Shulou(Shulou.com)06/02 Report--

1. What is BIOS? How to enter BIOS?

BIOS: basic input and output system, generally press DEL or F2 to enter the BIOS setup program.

two。 What is a virtual machine?

A virtual machine is a software program running on a computer, which simulates computer hardware functions to provide an independent computer environment for other software programs.

3. Virtual machine operation mode (architecture)?

1) sojourn structure

Installed as an application on the operating system, multiple operating systems can be installed on this application

2) Native architecture

The virtual machine software is installed directly on the computer hardware, and the virtual machine itself is an operating system.

4.IP address function, composition, classification?

1) function: the network address used to identify a node

2) composition: network bit + host bit, 32 bits, represented by 4 decimal numbers, used in between. Separate (dotted decimal)

3) Classification:

A1-127 network + master

B 128-191 net + Network + Master + Master

C 192-223 network + master

D 224-239 Multicast (Multicast)

E 240-255 Scientific Research

4) default subnet mask

Class A 255.0.0.0

Class B 255.255.0.0

Class C 255.255.255.0

5. Alternate configuration private IP address?

169.254.0.1-169.254.255.254 with a subnet mask of 255.255.0.0

6. Private address range:

Category A 10.0.0.1 ~ 10.255.255.254

Category B 172.16.0.1 ~ 172.31.255.254

Class C 192.168.0.1 ~ 192.168.255.254

7. Common built-in user accounts

1) Administrator (administrator user) default administrator user. This account cannot be deleted. Rename it for security reasons.

2) Guest (Guest user) is disabled by default and is available for temporary use by users who do not have an account. It has only limited permissions.

What is the meaning of 8.ALP rules?

Adding local users to local groups and finally assigning permissions to local groups is called ALP rules (meaning of ALP rules)

9. Commonly used file system

FAT32 、 NTFS 、 XFS 、 ext2/ext3/ext4

10. How to access shared folders

1) browse through "Network" ("Network Discovery" must be enabled)

2) through the UNC path:\ server address\ share name

3) Mapping network drive: net use H: (drive letter:)\ server IP\ share name

11. What is a printing device and what is a printer?

1) Printing device (physical):

Also known as a physical printer, a hardware device used for printing

2) Printer (logical):

Also known as logical printers, software added for the use of printing devices

twelve。 Advantages of dynamic disk

Compared with the basic disk, it has stronger scalability, high reliability and high read and write performance.

13. Characteristics of five kinds of dynamic disks

Volume type disk number of available storage number of performance failover

One simple volume is all unchanged.

32 spanned volumes are all unchanged

Belt volume 2-32 all read and write promote many none

Mirror volume 2 half read promotion, write drop, support fault tolerance, the general operating system on this volume has

RAID-5 volume 332 disks-1 read promotion, write drop, support fault tolerance, fast reading speed, general data on this volume are

"Windows Services and Security"

1. What is a domain?

The computers in the network are logically organized together for centralized management. the environment of centralized management is called domain.

two。 What is a domain controller (DC)?

In a domain, there is at least one domain controller, the user account and security database of the entire domain are kept in the domain controller, and a computer with an active directory is called a domain controller, and the domain administrator can control the behavior of each domain user.

3. What is the active Directory (AD)?

Active Directory: a directory database that stores information about objects throughout the Windows network. It is also a service that can perform various operations on the data in the active directory.

What is the default GPO?

Default Domain Policy (Default Domain Policy)

Default Domain Controller Policy (Default Domain Controllers Policy)

5. Command to open local security policy

Secpol.msc

6. Forced refresh policy

Gpupdate / force

7. What is the order in which Group Policy is applied?

L S D OU

Local Group Policy site domain OU (organizational unit)

If the parent OU conflicts with the child OU, the child OU takes effect

8. What is DNS and its function?

DNS (Domain Name System) domain name system

Function: domain name is resolved to IP address, IP address is resolved to domain name.

9.DNS common resource records

A (host): forward resource record

PTR (pointer): reverse resource record

MX (Mail Exchange): Mail server

CNAME (alias): other FQDN name of a server (FQDN: fully qualified domain name)

10. What are subdomains and delegates, and what's the difference between the two?

Subdomains: you can create subdomains in the zone to expand the domain name space

Delegate: delegate subdomains to other servers for maintenance

The difference between subdomains and delegates:

The resources of the child domain are in the parent zone file, and the authoritative server of the child domain is the authoritative server of the parent zone.

Delegate a separate zone file to assign a new authoritative server to the new domain

11.FTP download and upload data command

Get, mget (download multiple)

Put, mput (upload multiple)

twelve。 What is FTP and port number?

