- OSI model
- A seven-layer framework for network communication: Physical, Data Link, Network, Transport, Session, Presentation, Application (L1→L7).
- OSI Layer 1
- Physical — bits on the medium: cables, connectors, radio, voltage, hubs, NICs, repeaters.
- OSI Layer 2
- Data Link — local (MAC) addressing and framing on the link. Switches, bridges, 802.3, 802.11. PDU: frame.
- OSI Layer 3
- Network — logical addressing and routing between networks. IP, ICMP, routers. PDU: packet.
- OSI Layer 4
- Transport — end-to-end delivery, segmentation, and ports. TCP and UDP. PDU: segment/datagram.
- OSI Layer 5
- Session — establishes, manages, and terminates sessions between applications (RPC, NetBIOS).
- OSI Layer 6
- Presentation — translation, encryption/decryption, and compression (TLS, ASCII, JPEG).
- OSI Layer 7
- Application — user-facing network services and protocols (HTTP, FTP, DNS, SMTP).
- OSI mnemonic (L7→L1)
- All People Seem To Need Data Processing (Application, Presentation, Session, Transport, Network, Data Link, Physical).
- Encapsulation
- Adding each layer's header to data as it moves down the stack: data → segment → packet → frame → bits.
- PDU (Protocol Data Unit)
- The data unit at each OSI layer: bits (L1), frame (L2), packet (L3), segment/datagram (L4).
- TCP
- Transmission Control Protocol — connection-oriented, reliable Layer 4 protocol using a three-way handshake, sequencing, acknowledgments, and retransmission.
- UDP
- User Datagram Protocol — connectionless, best-effort Layer 4 protocol with low overhead; no handshake or acknowledgments.
- TCP three-way handshake
- SYN → SYN-ACK → ACK. Establishes a reliable TCP connection before data flows.
- TCP vs UDP
- TCP is reliable and connection-oriented (web, email, SSH); UDP is fast and connectionless (DNS, DHCP, VoIP, streaming).
- IPv4 address
- A 32-bit logical address written as four dotted-decimal octets (e.g., 192.168.1.10), split into network and host portions.
- IPv6 address
- A 128-bit address written in eight groups of hexadecimal (e.g., 2001:db8::1); vastly larger space, no NAT needed.
- Subnet mask
- Marks which bits of an IP address are the network portion (1s) and which are the host portion (0s).
- CIDR notation
- Classless Inter-Domain Routing — a slash and number (e.g., /24) showing how many leading bits are the network portion.
- Usable hosts formula
- Usable hosts = 2 raised to the number of host bits − 2 (subtract the network and broadcast addresses).
- /24 subnet
- Mask 255.255.255.0; 8 host bits; 254 usable hosts.
- /30 subnet
- Mask 255.255.255.252; 2 host bits; 2 usable hosts — common for point-to-point links.
- Default gateway
- The router IP a host sends traffic to when the destination is on a different subnet.
- Private IP ranges (RFC 1918)
- 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 — internal use only, not internet-routable.
- APIPA
- Automatic Private IP Addressing (169.254.0.0/16); self-assigned when no DHCP server responds — a DHCP-failure clue.
- Loopback address
- 127.0.0.1 (127.0.0.0/8) — tests the local TCP/IP stack on the host itself.
- Broadcast address
- The last address in a subnet (all host bits = 1); reaches every host on that subnet.
- Network address
- The first address in a subnet (all host bits = 0); identifies the subnet itself, not a host.
- Port 20/21 (FTP)
- File Transfer Protocol — 20 is data, 21 is control. TCP. Unencrypted.
- Port 22 (SSH)
- Secure Shell / SFTP / SCP — encrypted remote access and file transfer. TCP.
- Port 23 (Telnet)
- Remote terminal access, unencrypted — avoid; use SSH instead. TCP.
- Port 25 (SMTP)
- Simple Mail Transfer Protocol — sending email. TCP.
- Port 53 (DNS)
- Domain Name System — name resolution. UDP (TCP for zone transfers / large responses).
- Port 67/68 (DHCP)
- Dynamic Host Configuration Protocol — 67 server, 68 client. UDP.
- Port 69 (TFTP)
- Trivial File Transfer Protocol — simple, no authentication. UDP.
- Port 80 (HTTP)
- Hypertext Transfer Protocol — unencrypted web. TCP.
