Modern Network Environments

Question 1

What is Syslog?

Answer 1

Syslog a standardized protocol that is used widely on network devices and servers to send status, diagnostic, and event information from network nodes to a centralized server.

A syslog agent or process runs on these devices and can be configured to send syslog messages to a centralized server | Depending on the Syslog server implementation used, the server may provide data analysis, log aggregration and search functions, and alerting.

Question 2

What is the main purpose of software-defined networking?

Answer 2

To separate the control plane from the data plane

This separation allows for centralized management and control of network devices.

Question 3

What does the data plane refer to in networking?

Answer 3

The data plane is responsible for moving data through the network

It is distinct from the control plane, which makes decisions about data movement.

Question 4

What is the control plane responsible for?

Answer 4

The control plane decides how data moves through the network

It involves examining incoming data against routing tables to choose the best path.

Question 5

Key Components of SDN

Answer 5

• Controller – The brain that decides how traffic flows
• Switches/Routers – The muscles that follow instructions
• Apps – Tools that tell the controller what’s needed

Question 6

In traditional networking, what are the two main jobs of hardware devices like switches and routers?

Answer 6

In traditional networking, the (2) main jobs of hardware devices are:

• Moving data through the network
• Deciding how the data moves through the network

Question 7

SDN vs Traditional Networking

Answer 7

• Traditional: each device (router/switch) makes its own decisions
• SDN: a central controller makes decisions for all devices.

Analogy: SDN is like a city where one traffic control center manages all traffic lights, instead of each light acting on its own.

Question 8

What is the backhaul in traditional networking?

Answer 8

Backhaul the process of routing branch or remote client traffic services through a central office, or data center before reaching cloud services

This can lead to congestion and poor performance | SDN is the solution for this type of issue.

Question 9

What are some benefits of SDN?

Answer 9

• Easy to automate
• Centralized control
• Flexible and scalable
• Improves network agility and security
• Great for cloud and virtual environments

Question 10

What is application awareness in software-defined networking?

Answer 10

The ability to filter and prioritize traffic based on the application making a request

This allows for better traffic management compared to traditional networking.

Question 11

What is zero-touch provisioning?

Answer 11

Zero-touch provisioning an automated process that allows network devices to configure themselves with minimal, or no manual intervention once powered on and connected to a network

This feature enhances efficiency in managing network devices.

Question 12

What is centralized policy management in software-defined networking?

Answer 12

Centralized policy management allows for consistent application of policies across the network, reducing the chance of human-errors from manual configurations

Question 13

What does transport agnosticism mean in software-defined networking?

Answer 13

Transport agnosticism means the network can operate independently of the underlying transport technologies without being tied to any specific one

This flexibility allows SDN to dynamically route traffic across diverse mediums based on performance, cost, or policy, rather than physical constraints.

Question 14

What is the role of the application in software-defined networking?

Answer 14

To configure devices and provide an interface for administrators

It collects statistics and manages network configurations.

Question 15

What is the main advantage of using a single dashboard in SD-WAN?

Answer 15

Single dashboard centralizes control and reduces complexity in managing all connections and devices in the network

Question 16

What is the main function of a controller in software-defined networking?

Answer 16

Its function is to process information from the application and decide how packets should be routed

It translates commands from the application into configuration for physical devices.

Question 17

What is one of the key benefits of SD-WAN for remote users?

Answer 17

One key benefit is providing direct connections to cloud services for users without routing traffic through the main office

This improves application performance and user experience.

Question 18

True or false: In software-defined networking, the physical networking devices are configured directly by administrators.

Answer 18

FALSE

They are configured through a central application and controller.

Question 19

What is Virtual eXtensible Local Area Network (VXLAN)?

Answer 19

VXLAN a network virtualization technology that encapsulates layer 2 ethernet frames into layer 3 packets, tunneling layer 2 addresses inside layer 3 traffic

This allows for the creation of virtual networks that can span across multiple physical networks.

Question 20

What are the main parts of VXLAN?

Answer 20

• Overlay Network –
  Virtual Layer 2 network
• Underlay Network –
  Physical Layer 3 transport (IP)
• VNI (VXLAN Network Identifier) –
  24-bit tag for each virtual segment
• VTEP (Virtual Tunnel Endpoint) – Encapsulates and decapsulates traffic

Question 21

How does VXLAN work?

