BKS Recap Questions Flashcards
1
Q
how do network standarts affect price and features?
A
Standards force interoparability which leads to more competition which forces companies to lower prices or better features in order to gain a good market possition.
2
Q
what three aspects does a message have?
A
message order message semantics (meaning) message syntax (organization - structure)
3
Q
Name an example for the importance of message order outside of networking
A
Cooking recipee
4
Q
distinguish between syntax and semantics
A
Syntax: How a message is organized (header, date field, trailer)
Semantics: meaning of the message (Pls give me, Here is the file…)
5
Q
Describe message ordering in HTTP
A
Http is a simple request, response cycle.
6
Q
in http can a server transmit if nothing has been requested?
A
No, the server can not transmit without the client making a request first.
7
Q
Describe the three step handshake in TCP connection openings
A
syn ->
ack
8
Q
what kind of message does the destination host send if it does not recieve a segment during a tcp connection?
A
Data=HTTP request error
9
Q
under what circumstance will the source host tcp process retransmit the segment?
A
If it did recieve a Data=http request error
10
Q
describe the four step closing handshake in tcp
A
fin ->
ack
11
Q
after a side initiates the close of a conection by sending a fin segment, will it send any more segments=
A
yes it can send one more segment, before the other side closes as well.
12
Q
what are the three general parts of a message?
A
header, data field, trailer
13
Q
what does the data field contain?
A
Its the heart of the message and contains the content being delivere by the message.
In http it contains the the file for the response message.
14
Q
Is there always a data field?
A
No, sometimes only a header is needed. For example when you only need the Ack flag.
15
Q
what is the definition of a trailer?
A
Everything that comes after the data field.
16
Q
Distinguish between Header and header fiels
A
the header contains the header fields which then contain different information f.e. destination header adress field which contains information for switches and routers.
17
Q
distinguish between octets and byte
A
It is just different terminology. Both octets and byte are 8 bits. In networking we mostly speak of octets, because it kind of makes more sence (oct - 8)
18
Q
which is the dominant network standard in wired lans?
A
Ethernet, which is more like a assembly of standards
19
Q
name the data link layer address used in Ethernet. What is the size?
A
Extended Unique Identifier - EUI48 address (former mac address)
It is 48 bit or 6 byte/octet in size
20
Q
waht is the role of frame check sequence field in ipv4 segments?
A
The host checks if the segment numbers are the same in order to verify they are at the same segment.
21
Q
can ethernet correct an erroneous frame?
A
No it cannot correct the frame, it can only detect erronouse frames.
22
Q
why was tcp designed to be complex?
A
The ipv4 was a best effort syntax. TCP needed to be more complex in order to be more userfriendly, reliable and easier to see through.
23
Q
why is it important for network professionals to understand TCP?
A
complex internetwork transmission tasks are handled by it. So in order to understand networking you need to understand TCP.
24
Q
What are TCP Messages called?
A
They are called TCP Segments
25
what is the role of sequence numbers in segmentation and reassembly?
Without segment numbers it wouldnt be possible to reasseble the packages in the right order. (in the wrong order they would be useless)
26
If a host wishes to acknowledge a connection request from another host which field will it use?
It will use the Flag fields in the Segment header. It will be set to 1 in the ACK bit.
27
How does an ACK number make tcp a reliable protocol?
because the ack number makes every segment unique,
| Errors can be discarded, resend and reassbeled.
28
what type of port numbers do server use for common server programs?
SMTP->Port 25, HTTP-> port 80, FTP->20,21
29
what type of port do clients use when they communicate with server programms
Clients generate a ephemeral port number (1024-4999) when talking to a server and are discarded after the connection.
30
what si the range of port numbers for each type
0-1023 for server ports
| 1024-4999 for ephemeral ports
31
Why are some ports called ephemeral
because they will be discarded after each use
32
what is the syntax of a socket?
The IP Address, a colon (:) and the port number. Example: 128.0.0.1:25
33
Do HTTP request messages have a header, data field and trailer?
They have Header and a data fields but usualy no trailer.
34
On what layer is the convertion from bits to ascii?
the application layer
35
why is there a need for encoding
because on every layer under the application layer everything is sent in bits.
36
what layers require ancoded messages?
the transport layer and lower (>=4)
37
convert 4 to binary
00100
38
convert 00100 to decimal
4
39
convert 11011 to decimal
27
40
how is voice encoding carried out?
the analog signal is translated to a digital one by measuring th loudness of voice thousand times a minute. A digital circuit (encoder) translates it.
41
what is ecapsulation?
Encapsulation is the repacking of a segment/frame when going through another layer. a tcp segment has to be encapsulated in a ip packet to go through that layer.
