Definitions and pro-tips for the N10-009 certification.
AAA, representing Authentication, Authorization, and Accounting, is a comprehensive framework for controlling network access. Authentication verifies user identity, authorization determines permitted access levels, and accounting tracks user activity for auditing and billing purposes, enhancing network security.
Address Resolution Protocol resolves IP addresses to corresponding MAC addresses on a local network. It broadcasts ARP requests to identify the hardware address associated with a known IP address, enabling communication within the same network segment. ARP is fundamental to Ethernet network operation.
Border Gateway Protocol is the path vector routing protocol used to exchange routing information between autonomous systems (AS) on the Internet. It determines the best path for data packets based on policies and attributes, ensuring efficient and reliable internet routing. BGP is essential for global network connectivity.
Networking utilizes various cable types, including twisted-pair (Cat5e, Cat6, Cat6a) and fiber optic. Twisted-pair cables transmit data via electrical signals, while fiber optic uses light. Cable selection depends on bandwidth requirements, distance limitations, and environmental factors.
Channel bonding, also known as link aggregation, combines multiple network channels—typically wireless—to create a single, higher-bandwidth connection. This increases data throughput and improves network reliability by distributing traffic across multiple links.
Cloud computing delivers on-demand access to computing resources—servers, storage, databases, networking, software, analytics—over the internet. This model enables scalability, cost efficiency, and resource optimization by shifting infrastructure management from on-premises to a third-party provider.
Coaxial cable transmits data via a central conductor surrounded by insulation and shielding, minimizing signal interference. Historically used for cable TV and 10BASE2 networks, it offers moderate bandwidth and is susceptible to signal degradation over long distances.
Dynamic Host Configuration Protocol automates IP address assignment and network configuration for devices on a TCP/IP network. It leases IP addresses, subnet masks, default gateways, and DNS server addresses, reducing administrative overhead and potential IP conflicts. Proper DHCP function is critical for network connectivity.
A Demilitarized Zone (DMZ) is a network segment positioned between an organization’s internal network and an untrusted external network, like the internet. It hosts services—web, email, DNS—intended for external access, isolating them from the internal network to mitigate security risks.
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, or any resource connected to the Internet or a private network. It translates human-readable domain names (e.g., google.com) into IP addresses, enabling network communication. DNS relies on a system of DNS servers.
Fiber optic cabling utilizes thin strands of glass or plastic to transmit data as light signals. Offering significantly higher bandwidth and longer distances than copper cabling, fiber is immune to electromagnetic interference and provides enhanced security, making it ideal for backbone networks and high-speed data transmission.
A firewall is a network security device that controls network traffic based on a defined set of rules. It examines incoming and outgoing packets, blocking or allowing them based on source/destination IP addresses, ports, and protocols. Firewalls protect networks from unauthorized access and malicious attacks.
An Internet Protocol (IP) address is a numerical label assigned to each device participating in a computer network utilizing the Internet Protocol for communication. IPv4 addresses are 32-bit, while IPv6 addresses are 128-bit, providing a significantly larger address space.
Internet Protocol Security (IPsec) is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet. It provides data confidentiality, integrity, and authentication at the network layer. IPsec is commonly used for establishing secure VPN connections and protecting sensitive network traffic.
IPv6 is the latest version of the Internet Protocol, utilizing 128-bit addresses to overcome the limitations of IPv4’s 32-bit address space. It offers enhanced security features, simplified address configuration, and improved support for mobile devices and the Internet of Things.
Jitter is the variation in latency between packets, measured as the deviation in delay times. It disrupts consistent data delivery, causing noticeable distortions in real-time communications like VoIP and video conferencing. Minimizing jitter is crucial for maintaining quality of service (QoS) in these applications.
Latency measures the delay in milliseconds for data transmission between network endpoints. It represents the time required for a packet to travel from source to destination. High latency impacts interactive applications, causing noticeable delays and reduced responsiveness. It is a critical performance metric for network troubleshooting.
Load balancing distributes network traffic across multiple servers to maximize throughput, minimize response time, and prevent overload. This technique enhances application availability and reliability by ensuring continuous service even if one server fails. It’s a critical component of scalable network infrastructure.