FTP is a file transfer protocol

Port numbers 21 (control connection) and 20 (data connection) of TCP

"basic network construction"

What is the line sequence of 1.T568b T568a?

T568B: White orange, orange, white green, blue, white blue, green, white brown, brown

T568A: White green, green, white orange, blue, white blue, orange, white brown, brown

What is the structure and function of an 2.IP address?

Structure: ip address is divided into network bits and host bits, which are distinguished by subnet mask; length 32bit

Function: within a certain range, the only one that represents a network device

What is the structure and function of 3.MAC addresses?

Structure: the first half is the manufacturer code and the second half is divided into the manufacturer custom number, the length is 48bit

Role: globally, the only one that represents a network hardware device

What is the purpose of 4.ARP?

Based on the IP address, the corresponding MAC address is obtained in order to realize the fast encapsulation of the data frame.

5. Based on the difference of line order, what are the common types of network cables?

Straight-through line: the line order at both ends is the same, for example, both sides are T568A or T568B

Cross line: T568A line sequence on one side and T568B line sequence on the other

Reverse line (also known as full reverse line): the order of the lines on both sides, completely opposite.

6. Under what circumstances is the crossing line used?

Use a crossover when connecting the same type of device. Special case: the router connects to the PC using the crossover.

7. What is exchange?

Communication within the same network segment is called "switching"

8. How does the switch work?

1) form the MAC address table

When the switch receives a data frame on a port, it associates the source MAC address in the data frame with the incoming port to form an MAC address table entry (provided there is no source address entry in the MAC table)

2) find the MAC address table

The switch compares the destination MAC address in the data frame with the MAC address table entry. If the corresponding entry can be found, it is forwarded based on the port; if no corresponding entry is found, it is broadcast (that is, sent from a port other than the incoming port)

9. What is routing?

Communication between different network segments is called "routing"

What is the difference between 10.TCP and UDP?

TCP links are stable, but link establishment is time-consuming and delayed.

UDP transmits data quickly, but it is easy to lose data and is unstable.

What are the categories of 11.IP addresses?

Category A-0277

Category B-128 # 191

Category C-192 / 223

Category D-2240239

Category E-240,255

What is the 12.IP private address space?

Category A: 10.0.0.0-10.255.255.255

Category B: 172.16.0.0-172.31.255.255

Class C: 192.168.0.0-192.168.255.255

Category D: 239.0.0.0-239.255.255.255

"Network Construction of small and medium-sized Enterprises"

1. What is VLAN?

VLAN, which refers to virtual local area network, is a two-layer technology. Broadcast domain isolation can be achieved on the switch. Thus, the impact of data broadcast storm on the switching network can be reduced, the difficulty of network management can be reduced, and the flexible expansion of network scale can be realized.

What is the difference between a 2.Trunk link and an Access link?

Trunk links can support data forwarding for multiple VLAN at the same time, and data carry VLAN tags (except native vlan: VLAN1)

Access links can only transmit data from one VLAN at a time, and the data sent and received are untagged.

3. What is the hybrid port in a Huawei switch?

Hybrid port, called hybrid / promiscuous port. Is the default mode for Huawei switch ports.

It can realize not only the function of access link, but also the function of trunk link.

The label carried by the data forwarded on the port can be flexibly controlled.

4. What is the STP protocol?

STP, which refers to spanning Tree Protocol.

Function: when there are redundant links in layer 2 network, it is used to prevent the occurrence of layer 2 data forwarding loop.

5. Describe how STP works

How it works: by default, the switch starts the STP function. After power on, the BPDU is sent and compared with each other with the connected switch to ensure that there is only one shortest, loop-free, layer 2 data forwarding path to any device in the network.

The specific process is as follows:

A. first determine the role of the switch: root switch and non-root switch

B. second, determine the role of the port: root port, designated port and non-designated port

C, finally determine the status of the port: down (off), listening (listening), learning (learning), forwarding (forwarding), blocking (blocking)

What is the election principle for the 6.STP root switch?

Determine by comparing the BID (bridge ID) of each switch.

First of all, compare the priorities. The smaller the value, the better. The default value is 32768.

If the priority is the same, compare the MAC addresses in it. The smaller the value, the better.

What are the encapsulation protocols for 7.Trunk links?

802.1Q and ISL.

802.1Q is a public standard that adds 4 bytes to the original data

ISL is a Cisco proprietary protocol that adds 30 bytes to the original data

8. How does a router work?

After receiving the packet, make a "routing table" entry based on the destination IP address in the IP header

If the match is successful, it will be forwarded on the corresponding interface; if the match fails, the packet will be discarded

9. What is a gateway?

That is, the exit when one network segment goes to another.