- Port 123 (NTP)
- Network Time Protocol — clock synchronization. UDP.
- Port 161/162 (SNMP)
- Simple Network Management Protocol — 161 polling, 162 traps. UDP.
- Port 389 (LDAP)
- Lightweight Directory Access Protocol — directory services. TCP/UDP.
- Port 443 (HTTPS)
- HTTP over TLS — encrypted web traffic. TCP.
- Port 445 (SMB)
- Server Message Block — Windows file and printer sharing. TCP.
- Port 514 (Syslog)
- Syslog — centralized event logging. UDP.
- Port 636 (LDAPS)
- LDAP over TLS — secure directory services. TCP.
- Port 3389 (RDP)
- Remote Desktop Protocol — Windows remote graphical access. TCP.
- ICMP
- Internet Control Message Protocol — Layer 3 messaging used by ping and traceroute for errors and diagnostics.
- Twisted-pair copper
- Cat 5e/6/6a/8 cabling; cheap and common, limited to about 100 m per run.
- Single-mode fiber (SMF)
- Fiber with a tiny core and a laser source; carries signals over very long distances.
- Multimode fiber (MMF)
- Fiber with a larger core and LED/VCSEL source; high speed over shorter distances.
- RJ45 connector
- The 8-pin connector used to terminate twisted-pair copper Ethernet cable.
- SFP / SFP+ / QSFP
- Hot-swappable transceiver modules that connect a device to fiber or copper at various speeds.
- Star topology
- All nodes connect to a central switch; simple, but the central device is a single point of failure.
- Mesh topology
- Many or all nodes interconnect; maximum redundancy but expensive and complex.
- Spine-and-leaf
- A data-center fabric where each leaf switch connects to every spine switch; predictable low latency.
- Three-tier architecture
- Core (fast backbone), distribution (policy/routing), and access (end-device connection) layers.
- Collapsed core
- A design that merges the core and distribution layers into one for smaller networks.
- North-south traffic
- Traffic between clients and servers, in and out of the data center (client ↔ server).
- East-west traffic
- Traffic between servers within the data center (server ↔ server).
- SDN
- Software-Defined Networking — separates the control plane (decisions) from the data plane (forwarding), managed centrally in software.
- SD-WAN
- Software-Defined WAN — uses software to manage and optimize traffic across multiple WAN links (broadband, MPLS, LTE).
- SASE
- Secure Access Service Edge — converges networking (SD-WAN) and security services in the cloud.
- IaaS / PaaS / SaaS
- Cloud service models: Infrastructure, Platform, and Software as a Service — increasing levels of provider management.
- Public / private / hybrid cloud
- Deployment models: shared provider, dedicated/internal, or a mix of both.
- Infrastructure as code (IaC)
- Managing and provisioning network/device configuration through version-controlled code instead of manual setup.
- VPC
- Virtual Private Cloud — an isolated, logically segmented network within a public cloud provider.
- MTU
- Maximum Transmission Unit — the largest frame size that can be sent without fragmentation (typically 1500 bytes for Ethernet).
- Router
- A Layer 3 device that forwards packets between different networks using IP addresses and a routing table.
- Switch
- A Layer 2 device that forwards frames within a network using MAC addresses and a MAC address table.
- Layer 3 switch
- A switch that also performs routing in hardware, including inter-VLAN routing.
- Hub
- An obsolete Layer 1 device that repeats incoming bits to every port, creating one collision domain.
- MAC address
- A 48-bit hardware address burned into a NIC, used for Layer 2 delivery on the local link.
- ARP
- Address Resolution Protocol — maps a known IPv4 address to its MAC address on the local network.
- Static routing
- Manually configured routes; predictable and low-overhead, but no automatic adaptation to changes.
- Dynamic routing
- Routes learned automatically via protocols (OSPF, EIGRP, BGP, RIP) that adapt to topology changes.
- OSPF
- Open Shortest Path First — a fast link-state interior gateway protocol using cost (bandwidth) as its metric.
- BGP
- Border Gateway Protocol — the path-vector exterior gateway protocol that routes between autonomous systems on the internet.
- EIGRP
- Enhanced Interior Gateway Routing Protocol — Cisco's advanced distance-vector IGP using a composite metric.
- RIP
- Routing Information Protocol — a simple distance-vector IGP using hop count (max 15); rarely used today.
