chap 5 - communication & network security

Question 1

define OSI 7-Layer model

Answer 1

1. application –> data
2. presentation –> data
3. session –> Data
4. transport –> Segments for end-to-end connection
5. network –> Packets using the IP address
6. data link -> frames using MAC address
7. physical –> bites through cables

Question 2

translate OSI to TCP/IP layers

Answer 2

1. application + presentation + session –> application layer (Telnet/FTP/SMTP/DNS/RIP/SNMP)
2. transport –> host to host transport (TCP/UDP)
3. Network + data link –> internet layer (ARP/IP/IGMP/ICMP)
4. data link + physical –> network interface layer (ethernet/token ring/ frame)

Question 3

what are the step in cybersecurity kill chain

Answer 3

1. reconnaissance
2. weaponization
3. delivery
4. exploitation
5. installation
6. command & control
7. actions on objectives

Question 4

what are the different type of network topologies (physical layer)

Answer 4

1. Bus -> central LAN cable to which all nodes connect advantage: adding is easy / node failure don’t affect network
   disadvantage: if central LAN failure then entire network drop
2. Tree -> hierarchy of objects
   advantage: adding is easy / node failure don’t affect network
   disadvantage: if central LAN failure then entire network drop
3. Ring -> closed-loop with central point transmitted
   advantage: use token - time stamp / used as LAN or network backbone
   disadvantage: single point of failure (e.g., fiber distributed data interface (FDDI) use dual rings for failure)
4. Mesh -> mesh network connecting all nodes
   advantage: high level of redundancy
   disadvantage: expensive
5. star -> all nodes connected to a hub, switch or router (used in modern LAN)
   advantage: fewer cable than mesh / easy to deploy
   disadvantage: central connection is single point of failure

Question 5

what is the role of a “carrier sense multiple access with collision detection (CSMA/CD)”

Answer 5

protocol allows devices to transmit data with minimum overhead, resulting in bandwidth efficiency

Question 6

types of optical fiber cable

Answer 6

1. single-mode: small diameter -> up to 100KM
2. Multimode: large diameter -> up to 2KM
3. plastic optical fiber (POF) -> up to 100m

Question 7

what is a “modem”

Answer 7

“modulate” - “demodulate” devices used to modulate digital signals to analog wave and vis-versa

Question 8

what are the types of digital subscriber lines (DSL)

Answer 8

• asymmetric DSL -> ADSL: downstream higher than upstream
• Rate-adaptive DSL -> RADSL: upstream based on quality line
• symmetric DSL -> SDSL: downstream & upstream are same
• Very high bite rate DSL -> VDSL high transmission (52mbps)

Question 9

what is the role of a dynamic host configuration protocol (DHCP)

Answer 9

DHCP’s role is to assign IP address to devices

Question 10

what OSI layer uses MAC address to redirect communications

Answer 10

Data link layer

Question 11

what is Address Resolution Protocol (ARP)

Answer 11

used at the MAC layer to provide direct communication between 2 devices within the same LAN segment

Question 12

what is a Point-to-point protocol (PPP) (PPPoE -> over Ethernet)

Answer 12

mechanism for establishing a layer 2 (data link) connection between 2 systems, e.g. internet service provider (ISP) and customer device

provides a standard method for transporting multiprotocol datagrams over point-to-point link

PPPoE: creates a virtual point to point connection

Question 13

what is a Fibre channel over ethernet (FCoE)

Answer 13

provides a single layer 2 (data link) environment to manage

Question 14

what is a contention-based protocol?

Answer 14

devices on network are competing for bandwidth, contention-based protocols are meant to avoid inference / collision:

1. CSMA/CD: device on LAN that listen for a carrier before transmitting data
2. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA): better for wireless environment -> avoid collisions by first checking the media is clear for transmission

Question 15

what is a layer 2 “bridge”

Answer 15

device that filter traffic between segments based on MAC addresses. additionally they amplify signals

Question 16

what is a switch

Answer 16

layer 2 switch establishes on collision domain per port, enabling more efficient transmissions with CSMA/CD logic within ethernet

Question 17

what is a Virtual Local Area Network (VLAN)

Answer 17

VLANs allow admin to use switches to create software-based LAN segments, which can segregate or consolidate traffic across multiple switch ports

Question 18

key threats to layer 2 (data link)

Answer 18

• MAC address spoofing
• MAC flooding -> DoS attack
• VLAN hopping -> 802.1Q attack
• Broadcast storms -> DoS attack
• Reconnaissance probes using MAC sniffing -> capture frames

Question 19

key layer 2 (data link) counter measures to threats

Answer 19

• Proper NIC configuration
• Service monitoring (ARP/ DHCP)
• proper VLAN configuration
• proper switch port configuration
• Layer 2 IDS/IPS

