Networking Layers 1-4

Questions and Answers

A network administrator suspects a physical layer problem. Which of the following actions would be MOST appropriate for troubleshooting?

• Checking the DNS configuration on the server.
• Running loopback tests on network cables. (correct)
• Examining firewall logs for blocked traffic.
• Analyzing routing tables for incorrect entries.

Which OSI layer is primarily responsible for fragmenting frames to traverse networks with different MTU (Maximum Transmission Unit) sizes?

• Transport Layer
• Data Link Layer
• Network Layer (correct)
• Session Layer

Which of the following protocols operates at the Transport Layer (Layer 4) and provides reliable, connection-oriented communication?

• UDP
• TCP (correct)
• ICMP
• IP

Which layer in the OSI model is responsible for character encoding and application encryption?

Presentation Layer (D)

In the context of network encapsulation, which term refers to the data unit at the Data Link Layer?

Frame (A)

A network engineer needs to implement a device that routes traffic between different IP subnets. Which of the following devices should be used?

Router (C)

Which of the following BEST describes the primary function of a network switch?

Forwarding traffic based on MAC addresses. (A)

A network administrator wants to implement a device that can filter traffic based on both ports and applications. Which type of device is MOST suitable for this purpose?

Next-Generation Firewall (NGFW) (A)

What is the primary function of Network Address Translation (NAT) in a network?

Hiding Private IP Addresses (C)

Which network device is responsible for distributing network traffic across multiple servers?

Load Balancer (D)

A company wants to improve website performance for users worldwide by caching content closer to them. Which of the following technologies should they implement?

CDN (D)

What is the primary function of a VPN concentrator?

Centralizing VPN access, encryption, and authentication. (A)

Which of the following BEST describes the purpose of Quality of Service (QoS) in a network?

Prioritizing certain types of network traffic. (B)

What is the main purpose of the Time-To-Live (TTL) field in an IP packet?

To limit the lifespan of a packet and prevent routing loops. (C)

Which of the following describes the function of a DNS server?

Translating domain names to IP addresses. (C)

In a cloud computing environment, what does Network Function Virtualization (NFV) primarily aim to achieve?

Virtualizing network devices like routers and firewalls. (A)

Which of the following BEST describes a Virtual Private Cloud (VPC)?

A logically isolated network within a public cloud. (C)

Which method allows a cloud environment to access external networks, while preventing external networks from initiating connections to the cloud environment?

VPC NAT (@)

What is the primary difference between security lists and security groups in cloud environments?

Security lists apply to entire subnets, while security groups apply to individual network interfaces. (C)

Which cloud deployment model provides the highest level of control to the customer?

Private Cloud (A)

What is the primary characteristic of the Software as a Service (SaaS) cloud model?

Customers access software over the internet without managing the underlying infrastructure. (D)

Which of the following cloud service models provides customers with the infrastructure components they need to run their applications?

IaaS (C)

A developer wants to focus solely on writing code without managing servers or infrastructure. Which cloud service model is MOST suitable for this scenario?

PaaS (A)

In the context of IP networking, what is the role of ports?

To specify the application or service on a device. (A)

Which of the following BEST describes the key difference between TCP and UDP?

TCP provides reliable, connection-oriented communication, while UDP is connectionless. (B)

What is the purpose of the TCP three-way handshake?

To establish a connection between two devices before data transfer. (D)

What is the range of ephemeral ports typically used by client applications?

1024 to 65535 (C)

What is the primary purpose of FTP (File Transfer Protocol)?

Transferring files between computers. (D)

Which port does SSH (Secure Shell) use by default?

22 (C)

What is the key difference between SFTP and FTP?

SFTP is a more secure version of FTP that uses SSH. (D)

Why is Telnet considered a liability in modern networks?

It transmits data in plaintext, making it vulnerable to eavesdropping. (D)

Which protocol is used to send emails from a client to an email server?

SMTP (D)

A network administrator is troubleshooting a DNS resolution issue. Which port should they check to ensure DNS traffic is not being blocked?

UDP 53 (B)

What is the purpose of DHCP (Dynamic Host Configuration Protocol)?

To automatically assign IP addresses to devices on a network. (D)

Which protocol is commonly used for quick, small file transfers, often in VoIP environments?

TFTP (D)

HTTPS uses which port by default?

443 (C)

What is the primary function of NTP (Network Time Protocol)?

To keep device times synchronized. (D)

A network administrator wants to remotely monitor the status of network devices such as routers and switches. Which protocol should they use?

