701 - Chapter 3

Question 1

What are the seven layers of the OSI model starting from lowest to highest?

Answer 1

Physical, data link, network, transport, session, presentation, application

Question 2

This layer is where the network switches reside, it format, data, and data frames and routes it between systems using their media access control addresses?

Answer 2

Data link

Question 3

This layer introduces IP addresses. At this layer, routers use IP addresses to send information between systems that are not located on the same local network. The Internet protocol is the primary protocol at this layer.

Answer 3

Network

Question 4

This layer is all about the basic equipment of networking, copper, wires, fiber, optic cables, and radio waves?

Answer 4

Physical

Question 5

This layer provides Aunt and communication services for applications. TCP and UDP exist at this layer.

Answer 5

Transport

Question 6

This layer establishes, manages, and terminates sessions between applications, running on different devices, allowing them to communicate and exchange data

Answer 6

Session

Question 7

This layer translates data into a standard format that can be understood by the application layer and provides encryption compression and other data transformation services

Answer 7

Presentation

Question 8

This layer provides network services to applications, allowing them to communicate with other applications over the network

Answer 8

Application

Question 9

This protocol provides connection oriented traffic with guaranteed delivery. It uses a three-way handshake….

Answer 9

TCP

Question 10

This protocol provides connection sessions without a three-way handshake. It also makes a best effort to deliver data without using extra traffic to ensure delivery…

Answer 10

UDP

Question 11

Many network based denial of service attacks, use what protocol?

Answer 11

UDP

Question 12

This protocol identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses

Answer 12

IP

Question 13

This protocol tests basic connectivity and includes tools like ping and tracert?

Answer 13

Internet control message protocol ICMP

Question 14

True or false blocking ICMP prevents attackers from discovering devices on a network

Answer 14

True

Question 15

It is not common to block ICMP at firewall and routers

Answer 15

False, because I often ICMP is used in attack. It has become common to block IMCP.

Question 16

This protocol resolves IPV four addresses to Mac addresses

Answer 16

Address Resolution protocol ARP

Question 17

Name the three protocols that are now insecure and should no longer be used to transfer data over a network?

Answer 17

FTP, trivial file transfer protocol TFTP, secure socket layer SSL

Question 18

What is the designated secure replacement for SSL?

Answer 18

Transport layer security TLS

Question 19

This protocol is used to encrypt IP traffic?

Answer 19

IPSec

Question 20

This protocol encrypt data in transit and can be used to encrypt other protocols, such as FTP… what port does it use?

Answer 20

Secure shell SSH, port 22

Question 21

This protocol is based on SSH and is used to copy encrypted files over a network?

Answer 21

Secure copy SCP

Question 22

This protocol is a secure implementation of FTP and uses SSH to encrypt traffic?

Answer 22

Secure file transfer protocol SFTP

Question 23

This protocol is another secure implementation of FTP, it uses TLS to encrypt FTP traffic?

Answer 23

File transfer protocol secure, FTPS

Question 24

What is the secure version of email protocol SMTP (port 25)? And what protocol and port does it use?

Answer 24

Simple mail transfer protocol secure SMTPS, it uses TLS encryption and uses TCP port 587

Question 25

What is the secure version email protocol POP3 (port 110)? And what port does it use?

Answer 25

POP3, it uses port 995

Question 26

This email protocol is used to store email on a Mail server and it allows users to organize and manage Mail and folders on the server? And what is the secure port used for this protocol?

Answer 26

Internet message access protocol IMAP (port 143)…secure port is 993.

Question 27

What is the secure version of HTTP (port 80)? And what port does it use?

Answer 27

HTTPS, port 443

Question 28

What are the three email authentication methods that help prevent email fraud and abuse by verifying the authenticity of the sender’s domain and ensure that the emails not been modified during transit?

Answer 28

Sender policy framework SPF, domain keys identified mail DKIM, domain based message authentication reporting and conformance DMARC

Question 29

Which email authentication method uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain?

Answer 29

SPF

Question 30

Which email authentication method uses public key cryptography to sign and verify and email domain and content?

