Cloud Network

Networking | Support | Tricks | Troubleshoot | Tips

Buymecoffe

Buy Me A Coffee

Thursday, October 10, 2019

Active Directory Interview Questions and Answers

October 10, 2019
 Active Directory Interview Questions and Answers

Q :- Mention what is Active Directory?
Ans :- An active directory is a directory structure used on Micro-soft Windows based servers and computers to store data and information about networks and domains. 
 or
Active Directory (AD) is a directory service developed by Microsoft and used to store objects like User, Computer, printer, Network information, It facilitate to manage your network effectively with multiple Domain Controllers in different location with AD database, able to manage/change AD from any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with multiple geographical location and authenticates users and computers in a Windows domain

Q :- Mention what are the new features in Active Directory (AD) of Windows server 2012?
Ans :- dcpromo (Domain Controller Promoter) with improved wizard: It allows you to view all the steps and review the detailed results during the installation process
    Enhanced Administrative Center: Compared to the earlier version of active directory, the administrative center is well designed in Windows 2012. The exchange management console is well designed

    Recycle bin goes GUI: In windows server 12, there are now many ways to enable the active directory recycle bin through the GUI in the Active Directory Administrative Center, which was not possible with the earlier version

    Fine grained password policies (FGPP): In windows server 12 implementing FGPP is much easier compared to an earlier  It allows you to create different password policies in the same domain

    Windows Power Shell History Viewer: You can view the Windows PowerShell commands that relates to the actions you execute in the Active Directory Administrative Center UI

Q :- Mention which is the default protocol used in Directory Services?
Ans :- The default protocol used in directory services is
LDAP ( Lightweight Directory Access Protocol).

Q :- What is Tree?
Ans :- Tree is a hierarchical arrangement of windows Domain that share a contiguous name space


Q :- Explain the term FOREST in AD?
Ans :- Forest is used to define an assembly of AD domains that share a single schema for the AD.  All DC’s in the forest share this schema and is replicated in a hierarchical fashion among them.

Q :- How to check which server holds which role?
Ans :- Netdom query FSMO

Q :- Explain what is SYSVOL?
Ans :- The SysVOL folder keeps the server’s copy of the domain’s public files.  The contents such as users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the domain.

Q :- Mention what system state data contains?
Ans :- System state data contains
    Contains startup files
    Registry
    Com + Registration Database
    Memory page file
    System files
    AD information
    SYSVOL Folder
    Cluster service information


Q :- Mention what is PDC emulator and how would one know whether PDC emulator is working or not?
Ans :- PDC Emulators: There is one PDC emulator per domain, and when there is a failed authentication attempt, it is forwarded to PDC emulator.  It acts as a “tie-breaker” and it controls the time sync across the domain.

These are the parameters through which we can know whether PDC emulator is working or not.

    Time is not syncing
    User’s accounts are not locked out
    Windows NT BDCs are not getting updates
    If pre-windows 2000 computers are unable to change their passwords.


Q :- Mention what are lingering objects?
Ans :- Lingering objects can exists if a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime (TSL).

Q :- Mention what is TOMBSTONE lifetime?
Ans :- Tombstone lifetime in an Active Directory determines how long a deleted object is retained in Active Directory.  The deleted objects in Active Directory is stored in a special object referred as TOMBSTONE.  Usually, windows will use a 60- day tombstone lifetime if time is not set in the forest configuration.



Q :- Explain what is Active Directory Schema?
Ans :-Schema is an active directory component describes all the attributes and objects that the directory service uses to store data.

Q :- Explain what is a child DC?
Ans :- CDC or child DC is a sub domain controller under root domain controller which share name space

Q :- Explain what is RID Master?
Ans :- RID master stands for Relative Identifier for assigning unique IDs to the object created in AD.


Q :- Mention what are the components of AD?
Ans :- Components of AD includes

    Logical Structure: Trees, Forest, Domains and OU
    Physical Structures: Domain controller and Sites

Q :- Explain what is Infrastructure Master?
Ans :- Infrastructure Master is accountable for updating information about the user and group and global catalogue.







Access Control List (ACL) Interview Questions and Answers

October 10, 2019
Access Control List (ACL) Interview Questions and Answers

 Q :- What is Access control list ?
Ans :- ACLs are basically a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface.
When activating an ACL on an interface, you must specify in which direction the traffic should be filtered:
Inbound (as the traffic comes into an interface)
Outbound (before the traffic exits an interface)
Inbound ACLs:
Incoming packets are processed before they are routed to an outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet will be discarded after it is denied by the filtering tests. If the packet is permitted by the tests, it is processed for routing.
Outbound ACLs:
Incoming packets are routed to the outbound interface and then processed through the outbound ACL.

