60

authPriv

Answer 60

Communication with authentication and privacy. SNMP option to ensure the data transferred is confidential.

Question 61

Throttling

Answer 61

Limitation in the communication speed

Question 62

Bandwidth Quota

Answer 62

QoS policy that allows to configure the bandwidth cap that a costumer can upload or download at a given time.

Question 63

PRI

Answer 63

Primary Rate Interface

PRI and SIP are two methods used to connect a place of business to a regional telephone network. Both require PBX equipment where the interchange between the facility and the public can take place.

Question 64

Session Hijacking

Answer 64

Also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.

Question 65

NAC

Answer 65

Network Access Control

It is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.

Question 66

UNC

Answer 66

Universal Naming Convention

UNC is a PC format for specifying the location of resources on a local area network (LAN). UNC uses the following format: \server-name\shared-resource-pathname.
For example, to access the file test.txt in the directory examples on the shared server silo, you would write: \silo\examples\test.txt.

Question 67

Smurf Attack

Answer 67

A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders computer networks inoperable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

Question 68

SFP

Answer 68

SFP stands for small form-factor pluggable. It is a compact, hot-swappable optical transceiver module that used in telecommunications and data communications networks. 
IT IS THE OPTICAL TRANSRECEIVER WHERE FIBERS CONNECTS!

Question 69

FQDN

Answer 69

Fully qualified Domain Name

Question 70

VLAN Hopping

Answer 70

Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of the VLAN by sending packets to a port not usually accessible from an end system. The main goal of this form of attack is to gain access to other VLANs on the same network.

Question 71

RSA

Answer 71

The Rivest Shamir Adleman (RSA) Authentication Mechanism is used to simplify the security environment for the Flexible Management Topology. It supports the ability to securely and easily register new servers to the Flexible Management topology.

Question 72

NOC

Answer 72

A network operations center (NOC) is a centralized location where IT teams can continuously monitor the performance and health of a network.

Question 73

SSL VPN

Answer 73

Establishes a secure session that can be initiated using a web browser.

Question 74

PTP

Answer 74

Precision Time Protocol

Used to synchronize clocks throughout a computer network. At difference of NTP, PTP is accurate to microseconds.

Question 75

PPTP

Answer 75

Point-to-point tunneling. Protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP networks. OUTDATED! UNSECURED!

Question 76

NAS

Answer 76

Network Attached Storage

Question 77

DAS

Answer 77

Direct Attached Storage

A type of storage that is attached directly to the computer without going through the network.

Question 78

ISCSI

Answer 78

Internet Small Computer Systems Interface
It is a Transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet. It can work on a twisted-pair Ethernet network with ordinary Ethernet NICs. iSCSI is an evolution of SCSI (Small Computer System Interface), which is a fast transmission standard used by internal hard drives and operating systems in file servers. The advantages of iSCSI over Fibre Channel are that it is not as expensive, can run on the already established Ethernet LAN by installing iSCSI software (called an iSCSI initiator) on network clients and servers, and does not require as much special training for IT personnel. Some network administrators configure iSCSI to use jumbo frames on the Ethernet LAN. iSCSI architecture is very similar to FC. The primary difference is that Ethernet equipment and interfaces can be used throughout the storage network. In fact, this is the primary advantage of iSCSI over other options, making it relatively straightforward to implement.

Question 79

FC

Answer 79

Fiber Channel
It is a storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access. Although FC can run over copper cables, fiber-optic cable is much more commonly used. Fibre Channel requires special hardware, which makes it an expensive storage connection technology. FC switches connect servers with each other and the outside network. Instead of NICs, FC devices communicate through HBAs (host bus adapters).

Question 80

SAN

Answer 80

Storage Area Network

Network composed of switches and routers dedicated to the storage and management of data. These devices are interconnected using Fiber Channel and iscsi even though the latter is slower.

