Section 3: Network Operations

Question 1

What is the difference between physical and logical diagrams, and what are related documentation types?

Answer 1

Physical Diagrams: Show the physical setup (e.g., cables, racks).
Logical Diagrams: Represent data flow and logical connections (e.g., VLANs, subnets).

Related types:
Rack Diagrams: Equipment placement in racks.
Cable Maps: Physical connections between devices.
Network Diagrams:
Include:
* Layer 1: Physical layout of cables and ports.
* Layer 2: VLANs, switches, and MAC address mapping.
* Layer 3: IP addressing and routing between subnets.

Question 2

What is included in an asset inventory?

Answer 2

Hardware: Devices like servers and routers.
Software: Applications and OS.
**Licensing: **Usage rights for software.
Warranty Support: Expiry dates and service coverage.

Question 3

What are key tools for managing IP and service expectations?

Answer 3

IP Address Management (IPAM): Tracks and allocates IP addresses to avoid conflicts.

Service-Level Agreement (SLA): Defines expected service performance (e.g., uptime, response time).

Question 4

What is a wireless survey/heat map, and why is it useful?

Answer 4

• Visual representation of Wi-Fi signal strength and coverage.
• Helps identify weak zones and optimize access point placement.

Question 5

What are the stages of life-cycle management for IT equipment and software?

Answer 5

End-of-Life (EOL): No longer sold or updated.
End-of-Support (EOS): Vendor stops providing fixes or support.
Software Management: Includes patches, OS updates, and firmware upgrades.
Decommissioning: Safe removal and disposal of outdated equipment.

Question 6

How does change management work?

Answer 6

• Use a formal request and approval process to evaluate, track, and implement changes.
• Prevents disruptions and ensures proper documentation.

Question 7

What is involved in configuration management?

Answer 7

• Production Configuration: Current active setup.
• Backup Configuration: Stored copy for recovery.
• Baseline/Golden Configuration: Standardized settings used as a reference.

Question 8

What is SNMP, and what are its key features?

Answer 8

SNMP (Simple Network Management Protocol): Used to monitor and manage network devices.

Key Features:
* Traps: Notifications sent from devices to alert on issues.
* MIB (Management Information Base): Database of device information.
* Community Strings: Keys for device access.
* Authentication: Ensures secure monitoring in SNMP v3. (Username and password) (password hashes)

Versions:
* v2c: Community-based, limited security.
* v3: Adds encryption and authentication for secure communication.

Question 9

What are the methods of capturing and analyzing network data?

Answer 9

Flow Data: High-level traffic patterns and statistics; used for anomaly detection and usage analysis.

Packet Capture: Captures detailed packet-level traffic for diagnostics and security analysis.

Port Mirroring: Duplicates traffic from one port to another for analysis, often paired with packet capture.

Question 10

How are baseline metrics and log aggregation used in monitoring?

Answer 10

Baseline Metrics:
* Establish normal performance levels for comparison.
* Enable anomaly alerting/notification when deviations occur.

Log Aggregation:
* Centralizes device logs for analysis.
* Tools include:
* Syslog Collector: Gathers and stores logs.
* SIEM (Security Information and Event Management): Analyzes logs for security and event correlation.

Question 11

What is API integration, and how does it assist in monitoring?

Answer 11

• Stands for Application Programming Interface
• Enables external systems to interact with network devices.
• Automates data collection and control for efficient monitoring.

Question 12

What are the key types of network discovery and their uses?

Answer 12

• Ad hoc Discovery: On-demand scans to identify devices and connections.
• Scheduled Discovery: Regular scans to maintain up-to-date network inventories.

Question 13

What are the core types of monitoring in network management?

Answer 13

1. Traffic Analysis: Examines usage patterns, bottlenecks, and anomalies.
2. Performance Monitoring: Tracks metrics like latency and throughput to ensure service quality.
3. Availability Monitoring: Ensures devices and services are operational to maintain uptime SLAs.
4. Configuration Monitoring: Tracks and audits device settings to prevent unauthorized changes.

Question 14

What is RPO?

Answer 14

Recovery Point Objective
* Maximum acceptable amount of data loss during an incident.
* Determines how often backups should be taken.

Question 15

What is RTO?

Answer 15

Recovery Time Objective

• Maximum time allowed to restore systems after an outage.
• Defines the acceptable downtime.

Question 16

What are MTTR and MTBF, and how do they differ?

Answer 16

Mean Time To Repair: Average time to repair a failed component and restore functionality.

Mean Time Between Failures: Average time a system operates without failure.

Question 17

What are the types of DR sites, and how do they differ?

Answer 17

Cold Site: Basic infrastructure, no pre-installed equipment; slowest recovery time.

Warm Site: Partial setup with some pre-installed hardware and data; moderate recovery time.

Hot Site: Fully operational replica of the primary site; fastest recovery time.

Question 18

What are the differences between active-active and active-passive high-availability setups?

Answer 18

Active-Active: All systems are online and share the load, providing seamless failover.

Active-Passive: A secondary system remains idle until the primary system fails, then takes over.

Question 19

What are common methods for testing disaster recovery plans?

Answer 19

Tabletop Exercises: Simulated scenarios to evaluate response procedures without affecting live systems.

Validation Tests: Full-scale tests to ensure systems and processes function as expected in a real disaster.

