Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
99 Cards in this Set
- Front
- Back
|
7 OSI Layers |
Application Presentation Session Transport Network Data Link Physical |
|
|
Presentation Layer does what with data from the application layer? |
Converts it into standard format that other layers can understand. |
|
|
Two layers within the Data Link Layer |
LLC - Logical Link Control MAC - Media Access Control |
|
|
What is a forwarding database on a switch? |
Stores and learns MAC address from incomming traffic on it's interfaces. |
|
|
ARP does what? |
Maps IP addresses to MAC addresses |
|
|
MAC addresses consist of how many bits? |
48 bits |
|
|
When do I need VLANS? |
When you have more than 200 devices on LAN, or a lot of broadcast traffic |
|
|
What is a trunk port? |
A trunk port allows multiple VLANs to traverse on a single interface. |
|
|
What is trunking? |
Trunking or link agregation is use to combine multiple trunk ports/links into a single logical interface for redundancy and increased bandwidth. |
|
|
Which MAC address does F5 select for the trunk? |
The MAC of the lowest-numbered interface in the trunk. |
|
|
How many hosts in a /27 subnet? |
30 |
|
|
Class B addresses start with which 2 binary numbers? |
1 and 0 in that order (10) |
|
|
What is the purpose of routing protocols? |
Routing protocols help routers share networks that they have available to remote routers/neighbours. They inturn recieve routes from neighbours and gain valuable insite into the network. |
|
|
Name 5 Dynamic routing protocls |
RIP, EIGRP, BGP, OSPF, IS-IS |
|
|
What causes fragmentation? |
Fragmentation occurs when a packet has to travel through a network segment which has a lower MTU than the original packet size. |
|
|
What happens to a fragmented packets to allow the recieving end to piece them back together? |
Each fragment is given a fragment ID, an Offset/Position and it must set the MF (More fragments) flag if it is NOT the last fragment. |
|
|
Destination & Source MAC address changes each time a packet encounters a layer 3 device True or false. |
True |
|
|
What is a Multicast Address and What is a Anycast Address? |
Multicast is one to many, Anycast is one to closest. |
|
|
What is the difference between MSS and MTU? |
MTU is network layer maximum packet size. MSS is transport layer maximum segment size. MSS is generally 40 bytes smaller than MTU to encompass the TCP/IP headers. |
|
|
UDP packets can never arrive out of order or not at all, True or False? |
False |
|
|
Why is positive acknowledgement with retransmission used? |
To guarantee reliability of packet transfers. |
|
|
Name the main cause for a RST packet to be sent? |
One half of the TCP connection is not responding to Keep Alives. |
|
|
What are the three TCP options fields? |
Option-Kind, Option-Length, Option-Data |
|
|
Which TCP options field specifies the type of TCP option? |
Option-Kind |
|
|
TCP checksum does what? |
Checks for errors in the data by adding them all together. |
|
|
Sequence numbers and acknowledgements allow TCP to ....... lost packets? |
Retransmit |
|
|
(Flow Control) TCP window size refers to the amount of data a client is willing to accept before it's buffer will fill up. True or False? |
True |
|
|
What is silly window syndrome? |
When a client sets the window size so small that it is only recieving TCP headers |
|
|
Lack of acknowledgements coupled with TCP timers, leads to a retransmit. This refers to Congestion Control. True or False? |
True |
|
|
What is the retrasmission timeout based upon with regards to Congestion Control? |
RTT between sender and reciever. Also Smooth RTT. |
|
|
Postponement of a TCP connection between client and server is called? |
Delayed Binding |
|
|
What are three common HTTP requests? |
GET, POST, HEAD |
|
|
What is the formatt of an HTTP request/response? |
initial line different for request vs response crlf header1 or more headers below crlf crlf optional message body |
|
|
Initial HTTP request line is? |
method name, local path, HTTP version eg. GET /index.html HTTP/1.1 |
|
|
Initial response line is? |
HTTP version, machine code, human message eg. HTTP/1.1 200 OK |
|
|
Status codes for HTTP responses? |
100 - information 200 - success 300 - redirect 400 - client error 500 - server error |
|
|
What request would you send via HTTP to see only the headers of a response? |
HEAD |
|
|
What request would you send via HTTP to send data to a server to be processed in someway? |
POST |
|
|
HTTP keep-alives and HTTP persistence is what? |
The reuse of a single TCP session to transfer multiple streams of data. |
|
|
SIP is used mostly for? |
Communications such as VoIP, teleconference and instant messaging |
|
|
FTP uses ports 20 for x and 21 for y? |
x = data y = command/control |
|
|
How is active different from passive FTP? |
In active FTP, the server opens a random port on the client. In passive mode, the client requests PASV, the server sends to the client via the command port a random 'x' port to transfer that the client can send data towards. |
|
|
Why would you use passive FTP over active? |
Because Active FTP can cause issue with firewalls and other security devices. |
