Appendix B

Question 1

What are the IPv4 private network ranges for internal use

Answer 1

Class A : 10.0.0.0/8

10.0.0.0 - 10.255.255.255
Addresses: 16,777,216

Class B : 172.16.0.0/12

172.16.0.0 - 172.31.255.255
Addresses: 1,048,576

Class C : 192.168.0.0/16

192.168.0.0 - 192.168.255.255
Addresses: 65,536

Question 2

How many bits in length is IPv4

Answer 2

32 - 4 octets of 8

Question 3

What was introduced to help alleviate address exhaustion

Answer 3

NAT

Question 4

What Protocol number is IPv4

Answer 4

4

Question 5

What Protocol number is IPv6

Answer 5

41

Question 6

What Protocol number is ICMP for IPv6

Answer 6

58

Question 7

How long is an IPv6 address

Answer 7

128 bits - 8 octets of 16 bits

Question 8

How can IPv6 addresses be abbreviated

Answer 8

One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042 is converted to 42.

Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC5952 recommends that a double colon must not be used to denote an omitted single section of zeroes.

An example of application of these rules:
Initial address:
2001:0db8:0000:0000:0000:ff00:0042:8329
After removing all leading zeroes: 2001:db8:0:0:0:ff00:42:8329
After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329

Question 9

What is significant about the 169.254.0.0/16 range?

Answer 9

This is the “link local” block. As described in RFC3927, it is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server cannot be found.

Question 10

What does TCP stand for

Answer 10

Transmission Control Protocol

Question 11

How is a TCP connection established

Answer 11

Three Way Handshake to establish the session (SYN - SYN/ACK - ACK) then uses acknowledgments to confirm data has been received.

Question 12

What is TCP windowing?

Answer 12

The key to networking efficiency.

Files are broken up into packets of up to 1500 bytes and sent to the recipient. Increases the number of packets sent at once until it starts dropping packets (This is why time estimates on windows file copying change drastically when copying large files).

Uses sequence numbers to confirm file transmission. Ack numbers are always greater than syn numbers.

Question 13

What does UDP stand for?

Answer 13

User Datagram Protocol

Question 14

Why is UDP considered to be “Unreliable”

Answer 14

Unlike TCP there is no acknowledgement that data has been received

Question 15

What is UDP typically used for

Answer 15

Services which do not require acknowledgement such as VOIP, DNS and TFTP

Question 16

What is a Fraggle attack

Answer 16

A Fraggle attack is the same as a Smurf attack but rather than ICMP, the UDP protocol is used.
The prevention of these attacks is almost identical to the Smurf attack.

Question 17

What is a Smurf attack

Answer 17

In a smurf attack, an attacker will spoof the source address of the ICMP packet and send a broadcast to all computers on that network. If networking devices do not filter this traffic, then they will be broadcasted to all computers in the network. The victim’s network gets congested by this much traffic, which brings down the productivity of the entire network.

To mitigate the risk of a smurf attack it is advised that the following actions are taken :

Put filters on routers and firewall to counteract address spoofing. An IP address should be assigned to a LAN segment, and if the IP address of the source machine is not in the range of IP address that is assigned to the segment, then the traffic should be dropped.

Put filters on L3 devices to not reply for broadcast address.

Question 18

What does ICMP stand for

Answer 18

Internet Control Message Protocol

Question 19

What is ICMP used for

Answer 19

Used primarily for network diagnostics.

Question 20

What Protocol number is ICMP

Answer 20

1

Question 21

What ICMP type is a ping

Answer 21

8

Question 22

What ICMP type is a traceroute

Answer 22

30

Question 23

What does UTP stand for

Answer 23

Unshielded Twisted Pair, often referred to as a CAT 5 cable

Question 24

When would you use a straight through cable

Answer 24

When connecting hosts unlike each other
ie
Switch - Computer

Question 25

When would you use a crossover cable

Answer 25

When connecting like devices. ie PC - PC Switch - Switch

Question 26

How does fibre transmit data?

Answer 26

Pulses of light

Question 27

What types of fibre exist

Answer 27

Multi Mode Fibre (MMF) | Single Mode Fibre (SMF)

Question 28

What colours do MMF and SMF cabling tend to be

Answer 28

MMF : Orange/Aqua | SMF : Yellow

Question 29

What speeds and distances are typical of MMF

Answer 29

100 Mbit/s up to 2000m 1 GB/s up to 1000m 10 GB/s up to 550m

Question 30

What is a VCSEL

Answer 30

Vertical-Cavity Surface-Emitting Laser. The VCSEL is a semiconductor laser diode which emits lasers used in MMF

Question 31

Where is MMF typically used

Answer 31

Multimode fiber is used for signal transmission over short distances.

