Shailesh Kumar Tiwari

Hello, everyone. My name is. I'm living in Mumbai. I have completed my bachelor of engineering from Lokmanya Tilak College of Engineering, Navi Mumbai, and I scored 8.28 as a CGPA. Coming to my family background, my family consists of five members, including me. My father is a hawker, and my mother is a housewife. I have a total of 7 years of experience in the network security domain. Currently, I'm working in Accenture India. I am working on different technologies like firewalls, IPS, SD-WAN, and load balancing. Coming to my responsibilities, which I carried out, is like doing implementation support and doing some POCs for the customers to understand their pain areas and to suggest them the proper solution. So this is all about myself.

so by like if we have an on-premises setup and we want to move to an AWS or SDN solution, we will migrate from our on-premises network to AWS using different technologies like VPN and others that are used to easily migrate from on-premises to AWS. There, we can have different stuff like network and DNA zones where we can migrate all the on-premises data center to AWS, which is easy because hardware and all other issues are automated on the cloud. Their memory and CPU of the server or hardware appliances are already maintained by them, so it's easy to implement and integrate in a few steps. That's easy by using different technologies, we can rapidly migrate our network to an SDN solution or in the AWS cloud.

Yeah, so regarding the architecture of an enterprise, we will segregate the subnet based on departments, like the sales team, HR team, and technical team, by doing a VLAN. This means there will be segregation such that if a user in the technical department wants to communicate with the sales department, they should use a different IP address and cross security devices like firewalls and other technologies in between. This will segregate traffic and make it easy to manage. Let's suppose an entity has two segments; we can segregate them by putting a firewall at the edge and creating a VLAN on the switches, so that we have proper segregation to travel traffic from south to north and from east to west. This will help address this kind of architecture.

So, for this kind of requirement, to have VLAN segregation on a cloud environment, such as AWS or Azure, we will segregate the users' applications into different availability zones by using VLANs. We will segregate the traffic, for example, from segment A to segment B if they wanted to communicate. By putting a firewall in place, it will be easy to segregate them, and it will be easy to manage. It means it is very easy to handle and automate the network deployment. It will be useful to segregate the VLAN segmentation in that case. In AWS and Azure environments, we will create VLANs, and under that, we will segregate traffic based on its nature.

Yeah, so for any network, if we have to create any network, that needs to be recommended from a CISSP compliance perspective, like if the design is appropriate and has redundancy. If any critical device goes down, we should have a redundant device or redundant service that can take over when one of the services goes down. The main idea behind validating from a CISSP compliant perspective is to verify loopholes in the network to ensure high availability. There should be redundancy in terms of service, in terms of power supply, so that the service will not be disturbed and will be running 24/7. We will also have a service contract with the vendor, like if any hardware appliance gets damaged or disturbed, we should raise an RMA and it will arrange for the RMA box to be taken to the data center, where it will be replaced. In brief, if we talk about the strategy, the network strategy should be efficient in terms of the availability of servers, the availability of any services hosted, which should not be interrupted in any case. If any firmware upgrade or patching or vulnerability patching is needed, it should be taken care of as soon as possible without any service disturbance.

So for this question, from land and van infrastructure to distribute the workforce using Azure networking services. In that case, we should have an optimized solution to segregate the land and van zones. Whenever the user, or the cloud user, wanted to communicate from land to van, the traffic should travel from the land zone to the public network, and then to the van zone. This should be done in an optimized way. I mean, there should be no complexity in the cloud network services. It's always recommended to have an optimized solution for the land and van infrastructure, so the design is simple and has efficiency in that. And also, it should be integrated. There should be no problem with the user services. In Azure network services, we have many tools that, by using those, we can optimize this infrastructure efficiently, and the traffic will not get interrupted if any of the devices have a problem.

For regarding this import 3 configuration, large configuration, DRAM, config, large updated version, host name, router C. Dev gets router match host names in a shell. Config with merge, returns merge group, else returns none. Name, get host Get host name. Host name is equal to this, which will get host name. That's called group. It's a match. It's on match group. Print the host name. Here, the match condition is, whatever it's mentioned, it's host name slash s and then bracket s. So that is not a good way to match the criteria because host name and then there is a space. So after that, only the host name of the router is mentioned. To get this detail, I mean, to print that particular host name, the slashes are not recommended, meaning by removing that particular point here. So by doing that, it will be easy to get it, meaning we can get it.

Examining the JavaScript function, that should print ping. If a network request takes less than 200 minutes, pong if it is more than 200. This there seems to be a logic error about what is it and how it should be corrected. Here, the exclamation mark, is not recommend is not required because it, at it is it is a kind of not symbol, which is showing, the response time is not less than 200 MS, it will ping. Else, it will. So that is the issue here. So that need to be rectified.

Yeah. So for this question, for a network architecture that supports AWS and Azure, you are adhering to the CCI network standard, we should have a proper CCI network architecture where, like, a LAN zone is different, a DMZ zone is different, and cloud, DMZ, and production, development zones. So those zones should be segregated in both scenarios, along with that, the traffic flow needs to be segregated, whenever traffic is coming from a LAN zone towards the zone that needs to be inspected before it comes in and out. That is also adhering to our CCI network standard. Along with that, we should have an approach to deploy a global architecture for Azure and AWS connectivity. It's always recommended to have the CCI network standard based on AWS and Azure. This is going to be AWS and Azure that need to be deployed on a global network architecture that is being used in both AWS and Azure.

How would you leverage script Python to automate network configuration task on both end? So by taking Python script, we can automate the configuration of the task, like doing a backup. we will run a script that need to be taken care. And, also, based on their requirement, we can use Python script, and we can we can like a Sorry. Configuration of task for both AWS and Azure. So, means there are, many Python scripts we can, like, we can give a static IP address to AWS and Azure, and, we can run a backup script. And, yeah. So that is all about.

Yeah, so this is a very interesting question. So, a monitoring tool is always necessary in the network team, in the network, like to have a proactive approach to protect information from the network perspective. If there is any issue with any of the devices, like if a device is down or an interface is down or CPU utilization is high or memory utilization is high, so let's suppose in the network, we have a hundred plus devices. It is not possible to monitor all of the devices at the same time. So, it's always better to have one monitoring tool, like SolarWinds, which can monitor device health status and alarm us when there is a problem with a device, so we can take action before a big issue occurs with that particular device. As per the network perspective, it is always good to have any monitoring tool so that a network administrator team can take proactive steps before a serious issue happens. There are many things we can monitor, such as device status up and down, interface status, CPU performance status, CPU and memory utilization, and also the virtual server status if there is a load balancer, and the VPN status if there is a VPN device in our network. We can also monitor link bandwidth, like if we have a one-gig link and the traffic is going through that particular link beyond 1 Gbps. That should trigger a warning before performance degradation on that particular link occurs. So, it is always recommended to have a good monitoring tool that triggers before any big issue in the network. So, yeah.