Answer 30

DKIM

Question 31

Which email authentication method builds on top of SPF and DKIM by allowing domain owners to set policies for how to handle emails that fail authentication checks and provide reporting mechanisms to monitor monitor and improve email authentication performance

Answer 31

DMARC

Question 32

What network device or software applications act as a barrier between an organizations, internal email system and the external Internet, filtering, incoming and outgoing emails for spam malware, and other types of threats?

Answer 32

Email gateway

Question 33

What is the Microsoft directory service that provides authentication and authorization services for a network?

Answer 33

Active directory domain services AD DS

Question 34

What does a AD DS use for its operations?

Answer 34

LDAP encrypted with TLS when querying the directory

Question 35

What port does LDAP use? And what port does LDAPS use?

Answer 35

389 and 636

Question 36

What protocol delivers audio and video over IP networks? And what is its secure counterpart?

Answer 36

Real time, transport protocol, RTP and secure real time transport protocol SRTP

Question 37

This protocol is used to initiate maintain and terminate voice video and messaging sessions?

Answer 37

Session initiation protocol SIP

Question 38

What are the three ways that administrators can connect to servers remotely?

Answer 38

SSH, RDP, a VPN

Question 39

What port does RDP use?

Answer 39

TCP port 3389

Question 40

What is the name of the suite of tools that simplifies the use of SSH to connect to remote servers securely?

Answer 40

Open SSH

Question 41

What is the SSH command to create a public private key pair? And what is the SSH command that copies the public key to a remote server?

Answer 41

ssh-keygen…ssh-copy-id

Question 42

What is the most commonly used protocol for time synchronization?

Answer 42

Network time protocol NTP

Question 43

What are the three IP ranges that are private and can be used to allocate with a private network? And what do routers on the Internet do when they see any traffic that’s coming from or going to a private IP address?

Answer 43

10.x.y.z, 172.16.y.z - 172.31.255.255, 192.168.y.z… they have rules to drop that traffic

Question 44

What was created in response to exhausting all IPv4 addresses? And what is used for local addresses?

Answer 44

IPV6…fc00

Question 45

What is used to resolve hostname to IP addresses?

Answer 45

Domain name system DNS

Question 46

What is it called when attacker modifies the DNS cash with a bogus IP address?

Answer 46

DNS poisoning

Question 47

What is the primary method of present preventing DNS cash poisoning called?

Answer 47

Domain name system security extensions DNSSEC

Question 48

With DNSSEC, what is added to each DNS record? And what does that do?

Answer 48

Resource record signature RRSIG… It is a digital signature, added to each record which provides data integrity and authentication for DNS replies

Question 49

What is one to one traffic called? And what is one to all traffic called? What will pass broadcast traffic between its ports and what will not pass Broadway broadcast traffic?

Answer 49

Unicast… Broadcast…a switch…a router

Question 50

What connects computers and other devices to each of its physical ports?

Answer 50

A switch

Question 51

What is the main security reason why organizations replace hubs with switches?

Answer 51

Because Uni cast traffic goes to all ports on a hub, whereas on a switch, the traffic only goes to the port referenced in the unicast

Question 52

What is a switch hardening technique that disables unused ports and/or limits the number of MAC addresses per port?

Answer 52

Port security

Question 53

What is a switch hardening technique that allows or blocks access to system by MAC address?

Answer 53

MAC filtering

Question 54

What can flood a network with traffic and effectively disable a switch? And what two protocols are used to prevent this and broadcast storm prevention from happening?

Answer 54

Switching loop or bridge loop problem… spanning tree protocol, STP or rapid STP RSTP

Question 55

What does STP send to detect switching loops in a network

Answer 55

Bridge protocol data unit BPDU messages

Question 56

What is a switch port that’s connected to a device called?

Answer 56

An edge port

Question 57

Many switches support what feature that is enabled on edge ports? And how does it work?

Answer 57

BPDU Guard… it monitors ports for any unwanted BPD messages, if it receives any, it disables the port effectively blocking a BPDU attack

Question 58

What device connects multiple network segments into a single network and route traffic between the segments? And what is the name for the segments that are separated by these devices sometimes referred to?