- Administrative distance
- A router's trust ranking of routing sources; lower is preferred when multiple protocols offer a route.
- NAT
- Network Address Translation — maps private IP addresses to public ones at the network edge.
- PAT
- Port Address Translation (NAT overload) — lets many private hosts share one public IP using unique port numbers.
- FHRP (VRRP/HSRP)
- First Hop Redundancy Protocols — provide a redundant default gateway so the network survives a router failure.
- VLAN
- Virtual LAN — a logical Layer 2 segment that splits one switch into multiple broadcast domains.
- 802.1Q
- The IEEE standard that tags Ethernet frames with a VLAN ID so VLANs span trunk links between switches.
- Trunk port
- A switch port that carries traffic for multiple VLANs (tagged with 802.1Q) between switches.
- Access port
- A switch port that belongs to a single VLAN and connects to an end device.
- Native VLAN
- The VLAN whose traffic is sent untagged across a trunk link.
- Inter-VLAN routing
- Routing between VLANs using a router-on-a-stick (subinterfaces) or a Layer 3 switch (SVIs).
- STP
- Spanning Tree Protocol — prevents Layer 2 loops by electing a root bridge and blocking redundant paths.
- RSTP (802.1w)
- Rapid Spanning Tree Protocol — a faster-converging version of STP.
- Root bridge
- The switch with the lowest bridge ID; the reference point STP uses to build a loop-free topology.
- Link aggregation (LACP)
- Bundling multiple physical links into one logical link for more bandwidth and redundancy (IEEE 802.3ad).
- Port mirroring (SPAN)
- Copies traffic from one or more ports to a monitoring port for analysis.
- PoE (802.3af/at/bt)
- Power over Ethernet — delivers electrical power and data over a single cable to APs, phones, and cameras.
- Jumbo frames
- Ethernet frames larger than the standard 1500-byte MTU (up to ~9000 bytes); improve throughput for storage networks.
- 802.11 standards
- The IEEE wireless LAN family: a/b/g/n (Wi-Fi 4)/ac (Wi-Fi 5)/ax (Wi-Fi 6/6E).
- Wi-Fi 6 (802.11ax)
- The current mainstream Wi-Fi standard; works on 2.4/5 GHz (and 6 GHz as 6E) with higher efficiency in dense areas.
- 2.4 GHz band
- Longer range and better penetration but slower; only channels 1, 6, 11 are non-overlapping — congested.
- 5 GHz band
- Faster with many non-overlapping channels but shorter range than 2.4 GHz.
- CSMA/CA
- Carrier-Sense Multiple Access with Collision Avoidance — the wireless access method (collisions can't be detected on air).
- SSID
- Service Set Identifier — the human-readable name of a wireless network.
- WPA2
- Wi-Fi Protected Access 2 — uses AES (CCMP); the older secure standard, vulnerable to offline PSK guessing.
- WPA3
- The current Wi-Fi security standard; uses SAE to resist offline guessing and adds forward secrecy.
- WEP
- Wired Equivalent Privacy — an obsolete, easily cracked wireless encryption; never use it.
- IDF / MDF
- Intermediate and Main Distribution Frames — wiring closets where cabling and equipment are terminated.
- UPS
- Uninterruptible Power Supply — battery backup that keeps equipment running through power interruptions.
- DHCP
- Dynamic Host Configuration Protocol — automatically assigns IP, mask, gateway, and DNS to clients.
- DORA
- The DHCP exchange: Discover, Offer, Request, Acknowledge.
- DHCP relay (IP helper)
- Forwards DHCP requests across subnets to a centralized DHCP server.
- DNS
- Domain Name System — resolves human-readable names to IP addresses using a hierarchy of servers.
- DNS A record
- Maps a hostname to an IPv4 address.
- DNS AAAA record
- Maps a hostname to an IPv6 address.
- DNS CNAME record
- An alias that points one name to another canonical name.
- DNS MX record
- Specifies the mail server(s) for a domain.
- DNS PTR record
- Maps an IP address back to a hostname (reverse DNS).
- DNS NS record
- Identifies the authoritative name servers for a domain.
- SNMP
- Simple Network Management Protocol — monitors and manages devices; manager polls UDP 161, agents send traps on UDP 162.