Loop prevention mechanisms mitigate broadcast storms caused by redundant network paths. These mechanisms detect and disable redundant links, ensuring data packets do not circulate endlessly, consuming bandwidth and degrading network performance. Effective loop prevention is critical for network stability.
The loopback address, 127.0.0.1, is a reserved IP address used for internal testing of the TCP/IP protocol stack on a host. It allows applications to communicate with themselves without utilizing physical network interfaces, verifying local network configuration.
A Media Access Control (MAC) address is a unique 48-bit hardware identifier assigned to a network interface card (NIC). It operates at the Data Link Layer (Layer 2) and is used for communication within a local network segment, enabling frame delivery to specific devices.
Multiple-Input and Multiple-Output (MIMO) is a wireless technology utilizing multiple antennas at both the transmitter and receiver to increase data throughput and range. By exploiting multipath propagation, MIMO creates multiple spatial streams, effectively multiplying the capacity of the wireless link without requiring additional bandwidth.
Maximum Transmission Unit (MTU) specifies the largest packet size permissible for transmission over a network. When a packet exceeds the MTU, it undergoes fragmentation, potentially impacting network performance. Standard Ethernet MTU is 1500 bytes.
Multicast is a one-to-many network communication method delivering data simultaneously to a selected group of recipients. Utilizing dedicated multicast IP addresses, it efficiently distributes data, reducing network congestion compared to sending individual unicast streams.
Network Address Translation modifies IP address information while in transit, typically to allow multiple devices on a private network to share a single public IP address. It enhances security by hiding internal network addresses and conserves public IPv4 address space. NAT operates at the network layer.
Network Address Translation (NAT) modifies IP address information in packet headers, enabling multiple devices on a private network to share a single public IP address. This conserves public IP addresses and provides a basic level of security by hiding internal network structure. It operates at the network layer.
A network baseline is a documented set of performance metrics—bandwidth utilization, latency, error rates—established during normal network operation. It serves as a reference point for identifying deviations, diagnosing performance issues, and validating network changes.
Network Configuration Management (NCM) encompasses the systematic process of tracking, controlling, and implementing changes to network device configurations. This includes documentation, version control, automated backups, and compliance auditing to ensure network stability, security, and consistent performance across the infrastructure.
Network documentation comprises comprehensive records of a network’s design, configuration, and operational procedures. This includes network diagrams, IP address schemes, configuration files, and maintenance logs. Accurate documentation is crucial for efficient management, troubleshooting, and disaster recovery planning.
Network Forensics is the investigation and analysis of network traffic and logs to identify the cause of security incidents, policy violations, or performance issues. It involves packet capture, data analysis, and reconstruction of events to determine the scope and impact of an incident.
Network monitoring systematically tracks network device and link performance, identifying faults, bottlenecks, and security threats. It employs tools analyzing metrics like bandwidth utilization, latency, and packet loss to ensure optimal network operation and proactive issue resolution.
Network protocols are standardized rules defining how devices exchange data across a network. These rules govern addressing, formatting, error detection, and transmission speeds. Common examples include TCP/IP, UDP, HTTP, and DNS, each serving specific communication functions within a network architecture.
Network segmentation divides a network into smaller, isolated segments. This enhances security by limiting the impact of breaches, improves performance by reducing broadcast domains, and simplifies network management through focused policies and access controls. VLANs and firewalls are common segmentation tools.
Network services are applications enabling specific network functionalities for clients. These include resource sharing, communication, and remote access. Common examples are DNS, DHCP, and web services, each utilizing specific ports and protocols to deliver their respective functions across a network infrastructure.
Network Time Protocol (NTP) synchronizes clocks across networked devices. Utilizing Coordinated Universal Time (UTC), NTP ensures accurate timestamps for logging, security auditing, and transaction ordering. It operates on UDP ports 123, querying time servers to maintain precision.
Network topology defines the physical or logical arrangement of network nodes and connections. Common topologies include bus, star, ring, and mesh, each impacting network performance, scalability, and fault tolerance. Understanding these arrangements is crucial for network design and troubleshooting.
Network virtualization abstracts network resources, creating a software-defined network environment. This allows for the creation of virtual networks, independent of physical hardware, enabling greater flexibility, scalability, and efficient resource utilization. It supports technologies like virtual machines and cloud computing.