|
|
How long will an SMTP server attempt to send mail before sending an error? Then finally returning the mail as undeliverable? |
4 hours 5 days |
|
|
What is a cookie? |
A cookie is a text file that a web server can store on a users hdd. It is used for tracking that users action on the website. |
|
|
How does a cookie work? |
The cookie file on the clients machine contains name-value pairs. The unique ID is linked and stored to a database on the server which lets websites remember what state your browser is in among other things. name-value pairs are simply a named piece of data. |
|
|
What is the process of name resolution from a clients perspective? |
1. User looks in host file 2. User checks local cache 3. User requests IP from its local DNS server 4. Local DNS server checks cache for entry, if nothing it will talk to root DNS server looking for authoratative name server for .com 5. Local DNS will ask for name server for google from the authoratative name server. 6. Local DNS will ask for the A record for www from the google name server. |
|
|
What is the syntax of a URL/URI? |
scheme://[user:password@domain:port/path?query_string#franment_id eg. https://www.google.com:443/index.html |
|
|
APM is what? |
Access Policy Manager, protects public-facing apps by providing policy based access and secure remote access as well as centralized AAA. |
|
|
What are LTM's three main features |
full proxy, load balancing, application health monitoring |
|
|
What is ASM? |
ASM Application Security Manager is to secure web applications using certified web application firewall and offer threat assessment and visibility. |
|
|
What is GTM? |
Global Traffic Manager ensures availability and access to aplpications using health checks and load balancing mehods to determine which site the user should access. |
|
|
What are iRules used for? |
To make use of extended capabilities of the BIGIP that are unavailable through GUI or CLI |
|
|
How does an iRule execute at wirespeed? |
By pre-compiling the script into byte-code. |
|
|
After iRules are created, what must be done? |
Apply them to a virtual server |
|
|
How are iRules network aware? |
With the use of events such as: when CLIENT_ACCEPTED |
|
|
What is the purpose of iApps and some advantages? |
iApp is a user-customizable framework for deploying applications. Easy editing, Cradle to Grave management, Strictness protects against accidental changes |
|
|
What are the three main components of iApps? |
Templates, Application Services and Analytics. |
|
|
What are templates used for in iApps? |
Templates guide authorized users through complex system configurations for many different types of applications. You can modify existing templates or create your own. |
|
|
iApps creates a unified, flexible and resilient pool of resources directly associated with an application or service which enables rapid network deployment, intergaration, management and visibility. True or False? |
True |
|
|
What are the core elements of a full proxy? |
Two seperate connections, one between client and proxy, one between server and proxy. A full proxy completely understands the protocols. |
|
|
Packet based proxies differ from full proxies how? |
Packet based proxies are not an endpoint for the communications, they just pass packets through. They may have a little understanding of protocols. |
|
|
What would be an advantage of a packet based proxy? |
Speed, they can only rewrite TCP IP addresses and ports. |
|
|
What does high availability refer to? |
Core system services being up and running on one or two of the BIGIP systems as well as a connection being available to send and recieve traffic on those devices. |
|
|
What feature enables HA to mirror configuration? |
ConfigSync |
|
|
F5 does not recommendActive-Active HA, Why? |
Because when each device has half the traffic, if one fails one device gets the full load and if not setup properly, this can overwhelm the device. |
|
|
What are the two types of HA monitoring done between a BIGIP cluster? |
hardwired cables and network |
|
|
What is contained in a HA traffic-group? |
A set of configuration objects such as floating self IP addresses and virtual IP addresses. |
|
|
Why loadbalance accross multiple servers? |
The incomming traffic might far excede the capacity of a single server. |
|
|
What kind of load-balancing method is Round Robin, how does it work and when should you use it? |
Round robin static. It is the default method and each new connection is passed to the next available pool member evenly. It should be used if the servers are all roughly equal in processing speed and memory. |
|
|
What kind of load-balancing method is 'Ratio', how does it work and when should you use it? |
Static, Ratio works by sending traffic in rotation to servers according to a pre-defined ratio/weight assigned by the administrator. You should use it when servers are unequal in processing speed and memory. |
|
|
How does the 'Least Connections' load balancing technique work, when should you use it? |
LTM passes each new connection to the pool member or node that has the least number of active connections. This works best in environments where servers have similar capabilities. |
