Network Concepts Flashcards

Question

DOCSIS

Answer 1

Data Over Cable Service Internet Specification | Speeds up to 70 Mbps download. 7 Mbps upload.

Answer 2

Non-Disclosure Agreement

Answer 3

Identity Registration Protocol Protocol designed to eliminate conflicts with protocols using the same ports by allowing applications to register their name, email address, UserID, current IPv6 and other information with the company's Domain Identity Registry server.

Answer 4

Service-Level Agreement

Answer 5

Optical Time Domain Reflectometer

Answer 6

Session Initiator Protocol It is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications. Ports 5060 and 5061

Answer 7

Network Time Protocol

Answer 8

VoIP standard that handles initiation, setup, and delivery of VoIP sessions Port 1720

Answer 9

Service Message Block It is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network

Answer 10

Real-Time Transport Protocol It is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

Answer 11

IP Security It is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs). IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session

Answer 12

Channel Service Unit/ Data Service Unit It is a hardware device about the size of an external modem that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa.

Answer 13

Internet Protocol Helper (IP Helper) Assists network administration of the local computer by enabling applications to retrieve information about the network configuration of the local computer, and to modify that configuration. IP Helper also provides notification mechanisms to ensure that an application is notified when certain aspects of the local computer network configuration change.

Answer 14

Usually 9000 bytes long or anything over 1500. Used in SAN systems.

Answer 15

Maximum Transmission Unit

Answer 16

Data Lost Prevention

Answer 17

Acceptable Use Policy

Answer 18

Non-Disclosure Agreement

Answer 19

Service-Level Agreement

Answer 20

Unauthorized transfer of data from a computer or other device.

Answer 21

Generic Routing encapsulation It is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.

Answer 22

Link Aggregation Control Protocol It is a standards-based method to control the bundling of several physical network links together to form a logical channel for increased bandwidth and redundancy purposes.

Answer 23

EAP-Protected Extensible Authentication Protocol (EAP-PEAP) is a protocol that creates an encrypted (and more secure) channel before the password-based authentication occurs.

Answer 24

Network Baselines are ideal performance metrics obtained by measuring your network for a particular time period. Baseline statistics provide a way to validate your current network status by determining recommended performance standards, hence, helping admins to find the “normal” operating level of network devices.

Answer 25

Medium Dependent Interface Crossover. Automatically can convert a straight through connection to crossover.

Answer 26

Border Gateway Protocol (Advanced distance-vector or path vector. EGP Type) Refers to a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS). As networks interact with each other, they need a way to communicate. This is accomplished through peering. BGP makes peering possible.

Answer 27

Link Layer Discovery Protocol It is a vendor-neutral link layer protocol used by network devices for advertising their identity, capabilities, and neighbors on a local area network.

Answer 28

Performance measurements as the benchmark to compare all future measurements.

Answer 29

Man-In-the-Middle

Answer 30

Secure Copy Protocol It helps to transfer computer files securely from a local to a remote host. It is somewhat similar to the File Transfer Protocol “FTP”, but it adds security and authentication.

Answer 31

Intermediate System to Intermediate System. EGP Type. Advanced distance-vector or path vector. It is a single autonomous system (AS), also called a routing domain, that consists of end systems and intermediate systems. End systems are network entities that send and receive packets. Intermediate systems send and receive packets and relay (forward) packets.

Answer 32

Virtual Router Redundancy Protocol It is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

Answer 33

Optical Carrier-1. It is a type of high-speed dedicated circuit. The base speed for OC-1 is 51.84 Mbps. Using this as a base we have the following: OC-2 circuit is 51.84 * 3 = 155.52 Mbps OC-3 circuit is 51.84 * 12 = 622.08 Mbps So on and so for

Answer 34

Time Division Multiplexing It is a method of transmitting and receiving independent signals over a common signal path by means of synchronized switches at each end of the transmission line so that each signal appears on the line only a fraction of time in an alternating pattern.

Answer 35

Differentiated Services Code Point (DSCP) is a means of classifying and managing network traffic and of providing quality of service (QoS) in modern Layer 3 IP networks. It uses the 6-bit Differentiated Services (DS) field in the IP header for the purpose of packet classification.

Answer 36

Communication with authentication and privacy. SNMP option to ensure the data transferred is confidential.

