Chapter 11- Secure Network Architecture and Securing Network Components Flashcards

Question 1

Q

What is protocol

Answer

A

Protocol is a set of rules and restrictions that determine how data is transmitted over a network medium

Question 2

Q

OSI Model divides networking into 7 distinct layers, name them:

Answer

A

Please do Not Throw Sausage Pizza Away
Application 7
Presentation 6
Session 5
Transport 4
Network 3
Data 2
Physical 1

Question 3

Q

What is encapsulation

Answer

A

encapsulation occurs as data moves down through OSI Model Layers from Application to Physical. It is the addition of a header and possibly a footer to the data received by each layer from the layer above before it is handed to the layer below

Question 4

Q

What is de-encapsulation

Answer

A

De-encapsulation occurs when data moves up through OSI model layers from Physical to Application

Question 5

Q

What happens at the presentation layer during encapsulation

Answer

A

The presentation layer encapsulates the message by adding information to it, information is added at the beginning of the message i.e. a header.

Question 6

Q

How do ISO Layers change data

Answer

A

D3SPFB
Application Data Stream
Presentation Data Stream
Session Data Stream
Transport Segment (TCP)/Datagram (UDP)
Network Packet
Data Frame (Link)
Physical Bits

Question 7

Q

What is physical layer:

Answer

A

accepts frame from the data link layer and converts frame into bits for transmission over the physical connection medium. It also receives bits from the physical connection medium and converts them into frame to be used by the data link layer.

Question 8

Q

Through device drivers and standards list the things that physical layer controls:

Answer

A

Throughput rates
It handles synchronisation
Manages line noise and medium access
Determines whether to use analogue or digital signals

Question 9

Q

List network hardware devices that function at layer 1:

Answer

A

(NHRCA) Network Interface Cards (NICs), hubs, repeaters, concentrators and amplifiers.

Question 10

Q

What is data layer

Answer

A

Data Layer is responsible for formatting the packet from the Network layer into the proper format for transmission. data link layer includes adding the hardware source and destination addresses to the frame. The hardware address is the Media Access Control Address (MAC)

Question 11

Q

List protocols found in the data link layer:

Answer

A

SPALLPI
Serial Line Internet Protocol (SLIP)
Point to Point Protocol (PPP)
Address Resolution Protocol (ARP)
Layer 2 Forwarding (L2F)
Layer 2 Tunnelling Protocol (L2TP)
Point to Point Tunnelling Protocol (PPTP)
Integrated Services Digital Network (ISDN)

Question 12

Q

What is ARP?

Answer

A

Address Resolution Protocol (ARP) is a protocol the datalink Layer. It can be viewed as operating in layer 2 or 3 of the OSI model. It depends on the ethernet’s source and destination MAC addresses. ARP is used to resolve IP addresses into MAC addresses.

Question 13

Q

ARP is carried as a _____ of the ______:

Answer

A

Payload, the Ethernet Frame

Question 14

Q

ARP operates in what layer?

Answer

A

Tricky question! some think it operates on Layer 2,anyway choose 2. Layer 2

Layer 3 – Network layer but it does not operate as a true layer 3 protocol as it does not use a source destination addressing scheme to direct communications. It depends on the Ethernet source and the destination MAC addresses.

Question 15

Q

Hardware technology used in data layer

Answer

A

Ethernet (IEEE802.3), Token Ring (IEEE 802.5), Asynchronous Transfer Mode (ATM), Fibre Distributed Data Interface (FDDI), Copper Distributed Data Interface (CDDI)

Question 16

Q

Data link layer contains 2 sublayers they are

Answer

A

Logical Link Control and Media Access Control (MAC) Sublayer

Question 17

Q

List Network Hardware that function at layer 2

Answer

A

at datalink layer… switches and bridges

Question 18

Q

Explain Network Layer

Answer

A

Network layer is responsible for adding routing and addressing information to data. Packet includes source and destination addresses. The Network layer is responsible for providing routing or delivery information, but it is not responsible for verifying guaranteed delivery

Question 19

Q

List routing protocols under network layer:

Answer

A

BORI5NS
Internet Control Message Protocol (ICMP)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Border Gateway Protocol (BGP)
Internet Group Management Protocol (IGMP)
Internet Protocol (IP)
Internet Protocol Security (IPSec)
Internetwork Packet Exchange (IPX)
Network Address Translation (NAT)
Simple Key Management for Internet Protocols (SKIP)

Question 20

Q

What are routers

Answer

A

routers determine the best logical paths for the transmission of packets based on speed, hops, preference and so on.

routers use destination IP addresses to guide the transmission of packets.

Question 21

Q

List some network hardware devices that function at layer 3:

Answer

A

Routers and bridge routers (brouters)

Question 22

Q

a

Question 23

Q

What are brouters:

Answer

A

Bridge routers (brouters) works primarily in layer 3 but in layer 2 when necessary.

