Chapter 3 Flashcards

1
Q

In a sniffing attack the attackers often use a:

A

protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A denial-of-service (DoS) attack is a:

A

service attack from a single source that attempts to disrupt the services provided by another system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A distributed denial-of-server (DDoS) attack includes:

A

multiple computers attacking a single targer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A poisoning attack attempts to:

A

corrupt the data stored in cache for temporary access to with different data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Transmission Control Protocol (TCP) provides:

A

connection-oriented traffic (guaranteed delivery)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Transmission Control Protocol (TCP) uses:

A

a three-way handshake process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The TCP three-way handshake process is:

A

the client sends a SYN (synchronize) packet

the server responds with a SYN/ACK (synchronize/acknowledge) packet

the client completes the third part of the handshake with an ACK packet to establish the connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

User Datagram Protocol (UDP) provides:

A

connectionless sessions (W/O a three-way handshake)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Internet Protocol (IP) identifies:

A

hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internet Control Message Protocol (ICMP) is used for:

A

testing basic connectivity and includes tools such as ping, pathping, and tracert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Many DoS attacks use:

A

ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Because of how often ICMP is used in attacks:

A

it has become common to block ICMP at firewalls and routers, which disables a ping response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Blocking ICMP prevents:

A

attackers from discovering devices in a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Address Resolution Protocol (ARP) resolves:

A

IPv4 addresses to media access control (MAC) addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Media Access Controls (MACs) are also called:

A

physical addresses, or hardware addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Once a packet gets to a destination network it uses:

A

the MAC address to get it to the correct host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

TCP/IP uses the:

A

IP address to get a packet to a destination network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Address Resolution Protocol (ARP) poisoning attacks use:

A

ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Neighbor Discovery Protocol (NDP) performs:

A

autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

UDP is commonly used instead of TCP as the underlying protocol with:

A

voice and video streaming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The Real-time Transport Protocol (RTP) delivers:

A

audio and video over IP networks. This includes VoIP, communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The Secure Real-time Transport Protocol (SRTP) provides:

A

encryption, message authentication, and integrity for RTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Secure Real-time Transport Protocol (SRTP) helps:

A

protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Secure Real-time Transport Protocol (SRTP) protects against:

A

replay attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Secure Real-time Transport Protocol (SRTP) can be used for both:

A

unicast transmissions (such as one person calling another)

multicast transmissions where one person sends traffic to multiple recipients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

In a replay attack:

A

an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Data-in-transit is:

A

any traffic sent over a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

File Transfer Protocol (FTP):

A

uploads and downloads large files to and from an FTP server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

By default, File Transfer Protocol (FTP):

A

transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

File Transfer Protocol (FTP) active mode uses:

A

TCP port 21 for control signals

TCP 20 for data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

File Transfer Protocol (FTP) passive mode (also known as PASV) uses:

A

TCP port 21 for control signals

a random TCP port for data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

If File Transfer Protocol (FTP) traffic is going through a firewall:

A

the random port is often blocked, so it is best to disable PASV in FTP clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Trivial File Transfer Protocol (TFTP) uses:

A

UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Most administrators commonly disable Trivial File Transfer Protocol (TFTP) because:

A

TFTP is not an essential protocol on most networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Secure Shell (SSH) encrypts:

A

traffic in transit and can be used to encrypt other protocols such as FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Telnet sends:

A

traffic over the network in cleartext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Administrators commonly use:

A

Secure Shell (SSH) to remotely administer systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Secure Copy (SCP) is based:

A

on SSH and is used to copy encrypted files over a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

The Secure Sockets Layer (SSL) protocol was:

A

the primary method used to secure HTTP traffic as HTTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Secure Sockets Layer (SSL) can also encrypt:

A

other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Secure Sockets Layer (SSL) is not recommended for use because:

A

it has been compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

The Transport Layer Security (TLS) protocol is:

A

the designated replacement for SSL and should be used instead of SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Many protocols that support Transport Layer Security use:

A

STARTTLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

STARTTLS is:

A

a command used to upgrade an unencrypted connection on the same port as TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Internet Protocol security (IPsec) is used to:

A

encrypt IP traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Internet Protocol security (IPsec) uses:

A

Tunnel mode to protect virtual private network (VPN) traffic and it also encapsulates and encrypts IP packet payloads

the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

IPsec includes two main components:

A

Authentication Header (AH), identified by protocol ID number 51

Encapsulating Security Payload (ESP), identified by protocol ID number 50

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Secure File Transfer Protocol (SFTP) is:

A

a secure implementation of FTP

an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

SFTP transmit:

A

data using TCP port 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

File Transfer Protocol Secure (FTPS) is:

A

an extension of FTP and uses TLS to encrypt FTP traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What ports does FTPS use?

A

some implementations of FTPS use TCP ports 989 and 990

However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A team at Google discovered a serious vulnerability with SSL that they nicknamed:

A

the POODLE attack (Padding Oracle on Downgraded Legacy Encryption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Some common use cases related to email are:

A

send and receive email

send and receive secure email

manage email folders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Some common use cases for internal employees related to the web are:

A

to provide access to the Internet

provide secure access to the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

For organizations who host web servers the common use case is:

A

to provide access to web servers by external clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Some common protocols used for email and web include:

A

Simple Mail Transfer Protocol (SMTP)

Post Office Protocol v3 (POP3) and Secure POP

Internet Message Access Protocol version 4 (IMAP4) and Secure IMAP

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol Secure (HTTPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Simple Mail Transfer Protocol (SMTP) transfers:

A

emails between clients and SMTP servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What ports do SMTP use?

A

TCP port 25

unofficially port 465 with SSL and port 587 with TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

It is recommended the SMTP use:

A

STARTTLS to initialize a secure connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Post Office Protocol v3 (POP3) transfers:

A

emails from servers down to clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What port does POP3 use?

A

TCP port 110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Secure POP3 encrypts:

A

the transmission with SSL or TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What port does Secure POP3 use?

A

TCP port 995

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

STARTTLS recommends you create a secure connection for POP3 on port:

A

110

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Internet Message Access Protocol version 4 (IMAP4) is used:

A

to store email on an email server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Internet Message Access Protocol version 4 (IMAP4) allows:

A

a user to organize and manage email in folders on the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Hypertext Transfer Protocol (HTTP) transmits:

A

web traffic on the Internet and in intranets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Web servers use HTTP to:

A

transmit web pages to clients’ web browsers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

HTTP uses which port?

A

TCP port 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Hypertext Markup Language (HTML) is:

A

the common language used to display the web pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Hypertext Transfer Protocol Secure (HTTPS):

A

encrypts web traffic to ensure it is secure while in transmit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

HTTPS is encrypted with either:

A

SSL or TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What port does HTTPS use?

A

TCP port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Network operating systems commonly use a:

A

directory service to streamline management and implement security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Microsoft Active Directory Domain Services (AD DS) provides:

A

the means for administrators to create user objects for each authorized user and computer objects for each authorized computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Many Linux administrators use Netcat when:

A

connecting to remote systems for administration, and secure the Netcat transmissions with SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Administrators and clients often use Remote Desktop Protocol (RDP) to:

A

connect to other systems from remote location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Remote Desktop Protocol (RDP) uses which ports?

A

TCP 3389 (most common)

UDP 3389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

A common reason why users are unable to connect to systems with RDP is that:

A

port 3389 is blocked on a host-based or network firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Kerberos requires all systems to be:

A

synchronized and be within five minutes of each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Network Time Protocol (NTP) is:

A

the most commonly used protocol for time synchronization, allowing systems to synchronize their time to within tens of milliseconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What is the difference between NTP and SNTP?

A

NTP uses complex algorithms and queries multiple time servers to identify the most accurate time.

