Comptia Network+ Flashcards

802.1x

IEEE Standard for Local and metropolitan area networks - Port-Based Network Access Control802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client that wishes to attach to the network. The authenticator is a network device, such as an Ethernet switch, wireless access point or in this case, a remote access server and the authentication server is the RADIUS server.

MD5

The MD5 algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption.

PoE

Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electric power along with data on twisted pair Ethernet cabling. This allows a single cable to provide both data connection and electric power to devices such as wireless access points, IP cameras, and VoIP phones.There are several common techniques for transmitting power over Ethernet cabling. Two of them have been standardized by IEEE 802.3 since 2003. These standards are known as Alternative A and Alternative B. For 10BASE-T and 100BASE-TX, only two of the four data/signal pairs in typical CAT-5 cable are used. Alternative B separates the data and the power conductors, making troubleshooting easier. It also makes full use of all four twisted pair, copper wires. The positive voltage runs along pins 4 and 5, and the negative along pins 7 and 8.

802.3af

The original IEEE 802.3af-2003[2] PoE standard provides up to 15.4 W of DC power (minimum 44 V DC and 350 mA[3][4]) on each port.[5] Only 12.95 W is assured to be available at the powered device as some power dissipates in the cable.[6]The updated IEEE 802.3at-2009[7] PoE standard also known as PoE+ or PoE plus, provides up to 25.5 W of power for "Type 2" devices.[8] The 2009 standard prohibits a powered device from using all four pairs for power.[9]Both of these amendments have since been incorporated into the IEEE 802.3-2012 publication.[

Network Admission Control (NAC)

Network Admission Control (NAC) can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking user credentials. For example, a client's OS, Windows Registry settings, AD membership status, and version of antivirus software could be checked against a set of requirements before allowing the client to access a network.

posture assessment

Form of NAC: Network Admission Control (NAC) can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking user credentials. For example, a client's OS, Windows Registry settings, AD membership status, and version of antivirus software could be checked against a set of requirements before allowing the client to access a network. This process of checking a client's characteristics is called posture assessment.

Common troubleshooting steps and procedures:

1. Identify the problem.2. Establish a theory of probable cause.3. Test the theory to determine cause: 4. Establish a plan of action to resolve the problem and identify potential effects. 5. Implement the solution or escalate as necessary.6. Verify full system functionality and if applicable implement preventive measures.7. Document findings, actions, and outcomes

WPA2

Short for Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication. [Adapted from Wi-Fi.org]There are two versions of WPA2: WPA2-Personal, and WPA2-Enterprise. WPA2-Personal protects unauthorized network access by utilizing a set-up password. WPA2-Enterprise verifies network users through a server. WPA2 is backward compatible with WPA.

DWDM dense wavelength division multiplexing

Dense wavelength division multiplexing (DWDM) is a technology that puts data from different sources together on an optical fiber, with each signal carried at the same time on its own separate light wavelength. Using DWDM, up to 80 (and theoretically more) separate wavelengths or channels of data can be multiplexed into a lightstream transmitted on a single optical fiber.

Carrier Sense Multiple Access/Collision Detect (CSMA/CD)

is a media access control method used most notably in early Ethernet technology for local area networking. It uses a carrier-sensing scheme in which a transmitting station detects collisions by sensing transmissions from other stations while transmitting a frame. When this collision condition is detected, the station stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame.[1]CSMA/CD is a modification of pure carrier-sense multiple access (CSMA). CSMA/CD is used to improve CSMA performance by terminating transmission as soon as a collision is detected, thus shortening the time required before a retry can be attempted.

CSMA/CA

Carrier-sense multiple access with collision avoidance (CSMA/CA) in computer networking, is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be "idle".[1][2] When they do transmit, nodes transmit their packet data in its entirety.It is particularly important for wireless networks, where the collision detection of the alternative CSMA/CD is unreliable due to the hidden node problem.[3][4]CSMA/CA is a protocol that operates in the Data Link Layer (Layer 2) of the OSI model.