 Q :- Universal fact about Access control list?
Ans :- ACLs come in two varieties:Numbered and named
-Each of these references to ACLs supports two types of filtering: standard and extended.
-Standard IP ACLs can filter only on the source IP address inside a packet.
-Whereas an extended IP ACLs can filter on the source and destination IP addresses in the packet.
-There are two actions an ACL can take: permit or deny.
-Statements are processed top-down.
-Once a match is found, no further statements are processed—therefore, order is important.
-If no match is found, the imaginary implicit deny statement at the end of the ACL drops the packet.
-An ACL should have at least one permit statement; otherwise, all traffic will be dropped because of the hidden implicit deny statement at the end of every ACL.
-No matter what type of ACL you use, though, you can have only one ACL per protocol, per interface, per direction. For example, you can have one IP ACL inbound on an interface and another IP ACL outbound on an interface, but you cannot have two inbound IP ACLs on the same interface.

 Q :- Standard ACLs?
Ans :- A standard IP ACL is simple; it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic.

 Q :- Extended ACLs?
Ans :- An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.
 Q :- Named ACLs?
Ans :- One of the disadvantages of using IP standard and IP extended ACLs is that you reference them by number, which is not too descriptive of its use. With a named ACL, this is not the case because you can name your ACL with a descriptive name. The ACL named DenyMike is a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP extended named ACLs.

Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list.

 Q :- Placement of ACLs?
Ans :- Standard ACLs should be placed as close to the destination devices as possible.
Extended ACLs should be placed as close to the source devices as possible.

 Q :- Access Attacks?
Ans :- An access attack occurs when someone tries to gain unauthorized access to a component, tries to gain unauthorized access to information on a component, or increases their privileges on a network component. Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

Q :- DoS Attacks?
Ans :- DoS attacks involve an adversary reducing the level of operation or service, preventing access to, or completely crashing a network component or service.

Q :- Password attack threat-mitigation methods?
Ans :- A security risk lies in the fact that passwords are stored as plaintext. You need to encrypt passwords to overcome risks. On most systems, passwords are processed through an encryption algorithm that generates a one-way hash on passwords. You cannot reverse a one-way hash back to its original text. Most systems do not decrypt the stored password during authentication; they store the one-way hash. During the login process, you supply an account and password, and the password encryption algorithm generates a one-way hash. The algorithm compares this hash to the hash stored on the system. If the hashes are the same, the algorithm assumes that the user supplied the proper password.

Remember that passing the password through an algorithm results in a password hash. The hash is not the encrypted password, but rather a result of the algorithm. The strength of the hash is that the hash value can be recreated only with the original user and password information and that retrieving the original information from the hash is impossible. This strength makes hashes perfect for encoding passwords for storage. In granting authorization, the hashes, rather than the plain password, are calculated and compared.


 Q :- Password Attacks?
Ans :- A password attack usually refers to repeated attempts to identify a user account, password, or both. These repeated attempts are called brute-force attacks. Password attacks are implemented using other methods, too, including Trojan horse programs, IP spoofing, and packet sniffers.

 Q :- Password attack threat-mitigation methods include these guidelines?
Ans :- Do not allow users to have the same password on multiple systems. Most users have the same password for each system they access, as well as for their personal systems.
Disable accounts after a specific number of unsuccessful logins. This practice helps to prevent continuous password attempts.
Do not use plaintext passwords. Use either a one-time password (OTP) or an encrypted password.
Use strong passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters. Many systems now provide strong password support and can restrict users to strong passwords only.

 Q :- Password Authentication Protocol?
Ans :- Password Authentication Protocol (PAP) The Password Authentication Protocol sends the user’s username and password in plain text. It is very insecure because someone can analyze and interpret the logon traffic. This is the authentication protocol used by the basic authentication method mentioned previously.

 Q :- Challenge Handshake Authentication Protocol?
Ans :- Challenge Handshake Authentication Protocol (CHAP) With the Challenge Handshake Authentication Protocol, the server sends a client a challenge (a key), which is combined with the user’s password. Both the user’s password and the challenge are run through the MD5 hashing algorithm (a formula), which generates a hash value, or mathematical answer, and that hash value is sent to the server for authentication. The server uses the same key to create a hash value with the password stored on the server and then compares the resulting value with the hash value sent by the client. If the two hash values are the same, the client has supplied the correct password. The benefit is that the user’s credentials have not been passed on the wire at all.

