08. Network Segmentation Terms

Question 1

The IEEE standard that specifies how VLAN and trunking information appears in frames and how switches and bridges interpret that information.

Answer 1

802.1Q

Question 2

The interface on a switch used for an endpoint. Devices connected via this manner are unaware of VLAN information.

Answer 2

access port

Question 3

A VM in a public subnet that can be remotely logged into and given privileged access to resources in a private subnet in the same VPC. Also called a jump box.

Answer 3

bastion host

Question 4

A distributed storage structure that allows customers to store files in locations closer to where their users are located.

Answer 4

CDN (content delivery network)

Question 5

A high-bandwidth link designed to support direct connections between data centers.

Answer 5

DCI (data center interconnect)

Question 6

A preconfigured VLAN on a switch that cannot be renamed or deleted.

Answer 6

default VLAN

Question 7

Networking resources that take advantage of globally distributed infrastructure and smaller data centers or partner network resources to deliver data and services closer to users before entering the public Internet infrastructure.

Answer 7

edge computing

Question 8

An endpoint device or the device at the connection between networks.

Answer 8

edge device

Question 9

A storage networking architecture that runs separately from Ethernet networks to maximize speed of data storage and access.

Answer 9

FC (Fibre Channel)

Question 10

A technology that allows FC to travel over Ethernet hardware and connections.

Answer 10

FCoE (Fibre Channel over Ethernet)

Question 11

The first four blocks or 64 bits of an IPv6 address that normally identify the network. Also called site prefix.

Answer 11

global routing prefix

Question 12

A storage networking architecture that serves a few niche markets and falls on the difficult end of the installation and configuration spectrum.

Answer 12

IB (InfiniBand)

Question 13

A virtual gateway device that provides a connection between internal, private resources and the public Internet.

Answer 13

IG (Internet Gateway)

Question 14

OT (operational technology) systems connected to the Internet.

Answer 14

IIoT (Industrial Internet of Things)

Question 15

An IP address or broadcast address configured on a relay agent to direct UDP messages in support of UDP forwarding for centralized network services, such as DHCP, DNS, NTP, and TFTP.

Answer 15

IP helper address

Question 16

A transport layer protocol used by SANs that runs on top of TCP to allow fast transmission over LANs, WANs, and the Internet.

Answer 16

iSCSI (Internet SCSI)

Question 17

A VM in a public subnet that can be remotely logged into and given privileged access to resources in a private subnet in the same VPC. Also called a bastion host.

Answer 17

jump box

Question 18

A process of encapsulating layer 2 headers deeper within a packet, adjacent to higher layer headers.

Answer 18

layer 2 encapsulation

Question 19

The application of granular network zoning and object-level security for individual resources.

Answer 19

micro-segmentation

Question 20

The provision of multiple connections between servers and storage devices in a SAN (storage area network) to ensure quick failover and high-performance load balancing.

Answer 20

multipathing

Question 21

A specialized storage device or group of storage devices that provides centralized, fault-tolerant file system storage and relies on network infrastructure to provide file access.

Answer 21

NAS (network attached storage)

Question 22

A logical appliance that performs NAT functions, providing filtered, protected access from resources in the private subnet to services on the Internet.

Answer 22

NAT gateway

Question 23

A cloud-based subnet in which hosted resources are protected from Internet traffic.

Answer 23

private subnet

Question 24

A server acting as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.

Answer 24

proxy server

Question 25

A cloud-based subnet in which hosted resources are provided a direct route to the Internet.

Answer 25

public subnet

Question 26

A networking device (such as a router or firewall) configured to support UDP forwarding.

Answer 26

relay agent

Question 27

An area on the perimeter of a network that is surrounded by two firewalls—an external firewall porous enough to allow more types of traffic, and a hardened internal firewall that provides greater protection to the internal network. Formerly called DMZ (demilitarized zone).

Answer 27

screened subnet

Question 28

The first four blocks or 64 bits of an IPv6 address that normally identify the network. Also called global routing prefix.

Answer 28

site prefix

Question 29

A logical interface on a router that logically segments a single physical interface.

Answer 29

subinterface

Question 30

A virtual interface on a switch used to handle inter-VLAN routing for all traffic directed at the switch’s virtual interface VLANs.

Answer 30

SVI (switch virtual interface or switched virtual interface)

Question 31

A VLAN identifier added to a frame’s header according to specifications in the 802.1Q standard.

Answer 31

tag

Question 32

The interface on a switch capable of managing traffic from multiple VLANs.

Answer 32

trunk port

Question 33

The aggregation of multiple logical connections in one physical connection between connectivity devices. In the case of VLANs, a trunk allows switches to manage and exchange data between multiple VLANs across a single interface.

Answer 33

trunking

Question 34

A network segment with strict rules for filtering traffic and no direct access to the Internet. Also called a private zone.

Answer 34

trusted zone

Question 35

The ability of a router, firewall, layer 3 switch, or other relay agent to forward UDP traffic to support centralized network services such as DHCP, DNS, NTP, and TFTP.

Answer 35

UDP forwarding

Question 36

Any network segment outside an organization’s control, such as the Internet. Also called a public zone or WAN zone.

Answer 36

untrusted zone

Question 37

A network within a network that is logically defined by grouping ports on a switch so that some of the local traffic on the switch is forced to be routed, thereby limiting the traffic to a smaller broadcast domain.

Answer 37

VLAN (virtual local area network or virtual LAN)

Question 38

An attack in which the attacker generates transmissions that appear, to the switch, to belong to a protected VLAN.

Answer 38

VLAN hopping

Question 39

A subnetting method that allows subnets to be further subdivided into smaller and smaller groupings until each subnet is about the same size as the needed IP address space.

Answer 39

VLSM (Variable Length Subnet Mask)

Question 40

A VLAN designed specifically to support VoIP traffic, which requires high bandwidths, priority over other traffic, flexible routing, and minimized latency.

Answer 40

voice VLAN

Question 41

A software-defined portion of a larger, cloud-based network.

Answer 41

VPC (virtual private cloud)

Question 42

A transport layer segmentation technology that inserts the MAC address next to the UDP header, essentially creating a layer 2 network overlay above layer 3.

Answer 42

VXLAN (virtual extensible LAN)