Chapter 3: Exploring Network Technologies andTools

Question 1

A ________ typically describes an organizational goal and administrators enable specific protocols to meet organizational goals.

Answer 1

use case

Question 2

Protocols used for voice and video include _____ and ______.

Answer 2

Real-time Transport Protocol (RTP) and Secure Real-time Transport Protocol (SRTP)

Question 3

______ provides encryption, message authentication, and integrity for RTP.

Answer 3

Secure Real-time Transport Protocol (SRTP)

Question 4

______ is commonly used to transfer files over networks, but does not encrypt the transmission.

Answer 4

File Transfer Protocol (FTP)

Question 5

Several encryption protocols encrypt data-in-transit to protect its confidentiality. They include: File Transfer Protocol Secure (FTPS), Secure File Transfer Protocol (SFTP), Secure Shell (SSH), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).

Answer 5

File Transfer Protocol Secure (FTPS)
Secure File Transfer Protocol (SFTP)
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)

Question 6

Which ports do these protocols use?
SMTP 
POP3
IMAP4
Secure POP
Secure IMAP

Answer 6

SMTP sends email using TCP port 25.
POP3 receives email using TCP port 110.
IMAP4 uses TCP port 143.
Secure POP uses TLS on port 995 (legacy) or with STARTTLS on port
110.
Secure IMAP uses TLS on port 993 (legacy) or with STARTTLS on port 143.

Question 7

Which ports do these protocols use?
HTTP
HTTPS

Answer 7

HTTP uses port 80 for web traffic. HTTPS encrypts HTTP traffic in transit and uses port 443.

Question 8

Directory services solutions implement _________ as the authentication protocol. They also use ______ over TCP port 389 and _______ over TCP port 636.

Answer 8

Directory services solutions implement Kerberos as the authentication protocol. They also use Lightweight Directory Access Protocol (LDAP) over TCP port 389 and LDAP Secure (LDAPS) over TCP port 636.

Question 9

Administrators commonly connect to remote systems using SSH instead of Telnet because

Answer 9

SSH encrypts the connection.

Question 10

Administrators use Remote Desktop Protocol (RDP) to connect to remote systems using TCP port

Answer 10

3389

Question 11

The Network Time Protocol (NTP) provides

Answer 11

time synchronization services.

Question 12

Domain Name System (DNS) provides

Answer 12

domain name resolution.

Question 13

DNS zones include ____ records for IPv4 addresses and _____ records for IPv6 addresses.

Answer 13

DNS zones include A records for IPv4 addresses and AAAA records for IPv6 addresses.

Question 14

DNS uses ____ port 53 for zone transfers and ____ port 53 for DNS client queries.

Answer 14

DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries.

Question 15

Domain Name System Security Extensions (DNSSEC) provides

Answer 15

validation for DNS responses and helps prevent DNS poisoning attacks.

Question 16

Two command-line tools used to query DNS are

Answer 16

nslookup and dig. Both support the axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt.

Question 17

Switches are used for

Answer 17

network connectivity and they map media access control (MAC) addresses to physical ports.

Question 18

How to secure ports on a switch

Answer 18

Port security limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.

Question 19

An aggregation switch does what?

Answer 19

connects multiple switches together in a network.

Question 20

Routers do what?

Answer 20

connect networks and direct traffic based on the destination IP address. Routers (and firewalls) use rules within access control lists (ACLs) to allow or block traffic.

Question 21

Implicit deny indicates

Answer 21

that unless something is explicitly allowed, it is denied. It is the last rule in an ACL.

Question 22

Host-based firewalls

Answer 22

(sometimes called application-based) filter traffic in and out of individual hosts. Some Linux systems use iptables or xtables for firewall capabilities.

Question 23

Network-based firewalls

Answer 23

filter traffic in and out of a network. They are placed on the border of the network, such as between the Internet and an internal network.

Question 24

A stateless firewall

Answer 24

controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols.

Question 25

Stateful firewalls

Answer 25

filter traffic based on the state of a packet within a session.

Question 26

A web application firewall (WAF)

Answer 26

protects a web server against web application attacks. It is typically placed in the demilitarized zone (DMZ) and will alert administrators of suspicious events.

Question 27

A DMZ provides

Answer 27

a layer of protection for servers that are accessible from the Internet.

Question 28

An intranet is

Answer 28

an internal network. People use the intranet to communicate and share content with each other.

Question 29

An extranet is

Answer 29

part of a network that can be accessed by authorized entities from outside of the network.

Question 30

NAT

Answer 30

translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.

Question 31

An airgap is

Answer 31

a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network.

Question 32

Routers provide

Answer 32

logical separation and segmentation using ACLs to control traffic.

Question 33

Forward proxy servers

Answer 33

forward requests for services from a client. It can cache content and record users’ Internet activity.

Question 34

A transparent proxy

Answer 34

accepts and forwards requests without modifying them.

Question 35

A nontransparent proxy

Answer 35

can modify or filter requests, such as filtering traffic based on destination URLs.

Question 36

Reverse proxy servers

Answer 36

accept traffic from the Internet and forward it to one or more internal web servers. The reverse proxy server is placed in the DMZ and the web servers can be in the internal network.

Question 37

A unified threat management (UTM) security appliance includes multiple layers of protection, such as

Answer 37

URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator. UTMs typically raise alerts and send them to administrators to interpret.

Question 38

Mail gateways are

Answer 38

logically placed between an email server and the Internet. They examine and analyze all traffic and can block unsolicited email with a spam filter. Many include data loss prevention (DLP) and encryption capabilities.

Question 39

Loop protection protects against

Answer 39

switching loop problems, such as when a user

connects two switch ports together with a cable.

Question 40

Spanning Tree Protocols protect against

Answer 40

switching loops.

Question 41

Flood guards prevent

Answer 41

MAC flood attacks on switches.

Question 42

VLANs can

Answer 42

logically separate computers or logically group computers regardless of their physical location. You create them with Layer 3 switches.

Question 43

Routers use rules within ACLs as an

Answer 43

antispoofing method. Border firewalls block all traffic coming from private IP addresses.

Question 44

SNMPv3 is used to

Answer 44

monitor and configure network devices and uses notification messages known as traps. It uses strong authentication mechanisms and is preferred over earlier versions. SNMP uses UDP ports 161 and 162.