Network+ N10-009 3.0 Network Operations

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/57

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

58 Terms

1
New cards
Documentation(Physical vs. logical diagrams)

  • Physical shows actual devices and cabling, while logical shows network flow and relationships

  • Physical shows IP and subnet mask

  • Logical are high level view (WAN layout, application flow)

2
New cards
Documentation(Rack diagrams)

  • Visual layout of equipment placement in a rack

    • Good when physical access is limited

  • Might have rack components labeled as well so we can tell them instructions on where on the rack they need to perform actions on

3
New cards
Documentation(Cable maps and diagrams)

  • Documentation showing how cables connect devices and paths

  • Shows network drops and the number of it and where it goes in the IDF or MDF

4
New cards
Documentation(Network diagrams)

  • Layer 1 shows physical connections and interface, Layer 2 shows switching and VLANs and mac addresses, Layer 3 shows IP addressing and routing and subnet masks

5
New cards
Documentation(Asset inventory)

  • Hardware, software, licensing, and warranty support tracked for network resources

  • Tag all items with barcode, RFID, etc

  • Have an asset database that contains all fields about an asset

6
New cards
Documentation(IP address management (IPAM))

  • System for planning, tracking, and managing IP address usage

  • Increase/decrease the amount of IP addresses available

  • Control reservation times

7
New cards
Documentation(Service-level agreement (SLA))

  • Contract that defines expected service performance and availability

  • Uptime, response time agreement, etc

  • If techs will be dispatched if there are problems

  • May require customer to keep spare equipment on site

8
New cards
Documentation(Wireless survey/heat map)

  • Assessment that shows wireless coverage, signal strength, and interference

9
New cards
Life-cycle management(End-of-life (EOL))

  • Stage where a piece of hardware or software is no longer coming out with version updates

  • May continue to provide security patches and updates

  • May provide warranty repair

10
New cards
Life-cycle management(End-of-support (EOS))

  • Stage where vendor no longer provides updates or fixes

  • Current version is the final version

  • Security concern

11
New cards
Life-cycle management(Software management)

  • Includes applying patches, maintaining operating systems, and updating firmware

  • Monthly updates for features, bugs, and security updates

  • Emergency out-of-band updates for emergency security concerns

  • Network, user settings, OS settings, etc

  • Firmware updates can be done over the network or physically connect to the device

    • Save firmware binaries just in case of incompatibilities on new versions

12
New cards
Life-cycle management(Decommissioning)

  • Proper removal and disposal of outdated or unused network equipment

  • Sanitize media or destroy hardware

  • Can be a legal issue to destroy information to early, be careful

  • Don’t place anything with critical information in the trash

13
New cards
Change management(Request process tracking/service request)

  • Formal system to submit, review, and track network change requests

  • Often overlooked

  • Policies can contain things like: frequency, duration, installation process, and fallback procedures

  • Best managed with tickets

14
New cards
Configuration management(Production configuration)

  • The most current running configuration

    • Everyone uses this config

  • Covers all aspects: hardware, firmware, software versions, device driver versions, updates

  • Tested a lot before installation

15
New cards
Configuration management(Backup configuration)

  • Known working config just in case production config has issues

  • Copy files, create a snapshot of a VM, etc

16
New cards
Configuration management(Baseline/golden configuration)

  • A “checklist” that says, if all of these things work, the application will work as expected

  • Can be updated if the production config is working and a new feature should be considered baseline

17
New cards

Methods(SNMP/Simple Network Management Protocol)

  • A database of data (MIB) - management information base

  • The database contains object identifiers (OIDs)

  • Port UDP/161

  • v2c

    • Data type enhancements, bulk transfers, non-encrypted

  • v3

    • current standard. message integrity checks, authentication, and encryption

  • MIB walkers can scan for all OID devices on a network and all related information

  • Traps allow you to configure client devices to ping the MIB or another SNMP monitoring device if a certain threshold is crossed (like too many errors too quickly)

    • UDP/162

  • Community strings are passwords that grant you access to SNMP data on a device. Can have multiple strings for different actions like reading, writing, or traps

    • In SNMP v3, community strings were replaced with passwords that are hashed before being sent over the network

18
New cards
Methods(Flow data)

  • Information about traffic patterns collected from network devices

19
New cards
Methods(Packet capture)

  • Process of collecting and analyzing raw network packets

  • Think wireshark

20
New cards
Methods(Baseline metrics)

  • Normal performance measurements used for comparison and anomaly alerting

21
New cards
Methods(Log aggregation)

  • Centralized collection of logs, often using syslog collectors and SIEM tools

22
New cards
Methods(Application programming interface (API) integration)

  • Allows systems to interact programmatically for monitoring and automation

23
New cards
Methods(Port mirroring)

  • Technique that copies network traffic from one port to another for analysis

24
New cards
Solutions(Network discovery)

  • Identifying devices and connections through ad hoc or scheduled scans

  • Scheduled means on a schedule while ad hoc means as necessary

25
New cards
Solutions(Traffic analysis)

  • Examining data flows to understand usage and detect issues

26
New cards
Solutions(Performance monitoring)

  • Measuring speed, latency, and throughput of network services

  • SNMP, NetFlow, protocol analysis, software agent, etc

27
New cards
Solutions(Availability monitoring)

  • Checking uptime and responsiveness of network resources

  • Is something up or down?