Question 32

Where is SMF typically used

Answer 32

Singlemode fiber is used for long distance transmission.

Question 33

What speeds and distances are typical of SMF

Answer 33

DWDM (Dense Wavelength Division Multiplexing) allows singe-mode fiber to transmit data at speeds up to 400GB/s

Question 34

How does DWDM work?

Answer 34

DWDM works by transmitting multiple signals simultaneously at different wavelengths on the same fiber, turning one fiber into multiple virtual fibers.

Question 35

What are they key differences of SMF and MMF

Answer 35

Multi-mode has a larger core diameter. Multi-mode has higher "light-gathering" capacity than single-mode. Multi-mode allows the use of cheaper electronics such as LED and VSCELs Single-mode bandwidth-distance limit is higher Single-Mode is used for long distance transmission, Multi-Mode is used for short distance transmission.

Question 36

What are the speeds associated with 10/100/1000Base T

Answer 36

10 Mbps 100 Mbps 1 Gbps

Question 37

What is 100 Base T otherwise known as

Answer 37

Fast Ethernet

Question 38

What is 1000 Base T otherwise known as

Answer 38

Gigabit Ethernet

Question 39

What are the standards associated with 10/100/1000Base T

Answer 39

10 Base T : 802.3i 100 Base T : 802.3u 1000 Base T : 802.3ab

Question 40

What type of cabling tends to be used for 10 Base T

Answer 40

Cat 3 / Cat 5 UTP with 2 twisted pairs

Question 41

What type of cabling tends to be used for 100 Base T

Answer 41

100-BASE-TX: two pairs of twisted-pair wires. 100-BASE-T4: four pairs of twisted-pair wires. 100-BASE-F4: fiber optic cables.

Question 42

What type of cabling tends to be used for 1000 Base T

Answer 42

Cat 5 UTP with 4 twisted pairs

Question 43

How does a token ring network work

Answer 43

3 Byte token is sent around the network, whoever holds the token can transmit. Empty frames are constantly circulated on the ring When a message requires sending a computer seizes the token which allows it to send the frame The frame is examined by each successive workstation until the destination host is reached. When it reaches its target the host copies the frame and changes the token back to 0 When the frame returns to the sender, as the token has been changed to 0 it knows the message has been copied and received and deletes the message from the frame The frame continues circulating as an empty frame, ready for the process to begin again when a host requires to send a message

Question 44

What standard is a token ring network

Answer 44

IEEE 802.5 standard.

Question 45

What are the differences between Encryption and Encoding

Answer 45

Encoding transforms data into another format using a scheme which is publicly available so that it can easily be reversed. Is for maintaining data usability and uses schemes that are publicly available Encryption transforms data into another format in such a way that only specific individuals can reverse the transformation. Is for maintaining data confidentiality, the ability to reverse the transformation is limited to certain people (keys)

Question 46

What are the differences between Asymmetric and Symmetric encryption

Answer 46

In asymmetric encryption one key is used for encrypting and the other is used for decrypting. These keys are interchangeable i.e. if key A encrypts, key B decrypts and if key B encrypts, key A decrypts In symmetric encryption the same key is used for both encrypting and decrypting.

Question 47

What is a Stream cipher

Answer 47

A stream cipher encrypts single bits of data as a continuous stream of data bits. Typically execute at a higher speed than block ciphers and are suited for hardware usage. The stream cipher then combines a plain text bit with a pseudorandom cipher bit by means of an exclusive OR (XOR) operation. The XOR process is to compare the plain text and key one bit at a time and, based on the XOR logic, create cipher text. If the plain text and secret key are the same bit the result is 0, if they are different then the resulting encrypted bit is 1.

Question 48

What is a Block cipher

Answer 48

Block ciphers are encryption ciphers that operate by encrypting a fixed block of data, the most common of which is 64 bits. This block is encrypted as one unit of cleartext. When a block cipher is used for encryption and decryption the message is divided into blocks of bits. Blocks are then put through one or more of the following scrambling methods : ``` Substitution Transposition Confusion Diffusion S-Boxes ```

Question 49

What does DES stand for

Answer 49

Data Encryption Standard

Question 50

What type of cipher is DES

Answer 50

Symmetric Block.

