OSI, Physical, Cloud, Topology Flashcards
1.1-3, 1.5
1
Q
List OSI Layers
A
7 - Application All
6 - Presentation People
5 - Session Seem
4 - Transport To
3 - Network Need
2 - Data Link Data
1 - Physical Processing
2
Q
MAC
A
Media Access Control
3
Q
Layer 4
A
Transport
Post Office layer
Ports
TCP/UDP
4
Q
Layer 5
A
Session
Comms mgmt
Control/tunneling
5
Q
Layer 6
A
Presentation
Character encoding
Encryption
6
Q
Layer 7
A
Application
HTTP, FTP, DNS, POP3, etc
7
Q
Firewall - Traditional vs NGFW
A
NGFW - Application monitoring
VPN, act as router, NAT, Dynamic routing
8
Q
IDS/IPS
A
Intrusion Detection System
Intrusion Prevention System
9
Q
Load Balancer
A
Distribute traffic across multiple servers
TCP Offload
SSL Offload
Caching
Prioritization - QoS
10
Q
Proxies
A
Btw user and external network
Caching
Scan for malware
filter urls
11
Q
NAS
A
Network Attached Storage
File level access
Sharepoint
12
Q
SAN
A
Storage Area Network
Block level access
Looks like local drive
13
Q
Wireless LAN Controller
A
Manage multiple access points/configurations
Monitor usage
14
Q
CDN
A
Content Delivery Network
Cache and duplicate data locally
Netflix
15
Q
QoS
A
Quality of Service
Prioritize important applications’ traffic
16
Q
TTL
A
Time to Live
Stop task if it’s been running too long
Clear a cache after set time
IP packet - Stop routing loops - number of hops
DNS - TTL is how long to hold cache
17
Q
NFV
A
Network Function Virtualization
Virtual network devices
Routing, switching, load balancing, firewalls, etc
18
Q
VPC
A
Virtual Private Cloud
Pool of resources created in a public cloud
19
Q
Transit Gateway
A
Connect VPCs to each other
20
Q
Internet Gateway
A
VPC Gateway - connect users on the internet
21
Q
NAT Gateway
A
Connect VPC to external resources
External resources cannot access private cloud
22
Q
VPC Endpoint
A
Direct connection between different cloud provider networks
23
Q
Security Groups
A
Cloud firewall
- assign security rules to individual devices and network connections
24
Q
Security List
A
List of firewall rules for cloud
- very broad, rules apply to all the cloud devices
use Security Group for more granularity
25
Socket
Combination of IP address, protocol, and port number
26
802.11
Wireless Standard
27
802.11a
5GHz
6-54 Mbit/s
28
802.11b
2.4 GHz
1-11 MBit/s
29
802.11g
2.4 GHz
6-54 MBit/s
30
802.11n
Wi-Fi 4
2.4 / 5 GHz
72-600 MBit/s
31
802.11ac
Wi-Fi 5
5GHz
433-6,908 MBit/s
32
802.11ax
Wi-Fi 6 & 6E
2.4 / 5 / 6 GHz
574-9,608 MBit/s
33
802.11be
Wi-Fi 7
2.4 / 5 / 6 GHz
1,376-46,120 MBit/s
34
4G LTE
Long Term Evolution
Converged GSM and CDMA
150 Mbit/s
35
4G LTE-A
300 MBit/s
36
5G
10 GBit/s
37
SATCOM performance
~100 MBit/s down, 5 MBit/s up
Latency;
- 250 ms up/down
- 40 ms up/down
38
802.3
Ethernet standard
39
1000BASE-T
Twisted Pair
GB Ethernet
Copper
1 GBit/s
40
10GBASE-T
Twisted Pair
10 GBit/s
copper
41
1000BASE-SX
Fiber
1GBit/s
42
BASE
Baseband
Single frequency used
43
Broadband
Many frequencies used
44
Ferrule
The polished end of a fiber
45
Fiber Core
The tiny end of the fiber seen in the center of the ferrule
46
Multimode Fiber
Up to 2 km
LED
Core larger than light wavelength
47
Single Mode Fiber
up to 100 km
Laser light source
48
TV Cable
RG-6
49
Twinaxial cable
10Gbit Ethernet
max 5 m
low cost/latency
50
Plenum
Space above ceiling or below floor where wiring is run
51
Plenum cable
Fire resistant, no toxic fumes in burnt
PVC jacket or FEP
Not as flexible
52
Transceiver
Modular network interface
53
SFP
Small Form Factor Pluggable
Transceiver
1G/s
54
SFP+
Same size as SFP
10G/s
55
QSFP
Quad Small Form Factor Pluggable
4 channels - 4x 1G/s = 4G/s
QSFP+
4x 10G/s = 40G/s
56
SC connector
Subscriber Connector
Often combined into a par for RX/TX
57
LC connector
Local Connector
smaller than SC
Clips in place
58
SC Connector
59
LC Connector
60
ST connector
Straight Tip
1/4twist to lock in place
61
ST Connector
62
MPO connector
Multifiber Push-On
12 fibers in one connector
63
MPO Connector
64
6P2C
6 Position 2 Conductor
65
RJ-11
Registered Jack type 11
Phone chord
6P2C
66
RJ-11
67
RJ-45
Registered Jack type 45
8P8C
Ethernet
68
F-Connector
Coax cable
Cable internet
69
F-Connector
70
RJ-45
71
BNC connector
Coax
1/4 twist
72
BNC connector
73
Spine and Leaf architecture
Spine switches on top
Leaf switches in middle
devices connected to leaf switches
74
Three-Tier Architecture
Core
Distribution
Access
Core
- Web servers, databases, apps
Distribution
- comms between access switches
- manage path to end users
Access
- where users connect
- end stations, printers
75
Collapsed Core Architecture
Like 3-tier but without the middle
Core does the distribution
76
North-South traffic flow
Leaving or entering the data center
77
East-West traffic flow
Traffic between devices in the same data center
Fast response
78
Planes of Operation
Data
Control
Management
79
SDN
Software Defined Network
