3- Network Operations

These flashcards cover critical concepts from the Network Operations and Network Security sections, including high availability, disaster recovery, backup strategies, RAID, authentication, AAA, NAC, attacks, mitigation, wireless security, and hardening best practices.

Which two technologies commonly rely on virtual IP addresses for high availability?

Clustering and load balancing

In disaster‐recovery planning, which site type can be brought online the fastest?

A hot site

Which disaster‐recovery site type is typically the least expensive to maintain?

A cold site

What does RTO stand for in business continuity planning?

Recovery Time Objective – the maximum allowable time to restore a service after a failure

MTTF is used to describe devices that are _.

Not repairable (Mean Time to Failure)

If a server has two power supplies on one UPS and a generator-backed circuit, which single failure can it survive indefinitely?

Failure of one server power supply

Primary purpose of a UPS during a lengthy power outage?

Keep systems running long enough to shut them down gracefully

Which file property is most often used to decide whether a file is backed up?

File attributes (archive bit)

Port aggregation provides greater throughput and .

Fault tolerance (link redundancy)

What three services can a server cluster provide?

Fault tolerance, load balancing, and failover

An active/passive NIC team primarily offers .

Fault tolerance

Which backup site classification is defined mainly by the time required to activate it?

Cold, warm, and hot sites differ in activation time

When comparing hard drives for RAID, which spec is most relevant to reliability?

MTBF – Mean Time Between Failures

Which RAID levels offer the least usable disk space while still being fault tolerant?

RAID 1 and RAID 10

Disk mirroring protects against drive failure; disk duplexing additionally protects against failure.

Controller

RAID levels providing fault tolerance without parity are .

RAID 1 and RAID 10

Which backup type does NOT clear archive bits?

Differential backup

Grandfather-Father-Son rotation consists of backups.

Monthly (grandfather), weekly (father), and daily (son)

A read-only copy of data taken at a precise moment is called a .

Snapshot

Which storage method avoids version skew during backup?

Snapshots

Full + daily incremental restore on Monday noon (full done Wednesday PM) requires how many jobs?

Six jobs (Wednesday full plus five incrementals)

Why can hard-drive incremental backups often restore in one job?

Because disks are random-access devices (no tape rewinding)

UPS, RAID 1, and clustering are fault-tolerance tools. Which is NOT?

SNMP

Datacenter PDUs differ from power strips chiefly because of .

Higher input/output capacity and more outlets (all of the above)

A firewall state backup includes its configuration – True or False?

True – state backup contains configuration data

Preferred datacenter fire-suppression agent today?

HFC-125 (clean-agent gas)

Concurrent Multipath Routing (CMR) supplies and .

Increased bandwidth and fault tolerance (and load balancing)

First Hop Redundancy Protocols dynamically change which host setting?

Default gateway

Give two examples of FHRPs.

VRRP and HSRP (also CARP)

Major drawback of full mesh switch redundancy without STP tuning?

Broadcast storms

Parallel redundant firewalls mainly provide and .

Fault tolerance and load balancing

Active-active redundant servers add which advantage over active-passive?

Increased performance through load balancing

Achieving full ISP link redundancy requires .

Different ISPs, different WAN links, and different routers

A DMZ is also called a or network.

Perimeter network or screened subnet

Windows Active Directory uses which authentication protocol?

Kerberos

Requiring a smartcard and a PIN is an example of authentication.

Multifactor

EAP is typically used with smartcards over remote access via .

EAP-TLS

AAA stands for .

Authentication, Authorization, and Accounting

What is Network Access Control (NAC) designed to enforce?

Health checks (patches, AV) before a device joins the network

802.1X roles: supplicant, authenticator, and .

Authentication server

In 802.1X, the supplicant is .

The client seeking access

Default transport protocols: RADIUS uses UDP; TACACS+ uses .

TCP

CIA triad – the ‘I’ stands for .

Integrity

A purposely vulnerable host used to lure attackers is called a .

Honeypot

Difference between vulnerability and exploit?

Vulnerability = weakness; exploit = code or method that takes advantage of that weakness

Security monitoring + automated analysis platform acronym?

SIEM (Security Information and Event Management)

Granting users only permissions they need exemplifies .

Least privilege (often via role-based access)

Zero-trust architecture is meant to limit movement.