42
Why is encapsulation necessary for there to be
| communication between processes operating at the same layer but on different hosts, routers, or switches?
because other layers wouldn't be able to understand the packet/segment. So it needs to be encapsulated in order to be understandable for the standard protocol
43
explain the target breach
an employee recieved a spear fishing email which infected the his machine. That machine did send codes to the attacker which they used for login on the server. . they uploaded POS (Point of sale) maleware. so it was downloaded to all POS terminals in all target stores.
They collected data of all credit cards which they could sell to counterfeit card manufacturers.
44
Whose actions would you need to anticipate when managing network security?
Everyones. Every move of every user, hacker and goverment. There is no perfekt security solution.
45
How would you define a threat environment?
threat environment is when users dont upgrade their systems fast enough so there are vulnerabilitys on the system, which can be used to inject malware.
46
What is a vulnerability?
vulnerability is a flaw in a program that permits a specific attack or set of attacks against this program to succeed.
47
How can users eliminate vulnerabilities in their programs?
They have to install patches immediately.
48
What name do we give to attacks that occur before a patch is available?
Zero-day Attack
49
How do viruses and worms differ?
A virus is attached to a program, worms are standalone products.
50
What is a propagation vector?
the type/way a worm/virus uses to spread/propagate
51
Under what circumstances are scripts likely to be
| dangerous?
There are scripts (mobile code) which gets downloaded to your device if opened. The script can then run on your device.
52
What is meant by payload
The tasks a malware has. F.E. deleting your harddisk.
53
What is social engineering?
it aims at human failure. a user is asked to compromise personal or corporate security by offering him something. (a nice download for example)
54
Distinguish between phishing and spear phishing.
spear fisihing aims at one particular person. the attacker learns a lot about that person and uses personal data to make the fishing more personal
55
what si the def of hakcing?
intentionally using a computer resource without authorization or in excess authorization
56
Describe the two stages that typically occur in an attack.
The exploit - the actual break in via tools
| after break in - exploiting the ressource, gathering data and so on.
57
What is the purpose of a denial-of-service attack?
the shutdown of the attacked server (the denial of any service)
58
What programs directly
| attack the victim in a distributed denial-of-service attack?
they use botnets or hundreds of bots which send spam packets to the attacked server
59
Explain "advanced" in the term advanced persistent theft
Attacks that are really hard and expensive to be carried out. Can take years and needs extreme precision.
60
What type of adversary are most hackers today? b) Why is this type of attacker
extremely dangerous?
career hackers, looking for maximum damage or biggest use for them.
61
Is it generally illegal to write malware in the United States? b) What actions
regarding malware are illegal?
It is not illegal to write, but to sell or release.
62
What is a cipher?
an encryption method to create an encrypted message
63
In tvvoway dialogues, how many keys are used in symmetric key encryption?
Both users use the same key. So its one key in two places.
64
What is the minimum size for a strong key?
At least 100 bitsor greater.
65
Distinguish between private networks and virtual private networks.
private network is on data link not connected to the internet and probably is an ethernet.
virtual private networks work through the internet but act like a private network.
66
for what is ssl / tsl most widely used?
browser - webserver connections
67
What does a firewall do when a provable attack packet arrives?
discard it and write content to log file
68
Does a firewall
| drop a packet if it probably is an attack packet?
no, only if proven attack
69
c) Why is it important to read firewall
| logs daily?
to understand the attacks which are incomming
70
Distinguish between ingress and egress filtering.
ingress is incomming and
| egress is outgoing
71
describe the Plan, Protect, Respond Cycle
Planing the security with risk analysis, minimum permission, in depth defense.
Most budged spend on: Protect- access control, firewall cryptography.
Respond - to attacks and breaches and minimize damage
72
Name the four Quality of Service metrics
Speed (Speed of transmission), Errors (Amount of bad packets, Availability (%time network is ava.) Latency (time delay)
73
distinguish between rated speed and throughput
rated speed is what the technology is capable of
| throughput is what the user really gets
74
what is SNMT
SimpleNetworkManagementTools
75
what does UTP mean?
unshielded twisted pair (of copper cable)
76
what is the distance of UTP and Optical Fibre?
UTP 100m, Fibre: 200-500
77
Name the 4 UTP ethernet standards incl speed, quality and max length
100base tx - 100mbps -5e or higher - 100m
1000base t - 1000mbps - 5e or higher - 100m
10000base t - 10000mbps - 6 or higher - 55m
10000base t - 10000mbps - 6a or higher - 100m
78
name the 2 optical fibre quality standards
OM 3 length 550m@1gbps, 300@10, 100@100
| OM4 lenght 1000@1, 440@10, 150@100
79
What is Modulation?
Modulation is the process in which a digital computer singlan converts into a form that can travel down an ordinary analog telephone line
80
What is Amplitude Modulation and how does it work?