Question 20

What is DHCP, and what are its 6 key components?

Answer 20

Dynamic Host Configuration Protocol (DHCP): Automatically assigns IP addresses and other configuration to devices.

Key Components:
1. Reservations: Fixed IP assignments for specific devices.
1. Scope: Range of IPs available for assignment.
1. Lease Time: Duration a device retains its assigned IP.
1. Options: Additional settings like DNS servers, gateways.
1. Relay/IP Helper: Forwards DHCP requests across subnets.
1. Exclusions: IPs within the scope that are not assigned dynamically.

Question 21

What is SLAAC, and how does it work?

Answer 21

Stateless Address Autoconfiguration: Allows IPv6 devices to self-configure IP addresses without requiring a DHCP server.

Key Processes:
* NDP (Neighbor Discovery Protocol): Facilitates router advertisements and neighbor discovery in IPv6.

• DAD (Duplicate Address Detection): Ensures the self-configured address is unique within the network.

Question 22

What is the DORA process in DHCP, and how does it work?

Answer 22

The DORA process is the four-step communication sequence used by DHCP to assign IP addresses to devices:

Discover:
* The client broadcasts a message to locate a DHCP server.
* Message: “Is there a DHCP server available?”

Offer:
* The DHCP server responds with an available IP address and configuration details.
* Message: “Here is an IP address you can use.”

Request:
* The client requests to use the offered IP address.
* Message: “I would like to use this IP address.”

Acknowledgment:
* The DHCP server confirms the assignment and finalizes the lease.
* Message: “You can use this IP address.”

Question 23

What is DNS, and what are its key features?

Answer 23

Domain Name System (DNS): Translates human-readable domain names into IP addresses.

Key Features:

DNSSEC: Adds cryptographic authentication to DNS responses to prevent spoofing.

DNS over HTTPS (DoH) and
DNS over TLS (DoT): Encrypts DNS queries for improved privacy and security.

Record Types:
* A: Maps domain names to IPv4 addresses.
* AAAA: Maps domain names to IPv6 addresses.
* CNAME: Provides an alias for another domain name.
* MX: Directs email to the correct mail server.
* TXT: Contains text data, often for email security (e.g., SPF, DKIM).
* NS: Identifies the authoritative nameservers for a domain.
* PTR: Maps IP addresses to domain names (used for reverse lookups).

Question 24

What are common time protocols, and what do they do?

Answer 24

NTP (Network Time Protocol): Synchronizes system clocks across devices with millisecond accuracy, ensuring consistent timestamps.
* NTS (Network Time Security): Adds cryptographic security to NTP to prevent spoofing or tampering.

PTP (Precision Time Protocol): Offers sub-microsecond accuracy, crucial for time-sensitive applications like industrial automation and financial trading.

Question 25

What are the types of DNS zones, and how do they function?

Answer 25

Forward Zone: Resolves domain names to IP addresses.
Reverse Zone: Resolves IP addresses to domain names.

Zone Types:
* Primary Zone: Editable and contains the master copy of DNS records.
* Secondary Zone: Read-only copy of the primary zone, used for redundancy.

Authoritative vs. Non-Authoritative:
* Authoritative DNS: Provides answers directly from the zone file it manages.
* Non-Authoritative DNS: Relays answers obtained from another server.

Recursive DNS: Performs complete lookups by querying multiple servers to resolve a domain name.

Question 26

What is the Hosts file, and how is it used?

Answer 26

• A local file that maps domain names to IP addresses.
• Takes precedence over DNS for resolving entries listed in the file.
• Commonly used for testing, development, or blocking certain domains.

Question 27

What is a site-to-site VPN, and how is it used?

Answer 27

• Connects two or more networks securely over the internet.
• Often used for branch office or inter-office communication.
• Uses encryption to ensure data confidentiality over public networks.

Question 28

What is a client-to-site VPN, and how does it differ from a site-to-site VPN?

Answer 28

• Provides secure remote access for individual users to connect to a private network. (Remote work)
• Enables users to access resources as if they were physically on the network.

Question 29

What are the types of tunnels in a client-to-site VPN?

Answer 29

• Split Tunnel: Only specific traffic (e.g., corporate traffic) is routed through the VPN. 2 separate tunnels
• Full Tunnel: All traffic is routed through the VPN, enhancing security.

Question 30

What is a clientless VPN, and how does it work?

Answer 30

• Allows users to connect securely via a web browser without needing additional software.
• Typically used for quick, lightweight remote access.

Question 31

What are the common connection methods for remote management?

Answer 31

• SSH: Secure, text-based remote access via command line.
• GUI: Remote access using a graphical interface (e.g., Remote Desktop).
• API: Automates tasks through programmable interfaces.
• Console: Direct physical connection for device configuration and troubleshooting.

Question 32

What is a jump box/host, and why is it important?

Answer 32

• A secure intermediary system used to access sensitive devices in a network.
• Acts as a gateway, reducing exposure to threats and limiting direct access to critical systems.

Question 33

What is the difference between in-band and out-of-band management?

Answer 33

In-Band Management:
* Uses the regular data network for management tasks.
* Requires the network to be operational.

Out-of-Band Management:
* Uses a separate, dedicated connection for management (e.g., serial console or dedicated LAN).
* Remains accessible even if the primary network fails.