 Q :- Microsoft Challenge Handshake Authentication Protocol MS-CHAP
Ans :- Microsoft Challenge Handshake Authentication Protocol MS-CHAP uses the Microsoft Point-to-Point Encryption (MPPE) protocol along with MS-CHAP to encrypt all traffic from the client to the server. MS-CHAP is a distinction of the CHAP authentication protocol and uses MD4 as the hashing algorithm versus MD5 used by CHAP.

 Q :- MS-CHAPv2
Ans :- MS-CHAPv2 With MS-CHAP version 2 the authentication method has been extended to authenticate both the client and the server. MS-CHAPv2 also uses stronger encryption keys than CHAP and MS-CHAP.

 Q :- Extensible Authentication Protocol (EAP)
Ans :- Extensible Authentication Protocol (EAP) The Extensible Authentication Protocol allows for multiple logon methods such as smartcard logon, certificates, Kerberos, and public-key authentication. EAP is also frequently used with RADIUS, which is a central authentication service that can be used by RAS, wireless, or VPN solutions.




Tuesday, October 1, 2019

SBI New Service Charges Started from 1st Oct-2019: ATM Withdrawal

October 01, 2019
SBI New Service Charges Started from 1st Oct-2019: ATM Withdrawal

SBI New Service Charges Started from 1st Oct-2019: ATM Withdrawal - AMB - Cash Deposits Everything You Want to Know 



  • Non-Maintenance of Average Monthly Balance (AMB)
    1 A customer can withdraw up to ₹50,000 at non-home branches.
    2 Charges for transactions beyond the free limit ( ₹per transaction) ₹50/- + GST
    3 SBI offers its customers 3.50% interest rates on savings deposit balance of up to ₹1 lakh.

    and Above ₹1 lakh, the interest rate levied on savings balance is 3%.
    4 '3' free cash deposit transactions in a month, after that the bank will charge Rs 50+GST


    Metro & Urban Center branches
    S No AMB Charged per Month
    1 Rs. 3,000 shortfalls by 50 per cent then Rs 10 + GST
    2 Below > Rs. 3,000 shortfalls by 50-70 per cent then Rs 12 + GST
    3 Below >> Rs. 3,000 shortfalls by 70 per cent then Rs 15 + GST

    SBI account holder needs to maintain an average monthly balance of ₹3,000 for metro




    Semi-Urban Center branches
    S No AMB Charged per Month
    1 Rs. 2,000 shortfalls by 50 per cent then Rs 7.5 + GST
    2 Below > Rs. 2,000 shortfalls by 50-70 per cent then Rs 10 + GST
    3 Below >> Rs. 2,000 shortfalls by 70 per cent then Rs 12 + GST

    SBI account holder needs to maintain an average monthly balance of ₹1,000 for semi ubran




    Rural Center branches
    S No AMB Charged per Month
    1 Rs. 1,000 shortfalls by 50 per cent then Rs 5 + GST
    2 Below > Rs. 2,000 shortfalls by 50-70 per cent then Rs 7.5 + GST

    SBI account holder needs to maintain an average monthly balance of ₹1,000 for Rural




    This Rule is Only for Saving Account
    S No Metro, Semi-Urban & Rural Areas Charged per Month
    1 Upto Rs. 25,000 Rs 2 + GST
    2 Above Rs. 25,000 to Rs. 50,000 Rs 10 + GST
    3 Above Rs. 50,000 to Rs. 1 Lakhs Rs 15 + GST
    4 Above Rs. 1 Lakhs Unlimited Free Cash Withdrew at Any Bank/ATM




    NEFT Transaction at Branches
    S No Metro, Semi-Urban & Rural Areas Charged per Month
    1 Upto Rs. 10,000 Rs 2 + GST
    2 Above Rs. 10,000 to Rs. 1 Lakh Rs 4 + GST
    3 Above Rs. 1 Lakh to 2 Lakh Rs 12 + GST
    4 Above Rs. 2 Lakh Rs 20 + GST




    RTGS Transaction at Branches
    S No Metro, Semi-Urban & Rural Areas Charged per Month
    1 Above Rs. 2 Lakh to 5 Lakh Rs 20 + GST
    2 Above Rs. 5 Lakh Rs 40 + GST




    Cash Withdrawals
    S No Metro, Semi-Urban & Rural Areas Monthly
    1 Below Rs. 25,000 2 Free Cash Withdrew at Any Bank/ATM
    2 Rs. 25,000 to Rs. 50,000 10 Free Cash Withdrew at Any Bank/ATM
    3 Rs. 50,000 to Rs. 1 Lakhs 15 Free Cash Withdrew at Any Bank/ATM
    4 Above Rs. 1 Lakhs Unlimited Free Cash Withdrew at Any Bank/ATM