SNMP (B)

Which port is commonly used by LDAP (Lightweight Directory Access Protocol) for unencrypted communication?

389 (B)

What is the primary purpose of SMB (Server Message Block) protocol?

File sharing over a network. (B)

Which protocol is commonly used to log messages from network devices and services?

Syslog (B)

RDP (Remote Desktop Protocol) uses which port by default?

3389 (A)

What is the primary purpose of ICMP (Internet Control Message Protocol)?

To send control and error messages between network devices. (D)

Which of the following BEST describes the use case for GRE (Generic Routing Encapsulation)?

Creating a tunnel between two endpoints to encapsulate traffic. (C)

Which of the following is a key characteristic of IPSec (Internet Protocol Security)?

It provides encryption and packet signing at the Network Layer. (C)

Flashcards

Physical Layer (Layer 1)

The physics of the network, including signaling, cabling, and connectors.

Data Link Layer (Layer 2)

Responsible for the basic network language and media access control (MAC) on Ethernet. It's the switching layer.

Networking Layer (Layer 3)

Responsible for routing and uses Internet Protocol (IP) to fragment frames for network traversal.

Transport Layer (Layer 4)

Handles reliable data transfer with TCP and connectionless data transfer with UDP.

Session Layer (Layer 5)

Manages communications between devices, including starting, stopping, and restarting sessions.

Presentation Layer (Layer 6)

Handles character encoding and application encryption.

Application Layer (Layer 7)

The layer we see, including protocols like HTTP, FTP, DNS, and POP3.

Router

Routes traffic between IP subnets and often connects diverse network types.

Switch

Forwards traffic based on MAC addresses and is a Layer 2 device.

Firewall

Filters network traffic by ports and applications, and can perform NAT.

IDS and IPS

Detects and alarms (IDS) or prevents (IPS) intrusions based on exploits against OS and applications.

Load Balancer

Distributes traffic to multiple servers to prevent overload and ensures high availability.

Proxies

An intermediary between clients and the internet, providing caching, security, and access control.

Content Delivery Network (CDN)

A content delivery network caches content on edge servers close to users for faster speed and scalability.

VPN (Virtual Private Network)

Provides secure remote access to a network, often integrated with Next-Generation Firewalls.

QoS (Quality of Service)

Prioritizes network traffic, such as VoIP and video calls, to ensure quality and performance.

TTL (Time-To-Live)

A time limit set on how long a packet should exist, preventing endless loops.

DNS (Domain Name System)

Converts domain names to IP addresses.

Virtual Network

Virtualizing the entire physical network, including routers, cables, and switches.

NFV (Network Function Virtualization)

Turns physical network devices like routers and firewalls into virtualized forms.

VPC (Virtual Private Cloud)

A logically isolated section of a public cloud to deploy cloud resources. Can be connected through VPNs.

Security Groups / Lists

Controls inbound/outbound traffic for cloud resources based on ports, protocols, and IP addresses.

Private Cloud

Cloud infrastructure that is operated solely for a single organization.

Public Cloud

Cloud services offered over the public internet and available to anyone.

Hybrid Cloud

A mix of public and private clouds, allowing data and applications to be shared between them.

SaaS (Software as a Service)

Software licensed and hosted centrally, accessed via a subscription.

IaaS/HaaS (Infrastructure/Hardware as a Service)

Provides computing infrastructure – servers, networking, storage – over the internet.

PaaS (Platform as a Service)

Provides a platform allowing customers to develop, run, and manage applications without the complexity.

TCP (Transmission Control Protocol)

Provides reliable, connection-oriented data transfer.

UDP (User Datagram Protocol)

Provides fast, connectionless data transfer with no guarantees.

FTP (File Transfer Protocol)

Protocol used to transfer files, with separate ports for control and data.

SSH (Secure Shell)

Securely communicates remotely, accessing a secure command line.

SFTP (Secure File Transfer Protocol)

A secure version of FTP using SSH.

Telnet

An outdated, unencrypted protocol for remote command-line access.

SMTP (Simple Mail Transfer Protocol)

Sends emails from client to email server or server to server.

DHCP (Dynamic Host Configuration Protocol)

Assigns IP addresses automatically to devices on a network.

TFTP (Trivial File Transfer Protocol)

A basic protocol used for quick file transfers, often in VoIP.

HTTP & HTTPS

HTTP is used for web, HTTPS encrypts that traffic via TLS/SSL.

NTP (Network Time Protocol)

Keeps device times in sync; important for logging and outage analysis.