- SNMPv3
- The secure version of SNMP, adding authentication and encryption; prefer it over v1/v2c.
- Syslog
- A standard for centralized event/error logging from network devices (UDP 514).
- NetFlow / flow data
- Records traffic flows so you can analyze who is sending how much data and to where.
- SIEM
- Security Information and Event Management — aggregates and correlates logs/alerts across the network.
- Baseline
- A reference of normal performance/behavior used to detect anomalies later.
- Logical network diagram
- Shows IP addressing, VLANs, routing, and data flow — the network's logical structure.
- Physical network diagram
- Shows actual devices, ports, and cabling — racks, runs, and connections.
- IPAM
- IP Address Management — tools/processes for tracking and assigning IP address space.
- SLA
- Service Level Agreement — a contract defining expected uptime, performance, and support response.
- High availability (HA)
- Designing systems with redundancy so a single failure does not cause an outage.
- Active-active
- A redundancy model where multiple nodes share the load simultaneously.
- Active-passive
- A redundancy model where a standby node takes over only when the active node fails.
- RTO
- Recovery Time Objective — the maximum acceptable time to restore service after an outage.
- RPO
- Recovery Point Objective — the maximum acceptable amount of data loss (how far back you recover).
- MTTR
- Mean Time To Repair — the average time to fix a failed component.
- MTBF
- Mean Time Between Failures — the average operating time between failures (a reliability measure).
- NAC
- Network Access Control — enforces policy (posture, identity) before a device is allowed onto the network.
- 802.1X
- Port-based network access control that authenticates a device before granting network access (often via RADIUS).
- Port security
- A switch feature limiting which/how many MAC addresses may use a port, defending against MAC flooding.
- EOL / EOS
- End of Life / End of Support — lifecycle milestones after which a product no longer receives updates.
- CIA triad
- Confidentiality, Integrity, and Availability — the three core goals of information security.
- Confidentiality
- Ensuring information is accessible only to authorized parties (e.g., via encryption).
- Integrity
- Ensuring data is not altered without authorization (e.g., via hashing).
- Availability
- Ensuring systems and data are accessible when needed (e.g., via redundancy).
- AAA
- Authentication, Authorization, and Accounting — who you are, what you can do, and logging it.
- RADIUS
- Remote Authentication Dial-In User Service — a common AAA protocol; often used with 802.1X.
- TACACS+
- A Cisco AAA protocol that separates authentication, authorization, and accounting and encrypts the full payload.
- Zero trust
- A model that trusts no user or device by default and verifies every access request (NIST SP 800-207).
- Least privilege
- Granting users and systems only the access they actually need.
- Defense in depth
- Layering multiple security controls so no single failure exposes the network.
- MFA
- Multi-Factor Authentication — requiring two or more factors (something you know/have/are).
- Firewall
- A device or software that permits or blocks traffic based on rules.
- Stateful firewall
- Tracks the state of active connections and allows return traffic for established sessions.
- Stateless firewall
- Filters each packet independently against rules, without tracking connection state.
- ACL
- Access Control List — an ordered set of permit/deny rules filtering traffic by address, port, or protocol.
- VPN
- Virtual Private Network — an encrypted tunnel carrying private traffic across a public network.
- IPsec
- A suite securing IP traffic with authentication (AH) and encryption (ESP); common for site-to-site VPNs.
- Site-to-site VPN
- A persistent encrypted tunnel connecting two networks (e.g., two offices).
- Client (remote-access) VPN
- An encrypted tunnel from an individual device into the corporate network.
- DMZ / screened subnet
- A buffer network exposing public-facing servers while isolating them from the internal LAN.
- Network segmentation
- Dividing a network into zones so a breach in one area cannot spread freely.
- DoS attack
- Denial of Service — overwhelming a target so legitimate users cannot access it.
- DDoS attack
- Distributed Denial of Service — many compromised hosts flood a target simultaneously.
- On-path attack
- Formerly man-in-the-middle — an attacker intercepts or alters traffic between two parties.
- ARP spoofing
- Sending forged ARP replies to associate the attacker's MAC with another host's IP, enabling on-path attacks.
- DNS poisoning
- Corrupting DNS data so name lookups resolve to a malicious server.
- MAC flooding
- Overwhelming a switch's MAC table so it floods traffic, letting an attacker capture it. Countered by port security.
