Chapter 11: Securing TCP/IP

Question 1

Plaintext/Cleartext

Answer 1

Data that is in an easily read or viewed format

Question 2

Symmetric-Key Algorithm

Answer 2

Any encryption method that uses the same key for both encryption and decryption.

Question 3

Assymetric-Key Algorithm

Answer 3

Any encryption method that uses different keys for encryption and decryption.

Question 4

Block Cipher

Answer 4

• An encryption algorithm in which data is encrypted in “chunks” of a certain length at a time.
• Popular in wired networks

Question 5

Stream Cipher

Answer 5

An encryption method that encrypts a single bit at a time.

Question 6

Rivest Cipher 4 (RC4)

Answer 6

Was the dominant stream cipher for a time, but now is not.

Question 7

Advanced Encryption Standard (AES)

Answer 7

A block cipher that uses a 128-bit block size and 128, 192, or 256 bit key size.

Question 8

What is the most popular form of email encryption?

Answer 8

Public-Key Cryptography

Question 9

Rivest Shamir Adleman (RSA)

Answer 9

An improved asymmetric cryptography algorithm that enables secure digital signatures.

Question 10

IPsec

Answer 10

The Network layer encryption protocol.

Question 11

Integrity

Answer 11

The process that guarantees that the data received is the same as originally sent.

Question 12

Secure Hash Algorithm (SHA)

Answer 12

The primary family of cryptographic hash functions.

Question 13

Two unsafe algorithms

Answer 13

SHA-1 and Message-Digest Algorithm version 5 (MD5)

Question 14

Nonrepudiation

Answer 14

The receiver of info has a very high confidence that the sender of a piece of info truly is who the receiver thinks.

Question 15

Digital Signature

Answer 15

An encrypted hash of a private encryption key that verifies a sender’s identity to those who receive encrypted data or messages.

Question 16

Certificate

Answer 16

A standardized type of digital signature that includes the digital signature of a third party (like GoDaddy) that guarantees that who is passing out this certificate truly is who they say they are.

Question 17

Public-Key Infrastructure (PKI)

Answer 17

The system for creating and distributing digital certificates using sites like GoDaddy, VeriSign, etc.

Question 18

Authentication

Answer 18

The process of positively identifying users trying to access data.

Question 19

Authorization

Answer 19

Defines what an authenticated user can do with data.

Question 20

Network Access Control (NAC)

Answer 20

Control over information, people, access, machines, and everything in between

Question 21

Access Control List (ACL)

Answer 21

A clearly defined list of permissions that specifies what an authenticated user may perform on a shared resource

Question 22

Mandatory Access Control (MAC)

Answer 22

Authorization method in which every resource is assigned a label that defines its security level.

Question 23

Discretionary Access Control (DAC)

Answer 23

Authorization method based on the idea that there is an owner of a resource who may at his or her discretion assign access to that resource.

Question 24

Role-Based Access Control (RBAC)

Answer 24

Authorization method that defines a user’s access to a resource based on the roles the user plays in the network environment.

Question 25

Point-to-Point Protocol (PPP)

Answer 25

Enables two point-to-point devices to connect, authenticate, and negotiate the network protocol the two devices will use.

Question 26

The 5 Distinct Phases to a PPP Connection

Answer 26

1) Link Dead: No link yet.
2) Link Establishment: Link Control Protocol (LCP) communicates with the LCP on the other side of the PPP link.
3) Authentication: Username/Password
4) Network layer protocol: LCP uses a protocol called Network Control Protocol (NCP) to make proper connections
5) Termination

Question 27

In a point-to-point connection, the side asking for the connection is the _______ and the other side is the ________.

Answer 27

Initiator, Authenticator

Question 28

Password Authentication Protocol (PAP)

Answer 28

The oldest and most basic form of authentication.

Sends the passwords in cleartext!!

Question 29

Challenge Handshake Authentication Protocol (CHAP)

Answer 29

A remote access authentication protocol that has the serving system challenge the remote client, which must provide an encrypted password.

Question 30

MSCHAP

Answer 30

The most common authentication method for dial up.

Question 31

Authentication, Authorization, and Accounting (AAA)

Answer 31

A security philosophy based upon the three words it is named with, ya know?

Question 32

Remote Authentication Dial-In User Service (RADIUS)

Answer 32

• An AAA standard created to support ISP’s with hundreds or thousands of modems in hundreds of computers to connect to a single central database.
• Either UDP 1812/1813 or UDP 1645/1646

Question 33

3 Devices of RADIUS

Answer 33

1) Radius Server that has access to usernames/passwords
2) Network Access Servers (NAS) that control the modems
3) A group of systems that dial into the network.

Question 34

What is the Microsoft RADIUS server?

Answer 34

Internet Authentication Service (IAS)

Question 35

What is the Linux RADIUS server?

