Chapter 3

Question 1

Acronym and Definition

OSI model

Answer 1

• Open Systems Interconnection model
• Describes network communications using seven layers

Question 2

What are the layers of the OSI model in order?

Answer 2

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

The lower the layer number, the closer you are to the actual wires and cabling of the network
“Please Do Not Throw Sausage Pizza Away “

Question 3

Physical layer of the OSI model

Answer 3

basic equipment of networking: copper wires, fibre optic cables, radio waves

Question 4

Data Link layer of OSI

Answer 4

• This is where network switches reside.
• Formats data into data frames and routes it between systems on the local network using their MAC addresses

Question 5

Network layer of the OSI model

Answer 5

Routers use IP addresses to send information between systems that are not on the same local network

Question 6

Transport layer of the OSI model

Answer 6

Provides end-to-end communication services for applications. TCP and UDP exist at this layer

Question 7

Session layer of the OSI model

Answer 7

establishes, manages, and terminates sessions between applications running on different devices, alowing them to commmunicate and exchange data

Question 8

Presentation layer of the OSI model

Answer 8

• Translates data into a standard format that can be understood by the application layer.
• Provides encryption, compression, and other data transformation services

Question 9

Application layer of the OSI model

Answer 9

Provides network services to application, allowing them to communicate with other applications over the network

Question 10

Acronym

MAC

Answer 10

Media Access Control

Question 11

Acronym

IP

Answer 11

Internet Protocol

Question 12

Acronym and definition

TCP

Answer 12

• Transmission Control Protocol
• A connection oriented protocol that provides guaranteed delivery

Uses three-way handshake process

Question 13

Acronym and definition

UDP

Answer 13

• User Datagram Protocol
• A connectionless protocol that provides “best effort” delivery, to deliver data without using extra traffic

Many DoS attacks use UDP

Question 14

Walkthrough the three way TCP handshake process

Answer 14

1. To start the TCP session, the client sends a SYN (synchronize) packet
2. The server responds with a SYN/ACK (synchronize/acknowledge) packet.
3. The client completes the handshake with an ACK packet to establish the connection

Question 15

Acronym

DoS

Answer 15

Denial of Service

A type of network based attack

Question 16

Acronym and Definition

ICMP

Answer 16

• Internet Control Message Protocol
• Tests basic connectivity and includes ping and tracert

Question 17

Acronym and Definition

IP

Answer 17

• Internet Protocol
• Identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
• IPv4 uses 32 bit addresses
• IPv6 uses 128 bit addresses using hexadecimal code

Question 18

Acronym and Definition

ARP

Answer 18

• Address Resolution Protocol
• Resolves IPv4 addresses to MAC addresses

Question 19

What are use cases that may be associated with different protocols

Answer 19

• Data in transit
• Email and web
• Directory
• Voice and Video
• Remote Access
• Time Synchronization
• Network Address Allocation
• Domain Name Resolution

Question 20

Acronym and Definition

FTP

Answer 20

• File Transfer Protocol
• Used to transfer files over networks in cleartext. Does NOT encrypt the transmission

This is an insecure protocol that should no longer be used to transfer data over a network

Question 21

Acronym

TFTP

Answer 21

Trivial File Transfer Protocol

Not an essential protocol so is usually disabled by administrators. Used to transfer small amounts of data.

Question 22

Acronym

SSL

Answer 22

• Secure Sockets Layer
• Used to be the primary method to secure and encrypt HTTP traffic as HTTPS and other types of traffic
• Has been compromised and is not recommended for use

Question 23

Which protocols should not be used on modern networks

Answer 23

• FTP
• TFTP
• SSL

Question 24

What are the secure alternatives for protecting data in transit?

Answer 24

• TLS
• IPsec
• SSH
• HTTPS
• FTPS

Question 25

Acronym

TLS

Answer 25

• Transport Layer Security
• Replacement for SSL
• Encrypts FTPS

Should be used in place of SSL for browsers using HTTPS

Question 26

Acronym

IPsec

Answer 26

• Internet Protocol Security
• Used to encrypt IP traffic

Question 27

Acronym

SSH

Answer 27

• Secure Shell
• Encrypts SCP and SFTP
• Uses TCP port 22

Question 28

Acronym

SFTP

Answer 28

• Secure File Transfer Protocol
• Uses SSH to transmit files in an encrypted format.