10. What is SVI?

SVI, which refers to the switched virtual port, represents the layer 3 IP interface corresponding to a VLAN, which is generally used as the gateway IP for all member hosts in the VLAN.

What are the types of 11.STP?

802.1D-STP, spanning Tree Protocol

802.1W-RSTP, Rapid spanning Tree Protocol

802.1S-MSTP, multiple spanning Tree Protocol

What is the convergence time of 12.STP?

30s~50s

What are the roles and status of switch ports in 13.RSTP?

-Port role

Root port, designated port, alternate port (replaced by root port), backup port (designated port backed up)

-Port statu

Learning: learning status; forwarding: forwarding status; discarding: discarding status

What is the purpose of 14.GVRP?

GVRP, the generic VLAN registration protocol, is a public protocol.

It is mainly used to automatically synchronize VLAN information between switches to ensure the consistency of the VLAN information database on the switch.

What is the purpose of 15.DHCP?

By setting up a DHCP server, it automatically assigns IP addresses and other related parameters to the terminal host, so as to realize the batch allocation and management of IP addresses and improve the management efficiency.

16.RIP is divided into several versions. How does it work?

RIP is divided into RIPv1 and RIPv2

Principle:

A. After the router runs the RIP protocol, it periodically sends RIP update messages on the port where the process is started to ensure that the RIP databases saved between the routers are fully synchronized.

B. After receiving the RIP message, the router will put it into the RIP database and select the best route entry to put into the routing table.

C. When the network changes, RIP will quickly send update messages to notify other RIP routers. Used to ensure the stability and connectivity of the entire network.

Summarize the differences between RIPv1 and RIPv2:

1.RIPv1 is a classful routing protocol and RIPv2 is a classless routing protocol.

2.RIPv1 does not support VLSM,RIPv2 can support VLSM (variable length subnet mask)

3.RIPv1 does not have the function of authentication, RIPv2 can support authentication, and there are both plaintext and MD5 authentication

4.RIPv1 does not have the function of manual summarization. RIPv2 can do manual summarization on the premise of turning off automatic summarization.

5.RIPv1 is broadcast update (255.255.255.255 broadcast), RIPv2 is multicast update (224.0.0.9 multicast)

6.RIPv1 does not tag routes. RIPv2 can mark routes (tag) for filtering and policy.

The updata sent by 7.RIPv1 can carry a maximum of 25 route entries, and RIPv2 can only carry a maximum of 24 routes with authentication.

There is no next-hop attribute in the updata packet sent by 8.RIPv1. RIPv2 has a next-hop attribute, which can be reset with routing updates.

"large-scale enterprise network construction"

What is the purpose of 1.VRRP?

VRRP, which refers to the virtual gateway redundancy protocol.

The function is to form virtual gateway IP addresses between different gateway devices, so as to achieve backup redundancy between gateway devices and enhance the stability of the gateway.

What is the purpose of 2.NAT?

NAT, which refers to network address translation

The function is to realize the translation between the private IP address of the internal network and the public IP address of the external network, so as to realize the interworking between the internal network and the external network. at the same time, it can hide the structure of the internal network and enhance the security of the network.

What are the types of 3.NAT?

Static NAT,

Dynamic NAT, in which the package also contains the commonly used PNAT (port NAT)

What are the roles and types of 4.ACL and the differences?

ACL, which refers to access control lists

Function: match the interested traffic and filter the traffic with tools

Classification: basic ACL, extended ACL and named ACL.

Difference:

Basic ACL can only match the source IP address in the IP header

The extended ACL can match both the source IP address and the destination IP address in the IP header, as well as the content of the transport layer protocol, and control the traffic more accurately.

Naming ACL defines the ACL by the list name instead of the list number, and also includes both standard and extended lists. The named ACL can also be used to delete individual control entries from a particular ACL, making it easy for network administrators to modify the ACL.

What is the purpose of 5.OSPF?

OSPF, which refers to the open shortest path first protocol.

The function is to quickly form a shortest, loop-free, three-layer forwarding path within the corporate network.

What is the working process of 6.OSPF?

# first build the OSPF adjacency table

# second, synchronize OSPF database

# finally calculate the OSPF routing table

What is the status of 7.OSPF establishing neighbors?

# down, port does not have OSPF protocol enabled

# init, initialization status

# two-way, two-way communication status

# exstart, exchange initialization status

# exchange, exchange status

# loading, loading status

# full, full adjacency status

Which layer of OSI does 8.OSPF belong to? How do you express it? What are the message types?