Study Notes

Layer 1 - Physical

• Focuses on the physical aspects of the network, such as signaling, cabling, and connectors.
• Concerned with the physical components rather than network protocols.
• Indicates a problem with the physical components of the network.
• Solutions involve running loopback tests, replacing cables, and swapping adapter cards.
• Troubleshooting includes fixing cabling and punch-downs.

Layer 2 - Data Link Layer/Switching

• Forms the foundation of network communication
• Uses Data Link Control (DLC) protocols, including MAC (media access control) on Ethernet.
• Considered the "switching" layer.

Layer 3 - Networking Layer

• Functions as the "routing" layer within a network.
• Uses Internet Protocol (IP) for routing data.
• Breaks down large frames into smaller IP packets to accommodate different networks.

Layer 4 - Transport Layer

• Manages the "post office" functions of network communication.
• Uses TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Layer 5 - Session Layer

• Manages communication between networked devices.
• Handles the start, stop, and restart of communication sessions.
• Uses control protocols and tunneling protocols.

Layer 6 - Presentation Layer

• Handles character encoding and application encryption.
• Often integrated with the application layer.

Layer 7 - Application Layer

• The layer of the OSI model that users directly interact with.
• Includes protocols like HTTP, FTP, DNS, and POP3.

Real-World to OSI Model Mapping

• Application Layer: User Interface (e.g., eyes)
• Presentation Layer: Application encryption (SSL/TLS)
• Session Layer: Control protocols, tunneling protocols
• Transport Layer: TCP protocol, UDP datagram
• Network Layer: IP address, Router, Packet
• Data Link Layer: MAC address, Frame, Extended Unique Identifier (EUI-48, EUI-64), Switch
• Physical Layer: Cables, fiber, and the signal itself

Encapsulation

• Data is transformed as it moves through the OSI model layers:
• Transport Layer: Segment
• Network Layer: Packet
• Data Link Layer: Frame
• Physical Layer: Bits

Router

• Routes traffic between IP subnets, operating as an OSI layer 3 device.
• Routers inside switches are referred to as "layer 3 switches".
• Connects various network types like LAN, WAN, copper, and fiber.

Switches

• Perform bridging in hardware using ASICs (Application Specific Integrated Circuits).
• Forwards traffic based on MAC/data link addresses as an OSI Layer 2 device.
• Can provide data and power over Ethernet (PoE).
• Multilayer switches include Layer 3 routing.

Firewalls

• Filter network traffic by ports (traditional) and applications (NGFW - Next Generation Firewall).
• Can operate on Layer 3, acting as a router to filter IPs and control routes.
• Uses NAT (Network Address Translation) to hide IPs behind public IPs.
• Supports dynamic routing and encrypts traffic via VPN between sites.

IDS and IPS

• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
• Address intrusions like exploits against OS and applications.
• IDS only detects and alarms, requiring admin intervention.
• IPS detects and prevents intrusions automatically.

Load Balancer

• Distributes network traffic to multiple servers to prevent overload.
• Handles failovers quickly to maintain service continuity.
• Invisible to end users, ensuring smooth service.
• Used in web and database server farms.
• Features include TCP offload, SSL offload, caching, QoS, and content switching.

Proxies

• Act as intermediaries between clients and the internet.
• Cache content to save bandwidth and improve speed.
• Provide security through access control, URL filtering, and content scanning.
• Can be explicit (user-aware) or transparent (user-unaware).

SAN & NAS

• SAN (Storage Area Network): Block-level storage, allowing modular changes.
• NAS (Network Attached Storage): File-level storage, requiring whole system modification for changes.
• Both require sufficient bandwidth, isolated networks, and high-speed technologies.

Wireless Networks

• Require multiple Access Points (APs), potentially in different buildings.
• APs need configuration for access policies, AP settings, and security policies.
• The network is designed to be invisible to users.

Wireless LAN Controller

• Provides centralized management for all access points on a wireless network.
• Manages deployment, performance, security, configuration, and reporting on APs.

Content Delivery Network (CDN)

• Caches content on edge servers closer to users.
• Results in faster speeds, reduced load on the origin server, and global scalability.

VPN (Virtual Private Network)

• Provides secure remote access to a network.
• A VPN head end/concentrator serves as a centralized access point.
• Often integrated with NGFWs using IPsec/SSL.
• Can be implemented in hardware (for large organizations) or software (for smaller organizations).

QoS (Quality of Service)

• Prioritizes network traffic, such as VoIP, video calls, and real-time applications.
• Also known as Packet/Traffic shaping.
• Can be manually configured or built into routers, switches, and firewalls.