802.11 AP

802.11 AP is a Wireless Access Point used in a wireless network

802.11 speeds

802.11 - 2mbps802.11b - 11 mbps @2.4ghz802.11a- 54 mbps @5ghz802.11g - 54 mbps @2.4ghz802.11n - 300 mbps 2.4ghz and 5ghz802.11ac - 1300 mbps @5ghz and 450 mbps @2.4ghz

Transmission Control Protocol (TCP)

a connection-oriented transport protocol. Connectionoriented transport protocols provide reliable transport. When a computer wants to send data to another computer, TCP will first establish a connection between the two computers. When a sending computer sends data segments, the receiving computer acknowledges receipt of the segments. If the receiving computer does not receive an expected segment, the sending computer will send it again

User Datagram Protocol (UDP

a connectionless transport protocol. Connectionless transport protocols provide unreliable transport. With UDP, there is no connection establishment between the sending and receiving computers. If a data segment is lost in transit, the sending computer will not know about it so it will not resend the segment.

Open Systems Interconnect (OSI) Model

Layer 7 - ApplicationLayer 6- PresentationLayer 5 - SessionLayer 4 - TransportLayer 3 - NetworkLayer 2 - Data LinkLayer 1 - Physical Layer

PDUs

UDP is a connectionless transport protocol that operates in the transport layer of the OSI model. UDP stands for User Datagram Protocol. PDUs (Protocol Data Units) used by UDP are known as Datagrams.

application layer

OSI Model, Layer 7, supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.Webopedia Study Guide Section Layer 7 Application examples include WWW browsers, NFS, SNMP, Telnet, HTTP, FTP

Presentation layer

This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.Webopedia Study Guide Section Layer 6 Presentation examples include encryption, ASCII, EBCDIC, TIFF, GIF, PICT, JPEG, MPEG, MIDI.

Session layer

This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination.Webopedia Study Guide Section Layer 5 Session examples include NFS, NetBios names, RPC, SQL.

Transport Layer

OSI Model, Layer 4, provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.Webopedia Study Guide Section Layer 4 Transport examples include SPX, TCP, UDP.

Network Layer

Layer 3 provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing.Webopedia Study Guide Section Layer 3 Network examples include AppleTalk DDP, IP, IPX.

Data Link Layer

At OSI Model, Layer 2, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking.Webopedia Study Guide Section Layer 2 Data Link examples include PPP, FDDI, ATM, IEEE 802.5/ 802.2, IEEE 802.3/802.2, HDLC, Frame Relay.

IPv6 address autoconfiguration.

IPv6 address autoconfiguration. A highly useful aspect of IPv6 is its ability to automatically configure itself without the use of a stateful configuration protocol, such as Dynamic Host Configuration Protocol for IPv6 (DHCPv6). By default, an IPv6 host can configure a link-local address for each interface.

Physical Layer

OSI Model, Layer 1 conveys the bit stream - electrical impulse, light or radio signal â through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.Layer 1 Physical examples include Ethernet, FDDI, B8ZS, V.35, V.24, RJ45.

DHCPv6

Jump to: navigation, search Internet protocol suiteApplication layerBGPDHCPDNSFTPHTTPIMAPLDAPMGCPMQTTNNTPNTPPOPONC/RPCRTPRTSPRIPSIPSMTPSNMPSSHTelnetTLS/SSLXMPPmore... Transport layerTCPUDPDCCPSCTPRSVPmore... Internet layerIP IPv4IPv6 ICMPICMPv6ECNIGMPOSPFIPsecmore... Link layerARPNDPTunnels L2TP PPPMAC EthernetDSLISDNFDDI more... vte The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring Internet Protocol version 6 (IPv6) hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. It is the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.IPv6 hosts may automatically generate IP addresses internally using stateless address autoconfiguration (SLAAC), or they may be assigned configuration data with DHCPv6.IPv6 hosts that use stateless autoconfiguration may require information other than an IP address or route. DHCPv6 can be used to acquire this information, even though it is not being used to configure IP addresses. https://en.wikipedia.org/wiki/DHCPv6

Link local

A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. Link-local addresses are not necessarily bound to the MAC address (configured in a EUI-64 format). Link-local addresses can also be manually configured in the FE80::/10 format using the ipv6 address link-local command.These addresses refer only to a particular physical link and are used for addressing on a single link for purposes such as automatic address configuration and neighbor discovery protocol. Link-local addresses can be used to reach the neighboring nodes attached to the same link. The nodes do not need a globally unique address to communicate. Routers will not forward datagram using link-local addresses. IPv6 routers must not forward packets that have link-local source or destination addresses to other links. All IPv6 enabled interfaces have a link-local unicast address.