Question 20

what does layer 3 (network) uses to redirect communications

Answer 20

IP address

Question 21

what are the 2 main goals of layer 3 (network)

Answer 21

1. managing the logical addressing for networks
2. forwarding packets to the correct logical network

Question 22

what are the forms of transmission in layer 3 (network)

Answer 22

1. Unicast -> 1-to-1 communication
2. Broadcast -> one to many communication
3. Multicast -> 1 host to a discrete group of host
4. Anycast -> 1-to-1 transmission but uses services from group
5. Geocast -> same as broadcast but restrictes destination of IP address geographically (think Netflix stream)

Question 23

what are network layer protocols

Answer 23

• IPv4 provides a 32-bit address space
• IPv6 provides a 128-bit address space

Note: IPv4 and IPv6 use 2 different headers, therefore network cannot operate on both simultaneously

Question 24

what are the 5 key network protocols and octet range

Answer 24

• class A -> 1-126 (subnet mask 255.0.0.0)
• class B -> 128-191 (subnet mask 255.255.0.0)
• class C -> 192-223 (subnet mask 255.255.255.0)
• class D -> 224-239 (subnet mask 255.255.255.255) -> for multi casting
• class E -> reserved for development & testing

Question 25

what are the advantage of IPv6

Answer 25

• longer address field
• improved security
• improved QoS

Question 26

what are routers most used for today

Answer 26

connect LAN to WAN

most basic security at layer 3 on router incl Access Control List (ACL) that approve/deny source and destination address. these routers are also called “boundary routers”, positioned on the DMZ

Question 27

what are the 2 key meanings of Access Control List

Answer 27

routing: it is a table within a route’s memory that stores permitted

identity mgmt & access control: they are data structure that are usually keyed or indexed by user IDs and related those IDs to authorization information of various kind

Question 28

what is the difference between routing protocol & routed protocol

Answer 28

Routing protocol: used by routers to communicate and coordinate with each other -> e.g., ICMP / IGMP

Routed protocols: define HOW data can be routed over a network. IPv4 and IPv6 are routed protocols

Question 29

what protocol was created to increase WAN traffic efficiency (routing)

Answer 29

routing tables calculation for each packet use a lot of router computational resources creating latency.

“Multiprotocol label switching” (MPLS) is a WAN protocol design to increase WAN efficiency.

it operates on layer 2 (data link) and layer 3 (network)

Question 30

what are the primary components of an MPLS network

Answer 30

1. MPLS edge node
2. label switching router (LSR)
3. label switch path

Question 31

what are the key advantages of MPLS

Answer 31

• traffic engineering
• multi-service network
• network resiliency

Question 32

what are the key threats to layer 3 (network)

Answer 32

• routing (RIP) attack
• ICMP attack
• Ping flooding
• SMURF using
• IP address spoofing
• packet sniffing

Question 33

what are the key countermeasures to protect layer 3 (network)

Answer 33

• SICMP
• properly config routers
• packet filtering and inspection -> NGFW
• router ACLs more effectively
• properly config VLAN
• layer 2 IDS/IPS
• zero trust architecture
• micro-segmenting LANs

Question 34

what does layer 4 (transport) do

Answer 34

it delivers end-to-end services through segments transmitted in a stream of data and controls stream of data to relieve congestion

Question 35

what are the 2 types of transport protocols (TCP/IP)

Answer 35

TCP - transmission control protocol - connection-oriented protocol -> provides packet sequencing

UDP - connectionless protocol -> does NOT support retransmission of packet

Question 36

what are layer 4 protocols by group

Answer 36

• transport -> TCP UDP
• Names & directory services -> DNS / LDAP
• Network operational support & mgmt -> NTP / DHCP
• web page oriented -> HTTP / HTTPS
• email -> POP / IMAP SMTP
• admin & miscellaneous -> FTP / SSH / Telnet

Question 37

how does TCP establish connection

Answer 37

using a three-way handshake

1a. SYNchronize
1b.SYN-ACKnowledge

2a. ACK
2b. Data ACK (using the connection…)

3a. FINish
3b. ACK + FINish
3c. ACK

Question 38

what are the categories of TCP & UDP ports

Answer 38

• well-known ports -> 0-1023
• registered ports -> 1024-49151
• dynamic or private ports -> 49152-65535

