701 - Chapter 3 Flashcards

1
Q

What are the seven layers of the OSI model starting from lowest to highest?

A

Physical, data link, network, transport, session, presentation, application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This layer is where the network switches reside, it format, data, and data frames and routes it between systems using their media access control addresses?

A

Data link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This layer introduces IP addresses. At this layer, routers use IP addresses to send information between systems that are not located on the same local network. The Internet protocol is the primary protocol at this layer.

A

Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This layer is all about the basic equipment of networking, copper, wires, fiber, optic cables, and radio waves?

A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This layer provides Aunt and communication services for applications. TCP and UDP exist at this layer.

A

Transport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This layer establishes, manages, and terminates sessions between applications, running on different devices, allowing them to communicate and exchange data

A

Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This layer translates data into a standard format that can be understood by the application layer and provides encryption compression and other data transformation services

A

Presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This layer provides network services to applications, allowing them to communicate with other applications over the network

A

Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This protocol provides connection oriented traffic with guaranteed delivery. It uses a three-way handshake….

A

TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This protocol provides connection sessions without a three-way handshake. It also makes a best effort to deliver data without using extra traffic to ensure delivery…

A

UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Many network based denial of service attacks, use what protocol?

A

UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This protocol identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses

A

IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This protocol tests basic connectivity and includes tools like ping and tracert?

A

Internet control message protocol ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or false blocking ICMP prevents attackers from discovering devices on a network

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It is not common to block ICMP at firewall and routers

A

False, because I often ICMP is used in attack. It has become common to block IMCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This protocol resolves IPV four addresses to Mac addresses

A

Address Resolution protocol ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Name the three protocols that are now insecure and should no longer be used to transfer data over a network?

A

FTP, trivial file transfer protocol TFTP, secure socket layer SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the designated secure replacement for SSL?

A

Transport layer security TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This protocol is used to encrypt IP traffic?

A

IPSec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This protocol encrypt data in transit and can be used to encrypt other protocols, such as FTP… what port does it use?

A

Secure shell SSH, port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This protocol is based on SSH and is used to copy encrypted files over a network?

A

Secure copy SCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

This protocol is a secure implementation of FTP and uses SSH to encrypt traffic?

A

Secure file transfer protocol SFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

This protocol is another secure implementation of FTP, it uses TLS to encrypt FTP traffic?

A

File transfer protocol secure, FTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the secure version of email protocol SMTP (port 25)? And what protocol and port does it use?

A

Simple mail transfer protocol secure SMTPS, it uses TLS encryption and uses TCP port 587

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the secure version email protocol POP3 (port 110)? And what port does it use?

A

POP3, it uses port 995

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

This email protocol is used to store email on a Mail server and it allows users to organize and manage Mail and folders on the server? And what is the secure port used for this protocol?

A

Internet message access protocol IMAP (port 143)…secure port is 993.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the secure version of HTTP (port 80)? And what port does it use?

A

HTTPS, port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the three email authentication methods that help prevent email fraud and abuse by verifying the authenticity of the sender’s domain and ensure that the emails not been modified during transit?

A

Sender policy framework SPF, domain keys identified mail DKIM, domain based message authentication reporting and conformance DMARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which email authentication method uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain?

A

SPF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which email authentication method uses public key cryptography to sign and verify and email domain and content?

A

DKIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which email authentication method builds on top of SPF and DKIM by allowing domain owners to set policies for how to handle emails that fail authentication checks and provide reporting mechanisms to monitor monitor and improve email authentication performance

A

DMARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What network device or software applications act as a barrier between an organizations, internal email system and the external Internet, filtering, incoming and outgoing emails for spam malware, and other types of threats?

A

Email gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the Microsoft directory service that provides authentication and authorization services for a network?

A

Active directory domain services AD DS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What does a AD DS use for its operations?

A

LDAP encrypted with TLS when querying the directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What port does LDAP use? And what port does LDAPS use?

A

389 and 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What protocol delivers audio and video over IP networks? And what is its secure counterpart?

A

Real time, transport protocol, RTP and secure real time transport protocol SRTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

This protocol is used to initiate maintain and terminate voice video and messaging sessions?

A

Session initiation protocol SIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are the three ways that administrators can connect to servers remotely?

A

SSH, RDP, a VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What port does RDP use?

A

TCP port 3389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the name of the suite of tools that simplifies the use of SSH to connect to remote servers securely?

A

Open SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the SSH command to create a public private key pair? And what is the SSH command that copies the public key to a remote server?

A

ssh-keygen…ssh-copy-id

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the most commonly used protocol for time synchronization?

A

Network time protocol NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What are the three IP ranges that are private and can be used to allocate with a private network? And what do routers on the Internet do when they see any traffic that’s coming from or going to a private IP address?

