Chapter 3 - Understanding Devices & Infrastructure Flashcards

1
Q

Any device connected to the network that runs a TCP/IP protocol suite is called a what?

3-74

A

host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Tell me the 4 layers of the TCP/IP model, bottom up.

3-74

A

network access
internet
transport (host to host)
application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Tell me the default ports for HTTP and HTTPS.

What does HTTPS use for encryption?

3-75

A

80 and 443

SSL (Secure Socket Layer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Tell me the ports used by File Transfer Protocol.
Simple Mail Transfer Protocol.
Telnet
Domain Name System
Remote Desktop protocol
Simple Network Management Protocol
Post Office Protocol

Which layer do all of these protocols operate at?
3-76

A
20, 21
25
23
53
3389
161, 162 (trap)
110

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True or False

Antiquated protocols are those that are no longer needed and should therefore be removed because they are leaving an opening for an attacker.

3-77

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which layer does TCP and UDP operate at?

What’s the difference between them?

3-77

A

transport layer

tcp - connection oriented
udp - not connection oriented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The Internet layer is responsible for routing, IP addressing, and packaging. Tell me 3 standard protocols of the Internet layer.

3-77,78

A

Internet Protocol
Address Resolution Protocol
Internet Control Message Protocol

(IP, ARP, ICMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Network Access Layer. Tell me what it does.

3-78

A

Defines how you put data on the wire and defines what that wire is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IPv6. How many bits in an IPv6 address?

What security does it employ?

3-79

A

128

IPSec, is mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have some data that needs to be sent from PC A to PC B. Your data is going to go through an encapsulation process. Tell me the headers that get attached, in sequence, and where they get attached.

3-79

A

A TCP header gets added to the front of your Application Data.
An IP header gets placed in front of the TCP header.
A Hardware header gets placed in front of the IP header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

There are well-known TCP ports and UDP ports that we need to pay particular attention to. What are they?

3-81,82

A
21 - FTP
22 - SSH
25 - SMTP
53 - DNS
80 - HTTP
110 - POP3
139 - NetBIOS
143 - IMAP
443 - HTTPS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tell me the command you use to see which ports are active on your server.

3-83

A

netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Tell me the TCP three way handshake connection process by using acronyms.

3-86

A
  1. PC A sends SYN to PC B
  2. PC B sends SYN-ACK to PC A
  3. PC A sends ACK to PC B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the thing that allows a server or client to interface to the TCP/IP protocol suite?

3-86

A

Windows Sockets Application Programming Interface

also known as Winsock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is iSCSI?
What ports does it use?
What is it for?
What does it create?

3-87

A

Internet Small Computer Systems Interface
860 and 3260
data storage and data transfers
a SAN (storage area network)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are designing the security topology of your network, so what 3 things must you be concerned with?

3-87

A

access methods
security
technologies used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Tell me a common protocol used by Fibre Channel and tell me what is bad about it.

3-87

A

FCoE (Fibre Channel over Ethernet)

The problem with FCoE is that it is not routable at the IP layer and so it won’t work on large networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What do you use to establish a DMZ for your server?

3-87

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

If a host exists outside the DMZ and is open to the public, what kind of host is that?

3-88

A

bastion host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What do you use to subnet a network?

3-89

A

subnet mask

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can you use to hide segments of your network and therefore control access?

3-89

A

VLANs

virtual local area networks

22
Q

What is the key benefit of a VLAN from a security standpoint?

3-90

A

users with similar data sensitivity levels can be grouped together, and this helps to increase security

23
Q

What is the weakness of PPTP?

3-91

A

The negotiation of the connection is not encrypted.

24
Q
Layer 2 Forwarding.  
What does it provide? 
What does it not provide?  
Where should you NOT use it?
What port does it use?
What transport protocol does it use?

3-91

A
authentication
encryption
WAN
1701
TCP
25
Layer 2 Tunneling Protocol. Does it provide encryption? What's its port? What's its transport protocol? 3-91
no 1701, same as L2F UDP
26
SSH. What port does it use? What's its transport protocol? 3-91
22 | TCP
27
PPTP, L2F, L2TP, SSH, and IPSec. Which one doesn't belong and why? 3-91
IPSec, because unlike the others, it is NOT a tunneling protocol.
28
It is true that NAT can save IP addresses, but what else can it do? 3-93
act as a firewall, because its a proxy between your LAN and the hostile Internet
29
Tell me the 3 ranges of private IP addresses. 3-93
10. 0.0.0 - 10.255.255.255 172. 16.0.0 - 172.31.255.255 192. 168.0.0 - 192.168.255.255
30
What's the difference between NAT and PAT? 3-94
NAT - more than one public IP address | PAT - only one public IP address
31
What is NAC? 3-95
Network Access Control
32
What is the first line of defense in your network? What are its functions? 3-96
firewall packet filter proxy firewall statefull packet inspection firewall
33
How does a packet filter work? 3-97
filters traffic bases on the application type
34
You have a proxy firewall. It has 2 NICs in it. This kind of firewall is called what? 3-99
dual-homed firewall
35
Tell me the difference between an application level proxy and a circuit level proxy. 3-99
circuit level proxy does not deal with the contents of the packet. the application level proxy DOES.
36
What's the difference between stateless and stateful? 3-100
stateful is concerned with where packets came from. stateless does not care about the source.
37
What is the primary device used for connecting two networks together? 3-100
router
38
The router that ties your LAN to a WAN is a what? 3-100
border router
39
Will network segmentation increase or decrease traffic? 3-101
decrease it
40
Will you use switches internally, externally, or both? 3-102
internally only
41
In four words, tell me what a load balancer does. 3-103
It splits the traffic.
42
What can you use to connect LANs together across the Internet? 3-103
a virtual private network
43
What is the encryption system used in VPNs? 3-104
IPSec
44
What does a VPN concentrator do? 3-105
Creates remote access VPNs
45
Intrusion Detection Systems act a lot like what? What can it do in the event that the firewall gets compromised? 3-105
burglar alarms disable systems end sessions shut down the whole network
46
The process by which the IDS manager makes the operator aware of an alert is what? 3-108
notification
47
Tell me 4 different kinds of IDS. 3-109
behavior based signature based anomaly detection heuristic
48
Tell me 3 passive response strategies. 3-113
logging notification shunning
49
Tell me 3 active response strategies. 3-113,114
terminating processes or sessions network configuration changes deception (send them to the honeypot)
50
You have a host-based IDS. What 3 things will it monitor and what will it not monitor? 3-116
machine logs system events applications interactions incoming traffic to the host
51
Tell me 2 problems with HIDS. Tell me 2 benefits. 3-117
possibly compromise the system must be deployed on each system that needs it keeps checksums on file can read memory
52
Tell me 4 log files on Linux you should check for indications of an intrusion. 3-117
faillog lastlog messages wtmp