- VLAN hopping
- Gaining access to traffic on other VLANs (via double-tagging or switch spoofing). Counter with a unique native VLAN and disabling DTP.
- Rogue AP
- An unauthorized access point connected to the network, creating a security hole.
- Evil twin
- A malicious access point impersonating a legitimate SSID to capture credentials and traffic.
- Dynamic ARP Inspection (DAI)
- A switch feature that validates ARP packets to stop ARP spoofing.
- DHCP snooping
- A switch feature that blocks rogue DHCP servers by trusting only designated ports.
- Phishing
- A social-engineering attack tricking users into revealing credentials or clicking malicious links.
- DNSSEC
- DNS Security Extensions — adds cryptographic signatures to DNS data to prevent poisoning.
- Troubleshooting methodology
- CompTIA's 7 steps: identify the problem; theorize a cause; test it; plan; implement or escalate; verify; document.
- Step 1: Identify the problem
- Gather information, question users, identify symptoms, and determine if anything recently changed.
- Step 2: Theory of probable cause
- Question the obvious; consider multiple causes (top-down, bottom-up, or divide and conquer the OSI stack).
- Step 3: Test the theory
- Confirm the cause; if not confirmed, form a new theory or escalate.
- Step 4: Plan of action
- Establish a plan to resolve the problem and identify the potential effects of the fix.
- Step 5: Implement or escalate
- Apply the solution, or escalate to someone with more access or expertise.
- Step 6: Verify functionality
- Confirm the fix works and, if applicable, implement preventive measures.
- Step 7: Document
- Record the findings, actions, and outcomes — always the last step.
- Attenuation
- Loss of signal strength over distance; a Layer 1 cabling problem.
- Crosstalk
- Interference between adjacent wire pairs in a cable, degrading the signal.
- EMI
- Electromagnetic Interference — outside electrical noise that corrupts a copper signal; reroute away from sources.
- Duplex mismatch
- When the two ends of a link disagree on half/full duplex, causing collisions, errors, and poor throughput.
- Speed mismatch
- When link ends negotiate different speeds, causing the link to fail or perform poorly.
- TX/RX reversed
- Transmit and receive pairs are swapped, preventing the link from coming up (fixed by a crossover or auto-MDIX).
- Cable tester
- A tool that verifies continuity and wiring of a copper cable to find opens, shorts, and miswires.
- Tone generator and probe
- A 'toner' used to trace and identify a specific cable run among many.
- OTDR
- Optical Time-Domain Reflectometer — locates breaks and measures loss on fiber runs.
- Latency
- The delay for data to travel from source to destination (round-trip time).
- Jitter
- Variation in packet delay over time — especially disruptive to VoIP and video.
- Packet loss
- Packets that fail to reach the destination, caused by congestion, errors, or faulty hardware.
- Bandwidth saturation
- When a link is fully utilized, causing queuing, latency, and loss.
- CRC errors
- Cyclic Redundancy Check failures indicating corrupted frames — often from a bad cable, EMI, or duplex mismatch.
- ping
- Uses ICMP echo request/reply to test reachability and round-trip time to a host.
- traceroute / tracert
- Maps the per-hop path to a destination to find where traffic stops.
- nslookup / dig
- Query DNS to diagnose name-resolution problems.
- ipconfig / ifconfig / ip
- Show and manage a host's IP address, mask, gateway, and DNS (spot an APIPA address).
- arp -a
- Displays the local IP-to-MAC address mapping table.
- netstat
- Shows active network connections, listening ports, and protocol statistics.
- tcpdump / Wireshark
- Capture and inspect actual packets to diagnose hard problems at the protocol level.
- nmap
- A scanner that discovers hosts, open ports, and services on a network.
- iperf
- A tool that measures achievable bandwidth/throughput between two endpoints.
- Pings by IP but not by name
- A classic symptom of a DNS problem (Layers 1-3 work; name resolution fails).
- APIPA address (169.254.x.x)
- Indicates the client could not reach a DHCP server.
- Incorrect default gateway
- A misconfigured gateway lets local communication work but blocks access to other networks/the internet.
- Rogue DHCP server
- An unauthorized DHCP server handing out bad addresses; causes intermittent connectivity. Counter with DHCP snooping.
- DHCP scope exhaustion
- When all addresses in a DHCP pool are leased, new clients can't get an IP.