Answer 37

Limitation in the communication speed

Answer 38

QoS policy that allows to configure the bandwidth cap that a costumer can upload or download at a given time.

Answer 39

Primary Rate Interface PRI and SIP are two methods used to connect a place of business to a regional telephone network. Both require PBX equipment where the interchange between the facility and the public can take place.

Answer 40

Also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.

Answer 41

Network Access Control It is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement.

Answer 42

Universal Naming Convention UNC is a PC format for specifying the location of resources on a local area network (LAN). UNC uses the following format: \\server-name\shared-resource-pathname. For example, to access the file test.txt in the directory examples on the shared server silo, you would write: \\silo\examples\test.txt.

Answer 43

A Smurf attack is a form of a distributed denial of service (DDoS) attack that renders computer networks inoperable. The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

Answer 44

``` SFP stands for small form-factor pluggable. It is a compact, hot-swappable optical transceiver module that used in telecommunications and data communications networks. IT IS THE OPTICAL TRANSRECEIVER WHERE FIBERS CONNECTS! ```

Answer 45

Fully qualified Domain Name

Answer 46

Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of the VLAN by sending packets to a port not usually accessible from an end system. The main goal of this form of attack is to gain access to other VLANs on the same network.

Answer 47

The Rivest Shamir Adleman (RSA) Authentication Mechanism is used to simplify the security environment for the Flexible Management Topology. It supports the ability to securely and easily register new servers to the Flexible Management topology.

Answer 48

A network operations center (NOC) is a centralized location where IT teams can continuously monitor the performance and health of a network.

Answer 49

Establishes a secure session that can be initiated using a web browser.

Answer 50

Precision Time Protocol Used to synchronize clocks throughout a computer network. At difference of NTP, PTP is accurate to microseconds.

Answer 51

Point-to-point tunneling. Protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP networks. OUTDATED! UNSECURED!

Answer 52

Network Attached Storage

Answer 53

Direct Attached Storage A type of storage that is attached directly to the computer without going through the network.

Answer 54

Internet Small Computer Systems Interface It is a Transport layer protocol that runs on top of TCP to allow fast transmissions over LANs, WANs, and the Internet. It can work on a twisted-pair Ethernet network with ordinary Ethernet NICs. iSCSI is an evolution of SCSI (Small Computer System Interface), which is a fast transmission standard used by internal hard drives and operating systems in file servers. The advantages of iSCSI over Fibre Channel are that it is not as expensive, can run on the already established Ethernet LAN by installing iSCSI software (called an iSCSI initiator) on network clients and servers, and does not require as much special training for IT personnel. Some network administrators configure iSCSI to use jumbo frames on the Ethernet LAN. iSCSI architecture is very similar to FC. The primary difference is that Ethernet equipment and interfaces can be used throughout the storage network. In fact, this is the primary advantage of iSCSI over other options, making it relatively straightforward to implement.

Answer 55

Fiber Channel It is a storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access. Although FC can run over copper cables, fiber-optic cable is much more commonly used. Fibre Channel requires special hardware, which makes it an expensive storage connection technology. FC switches connect servers with each other and the outside network. Instead of NICs, FC devices communicate through HBAs (host bus adapters).

Answer 56

Storage Area Network Network composed of switches and routers dedicated to the storage and management of data. These devices are interconnected using Fiber Channel and iscsi even though the latter is slower.

Answer 57

Acceptable Use Policy

Answer 58

Service-Level agreement

Answer 59

Non-Disclosure Agreement

Answer 60

Memorandum of Understanding

Answer 61

Standard Operating Procedure

Answer 62

Fiber Channel over Ethernet Encapsulate Fiber Channel frames over Ethernet networks

Answer 63

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. Designed specifically for streaming communications.

Answer 64

A bridge protocol data unit (BPDU) is a data message transmitted across a local area network to detect loops in network topologies.

Answer 65

Is a method of remotely controlling and managing critical IT asset and network equipment using a secure connection through a secondary interface that is physically separate from the primary network.

Answer 66

Asynchronous transfer mode (ATM) is a switching technique used by telecommunication networks that uses asynchronous time-division multiplexing to encode data into small, fixed-sized cells. This is different from Ethernet or internet, which use variable packet sizes for data or frames.

Answer 67