Question 24

Q

What is the transport layer

Answer

A

. Transport layer is responsible for managing the integrity of a connection and controlling the session. A PDU Payload Data Unit from the session layer is converted into segment. This layer includes mechanisms for segmentation, sequencing, error checking, controlling the flow of data, error correction, multiplexing and network service optimisation.

Question 25

Q

PDU acronym means

Answer

A

Payload Data Unit, Protocol Data Unit, Packet Data Unit.

Question 26

Q

List Protocols that operate on the transport layer:

Answer

A

the following operate on the transport layer, Transport Control Protocol (TCP),
User Datagram Protocol (UDP),
Sequenced Packet Exchange (SPX),
Secure Socket Layer (SSL),
Transport Layer Security (TLS).

Question 27

Q

What is PDU

Answer

A

means Payload Data Unit, Protocol Data Unit, Packet Data Unit. PDU is a container of information or data passed btw network layers.

Question 28

Q

Explain Session Layer:

Answer

A

Session Layer (Layer 5) is responsible for establishing, maintaining and terminating communication sessions between 2 computers. It manages dialogue discipline or dialogue control (simplex, half duplex, full duplex).

Question 29

Q

List Protocols that operate within the session Layer:

Answer

A

Network File System (NFS), Structured Query Language (SQL), Remote Procedure Call (RPC).

Question 30

Q

Communication sessions can operate in one of three diff control modes in the session layer, list them:

Answer

A

Simplex- one way communication, half-duplex- 2 way communications; but only one direction can send data at a time, full-duplex- 2 way communication, in which data can be sent in both directions simultaneously.

Question 31

Q

What is presentation layer

Answer

A

presentation layer is responsible for transforming data received from application layer into a format that any system following the OSI model can understand.

Question 32

Q

Which layer is responsible for encryption and compression:

Answer

A

Presentation Layer (Layer 6).

Question 33

Q

What is application layer:

Answer

A

it is responsible for interfacing user applications, network services, or operating system with protocol stack. The application is not located in this layer rather protocols and services required to transmit files, exchange messages, connect to remote terminals are found here

Question 34

Q

Protocols found in the presentation layer are?

Answer

A

American Standard for Code Information Interchange (ASCII)
Extended Binary Coded Decimal Interchange Mode (EBCDICM)
Tagged Image File Format (TIFF)
Joint Photographic Experts Group (JPEG)
Moving Picture Experts Group (MPEG)
Musical Instrument Digital Interface (MIDI)

Question 35

Q

Protocols found in the application layer are:

Answer

A

Protocols found in the application layer are: Hypertext Transfer Protocol (HTTP)
File Transfer Protocol (FTP), Line Print Daemon (LPD), Simple Mail Transfer Protocol (SMTP), Telnet, Trivial File Transfer Protocol (TFTP),Electronic Data Interchange (EDI), Post Office Protocol version 3 (POP3),Internet Message Access Protocol (IMAP), Simple Network Management Protocol (SNMP), Network News Transport Protocol (NNTP), Secure Remote Procedure Call (S-RPC),Secure Electronic Transaction (SET

Question 36

Q

Name the network device that works at the application layer:

Question 37

Q

TCP/IP Acronym

Answer

A

Transmission Control Protocol/ Internet Protocol

Question 38

Q

List the layers of TCP/IP:

Answer

A

Application, Transport, Internet and Link

Question 39

Q

Compare the OSI model to TCP/IP Model

Answer

A

Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link

Question 40

Q

Compare the Application mode of the TCP/IP model to OSI:

Answer

A

Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.

Question 41

Q

Compare the transport mode of the TCP/IP to OSI model:

Answer

A

The transport mode is also known as host to host and it is likened to the transport mode of the OSI model

Question 42

Q

Compare the Network mode of the OSI model to TCP/IP:

Answer

A

this model is known as the internet or internetworking.

Question 43

Q

Compare Data Link and Physical Mode of the OSI model to the TCP/IP Model:

Answer

A

the data link and physical layers of the OSI model are likened to the link model of the TCP/IP

Question 44

Q

TCP/IP can be secured using……:

Answer

A

Virtual Private Networks

Question 45

Q

Advantages of VPN:

Answer

A

VPN links are encrypted to add privacy, confidentiality and authentication.

Question 46

Q

List Protocols used to establish VPNs:

Answer

A

Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).

Question 47

Q

List Protocol in Application state of TCP/IP:

Answer

A

: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window

Question 48

Q

What are TCP wrappers?

Answer

A

TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.

Question 49

Q

List 2 TCP/IP Transport Layer Protocols:

Answer

A

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Question 50

Q

Explain TCP (TCP/IP) Protocol:

Answer

A

Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model.

Question 51

Q

Explain UDP (TCP/IP) Protocol:

Answer

A

User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable.

Question 52

Q

What is a port?

Answer

A

Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no

Question 53

Q

What is socket?

Answer

A

A combination of IP address and port number is known as socket

Question 54

Q

Ports 0 -1023 are known as:

Answer

A

Well known ports or service ports

Question 55

Q

Ports 1024 to 19151 are known as:

Answer

A

registered software ports
These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).

