Download Advanced Networking Devices: VPNs, Switches, and VLANs and more Exams Advanced Education in PDF only on Docsity!
Networking Chapter 11: Advanced
Networking Devices
Virtual Private Network (VPN) - correct answer Companies can establish direct private network links among themselves or create private, secure Internet access, in effect a "private tunnel" within the Internet endpoints - correct answer the ends of the tunnel where the data is encrypted and decrypted. VPN Tunnel - correct answer The secure connection created between user's computer and a company's network is called a(n) _____. Point-to-Point Tunneling Protocol (PPTP) - correct answer A protocol that works with PPP to provide a secure data link between computers using encryption. (Data Link Layer) Routing and Remote Access Service (RRAS) - correct answer A special remote access server program, originally only available on Windows Server, on which a PPTP endpoint is placed in Microsoft networks. VPN Connection Quality - correct answer A system connected to a VPN looks as though it's on the local network but performs much slower than if the system was connected directly back at the office because it's not local at all. host-to-site VPN - correct answer A VPN created between a host and a network across a local or intermediary network. Also known as a remote access VPNs. Layer 2 Tunneling Protocol (L2TP) - correct answer VPN technology that has quickly gaining popularity due to the inclusion of IPSec as its security protocol. Runs on almost any type of connection, including telephone lines, ethernet, and fiber.
Layer 2 Forwarding (L2F) - correct answer A VPN protocol designed (by Cisco Systems) with the intent of providing a tunneling protocol for PPP. Like L2TP, L2F lacks native security features. VPN concentrator - correct answer A device that aggregates hundreds or thousands of VPN connections. client-to-site VPN - correct answer Also known as a remote-access VPN, a client-to- site VPN interconnects a remote user with a site, as an alternative to dial-up or ISDN connectivity, at a reduced cost. site-to-site VPN - correct answer Interconnects two sites, as an alternative to a leased line, at a reduced cost. host-to-host VPN - correct answer A type of VPN in which two computers create a VPN tunnel directly between them. Both computers must have the appropriate software installed, and they can't serve as a gateway to other hosts on their respective networks. SSL VPN (Secure Socket Layer VPN) - correct answer A VPN format that works with a web browser (installing a separate client is not necessary); The two most common types of SSL VPNs are SSL portal VPNs and SSL tunnel VPNs. Datagram TLS (DTLS) - correct answer optimize connections for delay-sensitive applications, such as voice and video over a VPN. Uses UDP datagrams rather than TCP segments for communication. This enhances certain types of VPN traffic. Dynamic Multipoint VPN (DMVPN) - correct answer a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner; enables direct VPN connections between multiple locations directly. Also employs standard security (IPsec) to make all the connections secure from unwanted prying. IPSec VPN - correct answer a secure implementation of VPN with encryption Generic Routing Encapsulation (GRE) - correct answer A tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets;
HTTPS/ management URL - correct answer Switches with Web management interfaces often provide a well-protected ______/________________ ___ that administrators can use to log into the switch via the Internet (another example of in- band management). Out-of-Band Management Options - correct answer management URL, modem connection, console port console router - correct answer a router with out-of-band management capabilities. Virtual Local Area Network (VLAN) - correct answer a logical network that can separate physical devices without regard to the physical location of the device trunking - correct answer is the process of transferring VLAN traffic between two or more switches trunk port - correct answer A port on a switch configured to carry all data, regardless of VLAN number, between all switches in a LAN. Every Ethernet switch uses the IEEE 802.1Q trunk standard that enables you to connect switches from different manufacturers. native VLAN - correct answer An untagged VLAN on a switch that will automatically receive all untagged frames. Options for native VLANs vary according to the switch manufacturer and model. Most popular switch configuration method - correct answer The most common method is to log into the switch using SSH—not Telnet, because you need security— and use the command-line interface. VLAN assignment - correct answer Assigning each port to a VLAN means that whatever computer plugs into that port, its traffic will get tagged with that port's VLAN. static VLAN - correct answer A VLAN that is manually configured port by port. This is the method typically used in production networks.
dynamic VLAN - correct answer relies on assigning VLAN membership by examining the MAC address of the device connecting to a switch port. tagging - correct answer Workstations plug into access ports—regular ports that have been configured as part of a VLAN—that do the work of tagging traffic with the appropriate VLAN when frames enter the switch; If the trunk port's native VLAN is the same as the access port's VLAN, then the switch drops the tag and sends the untagged frame out the trunk port. why you would want to change a native VLAN - correct answer Double-tagging attack Double tagging attack - correct answer The native VLAN opens your network to a nasty vulnerability called a _______-__________ _______ that lets the attacker access VLANs they should not be able to access. VLAN Trunking Protocol (VTP) - correct answer Cisco's protocol to automate the updating of multiple VLAN switches. Each switch is put into one of three states: server, client, or transparent. When you make changes to the VLAN configuration of the server switch, all the connected client switches update their configurations within minutes. The big job of changing every switch manually just went away. When you set a VLAN switch to transparent, you tell it not to update but to hold onto its manual settings. VTP Pruning - correct answer The VTP feature by which switches dynamically choose interfaces on which to prevent the flooding of frames in certain VLANs, when those frames do not need to go to every switch in the network; a tool for minimizing broadcast traffic. This can be a very useful tool on larger-scale networks. InterVLAN Routing - correct answer A feature on some switches to provide routing between VLANs. Router on a stick - correct answer type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network DHCP relay - correct answer A services that relays DHCP requests to DHCP servers that exist in remote networks
administratively defined rate. shapers - correct answer The routers and switches that can implement traffic shaping port bonding - correct answer The logical joining of multiple redundant ports and links between two network devices such as a switch and storage array. Link Aggregation Control Protocol (LACP) - correct answer A protocol currently defined by IEEE's 802.1AX standard that dynamically coordinates communications between two hosts. Port Aggregation Protocol (PAgP) - correct answer protocol for accomplishing port aggregation Port Aggregation Protocol - correct answer A Cisco-proprietary protocol that aids in the automatic creation of EtherChannel links. NIC teaming - correct answer A type of link aggregation in which two or more NICs work in tandem to handle traffic to and from a single node. network protection - correct answer • Intrusion protection/intrusion prevention
- Port mirroring
- Proxy serving
- AAA Intrusion Detection System (IDS) - correct answer a system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions network-based IDS - correct answer consists of multiple sensors placed around the network, often on one or both sides of the gateway router. These sensors report to a central application that, in turn, reads a signature file to detect anything out of the ordinary
signatures - correct answer Different types of network traffic have detectable patterns definition files - correct answer Antivirus update files; also known as signature files. signature management - correct answer help monitor and protect network traffic from malicious code, picking out known and suspect malware signatures with continuously updating definition files. host-based IDS - correct answer An IDS system that primarily uses software installed on a specific host such as a web server. signature-based IDS - correct answer A type of monitoring used on intrusion detection and intrusion prevention systems. It detects attacks based on known attack patterns documented as attack signatures. behavior-based IDS - correct answer Models normal behavior of a system and its user from reference information collected by various means Intrusion Prevention System (IPS) - correct answer software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks; First, an ___ can stop an attack while it is happening. No need to request help from any other devices. Second, the network bandwidth and latency take a hit. Third, if the ___ goes down, the link might go down too. Network Intrusion Prevention System (NIPS) - correct answer A technology that monitors network traffic to immediately react to block a malicious attack. host-based intrusion prevention system (HIPS) - correct answer A technology that monitors host traffic to immediately react to block a malicious attack. port mirroring - correct answer A monitoring technique in which one port on a switch is configured to send a copy of all its traffic to a second port.