VLSM

Variable-Length Subnet Masking (VLSM) amounts to "subnetting subnets," which means that VLSM allows network engineers to divide an IP address space into a hierarchy of subnets of different sizes, making it possible to create subnets with very different host counts without wasting large numbers of addresses.

IPv6 Address structure

https://en.wikipedia.org/wiki/IPv6#/media/File:Ipv6_address_leading_zeros.svg

6to4

6to4 is an Internet transition mechanism for migrating from Internet Protocol version 4 (IPv4) to version 6 (IPv6), a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks.[1]6to4 is especially relevant during the initial phases of deployment to full, native IPv6 connectivity, since IPv6 is not required on nodes between the host and the destination. However, it is intended only as a transition mechanism and is not meant to be used permanently.6to4 may be used by an individual host, or by a local IPv6 network. When used by a host, it must have a global IPv4 address connected, and the host is responsible for encapsulation of outgoing IPv6 packets and decapsulation of incoming 6to4 packets. If the host is configured to forward packets for other clients, often a local network, it is then a router.

Teredo

In computer networking, Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. Unlike similar protocols, it can perform its function even from behind network address translation (NAT) devices such as home routers.Teredo operates using a platform independent tunneling protocol that provides IPv6 (Internet Protocol version 6) connectivity by encapsulating IPv6 datagram packets within IPv4 User Datagram Protocol (UDP) packets. Teredo routes these datagrams on the IPv4 Internet and through NAT devices. Teredo nodes elsewhere on the IPv6 network (called Teredo relays) receive the packets, un-encapsulate them, and pass them on.Teredo is a temporary measure. In the long term, all IPv6 hosts should use native IPv6 connectivity. Teredo should be disabled when native IPv6 connectivity becomes available

Miredo

Miredo[1] is a Teredo tunneling client designed to allow full IPv6 connectivity to computer systems which are on the IPv4-based Internet but which have no direct native connection to an IPv6 network.Miredo is included in many Linux[2][3] and BSD[4][5] distributions and is also available for recent versions of Mac OS X.[6] (Discontinued)It includes working implementations of:a Teredo clienta Teredo relaya Teredo serverReleased under the terms of the GNU General Public License, Miredo is free software.

NAT/PAT

Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.[1] The technique was originally used for ease of rerouting traffic in IP networks without readdressing every host. In more advanced NAT implementations featuring IP masquerading, it has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a NAT gateway for an entire private network.IP masquerading is a technique that hides an entire IP address space, usually consisting of private IP addresses, behind a single IP address in another, usually public address space. The address that has to be hidden is changed into a single (public) IP address as "new" source address of the outgoing IP packet so it appears as originating not from the hidden host but from the routing device itself. Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with IP masquerading.

Multicasting

IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is a form of point-to-multipoint communication employed for streaming media applications on the Internet and private networks. IP multicast is the IP-specific version of the general concept of multicast networking. It uses specially reserved multicast address blocks in IPv4 and IPv6.Protocols associated with IP multicast include Internet Group Management Protocol, Protocol Independent Multicast and Multicast VLAN Registration. IGMP snooping is used to manage IP multicast traffic on layer-2 networks.

Unicast

In computer networking, unicast refers to a one-to-one transmission from one point in the network to another point; that is, one sender and one receiver, each identified by a network address.[

Broadcast

In telecommunication and information theory, broadcasting is a method of transferring a message to all recipients simultaneously. Broadcasting can be performed as a high level operation in a program, for example broadcasting Message Passing Interface, or it may be a low level networking operation, for example broadcasting on Ethernet.All-to-all communication is a computer communication method in which each sender transmits messages to all receivers within a group.[1] This contrasts with the point-to-point method in which each sender communicates with one receiver.

Broadband

Whereas baseband uses digital signaling, broadband uses analog signals in the form of optical or electromagnetic waves over multiple transmission frequencies. For signals to be both sent and received, the transmission media must be split into two channels. Alternatively, two cables can be used: one to send and one to receive transmissions.Multiple channels are created in a broadband system by using a multiplexing technique known as Frequency-Division Multiplexing (FDM). FDM allows broadband media to accommodate traffic going in different directions on a single media at the same time.

