Networking Devices/Hardware

Question 1

What is an example of an Application-Specific Integrated Circuit (ASIC)?

Answer 1

A layer 2 (dumb) switch is an example of an ASIC as the bridging is done physically, by hardware circuitry.

Question 2

Does a NGFW (Next Gen FireWall) filter traffic by port number or application?

Answer 2

NGFW’s filter traffic by application, as opposed to older firewalls which filter by port number.

Question 3

What is QoS?

Answer 3

Quality of Service (QoS) is the use of technologies and devices to prioritise certain network traffic over others.

Question 4

What type of network storage provides file level access?

Answer 4

NAS - Network Attached Storage provides file level access which means that to change something on a NAS the entire file must be downloaded to the host then edited and reuploaded to make a change. This can be very time consuming!

Question 5

Is block-level access provided by SAN/NAS or both?

Answer 5

Only SAN - Storage Area Network - provides block-level access (looks and feels like an internal storage drive) can edit a single block of data stored on the SAN without downloading the whole file! Very efficient. SAN is more expensive than NAS because it’s a lot more efficient.

Question 6

Are Access Points (APs) layer 2 or 3 devices in the OSI model and why?

Answer 6

Layer 2 - Data Control Layer - because they convert data from WiFi to Ethernet based on MAC routing.

Question 7

What does a Wireless LAN (WLAN) Controller do?

Answer 7

Centralise management of access points.
Performance and security monitoring.
Configure and deploy changes to all Access Points.

Question 8

What is a CDN?

Answer 8

Content Delivery Network (CDN) is a geographically distributed/spread network of caching servers that provide data to local users when requested a lot quicker than if they had to get it from the original source storage server which was on the other side of the world.

CDN’s speed up how long it takes to get data from one place to another.

Question 9

What is traffic shaping/packet shaping?

Answer 9

Alternative terms for QoS (Quality of Service) - prioritisation of certain data packets by bandwidth usage (% of max data rate at any given time) or data rate (max theoretical speed of data transfer).

Managed in router, switches, firewalls, QoS devices (e.g. WLAN controller).

Question 10

Router with IP address 10.1.10.5 keeps sending a data packet to a router with IP 10.1.10.7 which keeps sending it back to the first router. What is this loop referred to as?

Answer 10

Routing loop - where two routers keep sending data back to each other thinking that’s where it should go on its next hop. This creates an infinite loop/routing loop until the TTL (Time To Live) value = 0.

Each hop decreases the TTL by 1.

Question 11

If a data packet has a TTL=23 and it goes through 13 router devices, what is the new TTL=?

Answer 11

TTL=10 because the packet has done 13 hops (TTL count decreases by 1 for each router the packet goes through).

Default TTL for Windows is 128
Default TTL for macOS/Linux is 64

When TTL=0 the data packet is destroyed.

Question 12

Is the TTL of a DNS lookup the same as the TTL of a data packet on a network?

Answer 12

No! TTL is measured differently for different protocols.

TTL for DNS lookup = measured in seconds. TTL=seconds.
TTL for data packet sent over a network = measured in hops. TTL=hops
Etc. (different for other protocols)

Question 13

What is SDN?

Answer 13

Software Defined Networking (SDN) = abstracting the jobs of network hardware devices (like routers, switches, firewalls) into a virtual/logical version - software performing the job of hardware.

This increases scalability and manageability from a centralised console.

SDN is focused on small LAN’s.

Question 13

SDN splits functions into three layers/planes what are they?

Answer 13

Data Plane/Virtual Infrastructure = processes the network frames/packets. E.g. the actual forwarding (not routing decisions!), encrypting, NAT

Control Plane/Brain = manages the actions/decisions for the data plane. Routing tables, NAT tables, session tables. Dynamic routing updating.

Management Plane/Application Layer/Config. plane = configuring the virtual devices as a user uses the management plane. E.g. connecting into the devices and changing their settings via SSH.

Question 14

What is an SD-WAN?

Answer 14

Software Defined Wide Area Network (SD-WAN) is a virtual architecture that connects LAN’s over a long distance. SDN for WAN’s.

They use zero-touch provisioning which means that new virtual and physical devices are automatically configured and integrated into the network.

Question 15

What is Zero-touch provisioning?

Answer 15

The automatic configuration and integration of both hardware and virtualised (SDN) hardware devices added to a network - no manual configuration required.

It automatically sets up optimal network traffic pathways and can auto-correct itself/evolve on the fly based on traffic patterns and network health!

It also centralises policy management so there is only one device/console to configure which then pushes out any changes across the network of devices.

Question 16

What is DCI - Data Center Interconnect?

Answer 16

DCI is the process of seamlessly connecting multiple data centres together from different locations. DCI is enabled via VXLAN technology. (Virtual eXtensible LAN)

Question 17

What does VXLAN technology do?

Answer 17

Enables DCI - Data Center Interconnect - connect multiple geographically located data centres together as one seamlessly.

Designed for large service providers with hundreds of thousands of tennants.

It operates at Layer 3 (Network) so is routable unlike basic VLAN’s which operate at Layer 2 so aren’t. This means that VXLAN can support up to 16+ million virtual networks whereas VLAN can only support 4000.

Question 18

What 24 bit number is used to identify a specific VXLAN?

Answer 18

VNI - VXLAN Network Identifier - a 24 - bit value to uniquely identify a VXLAN.

Question 19

What is a VXLAN tunnel?

Answer 19

A way of connecting two or more VXLAN’s (identified by their VNI) together. Data packets are encapsulated in a VXLAN header - sent across the tunnel over IP and then decapsulated by the destination VXLAN.

Question 20

What is Infrastructure as Code (IaC)? And how would you store it.

Answer 20

Describing your physical network infrastructure/hardware as code therefore allowing you to replicate it in the cloud and create/modify/test/version (create versions) as you see fit. Store this code as DEFINITION FILES.

You can also test simulations such as disaster recovery, server outages and create automated plans of action to address them should they arise.

These simulations/responses/plays are often integrated into a SOAR platform - network management console.
Security
Orchestration
Automation and
Response

Question 21

What is a SOAR platform for in relation to a network?

Answer 21

SOAR platform - centralised network management console.
Security
Orchestration
Automation and
Response

Question 22

What is source code?

Answer 22

The default version/core of a program/code - the skeleton of it. This can be then modified into various different versions and contributions in things like Git which can then be tested and deployed as desired.