A Network Interface Card (NIC) is a hardware component enabling a device’s connection to a network. It manages data transmission and reception, utilizing a MAC address for identification. NICs come in various form factors and support different network speeds and standards.
The Open Systems Interconnection (OSI) model is a conceptual framework describing seven distinct layers of network communication. These layers – Physical, Data Link, Network, Transport, Session, Presentation, and Application – standardize functions for interoperability between diverse networking systems and protocols.
Open Shortest Path First is a link-state routing protocol used within an autonomous system to determine the best path for data transmission. It builds a topological map of the network and dynamically adjusts to changes, providing fast convergence and efficient routing. OSPF is widely used in enterprise networks.
Power over Ethernet delivers electrical power alongside data transmission over standard Ethernet cabling. This simplifies network deployments by eliminating the need for separate power supplies for devices like IP phones, wireless access points, and security cameras, reducing cabling complexity and installation costs.
Port Forwarding is a network address translation (NAT) technique that redirects network traffic from a public IP address and port number to a specific private IP address and port number. This allows external devices to initiate connections to services hosted on a private network, such as web servers or game servers.
Power over Ethernet (PoE) delivers electrical power alongside data transmission via standard Ethernet cables. This eliminates the need for separate power supplies for devices like IP phones, security cameras, and wireless access points, simplifying installation and reducing cabling requirements.
A proxy server acts as an intermediary between clients and destination servers. It enhances security by masking internal IP addresses, improves performance through caching frequently accessed content, and enables content filtering based on organizational policies. Proxies manage client requests and server responses.
Quality of Service prioritizes network traffic to ensure critical applications receive adequate bandwidth and minimal latency. Techniques include traffic shaping, prioritization queuing, and bandwidth allocation, optimizing network performance for real-time applications like VoIP and video conferencing.
Remote Authentication Dial-In User Service (RADIUS) is a network protocol providing centralized AAA services. It authenticates users attempting network access against a database, authorizing access levels, and tracking usage for accounting purposes. RADIUS commonly secures wireless and VPN connections.
A router is a networking device that forwards data packets between different networks. Operating at Layer 3 of the OSI model, it utilizes IP addresses to determine the best path for data transmission. Routers enable communication between networks and often perform network address translation (NAT) and security functions.
SD-WAN (Software-Defined Wide Area Network) is a virtualized WAN transport utilizing software to centrally manage and optimize network traffic. It abstracts network hardware from connectivity, enabling dynamic path selection based on application requirements and cost. SD-WAN improves performance and reduces operational expenses.
Spanning Tree Protocol (STP) is a Layer 2 protocol preventing network loops in Ethernet networks. It dynamically blocks redundant paths to create a loop-free logical topology, ensuring stable data transmission and preventing broadcast storms. Multiple versions exist, each improving convergence times.
Service Set Identifier (SSID) is a 32-character alphanumeric identifier that uniquely names a wireless local area network (WLAN). It is broadcasted via beacon frames, allowing devices to discover available networks. While often used for identification, SSIDs do not provide inherent security and can be hidden, though this is not a security measure.
A subnet mask is a 32-bit number used to divide an IP address into network and host portions. It determines the network size and the maximum number of usable host addresses within that network. The mask identifies which bits represent the network and which represent the host.
Subnetting is the division of a larger IP network into smaller, logically separate subnetworks. This process improves network efficiency, enhances security, and simplifies network administration by reducing broadcast traffic and enabling more granular control over network resources.
A network switch is a Layer 2 device that connects devices within a network using MAC addresses. It learns MAC addresses and forwards data only to the intended destination port, improving network efficiency. Switches create collision domains and can support VLANs for network segmentation and enhanced security.
Terminal Access Controller Access-Control System Plus (TACACS+) is a network protocol delivering AAA services, primarily for Cisco devices. It provides granular control over user access and network resources through authentication, authorization, and accounting functions.
Transmission Control Protocol is a connection-oriented protocol ensuring reliable data transmission. It establishes a connection using a three-way handshake, provides ordered delivery, and incorporates error checking mechanisms like checksums and acknowledgements to guarantee data integrity during network communication.
The TCP/IP model is a suite of communication protocols used to interconnect network devices on the internet. Consisting of four layers – Network Access, Internet, Transport, and Application – it provides a practical, implementation-focused alternative to the more theoretical OSI model.