Question 56

Q

Ports 49152 to 65535 are known as

Answer

A

Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.

Question 57

Q

Explain the TCP three-way handshake:

Answer

A

1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server

Question 58

Q

List TCP headers flag field:

Answer

A

Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent, Acknowledgement, Push, Reset, Synchronize, Finish.

Question 59

Q

What is UDP used for:

Answer

A

UDP is often employed by real time or streaming communications for audio and video.

Question 60

Q

Describe UDP Header

Answer

A

: UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.

Question 61

Q

Describe TCP/IP Internet Protocol:

Answer

A

it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.

Question 62

Q

Compare IPv4 to IPv6:

Answer

A

IPv4 IPV6
32bits addressing 128bits addressing

Question 63

Q

List some IPv6 features that are not present in \IPv4:

Answer

A

Scoped Addresses, autoconfiguration and Quality of Service

Question 64

Q

Describe advantage of IPv6 scoped addressing:

Answer

A

IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.

Answer 63

A

IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).

Answer 64

A

Application, Transport, Internet and Link

Answer 65

A

Application Application
Presentation Application
Session Application
Transport Transport
Network Internet
Data Link Link
Physical Link

Answer 66

A

Application Mode is also known as the process. The application mode of the TCP/IP Model is synonymous to the Application, Presentation and Session modes of the OSI.

Answer 67

A

The transport mode is also known as host to host and it is likened to the transport mode of the OSI model

Answer 68

A

: this model is known as the internet or internetworking.

Answer 69

A

the data link and physical layers of the OSI model are likened to the link model of the TCP/IP.

Answer 70

A

Virtual Private Networks

Answer 71

A

VPN links are encrypted to add privacy, confidentiality and authentication.

Answer 72

A

Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Shell (SSH), Open VPN (SSL/TLS VPNs) and Internet Protocol Security (IPSec).

Answer 73

A

: File Transfer Protocol FTP, Telnet, Simple Network Management Protocol SNMP, Line Print Daemon LPD, Trivial File Transfer Protocol TFTP, Simple Mail Transfer Protocol SMTP, NFS, X Window

Answer 74

A

TCP wrappers is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.

Answer 75

A

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Answer 76

A

Transmission Control Protocol (TCP) Internet Protocol is a full duplex connection oriented protocol. Operates at transport layer of the OSI model

Answer 77

A

User Datagram Protocol (UDP) is a simplex connectionless protocol. It operates at transport layer of the OSI model, it offers no error detection or correction, does not use sequencing, does not use flow control mechanism, does not use preestablished session and is considered unreliable

Answer 78

A

Port is a little more than an address number that both ends of the communication link agree to use when transferring data within the transport layer. Ports allow a single IP address to be able to support multiple simultaneous communications each using a different port no.

Answer 79

A

A combination of IP address and port number is known as socket

Answer 80

A

registered software ports

These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).

Answer 81

A

These are ports that have one or more networking software products specifically registered with International Assigned Numbers Authority (IANA).

Answer 82

A

Random, Dynamic Ephemeral Ports as they are randomly and temporarily used by clients as a source port. The IANA recommends that ports 49152 to 65535 be used as dynamic and/or private ports.

Answer 83

A

1 the client sends a SYN (synchronise) flagged packet to the client. 2. The server responds with a SYN/ACK (synchronise and acknowledge) flagged packet back to the client. 3. The client responds with an ACK (acknowledge) flagged packet back to the server

Answer 84

A

Unskilled Attackers Pester Real Security Folk. CWR, ECE, URG, ACK, PSH,RST,SYN,FIN) i.e. Congestion Window Reduced, Explicit Congestion Notification-Echo, Urgent Acknowledgement, Push, Rest, Synchronize, Finish.

Answer 85

A

UDP is often employed by real time or streaming communications for audio and video.

Answer 86

A

UDP header is 8bytes (64 bits) long. The header is divided into 4 sections or fields (each 16 bits long). Source Port, Destination Port, message length and checksum.

Answer 87

A

: it operates at the Network Layer of the OSI model and is known as the Internet Protocol (IP). IP provides route address for data packets.it provides means of identity and prescribes transmission paths. It is similar to UDP, IP is connectionless and unreliable.

Answer 88

A

IPv4 IPV6
32bits addressing 128bits addressing

Answer 89

A

Scoped Addresses, autoconfiguration and Quality of Service

Answer 90

A

IPv6 scoped addresses give the administrators the ability to group and then block or allow access to network services such as file servers or printing.

Answer 91

A

IPv6 Autoconfiguration removes the need for both Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT).
66. What is IPv6 Quality of Service? IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content.

Answer 92

A

IPv6 Quality of Service (QoS) priority values allow for traffic management based on prioritized content

Answer 93

A

Internet Control Message Protocol is used to determine the health of a network or a specific link

Answer 94

A

Internet Control Message Protocol

Answer 95

A

Ping, traceroute, pathping and any other network management tools.

Answer 96

A

ping utility employs ICMP echo packets and bounces them off remote systems. Ping can be used to check is a remote system is online.