Virtualize network hardware
80
SD-WAN
Software Defined - Wide Area Network
81
Application Aware
WAN knows which app is in use
Routes/blocks traffic based on application data
82
Zero-Touch Provisioning
Automatically configure remote devices
Can change in response to traffic patterns/network health
83
Transport Agnostic
SD-WAN can include any/multiple types of hardware
- Cable, DSL, Fiber, 5G, etc
84
Central Policy Management
Manage multiple devices from a single console
Changes pushed to SD-WAN devices
85
DCI
Data Center Interconnect
Span across geographic areas
86
VXLAN
Virtual Extensible Local Area Network
Use DCI to extend LAN across geographic areas
Advantage - scalability - more networks
87
VLAN vs VXLAN
VLAN
- Max ~4,000 virtual networks
- Limited to Layer 2
- Not designed for large scale
- Not designed for dynamic movement of VMs
VXLAN
- Max >16 million virtual networks
- Tunnel frames across Layer 3 network
- Designed for large virtual environments
88
VXLAN Frame Structure
VXLAN encapsulates the original frame in a Layer 3 packet to send through the Layer 3 tunnel to the remote network.
Original Frame:
|Eth Header|IP Header|Payload|
VXLAN Frames:
|Eth H|IP H|UDP H|VXLAN H|Orig Frame|Eth H Check Seq|
89
ZTA
Zero Trust Architecture
Security within network in addition to edge security
Every device/user is untrusted by default
90
Policy-Based Authentication
Adaptive Identity
Policy-Based Authentication
91
Adaptive Identity
- consider source and requested resource
- Risk Indicators
- position in org, location, connection type, address, etc
- Different level of trust based on characteristics
- more trust if person logging in is inside the building
92
Policy-Based Authentication
Combine Adaptive Identity with Set of Rules
93
Authorization
Different access rights per user
94
Least Privilege Access
Bare minimum rights/permissions
95
SASE
"sassy"
Secure Access Service Edge
Next Gen VPN
Move security devices onto cloud
96
IaC
Infrastructure as Code
Network devices virtualized in code
97
Playbooks
Predefined steps to follow to perform a task or react to an event
Automate network management processes
Reusable template
98
SOAR
Security Orchestration, Automation, and Response
- Integrate 3rd-party tools, data sources to Playbook
99
Config/Drift/Compliance
SOAR/Playbook ensures same config for all systems
IaC -> identical deployment
100
IaC - Upgrades
Change configuration by altering a single line of code
101
Dynamic Inventories
Query devices and make changes in real time
102
Source Control
Manage change through requirements, publish definition files
- Version Control
- Track Changes
- Compatibility
Git is an example
103
Band Steering - WiFi
Direct devices to the best frequency
Default to strongest signal, but not always the best
104
802.11h
Adds interoperability standards so US and European devices can work together
Includes DFS, TPC
105
DFS
Dynamic Frequency Selection
802.11h
Avoid frequency conflict
Access point switches to unused frequency
106
TPC
Transmit Power Control
Avoid conflict with SATCOM
Access point determines power output of client
107
IBSS
Independent Basic Service Set
Ad Hoc
- no access point
- IoT
108
SSID
Service Set Identifier
WiFi network name
109
BSSID
Basic Service Set Identifier
MAC of Access Point
110
ESSID
Extended Service Set Identifier
Use same network name across many access points - WiFi to a large building
Device automatically roams
111
Captive Portal
Login screen to log into WiFi Network
112
WPA2
WiFi Protected Access 2
113
PSK
Pre Shared Key
114
Enterprise - WiFi Authentication
802.1X
Username, PW to access network
115
Lightweight Access Point
AP has just enough computing power to run 802.11
All intelligence is located in the switch
116
WPA3
Intro 2018
Uses GCMP encryption - stronger than WPA2
117
IDF
Intermediate Distribution Frame
Any location with passive cable termination
A Punch-Down Block
118
MDF
Main Distribution Frame
119
Rack Size
19" wide
Height measured in rack units
- 1U is 1.75"
120
UPS
Uninterruptable Power Supply
121
PDU
Power Distribution Unit
Basically a power strip for server racks
122
Humidity
High - condensation
Low - static discharge
Keep 40-60%
123
Temperature
Optimal ~64-81F
124
Split Tunnel - VPN
Some traffic on VPN some not
125
Full Tunnel - VPN
All traffic through VPN
126
Jump Box
Server providing connection to a secure network
127
In-Band Management
Assign IP address to device to access device for network management
128
Out-Of-Band Management
Use serial interface - not on network
Modern - USB
Connect a modem to access when network is down
Console port
129
BSS
Basic Service Set
A group of wireless clients and a single AP that communicate with each other in a specific area
130
STP Cable
Shielded Twisted Pair
Prevent EMI, cross-talk
131
Fiber Channel
High speed network tech designed for SANs