|
|
What is the difference between Persistent Connections and Persistence? |
Persistent Connections refers to HTTP using the same TCP session for multiple requests. Persistence refers to load balancing requests from the same client to the same server. |
|
|
What kind of security model is whitelisting? |
Positive |
|
|
What kind of security model is virus protection |
Negative |
|
|
What is the difference between Positive and Negative security? |
Positive defines what is 'allowed'. Negative defines what is NOT 'allowed'. |
|
|
Benefits and shortcommings of Positive Security? |
You can block 0-day attacks and unknown attacks generally but requires a lot of administration and can result in blocking false positives (business traffic) |
|
|
Benefits and shortcommings of Negative Security? |
It can be deplayed rapidly, uncomplicated but vulnerable to 0-day attacks. |
|
|
What is the purpose of digital signing? |
A valid digital signature provides authentication and integrity |
|
|
Why do we use encrpytion, what 3 technical things and 1 legal thing do we need to ensure when transfering untrusted medium? |
Authentication - Conivince reciever of sender Privacy/Confidentiality Integrity - Data cannot be tampered with Non-repudiation - Proof to a third party that the sender did indeed send it. |
|
|
What is a root certificate? |
Root certificates are created by the root CA's and are used to issue chain certificates to issuing CA's. Browsers will trust all certs that have been signed by any root that is embeded in the browser itself. |
|
|
Describe the certificate chain. |
Root CA's sign issuer CA's certs, issuing CA's sign certs for websites to allow end users browsers to check the websites authenticity. |
|
|
Describe symmetric encryption. |
Uses only private keys to input into an algorithm which encrypts data. Only the people who hold this private key can decrypt the data. |
|
|
Describe asymmetric encryption. |
Key pair of public and private. If the public key is used to encrypt data, only the private key can decrypt it. The other way around, if private encrypts data, any one with the public key can decrypt and therefore validate that the data came from a specific source. |
|
|
Why do we need to authenticate? |
If we do not authenticate with the other party, we could recieve false information or be attacked by man in the middle attacks etc. |
|
|
What are the advantages of Single Sign On? |
Reduces the number of passwords and IDs that users need to remember. It also adds authorization, meaning that users may only be able to access low level information before needing to put in a higher security password etc. |
|
|
What is Mulifactor authentication? |
A layered security approach to verify the legitimacy of a transaction. May require 2-3 different types of authentication. eg. what the user knows (password), a token of some kind and biometric reading. |
|
|
What is the value of Authentication in AAA? |
Authentication is the first step and without it the other 2 A's are redundant. You must first authenticate a users identity to ensure the legitimacy of their login. This is usually done by username and password. |
|
|
What is an IPSec VPN? |
An IPSec VPN is a layer 3 VPN generally used for site-to-site connectivity over an untrusted medium. IPSec supports authentication, data origin authentication, integrity, confidentiality and replay protection. |
|
|
What is an SSL VPN? |
SSL VPN's work at layer 7 of the OSI model. They are much more scalable, manageable and less overhead intesive in everyway. They increase productivity, lower costs and broaden security. |
|
|
Why would you use SSL more often in todays workforce? |
Because the office has expanded to the entire world. The security border has stretched far beyond the buildings of the company. Thus the need for granular secure VPN's has superseeded the permanent IPSec VPN's. |
|
|
When would you use a hardware based ADC over software? |
F5 hardware is purposefully built to provide high performace for application delivery. If you need to provide SSL offloading to hardware or compression. |
|
|
When would you use virtual F5 software over a hardware applicance? |
For greater scalability, flexibility and quick deployment. They are cheaper and provide all the advantages of vitualization |
|
|
Sessions at the application layer are a channel in which client and server communicate. This session can be tied to one or more .... sessions. Sessions are ...., in effect storing info, variables and parameters assigned and only valid for that session |
TCP, stateful |
|
|
Name 2 persistence methods? |
Cookie persistence and Source address (simple) |
|
|
What is the act of sending multiple requests in a row without a responseduring data transfer via HTTP? |
Pipelining |
|
|
What are the different nodes/places that HTTP caches can be accessed from? |
Client, forward proxy cache, load balancer cache, dedicated server cache. |
|
|
What is the act of reducing text based responses from a server at the load-balancer called? |
HTTP Compression |
|
|
What is the most common reason for using SNAT? |
The servers do not use the BIGIP as the default gw. |