Answer 97

A

Denial of Service (DoS), ping of death, smurf attacks and ping floods.

Answer 98

A

Ping of Death sends a malfunctioned ping larger than 65,535 bytes to a computer in order to crash it.
Note: Malfunctioned ping is an IP packet that lacks order or contains a code that is expected to confuse or disrupt computers, firewalls, routers or any service present on a network.

Answer 99

A

Smurf attacks generate enormous amounts of traffic on a target network by spoofing broadcast pings. It is a Distributed Denial of Service attack (DDoS)
Wiki: It is a distributed denial of service attack in which large numbers of internet control message protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Spoofing involves creating of an IP packet with false IP address for the purpose of impersonating another computer system.

Answer 100

A

Internet Group Management Protocol (IGMP) allows systems to support multicasting. it is used by hosts to register their dynamic multicast group membership. Multicasting is the transmission of data to multiple specific recipients. It is also used by connected routers to discover these groups

Answer 101

A

multicasting is the transmission of data to multiple specific recipients.

Answer 102

A

Address Resolution Protocol is essential to the interoperability of logical and physical addressing schemes. ARP uses caching and broadcasting to perform its operations. The basis of ARP is Media Access control.
ARP should:
Accept Request: A new device asks to join the LAN, providing and IP address
Translate: Devices on the LAN don’t communicate via IP address
Send Requests:

Answer 103

A

Address Resolution Protocol cache (ARP) Poisoning.

Answer 104

A

ARP cache poisoning is where an attacker inserts bogus information into the ARP cache. It is also known as ARP Spoofing

Answer 105

A

this is a terminal emulation network application that supports remote connectivity for executing commands and running applications but not support transfer of files.

Answer 106

A

TCP Port 23

Answer 107

A

File Transfer Protocol: This is a network application that supports an exchange of files that requires anonymous or specific authentication

Answer 108

A

File Transfer Protocol

Answer 109

A

TCP Port 20 for passive data or active (ephemeral) data and data transfer and Port 21 for control connection

Answer 110

A

Trivial File Transfer Protocol

Answer 111

A

Trivial File Transfer Protocol is a network application that supports the exchange of files that does not require authentication

Answer 112

A

UDP Port 69

Answer 113

A

this is a protocol used to transmit email messages from a client to an email server and from one email server to another.
88. SMTP acronym means- Simple Mail Transfer Protocol

Answer 114

A

Simple Mail Transfer Protocol

Answer 115

A

TCP Port 25

Answer 116

A

Network Layer- Layer 3.

Answer 117

A

Post Office Protocol

POP3 Port- TCP Port 110

Answer 118

A

This is a protocol used to pull email messages from inbox on an email server down to an email client. TCP Port 110

Answer 119

A

Internet Message Access Protocol

Answer 120

A

TCP Port 110

Answer 121

A

TCP Port 143

Answer 122

A

This is a protocol used to pull messages from an inbox on an email server down to an email client. IMAP is more secure than POP3

Answer 123

A

Dynamic Host Configuration Protocol (DHCP

Answer 124

A

UDP ports 67 and 68. Port 67- as destination port on server to receive client communications and port 68 as source for client requests. It is used to assign TCP/IP configuration settings to systems upon bootup.

Answer 125

A

Hypertext Transfer Protocol

Answer 126

A

TCP Port 80

Answer 127

A

Secure Socket Layer

Answer 128

A

TCP Port 443 (for HHP encryption)

Answer 129

A

Secure Socket Layer (SSL) is a VPN like security protocol that operates in the transport layer. It was originally designed to support web communications (HTTPS) but is capable of securing any Application later protocol communications

Answer 130

A

Line Print Daemon (LPD)

Answer 131

A

TCP Port 515

Answer 132

A

Line Print Daemon (LPD)This is a network service that is used to spool print jobs to and send print jobs to printers.

Answer 133

A

TCP Ports 6000-6063

Answer 134

A

This a GUI API for command line operating systems

Answer 135

A

TCP Port 2049

Answer 136

A

Network File System

Answer 137

A

This is a network service used to support file sharing between dissimilar systems.

Answer 138

A

Simple Network Management Protocol (SNMP) UDP Port 161 (UDP Port 162 for trap messages) this is a network used to collect network health and status information by polling monitoring devices from the polling station.

Answer 139

A

SNMP Means Simple Network Management Protocol
SNMP is a standard network supported by most network devices and TCP/IP compliant hosts.

Answer 140

A

UDP Ports 161 and 162

Answer 141

A

UDP 161 is used by SNMP agent to receive requests and UDP Port 162 is used by the management console to receive responses and notifications

Answer 142

A

Simple Network Management Protocol (SNMP) trap messages inform the management console when an event or threshold violation occurs on a monitored system. UDP Port 162 is used for this.