Answer 58

A router… broadcast domain

Question 59

What is implemented on routers and firewalls to identify what traffic is allowed and what traffic is denied?

Answer 59

Access control lists…ACL

Question 60

Router ACLs provide basic packet filtering…they filter packets on what three common characteristics?

Answer 60

IP address, ports, protocols

Question 61

What is used to block all access that has not been explicitly granted, routers and firewalls use this as the last rule and their access control list?

Answer 61

Implicit deny

Question 62

What command is used to display or modify a systems routing table on both windows and Linux systems?

Answer 62

The route command

Question 63

What protocol is used to monitor and manage network devices such as routers or switches? What version do administrators use? Why? And what port does it use?

Answer 63

Simple network management protocol SNMP…SNMPv3…it encrypt credentials before sending them over the network and is more secure than the earlier versions… UDP port 161 and 162

Question 64

What filters incoming and outgoing traffic for a single host or between networks?

Answer 64

A firewall

Question 65

Which firewall type monitors traffic going in and out of a single host such as a server or a workstation? And which firewall type protects an entire network?

Answer 65

A host based firewall…network based firewall

Question 66

True or false host based firewalls tend to be software based while network based firewalls tend to be a device?

Answer 66

True… a network based firewall is usually a network appliance

Question 67

True or false most organizations will either use host space or network-based firewalls but not both together?

Answer 67

False… The two together provide overall defense in depth

Question 68

This type of firewall rule is purely implemented on ACL’s and treats each network package that they see as a new event and does not track any information about previous network traffic?

Answer 68

Stateless firewall

Question 69

What is the rule that firewalls use at the end of the ACL to enforce an implicit deny strategy?

Answer 69

A deny any any, a deny any, or a drop all

Question 70

This type of firewall uses ACLs but also inspects traffic and makes decisions based on the traffic context or state, it keeps track of establish sessions and inspects traffic based on the state within a session and will block traffic that isn’t part of an establish session?

Answer 70

A stateful firewall

Question 71

Most modern based firewalls are of what type? What layer do they operate at? what is the commonly referred to name?

Answer 71

Stateful… transport layer… Layer 4 firewalls

Question 72

This type of firewall is specifically designed to protect a web application from a wide variety of web based
attacks and is placed between the web server and the web server clients?

Answer 72

Web application firewall WAF

Question 73

This type of firewall is specifically designed to protect a web application is placed between the web server and the web server clients?

Answer 73

Web application firewall WAF

Question 74

This type of firewall performs deep packet inspection and adds application level inspection as a core feature and is aware of common application protocols used on the Internet, such as FTP and HTTP?

Answer 74

Next generation firewall NGFW

Question 75

What is another name for WAF and NGFW? And why?

Answer 75

Layer 7 firewalls… because they can analyze information all the way through layer 7

Question 76

What is the name for an internal network? And what is the name for part of the network that can be accessed by authorize entities from outside of the network?

Answer 76

Intranet and extranet

Question 77

What is the goal of placing Systems into different zones limiting the connectivity they have to each other?

Answer 77

Reducing the attack surface

Question 78

What is the security zone between a private network and the Internet called? And what two devices in this area usually sit between?

Answer 78

A screened subnet or DMZ…two firewalls

Question 79

What is the protocol that translates public IP addresses to private IP addresses and private IP addresses back to public? And what hosts it?

Answer 79

Network address translation, NAT… network address translation gateway

Question 80

What are two benefits of NAT and one drawback?

Answer 80

Public IP addresses don’t need to be purchased for all clients, NAT hides internal computers from the Internet… NAT is not compatible with IPSec

Question 81

What is a common form of NAT?

Answer 81

Port address translation PAT

Question 82

NAT has two forms, what are they? Which one uses a single public IP address in a one to one mapping? And which one uses multiple public IP addresses in a one too many mapping?

Answer 82

Static and dynamic…static…dynamic…

Question 83

What is it called to physically isolate a network from others? And what type of systems are generally designed this way?

Answer 83

Air gap… SCADA Systems

Question 84

What is network segmentation between logical groups of users or computers called? And what can it do?