SNTP does not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Network address allocation refers to:

A

allocating IP addresses to hosts within your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Most networks use Dynamic Host Configuration Protocol (DHCP) to:

A

dynamically assign IP addresses to hosts

assign other TCP/IP information, such as subnet masks, default gateways, DNS server addresses, and much more

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

IPv4 uses:

A

32-bit IP addresses expressed in dotted decimal format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

All Internet IP addresses are:

A

public IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

All internal IP addresses are:

A

private IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Public IP addresses are:

A

tightly controlled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

You can’t just use any public IP address you must either:

A

purchase or rent it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Internet Service Providers (ISPs) purchase:

A

entire ranges of IP addresses and issue them to customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Routers on the Internet include:

A

rules to drop any traffic that is coming from or going to a private IP address, so you cannot allocate private IP addresses on the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

RFC 1918 specifies the following private address ranges:

A

(10. x.y.z.) 10.0.0.0 through 10.255.255.255
(172. 16.y.z-172.31.y.z.) 172.16.0.0 through 172.31.255.255
(192. 168.y.z.) 192.168.0.0 through 192.168.255.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

The Internet Assigned Numbers Authority (IANA) assigned:

A

the last block of IPv4 addresses in February 2011

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

The Internet Engineering Task Force (IETF) created:

A

IPv6, which provides a significantly larger address space than IPv4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

IPv6 uses:

A

128-bit IP addresses expressed in hexadecimal format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Each hexadecimal character is composed of:

A

4 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

IPv6 are only allocated:

A

within private networks and not assigned to systems on the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Unique local addresses start with the prefix of:

A

fc00

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

The primary purpose of Domain Name System (DNS) is:

A

for domain name resolution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Domain Name System (DNS) resolves:

A

host names to IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

When the DNS server queries other DNS servers, it:

A

puts the answer in its cache so that it doesn’t have to do the same query again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

When clients receive answers from DNS servers, they:

A

store the answer in their cache so that they don’t have to repeat the query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

DNS servers host data in zones, which you can think of as:

A

databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

DNS zones include:

A

A

AAAA

PTR

MX

CNAME

SOA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

DNS zone A:

A

is also called a host record

this record holds the host name and IPv4 address and is the most commonly used record in a DNS server

106
Q

In a DNS zone a DNS client queries:

A

DNS with the name using a forward lookup request and DNS responds with the IPv4 address from this record

107
Q

DNS zone AAAA record holds:

A

the host name and IPv6 address

108
Q

DNS zone PTR:

A

also called a pointer record

is the opposite of an A record

109
Q

In a DNS zone PTR a DNS client queries:

A

DNS with the IP address and responds with the name

110
Q

DNS zone MX:

A

is also called mail exchange or mail exchanger

111
Q

A DNS zone MS record:

A

identifies a mail server used for email

is linked to the A record or AAAA record of a mail server

112
Q

DNS zone CNAME:

A

is also called canonical name, or alias

allows a single system to have multiple names associated with a single IP address

113
Q

The start of authority (SOA) record includes:

A

information about the DNS zone and some of its settings

114
Q

DNS clients use the Time to Live (TTL) setting to:

A

determine how long to cache DNS results

115
Q

Time to Live (TTL) times are:

A

in seconds and lower times cause clients to renew the records more often

116
Q

Most DNS servers on the Internet run:

A

Berkeley Internet Name Domain (BIND) software and run on Unix or Linux servers

117
Q

Internal networks can use BIND, but in Microsoft networks, DNS servers commonly use:

A

the Microsoft DNS software

118
Q

Occasionally, DNS servers share information with each other in a process known as a:

A

zone transfer

119
Q

In most cases, a zone transfer only:

A

includes a small number of updated records

120
Q

DNS servers use what port for zone transfers?

A

TCP port 53

121
Q

DNS servers use what port for name resolution queries?