Answer 143

A

TCP/IP is a protocol suite that comprises of individual protocols spread across various protocol stack layers

Answer 144

A

TCP/IP benefits from its mechanism of encapsulation e.g.
• A wide range of protocol can be used at higher layers
• Encryption can be incorporated at various layers
• Flexibility and resilience in complex network structures is supported

Answer 145

A

covert channels are allowed, filters can be bypassed

Answer 146

A

Distributed Network Protocol

Answer 147

A

Distributed Network Protocol is used in electric and water utility management industries. It is used to support communications between data acquisition systems and system control equipment.

Answer 148

A

to buffer overflows,
SYN flood attacks, various
denial-of-service (DoS) attacks,
fragment attacks, o
versized packet attacks,
spoofing attacks,
man-in-the-middle attacks,
hijack attacks,
and coding error attacks

Answer 149

A

Domain Name System

Answer 150

A

DNS is made up of 3 layer:
• Third layer or bottom layer is the MAC address. MAC address or hardware address is a permanent physical address
• Middle layer is the IP address. IP address is a temporary logical address
• The top layer is the domain name: domain name is the computer name and it is a temporary human friendly convention assigned over or onto the IP address.

DNS links IP address and human friend Fully qualified Domain Names (FQDN): FQDN contains 3 parts i.e.
• Top Level Domain (TLD) the .com, org, edu, mil, gov
• Registered Domain name the google
• Subdomains or host name the www

Answer 151

A

Domain Name System operates over TCP and UDP Port 53

Answer 152

A

Domain Name System Security Extensions

Answer 153

A

Domain Name System Security Extensions primary function is to provide reliable authentication between devices during DNS operations.

Answer 154

A

Domain Name System (DNS) Poisoning is the act of falsifying the DNS information used by a client to reach a desired system.

Answer 155

A

as DNS Spoofing or DNS Pharming

Answer 156

A

DNS Spoofing or DNS Pharming occurs when A rogue DNS server can listen in on network traffic for any DNS query or specific DNS queries related to a target site. Then the rogue DNS server sends a DNS response to the client with false IP information. This attack requires that the rogue DNS server get its response back to the client before the real DNS server responds. Once the client receives the response from the rogue DNS server, the client closes the DNS query session, which causes the response from the real DNS server to be dropped and ignored as an out-of-session packet.

Answer 157

A

DNS Poisoning involves attacking the real DNS server and placing incorrect information into its file zone

Answer 158

A

DNS Poisoning, DNS Pharming or Spoofing, Alter host files, corrupt IP configuration.

Answer 159

A

Limit zone transfers from internal DNS servers to external DNS Severs.
• Deploy Network intrusion Detection Systems (NIDS) to watch for abnormal DNS traffic
• Harden all DNS Servers
• Use DNSSEC to secure your DNS infrastructure
• Require internal clients to resolve all domain names through internal DNS.

Answer 160

A

Pharming is the malicious redirection of a valid website’s URL or IP address to a fake website that holds a false version of the original valid site.

Answer 161

A

Domain Hijacking or Domain Theft is the malicious action of changing the registration of a domain name without the authorization of the valid user. Sometimes when another person registers a domain name immediately after the original owner’s registration expires, it is called domain hijacking.

Answer 162

A

converged protocols is the merging of specialty or proprietary protocols with standard protocols e.g. those from TCP/IP suite.

Answer 163

A

• Fibre Channel over Ethernet (FCoE)
• Multiprotocol Label Switching (MPLS)
• Internet Small Computer System Interface (iSCSI)
• Voice over IP (VoIP)

Answer 164

A

Saves time
• Designed to handle a wide range of protocols through encapsulation

Answer 165

A

Multiprotocol Labelling Switches (MPSL) is a high throughput high performance network technology that directs data across a network based on short path labels rather than longer network addresses.

Answer 166

A

Internet Small Computer System Interface (iSCSI) is a networking storage standard based on IP.

Answer 167

A

it can be used to enable location independent storage, transmission and retrieval over LAN etc.
• It is viewed as a low cost alternative to Fibre Channel

Answer 168

A

Voice over IP is a tunnelling mechanism used to transmit voice and or data over TCP/IP.

Answer 169

A

: it is cheap
• Can be used as phone replacement
• Supports video and data transmission
• Available in commercial and open source options e.g. skype

Answer 170

A

): Software Defined Networking (SDN) is a unique approach to network operation, design and management. It is based on the theory that complexities in the traditional network device configuration often force an organisation to stick with a single device.

Answer 171

A

Software Defined Networking (SDN) is network Neutral.
• Cost effective as it is vendor neutral.
• It is effectively Network Virtualization.

Answer 172

A

Content Distribution Network or Content Delivery Network is a collection of resource services deployed in numerous data centers across the internet in order to provide low latency, high performance and high availability of hosted content example of CDN Service providers are Akamai, Amazon etc.

Answer 173

A

: this is a popular method of connecting corporate and home systems because of the ease of deployment and relatively low costs

Answer 174

A

distance eavesdropping, packet sniffing, DoS, Intrusion

Answer 175

A

Data emanation is a form of electronic eavesdropping. When data travels within a computer or through the network wires, an electromagnetic field is generated. By reading the magnetic field, unauthorized users can get the confidential data. This act is known as data emanation.