Parallel Redundancy Protocol (PRP) is a network protocol standard for Ethernet that provides seamless failover against failure of any network component. This redundancy is invisible to the application. PRP nodes have two ports and are attached to two separated networks of similar topology. PRP can be implemented entirely in software, i.e. integrated in the network driver. Nodes with single attachment can be attached to one network only.

Answer 68

Variable Length Subnet Mask

Answer 69

A message digest, or hash, is a signature that identifies some amount of data, usually a file or message.

Answer 70

tcpdump is a packet analyzer that is launched from the command line. It can be used to analyze network traffic by intercepting and displaying packets that are being created or received by the computer it's running on. It runs on Linux and most UNIX-type operating systems.

Answer 71

Command that is a combination of ping and tracert.

Answer 72

ISDN or Integrated Services Digital Network is a circuit-switched telephone network system that transmits both data and voice over a digital line. You can also think of it as a set of communication standards to transmit data, voice, and signaling. These digital lines could be copper lines. Basic rate interface −It allows us to send small amounts of data at lower speeds. Primary rate interface − It allows us to send large amounts of data at higher speeds. Broadband ISDN − It relies on fibre optics.

Answer 73

InfiniBand is a channel-based fabric that facilitates high-speed communications between interconnected nodes. An InfiniBand network is typically made up of processor nodes, such as PCs, servers, storage appliances and peripheral devices. It also has network switches, routers, cables and connectors.

Answer 74

A cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point between cloud service consumers and providers. A CASB acts as a gatekeeper, allowing organizations to extend the reach of their security policies beyond their own infrastructure. CASBs typically offer the following: Firewalls to identify malware and prevent it from entering the enterprise network.

Answer 75

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs.

Answer 76

Linux CLI command. Domain information gropper. Similar to nsloopup but more powerful.

Answer 77

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. It enables a computer to act as a packet-filtering firewall.

Answer 78

IP address management (IPAM) is a method for planning, tracking, and managing IP address space on a network. It is the administration of DNS and DHCP.

Answer 79

Main Distribution Frame

Answer 80

Counter Mode Cipher Block Chaining Message Authentication Code Protocol. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM mode) of the Advanced Encryption Standard (AES) standard.

Answer 81

Hashing is the process of transforming any given key or a string of characters into another value.

Answer 82

Identifiable patterns of code that are known to indicate specific vulnerabilities, exploits, or other undesirable traffic.

Answer 83

Next Generation Firewall. Also call layer 7 firewalls.

Answer 84

Extended Unique identifier. Used to obtain the 64 bits needed for an IPv6 address by using the 48 bits of the device mac. Inserts a fixed 16 bits value in the middle and inverts the value of the seventh bit

Answer 85

Cyclic Redundancy Check. Algorithm used to ensure that the data at the destination matches the data issued from the source. Used in the trailer of the Ethernet frame.

Answer 86

Root guard is an STP feature that is enabled on a port-by-port basis; it prevents a configured port from becoming a root port. Root guard prevents a downstream switch (often misconfigured or rogue) from becoming a root bridge in a topology.

Answer 87

Single bridge on a network selected by STP to provide the basis of all subsequent path calculations.

Answer 88

Time Division Multiple Access A method of multiplexing in which signals from several sources on a channel are separated by time slots.

Answer 89

Tools to prevent DoS attacks

Answer 90

Online Certificate Status Protocol Used to maintain the security of a server and other network resources and used for obtaining the revocation of an x.509 digital certificate.

Answer 91

Jitter is a variance in latency, or the time delay between when a signal is transmitted and when it is received

Answer 92

Virtual Private Cloud A virtual network that is a version of a physical network.

Answer 93

Virtual Storage Area Network Logical partition in a SAN

Answer 94

U.S. laws and regulations that regulate and restrict the release of critical technologies, information, and services to foreign nationals for reasons of national security.

Answer 95

Software Defined Networking A centralized approach to networking that removes most of the decision-making powers from network devices and instead handles that responsibility at a software level.

Answer 96

Controlled Area Network Used in cars and in automation.

Answer 97

Installing an agent in a device to allow access to a network.

Answer 98

Removing the on-boarding agent. Methods include remote wipe.

Answer 99

Round robin load balancing is a simple way to distribute client requests across a group of servers. A client request is forwarded to each server in turn. The algorithm instructs the load balancer to go back to the top of the list and repeats again.

Answer 100

Any free or paid application or system that the public can access.