A

UDP port 53

122
Q

DNS poisoning or DNS cache poisoning occurs when:

A

attackers modify the DNS cache with a bogus IP address

123
Q

One of the primary methods of preventing DNS cache poisoning is with:

A

Domain Name System Security Extensions (DNSSEC)

124
Q

Domain Name System Security Extensions (DNSSEC) is:

A

a suite of extensions to DNS that provides validation for DNS responses

125
Q

Domain Name System Security Extensions (DNSSEC) adds:

A

a digital signature to each record that provides data integrity

126
Q

If a DNS server receives a Domain Name System Security Extensions (DNSSEC)-enabled response with digitally signed records:

A

the DNS server knows that the response is valid

127
Q

Technicians use the nslookup (name server lookup) command to:

A

troubleshoot problems related to DNS

verify that a DNS server can resolve specific host names or fully qualified domain names (FQDNs) to IP addresses

128
Q

A fully qualified domain name (FQDN) includes:

A

the host name and the domain name

129
Q

The dig command-line tool has:

A

replaced the nslookup tool on Linux systems

130
Q

You can use the dig command to:

A

query DNS servers to verify that the DNS server is reachable and to verify that the DNS server can resolve names to IP addresses

131
Q

Ports are:

A

logical numbers used by TCP/IP to identify what server or application should handle data received by a system

132
Q

Both TCP and UDP use:

A

ports with a total of 65,536 (0 to 65,635)

133
Q

Administrators open ports on:

A

firewalls and routers to allow the associated protocol into or out of a network

134
Q

The Internet Assigned Numbers Authority (IANA) divided the ports into three ranges, as follows:

A

Well-known ports: 0-1023

Registered ports: 1024-49,151

Dynamic and private ports 49,152-65,535

135
Q

Well-known ports:

A

0-1023

commonly used protocols

136
Q

Registered ports:

A

1034-49,151

are for companies as a convenience to the IT community

can be used by a single company for a proprietary use or multiple companies for a specific standard

137
Q

Dynamic and private ports:

A

49,152-65,535

are available for use by any applications who commonly use these ports to temporarily map an application to a port. These temporary port mappings are often called ephemeral ports, indicating that they are short lived

138
Q

Combining the IP Address and the Port description:

A

At any moment, a computer could be receiving dozens of packets

Each of theses packets includes a destination IP address and a destination port

TCP/IP uses the IP address to get the packet to the computer

The computer then uses the port number to get the packet to the correct service, protocol, or application that can process it

139
Q

The server’s IP address is used to:

A

get the requesting packet from your computer to the server. The server gets the response packets back to your computer using your IP address

140
Q

Popular web servers on the Internet include:

A

Apache and Internet Information Services (IIS)

141
Q

Apache is:

A

free and runs on Unix, Linux, and Microsoft systems

142
Q

Internet Information Services (IIS) is included in:

A

Microsoft Server products

143
Q

When the web server received a packet with a destination port of 80:

A

the server sends the packet to the web server application (Apaches or IIS) that processes it and sends back a response

144
Q

TCP/IP works with the client OS to:

A

maintain a table of client-side ports. This table associates port numbers with different applications that are expecting return traffic

145
Q

Client-side ports start at:

A

port 49,152 and increment up to 65,535

146
Q

Client Ports description

A

When you use your web browser to request a page from a site, your system will record an unused client port number such as 49,152 in an internal table to handle the return traffic

When the web server returns the web page, it includes the client port as a destination port

When the client receives web page packets with a destination port of 49,152, it sends these packets to the web browser application

The browser processes the packets and displays the page

147
Q

Ports and protocol numbers are:

A

not the same thing

148
Q

Many protocols aren’t identified by:

A

the port number

149
Q

Any device with an IP address is a:

A

host, client, or node

150
Q

A common use case for a switch is:

A

to connect hosts together within a network

151
Q

A common use case for a router is to:

A

connect multiple networks together to create larger and larger networks

152
Q

The primary methods IPv4 uses when addressing TCP/IP traffic are:

A

Unicast

Broadcast

153
Q

Unicast traffic is:

A

one-to-one traffic

154
Q

Broadcast traffic is:

A

one-to-all traffic

155
Q

A switch can:

A

learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal switched connections when two computers communicate with each other

156
Q

What is a security benefit of a switch?

