Chapter 3

Question 1

TCP IP has how many layers?

Answer 1

4

Question 2

What are the layers of TCP/IP?

Answer 2

Application
Host to Host or Transport Layer
Internet Layer
Network Access Layer

Question 3

Host to host is also known as

Answer 3

Transport

Question 4

Network Access Layer is also known as

Answer 4

Link layer or Network Interface layer

Question 5

TCP/IP host

Answer 5

Any device on network running the TCP IP protocol

Question 6

Encapsulation

Answer 6

Method by which TCP/IP layers communicate

Question 7

Application layer provides which protocols?

Answer 7

HTTP, HTTPS, FTP, SMTP

Question 8

Host to host

Answer 8

consists of TCP and UDP. UDP is unreliable connectionless protocol, but faster. Responsible for acknowledging receipt of packets.

Question 9

Internet Layer is responsible for

Answer 9

routing, IP addressing and packaging

Question 10

IP

Answer 10

Internet protocol, part of Internet Layer.

Question 11

Which layer checks accuracy?

Answer 11

TCP

Question 12

Which layer checks if the destination is known?

Answer 12

IP

Question 13

If a destination is unknown, where is it sent?

Answer 13

to the router, by IP

Question 14

ICMP

Answer 14

Internet Control Message Protocol - Ping

Question 15

ICMP is part of which layer?

Answer 15

Internet

Question 16

Address Resolution Protocol is in which layer?

Answer 16

Internet

Question 17

ARP does what?

Answer 17

Resolves IPs to MAC addresses

Question 18

Network Access Layer

Answer 18

Communicates through network adapters to place packets on the physical network

Question 19

FTP port

Answer 19

21

Question 20

port 21

Answer 20

FTP

Question 21

Port 22

Answer 21

SSH and SCP

Question 22

Port 25

Answer 22

SMTP

Question 23

SMTP port

Answer 23

25

Question 24

port 110

Answer 24

POP3

Question 25

POP3 port

Answer 25

110

Question 26

DNS names port

Answer 26

Port 53

Question 27

Port 53

Answer 27

Dns Names

Question 28

Port 139

Answer 28

NetBios session

Question 29

NetBIOS session port

Answer 29

139

Question 30

IMAP port

Answer 30

143

Question 31

Port 143

Answer 31

Imap

Question 32

TCP Handshake Initiated by

Answer 32

client

Question 33

Client sends sends first message containing

Answer 33

ISN - initial sequence number, and window size

Question 34

window size

Answer 34

buffer

Question 35

Server responds to initial TCP message

Answer 35

ISN and window size

Question 36

Third part of TCP handshake

Answer 36

Client acknowledges ISN

Question 37

UDP

Answer 37

Connectionless, used for video and voice

Question 38

Tracert uses

Answer 38

ICMP

Question 39

Subnetting secures the network by

Answer 39

confining traffic, reducing traffic and broadcasts

Question 40

vlan does what

Answer 40

splits of segments of network, allows grouping of hosts by data sensitivity

Question 41

PPTP

Answer 41

Tunneling protocol, vulnerable to sniffers, negotiating connection in clear

Question 42

Layer 2 forwarding is a __ protocol

Answer 42

Tunnelling

Question 43

Layer 2 forwarding was created as a protocol for

Answer 43

dial up

Question 44

L2f should not be used for

Answer 44

WAN

Question 45

L2F provides Authentication but not

Answer 45

encryption

Question 46

Layer 2 tunneling protocol combines

Answer 46

L2f and PPTP

Question 47

Layer 2 tunneling is encrypted?

Answer 47

No, but it can be

Question 48

SSH was originally designed for

Answer 48

Unix

Question 49

IPsec is used by ______ protocols

Answer 49

tunneling

Question 50

IPSec has two modes

Answer 50

tunnel and transport

Question 51

IPSec encrypts ____ in tunnel mode

Answer 51

payload and headers

Question 52

IPSec encrypts ____ in transport mode

Answer 52

only the payload

Question 53

NAC stands for

Answer 53

Network Access Control

Question 54

NAC defines

Answer 54

criteria that a client must fulfill to access the network

Question 55

what is an appliance?

Answer 55

A self contained device requiring little configuration

Question 56

packet filter firewall blocks packets based on ____

Answer 56

ports

Question 57

a packet filter firewall may authorize specific _____ to access certain ports

Answer 57

IP addresses

Question 58

proxy firewalls are used to process requests from an ______ network

Answer 58

outside

Question 59

proxy firewalls use _____ to hide IPs

Answer 59

NAT

Question 60

Application level proxy firewall reads the actual _______

Answer 60

commands

Question 61

stateful packet inspection firewall

Answer 61

uses intelligence to monitor sessions, stateless uses no intelligence and just blocks ports

Question 62

what is a border router?