Answer 176

A

Wireless cells are areas within a physical environment where a wireless device can connect to a wireless access point

Answer 177

A

Infrastructure MODE, Ad hoc mode

Answer 178

A

Ad hoc mode means that any 2 networking devices including 2 NICs can communicate without a central control authority.

Answer 179

A

stand alone mode, wired extension, enterprise extended, bridge.

Answer 180

A

Stand alone infrastructure mode is when a wireless access point connecting wireless clients to each other but not to any wired resources

Answer 181

A

Wired extension mode occurs when the wireless access points act as a connection point to link the wireless clients to a wired network.

Answer 182

A

Enterprise Extended mode infrastructure occurs when multiple wireless access point (WAPs) are used to connect a large physical area to the same wired network.

Answer 183

A

Extended Service Set Identifiers

Answer 184

A

Bridge Mode Infrastructure occurs when a wireless connection is used to link 2 wired networks.

Answer 185

A

Service Set Identifier

Answer 186

A

Extended Service Set Identifiers (ESSID) and Basic Service Set Identifier (BSSID)

Answer 187

A

Extended Service Set ID is the name of the wireless network when a wireless base station or WAP is used (Infrastructure Mode).

Answer 188

A

Independent Service Set Identifier is the name of the wireless network when in ad hoc peer to peer mode (i.e., when Wireless Access Point WAP is not used)

Answer 189

A

SSIDs should be changed to something unique before deployment.
• SSID broadcast by WAP via a special transmission called beacon frame should be disabled. (not effective though! WPA2 should be used)

Answer 190

A

Site Survey is the process of investigating the presence, strength and reach of wireless access point deployed in an area.

Answer 191

A

Open System Authentication (OSA) and Shared Key Authentication (SKA)

Answer 192

A

Open Systems Authentication (OSA) means no real authentication is needed. As long as radio system is transmitted from the client and WAP, communications is allowed.

Answer 193

A

IEEE 802.11 standard

Answer 194

A

Wireless Equivalent Privacy (WEP) provides protection from packet sniffing and eavesdropping
• Can be configured to prevent unauthorised access.
• A hash value is used to verify that received packets weren’t modified or corrupted while in transit; thus WEP also provides integrity protection.

Answer 195

A

Wireless Equivalent Privacy (WEP)

Answer 196

A

Rivest Cipher 4 (RC4 cipher)

Answer 197

A

Wi-Fi Protected Access was designed as the replacement for WEP.

Answer 198

A

Lightweight Extensible Authentication Protocol (LEAP).

Answer 199

A

Lightweight Extensible Authentication Protocol (LEAP) and Temporal Key Integrity Protocol (TKIP)

Answer 200

A

Wifi Protected Access (WPA

Answer 201

A

Brute Force Attack

Answer 202

A

Wi-Fi Protected Access

Answer 203

A

WPA2 is a new encryption scheme known as the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES encryption scheme.

Answer 204

A

Extensible Authentication Protocol

Answer 205

A

Protected Extensible Authentication Protocol

Answer 206

A

WPA and WPA2 support the enterprise authentication known as 802.1X/EAP, a standard port- based network access control that ensures that the clients cannot communicate with a resource until proper authentication has taken place.

Answer 207

A

Extensible Authentication Protocol (EAP) allows for new authentication technologies to be compatible with existing wireless point to point connection.

Answer 208

A

PEAP encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.
• Used for securing communications over 802.11
• Can be emploted by WPA or WPA2

Answer 209

A

Lightweight Extensible Authentication Protocol (LEAP) is a Cisco proprietary alternative to Temporary Key Integrity Protocol (TKIP) for WPA. It was developed to address deficiencies in TKIP before 802.11i/WPA2 was ratified as a standard.

Answer 210

A

MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists

Answer 211

A

Temporal Key Integrity Protocol (TKIP) improvements include key mixing function that combines Initialization Vector (IV) with the secret root key before using that key with RC4 to perform encryption

Answer 212

A

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) with 128-bit key. It is a preferred standard security protocol and no attacks have been successful yet against CCMP/AES.

Answer 213

A

Captive Portal is an authentication technique that redirects a newly connected wireless web client to a portal access control page. E.g. redirection to acceptable use policy, privacy policy etc.

Answer 214

A

• War driving
• War chalking
• Replay Attack
• Initialization Vector (IV)
• Rogue Access Points
• Evil Twin

Answer 215

A

War Driving is the act of using a detection tool to look for wireless networking signals by someone who does not have authorized access to such networks.

Answer 216

A

War chalking is the act of physically marking an area with information about the presence of a wireless network. closed circle indicated a closed or secured wireless network, and two back-to-back half circles indicated an open network.

Answer 217

A

A Replay Attack is the act of retransmission of captured communications in the hope of gaining access to the targeted system.

Answer 218

A

Use Network Intrusion Detection Systems

Answer 219

A

Initialization Vector is a term for a random number.