Answer 101

TCP offload engine is a function used in network interface cards (NIC) to offload processing of the entire TCP/IP stack to the network controller. By moving some or all of the processing to dedicated hardware, a TCP offload engine frees the system's main CPU for other tasks.

Answer 102

Client validation. Verify the identity of clients and securely exchange information after a client logs on to a system.

Answer 103

Management Information Base (SNMP logs) List of objects managed by the NMS

Answer 104

Network Management System (SNMP logs) At least one network management console, which may be a server or workstation, depending on the size of the network, collects data from multiple managed devices at regular intervals in a process called polling

Answer 105

Object Identifier (SNMP logs) It is a number assigned to each assigned object in the MIB.

Answer 106

Tunnels that connect multiple sites on a WAN

Answer 107

Or host to site. Remote clients establish tunnels with a private network through VPNs.

Answer 108

Point-to-Point Direct private connection over fiber lines. (leased lines). It is a layer 2 communication protocol that enables a workstation to connect to a server using a serial connection such as DSL or Dial-up. Uses authentication protocols such as MS-CHAPv2 and EAP

Answer 109

Network mapping command can show active ports and status.

Answer 110

Protected EAP. Tunnel based TLS tunnel. Creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process. As shown in Figure 10-32, PEAP is called the outer method. Then another form of EAP is used for the inner method, which is the process that occurs inside the protected tunnel. The most common inner method is EAP-MSCHAPv2, which runs an MS-CHAPv2 session inside the tunnel, perhaps to a RADIUS server and beyond to Active Directory.

Answer 111

EAP-Flexible Authentication via Secure Tunneling It is also a form of tunneled EAP. It was developed by Cisco and works similarly to PEAP, except faster. The most important difference with EAP-FAST is that it uses PACs (Protected Access Credentials), which are somewhat similar to cookies that websites store on a user’s computer to track their activities. A PAC is stored on the supplicant device for speedier establishment of the TLS tunnel in future sessions.

Answer 112

Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.

Answer 113

Uses RADIUS to authenticate

Answer 114

Supports VLAN encapsulation

Answer 115

PoE 15.4 Watts

Answer 116

PoE + 25.5 Watts

Answer 117

Virtual Routing and Forwarding Enables the coexistence of multiple virtual routers.

Answer 118

Common Internet File System File system protocol used to access files. Obsolete. Succeeded by SMB

Answer 119

BaaS, also known as mobile backend as a service (MBaaS), is a way of connecting mobile apps to cloud-based services. Instead of using mobile middleware, BaaS creates a unified application programming interface (API) and software developer kit (SDK) to connect mobile apps to back-end services like cloud storage platforms. This includes key features like push notifications, social networking integration, location services and user management.

Answer 120

Mean Time Between Failures The average amount of time that will pass before the next failure is expected to occur.

Answer 121

Mean Time to Repair The average amount of time required to repair a device or restore service.

Answer 122

Request for Proposal

Answer 123

Signal-to-Noise Ratio The proportion of noise to the strength of a signal.

Answer 124

Dual stack means that devices are able to run IPv4 and IPv6 in parallel. It allows hosts to simultaneously reach IPv4 and IPv6 content, so it offers a very flexible coexistence strategy.

Answer 125

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6) and a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels.

Answer 126

It is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.

Answer 127

Frame Check Sequence Ensures that the data at the destination exactly matches the data issued from the source using the CRC algorithm.

Answer 128

Logical Link Control A sublayer of layer 2 that is primary concern with multiplexing, flow and error control, and reliability.

Answer 129

A rainbow table attack is a password cracking method that uses a special table (a “rainbow table”) to crack the password hashes in a database. Applications don’t store passwords in plaintext, but instead encrypt passwords using hashes. After the user enters their password to login, it is converted to hashes, and the result is compared with the stored hashes on the server to look for a match. If they match, the user is authenticated and able to login to the application.

Answer 130

Network File System Allows users to access files located on a remote computer and treat the files and directories as if they were local.

Answer 131

Common Address Redundancy Protocol A protocol that allows a pool of computers or interfaces to share one or more IP addresses. It is a free alternative to HSRP and VPRP

Answer 132

Structured Query Language It is a standardized program language that is used to manage relational databases and perform various operations on the data in them.

Answer 133

It is the placement of malicious code in SQL statements via webpage input.

Answer 134

Device that converts signals from an analog phone into IP data that can travel over the internet and vice versa