Transmits data using TCP port 22

Question 29

Acronym

FTPS

Answer 29

• File Transfer Protocol Secure
• Uses TLS to encrypt FTP traffic

Question 30

Acronym and definition

SMTP

Answer 30

• Simple Mail Transfer Protocol
• Transfers email between clients and SMTP servers

• TCP port 25 for unencrypted email
• SMTPS uses TCP port 587 for encrypted

Question 31

Acronym

POP3

Answer 31

• Post Office Protocol
• Transfers emails from servers to end users

• TCP Port 110 for unencrypted connections
• TCP Port 995 for encrypted connections

Question 32

Acronym

IMAP

Answer 32

• Internet Message Access Protocol
• Used to store email on a mail server and allows users to organize and manage email in folders on the server

• TCP Port 143 for unencrypted connections
• TCP Port 993 for encrypted connection

Question 33

Acronym

HTTP

Answer 33

• Hypertext Transfer Protocol
• Transmits unencrypted web traffic between web servers and browsers

• TCP Port 80

Question 34

Acronym

HTTPS

Answer 34

• Hypertext Transfer Protocol Secure
• Adds TLS encryption

• Port 443

Question 35

Acronym and Definition

SPF

Answer 35

• Sender Policy Framework
• Uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain

Question 36

Acronym and Definition

DKIM

Answer 36

• DomainKeys Identified Mail
• Uses Public key cryptography to sign and verify an email’s domain and content

Question 37

Acronym

DMARC

Answer 37

Domain-based Message Authentication, Reporting, and Conformance

Question 38

What protocols protect users from spam, phising and other types of email based attacks?

Answer 38

SPF, DKIM, and DMARC

Question 39

What are email gateways

Answer 39

Network devices or software applications that filter incoming and outgoing emails for spam malware and other types of threats

Question 40

What port does LDAP use?

Answer 40

Port 389

Question 41

What port does LDAPS use?

Answer 41

Port 636

Question 42

Acronym and Definition

(AD DS)

Answer 42

• Microsoft Active Directory Domain Services
• Provide authentication and authorization services for a network

Question 43

What does AD DS use when querying the directory?

Answer 43

LDAPS
(LDAP encrypted with TLS)

Question 44

What protocol is commonly used as the underlying protocol with live and video streaming?

Answer 44

UDP

Question 45

Acronym and Definition

RTP

Answer 45

• Real-time Transport Protocol
• Delivers audio and video over IP networks

Question 46

Acronym

VoIP

Answer 46

Voice over Internet Protocol

Question 47

Acronym and Definition

SRTP

Answer 47

• Secure Real-time Transport Protocol
• Provides encryption, message authentication, and integrity for RTP

Question 48

Acronym and Definition

SIP

Answer 48

• Session Initiation Protocol
• Used to initiate, maintain, and terminate voice, video and messaging sessions

Question 49

What do VoIP logs show?

Answer 49

• Timestamps
• Caller phone numbers
• Recipient phone numbers
• extensions (if used)
• missed calls

Question 50

What do SIP log files show?

Answer 50

• Timestamps
• Sender IP addresses
• Recipient IP addresses

Question 51

Acronym

GPO

Answer 51

Group Policy Object

Question 52

Acronym

RDP

Answer 52

Remote Desktop Protocol

Question 53

What TCP port does RDP use?

Answer 53

Port 3389

Question 54

Why do administrators use SSH instead of Telnet

Answer 54

Telnet sends data including usernames and passwords over the network in cleartext while SSH encrypts the data

Question 55

What is OpenSSH

Answer 55

• A suite of tools that simplifies the use of SSH to connect to remote servers securely
• Supports authentication using a passwordless SSH login

Question 56

Acronym and Definition

DHCP

Answer 56

• Dynamic Host Configuration Protocol
• Dynamically assigns IP addresses to hosts

Question 57

Acronym

ISP

Answer 57

Internet Service Provider

Question 58

Acronym

IANA

Answer 58

Internet Assigned Numbers Authority

Question 59

Acronym

IETF

Answer 59

Internet Engineering Task Force

Question 60

Acronym

DNS

Answer 60

• Domain Name System
• Resolves hostnames to IP addresses

Question 61

What are the DNS Zones and what data is kept in each zone?

Answer 61

• A : hostname and IPv4 addresses
• AAAA : hostname and IPv6 addresses
• PTR
• MX : identify mail servers
• CNAME
  *

Question 62

What port doest DNS use for zone transfers

Answer 62

TCP Port 53

Question 63

What port does DNS use for client queries

Answer 63

UDP port 53

Question 64

Acronym and Definition

DNSSEC

Answer 64

• Domain Name System Security Extensions
• Provides validation for DNS responses by adding a RRSIG

Question 65

Acronym and Definition

RRSIG

Answer 65

• Resource Record Signature
• Provides data integrity and authentication and helps prevent DNS poisoning attacks

Question 66

What is DNS poisoning?