Lateral

Defense-in-depth often combines firewalls, segmentation, and .

Separation of duties (or other layered controls)

Threat assessment estimates two key factors: and .

Likelihood and severity

The act of hiring outsiders to legally hack your network is called .

Penetration testing

Technology-based attack modifying packets in transit is an attack.

On-path (man-in-the-middle)

Changing VLAN tags to reach another VLAN is called .

VLAN hopping

Creating a rogue AP with same SSID for eavesdropping is an attack.

Evil twin

Malware that encrypts data and demands payment is known as .

Ransomware

Dictionary and brute-force are types of attacks.

Password-cracking

Tailgating and shoulder surfing are examples of .

Social engineering

MAC spoofing can bypass wireless filtering.

MAC

DNS poisoning primarily disrupts .

Name resolution (redirects users)

A botnet’s individual compromised computer is called a .

Zombie

DDoS that leverages legitimate servers to echo traffic is .

Reflective (often amplified) DDoS

Permanent DoS (PDoS) differs from typical DoS how?

It physically or logically damages the target so service cannot be restored without repair

Bluesnarfing steals data over .

Bluetooth

War chalking marks physical locations after reconnaissance.

War driving

EAP provides authentication framework; which variant uses TLS directly?

EAP-TLS

PEAP and EAP-FAST secure credentials by using .

Tunneled TLS sessions

Geofencing in Wi-Fi limits access based on .

Physical location / signal footprint

Disabling SSID broadcast offers weak security because attackers can .

Capture packets and read the SSID value

One secure alternative to Telnet for device administration is .

SSH

List two common default admin usernames on network OSes.

Administrator (Windows) and root (Linux/UNIX)

DAI relies on tables learned via DHCP snooping to block ARP spoofing.

IP-to-MAC binding

Flood guards in switches help stop attacks.

MAC flooding

Root guard protects against rogue advertisements.

Spanning Tree Protocol (STP)

File Integrity Monitoring primarily supports which compliance goal?

Demonstrating that sensitive files have not been altered (HIPAA/FISMA)

Digital signatures provide integrity and .

Non-repudiation (authentication of sender)

Encrypting with sender’s private key lets receiver verify .

That the message came from the claimed sender (non-repudiation)

Encrypting with recipient’s public key ensures .

Only the recipient can decrypt (confidentiality)

Firmware updates are patches applied to devices.

Hardware/embedded

Rolling back a patch means .

Uninstalling it and returning to the previous version

Wireless hardening tactics include encryption, auth, antenna placement and .

MAC filtering

ACLs on a router chiefly provide .

Authorization (permitting or denying traffic)

Server role separation means what?

Placing different critical services on separate servers/VMs to limit scope of compromise

Default firewall policy blocking everything unless allowed is called .

Implicit deny

Router Advertisement Guard protects against rogue messages affecting .

IPv6 default-gateway information

Which OS password setting blocks use of simple dictionary words?

‘Passwords must meet complexity requirements’

Disabling unused switch ports enhances security unless .

Ports are already isolated from users (e.g., no patch panel connection)

Which devices commonly ship with well-known default credentials?

Wireless APs, routers, and managed switches

Site-to-site vs. client-to-site describes two major categories of .

VPN connections

Out-of-band management means what?

Admin traffic travels on a physically or logically separate channel from user data

Badge readers, biometric locks, and access vestibules relate to security.

Physical

Asset disposal policy should include before discarding hardware.

Factory reset or secure wipe of data

What kind of DoS is created by zombies located worldwide?

Distributed Denial-of-Service (DDoS)

Attack that retransmits captured authentication packets is a attack.

Replay

‘Something you are’ authentication factor example

Fingerprint or retina pattern

‘Something you do’ authentication factor example

Unique finger gesture or typing pattern

Kerberos mitigates replay attacks using timestamps.

Time-stamped tickets and short lifetimes

Which protocol secures SNMP management traffic?

SNMP v3 (adds auth & encryption)

Control Plane Policing (CoPP) protects .

Router/switch CPU from traffic floods

Private VLANs help with inside a single broadcast domain.

Micro-segmentation / isolation of hosts

Changing the default VLAN away from VLAN 1 is a practice.

Switch hardening / best practice