Answer 21

• A VM sends a packet to another VM.
• The Virtual Tunnel Endpoint (VTEP) wraps the Ethernet frame in a UDP/IP packet.
• It travels across the Layer 3 network.
• The destination VTEP unwraps it and delivers it locally.

Question 22

True or false: VXLAN allows for a theoretical maximum of 16 million VLANs.

Answer 22

TRUE

This is a significant increase compared to the traditional VLAN limit of 4096.

Question 23

What is Data Center Interconnect (DCI)?

Answer 23

DCI a high-capacity networking technology that links two or more data centers to enable seamless data sharing, workload mobility, backup, and disaster recovery across geographic locations.

Question 24

What is Zero Trust Architecture (ZTA)?

Answer 24

ZTA a cybersecurity framework that assumes no user, device, or system—inside or outside the network—should be trusted by default

Every access request must be continuously verified based on identity, context, and risk

Question 25

What is the significance of **policy-based authentication** in ZTA?

Answer 25

**Policy-based authentication** eliminates the concept of implicit trust based on network location; it requires **continuous verification** of user identity, device posture, location, and other real-time signals before access is permitted. ## Footnote Policy-based authentication ensures that access to resources is granted only after a rigorous evaluation of multiple contextual factors.

Question 26

What is **authorization** in ZTA?

Answer 26

**Authorization** the process of determining whether a user, device, or application has the **explicit right to access** a specific resource—based on dynamic, context-aware policies rather than static trust assumptions

Question 27

What are some key components of **Identity and Access Management** in ZTA?

Answer 27

* Identity governance * Logging and auditing * Multi-factor authentication ## Footnote These components help in verifying identities and maintaining security.

Question 28

What is **Secure Access Service Edge** (SASE)?

Answer 28

**SASE** merges *networking* (like SD-WAN) and *security* (like firewalls, Zero Trust) into **one** cloud-delivered service.

Question 29

List the components of **SASE**.

Answer 29

* SD-WAN - smart routing across networks * Secure web gateway - filters harmful web traffic * Firewall as a Service - cloud based firewall * Cloud access security broker (CASB) - protects cloud app usage * Zero trust network access (ZTNA) - verifies every user/device ## Footnote These components work together to secure cloud services and network access.

Question 30

What advantage does **SASE** provide in terms of network performance?

Answer 30

Increases network performance by eliminating backhaul ## Footnote Direct connections to the cloud from clients enhance speed and efficiency.

Question 31

What is the main benefit of using a **common interface** in SASE?

Answer 31

Main benefit of using a common interface in SASE is **centralized management and control** over network and security functions from a single, unified platform ## Footnote A single interface allows for better visibility and control across all network connections.

Question 32

What is a key advantage of **SASE** regarding user experience?

Answer 32

**SASE** enhances user experience by providing a common interface and reducing the need for integration with various hardware ## Footnote This translates into: * Better bandwidth availability * Improved response times

Question 33

What is **Security Service Edge** (SSE)?

Answer 33

**SSE** a cloud-delivered framework that provides secure access to web, cloud, and private applications. SSE is a subset of SASE, focused **solely on cloud-delivered security** without changing network architecture ## Footnote SSE integrates & consolidates multiple security services such as: * Zero Trust Network Access (ZTNA) * Secure Web Gateway (SWG) * Cloud Access Security Broker (CASB) * Firewall-as-a-Service (FWaaS)

Question 34

What does **Infrastructure as Code (IaC)** automate?

Answer 34

**IaC** is the provisioning and operations of infrastructure (servers, networks, etc.) using code or templates in the form of *JSON* or *YAML* ## Footnote IaC allows for the management of **virtual machines** and networking through code (automated, repeatable, and version-controlled) instead of manual processes.

Question 35

Fill in the blank: **Infrastructure as Code (IaC)** is used to create __________ instead of doing it manually.

Answer 35

virtual machines ## Footnote IaC streamlines the process of setting up and managing cloud infrastructure | **Code** allows for rapid scaling and setup of machines, which is crucial for cloud providers.

Question 36

What are typical components managed by **Infrastructure as Code (IaC)**?

Answer 36

* OS(s) * Storage * Processing * Databases ## Footnote These components are essential for setting up virtual machines in the cloud.