Answer 62

it connects wans and lans

Question 63

wans and lans use the same/different protocols

Answer 63

different

Question 64

Switches route packets using _____ addresses

Answer 64

MAC

Question 65

For security reasons, all user interaction with the internet should be controlled through

Answer 65

a proxy server

Question 66

IDS Activity

Answer 66

element of a data source that is of interest

Question 67

IDS Alert

Answer 67

contains information about suspicious activity

Question 68

IDS Analyzer

Answer 68

analyzes data collected by the sensor

Question 69

IDS data source

Answer 69

raw information used to detect suspicious activity

Question 70

IDS Event

Answer 70

occurrence indicating suspicious activity has occurred

Question 71

IDS manager

Answer 71

console

Question 72

IDS notification

Answer 72

how the manager tells the operator about an alert

Question 73

IDS operator

Answer 73

person responsible for the IDS

Question 74

IDS Sensor

Answer 74

Grabs raw material from the data sources

Question 75

Behavior based IDS

Answer 75

variations in behavior such as unusually high traffic, policy violations

Question 76

Signature based IDS

Answer 76

Misuse, attack signatures and audit trails

Question 77

Anomaly detection IDS

Answer 77

spots deviation from a baseline

Question 78

Heuristic IDS

Answer 78

uses algorithms to analyze traffic passing through the network

Question 79

IPS

Answer 79

Intrusion Prevention System

Question 80

IPS usually responds by

Answer 80

blocking offending IP address

Question 81

Problem with IPS is _____

Answer 81

false positives

Question 82

Best solution for a secure network is

Answer 82

place an IDS in front of AND behind a firewall

Question 83

Network based IDS

Answer 83

attaches to a point in the network where it can report on all traffic

Question 84

Logging

Answer 84

A passive response allowing administrators to evaluate the threat

Question 85

Notification

Answer 85

A passive response relaying information to the IDS operator

Question 86

Shunning

Answer 86

A passive response that ignores the threat

Question 87

Terminating processes or sessions

Answer 87

an active response to a threat

Question 88

IDS can connect to what devices

Answer 88

hub switch or tap

Question 89

Network Configuration changes

Answer 89

active response of an IDS, closing ports or instructing a border router or firewall to close traffic

Question 90

deception

Answer 90

active response of ids, send to honeypot

Question 91

active responses are the least/most implemented

Answer 91

least

Question 92

HIDS

Answer 92

Host-based IDS

Question 93

HIDS are typically active/passive

Answer 93

passive

Question 94

HIDS monitor network traffic t/f

Answer 94

False

Question 95

faillog

Answer 95

log in unix that shows failed login attempts

Question 96

lastlog

Answer 96

log in unix that shows last successful logins

Question 97

messages log

Answer 97

in unix, searched with grep to find login related entries

Question 98

wtmp

Answer 98

log in unix that shows authenticated users

Question 99

packet sniffing is also known as

Answer 99

protocol analyzing

Question 100

one of the best traffic analyzers is

Answer 100

snort

Question 101

UTM

Answer 101

Unified Threat Management (appliance)

Question 102

Smartscreen filter

Answer 102

phishing url blocker from IE

Question 103

Web application firewall

Answer 103

appliance that blocks traffic to and from webservers

Question 104

WAFs operate at the _____ level of the OSI model

Answer 104

highest

Question 105

WAFs are similar to

Answer 105

IPS

Question 106

WAFs are superior/inferior to IPSs

Answer 106

Superior

Question 107

FTP uses TCP/UDP

Answer 107

Only TCP

Question 108

SSH and SCP use TCP/UDP

Answer 108

both

Question 109

SMTP uses TCP/UDP

Answer 109

Only TCP

Question 110

HTTP uses TCP/UDP

Answer 110

both

Question 111

POP3 uses TCP/UDP

Answer 111

only TCP

Question 112

Netbios uses TCP/UDP

Answer 112

both

Question 113

IMAP uses TCP/UDP

Answer 113

both

Question 114

HTTPS uses TCP/UDP

Answer 114

TCP only

Question 115

DNS name queries use TCP/UDP

Answer 115

UDP only

Question 116

Dial up uses

Answer 116

PPP