Chap 11: Secure Network Architecture and Components

Question 1

What are the OSI layers?

Answer 1

The OSI layers are as follows: Application, Presentation, Session, Transport, Network, Data Link, and Physical.

Question 2

What is encapsulation?

Answer 2

Encapsulation is the addition of a header, and possibly a footer, to the data received by each layer from the layer above before it’s handed off to the layer below (App to Physical). The inverse action is deencapsulation (Physical to App).

Question 3

What are the network container names?

Answer 3

The network containers are: OSI layers 7–5 protocol data unit (PDU), layer 4 segment (TCP) or a datagram (UDP), layer 3 packet, layer 2 frame and layer 1 bits.

Question 4

What are protocol analyzers?

Answer 4

A protocol analyzer is a tool used to examine the contents of network traffic.

Question 5

What is MAC address?

Answer 5

Media Access Control (MAC) address is a 6-byte (48-bit) binary address written in hexadecimal notation, aka hardware address, physical address, the NIC address, and the Ethernet address. The first 3 bytes (24 bits) of the address is the organizationally unique identifier (OUI), which denotes the vendor or manufacturer. The last 3 bytes
(24 bits) of the MAC address represent a unique number assigned to that interface by the manufacturer.

1 byte is 6 bits

Question 6

What are the routing protocols?

Answer 6

Interior routing protocols are distance vector (Routing Information Protocol ([RIP] and Interior Gateway Routing Protocol [IGRP]) and link state (Open Shortest Path First [OSPF] and Intermediate System to Intermediate System [IS-IS]);
exterior routing protocols are path vector (Border Gateway Protocol [BGP]).

Distance vector routing protocol - maintain a list of destination networks along with metrics of direction and distance as measured in hops (i.e. no. of routers to cross to reach destination)

Path vector routing protocol - makes next hop decision based on the entire remining path (i.e. vector) to the destination.

Question 7

What is the TCP/IP model?

Answer 7

Also known as DARPA or the DOD model, the model has four layers: Application (also known as Process - covers Application, Presentation and Session), Transport (also known as Host-to-Host - covers Transport), Internet (sometimes known as Internetworking - covers Network), and Link (although Network Interface and sometimes Network Access are used - covers Data Link and Physical).

Question 8

What are the common application layer protocols?

Answer 8

These include Telnet, FTP, TFTP, SMTP, POP3, IMAP, DHCP, HTTP, HTTPS (TLS), LPD, X Window, NFS, and SNMP.

Question 9

What are transport layer protocols?

Answer 9

Be aware of the features and differences between

TCP and UDP; also be familiar with ports, session management, and TCP header flags.

Question 10

What is DNS?

Answer 10

The Domain Name System (DNS) is the hierarchical naming scheme used in both public and private networks. DNS links human-friendly fully qualified domain names (FQDNs) and IP addresses together. DNSSEC and DoH are DNS security features.

Question 11

What is DNS poisoning?

Answer 11

DNS poisoning is the act of falsifying the DNS information used by a client to reach a desired system. It can be accomplished through a rogue DNS server, pharming, altering a hosts file, corrupting IP configuration, DNS query spoofing, and proxy falsification.

Question 12

What is domain hijacking?

Answer 12

Domain hijacking, or domain theft, is the malicious action of changing the registration of a domain name without the authorization of the valid owner.

Question 13

What is typosquatting?

Answer 13

Typosquatting is a practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.

Question 14

What is IP?

Answer 14

Be familiar with the features and differences between IPv4 and IPv6.
Understand IPv4 classes, subnetting, and CIDR notation.
Understand network layer protocols. Be familiar with ICMP and IGMP.

Question 15

What is ARP? What is ARP Poisoning?

Answer 15

Address Resolution Protocol (ARP) is essential to the interoperability of logical and physical addressing schemes. ARP is used to resolve IP addresses into MAC
addresses. Also know about ARP poisoning.

Question 16

What are some examples of security communication protocols?

Answer 16

Examples include IPsec, Kerberos, SSH, Signal protocol, S-RPC, and TLS.

Question 17

What are the benefits and drawbacks of multilayer protocols?

