CN Exam 2 Quizzes

Lesson 7 Quiz 5 - Question 1 Match the number of the missing components in the following image with their respective name/example.

1) Load Balancer 2) RESTful API 3) Flow Tables 4) Open Flow 5) SDN Controller

Most SDN applications can be grouped into one of the five categories: traffic engineering, mobility and wireless, measurement and monitoring, security and dependability, and data center networking. Classify each application into an appropriate category. Load Balancing Interference management Traffic matrix estimation tool Optimize network utilization Minimizing power consumption DoS attack mitigation

1) Traffic engineering 2) Mobility and wireless 3) Measurement and monitoring 4) Data center networking 5) Traffic engineering 6) Security and dependability

OpenFlow is used in the _____ plane, and it is an example of a ______ interface. 1) data or management 2) northbound or southbound

1) data 2) southbound The basic working of an OpenFlow switch is as follows. Each switch contains a table of packet-handling rules. Each rule has a pattern, list of actions, set of counters and a priority. When an OpenFlow switch receives a packet, it determines the highest priority matching rule, performs the action associated with it and increments the counter.

Determine which of the following can be implemented as a network application in software-defined networking. - Routing - Security enforcement - Quality of Service (QoS) enforcement - All of the above

All of the above

How does FIRE identify the most malicious networks? - Looking for suspiciously short connections within ASes in the network. - Analyzing the information given by data sources and looking for suspicious websites within an AS. - Analyzing the information given by data sources and searching for ASes with a large percentage of malicious IP addresses.

Analyzing the information given by data sources and searching for ASes with a large percentage of malicious IP addresses.

Which property of secure communication ensures that people are who they say they are when communicating over the internet? - Confidentiality - Integrity - Authentication - Availability

Authentication

Determine which type of network can implement load balancing. - Conventional netwokrs - Software-defined networks - Neither conventional nor software-defined networks - Both conventional and software defined networks

Both conventional and software defined networks

Which architecture has the strongest consistency semantics? 1) Centralized controller 2) Distributed controller with a centralized cluster of nodes 3) Distributed controller with a physically distributed set of elements

Centralized controller

Which property of secure communication is protected by encrypting the messages exchanged?

Confidentiality

What are the two operations in the P4 forwarding model? 1) Match, Act 2) Configure, Forward 3) Parse, Populate 4) Configure, Populate

Configure, Populate

SDN controllers operate on the _____________ plane.

Control

In order to stop a prefix or AS-Path announcement attack, we need access to the ___________________, such as IP prefixes and AS-paths. - Control plane data - Data plane data

Control plane data

The P4 language is used to program the _______________ plane. 1) Management 2) Control 3) Data

Data

In attacks where network traffic is dropped, manipulated or impersonated, the data accessed is located at the ___________________. - Control Plane - Data Plane

Data Plane

Determine which plane executes a network policy. - Data plane - Control plane - Management plane - All planes

Data plane

SDN-controlled switches operate on the: 1) Data Plane 2) Control Plane

Data plane

The southbound interfaces separate the... 1) Management plane and control plane 2) Management plane and data plane 3) Data plane and control plane

Data plane and control plane

The management plane ___________ a network policy. 1) defines 2) enforces 3) executes 4) ignores

Defines

ASwatch relies on the premise that "bulletproof" ASes have ______________ interconnection patterns and overall different ___________ plane behavior from most legitimate networks. - Similar, data - Similar, control - Distinct, data - Distinct, control

Distinct, control

Which architecture provides the best throughput? 1) Centralized controller 2) Distributed controller with a centralized cluster of nodes 3) Distributed controller with a physically distributed set of elements

Distributed controller with a centralized cluster of nodes

Which architecture provides the highest level of fault tolerance? 1) Centralized controller 2) Distributed controller with a centralized cluster of nodes 3) Distributed controller with a physically distributed set of elements

Distributed controller with a physically distributed set of elements

The control plane ___________ a network policy. 1) defines 2) enforces 3) executes 4) ignores

Enforces

Which type of message would be sent by an OpenFlow device to the network OS in when it receives new routing information? 1) Event based message 2) Flow statistics 3) Packet message 4) None of the above

Event based message

The data plane ___________ a network policy. 1) defines 2) enforces 3) executes 4) ignores

Executes

A distributed controller can only be used in large networks.

False

ASwatch uses information exclusively from the data plane to infer network reputation.

False

Attackers tend to keep the uptime of domains used for malicious purposes as short as possible in order to avoid being detected.