Question 81

AUP

Answer 81

Acceptable Use Policy

Question 82

SLA

Answer 82

Service-Level agreement

Question 83

NDA

Answer 83

Non-Disclosure Agreement

Question 84

MOU

Answer 84

Memorandum of Understanding

Question 85

SOP

Answer 85

Standard Operating Procedure

Question 86

FCoE

Answer 86

Fiber Channel over Ethernet

Encapsulate Fiber Channel frames over Ethernet networks

Question 87

DTLS

Answer 87

Datagram Transport Layer Security

(DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. Designed specifically for streaming communications.

Question 88

BPDU

Answer 88

A bridge protocol data unit (BPDU) is a data message transmitted across a local area network to detect loops in network topologies.

Question 89

Out-of-band

Answer 89

Is a method of remotely controlling and managing critical IT asset and network equipment using a secure connection through a secondary interface that is physically separate from the primary network.

Question 90

ATM

Answer 90

Asynchronous transfer mode (ATM) is a switching technique used by telecommunication networks that uses asynchronous time-division multiplexing to encode data into small, fixed-sized cells. This is different from Ethernet or internet, which use variable packet sizes for data or frames.

Question 91

PRP

Answer 91

Parallel Redundancy Protocol (PRP) is a network protocol standard for Ethernet that provides seamless failover against failure of any network component. This redundancy is invisible to the application. PRP nodes have two ports and are attached to two separated networks of similar topology. PRP can be implemented entirely in software, i.e. integrated in the network driver. Nodes with single attachment can be attached to one network only.

Question 92

VLSM

Answer 92

Variable Length Subnet Mask

Question 93

File Hashing

Answer 93

A message digest, or hash, is a signature that identifies some amount of data, usually a file or message.

Question 94

tcpdump

Answer 94

tcpdump is a packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it’s running on. It runs on Linux and most UNIX-type operating systems.

Question 95

pathping

Answer 95

Command that is a combination of ping and tracert.

Question 96

ISDN

Answer 96

ISDN or Integrated Services Digital Network is a circuit-switched telephone network system that transmits both data and voice over a digital line. You can also think of it as a set of communication standards to transmit data, voice, and signaling. These digital lines could be copper lines.
Basic rate interface −It allows us to send small amounts of data at lower speeds. Primary rate interface − It allows us to send large amounts of data at higher speeds. Broadband ISDN − It relies on fibre optics.

Question 97

infiniBand

Answer 97

InfiniBand is a channel-based fabric that facilitates high-speed communications between interconnected nodes. An InfiniBand network is typically made up of processor nodes, such as PCs, servers, storage appliances and peripheral devices. It also has network switches, routers, cables and connectors.

Question 98

CASB

Answer 98

A cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point between cloud service consumers and providers.
A CASB acts as a gatekeeper, allowing organizations to extend the reach of their security policies beyond their own infrastructure. CASBs typically offer the following: Firewalls to identify malware and prevent it from entering the enterprise network.

Question 99

L2TP

Answer 99

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.

Question 100

dig

Answer 100

Linux CLI command. Domain information gropper. Similar to nsloopup but more powerful.

Question 101

iptables

Answer 101

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. It enables a computer to act as a packet-filtering firewall.

Question 102

IPAM

Answer 102

IP address management (IPAM) is a method for planning, tracking, and managing IP address space on a network. It is the administration of DNS and DHCP.

Question 103

MDF

Answer 103

Main Distribution Frame

Question 104

CCMP

Answer 104

Counter Mode Cipher Block Chaining Message Authentication Code Protocol.
CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM mode) of the Advanced Encryption Standard (AES) standard.

Question 105

Hashing

Answer 105

Hashing is the process of transforming any given key or a string of characters into another value.

Question 106

Signatures

Answer 106

Identifiable patterns of code that are known to indicate specific vulnerabilities, exploits, or other undesirable traffic.

Question 107

NGFW

Answer 107

Next Generation Firewall. Also call layer 7 firewalls.

Question 108

EUI-64

Answer 108

Extended Unique identifier.
Used to obtain the 64 bits needed for an IPv6 address by using the 48 bits of the device mac. Inserts a fixed 16 bits value in the middle and inverts the value of the seventh bit

Question 109

CRC

Answer 109

Cyclic Redundancy Check.

