04. Protocols Terms

Question 1

In the context of IPsec, a type of encryption that provides authentication of the IP packet’s data payload through public key techniques.

Answer 1

AH (authentication header)

Question 2

A core protocol in the TCP/IP suite that functions in the data link layer of the OSI model. ARP works in conjunction with IPv4 to discover the MAC address of a node on the local network and to maintain a database that maps local IP addresses to MAC addresses.

Answer 2

ARP (Address Resolution Protocol)

Question 3

A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer’s hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.

Answer 3

ARP table

Question 4

A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the cipher text.

Answer 4

asymmetric encryption

Question 5

The process of ensuring that an entity (such as a user, device, or application) is who they say they are.

Answer 5

authentication

Question 6

An entity that issues and maintains digital certificates as part of the PKI (publickey infrastructure).

Answer 6

CA (certificate authority)

Question 7

A Cisco proprietary standard used by networking devices, such as routers and switches, to discover neighboring networking devices along with information about those devices, such as configurations or capabilities.

Answer 7

CDP (Cisco Discovery Protocol)

Question 8

A method of error checking that determines if the contents of an arriving data unit match the contents of the data unit sent by the source.

Answer 8

checksum

Question 9

A three-tenet, standard security model describing the primary ways that encryption protects data. Confidentiality ensures that data can only be viewed by its intended recipient or at its intended destination. Integrity ensures that data was not modified after the sender transmitted it and before the receiver picked it up. Availability ensures that data is available to and accessible by the intended recipient when needed.

Answer 9

CIA (confidentiality

Question 10

A VPN accessed by the client system through a limited, web-based connection using a browser and secured by SSL/TLS.

Answer 10

clientless VPN

Question 11

A type of VPN in which clients, servers, and other hosts establish tunnels with a private network using a VPN gateway at the edge of the private network.

Answer 11

client-to-site VPN

Question 12

A small file containing verified identification information about an entity and the entity’s public key.

Answer 12

digital certificate

Question 13

A standard that uses the SSL/TLS-secured HTTPS protocol to secure DNS resolution requests using the default HTTPS port 443.

Answer 13

DoH (DNS over HTTPS)

Question 14

A standard that uses SSL/TLS to secure DNS resolution requests with a default port of 853.

Answer 14

DoT (DNS over TLS)

Question 15

A record in an ARP table that is created when a client makes an ARP request that cannot be satisfied by data already in the ARP table.

Answer 15

dynamic ARP table entry

Question 16

The use of an algorithm called a cipher to scramble data into a format that can be read only by reversing the cipher—that is, by deciphering or decrypting the data—to keep the information private.

Answer 16

encryption

Question 17

In the context of IPsec, a type of encryption that provides authentication of the IP packet’s data payload through public key techniques and encrypts the entire IP packet for added security.

Answer 17

ESP (Encapsulating Security Payload)

Question 18

The most common Ethernet standard today. Ethernet II is distinguished from other Ethernet frame types in that it contains a 2-byte type field to identify the upper-layer protocol contained in the frame.

Answer 18

Ethernet II

Question 19

A type of VPN that captures all network traffic, whether destined for the Internet or for the remote network.

Answer 19

full tunnel VPN

Question 20

A tunneling protocol developed by Cisco that is used to transmit IP and other kinds of messages through a tunnel.

Answer 20

GRE (Generic Routing Encapsulation)

Question 21

The trip a unit of data takes from one connectivity device to another. Typically, hop is used in the context of router-to-router communications.

Answer 21

hop

Question 22

A switch management option, such as Telnet, that uses the existing network and its protocols to interface with a switch.

Answer 22

in-band management

Question 23

A layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. IPsec is an enhancement to IPv4 and is native to IPv6.

Answer 23

IPsec (Internet Protocol Security)

Question 24

A setting on Ethernet network devices that allows the creation and transmission of extra-large frames, which can be as large as just over 9,000 bytes.

Answer 24

jumbo frame

Question 25

A series of characters that is combined with a block of data during that data’s encryption or decryption.

Answer 25

key

Question 26

The process of enforcing standards for all phases of a key’s life cycle.

Answer 26

key management

Question 27

The name for a MAC address on an IPv6 network.

Answer 27

link-layer address

Question 28

A vendor-neutral standard used by networking devices, such as routers and switches, to discover neighboring networking devices along with information about those devices, such as configurations or capabilities.