TTL (Time-To-Live)

• Sets a time limit for how long a data packet can exist on a network.
• Prevents endless routing loops and clears caches.

Routing Loops

• Routing loops occur when data packets continuously hop between routers.
• TTL prevents packets from looping indefinitely by dropping them after a set number of hops.
• Can be caused by misconfiguration of IPs.

IP (Internet Protocol)

• Integrates TTL to prevent continuous looping of data packets.
• Routers decrease TTL by 1 with each hop; packets are dropped when TTL reaches 0.
• Default TTL values vary by OS (e.g., 128 hops in Windows, 64 in MacOS/Linux).

DNS (Domain Name System)

• DNS cache expires after the TTL.
• TTL is measured in seconds, not hops.

Virtual Network

• Virtualizes the entire physical network infrastructure, including routers, cables, and switches.
• Involves shifting the server farm to a virtualized environment.

NFV (Network Function Virtualization)

• Transforms physical network devices into virtualized forms.
• Allows deployment and modification of devices through hypervisors.
• Supports VMs, containers, and fault tolerance.

VPC (Virtual Private Cloud)

• Provides virtualized network devices (load balancers, switches, routers, firewalls) with separation.
• Cloud routers enable communication between devices within the VPC.
• VPNs allow communication with devices outside the cloud.

Connecting to the Cloud

• VPN: Creates an encrypted, secure connection to the cloud.
• Internet Gateway/VPC Gateway: Allows internet users to connect to the cloud without a VPN.
• VPC NAT: Allows cloud resources to access external networks but prevents external access to the cloud.
• VPC Endpoint: Enables direct connection between private cloud organizations.

Security Groups & Lists

• Firewalls control inbound and outbound traffic to the cloud.
• Rules based on Layer 4 port numbers (e.g., 80, 443) and protocols (TCP/UDP).
• Configured using Layer 3 addresses with IPv4/IPv6 and CIDR notation.

Security Lists

• Apply subnet-wide rules, affecting all devices in the subnet.
• Lack flexibility and can be hard to manage.
• Misconfiguration can lead to security vulnerabilities.

Security Groups

• Apply rules to individual VNICs, providing more granularity.
• Enable rule configuration per instance supporting protocols, ports, IP, and CIDR.
• Considered a better and safer practice overall.

Private Cloud

• Deployed by the user or a cloud provider.
• Offers full control and is used by governments, banks, and large organizations.

Public Cloud

• Deployed by a cloud provider.
• Shares hardware and network resources, but data is isolated.

Hybrid Cloud

• Combines public and private servers.
• Allows storing sensitive data on private servers while running websites on public servers.

SaaS (Software as a Service)

• Users consume services without installation or maintenance.
• Cloud provider manages everything.

IaaS/HaaS (Infrastructure/Hardware as a Service)

• Users manage OS, storage, applications, and updates.
• Provider manages physical servers and network infrastructure.

PaaS (Platform as a Service)

• Users build, test, and deploy applications without managing servers, OS, or storage.
• Provides tools for development, focusing on code rather than infrastructure.

IP Overview

• Network: The route for data.
• IP (Internet Protocol): The truck carrying data.
• TCP/UDP: The boxes/packages as segments.
• IP address: Location for data pickup and delivery.
• Ports: Specific drop-off locations.

TCP & UDP

• Both TCP and UDP are encapsulated in IP.
• TCP (Transmission Control Protocol): Confirms successful delivery.
• UDP (User Datagram Protocol): Connectionless protocol.
• Multiplexing: TCP and UDP can work simultaneously in one application.

TCP (Transmission Control Protocol)

• Uses a three-way handshake (SYN, SYN-ACK, ACK).
• Has an acknowledgement system for error-free delivery.
• Allows flow control by the receiver.
• Checks for and fixes errors.
• Provides orderly delivery of data.
• Includes a teardown process when transmission is complete.

UDP (User Datagram Protocol)

• Doesn't use handshakes.
• No error fixes.
• Offers no guarantees of delivery.
• Lacks ordering of delivery.
• Used for video calls, live streaming, and gaming due to its speed.

Ports

• IPv4 Socket components: Client IP address, protocol, client port number, Server IP address, protocol, and server application port number.

Ephemeral and Non-Ephemeral Ports

• Ephemeral Ports: Temporary port numbers (1,024 to 65,535), mostly used by clients.
• Non-Ephemeral Ports: Permanent port numbers (0 to 1,023), mostly used by servers.

Ports Continuation

• TCP and UDP can use the same port numbers but serve different applications.
• Server ports need to be well known.
• Non-ephemeral ports are commonly used, but either type can be used.