It is the change of power in the wave (aplitude graph) which can be low and high. A low amplitude = "0" (Bit) and a high amplitude = "1"
81
Which messurement are amplitude waves using?
They use Hertz (Hz), which is the amount of cycles in one second
82
what is phase modulation (PM)?
the phase gets inverted. (statt erst hoch, erst tief..)
| inverted = 0 , normal = 1
83
What is spread spectrum transmission?
uses wider bandwidth in order to send three parts of the same frame, if one gets lost the date is still transmitted
84
whats the most used wifi standard?
802.11(i)
85
what does SSID mean? whats ESS?
Service Set ID
| extended service set - with more access points
86
What is CSMA /CA+ACK
1 Carrier sense multiple access - the sender listens for traffic and sends when when no one else does.
2Collision Avoidance - whaits random amount of time to avoid collision (in case it would send asap)
and 3 Acknowledgment sends a send request which has to be acknowledged
87
is CSMA/CA+ACK efficient?
No because it has to wait and request and then wait for ack again and then send.
88
What is RTS-CTS?
Request to send, Clear to send
host sends CTS message
accesspoint sends CTS when rdy
89
name the 802.11 WiFi Standards
802. 11g - 54mbps (2,4ghz)
802. 11a - 54mbps (5ghz)
802. 11n - 100-600 (150-300 common) (most used) (2,5 and 5ghz)
802. 11ac - 433-6930 (433-1300 common) (most soled today) (5ghz)
90
what is a spatial stream?
Access point sending two signals in the same channel one from antenna a and one from antenna b
91
Explain PSK
PSK means pre shared key. Everyone with the key can access the network.
92
Explain USK
Host has PSK but also needs the Unshared session key from the access point. Which is encrypted and only shared with one client (each unique).
93
802.11i security is not enough, what threads are there?
except from human failure or internal setup:
rogue access point
evil twin access point
94
What is "rogue access point"
a rogue access point is one that is unsecure (e.g. set up by an employee). A hacker can access it.
95
What is an Evil Twin AP (Access Point) operation?
```
An attacker computer impersonates an access point. Opens connection to client and access point separately. Acts as Man in the middle.
Uses Decryption (Key1) to read message and reencrypts (Key2) A after sending trough.
```
96
Explain the hierachi of IPv4
```
123.456.789.012
Network Part (Maybe not only 8 bits e.g. 123.456)
Subnet Part (maybe not only 8 bits)
Host Part (maybe not only 8 bits)
```
97
What is the job of a border router?
It connects the Internet on one side to the corporate network on the other side.
98
Why are Subnetmasks needed?
You cannot tell where an IPv4 Package has to go on its own, so we need subnetmaks.
99
how do subnetmasks work?
Masks are applied to the IPv4 address.
if the mask bit is "0" the result is 0.
if the mask bit is "1" the result is the IP address bit in that position.
100
What does a Subnetmask look like?
A mask is a series of initial ones followed by a series of final zeros, for a total of 32 bits.
11111111 11111111 00000000 00000000
255.255.0.0
/16 (because 16 of the 32 bits are "1")
101
explain the difference between ethernet switching and ip routing
Ethernet switches are organized in a hierarchy. There is only one possible port to send a frame out and so only one row per address.
Routers are arrenged in meshes with multiple alternative routes. A router may send a packet out to more than one interface (port) and still get the packet to its destination.
102
explain routing ranges
```
A router has a routing table (with IP ranges) which it uses to make routing decisions.
There may be more than one option:
- chooses closest one
if similar
- chooses better metric cost (less hops)
```
103
Whats the Problem with ip packet routing
The Router knows the nexthoprouter ip but not teh data link layer (EUI48) adress.
To solve this it uses the address resolution protocol (ARP).
104
What is in the first row of an IPv4 packet?
Its the header which contains:
- version = the version of IP packet used.
- header lenght = tells the size of header
- ECN Explicit congestion notification = Reduces speed in case of congestion
- total lenth = tells size of the whole packet
105
What is in the second row of an IPv4 Packet?
The second row is used for reassebling, but IP fragmentation is extremely rare.
106
what is in the third row of an IPv4 package?
- TTL (time to live
- Protocol which is used (1=ICMP, 6=TCP. 17=UDP)
- Header checksum, to find errors and maybe discard packet. No retransmission. Internetlayer is not reliable.
107
What is in and after the 4th layer of an IPv4 Packer?
The source address
the destination address
options (not common, may indicate malicious packet
108
Why do we need IPv6 addresses?
Because IPv4 contains only 4b addresses which, considering that ranges are given to corporations, is not enough. So from now on we need to give out IPv6.