Answer 17

Benefits of multilayer protocols include the fact that they can be used at higher OSI levels and that they offer encryption, flexibility, and resiliency. Drawbacks include covert channels, filter bypass, and violation of network segment boundaries.

Question 18

What are some examples of converged protocols?

Answer 18

Examples include FCoE, MPLS, iSCSI, VPN, SDN, cloud, virtualization, SOA, microservices, infrastructure as code (IaC), and serverless architecture.

Question 19

Know about converged protocols.

Answer 19

Examples include FCoE, MPLS, iSCSI, VPN, SDN,

cloud, virtualization, SOA, microservices, infrastructure as code (IaC), and serverless architecture.

Question 20

Define VoIP.

Answer 20

Voice over IP (VoIP) is a tunneling mechanism that encapsulates audio, video, and other data into IP packets to support voice calls and multimedia collaboration over TCP/IP network connections.

Question 21

What are the various types and purposes of network segmentation?

Answer 21

Network segmentation can be used to manage traffic, improve performance, and enforce security. Examples
of network segments or subnetworks include intranet, extranet, and screened subnet.

Question 22

What is microsegmentation?

Answer 22

Microsegmentation is dividing up an internal network
in numerous subzones, potentially as small as a single device, such as a high-value server
or even a client or endpoint device. Each zone is separated from the others by internal
segmentation firewalls (ISFWs), subnets, or VLANs.

Question 23

Define SDN.

Answer 23

Software-defined networking (SDN) is a unique approach to network operation,
design, and management. SDN aims at separating the infrastructure layer (hardware and hardware-
based settings) from the control layer (network services of data transmission management).

Question 24

What are the various wireless technologies?

Answer 24

Cell phones, Bluetooth (802.15), and
wireless networking (802.11) are all called wireless technologies, even though they are all
different. Be aware of their differences, strengths, and weaknesses. Understand the basics of securing 802.11 networking. Know RFID, NFC, LiFi, satellite, narrow-band, and Zigbee.

Question 25

What are service set identifier (SSID)?

Answer 25

Examples include ESSID, BSSID, and ISSID.

Question 26

Define WPA2.

Answer 26

IEEE 802.11i defined Wi-Fi Protected Access 2 (WPA2). WPA2 supports two authentication options: preshared key (PSK) or personal (PER) and IEEE 802.1X or
enterprise (ENT). WPA2 uses AES-CCMP.

Question 27

Understand WPA3.

Answer 27

Wi-Fi Protected Access 3 (WPA3) uses 192-bit AES CCMP encryption, whereas WPA3-PER remains at 128-bit AES CCMP. WPA3-PER uses Simultaneous Authentication of Equals (SAE).

Question 28

Define SAE.

Answer 28

Simultaneous Authentication of Equals (SAE) performs a zero-knowledge
proof process known as Dragonfly Key Exchange, which is itself a derivative of Diffie–
Hellman. The process uses a preset password and the MAC addresses of the client and AP to
perform authentication and session key exchange.

Question 29

What is a site survey?

Answer 29

A site survey is a formal assessment of wireless signal strength, quality, and interference using an RF signal detector. A site survey is performed by placing
a wireless base station in a desired location and then collecting signal measurements from
throughout the area.

Question 30

What are WPS attacks?

Answer 30

Wi-Fi Protected Setup (WPS) intended to simplify the effort involved in adding new clients to a secured wireless network. It operates by automatically
connecting the first new wireless client to seek the network once WPS is triggered.

Question 31

What is a MAC filter?

Answer 31

A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all nonauthorized devices.

Question 32

What are the antenna types?

Answer 32

A wide variety of antenna types can be used for wireless clients and base stations. These include omnidirectional pole antennas as well as many directional antennas, such as Yagi, cantenna, panel, and parabolic.

Question 33

What is a captive portal?

Answer 33

A captive portal is an authentication technique that redirects a newly connected client to a web-based portal access control page.

Question 34

What are spread spectrum techniques?

Answer 34

Spectrum-use techniques manage the simultaneous use of the limited radio frequencies, including FHSS, DSSS, and OFDM.