Answer 84

Virtual local area network, VLAN… It can logically group several different computers together or logically separate computers without regard to their physical location.

Question 85

What device is used when creating a VLAN?

Answer 85

A switch

Question 86

True or false VLANs can be used to separate traffic types, such as oy traffic on one VLAN and #DATA traffic on a separate VLAN

Answer 86

True

Question 87

Within a network, East West traffic refers to what? And north south traffic refers to what?

Answer 87

Traffic between servers… Traffic between clients and servers

Question 88

What is a dedicated system designed to fulfill a specific need called?

Answer 88

Network appliance

Question 89

What network appliance forwards requests for services such as HTTP or HTTPS from a client?

Answer 89

A proxy server

Question 90

What are two other functions that proxy server can perform?

Answer 90

Cashing content for performance and content filtering

Question 91

What do proxy servers use to enforce content filtering?

Answer 91

Block rules

Question 92

What is the difference between a centralized proxy server versus an agent based proxy server?

Answer 92

A centralized proxy server sits on the network in a strategic location where it can intercept and analyze user request… an agent based is where the filter resides on each users computer, that filter receives a policy from an organized central policy server regarding filtering

Question 93

What type of proxy server accepts request from the Internet, appearing as the web server, but actually is forwarding the request to the Web server and serving the pages returned by the web server?

Answer 93

Reverse proxy

Question 94

What two other functions do a reverse proxy perform?

Answer 94

It cashes the requested webpages so it can improve website performance, and it can act as a load balancer

Question 95

This type of proxy server accepts and forwards requests without modifying them? And this type of proxy server uses URL filters to restrict access to certain sites? Both of which do what?

Answer 95

Transparent… non-transparent… log user activity

Question 96

This device is a single solution that combines multiple security controls to provide better security while also simplifying management requirements?

Answer 96

Unified threat management UTM

Question 97

What are the four security controls that a UTM can provide?

Answer 97

URL filtering, malware inspection, content inspection, and DDOS mitigator

Question 98

What is a hardened device used to access and manage other devices in a different security zone called? Where is it placed on the network?

Answer 98

A jump server… it is placed between different security zones

Question 99

Why is it important that the jump server be hardened and ideally not be used for anything else?

Answer 99

Hardening the server and limiting the services that can be run on that jump server limits what an attacker can target on the server.

Question 100

What refers to the idea that we do not make trust decisions based on network location, instead we focus on implementing strong authentication systems and create policy driven access controls based upon a users identity vice their systems location?

Answer 100

Zero trust network access ZTNA

Question 101

When a user or system wants to access a resource, the zero trust environment makes that decision through what?

Answer 101

A system known as the policy enforcement point PEP

Question 102

What is when a system changes the way it ask a user to authenticate based upon the context of the request?

Answer 102

Adaptive identity authentication

Question 103

What are the two planes that a zero trust uses to divide the different types of communication?

Answer 103

Control plane and #DATA plane

Question 104

Which plane is the communications to control and configure the network occur on?

Answer 104

The control plane

Question 105

Which plane is the communications used by the end user and software to communicate with each other take place on, in other words, it contains all of all of the systems that carry out the work of the organization?

Answer 105

DATA plane

Question 106

What are two key components of the control plane called? And together, what are they known as?

Answer 106

Policy engine and policy administrator… policy decision point

Question 107

What enforces the policy decisions made for a zero trust network and is the only system allowed to cross between the control plane and the data plane?

Answer 107

Policy enforcement point

Question 108

What decides whether to grant access to a resource for a given subject and they zero trust network?

Answer 108

Policy engine

Question 109

What is responsible for communicating that decisions made by the policy engine to the policy enforcement point?

Answer 109

The policy administrator

Question 110

What are the three core components of the data plane?

Answer 110

The subject which is the user, the system which is what is used by the user to access a resource, and the enterprise resource which is what the user wants to access

Question 111

What is a design philosophy closely related to zero trust that brings together, networking and security functions and delivers them as an integrated cloud service?

Answer 111

Secure access service edge SASE