Section 3: Network Operations Flashcards
What is the difference between physical and logical diagrams, and what are related documentation types?
Physical Diagrams: Show the physical setup (e.g., cables, racks).
Logical Diagrams: Represent data flow and logical connections (e.g., VLANs, subnets).
Related types:
Rack Diagrams: Equipment placement in racks.
Cable Maps: Physical connections between devices.
Network Diagrams:
Include:
* Layer 1: Physical layout of cables and ports.
* Layer 2: VLANs, switches, and MAC address mapping.
* Layer 3: IP addressing and routing between subnets.
What is included in an asset inventory?
Hardware: Devices like servers and routers.
Software: Applications and OS.
Licensing: Usage rights for software.
Warranty Support: Expiry dates and service coverage.
What are key tools for managing IP and service expectations?
IP Address Management (IPAM): Tracks and allocates IP addresses to avoid conflicts.
Service-Level Agreement (SLA): Defines expected service performance (e.g., uptime, response time).
What is a wireless survey/heat map, and why is it useful?
- Visual representation of Wi-Fi signal strength and coverage.
- Helps identify weak zones and optimize access point placement.
What are the stages of life-cycle management for IT equipment and software?
End-of-Life (EOL): No longer sold or updated.
End-of-Support (EOS): Vendor stops providing fixes or support.
Software Management: Includes patches, OS updates, and firmware upgrades.
Decommissioning: Safe removal and disposal of outdated equipment.
How does change management work?
- Use a formal request and approval process to evaluate, track, and implement changes.
- Prevents disruptions and ensures proper documentation.
What is involved in configuration management?
- Production Configuration: Current active setup.
- Backup Configuration: Stored copy for recovery.
- Baseline/Golden Configuration: Standardized settings used as a reference.
What is SNMP, and what are its key features?
SNMP (Simple Network Management Protocol): Used to monitor and manage network devices.
Key Features:
* Traps: Notifications sent from devices to alert on issues.
* MIB (Management Information Base): Database of device information.
* Community Strings: Keys for device access.
* Authentication: Ensures secure monitoring in SNMP v3. (Username and password) (password hashes)
Versions:
* v2c: Community-based, limited security.
* v3: Adds encryption and authentication for secure communication.
What are the methods of capturing and analyzing network data?
Flow Data: High-level traffic patterns and statistics; used for anomaly detection and usage analysis.
Packet Capture: Captures detailed packet-level traffic for diagnostics and security analysis.
Port Mirroring: Duplicates traffic from one port to another for analysis, often paired with packet capture.
How are baseline metrics and log aggregation used in monitoring?
Baseline Metrics:
* Establish normal performance levels for comparison.
* Enable anomaly alerting/notification when deviations occur.
Log Aggregation:
* Centralizes device logs for analysis.
* Tools include:
* Syslog Collector: Gathers and stores logs.
* SIEM (Security Information and Event Management): Analyzes logs for security and event correlation.
What is API integration, and how does it assist in monitoring?
- Stands for Application Programming Interface
- Enables external systems to interact with network devices.
- Automates data collection and control for efficient monitoring.
What are the key types of network discovery and their uses?
- Ad hoc Discovery: On-demand scans to identify devices and connections.
- Scheduled Discovery: Regular scans to maintain up-to-date network inventories.
What are the core types of monitoring in network management?
- Traffic Analysis: Examines usage patterns, bottlenecks, and anomalies.
- Performance Monitoring: Tracks metrics like latency and throughput to ensure service quality.
- Availability Monitoring: Ensures devices and services are operational to maintain uptime SLAs.
- Configuration Monitoring: Tracks and audits device settings to prevent unauthorized changes.
What is RPO?
Recovery Point Objective
* Maximum acceptable amount of data loss during an incident.
* Determines how often backups should be taken.
What is RTO?
Recovery Time Objective
- Maximum time allowed to restore systems after an outage.
- Defines the acceptable downtime.
What are MTTR and MTBF, and how do they differ?
Mean Time To Repair: Average time to repair a failed component and restore functionality.
Mean Time Between Failures: Average time a system operates without failure.
What are the types of DR sites, and how do they differ?
Cold Site: Basic infrastructure, no pre-installed equipment; slowest recovery time.
Warm Site: Partial setup with some pre-installed hardware and data; moderate recovery time.
Hot Site: Fully operational replica of the primary site; fastest recovery time.
What are the differences between active-active and active-passive high-availability setups?
Active-Active: All systems are online and share the load, providing seamless failover.
Active-Passive: A secondary system remains idle until the primary system fails, then takes over.
What are common methods for testing disaster recovery plans?
Tabletop Exercises: Simulated scenarios to evaluate response procedures without affecting live systems.
Validation Tests: Full-scale tests to ensure systems and processes function as expected in a real disaster.
What is DHCP, and what are its 6 key components?