Answer 35

FreeRADIUS

Question 36

Terminal Access Controller Access Control System Plus (TACACS+)

Answer 36

• A protocol developed by Cisco to support AAA in a network with many routers and switches.
• TCP port 49
• Similar to RADIUS, but separates authorization, authentication and accounting.

Question 37

Kerberos

Answer 37

An authentication standard designed to allow different operating systems and applications to authenticate each other.

Question 38

Key Distribution Center (KDC)

Answer 38

System for granting authentication in Kerberos.

Question 39

Two processes of KDC

Answer 39

1) Authentication Server (AS)

2) Ticket Granting Service (TGS)

Question 40

In Windows, the security token is called a __________.

Answer 40

Security Identifier (SID)

Question 41

EAP-PSK

Answer 41

• Most popular form of authentication in wireless networks.

- Uses a shared secret code (password or whatever) stored on the WAP and the clients

Question 42

EAP-TLS

Answer 42

• A protocol that defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client.
• Only used on wireless networks

Question 43

EAP-TTLS

Answer 43

A protocol similar to EAP-TTLS, but only uses a single server-side certificate.

Question 44

LEAP

Answer 44

Proprietary EAP used almost exclusively by Cisco wireless products.

Question 45

802.1X

Answer 45

• A port-authentication network access control mechanism for networks.
• Uses EAP

Question 46

Tunnel

Answer 46

• An encrypted link between two programs on two separate computers
• SSH creates encrypted tunnels

Question 47

SSL vs. TLS

Answer 47

SSL is limited to a few applications, whereas TLS is not limited (for the most part)

Question 48

IPsec

Answer 48

An authentication and encryption protocol suite that works at the Internet/Network layer

Question 49

Transport Mode of IPsec

Answer 49

Only the actual payload of the IP packet is encrypted, and the IP header info is readable.

Question 50

Payload

Answer 50

The primary data that is sent from a source network device to a destination network device.

Question 51

Tunnel Mode of IPsec

Answer 51

Entire IP packet is encrypted and encapsulated into another packet.

Question 52

Authentication Header (AH)

Answer 52

IPsec protocol for authentication

Question 53

Encapsulating Security Payload (ESP)

Answer 53

IPsec protocol involved in authentication and encryption

Question 54

Internet Security Association and Key Management Protocol (ISAKMP)

Answer 54

IPsec protocol used for establishing security associations that define things like the protocol used for exchanging keys.

Question 55

Two widely used key exchanging protocols

Answer 55

Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK)

Question 56

Secure Copy Protocol (SCP)

Answer 56

One of the first protocols used to transfer data securely between two hosts.

Question 57

Secure FTP (SFTP)

Answer 57

Designed as a replacement for FTP after SCP was discovered to suck.

Question 58

OpenSSH

Answer 58

A series of secure programs developed to fix SSH’s limitation of only being able to handle one session per tunnel.

Question 59

Simple Network Management Protocol (SNMP)

Answer 59

• A set of standards for communication with network devices in order to manage them.
• UDP port 161

Question 60

Management Information Base (MIB)

Answer 60

SNMP’s version of a server

Question 61

Cacti

Answer 61

An SNMP tool that enables you to query an SNMP-capable device for info.

Question 62

Lightweight Directory Access Protocol (LDAP)

Answer 62

• Tool that programs use to query and change a database

- TCP port 389

Question 63

Network Time Protocol (NTP)

Answer 63

• Gives the current time

- UDP port 123

Question 64

WANs connect nodes, such as workstations, servers, printers, and other devices, in a small geographical area on a single network.​
(A) True
(B) False

Answer 64

Answer : (B)

Question 65

A bus topology WAN is often the best option for an organization with only a few sites and the capability to use dedicated circuits.​
(A) True
(B) False

Answer 65

Answer : (A)

Question 66

The carrier’s endpoint on a WAN is called the Data Communications Equipment (DCE)​.
(A) True
(B) False

Answer 66

Answer : (A)

Question 67

T-1 cables cannot utilize straight through cables using the same wiring scheme as LAN patch cables.​
(A) True
(B) False

Answer 67

Answer : (B)

Question 68

In a PON setup, the system is considered passive because no repeaters or other devices intervene between the carrier and the customer.
(A) True
(B) False

Answer 68

Answer : (A)

Question 69

The customer’s endpoint device on the WAN is called the __________________.​

Answer 69

Answer : Data Terminal Equipment (DTE)

Question 70

Multiplexing enables a single ____________ circuit to carry 24 channels, each capable of 64 Kbps throughput.​

Answer 70

Answer : T-1

Question 71

The ________________ distributes signals to multiple endpoints via fiber-optic cable, in the case of FTTP, or via copper or coax cable.​

Answer 71

Answer : Optical Network Unit (ONU)