OSPF belongs to OSI layer 3, and the protocol number is 89

The message types are:

Hello: hello package for neighbor establishment, maintenance and demolition

DBD: database description message, used to achieve reliable database synchronization

LSU: link-state update message used to send update entries in the database

LSR: link-state request message, which is used to request entries in the database

LSAck: link-state acknowledgement message, which is used to realize the acknowledgement of LSU and LSR messages and to realize the reliable transmission of messages

What is the size of the 9.IPv6 address space and how to express it?

The IPv6 address is represented by 128binary bits, so it is 2 to the 128th power

The representation is: the colon is divided into hexadecimal.

What is the purpose of 10.OSPF virtual links?

The purpose of OSPF virtual links is to connect non-backbone areas to area 0.

What are the special areas of 11.OSPF?

Stub region

Totally stub region

NSSA region

Totally NSSA region

Advanced routing switching and Security

Which layer of the OSI model does 1.BGP belong to?

BGP is located at layer 7 of OSI and the socket is TCP 179.

What is the purpose of 2.BGP?

It is mainly used between different networks to realize the flexible control of routing.

What is the internal anti-ring mechanism of 3.BGP?

IBGP split horizontally.

It means that routes received from an internal BGP neighbor will not be sent to another IBGP neighbor again.

4. What are the solutions for split horizon for IBGP neighbors?

# the first solution: full interconnection of IBGP neighbors

# the second solution: IBGP Alliance

# third solution: IBGP routing reflector

Which tables are included in 5.BGP?

# BGP neighbor Table

# BGP database

# BGP routing Table

What is the purpose of 6.QOS?

Classify the traffic in the network according to certain rules, and reserve and guarantee the bandwidth of these traffic, so as to ensure the efficient and low-latency forwarding of interested traffic in the network.

7. A brief introduction to the contents of ASA firewall CONN table quintuple

Source IP address, destination IP address, source port number, destination port number, TCP/UDP protocol

What is the default rule to follow when accessing between 8.ASA Firewall inside and outside interfaces?

Allow outbound (outbound) connections, prohibit inbound (inbound) connections

9. A brief introduction to the concept and function of DMZ region

DMZ is known as the "zone of separation", also known as the "demilitarized zone".

Is a network area between the enterprise's internal network and the external network, where you can place servers that must be exposed, such as Web servers, FTP servers, forums, and so on.

10. Describe the role of the following configuration commands

Asa (config) # object network inside

Asa (config-network-object) # subnet 10.1.1.0 255.255.255.0

Asa (config-network-object) # nat (inside,outside) dynamic 172.16.1.200

Answer: ASA Firewall dynamic PAT configuration command

11. A brief description of the default security zone of Huawei firewall

Untrust (untrusted Zone): the security level is 5 and is commonly used to define Internet traffic.

DMZ (demilitarized zone): security level 50, usually used to define the zone where the server is located.

Trust (trusted Zone): security level 85, which is usually used to define the zone in which the intranet is located.

Local (local zone): security level 100. this area mainly defines the traffic initiated by the device itself, or the traffic arriving at the device itself. For example, Telnet, SNMP, NTP, IPsec × × and other traffic.

"Network security"

1. Brief introduction of DoS * *

DoS (denial of Service) refers to the situation in which the target system crashes, loses response, and is unable to provide services or access resources in any way.

Flood methods are common in DoS, such as SYN Flood and Ping Flood.

SYN Flood *: using the principle of three-way handshake in TCP protocol, a large number of SYN with forged source IP addresses are sent. Every time the server receives a SYN, it allocates core memory for the connection information and puts it in a semi-connection queue, and then returns SYN+ACK to the source address and waits for the source end to return ACK. Because the source address is bogus, the source never returns an ACK. If too many SYN are received in a short period of time, the semi-connection queue will overflow and the operating system will discard some connection information. In this way, the SYN request connection sent by the normal customer will also be discarded by the server.

Ping Flood * *: by sending a large number of data packets to the target, the other party's network is blocked and the bandwidth is exhausted, thus unable to provide normal services.

two。 A brief introduction to the definition of × ×

Virtual Private Network (Virtual Private Network) is a protected connection established between two network entities, which can be connected directly through a point-to-point link or through an Internet.

3. A brief introduction of asymmetric encryption algorithm

Asymmetric encryption algorithm uses two different keys, public key and private key, for encryption and decryption.

Data encrypted with one key can only be decrypted by another key, and another key cannot be derived from one key.