Answer 66

An attacker modifies a DNS cache with a bogus IP address, sending users to a malicious website

Question 67

What is a host?

Answer 67

Any device with an IP address.

Also referred to as a client or a node

Question 68

What is Unicast?

Answer 68

• A method IPv4 uses to address TCP/IP traffic
• One hosts sends traffic to another host using a destination IP address

One to one traffic

Question 69

What happens to a unicast packet on a network when it is sent to a specific host?

Answer 69

Other hosts on the same network may see the packet, but they will not process it because it isn’t addressed to them.

Question 70

What is broadcast?

Answer 70

• One-to-all traffic
• Every host that receives a broadcast will process it

Question 71

What is one difference in broadcasting between switches and routers?

Answer 71

Switches pass broadcast traffic between their ports but routers do not pass broadcast traffic

Question 72

What does a switch do?

Answer 72

• Connects computers and other devices to each of its physical ports
• Map MAC addresses to physical ports

Question 73

What is port security and how does it enhance network security on switch ports?

Answer 73

Port security limits access to switch ports by:
* Limiting the number of MAC addresses allowed per port. (mac filtering)
* Disabling unused ports to prevent unauthorized access

Question 74

How does a switching loop affect a network

Answer 74

Floods a network with traffic and can disable a switch

Question 75

Acronym

STP and RSTP

Answer 75

• Spanning Tree Protocol
• Rapid Spanning Tree Protocol

They provide both broadcast storm prevention and loop prevention for switches

Question 76

Acronym

BPDU

Answer 76

• Bridge Protocol Data Unit
• STP sends BPDU messages in a network to detect loops

Question 77

What is a BPDU guard

Answer 77

A feature that monitors the ports for any unwanted BPDU messages. If it receives any it disables the port

Blocks BPDU attacks

Question 78

What is a router

Answer 78

Connects multiple network segments into a single network and routes traffic between the segments

Question 79

Router ACLs

Answer 79

Provide basic packet filtering. They filter packets based on IP addresses, ports, and protocols

Question 80

What is implicit deny

Answer 80

The last rule in an ACL. Indicates that unless something is explicitly allowed, it’s denied

Question 81

What is the route command?

Answer 81

a command used to view and manipulate a systems routing table

Question 82

Acronym and Definition

SNMP

Answer 82

• Simple Network Management Protocol
• Monitors and manages network devices such as routers or switches

Question 83

What ports do SNMP use?

Answer 83

UDP ports 161 and 162

Question 84

What is the purpose of a host based firewall?

Answer 84

To filter incoming and outgoing traffic for a single host or between networks

Question 85

What is a stateless firewall?

Answer 85

A firewall that uses rules implemented in ACLs to identify allowed and blocked traffic

Question 86

Acronym

WAF

Answer 86

Web Application Firewall

Question 87

Acronym

NGFW

Answer 87

Next Generation Firewall

Question 88

Acronym

DMZ

Answer 88

• Demilitarized Zone also known as a screened subnet
• A security zone between a private network and the Internet

Question 89

Acronym and Definition

NAT

Answer 89

• Network Address Translation
• A protocol that translates pubilc and private IP address either way and hides IP addresses on the internal network from users on the Internet

Question 90

Dynamic NAT

Answer 90

uses multiple public IP addresses

Question 91

Static NAT

Answer 91

Uses a single public IP address in a one to one mapping

Question 92

Acronym

SCADA

Answer 92

Supervisory Control and Data Acquisition

Question 93

What is an air gap

Answer 93

An air gap isolates one network from another by ensuring there is physical space between all systems and cables

Question 94

Acronym

VLAN

Answer 94

Virtual Local Area Network

Question 95

What do proxy servers/ forward proxy servers do

Answer 95

They forward requests for services from a client

Question 96

What do reverse proxy servers do?

Answer 96

Accept traffic from the Internet and forward it to one or more internal web servers

Question 97

What is a cache?

Answer 97

Temporary storage

Question 98

Acronym

UTM

Answer 98

Unified Threat Management

Question 99

What is a jump server

Answer 99

A hardened server used to access and manage devices in a different security zone

Question 100

Acronym

ZTNA

Answer 100

• Zero Trust Network Access
• We don’t make trust decisions based on network location