Question 72

If the line between the carrier and the customer experiences significant errors on a T-1, a ____________ will report this fact to the carrier.​

Answer 72

Answer : smart jack

Question 73

In ATM, a packet is called a _____________ and always consists of 48 bytes of data plus a 5 byte header.Answer : cell

Answer 73

Answer : cell

Question 74

In what type of topology is each site connected to two other sites, ​providing redundancy?
 (A) ​bus topology 
(B) ​ring topology 
(C) ​star topology 
(D) ​circle topology

Answer 74

Answer : (B)

Question 75

What is the maximum throughput of a DS3 connection?​ (A) ​1.544
(B) ​3.152
(C) ​44.736
(D) ​274.176

Answer 75

Answer : (C)

Question 76

How many channels exist in a T1 connection?​
 (A) ​1 
(B) ​24
(C) ​48 
(D) ​96

Answer 76

Answer : (B)

Question 77

In an ISDN connection, what is the size throughput did a single B channel provide?​ 
(A) ​32 Kbps 
(B) ​48 Kbps 
(C) ​64 Kbps 
(D) ​96 Kbps Answer : (C)

Answer 77

Answer : (C)

Question 78

In a PON system, an OLT contains a splitter that splits each port into how many logical channels?​ 
(A) ​16 
(B) ​32 
(C) ​64 
(D) ​96

Answer 78

Answer : (B)

Question 79

What is the size of an ATM packet?​ 
(A) ​48 bytes 
(B) ​53 bytes 
(C) ​64 bytes 
(D) ​84 bytes

Answer 79

Answer : (B)

Question 80

Which option below is an advantage of leasing a frame relay circuit over leasing a dedicated circuit?
(A) ​You are guaranteed to receive the maximum amount of bandwidth specified in the circuit contract (B) ​You pay only for the bandwidth you’ve used.
(C) ​The paths that your data will take are always known.
(D) ​Frame relay is a newly established network technology with more features than other technology.

Answer 80

Answer : (B)

Question 81

What xDSL standard is the most popular?​ 
(A) ​VDSL 
(B) ​G.Lite 
(C) ​ADSL 
(D) ​HDSL

Answer 81

Answer : (C)

Question 82

What xDSL version provides a maximum throughput of 24 Mbps downstream and 3.3 Mbps upstream? 
(A) ​VDSL 
(B) ​ADSL 
(C) ​ADSL2+M 
(D) ​HDSL

Answer 82

Answer : (C)

Question 83

​The DTE or endpoint device for a leased line is known as which device below? 
(A) ​CSU/DSU 
(B) ​cable modem 
(C) ​DSL modem 
(D) ​ISDN modem

Answer 83

Answer : (A)

Question 84

What OC level is primarily used as a regional ISP backbone, and occasionally by very large hospitals, universities, or other major enterprises?​ 
(A) ​OC-3 
(B) ​OC-12
(C) ​OC-48 
(D) ​OC-96

Answer 84

Answer : (C)

Question 85

What is the maximum amount of throughput provided by an OC-12?​ 
(A) ​51.84 Mbps 
(B) ​155.52 Mbps 
(C) ​622.08 Mbps 
(D) ​1244.16 Mbps

Answer 85

Answer : (C)

Question 86

​What is the frequency range of the C-band that is used by satellites? 
(A) ​1.5 - 2.7 GHz
 (B) ​2.7 - 3.5 GHz 
(C) ​3.4 - 6.7 GHz 
(D) ​12 - 18 GHz

Answer 86

Answer : (C)

Question 87

​What Layer 3 technology is employed by distance-vector routing protocols in which a router knows which of its interfaces a routing update and will not retransmit, or advertise, that same update on the same interface? (A) split horizon​
(B) ​round robin
(C) ​reverse path check
(D) ​spanning tree protocol

Answer 87

Answer : (A)

Question 88

What protocol is commonly used to aggregate / bond T-1 / T-3 lines? 
(A) ​STP 
(B) ​MLPPP 
(C) ​MPLS
(D) ​PPTP

Answer 88

Answer : (B)

Question 89

When copper cabling is used to carry T-1 traffic, what kind of connector is used? 
(A) ​RJ-11 
(B) ​RJ-25 
(C) ​RJ-45 
D) ​RJ-48

Answer 89

Answer : (D)

Question 90

​When using frame relay, what is the name of the identifier that routers use to determine which circuit to send frames to? 
(A) ​SVC identifier 
(B) ​data link connection identifier 
(C) ​PVC identifier 
(D) ​frame path identifier

Answer 90

Answer : (B)

Question 91

​Which version of DOCSIS provides 38 Mbps per channel and requires a minimum of 4 channels to be used?
(A) ​DOCSIS 1 
(B) ​DOCSIS 2 
(C) ​DOCSIS 3 
(D) ​DOCSIS 4