Question 51

What are the size of keys and blocks used in DES

Answer 51

64bit keys encrypting 64bit block sizes | 56 bit key length + 8 parity bits

Question 52

What are the DES modes

Answer 52

ECB : Electronic Code Block CBC : Cipher Block Chaining CFB : Cipher Feedback OFB : Output Feedback

Question 53

What are the key points of ECB

Answer 53

Native mode. Block cipher 64 bit keys encrypting 64 bit block sizes Vulnerable to CTA (Chosen Text Attack)

Question 54

What are the key points of CBC

Answer 54

Common DES mode. 64 bit keys encrypting 64 bit block sizes First block is encrypted with IV (Initialisation Vector) Each block is XOR’d with cipher text with proceeding block to add randomisation. Errors propagate

Question 55

What are the key points of CFB

Answer 55

Stream cipher. Same as CBC, but acts as stream instead of block. Ciphertext is chained together, causing errors to propagate.

Question 56

What are the key points of OFB

Answer 56

Stream cipher. | Similar to CFB, but cipher text is not chained together and no errors.

Question 57

What is 3DES

Answer 57

Triple Data Encryption Algorithm, a symmetric key block cipher which applies the DES cipher algorithm 3 times to each data block.

Question 58

What are the key length options available to 3DES

Answer 58

Has three key length options 56, 112, 168 bits | with a key bundle 8, 16, 24 bytes in length

Question 59

What are the keying options available to 3DES

Answer 59

1 ) All three keys are independent - the strongest option with 168 independent key bits. 2) Provides less security with 112 key bits. Stronger than simply DES as it protects against meet in the middle attacks 3) Equivalent to DES with only 56 key length. Provides backward compatibility with DES as the first and second DES operations cancel out.

Question 60

What is AES

Answer 60

Advanced Encryption Standard, a symmetric key algorithm which has a block size of 128 bits and key lengths of either 128, 192 or 256 bits.

Question 61

How does AES encrypt

Answer 61

The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the plaintext into the ciphertext. The number of cycles of repetition are as follows: 10 cycles of repetition for 128-bit keys. 12 cycles of repetition for 192-bit keys. 14 cycles of repetition for 256-bit keys.

Question 62

What is RSA

Answer 62

Named after its creators Rivest, Shamir and Adleman this asymmetric algorithm is based on the practical difficulty of factoring the product of two large prime numbers. Key sizes vary in size however they are typically between 1024 and 4096 bits in length. Using the RSA system, the identity of the sender can be identified as genuine without revealing his private code.

Question 63

What is RC4

Answer 63

128 bit symmetric stream cipher used in popular protocols such as TLS and WEP. Has multiple known weaknesses which can lead to revealing the plaintext.

Question 64

What is SHA hashing

Answer 64

Secure Hash Algorithm, produces a 160 bit (20 byte) hash value. Typically rendered as a hexadecimal number 40 digits long. Example Hash : SHA1("The quick brown fox jumps over the lazy dog") gives hexadecimal: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12 gives Base64 binary to ASCII text encoding: L9ThxnotKPzthJ7hu3bnORuT6xI=

Question 65

What is MD5 hashing

Answer 65

The MD5 message digest algorithm is a hash function which produces a 128 bit (16 byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. Example Hash : MD5("The quick brown fox jumps over the lazy dog") 9e107d9d372bb6826bd81d3542a419d6

Question 66

What is HMAC

Answer 66

Hash Based Message Authentication Code, a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Any hash function hash function such as MD5 or SHA1 can be used in calculating the HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1. The cryptographic strength of HMAC depends on the size of the secret key that is used, HMACs are less affected by collisions than their underlying hashing algorithms alone (i.e. HMAC-MD5 doesn't suffer the same weaknesses of MD5)

Question 67

What levels of the OSI model are associated with SSL

Answer 67

Initialised at the Session Layer (5) | Works at the Presentation Layer (6)

Question 68

What does PKI stand for

Answer 68

Public Key Infrastructure

Question 69

What are the 4 basic components for PKI

Answer 69

Certificate Authority (CA) Registration Authority (RA) Repository Archive

Question 70

How does the SSL Handshake work

Answer 70

Browser accesses HTTPS site. Server indicates a secure session should be established. Server sends a copy of its asymmetric public key in its SSL Certificate. Browser creates a symmetric session key and encrypts it (RSA) with the server’s asymmetric public key. Server decrypts with its own private key to get the symmetric session key. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key

Question 71

What does IPSec do

Answer 71

Secures communications by authenticating and encrypting each IP packet during a session, providing an end-to-end solution. Ensures confidentiality, integrity, and authenticity by using layer 3 OSI encryption and authentication.

Question 72

What are the two modes of IPSec

Answer 72

Tunnel Mode - Encrypts entire packet including routing and header information. Transport Mode - Encrypts only the payload data.