4. A brief introduction of stage 1 and stage 2 of IPSec × ×

IPSec uses ISAKMP/IKE phase 1 to build a secure management connection, which is just a preparation and is not used to transfer actual data. Before configuration, it is necessary to make clear how the device implements authentication, which encryption and authentication algorithm to use, which DH group to use and so on.

ISAKMP/IKE phase 2 is used to establish secure data connections, which are used to transmit real user data. It needs to be clear what kind of security protocol to use before configuration, encryption or authentication algorithms should be used for specific security protocols, and data transmission mode (tunnel mode or transmission mode) and so on.

A brief introduction to the Security Protocol of ISAKMP/IKE Phase 2

The security protocols of ISAKMP/IKE Phase 2 include AH protocol and ESP protocol.

AH protocol only implements authentication function, not encryption function.

ESP protocol has both authentication function and encryption function.

Brief introduction of IDS and IPS

* Detection system (Intrusion Detection System,IDS) discovers * * behaviors (alarms) but does not deal with them accordingly.

* Protection system (Intrusion Prevention System,IPS) discovers the * * behavior and defends it accordingly.

"Management and maintenance of CVM"

1. Create a new connection using nmcli and configure it with parameters such as static IP address

Nmcli connection add con-name "connection name" ifname "interface name" type ethernetnmcli connection modify "connection name" IP address / mask length default gateway "nmcli connection modify" connection name "ipv4.dns DNS server address connection.autoconnect yesnmcli connection up" connection name

two。 Briefly describe the use of Linux directory /, / boot, / home, / root, / bin, / dev, / etc

/: the root directory of the entire Linux file system

/ boot: stores files such as system kernel, startup menu configuration, etc.

/ home: the default home directory for ordinary users (subdirectory with the same name)

/ root: administrator's home directory

/ bin, / sbin: store system commands and executable programs

/ dev: store various device files

/ etc: stores various system configurations and system service configuration files

3. Use Linux command line wildcards,? The role of

Any number of arbitrary characters

?: single character

Specify the available yum software source vim / etc/yum.conf for CentOS series Linux hosts

.. ..

Gpgcheck = 0 / / disable software signature checking

Yum-config-manager-URL URL of add-repo software source / / add new configuration yum repolist / / confirm warehouse list

5. How to set the ownership and access rights of a document

Set document attribution:

Chown-R owner: generic group documentation... chown-R generic master documentation... chown-R: generic group documentation.

Set document permissions:

The chmod-R ugoa+-=rwx documentation outlines the process of deploying a vsftpd server on a CentOS series Linux host

1) install the package yum-y install vsftpd

2) configuration

Useradd username / / add login account for FTP user passwd username / / set login password for user

3) start the server

Systemctl restart vsftpd / / Open the service program systemctl enable vsftpd / / set up to run this service automatically after boot

What does 7.RAID array mean? comparison of the characteristics of RAID0, RAID1, RAID10, RAID5 and RAID6

RAID0: stripe mode with at least 2 disks to improve efficiency through concurrent read and write

RAID1: mirror mode, with at least 2 disks. Improve the reliability of disk devices through mirror backup.

RAID10: stripe + mirror mode, equivalent to RAID1+RAID0, with at least 4 disks, with higher reading and writing efficiency and reliability

RAID5: cost-effective mode, with at least 3 disks, of which 1 disk capacity is used to store recovery check data RAID6: equivalent to the extended version of RAID5, at least 4 disks, of which 2 disk capacity is used to store recovery check data

8. Quickly add new virtual hosts when configuring httpd site servers

1) create a separate configuration file for each virtual host and put it in the / etc/httpd/conf.d/ directory. The name of the configuration file ends with .conf

2) configure.. .. Section tags, where the statement ServerName specifies the site name and the DocumentRoot specifies the web page directory

3) then restart the httpd service

9. The difference between dynamic web pages and static web pages, aiming at the conditions that httpd platform needs to support PHP programs.

Static web page: the web page file accessed by the browser is the web page file provided by the server

Dynamic web page: the web page file accessed by the browser is dynamically generated by the program specified by the server to support PHP program: install httpd, php software packages

10. Briefly describe the process of deploying an enterprise's website to Aliyun ECS

ECS is Aliyun's elastic computing service, which is commonly referred to as a cloud server.

Cloud process on a website based on ECS CVM:

1) sign up for Aliyun account

2) choose and purchase a foreign ECS server, charge for time or usage, and configure security group policy to open port 80.

3) choose and purchase a website domain name, and set the resolution target to the public network IP address of the purchased ECS

4) complete the website filing (optional)

5) prepare the documents of the enterprise's website and upload them to the Web directory of the ECS server

6) visit the corporate website through the selected domain name from the Internet

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.