    For More Details Check Out Here : https://www.onlinesbi.com/








Monday, September 30, 2019

How to Install Python 3.7.4 and PiP on CentOS 8

September 30, 2019
How to Install Python 3.7.4 and PiP on CentOS 8
To Check Python Version or If Pervious Install
Step1 :- python3 --version
                or
         python3.7 --version




To Set Default Python
Step2 :- sudo alternatives --config python
You need to select '2' option i.e., type '2' hit enter

To Check Without typing Version of python
Step3 :-  python --version




Now PiP
To Check PiP Version
Step4 :- pip3 --version 
            or
         pip3.7 --version

To Set Default pip
Step5 :- alias pip=pip3

To Check Without typing Version of python
Step6 :-  pip --version










That's it...

What are the Basics of VM Networking ?

September 30, 2019
What are the Basics of VM Networking ?

Two Basic of VM Networking, they are
1. Network Interface Cards and 2. Virtual LANs
VM Networking
Improves Components 
network speed network interface cards
reliability virtual LANs
flexibility software-defined networking and
scalability virtual switches
security
productivity  and
efficiency

VMware NSX

Enable your virtual cloud network to connect and protect applications across your data center, multi-cloud, bare metal, and container infrastructure. VMware NSX Data Center delivers a complete L2-L7 networking and security virtualization platform — providing you with the agility, automation, and dramatic cost savings that come with a software-only solution.

VMware NSX is the VMware SDN network virtualization and security platform that emerged from VMware after they acquired Nicira in 2012. This acquisition launched VMware into the software-defined networking (SDN)  and network functions virtualization (NFV) world.

The solution de-couples the network functions from the physical devices, in a way that is analogous to de-coupling virtual servers (VMs) from physical servers. In order to de-couple the new virtual network from the traditional physical network, NSX natively re-creates the traditional network constructs in virtual space — these constructs include ports, switches, routers, firewalls, etc.

In the past, everyone knew what these things were. It was possible to see and touch the switch port that a server connects to, but now, this isn’t possible. Fundamentally, these constructs still exist with VMware NSX, but it is no longer possible to touch them. It is this reason, the virtual network is sometimes harder to conceptualize.

There are two different product editions of NSX: NSX for vSphere and NSX for Multi-Hypervisor (MH). It’s speculated they will merge down the road, but for many possible, or soon to be, users of NSX, it doesn’t matter, because they are used to support different use cases. NSX for vSphere is ideal for VMware environments, while NSX for MH is designed to integrate into cloud environments that leverage open standards, such as OpenStack.

Microsegmentation

Micro-segmentation software uses network virtualization technology to create increasingly granular secure zones in data centers and cloud deployments, which isolate each individual workload and secure it separately.

Micro-segmentation is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. Micro-segmentation enables IT to deploy flexible security policies deep inside a data center using network virtualization technology instead of installing multiple physical firewalls. Also, micro-segmentation can be used to protect every virtual machine (VM) in an enterprise network with policy-driven, application-level security controls. Because security policies are applied to separate workloads, micro-segmentation software can significantly bolster a company’s resistance to attack.


Virtual private network (VPN)
A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.  VPN technology is widely used in corporate environments.

Virtual switch

A virtual switch (vSwitch) is a software application that allows communication between virtual machines. A vSwitch does more than just forward data packets, it intelligently directs the communication on a network by checking data packets before moving them to a destination.

Virtual switches are usually embedded into installed software, but they may also be included in a server’s hardware as part of its firmware. A virtual switch is completely virtual and can connect to a network interface card (NIC). The vSwitch merges physical switches into a single logical switch. This helps to increase bandwidth and create an active mesh between server and switches.

Network functions virtualization (NFV) 
Network functions virtualization (also network function virtualization or NFV)[1] is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.

NFV relies upon, but differs from, traditional server-virtualization techniques, such as those used in enterprise IT. A virtualized network function, or VNF, may consist of one or more virtual machines running different software and processes, on top of standard high-volume servers, switches and storage devices, or even cloud computing infrastructure, instead of having custom hardware appliances for each network function.

For example, a virtual session border controller could be deployed to protect a network without the typical cost and complexity of obtaining and installing physical network protection units. Other examples of NFV include virtualized load balancers, firewalls, intrusion detection devices and WAN accelerators.