Baseband

Baseband transmissions typically use digital signaling over a single wire; the transmissions themselves take the form of either electrical pulses or light. The digital signal used in baseband transmission occupies the entire bandwidth of the network media to transmit a single data signal. Baseband communication is bidirectional, allowing computers to both send and receive data using a single cable. However, the sending and receiving cannot occur on the same wire at the same time.Using baseband transmissions, it is possible to transmit multiple signals on a single cable by using a process known as multiplexing. Baseband uses Time-Division Multiplexing (TDM), which divides a single channel into time slots. The key thing about TDM is that it doesn't change how baseband transmission works, only the way data is placed on the cable.

Top Port Numbers

20,21 FTP 161 SNMP 22 SSH 23 Telnet 53 DNS 67,68 DHCP 69 TFTP 445 SMB Server Message Block 3389 RDP25 (SMTP)80 HTTP110 POP 3123 Network Time Protocol (NTP137/138/139 Net Bios143 Internet Message Access Protocol (IMAP161/162 SNMP179 Border Gateway Protocol (BGP389 Lightweight Directory Access Protocol (LDAP)443 Hypertext Transfer Protocol over SSL/TLS (HTTPS)

Lightweight Directory Access Protocol (LDAP)

LDAP provides a mechanism of accessing and maintaining distributed directory information. LDAP is based on the ITU-T X.500 standard but has been simplified and altered to work over TCP/IP networks.

CCMP (cryptography)

Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.[1] It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.see: http://www.professormesser.com/security-plus/sy0-401/tkip-and-ccmp/

TKIP

TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products.

AAAA

Authentication, Authorization, Accounting and Address

AAA

Authentication Authorization and Accounting

MDF (Main Distribution Frame)

In telephony, a main distribution frame (MDF or main frame) is a signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant).

Hot or Cold Site

A hot site is a disaster recovery (DR) location that is set up and ready to go; that is, one can arrive and continue to work immediately. A cold site is just available space with little, if anything, set up in it. A hot site will have equipment set up with your current data available when you walk in.

Stateful vs Stateless protocol

In computing, a stateless protocol is a communications protocol in which no information is retained by either sender or receiver. The sender transmits a packet to the receiver and does not expect an acknowledgment of receipt. A UDP connection-oriented session is a stateless connection because neither systems maintains information about the session during its life.A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. In contrast, a protocol that requires keeping of the internal state on the server is known as a stateful protocol. A TCP connection-oriented session is a 'stateful' connection because both systems maintain information about the session itself during its life.

LACP Link Aggregation Control Protocol

In computer networking, the term link aggregation applies to various methods of combining (aggregating) multiple network connections in parallel in order to increase throughput beyond what a single connection could sustain, and to provide redundancy in case one of the links should fail. A Link Aggregation Group (LAG) combines a number of physical ports together to make a single high-bandwidth data path, so as to implement the traffic load sharing among the member ports in the group and to enhance the connection reliability.

management information base (MIB)

a database used for managing the entities in a communication network. Most often associated with the Simple Network Management Protocol (SNMP), the term is also used more generically in contexts such as in OSI/ISO Network management model. While intended to refer to the complete collection of management information available on an entity, it is often used to refer to a particular subset, more correctly referred to as MIB-module.

IS-IS

Intermediate System to Intermediate System (IS-IS) is a routing protocol designed to move information efficiently within a computer network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route for datagrams through a packet-switched network.

Spectrum Analyzer tool

A spectrum analyzer measures the magnitude of an input signal versus frequency within the full frequency range of the instrument. The primary use is to measure the power of the spectrum of known and unknown signals. The input signal that a spectrum analyzer measures is electrical; however, spectral compositions of other signals, such as acoustic pressure waves and optical light waves, can be considered through the use of an appropriate transducer. Optical spectrum analyzers also exist, which use direct optical techniques such as a monochromator to make measurements.By analyzing the spectra of electrical signals, dominant frequency, power, distortion, harmonics, bandwidth, and other spectral components of a signal can be observed that are not easily detectable in time domain waveforms. These parameters are useful in the characterization of electronic devices, such as wireless transmitters.

BPDU

BPDU stands for bridge protocol data unit. BPDUs are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocol topology. BPDU packets contain information on ports, addresses, priorities and costs and ensure that the data ends up where it was intended to go.

NAC

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.[citation needed] NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard.

Generic Routing Encapsulation (GRE)

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.

Split Horizon

In computer networking, split-horizon route advertisement is a method of preventing routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.

