Chapter 3 Exploring Network Technology and Tools Flashcards

1
Q

A use case typically describes an organizational goal and administrators enable specific protocols to meet organizational goals.

A

Protocols used for voice and video include Real-time Transport Protocol (RTP) and Secure Real-time Transport Protocol (SRTP). SRTP provides encryption, message authentication, and integrity for RTP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

File Transfer Protocol (FTP) is commonly used to transfer files over networks, but FTP does not encrypt the transmission.

A

Several encryption protocols encrypt data-in-transit to protect its confidentiality. They include File Transfer Protocol Secure (FTPS), Secure File Transfer Protocol (SFTP), Secure Shell (SSH), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SMTP sends email using TCP port 25. POP3 receives email using TCP port 110. IMAP4 uses TCP port 143. Secure POP uses TLS on port 995 (legacy) or with STARTTLS on port 110. Secure IMAP uses TLS on port 993 (legacy) or with STARTTLS on port 143.

A

HTTP uses port 80 for web traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HTTPS encrypts HTTP traffic in transit and uses port 443.

A

Directory services solutions implement Kerberos as the authentication protocol. They also use Lightweight Directory Access Protocol (LDAP) over TCP port 389 and LDAP Secure (LDAPS) over TCP port 636.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Administrators commonly connect to remote systems using SSH instead of Telnet because SSH encrypts the connection. Administrators also use Remote Desktop Protocol (RDP) to connect to remote systems using TCP port 3389.

A

The Network Time Protocol (NTP) provides time synchronization services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain Name System (DNS) provides domain name resolution. DNS zones include A records for IPv4 addresses and AAAA records for IPv6 addresses.

A

Zone data is updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Domain Name System Security Extensions (DNSSEC) provides validation for DNS responses and helps prevent DNS poisoning attacks.

A

Two command-line tools used to query DNS are nslookup and dig. Both support the axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Switches are used for network connectivity and they map media access control (MAC) addresses to physical ports.

A

Port security limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An aggregation switch connects multiple switches together in a network.

A

Routers connect networks and direct traffic based on the destination IP address. Routers (and firewalls) use rules within access control lists (ACLs) to allow or block traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Implicit deny indicates that unless something is explicitly allowed, it is denied. It is the last rule in an ACL.Host-based firewalls (sometimes called application-based) filter traffic in and out of individual hosts. Some Linux systems use iptables or xtables for firewall capabilities.

A

Network-based firewalls filter traffic in and out of a network. They are placed on the border of the network, such as between the Internet and an internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A stateless firewall controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols. Stateful firewalls filter traffic based on the state of a packet within a session.

A

A web application firewall (WAF) protects a web server against web application attacks. It is typically placed in the demilitarized zone (DMZ) and will alert administrators of suspicious events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A DMZ provides a layer of protection for servers that are accessible from the Internet.

A

An intranet is an internal network. People use the intranet to communicate and share content with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An extranet is part of a network that can be accessed by authorized entities from outside of the network.

A

NAT translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Networks use various methods to provide network segregation, segmentation, and isolation.

A

An airgap is a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Routers provide logical separation and segmentation using ACLs to control traffic.

A

Forward proxy servers forward requests for services from a client. It can cache content and record users’ Internet activity. A transparent proxy accepts and forwards requests without modifying them. A nontransparent proxy can modify or filter requests, such as filtering traffic based on destination URLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Reverse proxy servers accept traffic from the Internet and forward it to one or more internal web servers. The reverse proxy server is placed in the DMZ and the web servers can be in the internal network.

A

A unified threat management (UTM) security appliance includes multiple layers of protection, such as URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator. UTMs typically raise alerts and send them to administrators to interpret.

17
Q

Mail gateways are logically placed between an email server and the Internet. They examine and analyze all traffic and can block unsolicited email with a spam filter. Many include data loss prevention (DLP) and encryption capabilities.

A

Loop protection protects against switching loop problems, such as when a user connects two switch ports together with a cable. Spanning Tree Protocols protect against switching loops.

18
Q

Flood guards prevent MAC flood attacks on switches.

A

VLANs can logically separate computers or logically group computers regardless of their physical location. You create them with Layer 3 switches.

19
Q

Routers use rules within ACLs as an antispoofing method. Border firewalls block all traffic coming from private IP addresses.

A

SNMPv3 is used to monitor and configure network devices and uses notification messages known as traps. It uses strong authentication mechanisms and is preferred over earlier versions. SNMP uses UDP ports 161 and 162.