Algorithm used to ensure that the data at the destination matches the data issued from the source. Used in the trailer of the Ethernet frame.

Question 110

Root guard

Answer 110

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology.

Question 111

Root Bridge

Answer 111

Single bridge on a network selected by STP to provide the basis of all subsequent path calculations.

Question 112

TDMA

Answer 112

Time Division Multiple Access

A method of multiplexing in which signals from several sources on a channel are separated by time slots.

Question 113

Flood guards

Answer 113

Tools to prevent DoS attacks

Question 114

OCSP

Answer 114

Online Certificate Status Protocol

Used to maintain the security of a server and other network resources and used for obtaining the revocation of an x.509 digital certificate.

Question 115

Jitter

Answer 115

Jitter is a variance in latency, or the time delay between when a signal is transmitted and when it is received

Question 116

VPC

Answer 116

Virtual Private Cloud

A virtual network that is a version of a physical network.

Question 117

VSAN

Answer 117

Virtual Storage Area Network

Logical partition in a SAN

Question 118

Exports Controls

Answer 118

U.S. laws and regulations that regulate and restrict the release of critical technologies, information, and services to foreign nationals for reasons of national security.

Question 119

SDN

Answer 119

Software Defined Networking

A centralized approach to networking that removes most of the decision-making powers from network devices and instead handles that responsibility at a software level.

Question 120

CAN

Answer 120

Controlled Area Network

Used in cars and in automation.

Question 121

On-boarding

Answer 121

Installing an agent in a device to allow access to a network.

Question 122

Off-boarding

Answer 122

Removing the on-boarding agent. Methods include remote wipe.

Question 123

Round Robin

Answer 123

Round robin load balancing is a simple way to distribute client requests across a group of servers. A client request is forwarded to each server in turn. The algorithm instructs the load balancer to go back to the top of the list and repeats again.

Question 124

Public Facing Device

Answer 124

Any free or paid application or system that the public can access.

Question 125

TOE

Answer 125

TCP offload engine is a function used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. By moving some or all of the processing to dedicated hardware, a TCP offload engine frees the system’s main CPU for other tasks.

Question 126

Kerberos

Answer 126

Client validation. Verify the identity of clients and securely exchange information after a client logs on to a system.

Question 127

MIB

Answer 127

Management Information Base (SNMP logs)

List of objects managed by the NMS

Question 128

NMS

Answer 128

Network Management System (SNMP logs)

At least one network management console, which may be a server or workstation, depending on the size of the network, collects data from multiple managed devices at regular intervals in a process called polling

Question 129

OID

Answer 129

Object Identifier (SNMP logs)

It is a number assigned to each assigned object in the MIB.

Question 130

site-to-site VPN

Answer 130

Tunnels that connect multiple sites on a WAN

Question 131

client-to-site VPN

Answer 131

Or host to site. Remote clients establish tunnels with a private network through VPNs.

Question 132

PPP

Answer 132

Point-to-Point
Direct private connection over fiber lines. (leased lines). It is a layer 2 communication protocol that enables a workstation to connect to a server using a serial connection such as DSL or Dial-up. Uses authentication protocols such as MS-CHAPv2 and EAP

Question 133

Nmap

Answer 133

Network mapping command can show active ports and status.

Question 134

PEAP

Answer 134

Protected EAP.

Tunnel based TLS tunnel. Creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process. As shown in Figure 10-32, PEAP is called the outer method. Then another form of EAP is used for the inner method, which is the process that occurs inside the protected tunnel. The most common inner method is EAP-MSCHAPv2, which runs an MS-CHAPv2 session inside the tunnel, perhaps to a RADIUS server and beyond to Active Directory.

Question 135

EAP-FAST

Answer 135

EAP-Flexible Authentication via Secure Tunneling

It is also a form of tunneled EAP. It was developed by Cisco and works similarly to PEAP, except faster. The most important difference with EAP-FAST is that it uses PACs (Protected Access Credentials), which are somewhat similar to cookies that websites store on a user’s computer to track their activities. A PAC is stored on the supplicant device for speedier establishment of the TLS tunnel in future sessions.