A

10.x.y.z, 172.16.y.z - 172.31.255.255, 192.168.y.z… they have rules to drop that traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What was created in response to exhausting all IPv4 addresses? And what is used for local addresses?

A

IPV6…fc00

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is used to resolve hostname to IP addresses?

A

Domain name system DNS

46
Q

What is it called when attacker modifies the DNS cash with a bogus IP address?

A

DNS poisoning

47
Q

What is the primary method of present preventing DNS cash poisoning called?

A

Domain name system security extensions DNSSEC

48
Q

With DNSSEC, what is added to each DNS record? And what does that do?

A

Resource record signature RRSIG… It is a digital signature, added to each record which provides data integrity and authentication for DNS replies

49
Q

What is one to one traffic called? And what is one to all traffic called? What will pass broadcast traffic between its ports and what will not pass Broadway broadcast traffic?

A

Unicast… Broadcast…a switch…a router

50
Q

What connects computers and other devices to each of its physical ports?

A

A switch

51
Q

What is the main security reason why organizations replace hubs with switches?

A

Because Uni cast traffic goes to all ports on a hub, whereas on a switch, the traffic only goes to the port referenced in the unicast

52
Q

What is a switch hardening technique that disables unused ports and/or limits the number of MAC addresses per port?

A

Port security

53
Q

What is a switch hardening technique that allows or blocks access to system by MAC address?

A

MAC filtering

54
Q

What can flood a network with traffic and effectively disable a switch? And what two protocols are used to prevent this and broadcast storm prevention from happening?

A

Switching loop or bridge loop problem… spanning tree protocol, STP or rapid STP RSTP

55
Q

What does STP send to detect switching loops in a network

A

Bridge protocol data unit BPDU messages

56
Q

What is a switch port that’s connected to a device called?

A

An edge port

57
Q

Many switches support what feature that is enabled on edge ports? And how does it work?

A

BPDU Guard… it monitors ports for any unwanted BPD messages, if it receives any, it disables the port effectively blocking a BPDU attack

58
Q

What device connects multiple network segments into a single network and route traffic between the segments? And what is the name for the segments that are separated by these devices sometimes referred to?

A

A router… broadcast domain

59
Q

What is implemented on routers and firewalls to identify what traffic is allowed and what traffic is denied?

A

Access control lists…ACL

60
Q

Router ACLs provide basic packet filtering…they filter packets on what three common characteristics?

A

IP address, ports, protocols

61
Q

What is used to block all access that has not been explicitly granted, routers and firewalls use this as the last rule and their access control list?

A

Implicit deny

62
Q

What command is used to display or modify a systems routing table on both windows and Linux systems?

A

The route command

63
Q

What protocol is used to monitor and manage network devices such as routers or switches? What version do administrators use? Why? And what port does it use?

A

Simple network management protocol SNMP…SNMPv3…it encrypt credentials before sending them over the network and is more secure than the earlier versions… UDP port 161 and 162

64
Q

What filters incoming and outgoing traffic for a single host or between networks?

A

A firewall

65
Q

Which firewall type monitors traffic going in and out of a single host such as a server or a workstation? And which firewall type protects an entire network?

A

A host based firewall…network based firewall

66
Q

True or false host based firewalls tend to be software based while network based firewalls tend to be a device?

A

True… a network based firewall is usually a network appliance

67
Q

True or false most organizations will either use host space or network-based firewalls but not both together?

A

False… The two together provide overall defense in depth

68
Q

This type of firewall rule is purely implemented on ACL’s and treats each network package that they see as a new event and does not track any information about previous network traffic?

A

Stateless firewall

69
Q

What is the rule that firewalls use at the end of the ACL to enforce an implicit deny strategy?

A

A deny any any, a deny any, or a drop all

70
Q

This type of firewall uses ACLs but also inspects traffic and makes decisions based on the traffic context or state, it keeps track of establish sessions and inspects traffic based on the state within a session and will block traffic that isn’t part of an establish session?

A

A stateful firewall

71
Q

Most modern based firewalls are of what type? What layer do they operate at? what is the commonly referred to name?

A

Stateful… transport layer… Layer 4 firewalls

72
Q

This type of firewall is specifically designed to protect a web application from a wide variety of web based
attacks and is placed between the web server and the web server clients?

A

Web application firewall WAF

73
Q

This type of firewall is specifically designed to protect a web application is placed between the web server and the web server clients?

A

Web application firewall WAF

74
Q

This type of firewall performs deep packet inspection and adds application level inspection as a core feature and is aware of common application protocols used on the Internet, such as FTP and HTTP?

A

Next generation firewall NGFW

75
Q

What is another name for WAF and NGFW? And why?

A

Layer 7 firewalls… because they can analyze information all the way through layer 7

76
Q

What is the name for an internal network? And what is the name for part of the network that can be accessed by authorize entities from outside of the network?