- Top-down vs bottom-up
- Troubleshooting approaches that work the OSI model from L7 down or L1 up to localize a fault.
- DoD / TCP-IP model layers
- Four layers: Link (Network Access), Internet, Transport, Application — maps onto the seven OSI layers.
- Unicast
- One-to-one communication: a packet sent to a single destination host.
- Broadcast
- One-to-all communication within a subnet (all hosts receive it). IPv4 only; IPv6 uses multicast instead.
- Multicast
- One-to-many communication to a group of subscribed hosts (e.g., streaming, routing updates).
- Anycast
- One-to-nearest communication: the same address is advertised from multiple locations; traffic goes to the closest.
- Classful address Class A
- 1.0.0.0–126.0.0.0, default mask /8; huge networks.
- Classful address Class B
- 128.0.0.0–191.255.0.0, default mask /16; medium networks.
- Classful address Class C
- 192.0.0.0–223.255.255.0, default mask /24; small networks.
- VLSM
- Variable Length Subnet Masking — using different mask lengths to size subnets efficiently.
- /25 subnet
- Mask 255.255.255.128; 7 host bits; 126 usable hosts; block size 128.
- /26 subnet
- Mask 255.255.255.192; 6 host bits; 62 usable hosts; block size 64.
- /27 subnet
- Mask 255.255.255.224; 5 host bits; 30 usable hosts; block size 32.
- /28 subnet
- Mask 255.255.255.240; 4 host bits; 14 usable hosts; block size 16.
- Block size shortcut
- Block size = 256 − the mask's interesting octet; subnets increment by the block size.
- IPv6 link-local
- fe80::/10 — an automatically configured address used only on the local link.
- IPv6 unique local
- fc00::/7 (commonly fd00::/8) — the IPv6 equivalent of RFC 1918 private addresses.
- SLAAC
- Stateless Address Autoconfiguration — how IPv6 hosts self-assign an address using router advertisements.
- Dual stack
- Running IPv4 and IPv6 simultaneously on the same devices during migration.
- FQDN
- Fully Qualified Domain Name — the complete name of a host including its domain (e.g., host.example.com).
- HTTP vs HTTPS
- HTTP (port 80) is unencrypted; HTTPS (port 443) wraps HTTP in TLS for confidentiality and integrity.
- POP3 / IMAP
- Email retrieval protocols — POP3 (110) downloads and often removes mail; IMAP (143) syncs mail on the server.
- Proxy server
- An intermediary that forwards client requests, providing caching, filtering, and anonymity.
- Load balancer
- Distributes incoming traffic across multiple servers for performance and availability.
- CDN
- Content Delivery Network — geographically distributed servers that cache content near users.
- IDS vs IPS
- An IDS detects and alerts on suspicious traffic; an IPS sits inline and can actively block it.
- NAS vs SAN
- NAS provides file-level storage over the LAN; a SAN provides block-level storage over a dedicated high-speed network.
- Router-on-a-stick
- Inter-VLAN routing using one physical router interface divided into VLAN subinterfaces.
- SVI
- Switched Virtual Interface — a virtual Layer 3 interface on a switch used for inter-VLAN routing.
- BPDU Guard
- Disables a port that receives a BPDU, protecting the STP topology at the edge.
- PortFast
- Lets an edge access port skip STP listening/learning and go straight to forwarding.
- Auto-MDIX
- Automatically detects and corrects cable type (straight-through vs crossover) on a port.
- Full duplex
- Both ends can transmit and receive simultaneously; no collisions on a switched link.
- Half duplex
- Only one end transmits at a time; used by hubs and shared media, prone to collisions.
- Default gateway redundancy
- Provided by FHRPs like VRRP and HSRP via a shared virtual IP.
- BSSID
- The MAC address of a wireless access point's radio, identifying a basic service set.
- ESSID
- The SSID shared by multiple APs forming one extended wireless network.
- Channel bonding
- Combining adjacent Wi-Fi channels for more bandwidth (wider channels = higher throughput).
- Omnidirectional antenna
- Radiates signal evenly in all directions; good general coverage.
- Directional (Yagi) antenna
- Focuses signal in one direction for longer-range, point-to-point links.
- WPA3-Enterprise
- WPA3 mode using 802.1X/RADIUS for individual authentication, with up to 192-bit security.