Answer 91

Answer : (C)

Question 92

​The best 802.11n signal can travel approximately how far? (A) ​1 mile
(B) ​1/2 mile
C) ​1/4 mile
(D) ​300 feet

Answer 92

Answer : (C)

Question 93

In metro settings, end-to-end, carrier-grade Ethernet networks can be established via what protocol?​ 
(A) ​Metro Carrier Transport 
(B) ​Carrier Ethernet Transport 
(C) ​Intra-city Ethernet 
(D) ​Ethernet SONET

Answer 93

Answer : (B)

Question 94

A MAN connection is also known as which two terms below?​ 
(A) ​Ethernet MAN 
(B) ​Metro Ethernet 
(C) ​Carrier Ethernet 
(D) ​Packet MAN

Answer 94

Answer :

Question 95

True or False: A WAN link is a connection between one WAN site and another site.

Answer 95

Answer: True

Question 96

WANs that use the ____ topology are only practical for connecting fewer than four or five locations.

a. tiered
b. ring
c. star
d. mesh

Answer 96

Answer: B

Question 97

In the point-to-multipoint structure of a PON, the single endpoint at the carrier’s central office is known as which of the following?

a. OLT
b. PON
c. ONU
d. FTTP

Answer 97

Answer: A .

Question 98

True or False: PVCs are dedicated, individual links.

Answer 98

Answer: False

Question 99

A ____ converts the T-Carrier frames into frames the LAN can interpret and vice versa.

a. smart jack
b. CSU
c. DSU
d. terminal adapter

Answer 99

Answer: C

Question 100

True or False: Broadband cable relies on the PSTN for transmission medium.

Answer 100

Answer: False

Question 101

____ communication occurs when the downstream throughput is higher than the upstream throughput.

a. DSU
b. CSU
c. Symmetrical
d. Asymmetrical

Answer 101

Answer: D

Question 102

____ sets ATM apart from Ethernet.

a. Fixed packet size
b. Security
c. Wiring
d. Throughput

Answer 102

Answer: A

Question 103

True or False: An advantage of SONET is its fault tolerance.

Answer 103

Answer: True

Question 104

____ orbiting satellites are the type used by the most popular satellite Internet access service providers.

Answer 104

Answer: Geosynchronous

Question 105

What is the lowest layer of the OSI model at which LANs and WANs support the same 
protocols? 
A. Layer 2 
B. Layer 3 
C. Layer 4 
D. Layer 5

Answer 105

Answer: B. Layer 3

Question 106

An organization can lease a private, _________________ that is not shared with other users,
or a _________________ that can be physically configured over shared lines in the carrier’s
cloud.
A. Permanent virtual circuit (PVC), switched virtual circuit (SVC)
B. Switched virtual circuit (SVC), dedicated line
C. Dedicated line, virtual circuit
D. Switched virtual circuit (SVC), permanent virtual circuit (PVC)

Answer 106

Answer: C. Dedicated line, virtual circuit

Question 107

Which WAN topology always sends data directly from its origin to its destination? 
A. Bus topology 
B. Ring topology 
C. Star topology 
D. Mesh topology

Answer 107

Answer: D. Mesh topology

Question 108

What protocol is used to bond multiple T-1s? 
A. LACP 
B. MLP 
C. TCP/IP 
D. SSH

Answer 108

Answer: B. MLP

Question 109

What kind of device can monitor a connection at the demarc but cannot interpret data? 
A. CSU/DSU 
B. NID 
C. NIU 
D. Smart jack

Answer 109

Answer: D. Smart jack

Question 110

What specification defined the standards for broadband cable? 
A. ATM 
B. Digital signal 
C. ANSI 
D. DOCSIS

Answer 110

Answer: D. DOCSIS

Question 111

What technology allows a user to access the Internet through the wiring of a home? 
A. Ethernet over HDMI 
B. Broadband over power line 
C. Ethernet over power line 
D. Ethernet over SONET

Answer 111

Answer: C. Ethernet over power line

Question 112

\_\_\_\_\_\_\_\_\_\_\_\_\_\_ in SONET are analogous to the \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ of T-carriers. 
A. Throughput, digital signal levels 
B. OC levels, digital signal levels 
C. QoS levels, OC levels 
D. OC levels, carrier levels

Answer 112

Answer: B. OC levels, digital signal levels

Question 113

What IEEE committee established WiMAX technologies? 
A. 802.11 
B. 802.3 
C. 802.5 
D. 802.16

Answer 113

Answer: D. 802.16

Question 114

What method do ISPs use to purposely slow down bandwidth utilization by customers? 
A. Fair access 
B. Throttling 
C. Blocking 
D. Net neutrality

Answer 114

Answer: B. Throttling