Chapter 10 - Network Segmentation and Virtualization
access
An _______ port is used for connecting a single node that can only exchange information with that switch.
VLAN hopping attack
An attacker configures a VLAN frame with two tags instead of just one. The first tag directs the frame to the authorized VLAN. After the frame enters the first VLAN, the switch appropriately removes the tag, then discovers the next tag, and sends the frame along to a protected VLAN, which the attacker is not authorized to access. What kind of attack is this?
SAID (security association identifier)
Each VLAN is assigned a different ______, which indicates to other connectivity devices which VLAN a transmission belongs to.
Guest
Each VM is known as a _______
Upon creation, each vNIC is automatically assigned a MAC address
How does a vNIC get a MAC address?
24 bits
How many bits of a Class A IP address are used for host information?
bridged
In ______ mode, a vNIC accesses a physical network using the host machine's NIC. In other words, virtual interface and the physical interface are_____.
host-only
In ________ mode, VM's on one host can exchange data with each other and with their host, but they cannot communicate with any nodes beyond the host.
root bridge
Only one _________ exists on a network using STP.
control plane
Protocols handle the process of making decisions (such as routing, blocking, and forwarding), which is called the _______.
Subnetting = Layer 3 VLANs = Layer 2
Subnetting operates at Layer ____ while VLANs function at Layer ____
115.100.10.0/23
Suppose you have leased two Class C licenses, 115.100.10.0 and 115.100.11.0. You want to use all these Class C IP addresses in one supernet. What is the CIDR notation for this supernet? What is its supernet mask?
in-band management
Telnet and SSH are called _________ systems because they use the existing network and its protocols to interface with the switch.
Host
The physical computer on a VM is known as a _______
tag
To keep the data belonging to each VLAN seperate, each frame of a data transmission is identified with a VLAN identifier, or _____, added to it's header, according to specifications in the 802.1Q standard.
stack master
VTP (VLAN trunking protocol) allows changes to the VLAN database on one switch, called the ______, to be communicated to all other switches in the network. stack master
1. Efficient use of resources 2. Cost and energy savings 3. Fault and threat isolation 4. Simple backups, recovery, and replication
What are four advantages to using virtualization on a network?
172.16.32.1/24
What is network ID with CIDR notation for the IP address 172.16.32.108 with the subnet mask 255.255.255.0?
802.1Q
What is the IEEE standard that specifies how VLAN information appears in frames and how switches interpret that information?
2^ h - 2 = Z
What is the formula for determining the number of possible hosts on a network?
Virtual Machine Manager (more commonly known as hypervisor)
What is the software that allows you to define VM's and manage resource allocation and sharing among them?
Virtual switch
What virtual, logically defined device operates at the Data Link layer to pass frames between nodes?
Native VLANs
Which VLAN on a switch manages untagged frames?
To reduce the number of routing table entries by combining several entries.
Which of the following is NOT a good reason to subnet a network?
Trunk Port
Which port on a switch manages traffic for multiple VLANs?
VRRP
Which protocol assigns a virtual IP to a group of routers?
DHCP relay agent
While designing your network's VLAN topology, your team has decided to use a centrally managed DHCP server rather than creating a separate DHCP server for each VLAN. What software will you need?
A BPDU filter can be used to disable STP on specific ports. For example, you might use a BPDU filter on the demarc, where ISP's service connects with a business's network, to prevent the ISP's WAN topology from mixing with the corporate network's topology for the purpose of plotting STP paths.
Why is a BPDU filter needed at the demarc point?
NAT mode
With which network connection type does the VM obtain IP addressing information from it's host?
SDN (software defined networking)
______ is the virtualization of network services in which a network controller manages these services instead of the services being directly managed by the hardware devices involved.
Virtual Bridge
_______ connect vNICs with a network, whether virtual or physical.
VMware
_______ is the most widely implemented virtualization software today.