False

In SDN networks forwarding rules of traffic still have to be based on IP destination and cannot be based on other metrics, packet header info etc.

False

In SDN networks, the SDN controller is responsible for the forwarding of traffic.

False

In SDN networks, the controller needs to be implemented over a centralized server.

False

In a software defined networking, every device (switch, router, middlebox, etc.) must be able to make decisions in the forwarding process.

False

In order to achieve fault tolerance, whenever there is a failure of an ONOS instance, a master is chosen randomly for each of the switches that were controller by the failed instance.

False

In the SDN approach, the SDN controller is physically located at each router that is present in a network.

False

Legitimate networks may let malicious content be up for weeks to more than a year.

False

Load balancing is only possible with software defined networking.

False

Middleboxes can only be used in conventional networks.

False

One of the downfalls of OpenFlow when it was first created was that it was hard to deploy and scale it easily.

False

Prefix deaggregation and mitigation with Multiple Origin AS (MOAS) are independent from ARTEMIS.

False

SDN controllers that are implemented by centralized servers are more likely to achieve fault tolerance, high availability and efficiency.

False

The P4 language is being developed as a replacement for OpenFlow.

False

The Southbound interfaces are the separating medium between the Network-control Applications and the Control plane functionality.

False

The networking operating system (NOS) is a part of the data plane.

False

The physical devices in an SDN network have embedded intelligence and control required to perform forwarding tasks.

False

When a packet arrives in an OpenFlow device and it does not match any of the rules in one of the tables, that packet is always dropped.

False

The P4 programming language can also be used with a conventional network paradigm.

False P4 is a high-level programming language to configure switches which works in conjunction with SDN control protocols.

Having the software implementations for SDNs controllers increasingly open and publicly available makes it hard to control, since any person could modify the software easily.

False software implementations are also increasingly open and publicly available, which speeds up innovation in the field

The purpose of the creation of the P4 language was to offer programmability on the control plane.

False, Programming the Data Plane

A REST interface is an example of a southbound API.

False, REST interface is an example of a northbound API.

In an SDN Architecture, the northbound interface keeps track of information about the state of the hosts, links, switches and other controlled elements in the network, as well as copies of the flow tables of the switches.

False, This layer is also known as the controller's "northbound" interface using which the SDN controller interacts with network-control applications.

ONOS is an example of a centralized controller platform.

False, a distributed SDN control platform

The main reason why SDNs were created was because of the increase of internet users.

False, arose as part of the process to make computer networks more programmable

One of the main differences between the Active Networks phase and the separation of the Control and Data plane phase is that the former is focused on network-wide visibility and control and the latter is focused on device-level configurations.

False, differences from active networking phase: It focused on spurring innovation by and for network administrators rather than end users and researchers. It emphasized programmability in the control domain rather than the data domain. It worked towards network-wide visibility and control rather than device-level configurations.

Which type of message sent by an OpenFlow device to the network OS allows for quality of service (QoS) policies to be implemented? 1) Event based message 2) Flow statistics 3) Packet message 4) None of the above

Flow statistics

How does ONOS handle faults? 1) ONOS is a centralized controller and therefore not fault tolerant. 2) If an ONOS instance fails, its switches must be manually reassigned by the management plane. 3) If an ONOS instance fails, its switches are randomly select a new master instance. 4) If an ONOS instance fails, the other instances elect a new master for each of the switches that were previously controlled by the failed instance. PreviousNext

If an ONOS instance fails, the other instances elect a new master for each of the switches that were previously controlled by the failed instance. PreviousNext

Which property of secure communication ensures that a message is not modified before it reaches the receiver? - Confidentiality - Integrity - Authentication - Availability

Integrity

In software defined networking, which network application would take precedence when managing incoming traffic? 1) Routing policies 2) Load balancing

Load balancing

The northbound interfaces separate the... 1) Management plane and control plane 2) Management plane and data plane 3) Data plane and control plane

Management plane and control plane

In conventional networking, which device can implement an intrusion detection system (IDS)? 1) Switches 2) Routers 3) Middleboxes 4) All of the above

Middleboxes

In the SDN approach, the controller that computes and distributes the forwarding tables to be used by the routers is _______________________.

Physically separate from the routers

In an SDN, the controller is responsible for the _______________ of the traffic, and the SDN-controlled network elements such as the switches are responsible for the _______________ of the traffic.

Routing, forwarding

SDNs use ________________ to control the routers' behavior (e.g., the path selection process).