A

Intranet and extranet

77
Q

What is the goal of placing Systems into different zones limiting the connectivity they have to each other?

A

Reducing the attack surface

78
Q

What is the security zone between a private network and the Internet called? And what two devices in this area usually sit between?

A

A screened subnet or DMZ…two firewalls

79
Q

What is the protocol that translates public IP addresses to private IP addresses and private IP addresses back to public? And what hosts it?

A

Network address translation, NAT… network address translation gateway

80
Q

What are two benefits of NAT and one drawback?

A

Public IP addresses don’t need to be purchased for all clients, NAT hides internal computers from the Internet… NAT is not compatible with IPSec

81
Q

What is a common form of NAT?

A

Port address translation PAT

82
Q

NAT has two forms, what are they? Which one uses a single public IP address in a one to one mapping? And which one uses multiple public IP addresses in a one too many mapping?

A

Static and dynamic…static…dynamic…

83
Q

What is it called to physically isolate a network from others? And what type of systems are generally designed this way?

A

Air gap… SCADA Systems

84
Q

What is network segmentation between logical groups of users or computers called? And what can it do?

A

Virtual local area network, VLAN… It can logically group several different computers together or logically separate computers without regard to their physical location.

85
Q

What device is used when creating a VLAN?

A

A switch

86
Q

True or false VLANs can be used to separate traffic types, such as oy traffic on one VLAN and #DATA traffic on a separate VLAN

A

True

87
Q

Within a network, East West traffic refers to what? And north south traffic refers to what?

A

Traffic between servers… Traffic between clients and servers

88
Q

What is a dedicated system designed to fulfill a specific need called?

A

Network appliance

89
Q

What network appliance forwards requests for services such as HTTP or HTTPS from a client?

A

A proxy server

90
Q

What are two other functions that proxy server can perform?

A

Cashing content for performance and content filtering

91
Q

What do proxy servers use to enforce content filtering?

A

Block rules

92
Q

What is the difference between a centralized proxy server versus an agent based proxy server?

A

A centralized proxy server sits on the network in a strategic location where it can intercept and analyze user request… an agent based is where the filter resides on each users computer, that filter receives a policy from an organized central policy server regarding filtering

93
Q

What type of proxy server accepts request from the Internet, appearing as the web server, but actually is forwarding the request to the Web server and serving the pages returned by the web server?

A

Reverse proxy

94
Q

What two other functions do a reverse proxy perform?

A

It cashes the requested webpages so it can improve website performance, and it can act as a load balancer

95
Q

This type of proxy server accepts and forwards requests without modifying them? And this type of proxy server uses URL filters to restrict access to certain sites? Both of which do what?

A

Transparent… non-transparent… log user activity

96
Q

This device is a single solution that combines multiple security controls to provide better security while also simplifying management requirements?

A

Unified threat management UTM

97
Q

What are the four security controls that a UTM can provide?

A

URL filtering, malware inspection, content inspection, and DDOS mitigator

98
Q

What is a hardened device used to access and manage other devices in a different security zone called? Where is it placed on the network?

A

A jump server… it is placed between different security zones

99
Q

Why is it important that the jump server be hardened and ideally not be used for anything else?

A

Hardening the server and limiting the services that can be run on that jump server limits what an attacker can target on the server.

100
Q

What refers to the idea that we do not make trust decisions based on network location, instead we focus on implementing strong authentication systems and create policy driven access controls based upon a users identity vice their systems location?

A

Zero trust network access ZTNA

101
Q

When a user or system wants to access a resource, the zero trust environment makes that decision through what?

A

A system known as the policy enforcement point PEP

102
Q

What is when a system changes the way it ask a user to authenticate based upon the context of the request?

A

Adaptive identity authentication

103
Q

What are the two planes that a zero trust uses to divide the different types of communication?

A

Control plane and #DATA plane

104
Q

Which plane is the communications to control and configure the network occur on?

A

The control plane

105
Q

Which plane is the communications used by the end user and software to communicate with each other take place on, in other words, it contains all of all of the systems that carry out the work of the organization?

A

DATA plane

106
Q

What are two key components of the control plane called? And together, what are they known as?

A

Policy engine and policy administrator… policy decision point

107
Q

What enforces the policy decisions made for a zero trust network and is the only system allowed to cross between the control plane and the data plane?

A

Policy enforcement point

108
Q

What decides whether to grant access to a resource for a given subject and they zero trust network?

A

Policy engine

109
Q

What is responsible for communicating that decisions made by the policy engine to the policy enforcement point?

A

The policy administrator

110
Q

What are the three core components of the data plane?

A

The subject which is the user, the system which is what is used by the user to access a resource, and the enterprise resource which is what the user wants to access

111
Q

What is a design philosophy closely related to zero trust that brings together, networking and security functions and delivers them as an integrated cloud service?

A

Secure access service edge SASE