Ch 3. Network Tech and Tools

Question 1

TCP

Answer 1

Transmission Control Protocol; uses a three way handshake to provide connection-oriented traffic

Question 2

UDP

Answer 2

User Datagram Protocol; non-guaranteed delivery, does not use three way handshake

Question 3

IP

Answer 3

Internet Protocol; identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses

Question 4

ICMP

Answer 4

Internet Control Message Protocol; used for testing basic connectivity and includes tools such as ping, pathping, and tracert

Question 5

ARP

Answer 5

Address Resolution Protocol; resolves IPv4 addresses to media access control (MAC) addresses (physical/hardware)

Question 6

NDP

Answer 6

Neighbor Discovery Protocol; performs several functions on IPv6

Question 7

RTP

Answer 7

Real-time Transport Protocol; delivers audio and video over IP networks

Question 8

SRTP

Answer 8

Secure Real-time Transport Protocol; provides encryption, message authentication, and integrity for RTP

Question 9

FTP

Answer 9

File Transfer Protocol; uploads and downloads large files to and from an FTP server. By default data is transmitted in cleartext

Question 10

TFTP

Answer 10

Trivial File Transfer Protocol; used to transfer smaller amounts of data, commonly disabled because it’s a non-essential protocol on most networks

Question 11

SSH

Answer 11

Secure Shell; encrypts traffic in transit and be used to encrypt other protocols such as FTP

Question 12

SSL

Answer 12

Secure Sockets Layer; primary method used to secure HTTP traffic as HTTPS

Question 13

TLS

Answer 13

Transport Layer Security; the designated replacement for SSL (STARTTLS)

Question 14

IPsec

Answer 14

encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect VPN traffic

Question 15

SFTP

Answer 15

Secure File Transfer Protocol; an extension of SSH that secures FTP

Question 16

FTPS

Answer 16

File Transfer Protocol Secure; uses TLS to encrypt FTP traffic

Question 17

SMTP

Answer 17

Simple Mail Transfer Protocol; transfers email between clients and SMTP servers. Uses TCP port 25

Question 18

POP3/Secure POP

Answer 18

Post Office Protocol; transfers emails from servers down to clients. Uses TCP port 110/995

Question 19

IMAP4/Secure IMAP

Answer 19

Internet Message Access Protocol; used to store email on an email server. Uses TCP port 143/993

Question 20

HTTP

Answer 20

Hypertext Transfer Protocol; transmits web traffic on the Internet and in intranets. Uses TCP port 80

Question 21

HTTPS

Answer 21

Hypertext Transfer Protocol Secure; encrypts web traffic to ensure it is secure while in transit. Uses TCP port 443

Question 22

RDP

Answer 22

Remote Desktop Protocol; used to connect to other systems from a remote location

Question 23

NTP

Answer 23

Network Time Protocol; most commonly used protocol for time synchronization

Question 24

DHCP

Answer 24

Dynamic Host Configuration Protocol; dynamically assigns IP addresses to hosts

Question 25

DNS

Answer 25

Domain Name System; resolves host names to IP addresses, zone/client queries are TCP port 53/UDP port 53

Question 26

DNS Poisoning

Answer 26

attackers modify the DNS cache with a bogus IP address

Question 27

DNSSEC

Answer 27

Domain Name Security Extension; a suite of extensions to DNS that provides validation for DNS responses, and adds a digital signature to each record

Question 28

nslookup/dig

Answer 28

used to troubleshoot problems related to DNS; dig is used for Linux

Question 29

Unicast

Answer 29

one-to-one traffic; one host sends traffic to another host, using a destination IP address

Question 30

Broadcast

Answer 30

one-to-all traffic; one host sends traffic to call other hosts on the subnet using a broadcast address. Every host that receives it will process it.

Question 31

Switch

Answer 31

a network device used to connect devices. Layer 2 switches send traffic to ports based on their MAC addresses. Layer 3 sends traffic to ports based on IP addresses and support VLANs

Question 32

Loop Prevention

Answer 32

a method of preventing switching loop or bridge loop problems through use of STP/RSTP

Question 33

Flood Attack

Answer 33

an attacker send a large amount of traffic with spoofed MAC addresses to the same port on a switch; when the switch runs out of memory it enters a fail-open state and starts acting like a hub

Question 34

Router

Answer 34

connects multiple network segments together into a single network and routes traffic between segments

Question 35

ACL

Answer 35

Access Control List; rules implemented on a router/firewall to identify what traffic is allowed/denied.

Question 36

Implicit Deny

Answer 36

all traffic that isn’t explicitly allowed is implicitly denied

Question 37

Spoofing

Answer 37

to impersonate or masquerade as someone or something else, such as by replacing an IP address

Question 38

Bridge

Answer 38

connects multiple networks together and can be used instead of a router in some situations; directs traffic based on destination MAC addressses

Question 39

Aggregate Switch

Answer 39

connects multiple switches together in a network

Question 40

Firewall

Answer 40

filters incoming and outgoing traffic for a single host or between networks using an ACL

Question 41

Stateless Firewall Rules

Answer 41

Uses an ACL to statically inspect packets, does not keep track of the state of network connections

Question 42

Stateful Firewall

Answer 42

blocks traffic based n the state of the packet within a session

Question 43

DMZ

Answer 43

demilitarized zone; a buffered zone between a private network and the Internet

Question 44

NAT

Answer 44

Network Address Translation; a protocol that translates public IP addresses to private IP addresses back to public

Question 45

Airgap

Answer 45

a metaphor for physical isolation, indicating that there is a gap of air between an isolated system and other systems

Question 46

VLAN

Answer 46

virtual local area network; uses a switch to group several different computers into a virtual network

Question 47

proxy

Answer 47

a server used to forward requests for services such as HTTP/HTTPS

Question 48

Load Balancer

Answer 48

hardware or software that balances the load between two or more servers. Scheduling methods include source address IP affinity and round-robin

Question 49

UTM

Answer 49

Unified Threat Management; combines multiple security controls into a single appliance. They can inspect data streams and often include URL filtering, malware inspection, and contention inspection components.

Question 50

Mail Gateway

Answer 50

a server that examines all incoming and outgoing email and attempts to reduce risks associated with email