Dynamic Host Configuration Protocol (DHCP): Automatically assigns IP addresses and other configuration to devices.
Key Components:
1. Reservations: Fixed IP assignments for specific devices.
1. Scope: Range of IPs available for assignment.
1. Lease Time: Duration a device retains its assigned IP.
1. Options: Additional settings like DNS servers, gateways.
1. Relay/IP Helper: Forwards DHCP requests across subnets.
1. Exclusions: IPs within the scope that are not assigned dynamically.
What is SLAAC, and how does it work?
Stateless Address Autoconfiguration: Allows IPv6 devices to self-configure IP addresses without requiring a DHCP server.
Key Processes:
* NDP (Neighbor Discovery Protocol): Facilitates router advertisements and neighbor discovery in IPv6.
- DAD (Duplicate Address Detection): Ensures the self-configured address is unique within the network.
What is the DORA process in DHCP, and how does it work?
The DORA process is the four-step communication sequence used by DHCP to assign IP addresses to devices:
Discover:
* The client broadcasts a message to locate a DHCP server.
* Message: “Is there a DHCP server available?”
Offer:
* The DHCP server responds with an available IP address and configuration details.
* Message: “Here is an IP address you can use.”
Request:
* The client requests to use the offered IP address.
* Message: “I would like to use this IP address.”
Acknowledgment:
* The DHCP server confirms the assignment and finalizes the lease.
* Message: “You can use this IP address.”
What is DNS, and what are its key features?
Domain Name System (DNS): Translates human-readable domain names into IP addresses.
Key Features:
DNSSEC: Adds cryptographic authentication to DNS responses to prevent spoofing.
DNS over HTTPS (DoH) and
DNS over TLS (DoT): Encrypts DNS queries for improved privacy and security.
Record Types:
* A: Maps domain names to IPv4 addresses.
* AAAA: Maps domain names to IPv6 addresses.
* CNAME: Provides an alias for another domain name.
* MX: Directs email to the correct mail server.
* TXT: Contains text data, often for email security (e.g., SPF, DKIM).
* NS: Identifies the authoritative nameservers for a domain.
* PTR: Maps IP addresses to domain names (used for reverse lookups).
What are common time protocols, and what do they do?
NTP (Network Time Protocol): Synchronizes system clocks across devices with millisecond accuracy, ensuring consistent timestamps.
* NTS (Network Time Security): Adds cryptographic security to NTP to prevent spoofing or tampering.
PTP (Precision Time Protocol): Offers sub-microsecond accuracy, crucial for time-sensitive applications like industrial automation and financial trading.
What are the types of DNS zones, and how do they function?
Forward Zone: Resolves domain names to IP addresses.
Reverse Zone: Resolves IP addresses to domain names.
Zone Types:
* Primary Zone: Editable and contains the master copy of DNS records.
* Secondary Zone: Read-only copy of the primary zone, used for redundancy.
Authoritative vs. Non-Authoritative:
* Authoritative DNS: Provides answers directly from the zone file it manages.
* Non-Authoritative DNS: Relays answers obtained from another server.
Recursive DNS: Performs complete lookups by querying multiple servers to resolve a domain name.
What is the Hosts file, and how is it used?
- A local file that maps domain names to IP addresses.
- Takes precedence over DNS for resolving entries listed in the file.
- Commonly used for testing, development, or blocking certain domains.
What is a site-to-site VPN, and how is it used?
- Connects two or more networks securely over the internet.
- Often used for branch office or inter-office communication.
- Uses encryption to ensure data confidentiality over public networks.
What is a client-to-site VPN, and how does it differ from a site-to-site VPN?
- Provides secure remote access for individual users to connect to a private network. (Remote work)
- Enables users to access resources as if they were physically on the network.
What are the types of tunnels in a client-to-site VPN?
- Split Tunnel: Only specific traffic (e.g., corporate traffic) is routed through the VPN. 2 separate tunnels
- Full Tunnel: All traffic is routed through the VPN, enhancing security.
What is a clientless VPN, and how does it work?
- Allows users to connect securely via a web browser without needing additional software.
- Typically used for quick, lightweight remote access.
What are the common connection methods for remote management?
- SSH: Secure, text-based remote access via command line.
- GUI: Remote access using a graphical interface (e.g., Remote Desktop).
- API: Automates tasks through programmable interfaces.
- Console: Direct physical connection for device configuration and troubleshooting.
What is a jump box/host, and why is it important?
- A secure intermediary system used to access sensitive devices in a network.
- Acts as a gateway, reducing exposure to threats and limiting direct access to critical systems.
What is the difference between in-band and out-of-band management?
In-Band Management:
* Uses the regular data network for management tasks.
* Requires the network to be operational.
Out-of-Band Management:
* Uses a separate, dedicated connection for management (e.g., serial console or dedicated LAN).
* Remains accessible even if the primary network fails.