Question 35

What are Bluetooth attacks?

Answer 35

Attacks include bluesniffing, bluesmacking, bluejacking,

bluesnarfing, and bluebugging.

Question 36

What are wireless attacks?

Answer 36

Attacks include war driving, wireless scanners/crackers, rogue
access points, evil twin, disassociation, jamming, IV abuse, and replay.

Question 37

What are CDNs?

Answer 37

A content distribution network (CDN), or content delivery network,
is a collection of resource services deployed in numerous data centers across the
internet in order to provide low latency, high performance, and high availability of the
hosted content.

Question 38

What are the common network devices?

Answer 38

Common network devices are repeater, hub, modem,

bridge, switch, router, LAN extender, jumpbox, sensor, collector, and aggregator.

Question 39

Define NAC.

Answer 39

Network access control (NAC) is the concept of controlling access to an environment through strict adherence to and enforcement of security policy. Know about 802.1X, preadmission, postadmission, agent-based, and agentless.

Question 40

What are the various types of firewalls?

Answer 40

There are several types of firewalls: static packet
filtering, application-level, circuit-level, stateful inspection, NGFW, and ISFW. Also know
about virtual firewall, filters/rules/ACLs/tuples, bastion host, ingress, egress, RTBH, stateless
vs. stateful, WAF, SWG, TCP wrapper, DPI, and content and URL filtering.

Question 41

What are proxies?

Answer 41

A proxy server is used to mediate between clients and servers. Proxies are most often used in the context of providing clients on a private network with internet
access while protecting the identity of the clients. Know about forward, reverse, transparent, and nontransparent.

Question 42

What is endpoint security?

Answer 42

Endpoint security is the concept that each individual device must maintain local security whether or not its network or telecommunications channels also provide security.

Question 43

What is EDR?

Answer 43

Endpoint detection and response (EDR) is a security mechanism that is an evolution of traditional antimalware products, IDS, and firewall solutions. EDR seeks to detect, record, evaluate, and respond to suspicious activities and events.

Question 44

What is MDR?

Answer 44

Managed detection and response (MDR) focuses on threat detection and mediation but is not limited to the scope of endpoints. MDR is a service that attempts to
monitor an IT environment in real-time to quickly detect and resolve threats. Often an MDR solution is a combination and integration of numerous technologies, including SIEM, network traffic analysis (NTA), EDR, and IDS.

Question 45

What is EPP?

Answer 45

Endpoint protection platform (EPP) is a variation of EDR much like IPS is a variation of IDS. The focus on EPP is on four main security functions: predict, prevent,
detect, and respond. Thus, EPP is the more active prevent and predict variation of the more passive EDR concept.

Question 46

What is XDR?

Answer 46

Extended detection and response (XDR) components often include EDR, MDR, and EPP elements. Also, XDR is not solely focused on endpoints, but often
includes NTA, NIDS, and NIPS functions as well.

Question 47

What is MSSP?

Answer 47

Managed security service provider (MSSP) can provide XDR solutions that are centrally controlled and managed. MSSP solutions can be deployed fully on-premise, fully in the cloud, or as a hybrid structure. MSSP solutions can be overseen through a SOC which is itself local or remote. Typically, working with an MSSP to provide EDR, MDR, EPP, or XDR services
can allow an organization to gain the benefits of these advanced security products and leverage the
experience and expertise of the MSSP’s staff of security management and response professionals.

Question 48

Describe the different cabling types.

Answer 48

This includes STP, UTP, 10Base2 coax (thinnet),
10Base5 coax (thicknet), 100BaseT, 1000BaseT, and fiber-optic. You should be familiar with UTP categories 1 through 8.

Question 49

What are the common LAN technologies?

Answer 49

The most common LAN technology is Ethernet.
Also be familiar with analog vs. digital communications; synchronous vs. asynchronous
communications; duplexing; baseband vs. broadband communications; broadcast, multicast,
and unicast communications; CSMA, CSMA/CD, and CSMA/CA; token passing; and polling.

Question 50

What are the standard network topologies?

Answer 50

These are ring, bus, star, and mesh.