Question 136

intermediate certificate

Answer 136

Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.

Question 137

802.1x

Answer 137

Uses RADIUS to authenticate

Question 138

802.1q

Answer 138

Supports VLAN encapsulation

Question 139

802.1af

Answer 139

PoE 15.4 Watts

Question 140

802.1at

Answer 140

PoE + 25.5 Watts

Question 141

VRF

Answer 141

Virtual Routing and Forwarding

Enables the coexistence of multiple virtual routers.

Question 142

CIFS

Answer 142

Common Internet File System

File system protocol used to access files. Obsolete. Succeeded by SMB

Question 143

BaaS

Answer 143

BaaS, also known as mobile backend as a service (MBaaS), is a way of connecting mobile apps to cloud-based services. Instead of using mobile middleware, BaaS creates a unified application programming interface (API) and software developer kit (SDK) to connect mobile apps to back-end services like cloud storage platforms. This includes key features like push notifications, social networking integration, location services and user management.

Question 144

MTBF

Answer 144

Mean Time Between Failures

The average amount of time that will pass before the next failure is expected to occur.

Question 145

MTTR

Answer 145

Mean Time to Repair

The average amount of time required to repair a device or restore service.

Question 146

RFP

Answer 146

Request for Proposal

Question 147

SNR

Answer 147

Signal-to-Noise Ratio

The proportion of noise to the strength of a signal.

Question 148

Dual Stack

Answer 148

Dual stack means that devices are able to run IPv4 and IPv6 in parallel. It allows hosts to simultaneously reach IPv4 and IPv6 content, so it offers a very flexible coexistence strategy.

Question 149

6to4

Answer 149

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6) and a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels.

Question 150

ISATAP

Answer 150

It is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

Question 151

FCS

Answer 151

Frame Check Sequence

Ensures that the data at the destination exactly matches the data issued from the source using the CRC algorithm.

Question 152

LLC

Answer 152

Logical Link Control

A sublayer of layer 2 that is primary concern with multiplexing, flow and error control, and reliability.

Question 153

Rainbow Tables

Answer 153

A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to login to the application.

Question 154

NFS

Answer 154

Network File System

Allows users to access files located on a remote computer and treat the files and directories as if they were local.

Question 155

CARP

Answer 155

Common Address Redundancy Protocol

A protocol that allows a pool of computers or interfaces to share one or more IP addresses. It is a free alternative to HSRP and VPRP

Question 156

SQL

Answer 156

Structured Query Language

It is a standardized program language that is used to manage relational databases and perform various operations on the data in them.

Question 157

SQL Injection

Answer 157

It is the placement of malicious code in SQL statements via webpage input.

Question 158

VoIP gateway

Answer 158

Device that converts signals from an analog phone into IP data that can travel over the internet and vice versa

Question 159

VoIP PBX

Answer 159

Private Branch Exchange. Dedicated phone switch or virtual switching device that connects and manages calls within a private organization and manages all connections that exit the network through a VoIP gateway.

Question 160

VoIP endpoint

Answer 160

An end user device or application that gives the user access to VoIP services on a network.

Question 161

Load Balancer

Answer 161

Makes use of CPU/RAM usage to help maintain performance and availability.

Question 162

Syslog

Answer 162

System Log

It is a standard for generating storing, and processing messages about events in a system.

Question 163

ASCI

Answer 163

Application-Specific Integrated Circuit.

It is a microchip designated for a special application such a particular kind of transmission protocol or a hand-held computer.

Question 164

MPLS

Answer 164

Multi-Protocol Label Switch

A networking technology that routes traffic using the shortest path based on “labels” rather than network addresses.