Question 39

primary use of 20/21

Answer 39

file transfer protocol -> FTP

Question 40

primary use of 22

Answer 40

secure shell -> SSH

Question 41

primary use of 23

Answer 41

Telnet

Question 42

primary use of 25 or 587

Answer 42

SMTP

Question 43

primary use of 37

Answer 43

TIME

Question 44

primary use of 53

Answer 44

domain name services ->DNS

Question 45

primary use of 69

Answer 45

Trivial file transfer protocol -> TFTP

Question 46

primary use of 80

Answer 46

HTTP

Question 47

primary use of 161

Answer 47

simple network mgmt protocol -> SNMP

Question 48

primary use of 162

Answer 48

SNMP trap

Question 49

primary use of 179

Answer 49

border gateway protocol

Question 50

primary use of 443

Answer 50

HTTPS

Question 51

traditional firewall vs. NextGen firewall

Answer 51

tradition:
- firewall / ports / IP address
- IDS / IPS
- web proxy
- antivirus gateway
- VPN

NextGen firewall
- IAM / Attributes
- anti-bot
- FaaS
- firewall / ports / IP address
- IDS / IPS
- web proxy
- antivirus gateway
- VPN

Question 52

what are the main threat to layer 4 (transport)

Answer 52

• routing protocol attack
• ICMP attack - eg., ping flooding
• network time protocol desynch
• fraggle - UDP broadcast flood
• TCP sequence prediction
• IP address spoofing
• packet sniffing
• port scanning

Question 53

what are the countermeasures for layer 4 (transport)

Answer 53

• TCP intercept & filtering
• DoS prevention services
• allowed & blocked list for IP address, URL, URI
• properly config TLS
• secure protocol for file transfer
• fingerprint scrubbing

Question 54

what is the main goal of layer 5 (session layer)

Answer 54

provide logical persistent connection between peer hosts

responsible for creating, maintaining and tearing down the session

Question 55

what are layer 5 (session) authentication protocols

Answer 55

• password authentication protocol (PAP)
• Challenge-handshake authentication protocol (CHAP)
• Extensible authentication protocol (EAP)
• protected extensible authentication protocol (PEAP)

Question 56

what are the main threats to layer 5 (session)

Answer 56

• session hijack / MITM
• ARP / DNS / poisoning local hosts files
• secure shell (SSH) downgrade
• man-in-the-browser (MITB)

Question 57

what are the main countermeasures to protect layer 5 (session)

Answer 57

• replace weak password authentication protocol
• ID mgmt & access control
• PKI implementation
• properly config DNS
• active monitoring
• IDS / IPS / SIEM alarms

Question 58

what is the main goal of layer 6 (presentation)

Answer 58

consolidate the design of protocols and services

Question 59

what are the main threats to layer 6 (presentation)

Answer 59

• data breach
• compromise integrity
• SMBs attack
• SSL attack

Question 60

what are the main countermeasures to protect layer 6 (presentation)

Answer 60

• strong authentication & protection based apps
• monitor apps traffic
• secure application protection (WAF)
• zero trust architecture

Question 61

what is the main goal of the layer 7 (application)

Answer 61

used by end-user to accomplish daily task and application usage

Question 62

what are layer 7 (application) main type of protocol

Answer 62

• HTTP
• HTTPS - using TLS to create session
• DHCP
• DNS
• SNMP -> simple network mgmt protocol
• LDAP -> lightweight directory access protocol

Question 63

what is Dynamic host configuration protocol (DHCP)

Answer 63

client/server application designed to assign IP addresses from a pool of pre-allotted addresses on a DHCP server

Question 64

what are the common attributes for an LDAP entry level

Answer 64

• distinguished name (DN)
• relative distinguished name (RDN)
• common name (CN)
• domain component (DC)
  -organizational unit (OU)

Question 65

what is the goal of SNMP (simple network mgmt protocol)

Answer 65

designed to manage network infrastructure

Question 66

what are the main threat to layer 7 (application)

Answer 66

• SQL injection
• encryption downgrade attempt
• rogue DHCP service / DNS poisoning / LDAP injection
• SNMP abuse
• HTTP flood -> DoS
• cross-site script attack

Question 67

what are the main countermeasures to protect layer 7 (application)

Answer 67

• monitoring
• block suspect bots
• strong access control (MFA)
• deep inspection of app traffic
• secured apps protection (WAF / ADP)
• zero trust architecture
• strengthen end user skills

Question 68

what are the main Internet Protocol (IP) issues

Answer 68

• authenticity
• confidentiality
• scripting
• social engineering
• spam over instant message
• legacy remote access

Question 69

what is the advantage of Internet protocol secure (IPSec)

Answer 69

• authentication header (AH)
• encapsulating security payload (ESP) : Header / payload / trailer / authentication

Question 70

what are some use case for NAC deployment

Answer 70

• medical device
• IoT devices
• incident response
• BYOD
• guest user and contractors
• cloud
• compliance
• mobile device

Question 71

what is a port address translation (PAT)

Answer 71

extension to NAT, translate all addresses to one externally routable IP address

Question 72

what are the main security implications of remote computing

Answer 72

• people issue
• networking & communication vulnerabilities
• attention from threat actors
• implementation issues

Question 73

what is a circuit switched network?