Answer 220

A

Initialization Vector attack is an exploitation of how Initialization Vector is handled.

Answer 221

A

A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from network owner, whether added by a well-meaning employee or by a malicious attacker.

Answer 222

A

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications

Answer 223

A

spoofing attack, man in the middle. Man in The Middle (MITM) attacks can lead to session hijacking, data manipulation and credential theft and identity theft.

Answer 224

A

Intranet is a private network that is designed to host the same information services found on the internet.

Answer 225

A

An extranet is a cross between the internet an intranet. An extranet is a section of an organisation’s network that has been sectioned off so that it acts as an intranet for the private network but also serves information to the public internet. An extranet for public consumption is typically labelled a demilitarized zone (DMZ) or perimeter network

Answer 226

A

Network Segmentation

Answer 227

A

boost performance.
• Reduce communication problems
• Providing security

Answer 228

A

Network Access Control is a concept of controlling access to an environment through strict adherence to implementation of security policy

Answer 229

A

• Prevent zero day attacks
• Enforce security policy throughout the network
• Use identities to perform access control

Answer 230

A

Firewalls are essential tools for controlling and managing network traffic. It is typically deployed between a private network and link to the internet.

Answer 231

A

SACS
Static Packet Filtering Firewalls,
• Application- Level Gateway Firewalls,
• Circuit Level Gateway Firewalls
• Stateful Inspection Firewalls
• Deep Packet Inspection Firewalls

Answer 232

A

Static Packet filtering firewalls filters traffic by examining data from the message header.
• Unable to provide user authentication
• Known as fist generation firewalls
• Operate at Network Layer (Layer 3)

Answer 233

A

An Application level gateway firewall is called proxy firewall. A Proxy is a mechanism that copies packets from one network into another.
• Copy process also changes the source and destination addresses to protect the identity of internal or private network.
• They are known as second generation firewalls
• They operate at Application layer (Layer 7)

Answer 234

A

Circuit-level Gateway Firewalls are used to establish communication sessions between trusted partners.
• They operate in Session Layer (Layer 5)
• They manage communications based on the circuit

Answer 235

A

Stateful Inspection firewalls evaluate the state and the context of network traffic. They are also known as dynamic state firewalls.
• stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
• They are known as third generation firewalls
• Operate in Network and transport layers (Layer 3 and 4)

Answer 236

A

Deep Packet Inspection Firewalls is a filtering mechanism that operates typically at the application layer in order to filter payload contents of a communication rather than only on the header values.
• DPI is often integrated with application layer firewalls or stateful inspection firewalls

Answer 237

A

Next Gen Firewalls are multifunction device (MFD) composed of several security features in addition to firewall e.g. IDS, IPS, TLS/SSL proxy, VPN anchoring.

Answer 238

A

Multihomed firewalls (aka dual homed firewalls) must have 2 interfaces to filter traffic.

Answer 239

A

Bastion Hosts is a computer or appliance that is exposed on the internet and has been hardened by removing all the unnecessary elements.

Answer 240

A

Screened host is a firewall protected system logically positioned just inside a private network.

Answer 241

A

A screened subnet is a firewall protected system logically positioned inside a private network with a subnet placed between the 2 routers or firewalls and the bastion hosts is located within the subnet. This is the concept of a DMZ.

Answer 242

A

single tier, two tier, and three tier (multiplier)

Answer 243

A

End Point Security is the concept that each individual device

Answer 244

A

2 systems transmit data at the same time onto a connection medium that supports only a single transmission path.

Answer 245

A

Broadcast occurs when a single system transmits data to all possible recipients.

Answer 246

A

Collision domain is a group of networked systems that could cause a collision if any 2 (or more) of the systems in that group transmitted simultaneously.

Answer 247

A

broadcast domain is a group of networked system in which all other members receive a broadcast signal when one of the members of the group transmits it.

Answer 248

A

hubs, modems, repeaters, amplifiers and concentrators

Answer 249

A

Repeaters, concentrators, and amplifiers are used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. They operate at the physical layer (layer 1)

Answer 250

A

Hubs are used to connect multiple systems and connect network segments that use the same protocol. They operate at the physical layer (layer 1)

Answer 251

A

A Bridge is used 2 connect 2 networks together, even network of different topologies, cabling types, speeds, in order to connect network segments that use the same protocol. They operate at Data Layer (layer 2).

Answer 252

A

Switches know the addresses of the systems connected on each out bound port. Switches operate on Data Layer (Layer 2). Switches with additional features like routing operate in layer 3.

Answer 253

A

Routers are used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. They operate in the network layer (Layer 3)

Answer 254

A

Brouters are combination devices comprising a router and a bridge. A brouter attempts to route first, but if that fails, it defaults to bridging. Thus, a brouter operates primarily at layer 3 but can operate at layer 2 when necessary.

Answer 255

A

A gateway connects networks that are using different network protocols. It is also known as translators. They operate on the Application layer (Layer 7)

Answer 256

A

A proxy is a form of gateway that does not translate across protocols.