RAS Remote Access Service

OFDM, QAM and QPSK

examples of a wireless technology - modulation

EIGRP Enhanced Interior Gateway Routing Protocol

an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers. Partial functionality of EIGRP was converted to an open standard in 2013[1] and was published with informational status as RFC 7868 in 2016.EIGRP is used on a router to share routes with other routers within the same autonomous system. Unlike other well known routing protocols, such as RIP, EIGRP only sends incremental updates, reducing the workload on the router and the amount of data that needs to be transmitted.

CSU/DSU

A CSU/DSU is a digital-interface device used to connect a data terminal equipment (DTE), such as a router, to a digital circuit, such as a Digital Signal 1 (T1) line. The CSU/DSU implements two different functions.

Loopback plug or cable

Definition - What does Loopback Plug mean? A loopback plug is a device used to test ports (such as serial, parallel USB and network ports) to identify network and network interface card (NIC) issues. Loopback plug equipment facilitates the testing of simple networking issues and is available at very low costs. A loopback plug device is classified as male or female.

TACACS+ Terminal Access Control Access Control System+

a protocol that handles authentication, authorization, and accounting (AAA) services. Similar to RADIUS, TACACS+ is a centralized authentication solution used to provide access to network resources. TACACS+ separates the authentication, authorization, and accounting services enabling you to host each service on a separate server if required.

Split Horizon DNS

In computer networking, split-horizon DNS, split-view DNS, split-brain DNS, or split DNS is the facility of a Domain Name System (DNS) implementation to provide different sets of DNS information, selected by, usually, the source address of the DNS request.

MPLS

In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. CompTIA N10-006 Exam"Pass Any Exam. Any Time." - www.actualtests.com 10MPLS works by prefixing packets with an MPLS header, containing one or more labels. An MPLS router that performs routing based only on the label is called a label switch router (LSR) or transit router. This is a type of router located in the middle of a MPLS network. It is responsible for switching the labels used to route packets. When an LSR receives a packet, it uses the label included in the packet header as an index to determine the next hop on the label-switched path (LSP) and a corresponding label for the packet from a lookup table. The old label is then removed from the header and replaced with the new label before the packet is routed forward.

Label Edge Router (LER)

A label edge router (LER) is a router that operates at the edge of an MPLS network and acts as the entry and exit points for the network. LERs respectively, add an MPLS label onto an incoming packet and remove it off the outgoing packet. When forwarding IP datagrams into the MPLS domain, an LER uses routing information to determine appropriate labels to be affixed, labels the packet accordingly, and then forwards the labelled packets into the MPLS domain. Likewise, upon receiving a labelled packet which is destined to exit the MPLS domain, the LER strips off the label and forwards the resulting IP packet using normal IP forwarding rules.

Cable Chart

http://www.tardyslip.net/wp-content/uploads/2015/01/Ethernet-Cable-Length-and-Speed.jpg

BGP Border Gateway Protocol

A collection of networks that fall within the same administrative domain is called an autonomous system (AS). In this question, each datacenter will be an autonomous system.BGP (Border Gateway Protocol) is used to route data between autonomous systems (AS's) The routers within an AS use an interior gateway protocol, such as the Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF) protocol, to exchange routing information among themselves. At the edges of an AS are routers that communicate with the other AS's on the Internet, using an exterior gateway protocol such as the Border Gateway Protocol (BGP). If a WAN link goes down, BGP will route data through another WAN link if redundant WAN links are available.

Converged network (routers converged)

In a converged network all routers "agree" on what the network topology looks like.

iSCSI Internet Small Computer System Interface

An iSCSI switch is an appliance that processes and channels data between an iSCSI initiator and target on a storage device. ISCSI traffic is typically high speed, high volume and needs to be delivered with minimal latency.

MTU Maximum Transmission Unit

A maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network such as the Internet. The Internet's Transmission Control Protocol (TCP) uses the MTU to determine the maximum size of each packet in any transmission.

SIEM

Using a Security information and event management (SIEM) product, the security logs can be analyzed and aggregated. SIEM is a term for software products and services combining security information management (SIM) and security event management (SEM). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM is sold as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes. SIEM capabilities include Data aggregation; Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events

TEMPEST

The TEMPEST standards mandate elements such as equipment distance from walls, amount of shielding in buildings and equipment, and distance separating wires carrying classified vs. unclassified materials,[5] filters on cables, and even distance and shielding between wires or equipment and building pipes. Noise can also protect information by masking the actual data.[6]