109
explain the properties of IPv6
- 128 bits long
| - hexadezimal (2001:0027:fe56:0000:0000:0000:cd3f:0fca)
110
Explain how to shorten IPv6 addresses
segments which start with zeros can be shortened
2001:0027:fe56:0000:0000:0000:cd3f:0fca
2001:27:fe56::::cd3f:fca
only outer colons are keept
2001:27:fe56::cd3f:fca
if there is more then one full 0 segment, only shorten the LONGEST one (other one keeps all colons.
if they have the same lenght, shorten first one.
111
does an IPv6 Packet have a header checksum?
No, the transport layer already takes care of that.
112
what is the "next header" in an IPv6 Packer?
always leads to the next header
113
explain the difference between TCP and UDP
UDP doenst use acknowledgments which makes it way faster but also less reliable.
Used for applications which need speed over reliability (voice chat, video calls)
114
Whats the Three Step Opening of TCP Sessions?
syn->
115
normal 4 step tcp close
fin->
116
whats the abrupt tcp close?
closes the connection immediatly by sending
RST ->
no ack from other side
117
in IP Subnetting, how do you calculate how many hosts and subnets a firm can have?
They apply and get assigned a certain network part. Lets say 16 bit is pre assigned. 16 bits remain for firm to assign. could be 8/8 or 6/10 and so on.
number of hosts OR subnets is 2^numberHere -2 (example 2^8-2=254)
118
what is NAT and how does it work?
Network Address Translation. Is a firewall which translates the internal IP to an external IP and saves it into a translation table.
NAT makes it possible to hide the real internal IP address in the internet.
119
What is a Domain?
Any group of resources (routers, single networks, hosts, etc) under the control of an organization.
120
how does DNS work?
Client asks local dns server for IP.
local dns server asks the authoritive dns server for that name.
authoritive dns server send the IP address of given name.
local dns sends dns response message with ip address
121
how many dns root servers do exist?
13
122
what are the two types of top level domains?
Country top level domains (.de, .nl)
| generic top level domains (.com, .edu....)
123
What is a VPN
Virtual Private Network.
| Really, its just encrypted communication through an untrusted network
124
what are the two types of VPNs?
Remote Access VPNs:
connect a remote user to a corporate site.
Site-to-Site VPNs:
Euch site has a key to encrypt outgoing traffic and a key for dycrypting incomming traffic.
125
what are the two ways IPsec can operate in? What are the pros and cons
Transport Mode
host to host, with digital authentication
better security, higher cost
Tunnel Mode
only through internet, unportected at site.
less secure, cheaper
126
Characterisctics of IPsec VS SSL/TSL
IPsec is on layer 3
SSL on layer 4
IPsec not build into browsers and co
SSL build in
IPsec can protect any application
SSL cant protect any app.
IPsec excellent security
SSL good security
127
why is IPsec not enough?
application cannot tell if its being protected so apps often require SSL/TSL.
128
How do you calculate the 64 Bit unicast interface ID?
- Display EUI-48 address
- remove dashes
- convert to lower case
- devide in half
- insert fffe in the middle
- in the second nibble, invert the second last bit. (e. g. 1101 -> 1111)
129
how is the DNS record for IPv6 called?
DNS AAAA Record
130
How do routers get there routing tables?
They constantly exchange information
| several dynamic routing protocols
131
name the routing protocols
OSPF - Open shortest path first
EIGRP Enhanced interior gateway routing protocol
BGP Border gateway protocol
132
explain what ICMP is/does
ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets. ICMP creates and sends messages to the source IP address indicating that a gateway to the Internet that a router, service or host cannot be reached for packet delivery. Any IP network device has the capability to send, receive or process ICMP messages.
133
differentiate between LAN,MAN, WAN
Local access network, Metropolitan Area Network, Wide Area Network
Lan is cheap, Man medium and WAN expensive.
LAN fast, MAN medium, WAN slow
Diversity of tech LAN low, MAN medium and WAN high
134
basic concept of a wan network?
Sites are connnected to the WAN core which is then connected to the ISP
135
what is the PSTN?
Public Switched Telephone Network
136
What is ADSL?
Asynchronous Digital Subscriber Line.
| Uses adnvanced technology to delive date over telephone UTP lines. is inexpensive.
137
What is Cabel Modem Service
Coaxial cable that brought tv where there was no reception. Now also Internet Data.
138
Explain cellular technology
Antenna towers creating cellsites, broken into cells with each reusing multiple channels to serve enough users.
Traveling through cells will hand you off to next one. Antennas are connected to PSTN.
139
Leased Linie data network
| PSDN Public switched data network
remeber the names brah.
140
nenne drei definierende eigenschaften von single switched networks
1 - nur eine übertragungstechnilogie
2 - kontrollierter addressraum
3 - nachrichten sind frames, nicht pakete