Answer 257

A

A LAN extender is a remote access, multilayer switch used to connect distant networks over WAN link

Answer 258

A

LAN & WAN

Answer 259

A

Local Area Network (LAN) is a network spanning a single floor or building

Answer 260

A

Wide Area Network (WAN) is assigned to long distance connections between geographically remote networks.

Answer 261

A

thinnet and thicknet

Answer 262

A

Network topology refers to the physical layout and organisation of computers and networking devices

Answer 263

A

logical topology refers to the grouping of networked systems into trusted collectives.

Answer 264

A

ring, bus, star, mesh

Answer 265

A

Ring topology connects each system points in a circle. The connection acts as a unidirectional transmission loop.
• Only one system can transmit at a time
• Traffic management is performed by a token

Answer 266

A

bus topology connects each system to a trunk or backbone cable.
• All systems on the bus can transmit data at a time
• It is collision prone
• To avoid collision, buses listen for other currently occurring traffic

Answer 267

A

linear and tree

Answer 268

A

Linear topology employs a single trunk line with all systems directly connected to it.

Answer 269

A

tree topology employs a single trunk line with all branches that can support multiple systems

Answer 270

A

Star topology employs a centralized connection device. This can be a hub or switch.
• The central point is a single point of failure

Answer 271

A

Mesh topology connects systems to other systems using numerous paths.
• It adds redundancy to the systems.

Answer 272

A

Frequency Hopping Spread Spectrum (FHSS) transmits data in a series while constantly changing the frequency in use.

Answer 273

A

Direct Sequence Spread Spectrum employs all the available frequencies simultaneously in parallel.

Answer 274

A

Orthogonal Frequency-Division Multiplexing (OFDM) employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission.

Answer 275

A

IEEE 802.15 refers to Bluetooth.

Answer 276

A

Personal Area Networks (PAN) connects electronic devices within the user’s immediate area e.g. Bluetooth

Answer 277

A

Bluejacking, Bluesnarfing, Bluebugging

Answer 278

A

Bluejacking allows the attacker to transmit Short Message Service (SMS) like messages to your device using Bluetooth.

Answer 279

A

Bluesnarfing allows hackers to connect to your Bluetooth devices without your knowledge and extract information.
• This attack offer hackers access to your contact list, data and conversations

Answer 280

A

Bluebugging offer attackers remote control over features and function of a Bluetooth device.

Answer 281

A

30feet but some devices can function more than 100 meters away.

Answer 282

A

Radio Frequency Identification (RFID)

Answer 283

A

Radio Frequency Identification (RFID) is a tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
• RFID can be attached to devices or integrated into their structure
• There is some concern that RFID can be a privacy-violating technology

Answer 284

A

Near Field Communications (NFC) is a standard that establishes radio communications between devices in close proximity.

Answer 285

A

Man in the middle, eavesdropping, data manipulation and replay attacks.

Answer 286

A

Personal Owned Device

Answer 287

A

Personal Electronic Device

Answer 288

A

Personal Mobile Device

Answer 289

A

Coaxial cables have a centre core of copper wire surrounded by a layer of insulation, which is surrounded by a conducive braided shielding and encased in final shielding.
• The design makes it fairly resistant to electromagnetic interference (EMI)

Answer 290

A

thinnet and thicknet

Answer 291

A

Thinnet coaxial cable (aka base 5) is used to connect systems to backbone trunks of thicknet cabling and can span 185meters.

Answer 292

A

span 500meters

Answer 293

A

bending can break the centre conductor
• Deploying cable in length greater than the recommended length.
• Not properly terminating the ends of the coaxial cable
• Not grounding at least one end of a terminated coaxial cable.

Answer 294

A

twisted pair cable is thinner than the coaxial cable and more flexible. It consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator.

Answer 295

A

Ethernet, token and Federated Distributed Data Interfaces (FDDI)

Answer 296

A

Ethernet is a shared LAN technology. It allows numerous devices to communicate over the same medium but requires that the device take turns communicating and performing collision detection and avoidance.
• Ethernet can support full duplex communications i.e. (full 2 way).
• It is employed in star and bus topologies

Answer 297

A

Token Ring employs a token passing mechanism to control which system can pass over a network medium.
• Token travels in a logical loop among all members
• Can be employed in star or ring topology
• Higher cost than ethernet
• Difficult to manage and deploy.

Answer 298

A

analogue communications occur with a continuous signal that varies in voltage etc
• Digital communications occur through the use of discontinuous electrical signal.

Answer 299

A

Baseband support a single communication channel. It uses a direct current applied to the cable

Answer 300

A

Broadband support multiple simultaneous signals.
• Broadband uses multiple simultaneous signals

Answer 301

A

• Broadcast technology supports communications to all possible recipients.
• Multicast technology supports communications to multiple specific recipients.
• Unicast technology supports only a single communication to a specific recipient.

Brainscape's Knowledge GenomeTM

Chapter 11- Secure Network Architecture and Securing Network Components Flashcards

Brainscape's Knowledge Genome^TM