Answer 28

LLDP (Link Layer Discovery Protocol)

Question 29

The largest IP packet size in bytes that routers in a message’s path will allow without fragmentation and excluding the frame.

Answer 29

MTU (maximum transmission unit)

Question 30

A data link layer protocol that works with ICMPv6 to detect neighboring devices on an IPv6 network, helps manage the SLAAC (stateless address autoconfiguration) process, and oversees router and network prefix discovery.

Answer 30

NDP (Neighbor Discovery Protocol)

Question 31

A TCP/IP troubleshooting utility that displays statistics and details about TCP/IP components and connections on a host. It also lists ports, which can signal whether services are using the correct ports.

Answer 31

netstat

Question 32

A dedicated connection (either wired or wireless) from the network administrator’s computer used to manage each critical network device, such as routers, firewalls, servers, power supplies, applications, and security cameras.

Answer 32

OOBM (out-of-band management)

Question 33

A software package or hardware-based tool that can capture data on a network.

Answer 33

packet sniffer

Question 34

The use of certificate authorities to associate public keys with certain entities.

Answer 34

PKI (public-key infrastructure)

Question 35

A type of key encryption in which the sender and receiver use a key to which only they have access. Also known as symmetric encryption.

Answer 35

private key encryption

Question 36

A repeated trial message transmitted by the tracert and traceroute utilities to trigger routers along a route to return specific information about the route.

Answer 36

probe

Question 37

A software package or hardware-based tool that can capture and analyze data on a network.

Answer 37

protocol analyzer

Question 38

A form of key encryption in which data is encrypted using two keys: One is a key known only to a user (that is, a private key), and the other is a key associated with the user and that can be obtained from a public source, such as a public key server. Public key encryption is also known as asymmetric encryption.

Answer 38

public key encryption

Question 39

A method for connecting and logging on to a server, LAN, or WAN from a workstation that is in a different geographical location.

Answer 39

remote access

Question 40

Graphical-based access to a remote computer’s desktop.

Answer 40

remote desktop connection

Question 41

A certificate signed by the entity that creates it rather than by a trusted, third-party CA (certificate authority).

Answer 41

self-signed certificate

Question 42

A type of VPN (virtual private network) in which VPN gateways at multiple sites encrypt and encapsulate data to exchange over tunnels with other VPN gateways. Meanwhile, clients, servers, and other hosts on a site-to-site VPN communicate with the VPN gateway.

Answer 42

site-to-site VPN

Question 43

A type of VPN that captures only the traffic destined for the remote network. The client can communicate with local network resources directly and with Internet resources through a local Internet connection.

Answer 43

split tunnel VPN

Question 44

The act of impersonating fields of data in a transmission, such as when a source IP address is impersonated in a DRDoS (distributed reflection denial of service) attack.

Answer 44

spoofing

Question 45

A record in an ARP table that someone has manually entered using the ARP utility.

Answer 45

static ARP table entry

Question 46

A method of encryption that requires the same key to encode the data as is used to decode the cipher text.

Answer 46

symmetric encryption

Question 47

A free, command-line packet sniffer utility that runs on Linux and other UNIX operating systems.

Answer 47

tcpdump

Question 48

Software that allows a user on one computer, called the client, to control another computer, called the host or server, across a network connection.

Answer 48

terminal emulator

Question 49

A file server used to remotely boot devices that don’t have their own hard drives, to collect log files from devices, or to back up and update network device configuration files.

Answer 49

TFTP server

Question 50

A three-step process in which transport layer protocols establish a connection between nodes.

Answer 50

three-way handshake

Question 51

A TCP/IP troubleshooting utility available in Linux, UNIX, and macOS systems that sends UDP messages to a random port on the destination node to trace the path from one networked node to another, identifying all intermediate hops between the two nodes.

Answer 51

traceroute

Question 52

A Windows utility that uses ICMP (Internet Control Message Protocol) echo requests to trace the path from one networked node to another, identifying all intermediate hops between the two nodes.

Answer 52

tracert

Question 53

A virtual connection between a client and a remote network, two remote networks, or two remote hosts over the Internet or other types of networks, to remotely provide network resources.

Answer 53

VPN (virtual private network)

Question 54

A VPN gateway that manages multiple tunnels from individual VPN clients.

Answer 54

VPN headend