  • Short or long term reporting

28
New cards
Solutions(Configuration monitoring)

  • Tracking changes and compliance in device settings

  • Back these files up

  • Can vary by firmware or OS version

29
New cards

DR metrics(Disaster Recovery Plan (DRP))

  • Detailed plan for resuming operations after a disaster

  • Backups, off-site data replication, cloud alternatives, remote sites, etc

  • 3rd party options

30
New cards
DR metrics(Recovery point objective (RPO))

  • Maximum acceptable data loss measured in time

  • How far back in time does data go?

  • Defined by how much data would normally be collected in that time

31
New cards
DR metrics(Recovery time objective (RTO))

  • Target time to restore services after an outage

  • Best to be near-zero

  • Defining a normal amount of time to get to a certain service level

32
New cards
DR metrics(Mean time to repair (MTTR))

  • Average time required to fix a failed component

    • Full failure to full functionality

33
New cards
DR metrics(Mean time between failures (MTBF))

  • Predicted time between hardware or system failures

34
New cards
DR sites(Cold site)

  • Facility with no pre-installed equipment, requiring full setup

35
New cards
DR sites(Warm site)

  • Facility with some infrastructure and data ready, but partial setup needed

36
New cards
DR sites(Hot site)

  • Fully equipped and operational backup location ready for immediate use

  • Exactly the same to the original site (ideally)

37
New cards
High-availability approaches(Active-active)

  • Multiple sites handle traffic simultaneously for redundancy

  • Configs and session information is copied between the two

  • More complex to set up

38
New cards
High-availability approaches(Active-passive)

  • One site/device is active while another waits on standby for failover

  • Configs and session information is copied between the two

39
New cards
Testing(Tabletop exercises)

  • Discussion-based simulations of incident response or disaster recovery plans

40
New cards
Testing(Validation tests)

  • Practical checks to confirm network systems or recovery methods work as intended

  • Don’t touch production systems

  • Helps document what worked and what needs to be fixed

41
New cards
Dynamic addressing(DHCP)

  • Provides automatic IP assignment with options for reservations, scopes, lease times, options, relay/IP helpers, and exclusions

  • DORA

    • Discover: Find a DHCP server

    • Offer: Get an offer from a DHCP server

    • Request: Lock in the offer

    • Acknowledge: DHCP server confirms

  • Relays/IP helpers allow you to send information to another subnet even when you don’t have an IP address yet. This is to help infrastructure have redundant DHCP servers

42
New cards

Configs on the DHCP server

  • Scope: Range of IP addresses that can be handed out

  • Subnet mask

  • Lease durations

    • T1 timer renewal at 50%

    • T2 timer rebinding at 87.5%

  • DNS server

  • Default gateway

  • VOIP servers

  • Exceptions for static IPs, etc

43
New cards
Dynamic addressing(Stateless address autoconfiguration (SLAAC))

  • IPv6 method that allows devices to assign themselves addresses without a server

  • An IPv6 device generates its own address using the network prefix from a router’s Router Advertisement (RA) and combines it with a unique interface identifier (often based on the device’s MAC address or a randomly generated value). No DHCP server is needed. Devices also use RA messages to learn the default gateway and other network info.

  • Before using the address, it runs Duplicate Address Detection (DAD) to make sure no other device on the network is using it. If no duplicate is found, the address is assigned to the interface.

44
New cards
Name resolution(DNS)

  • System for translating names to IP addresses with features like DNSSEC, DoH/DoT, record types (A, AAAA, CNAME, MX, TXT, NS, PTR), zone types (forward, reverse), authoritative vs. non-authoritative, primary vs. secondary, and recursive resolution

45
New cards
Name resolution(Hosts file)

  • Local text file that maps hostnames to IP addresses

46
New cards
Time protocols(NTP)

  • Protocol for synchronizing device clocks over the internet

47
New cards
Time protocols(Precision Time Protocol (PTP))

  • Provides highly accurate time synchronization over local networks

48
New cards
Time protocols(Network Time Security (NTS))

  • Enhances NTP with authentication and encryption for secure time sync

49
New cards
Site-to-site VPN

  • Encrypted tunnel connecting entire networks across the internet

50
New cards
Client-to-site VPN

  • Encrypted tunnel connecting a single user device to a network

51
New cards
Client-to-site VPN(Clientless)

  • Remote access through a browser without dedicated VPN software

52
New cards
Client-to-site VPN(Split tunnel vs. full tunnel)

  • Split allows some traffic to bypass VPN, while full sends all traffic through VPN

53
New cards
Connection methods(SSH)

  • Secure command-line access protocol for remote management

54
New cards
Connection methods(Graphical user interface (GUI))

  • Visual interface for managing devices

55
New cards
Connection methods(API)

  • Programming interface for interacting with systems and devices

56
New cards
Connection methods(Console)

  • Direct physical or serial connection to a device for configuration

57
New cards
Jump box/host

  • Intermediate secure system used to access devices in a protected network

58
New cards
In-band vs. out-of-band management

  • In-band uses production network for management, while out-of-band uses a separate dedicated pat