Question 37

True or false: **Infrastructure as Code (IaC)** eliminates errors when configuring new environments.

Answer 37

TRUE ## Footnote Using code for setup ensures consistency and reduces the likelihood of human error.

Question 38

Why is IaC useful?

Answer 38

- **Scalability** – Easily replicate environments - **Consistency** – No manual errors - **Speed** – Fast setup and deployment - **Version Control** – Track important changes in software

Question 39

What does IaC help avoid when managing applications at scale?

Answer 39

**IaC** allows for quick configuration changes across multiple VMs without inefficient manual setup and management

Question 40

What is configuration **drift** **vs** configuration **compliance** in the context of IaC?

Answer 40

**Configuration drift** occurs when the actual state of your infrastructure diverges from the desired state defined in your IaC templates **Configuration compliance** refers to the practice of ensuring that infrastructure resources are consistently deployed and maintained according to predefined security, operational, and regulatory standards

Question 41

What are **Upgrades** in the context of IaC?

Answer 41

**Upgrades** refer to the process of *updating infrastructure components, IaC tools, or configurations to newer versions*—while maintaining consistency, automation, and version control.

Question 42

What are **Dynamic Inventories** in the context of IaC?

Answer 42

**Dynamic inventories** refer to the automated, *real-time generation of infrastructure resource lists*—such as servers, VMs, containers, or cloud instances

Question 43

What is a **Central Repository** in the context of IaC?

Answer 43

**Central repository** a *version-controlled, shared location*—typically hosted on platforms like GitHub, GitLab

Question 44

What is **Version Control**?

Answer 44

**Version control** is *tracking and managing changes to code, configurations, or documents over time*—allowing teams to collaborate, revert to previous states, and maintain a history of all modifications

Question 45

What is **Conflict Identification** in the context of IaC?

Answer 45

**Conflict identification** refers to the process of detecting inconsistencies, overlaps, or incompatible changes between different versions, modules, or deployments of IaC ## Footnote These conflicts can arise during collaboration, automation, or integration—and if left unresolved, they can lead to failed deployments, drift, or security vulnerabilities

Question 46

What is **Branching** in the context of IaC?

Answer 46

**Branching** refers to the use of version control branches (typically in Git) to isolate, test, and manage changes to infrastructure code before merging them into the main codebase

Question 47

What is ***Tunneling*** in the context of IPv6?

Answer 47

**Tunneling** refers to the technique of *encapsulating IPv6 packets **within** IPv4 packets* to enable IPv6 communication over an existing IPv4 infrastructure

Question 48

What is ***dual stack***?

Answer 48

**Dual stack** a network configuration where devices and systems run **both IPv4 and IPv6 protocols simultaneously**.

Question 49

What is ***NAT64?***

Answer 49

**NAT64** a *network translation mechanism that **enables communication between IPv6-only clients and IPv4-only servers** by translating IPv6 packets into IPv4 packets—and vice versa*—using a gateway device

Question 50

In software-defined networking (SDN) this component is responsible for the actual forwarding of data on the network media.

Answer 50

Physical network device

Question 51

In traditional networking environments, remote users connect to the corporate network where data would be retrieved from cloud services. *This connection is known as the backhaul and creates a potential bottleneck*, when multiple users are utilizing the cloud services. **What technology eliminates the backhaul and provides remote users with direct connections to the corporate cloud services**?

Answer 51

SD-WAN

Question 52

In the zero trust architecture, authentication information is stored and retrieved from only one source. What is the term used to describe this concept?

Answer 52

Single source of truth

Question 53

You work as a cloud admin for a large cloud provider that requires you to **create multiple virtual environments for your development team and scale them to thousands of instances. You want to maintain absolute consistency and need to deploy them as quickly as possible**. Which technology fulfills these requirements?

Answer 53

Infrastructure as Code (IaC)

Question 54

As a cloud admin, you have **several servers scattered in data centers in different locations around the city. You want to connect these servers in such a way that they virtually appear directly connected to the same LAN**. The locations are currently connected with a TCP/IP network, which must be used for the connection. What technology would you use to connect these servers and fulfill these networking requirements?

Answer 54

Virtual eXtensible Local Area Network (VXLAN)

Question 55

Among the components of the secure access service edge (SASE) which offers malware detection?

Answer 55

Secure web gateway (SWG)