FTP (File Transfer Protocol)

• Transfers files with no specific method.
• TCP/20 (active mode for data transfer) and TCP/21 (control mode for authentication and commands).
• Requires username and password for authentication.
• Allows full customization of files during transfer.

SSH (Secure Shell)

• Communicates remotely through the console.
• Provides secure command line access.
• Uses TCP/22.

SFTP (Secure File Transfer)

• A secure version of FTP built on SSH.
• Uses TCP 22.
• Shares characteristics with FTP.

Telnet

• Dumber version of SSH.
• Lacks security.
• Uses TCP 23.

SMTP (Simple Mail Transfer Protocol)

• Sends emails from client to server or server to server.
• Uses TCP 25 (insecure) and TCP 587 (SMTP TLS, secure).
• POP3 and IMAP are used to receive emails.

DNS (Domain Name System)

• Converts domain names to IP addresses.
• Uses UDP 53 for small queries and TCP 53 for large queries.

DHCP (Dynamic Host Configuration Protocol)

• Automatically assigns IP addresses to devices on a network.
• Leases IP addresses for a set period, requiring renewal.
• DHCP reservation assigns permanent IP addresses.
• Uses UDP 67 (server-side) and UDP 68 (client-side).

TFTP (Trivial File Transfer Protocol)

• Transfers small files quickly without directory viewing or editing.
• Commonly used in VoIP.
• Uses UDP 69.

HTTP & HTTPS

• Accesses web servers.
• HTTP (Hyper Text Transfer Protocol): Outdated version, not so secure, uses TCP 80.
• HTTPS (Hyper Text Transfer Protocol Secure): Encrypted via TLS or SSL, uses TCP 443.

NTP (Network Time Protocol)

• Keeps device time synchronized for log accuracy and system uptime.
• Uses UDP 123.

SNMP (Simple Network Management Protocol)

• Monitors stats and data from network devices.
• Used by system admins to manage devices.
• Uses UDP 161.
• Versions: V1 (no encryption), V2 (bulk queries), and V3 (protected with encryption).
• SNMP trap sends SNMP info when there is an issue, uses UDP 162.

LDAP & LDAPS

• Used to manage directories and authenticate users on a network.
• LDAP (Lightweight Directory Access Protocol): Unencrypted, uses TCP 389.
• LDAPS (Lightweight Directory Access Protocol Secure): Encrypted via SSL, uses TCP 636.

SMB (Server Message Block)

• Integrated into Microsoft Windows for file sharing.
• Uses TCP 445 for direct communication.

Syslog

• logs messages from devices and services.
• Usually integrated into SIEM (Security Information Event Manager).
• Works over UDP 514.

Database

• Stores data from servers.
• MS-SQL (Microsoft SQL) uses TCP 1433.

RDP (Remote Desktop Protocol)

• Provides remote access to desktops.
• Uses TCP 3389.

SIP (Session Initiation Protocol)

• Sets up, modifies, and ends real-time communication sessions.
• Uses TCP 5060 (unencrypted) and TCP 5061 (encrypted).

ICMP (Internet Control Message Protocol)

• Network layer protocol that manages state and error messages.
• Used to check if a device is alive and responsive for diagnosing network issues.

GRE (Generic Routing Encapsulation)

• Creates a tunnel between two endpoints.
• Encapsulates traffic inside IP.
• Two connected endpoints with no built-in encryption.

VPN (Virtual Private Network)

• Secures connections & Encrypts data over public networks.
• Encryption and decryption happen at concentrators.
• Implemented in hardware or software.

Site-to-Site

• Always-on VPN connection.
• Firewalls often used with VPN concentrators.

IPSec (Internet Protocol Security)

• Operates on OSI Layer 3.
• Provides integrity and anti-replay.
• Uses AH (Authentication Header) and ESP (Encapsulation Security Payload).

IKE (Internet Key Exchange)

• Agrees to encryption and decryption without sending keys.
• Builds a Security Association (SA).
• Phase 1 uses Diffie-Hellman for a shared secret key (UDP 500, ISAKMP).
• Phase 2 coordinates cipher and key sizes.

Transport & Tunnel Modes for Data Packet Transfer

• Transport: Secures the original data packet with IPSec Header/Trailer.
• Ex: IP Header → IPSec Header → Data → IPSec Trailer
• Tunnel: Adds a new IP Header to hide the actual original packet.
• Ex: New IP Header → IPSec Header → IP Header → Data → IPSec Trailer