Chapter 13: Securing the Network

Question 1

Link encryption

Answer 1

encrypts all the data along a specific communication path

Question 2

E2EE

Answer 2

End-to-end encryption

Question 3

End-to-end encryption

Answer 3

occurs at the session layer (or higher) and does not encrypt routing information, enabling attackers to learn more about a captured packet and where it is headed

Question 4

TLS

Answer 4

Transport Layer Security

Question 5

Transport Layer Security

Answer 5

E2EE protocol that provides confidentiality and data integrity for network communications

Question 6

SSL

Answer 6

Secure Sockets Layer

Question 7

Secure Sockets Layer

Answer 7

predecessor of TLS and is deprecated and considered insecure

Question 8

VPN

Answer 8

virtual private network

Question 9

virtual private network

Answer 9

secure, private connection through an untrusted network

Question 10

PPTP

Answer 10

Point-to-Point Tunneling Protocol

Question 11

Point-to-Point Tunneling Protocol

Answer 11

obsolete and insecure means of providing VPNs

Question 12

L2TP

Answer 12

Layer 2 Tunneling Protocol

Question 13

Layer 2 Tunneling Protocol

Answer 13

tunnels PPP traffic over various network types (IP, ATM, X.25) but does not encrypt the user traffic

Question 14

IPSec

Answer 14

Internet Protocol Security

Question 15

Internet Protocol Security

Answer 15

suite of protocols which provides authentication, integrity, and confidentiality protections to data at the network layer

Question 16

TLS can be used to provide … connectivity at layer … in the … model

Answer 16

TLS can be used to provide VPN connectivity at layer 5 in the OSI model

Question 17

web service

Answer 17

client/server system in which clients and servers communicate using HTTP over a network such as the Internet

Question 18

SOA

Answer 18

service-oriented architecture

Question 19

service-oriented architecture

Answer 19

a system as a set of interconnected but self-contained components which communicate with each other and with their clients through standardized protocols

Question 20

API

Answer 20

application programming interfaces

Question 21

application programming interfaces

Answer 21

establish a language which enables a system component to make a request from another component and then interpret that second component’s response

Question 22

HTTP

Answer 22

Hypertext Transfer Protocol

Question 23

Hypertext Transfer Protocol

Answer 23

TCP/IP-based communications protocol used for transferring data between a server and a client in a connectionless and stateless manner

Question 24

HTTPS

Answer 24

HTTP Secure

Question 25

HTTP Secure

Answer 25

HTTP running over TLS

Question 26

SOAP

Answer 26

Simple Object Access Protocol

Question 27

Simple Object Access Protocol

Answer 27

messaging protocol which uses XML over HTTP to enable clients to invoke processes on a remote host in a platform-agnostic way

Question 28

WS-Security or WSS

Answer 28

Web Services Security

Question 29

Web Services Security

Answer 29

a set of protocol extensions which provides message confidentiality, integrity, and authentication

Question 30

SOAP security

Answer 30

enabled by Web Services Security

Question 31

REST

Answer 31

Representational State Transfer

Question 32

Representational State Transfer

Answer 32

an architectural pattern used to develop web services without using SOAP

Question 33

DGA

Answer 33

domain generation algorithm

Question 34

domain generation algorithm

Answer 34

produces seemingly random domain names in a way which is predictable by anyone who knows the algorithm

Question 35

DNS tunneling

Answer 35

practice of encoding messages in one or a series of DNS queries or responses for exfiltrating or infiltrating data into an environment

Question 36

DNS reflection attacks

Answer 36

send a query to a server while spoofing the source address of the intended target

Question 37

DNS amplification attack

Answer 37

small queries result in very much larger responses

Question 38

DNSSEC

Answer 38

Domain Name System Security Extensions

Question 39

Domain Name System Security Extensions

Answer 39

a set of IETF standards which ensure the integrity of DNS records but not their confidentiality or availability

Question 40

DoH

Answer 40

DNS over HTTPS

Question 41

DNS over HTTPS

Answer 41

protect the privacy and confidentiality of DNS queries by sending them over HTTPS/TCP/IP instead of unsecured UDP/IP

Question 42

E-mail spoofing

Answer 42

technique used by malicious users to forge emails to appear from a legitimate source

Question 43

SASL

Answer 43

Simple Authentication and Security Layer

Question 44

Simple Authentication and Security Layer

Answer 44

protocol-independent framework for performing authentication typically used in POP3 email systems

Question 45

SPF

Answer 45

Sender Policy Framework

Question 46

Sender Policy Framework

Answer 46

email validation system; prevents email spam by detecting email spoofing by verifying sender’s IP address