Question 165

RBAC

Answer 165

Role-Based Access Control

A method of access control where a network administrator assigns only the privileges and permissions necessary for a user to perform the role required by an organization

Question 166

Role Separation

Answer 166

Implemented to enforce checks and balances. Meaning each user can only be a member of a single group in order to perform any tasks at all. This is used to remove root access to unprivileged users

Question 167

DHCP Snooping

Answer 167

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities: Validates DHCP messages received from untrusted sources and filters out invalid messages.

Question 168

Implicit Deny

Answer 168

An ACL rule which ensures that any traffic the ACL does not explicitly permit is denied by default.

Question 169

AH

Answer 169

Authentication Header (AH) is a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data.

Question 170

iPerf

Answer 170

Network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them.

Question 171

NetFlow Analyzer

Answer 171

Tool deployed to perform monitoring, troubleshooting and Indepth inspection interpretation, and synthesis of traffic flow data.

Question 172

Channel Bonding

Answer 172

Two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. Also known as Ethernet Bonding.

Question 173

EIRP

Answer 173

Effective Isotropic Radiated Power

It is a calculation used to estimate the radiated output power of an isotropic antenna.

Question 174

Dynamic ARP Inspection

Answer 174

Dynamic ARP Inspection (DAI) is a security feature in MS switches that protects networks against man-in-the-middle ARP spoofing attacks

Question 175

FHRP

Answer 175

First Hop Redundancy Protocol (FHRP) is a hop redundancy protocol that is designed to provide redundancy to the gateway router within the organization’s network by the use of a virtual IP address and virtual MAC address.

Question 176

Piggyback

Answer 176

Attack when the hacker uses somebody else’s connection like wiretapping.

Question 177

PPPoE

Answer 177

Point-to-Point over Ethernet

PPP running over an Ethernet network. Relies on circuit switching.

Question 178

DMVPN

Answer 178

(Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections

Question 179

RFC1918

Answer 179

Request for Comment 1918. Address allocation for private internet.

Question 180

FIM

Answer 180

File Integrity Monitoring
Also known as change monitoring, examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack.

Question 181

mGRE

Answer 181

Multipoint GRE

It is a protocol that can be used to enable one note to communicate with many nodes. It can be used for Point-to-Multipoint links using which one node can transmit data to many nodes.

Question 182

hub-and-spoke

Answer 182

A hub-and-spoke network, often called star network, has a central component that’s connected to multiple networks around it. The overall topology resembles a wheel, with a central hub connected to points along the edge of the wheel through multiple spokes. A hub is a central network zone that controls and inspects ingress or egress traffic between zones: internet, on-premises, and spokes.

Question 183

RTO

Answer 183

Recovery Time Objective

It is the maximum time for restoring a network or application and regaining access to data after an unplanned disruption.

Question 184

Clientless VPN

Answer 184

A clientless SSL VPN is a browser-based VPN that allows a remote user to securely access the corporate resources.

Question 185

Client VPN

Answer 185

A VPN client is a software based technology that establishes a secure connection between the user and a VPN server. Some VPN clients work in the background automatically, while others have front-end interfaces that allow users to interact with and configure them.

Question 186

SSL Inspection

Answer 186

It is a way to identify malicious activity that occurs via encrypted communication channels. Similar to HTTP inspection and TLS inspection.

Question 187

SONET

Answer 187

Synchronous optical networking and synchronous digital hierarchy are standardized protocols that transfer multiple digital bit streams synchronously over optical fiber using lasers or highly coherent light from light-emitting diodes. At low transmission rates data can also be transferred via an electrical interface.

Question 188

Root Certificate

Answer 188

A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs (Certificate Authority).

Question 189

Server Certificate

Answer 189

The server certificate is the one issued to the specific domain the user is needing coverage for.

Question 190

MSA

Answer 190

An MSA (master service agreement) is a contract that defines the terms of future contracts between parties, such as payment terms or arbitration arrangements.

Question 191

MLA

Answer 191

An MLA (master license agreement) grants a license from a creator, developer, or producer, such as a software producer, to a third party for the purposes of marketing, sublicensing, or distributing the product to consumers as a stand-alone product or as part of another product.