Your engineer is concerned about high CPU utilization on several of your EC2 instances. What service should you use to monitor this?
- Service Catalog
- CloudWatch
- Trusted Advisor
- Config
Even when you engage in Infrastructure as a Service (IaaS)with AWS, you are still responsible for aspects of securing the infrastructure.
By default, if no cache control header is set, each Edge Location checks for an updated version of your file whenever it receives a request more than 24 hours after the previous time it checked the origin for changes to that file. This is called the “expiration period.” You can set this expiration period to be as short as 0 seconds or as long as you’d like by setting the cache control headers on your files in your origin. Amazon CloudFront uses these cache control headers to determine how frequently it needs to check the origin for an updated version of the file. For an expiration period set to 0 seconds, Amazon CloudFront will revalidate every request with the origin server. If your files don’t change very often, it is best practice to set a long expiration period and implement a versioning system to manage updates to your files.
There are 7 OSI layers:
1) Physical Layer,
2) Data Link Layer,
3) Network Layer,
4) TransportLayer,
5) Session Layer,
6) Presentation Layer, and
7) Application Layer.
The Network layer is responsible for data routing, packet switching, and control of network
congestion. Routers operate under this layer.
Routers can connect two or more network segments. These are intelligent network devices that store information in their routing tables, such as paths, hops, and bottlenecks. With this info, they can determine the best path for data transfer. Routers operate at the OSI Network Layer.
VPN means Virtual Private Network, a technology that allows a secure tunnel to be created across a network such as the Internet. For example, VPNs allow you to establish a secure dial-up connection to a remote server.
NAT is Network Address Translation. This is a protocol that provides a way for multiple computers on a common network to share a single connection to the Internet.
Proxy servers primarily prevent external users who are identifying the IP addresses of an internal network. Without knowledge of the correct IP address, even the physical location of the network cannot be identified. Proxy servers can make a network virtually invisible to external users.
By looking at the first octet of any given IP address, you can identify whether it’s Class A, B, or C. If the first octet begins with a 0 bit, that address is Class A. If it begins with bits 10 then that address is a Class B address. If it begins with 110, then it’s a Class C network.
One major disadvantage of star topology is that once the central Hub or switch gets damaged, the entire network becomes unusable.
The main task of the ARP or Address Resolution Protocol is to map a known IP address to a MAC layer address.
Use FTP (File Transfer Protocol) for file transfers between such different servers. This is possible because FTP is platform-independent
ICMP is an Internet Control Message Protocol. It provides messaging and communication for protocols within the TCP/IP stack. This is also the protocol that manages error messages that are used by network tools such as PING
SMTP is short for Simple Mail Transfer Protocol. This protocol deals with all internal mail and provides the necessary mail delivery services on the TCP/IP protocol stack.
A VLAN is required because at the switch level. There is only one broadcast domain. It means whenever a new user is connected to switch. This information is spread throughout the network. VLAN on switch helps to create a separate broadcast domain at the switch level. It is used for security purposes.
Access VPN: Access VPN is used to provide connectivity to remote mobile users and telecommuters. It serves as an alternative to dial-up connections or ISDN (Integrated Services Digital Network) connections. It is a low-cost solution and provides a wide range of connectivity.
Site-to-Site VPN: A Site-to-Site or Router-to-Router VPN is commonly used in large companies having branches in different locations to connect the network of one office to another in different locations. There are 2 sub-categories as mentioned below:
Intranet VPN: Intranet VPN is useful for connecting remote offices in different geographical locations using shared infrastructure (internet connectivity and servers) with the same accessibility policies as a private WAN (wide area network).
Extranet VPN: Extranet VPN uses shared infrastructure over an intranet, suppliers, customers, partners, and other entities and connects them using dedicated connections.
Star Topology: All the nodes are connected to one single node known as the central node. It is more robust. If the central node fails the complete network is damaged. Easy to troubleshoot. Mainly used in home and office networks.
Ring Topology: Each node is connected to exactly two nodes forming a ring structure. If one of the nodes are damaged, it will damage the whole network. It is used very rarely as it is expensive and hard to install and manage.
Mesh Topology: Each node is connected to one or many nodes. It is robust as failure in one link only disconnects that node. It is rarely used and installation and management are difficult.
Tree Topology: A combination of star and bus topology also know as an extended bus topology. All the smaller star networks are connected to a single bus. If the main bus fails, the whole network is damaged.
Hybrid: It is a combination of different topologies to form a new topology. It helps to ignore the drawback of a particular topology and helps to pick the strengths from other.
Unicasting: If the message is sent to a single node from the source then it is known as unicasting. This is commonly used in networks to establish a new connection.
Anycasting: If the message is sent to any of the nodes from the source then it is known as anycasting. It is mainly used to get the content from any of the servers in the Content Delivery System.
Multicasting: If the message is sent to a subset of nodes from the source then it is known as multicasting. Used to send the same data to multiple receivers.
Broadcasting: If the message is sent to all the nodes in a network from a source then it is known as broadcasting. DHCP and ARP in the local network use broadcasting.
If not, the browser checks if the IP of the URL is present in the cache (browser and OS) if not then request the OS to do a DNS lookup using UDP to get the corresponding IP address of the URL from the DNS server to establish a new TCP connection.
A new TCP connection is set between the browser and the server using three-way handshaking.
An HTTP request is sent to the server using the TCP connection.
The web servers running on the Servers handle the incoming HTTP request and send the HTTP response.
The browser process the HTTP response sent by the server and may close the TCP connection or reuse the same for future requests.
If the response data is cacheable then browsers cache the same. • Browser decodes the response and renders the conten
SNMP has a simple architecture based on a client-server model.
The servers, called managers, collect and process information about devices on the network.
The clients, called agents, are any type of device or device component connected to the network. They can include not just computers, but also network switches, phones, printers, and so on.
NVRAM: stores the startup configuration file.
DRAM: stores the configuration file that is being executed.
ROM It is the bootstrap software that runs and maintains instructions for POST diagnostics.
Flash Memory: stores the Cisco IOS.
User Mode is used for regular task when using a CISCO router, such as to view system information, connecting to remote devices, and checking the status of the router. On the other hand, privileged mode includes all options that are available for User Mode, plus more. You can use this mode in order to make configurations on the router, including making tests and debugging.
In full-duplex, both the transmitting device and the receiving device can communicate simultaneously, that is, both can be transmitting and receiving at the same time. In the case of half-duplex, a device cannot receive while it is transmitting, and vice versa.
erase startup-config
C:windows\Ntds\Ntds.dit.
LDAP (Lightweight Directory Access Protocol).
The emulation drivers are mainly devices that imitate another program. In simple terms, emulation drivers are a trick to fool the device that it is some other sort of a device.
Synthetic drives are different and better than the emulation ones in their functions. They don’t imitate another program but, create another hardware complex device on a virtual platform.
Mutt is a text-based email client for Unix-like systems. It was originally written by Michael Elkins in 1995 and released under the GNU General Public License version 2 or any later version
The Mutt slogan is "All mail clients suck. This one just sucks less."
Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications that works by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1] Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.