- Captive portal
- A web page that requires sign-in or acceptance before granting wireless network access.
- Wireless site survey
- Measuring signal, interference, and coverage to plan AP placement and channels.
- DTP
- Dynamic Trunking Protocol — auto-negotiates trunks; disable it to prevent VLAN hopping.
- Spanning tree root election
- STP picks the switch with the lowest bridge priority (then lowest MAC) as the root bridge.
- Quality of Service (QoS)
- Prioritizing certain traffic (e.g., VoIP) to guarantee performance under congestion.
- Traffic shaping
- Delaying lower-priority packets to smooth bandwidth use and meet QoS targets.
- Bandwidth management
- Controlling how much capacity applications or users may consume.
- Configuration management
- Tracking and controlling device configurations and changes (often version-controlled).
- Change management
- A formal process for reviewing and approving network changes to reduce risk.
- Hot site
- A fully equipped, ready-to-run backup site for fast disaster recovery.
- Cold site
- A backup site with space and power but no preinstalled equipment; slow to bring online.
- Warm site
- A backup site partially equipped; a middle ground between hot and cold.
- Full backup
- A complete copy of all selected data.
- Incremental backup
- Backs up only data changed since the last backup of any type; fast backup, slower restore.
- Differential backup
- Backs up data changed since the last full backup; slower backup, faster restore than incremental.
- DHCP reservation
- A fixed IP a DHCP server always assigns to a specific MAC address.
- DHCP lease
- The time period a client may use an assigned DHCP address before renewing.
- Network policy / AUP
- Acceptable Use Policy and related rules governing how the network may be used.
- Environmental sensors
- Monitor temperature, humidity, and power in equipment rooms to prevent failures.
- Defense control types
- Preventive, detective, and corrective controls; also physical, technical, and administrative.
- Hashing
- One-way function producing a fixed-size digest to verify integrity (e.g., SHA-256).
- Encryption (symmetric)
- Uses one shared key to encrypt and decrypt; fast (e.g., AES).
- Encryption (asymmetric)
- Uses a public/private key pair; the basis of TLS and digital signatures (e.g., RSA).
- Geofencing
- Restricting access based on a device's physical location.
- Honeypot
- A decoy system that lures attackers to study them and divert them from real assets.
- Screened subnet (DMZ) purpose
- Isolates internet-facing servers so a compromise there can't directly reach the internal LAN.
- Port-based vs MAC filtering
- 802.1X authenticates the device/user; MAC filtering allows/denies by hardware address (weak, spoofable).
- Social engineering
- Manipulating people into breaking security (phishing, pretexting, tailgating).
- Tailgating
- Following an authorized person through a secure door without credentials.
- Brute-force attack
- Trying many passwords/keys until one works; countered by lockouts and strong passwords/MFA.
- Deauthentication attack
- Forcing wireless clients off an AP, often to set up an evil twin or capture handshakes.
- Spoofing
- Faking a source identity (IP, MAC, ARP, or DNS) to bypass controls or intercept traffic.
- Posture assessment
- Checking a device's security state (patches, AV) before NAC grants access.
- Show interface counters
- CLI output revealing errors (CRC, runts, giants), drops, and utilization on a port.
- Runts and giants
- Frames smaller than the minimum or larger than the maximum size — signs of errors or duplex/MTU issues.
- Light meter (fiber)
- Measures optical power to confirm a fiber link's signal strength is within tolerance.
- Multimeter
- Measures voltage, current, and resistance; used to check cabling and power.
- Loopback plug
- A connector that loops a port's transmit to its receive to test the port itself.
- Bad SFP / transceiver
- A faulty optic causing a down or error-prone link; swap to isolate.
- Asymmetrical routing
- Traffic taking different paths each direction, which can break stateful firewalls.
- Blocked port / ACL
- A firewall rule or ACL silently dropping traffic, mimicking a connectivity outage.
- Incorrect subnet mask
- A wrong mask makes a host miscalculate local vs remote, breaking some communication.
- Wireless interference
- Overlapping channels, microwaves, or Bluetooth degrading 2.4 GHz Wi-Fi; fix with channel planning and 5 GHz.
- Captive portal not loading
- Often a DNS or HTTPS-redirect issue on a guest network.
- hostname command
- Displays or sets the device's network name.
- route / show ip route
- Displays the routing table to verify how a device reaches destinations.