Throughput represents the actual rate of successful data delivery over a network connection, measured in bits per second (bps). It differs from bandwidth, which is the theoretical maximum capacity. Throughput is affected by factors like network congestion, overhead, and hardware limitations, resulting in a lower practical data transfer rate.
A troubleshooting methodology is a structured, systematic approach to identifying and resolving network problems. It typically involves problem definition, data collection, hypothesis development, testing, solution implementation, and documentation. Effective methodology minimizes downtime and ensures efficient issue resolution.
User Datagram Protocol is a connectionless protocol offering faster, but less reliable, data transmission. It lacks the overhead of connection establishment and error recovery, making it suitable for applications where speed is prioritized over guaranteed delivery, such as streaming media and online gaming.
A Virtual LAN (VLAN) is a logical grouping of network devices that allows network administrators to segment a physical network into multiple broadcast domains. This enhances security, simplifies network management, and improves network performance by reducing broadcast traffic.
Virtualization creates abstracted, software-defined versions of physical IT resources—servers, storage, networks, and operating systems—allowing multiple virtual instances to run concurrently on a single physical host. This maximizes resource utilization, improves scalability, and reduces capital expenditure.
A Virtual LAN (VLAN) is a logically segmented broadcast domain within a physical network, operating at Layer 2. VLANs enhance security, simplify network administration, and improve performance by isolating traffic. They are configured on switches to group ports, regardless of physical location, into distinct networks.
Variable Length Subnet Masking (VLSM) optimizes IP address allocation by employing different subnet masks for varying network segment sizes. This technique avoids address wastage inherent in fixed-length subnetting, enabling efficient network design and resource utilization. It’s essential for complex network environments.
Voice over Internet Protocol (VoIP) transmits voice communications over an IP network using packet switching. This technology converts analog voice signals into digital data packets for transmission, offering cost savings and integration with other IP-based services.
A Virtual Private Network (VPN) creates a secure, encrypted connection over a public network like the internet. It enables remote users to securely access private network resources as if directly connected. VPNs protect data confidentiality and integrity by tunneling traffic through an encrypted pathway, masking the user’s IP address.
A Wide Area Network extends network connectivity across large geographical distances, typically utilizing technologies like MPLS, SD-WAN, or dedicated circuits. WANs connect multiple LANs, enabling communication between geographically dispersed locations and remote users.
Wired Equivalent Privacy (WEP) is an outdated wireless security protocol utilizing the RC4 stream cipher. It was designed to provide confidentiality comparable to wired networks but contains critical flaws. WEP is easily compromised due to its short initialization vector (IV) and weak key scheduling algorithm, rendering it insecure.
A Wireless Access Point (WAP) extends a wired network, enabling wireless devices to connect using radio waves. It functions as a bridge, translating wireless signals to wired signals and vice versa. WAPs broadcast a Service Set Identifier (SSID) to identify the network and manage wireless connections.
Wireless encryption secures wireless communication by encoding data transmitted over the air, preventing unauthorized access and eavesdropping. Encryption protocols like WPA2 and WPA3 protect the confidentiality and integrity of wireless network traffic. It’s fundamental to wireless network security.
The 802.11 family defines WLAN standards, each offering varying data rates, frequencies, and modulation techniques. These standards dictate how wireless devices communicate, with newer versions like 802.11ax (Wi-Fi 6) providing increased speed and efficiency through technologies like OFDMA and MU-MIMO.
The 802.11 family defines standards for Wireless Local Area Networks (WLANs). Successive iterations (a/b/g/n/ac/ax/be) introduce improvements in speed, range, and security. These standards operate on different frequency bands (2.4 GHz, 5 GHz, 6 GHz) and utilize various modulation techniques.
Wi-Fi Protected Access 3 (WPA3) is the latest wireless security standard, offering enhanced protection against brute-force attacks. It mandates Protected Management Frames (PMF) for increased robustness and introduces Simultaneous Authentication of Equals (SAE), replacing the WPA2 pre-shared key (PSK) exchange with a more secure handshake.
We're adding new exams every week. Let us know what you're studying for, and we'll bump it up our priority list! (Typical turnaround: 2-3 days)
Your feedback has been submitted successfully. We appreciate your help in making Cert Sensei better!