Answer 135

Private Branch Exchange. Dedicated phone switch or virtual switching device that connects and manages calls within a private organization and manages all connections that exit the network through a VoIP gateway.

Answer 136

An end user device or application that gives the user access to VoIP services on a network.

Answer 137

Makes use of CPU/RAM usage to help maintain performance and availability.

Answer 138

System Log It is a standard for generating storing, and processing messages about events in a system.

Answer 139

Application-Specific Integrated Circuit. It is a microchip designated for a special application such a particular kind of transmission protocol or a hand-held computer.

Answer 140

Multi-Protocol Label Switch A networking technology that routes traffic using the shortest path based on "labels" rather than network addresses.

Answer 141

Role-Based Access Control A method of access control where a network administrator assigns only the privileges and permissions necessary for a user to perform the role required by an organization

Answer 142

Implemented to enforce checks and balances. Meaning each user can only be a member of a single group in order to perform any tasks at all. This is used to remove root access to unprivileged users

Answer 143

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities: Validates DHCP messages received from untrusted sources and filters out invalid messages.

Answer 144

An ACL rule which ensures that any traffic the ACL does not explicitly permit is denied by default.

Answer 145

Authentication Header (AH) is a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data.

Answer 146

Network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them.

Answer 147

Tool deployed to perform monitoring, troubleshooting and Indepth inspection interpretation, and synthesis of traffic flow data.

Answer 148

Two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices. Also known as Ethernet Bonding.

Answer 149

Effective Isotropic Radiated Power It is a calculation used to estimate the radiated output power of an isotropic antenna.

Answer 150

Dynamic ARP Inspection (DAI) is a security feature in MS switches that protects networks against man-in-the-middle ARP spoofing attacks

Answer 151

First Hop Redundancy Protocol (FHRP) is a hop redundancy protocol that is designed to provide redundancy to the gateway router within the organization’s network by the use of a virtual IP address and virtual MAC address.

Answer 152

Attack when the hacker uses somebody else's connection like wiretapping.

Answer 153

Point-to-Point over Ethernet PPP running over an Ethernet network. Relies on circuit switching.

Answer 154

(Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections

Answer 155

Request for Comment 1918. Address allocation for private internet.

Answer 156

File Integrity Monitoring Also known as change monitoring, examines operating system files, Windows registries, application software, Linux system files, and more, for changes that might indicate an attack.

Answer 157

Multipoint GRE It is a protocol that can be used to enable one note to communicate with many nodes. It can be used for Point-to-Multipoint links using which one node can transmit data to many nodes.

Answer 158

A hub-and-spoke network, often called star network, has a central component that's connected to multiple networks around it. The overall topology resembles a wheel, with a central hub connected to points along the edge of the wheel through multiple spokes. A hub is a central network zone that controls and inspects ingress or egress traffic between zones: internet, on-premises, and spokes.

Answer 159

Recovery Time Objective It is the maximum time for restoring a network or application and regaining access to data after an unplanned disruption.

Answer 160

A clientless SSL VPN is a browser-based VPN that allows a remote user to securely access the corporate resources.

Answer 161

A VPN client is a software based technology that establishes a secure connection between the user and a VPN server. Some VPN clients work in the background automatically, while others have front-end interfaces that allow users to interact with and configure them.

Answer 162

It is a way to identify malicious activity that occurs via encrypted communication channels. Similar to HTTP inspection and TLS inspection.

Answer 163

Synchronous optical networking and synchronous digital hierarchy are standardized protocols that transfer multiple digital bit streams synchronously over optical fiber using lasers or highly coherent light from light-emitting diodes. At low transmission rates data can also be transferred via an electrical interface.

Answer 164

A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs (Certificate Authority).

Answer 165

The server certificate is the one issued to the specific domain the user is needing coverage for.

Answer 166

An MSA (master service agreement) is a contract that defines the terms of future contracts between parties, such as payment terms or arbitration arrangements.

Answer 167

An MLA (master license agreement) grants a license from a creator, developer, or producer, such as a software producer, to a third party for the purposes of marketing, sublicensing, or distributing the product to consumers as a stand-alone product or as part of another product.