A

If an attacker installs a protocol analyzer on a computer attached to another port, the protocol analyzer would not capture unicast traffic going to other ports. Unlike a hub where the unicast traffic goes to all ports on a hub

157
Q

Port security limits:

A

the computers that can connect to physical ports on a switch

158
Q

At the most basic level of port security, administrators can:

A

disable unused ports

159
Q

MAC address filtering is another example of:

A

port security

160
Q

In MAC address filtering you can manually:

A

configure each port to accept traffic only from a specific MAC address

161
Q

Using the monitoring port of a switch allows you to see:

A

all traffic in or out of the switch

162
Q

Physical security protects a switch by:

A

keeping it in a secure area such as in a locked wiring closet

163
Q

A switching loop or bridge loop problem occurs when:

A

a user connects two ports of a switch together with a cable.

the switch then continuously sends and resends unicast transmissions through the switch. This disables the switch and degrades performance of the overall network

164
Q

What do many network administrators have installed and enabled for loop prevention?

A

Spanning Tree Protocol (STP)

Rapid STP (RSTP)

165
Q

A MAC flood attack attempts to:

A

overload a switch with different MAC addresses with each physical port

166
Q

In a MAC flood attack, an attacker:

A

sends a large amount of traffic with spoofed MAC addresses to the same port

167
Q

At some point in a MAC flood attack, the switch:

A

runs out of memory to store all the MAC addresses and enters a fail-open state. The switch begins to operate as a simple hub

168
Q

A flood guard protects against:

A

MAC flood attacks by limiting the amount of memory used to store MAC addresses for each port or setting the maximum number of MACs supports by a port

169
Q

A flood guard typically sends a:

A

Simple Network Management Protocol (SNMP) trap or error message in response to the alert

170
Q

A flood guard can either:

A

disable the port or restrict updates for the port

171
Q

A router connects:

A

multiple network segments together into a single network and routes traffic between the segments

172
Q

Because routers don’t pass broadcasts, they:

A

effectively reduce traffic on any single segment

173
Q

Segments separated by routers are sometimes referred to as:

A

broadcast domains

174
Q

If a network has too many computers on a single segment, broadcasts can result in:

A

excessive collisions and reduce network performance

175
Q

Most routers are:

A

physical devices, and physical routers are the most efficient

176
Q

Other than physical routers, it’s possible to add:

A

routing software to computers with more than one NIC

177
Q

Access control lists (ACLs) are:

A

rules implemented on a router (and on firewalls) to identify what traffic is allowed and what traffic is denied

178
Q

Router ACLs provide:

A

basic packet filtering

179
Q

Router ACLs filter packets based on:

A

IP addresses

ports

some protocols, such as ICMP or IPsec, based on the protocol identifiers

180
Q

What are some protocol identifiers?

A

IP addresses and networks

Logical Ports

Protocol numbers

181
Q

Implicit deny indicates:

A

that all traffic that isn’t explicitly allowed is implicitly denied

182
Q

Implicit deny is:

A

the last rule in the ACL

Some devices automatically apply the implicit deny rule as the last rule

Other devices require an administrator to place the rule at the end of the ACL manually

183
Q

Syntax of an implicit deny rule varies on different systems, but it might be something like:

A

DENY ANY ANY

DENY ALL ALL

184
Q

Attackers often use spoofing to:

A

impersonate or masquerade as someone or something else

185
Q

In the context of routers, an attacker will spoof:

A

the source IP address by replacing the actual source IP address with a different one

186
Q

You can implement antispoofing on a router by:

A

modifying the access list to allow or block IP addresses

187
Q

A network bridge connects:

A

multiple networks together and can be used instead of a router in some situations

188
Q

A bridge directs traffic based on:

A

the destination MAC address

189
Q

An aggregation switch connects:

A

multiple switches together in a network and then connects to the router to reduce the number of ports used in the router