Software

Determine which type of network decouples the control and data planes. - Conventional networks - Software-defined networks - Neither conventional nor software-defined networks - Both conventional and software defined networks

Software-defined networks

Software implementations in SDN controllers are increasingly open and publicly available, which _______________ innovation in the field.

Speeds up

Which attack disrupts the BGP characteristic to favor more specific prefixes? - Exact prefix hijacking - Sub-prefix hijacking - Squatting

Sub-prefix hijacking

A multiport switch and a SmartNIC are two devices that can be programmed using P4. This is possible to which of the three primary goals of the language? 1) Reconfigurability 2) Protocol independence 3) Target independence

Target independence

A Distributed Denial of Service Attack consists on the attacker sending a large volume of traffic to the victim through servers (slaves), so that the victim host becoming unreachable or in exhaustion of its bandwidth.

True

A distributed controller can be a centralized cluster of nodes or a physically distributed set of elements.

True

A few of the main reasons that SDN arose are: a diversity of different network equipment (eg routers, switches, firewalls, etc.) using different protocols that made managing the network difficult, and second a lack of a central platform to control network equipment.

True

A network controller prioritizes the rules generated by various services.

True

ARTEMIS uses a configuration file and a mechanism for receiving BGP updates from routers and monitoring services to detect BGP hijacking attacks.

True

An OpenFlow switch can function as a router.

True

An OpenFlow switch has a table of packet-handling rules, and whenever it receives a packet, it determines the highest priority matching rule, performs the action associated with it and increments the respective counter.

True

An OpenFlow switch may also be used for routing.

True

By separating the control plane and the data plane, controlling the router's behavior became easier using higher order programs. For example, it is easier to update the router's state or control the path selection.

True

DNS-based content delivery aims to distribute the load amongst multiple servers at a single location, but also distribute these servers across the world.

True

DNS-based content delivery determines the nearest server, which results in increased responsiveness and availability.

True

IP spoofing is the act of setting a false IP address in the source field of a packet with the purpose of impersonating a legitimate server.

True

In an SDX architecture, each AS can define forwarding policies as if it is the only participant at the SDX, as well as having its own SDN applications for dropping, modifying or forwarding their traffic.

True

In order to make forwarding and policy decisions in ONOS, applications get information from the view and then update these decisions back to the view.

True

In the SDN approach, ISPs or other third parties can take up the responsibility for computing and distributing the router's forwarding tables.

True

One of the disadvantages of an SDN centralized controller architecture is that it can introduce a single point of failure and also scaling issues.

True

OpenFlow enables the communication between the control plane and data plane through event-based messages, flow statistics and packet messages that are sent from forwarding devices to controller.

True

P4 acts as an interface between the switches and the controller, and its main goal is to allow the controller to define how the switches operate.

True

Round Robin DNS is a mechanism used by large websites to distribute the load of incoming requests to several servers at a single physical location.

True

SDNs divide the network in two planes: control plane and data plane, to ease management and speed up innovation.

True

The Active Networks phase consisted mainly of creating a programming interface that exposed resources/network nodes and supported customization of functionalities for subsets of packets passing through the network.

True

The P4 language allows programmers to use multiple header fields to parse, match, and perform actions on packets.

True

The P4 model allows the design of a common language to write packet processing programs that are independent of the underlying devices.

True

The forwarding model used by P4 is a pipeline.

True

The main idea behind SDNs is to divide tasks into smaller functions so the code is more modular and easy to manage.

True

The match+action tables in P4 are more flexible than those in current version of OpenFlow.

True

The network-control applications are programs that manage the underlying network with the help of the SDN controller.

True

The network-control applications use the information about the network devices and elements, provided by the controller, to monitor and control the network devices.

True

The northbound interface is used by the controller and the network-control applications to interact with each other.

True

The transition to IPv6 would be faster with a software defined networking paradigm compared to a conventional networking paradigm.

True

Traffic forwarding can be based on any number of header field values in various layers like the transport-layer, network-layer and link-layer.

True

With SDNs the control plane and data plane have independent evolution and development.

True

With the separation of the control plane and the data plane, any change to the forwarding functions on a router is independent from the routing functions of the control plane.

True

In SDN networks, the southbound interface is responsible for the communication between SDN controller and the controlled devices.

True, northbound is SDN controller <> network-control applications

What action does an OpenFlow device take when an incoming flow does NOT match any rules in any of the flow tables in the pipeline? 1) Drops the packets 2) Creates a new rule for the packets 3) Holds the packet until the controller is updated with a rule to handle it 4) Sends a message to the controller

sends a message to the controller