Answer 73

uses a dedicated circuit between endpoints. neither endpoints starts communicating until the circuit is completely established

Question 74

what is a network function virtualization and advantage

Answer 74

NFV’s objective is to decouple functions, such as firewall mgmt, intrusion detection, NAT or name service resolution, away from specific hardware implementation into software service

Question 75

what are best practice in 3rd party mgmt

Answer 75

• policies for establishing, onboarding, monitoring, managing and offboarding 3rd party
• inventory of 3rd party relationship and evaluation against policies to identify risk
• apply monitoring & auditing practices

Question 76

what is a DNS

Answer 76

convert IP addresses and domain names

Question 77

what is ARP

Answer 77

convert between MAC address and IP address

Question 78

what is NAT

Answer 78

convert between public IP and private IP addresses

Question 79

how does IPsec provide secure channel (VPN)

Answer 79

IPsec uses authentication headers (AH) to provide authentication, integrity and non-repudiation, and Encapsulating Security Payload (ESP) to provide confidentiality

Question 80

Sue’s employer has asked her to use an IPsec VPN to connect to its network. When Sue connects, what does the IPsec VPN allow her to do? Sue’s employer has asked her to use an IPsec VPN to connect to its network. When Sue connects, what does the IPsec VPN allow her to do?

Answer 80

Create a private encrypted network carried via a public network and act like she is on her employer’s internal network

Question 81

Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?

Answer 81

TCB

The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing

Question 82

Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?

Answer 82

TEMPEST

The TEMPEST program creates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations.

Question 83

What important factor listed below differentiates Frame Relay from X.25?

Answer 83

Frame Relay supports multiple PVCs over a single WAN carrier connection.

Question 84

During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?

Answer 84

Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.

LEAP, the Lightweight Extensible Authentication Protocol. is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.

Question 85

Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he used to connect these devices?

Answer 85

Ad hoc mode

Question 86

What common applications are associated with each of the following TCP ports: 23, 25, 143, and 515?

Answer 86

Telnet, SMTP, IMAP, and LPD

Question 87

Which authentication protocol commonly used for PPP links encrypts both the username and password and uses a challenge/response dialog that cannot be replayed and periodically reauthenticates remote systems throughout its use in a session?

Answer 87

CHAP

The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks.

Question 88

If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?

Answer 88

VPN users should only connect from managed PCs.

Question 89

Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using?

Answer 89

A distance-vector protocol

Question 90

What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?

Answer 90

A proxy

A proxy is a form of gateway that provide clients with a filtering, caching, or other service that protects their information from remote systems.

Question 91

Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality?

Answer 91

S/MIME

S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept.

Question 92

What type of key does WEP use to encrypt wireless communications?

Answer 92

A predefined shared static key

WEP has a very weak security model that relies on a single, predefined, shared static key. This means that modern attacks can break WEP encryption in less than a minute.

Question 93

The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

Answer 93

Layer 2

ARP and RARP operate at the Data Link layer,

Question 94

Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel?

Answer 94

iSCSI

iSCSI is a converged protocol that allows location-independent file services over traditional network technologies.

Question 95

In her role as an information security professional, Susan has been asked to identify areas where her organization’s wireless network may be accessible even though it isn’t intended to be. What should Susan do to determine where her organization’s wireless network is accessible?

Answer 95

A site survey

Question 96

SMTP, HTTP, and SNMP all occur at what layer of the OSI model?

Answer 96

Layer 7

Application-specific protocols are handled at layer 7, the Application layer of the OSI model.

Question 97

Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she wants to filter ping out by protocol, what protocol should she filter out from her packet sniffer’s logs?

Answer 97

ICMP

Ping uses ICMP, the Internet Control Message Protocol, to determine whether a system responds and how many hops there are between the originating system and the remote system

Question 98

Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?

Answer 98

802.1x

802.1x provides port-based authentication and can be used with technologies like EAP, the Extensible Authentication Protocol.

Question 99

There are four common VPN protocols. Which group of four below contains all of the common VPN protocols?

Answer 99

PPTP, L2F, L2TP, IPsec

Question 100

What network technology is best described as a token-passing network that uses a pair of rings with traffic flowing in opposite directions?

Answer 100

FDDI

FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a pair of rings with traffic flowing in opposite directions

Question 101

If your organization needs to allow attachments in email to support critical business processes, what are the two best options for helping to avoid security problems caused by attachments?

Answer 101

Train your users and use anti-malware tools.

Question 102

Chris has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose, and why?

Answer 102

PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

Question 103

Which type of firewall can be described as “a device that filters traffic based on its source, destination and the port it is sent from or is going to”?

Answer 103

A static packet filtering firewall

Question 104

Data streams occur at what three layers of the OSI model?

Answer 104

Application, Presentation, and Session