Question 47

DKIM

Answer 47

DomainKeys Identified Mail

Question 48

DomainKeys Identified Mail standard

Answer 48

allows email servers to digitally sign messages so that receiving server can ensure the message is from the domain it claims to be from

Question 49

DMARC

Answer 49

Domain-based Message Authentication, Reporting and Conformance

Question 50

DMARC systems

Answer 50

use both SPF and DKIM to protect email

Question 51

S/MIME

Answer 51

Secure MIME

Question 52

S/MIME standard

Answer 52

encrypts and digitally signs email; provides secure data transmissions

Question 53

DNP3

Answer 53

Distributed Network Protocol 3

Question 54

Distributed Network Protocol 3

Answer 54

multilayer communications protocol for SCADA systems, especially those in the power sector

Question 55

CAN

Answer 55

Controller Area Network

Question 56

Controller Area Network bus

Answer 56

multilayer protocol for microcontrollers and other embedded devices to communicate with each other on a shared bus

Question 57

Converged protocols

Answer 57

started off independent and distinct from one another but converged to become one

Question 58

FCoE

Answer 58

Fibre Channel over Ethernet

Question 59

Fibre Channel over Ethernet

Answer 59

protocol encapsulation which allows Fibre Channel (FC) frames to ride over Ethernet networks

Question 60

iSCSI

Answer 60

Internet Small Computer Systems Interface

Question 61

Internet Small Computer Systems Interface protocol

Answer 61

encapsulates SCSI data in TCP segments so computer peripherals can be located at any physical distance from the computer they support

Question 62

Network segmentation

Answer 62

the practice of dividing networks into smaller subnetworks

Question 63

VLAN

Answer 63

virtual LAN

Question 64

virtual LAN

Answer 64

set of devices which behave as though they are all directly connected to the same switch when they aren’t

Question 65

VxLAN

Answer 65

virtual eXtensible LAN

Question 66

Virtual eXtensible LAN

Answer 66

network virtualization technology which encapsulates layer 2 frames onto UDP (layer 4) datagrams for distribution anywhere in the world

Question 67

SDN

Answer 67

software-defined networking

Question 68

software-defined networking

Answer 68

networking approach which relies on distributed software to separate the control and forwarding planes of a network

Question 69

SD-WAN

Answer 69

Software-defined wide area networking

Question 70

software-defined wide area networking

Answer 70

use of software (instead of hardware) to control the connectivity, management, and services between distant sites in a manner similar to SDN but applied to WANs

Question 71

VLAN hopping attack opportunity

Answer 71

an attacker is able to insert tagging values into network- and switch-based protocols with the goals of manipulating traffic at the data link layer

Question 72

VLAN hopping

Answer 72

attackers gain access to traffic in various VLAN segments; attacker can have a system act as a switch; the system understands the tagging values used in the network and trunking protocols and can insert itself between other VLAN devices and gain access to the traffic going back and forth; attackers can insert tagging values to manipulate the control of traffic at this data link layer

Question 73

Authentication Header protocol

Answer 73

provides data integrity, data origin authentication, protection from replay attacks

Question 74

Encapsulating Security Payload protocol

Answer 74

provides confidentiality, data origin authentication, data integrity

Question 75

Internet Security Association and Key Management Protocol

Answer 75

framework for security association creation and key exchange

Question 76

Internet Key Exchange

Answer 76

provides authenticated keying material for use with ISAKMP

Question 77

Secure Multipurpose Internet Mail Extensions

Answer 77

standard for encryption to provide secure data transmissions using public key infrastructure (PKI)

Question 78

WS-Security is for SOAP

Answer 78

for web services confidentiality with SOAP; not RESTful web service

Question 79

RESTful requires …. and uses … for confidentiality

Answer 79

RESTful uses HTTP and HTTP Secure (HTTPS) for confidentiality

Question 80

What is a set of IETF standards for DNS records?

Answer 80

Domain Name System Security Extensions (DNSSEC) ensures integrity and authenticity of DNS records but not their confidentiality or availability

Question 81

Best protection against email spoofing?

Answer 81

DMARC systems incorporate both SPF and DKIM to protect email

Question 82

IMAP does or does not have email protections against spoofing

Answer 82

Internet Message Access Protocol (IMAP) does NOT have any built-in protections against email spoofing

Question 83

Which is a multilayer protocol for use in SCADA systems?

Answer 83

DNP3 (Distributed Network Protocol 3 used in SCADA, specifically the power sector

Question 84

Converged protocol FACTS

Answer 84

FCoE is a converged protocol, IP convergence addresses specific type of converged protocols, certain protocols are encapsulated within each other