190
Q

Aggregate simply means that:

A

you are creating something larger from smaller elements

191
Q

If you replace the bridge with a switch, the switch is an:

A

aggregation switch

192
Q

A firewall filters:

A

incoming and outgoing traffic for a single host or between networks

193
Q

A firewall can ensure:

A

only specific types of traffic are allowed into a network or host, and only specific types of traffic are allowed out of a network or host

194
Q

Host-based firewall monitors:

A

traffic going in and out of a single host, such as a server or a workstation, and can prevent intrusions into the computer via the NIC

195
Q

Personal firewalls provide:

A

valuable protection for systems against unwanted intrusions

196
Q

It’s especially important to use personal firewalls when:

A

accessing the Internet in a public place

197
Q

Connecting to a public Wi-Fi hot spot without the personal firewall enabled is:

A

risky, and never recommended

198
Q

An application-based firewall is:

A

typically software running on a system

199
Q

A network-based firewall would have:

A

two or more network interface cards (NICs) and all traffic passes through the firewall.

200
Q

Stateless firewalls use:

A

rules implemented as ACLs to identify allowed and blocked traffic

201
Q

Although rules within ACLs look a little different depending on what hardware you’re using, they generally take the following format:

A

Permission Protocol Source Destination Port

Permission (you’ll typically see this as PERMIT or ALLOW)

Protocol (you’ll typically see TCP or UDP)

Source (traffic comes from a source IP address)

Destination (traffic is addressed to a destination IP address)

Port or protocol (you’ll typically see the well-known port such as port 80 for HTTP)

202
Q

Stateful firewall inspects:

A

traffic and makes decisions based on the context, or state, of the traffic

203
Q

Stateful firewall keeps track of:

A

established sessions and inspects traffic based on its state within a session.

204
Q

A common security issue with stateless firewalls is:

A

misconfigured ACLs

205
Q

A web application firewall (WAF) is:

A

a firewall specifically designed to protect a web application, which is commonly hosted on a web server

206
Q

A web application fire can be a:

A

stand-alone appliance, or software added to another device

207
Q

Most networks have Internet connectivity, but it’s rare to connect a network directly to the Internet. Two terms that are relevant here are:

A

Intranet

Extranet

208
Q

An intranet is:

A

an internal network people use to communicate and share content with each other

209
Q

An extranet is:

A

part of a network that can be accessed by authorized entities from outside the network

210
Q

A demilitarized zone (DMZ) is a:

A

buffered zone between a private network and the Internet

211
Q

A demilitarized zone (DMZ) provides a:

A

layer of protection for these Internet-facing servers, while allowing clients to connect to them

212
Q

Network Address Translation (NAT) is a:

A

protocol that translates public IP addresses to private IP addresses and private addresses back to public

213
Q

What is Port Address Translation (PAT)?

A

a commonly used form of NAT is network address and port translation

214
Q

Some of the benefits of Network Address Translation (NAT) include:

A

Public IP addresses don’t need to be purchased for all clients

NAT hides internal computers from the Internet

Static NAT

Dynamic NAT

215
Q

Static NAT uses:

A

a single public IP address in a one-to-one mapping. It maps a private IP address with a single public IP address

216
Q

Dynamic NAT uses:

A

multiple public IP addresses in a one-to-many mapping.

217
Q

Network segregation provides:

A

basic separation

218
Q

Network segmentation refers to:

A

putting traffic on different segments

219
Q

Network isolation indicates:

A

the systems are completely separate

220
Q

Physical isolation ensures:

A

that a network isn’t connected to any other network

221
Q

Supervisory control and data acquisition (SCADA) systems are typically:

A

industrial control systems within a large facilities such as power plants or water treatment facilities

222
Q

An airgap is:

A

a metaphor for physical isolation, indicating that there is a gap of air between an isolated system and other systems

223
Q

Administrators use subnetting to:

A

divide larger IP address ranges into smaller ranges

224
Q

A Layer 2 switch uses:

A

the destination MAC address within packets to determine the destination port

225
Q

A Layer 2 switch forwards:

A

broadcast traffic to all ports on the switch

226
Q

A Layer 3 switch mimics:

A

the behavior of a router and allows network administrators to create virtual local area network (VLAN)

227
Q

A virtual local area network (VLAN) uses:

A

a switch to group several different computers into a virtual network

228
Q

A single Layer 3 switch can create:

A

multiple VLANs to separate the computers based on logical needs rather than physical location

229
Q

A media gateway is a:

A

device that converts data from the format used on one network to the format used on another network

230
Q

Many networks use proxy servers to:

A

forward requests for services (such as HTTP or HTTPS) from clients

231
Q

Proxy servers can:

A

improve performance by caching content and some proxy servers can restrict user’s access to inappropriate web sites by filtering content

232
Q

The proxy server increases:

A

the performance of Internet requests by caching each result received from the Internet

233
Q

Cache simply means:

A

“temporary storage”

234
Q

Cache could be:

A

a dedicated area of RAM, or, in some situations, it could be an area on a high-performance disk subsystem

235
Q

A transparent proxy will:

A

accept and forward request without modifying them

236
Q

A nontransparent proxy server can:

A

modify or filter requests

237
Q

A URL filter examines:

A

the requested URL and chooses to allow the request or deny the request

238
Q

A reverse proxy accepts:

A

requests from the Internet, typically for a single web server

239
Q

The reverse proxy server can be used for:

A

a single web server or a web farm of multiple servers

240
Q

When used with a web farm a reverse proxy server can act as a:

A

load balancer

241
Q

You would place the load balancer in the:

A

DMZ to accept the requests and it then forwards the requests to different servers in the web farm using a load-balancing algorithm

242
Q

An application proxy is used for:

A

specific applications and it accepts requests, forwards the requests to the appropriate server, and then sends the response to the original requestor

243
Q

Unified threat management (UTM) is a:

A

single solution that combines multiple security controls

244
Q

The overall goal of Unified threat management (UTM) is:

A

to provide better security, while also simplifying management requirements

245
Q

A United threat management (UTM) device will reduce:

A

the workload of administrators without sacrificing security

246
Q

A United threat management (UTM) security appliances combine:

A

the features of multiple security solutions into a single appliance

247
Q

A United threat management (UTM) security appliances include multiple capabilities, including:

A

URL filtering

Malware inspection

Content inspection

DDoS mitigator

248
Q

Content inspection includes:

A

a combination of different content filters

can also include a spam filter to inspect incoming email and reject spam

can also block specific types of transmissions, such as streaming audio and video, and specific types of files such as Zip files

249
Q

Content inspection monitors:

A

incoming data streams and attempts to block any malicious content

250
Q

DDoS mitigator attempts tp:

A

detect DDoS attacks and block them

251
Q

A common security issue with A United threat management (UTM) is:

A

a misconfigured content filter

252
Q

It’s common to place A United threat management (UTM) appliances at:

A

the network border, between the Internet and the intranet (or the private network)

253
Q

A mail gateway is a:

A

server that examines all incoming and outgoing email and attempts to reduce risks associated with email

254
Q

Administrators locate a mail gateway between:

A

the email server and the Internet and configure it for their purposes

255
Q

Mail gateways often include:

A

data loss prevention (DLP) capabilities

256
Q

Mail gateways examine:

A

outgoing email looking for confidential or sensitive information and block them

257
Q

What are the common use cases that you can implement with switches:

A

Prevent switching loops

Block flood attacks

Prevent unauthorized users from connecting to unused ports

Provide increased segmentation of user computers

258
Q

Simple Network Management Protocol version 3 (SNMPv3) monitors:

A

and manages network devices, such as routers or switches

259
Q

Simple Network Management Protocol version 3 (SNMPv3) modifies:

A

the configuration of the devices or have network devices report status back to a central network management system

260
Q

What are the common use cases that you can implement with routers:

A

Prevent IP address spoofing

Provide secure management of routers