Question 73

What is SA

Answer 73

Security Association: SA is a one-way connection 2 SAs required for two-way connection. 4 SAs required if AH and ESP are used.

Question 74

What 3 parameters identify a SA session

Answer 74

Destination IP Address Security Protocol ID (AH / ESP) Security Parameter Index (SPI)

Question 75

What 2 types of security protocols make up a SA

Answer 75

AH - provides integrity and authentication. protocol 51 ESP - provides encryption, integrity and authentication. protocol 50

Question 76

What 3 methods are used for IKE authentication

Answer 76

Pre-Shared Key Asymmetric Key Encryption (RSA) Digital Signatures (RSA)

Question 77

What port is used for IKE

Answer 77

UDP 500

Question 78

What port is used by SSH

Answer 78

TCP 22

Question 79

What layer does SSH operate at?

Answer 79

Application (7)

Question 80

What does SSH provide

Answer 80

Confidentiality and Integrity ``` Secure data communication Remote login and command execution. SSH file transfer (SFTP) or secure copy (SCP). Port forwarding and tunnelling. Forwarding X from a remote host. ```

Question 81

What is PGP

Answer 81

Pretty Good Privacy Asymmetric encryption. Used for signing, encrypting/decrypting files. Also used for an email security application. Uses IDEA and MD5.

Question 82

What are the three groups of Linux file permissions

Answer 82

Owner - The Owner permissions apply only the owner of the file or directory, they will not impact the actions of other users. Group - The Group permissions apply only to the group that has been assigned to the file or directory, they will not effect the actions of other users. All users - The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

Question 83

What are the three permission types in Linux

Answer 83

Read - The Read permission refers to a user's capability to read the contents of the file. Write - The Write permissions refer to a user's capability to write or modify a file or directory. Execute - The Execute permission affects a user's capability to execute a file or view the contents of a directory.

Question 84

How would you view file permissions in Linux

Answer 84

You can view the permissions by checking the file or directory permissions in GNOME/KDE or by reviewing the output of the "ls -l" command while in the terminal and while working in the directory which contains the file or folder.

Question 85

What can be determined by the following Linux File permissions : -rw-rw-r-- 1 me me

Answer 85

The file is owned by user "me" User "me" has the right to read and write this file The file is owned by the group "me" Members of the group "me" can also read and write this file Everybody else can read this file

Question 86

What can be determined by the following Linux File permissions : -rwxr-xr-x 1 root root

Answer 86

The file is owned by user "root" The superuser has the right to read, write, and execute this file The file is owned by the group "root" Members of the group "root" can also read and execute this file Everybody else can read and execute this file

Question 87

How does chmod work

Answer 87

rwx rwx rwx = 111 111 111 rw- rw- rw- = 110 110 110 rwx --- --- = 111 000 000 and so on... ``` rwx = 111 in binary = 7 rw- = 110 in binary = 6 r-x = 101 in binary = 5 r-- = 100 in binary = 4 ```

Question 88

What permissions are granted by chmod 600

Answer 88

rw- --- --- | The owner may read and write a file. All others have no rights.

Question 89

What types of File System are used in Windows

Answer 89

FAT - Fat Allocation Table Limit of number of entries in the root directory. Cluster issues. NTFS - New Technology File System Data structure overhead. Cluster issues. ExFat - Extended File Allocation Table Limited support outside Windows and Mac OSX. Difficult to obtain. ReFs - Resillient File System New for Windows Server 2012.

Question 90

What are the 6 Windows File permissions

Answer 90

P - Permission - user can change permission of file. X - Execute - user can run the file. W - Write - user can open and write to file. O - Ownership - user can take ownership of file. R - Read - user can open and view file. D - Delete - user can delete file.

Question 91

What are the 5 standard ACL permissions

Answer 91

``` Full Control Modify Read & Execute Read Write ```

Question 92

What is an ACL

Answer 92

ACL is a table which tells OS what access rights each user to files. ACLs provide access control to Active Directory through ADSI (Service Interfaces). ACLs contain a list of ACEs.

Question 93

What is an ACE

Answer 93

Access Control Entities Each ACE has 1 Security Identifier (SID) that identifies and specifies access rights to trustee. Contains following access control information: Security Identifier (SID) Access Mask - Specifies Access Rights controlled by ACE. Flag - indicates the type of ACE. Bit Flags - File ACE inheritance.

Question 94

What are the two types of ACL

Answer 94

Discretionary ACL (DACL): Allows or denies a user access to file. Identifies group permissions and determines if access is allowed to file. ``` System ACL (SACL): Logs attempts to access a file. ```