Chapter 4: Network

Question 1

DoS/DDoS attacks

Answer 1

The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)

Question 2

Fragment Attacks

Answer 2

In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together.

Question 3

Oversized Packet Attacks

Answer 3

Purposely sending a network packet that is larger than expected or larger than can be handled by the receiving system, causing the receiving system to fail unexpectedly.

Question 4

Spoofing

Answer 4

Faking the sending address of a transmission to gain illegal entry into a secure system.

Question 5

Man in the Middle Attacks

Answer 5

An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.

Question 6

Physical Ports

Answer 6

Physical ports are the ports on the routers, switches, servers, computers, etc. that you connect the wires, e.g., fiber optic cables, Cat5 cables, etc., to create a network.

Question 7

Logical Ports

Answer 7

A logical port (also called a socket) is little more than an address number that both ends of the communication link agree to use when transferring data. Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number. In the Application Layer of the TCP/IP model (which includes the Session, Presentation, and Application Layers of the OSI model) reside numerous application- or service-specific protocols. Data types are mapped using port numbers associated with services.

Question 8

Three ways Handshake

Answer 8

SYN, SYN-ACK, ACK

Question 9

TCP/IP

Answer 9

TCP/IP stands for Transmission Control Protocol/Internet Protocol.

TCP/IP is a set of standardized rules that allow computers to communicate on a network such as the internet.

5 layers:
- Physical Layer: The physical devices that connect computers
- Data Link Layer: Defines a common way of interpreting signals so that network devices can communicate (ex. ethernet).
- Network/Internet Layer: allows different networks to communicate with each other through devices known as routers (ex. IP).
- Transport layer: Sorts out which client and server programs are supposed to get that data. (ex. TCP, UDP)
- Application Layer: Browser, Email

Question 10

VLAN

Answer 10

Virtual Local Area Network

A logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution.

Question 11

VPN

Answer 11

Virtual Private Network

A virtual private network (VPN), built on top of existing networks, that can provide a secure communications mechanism for transmission between networks.

Question 12

WLAN

Answer 12

Wireless Local Area Network

A group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.

Question 13

Zenmap

Answer 13

The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information.

Question 14

Zero Trust

Answer 14

Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model.

Question 15

PCI DSS

Answer 15

Payment Card Industry Data Security Standard

An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers who process credit or debit card transactions.

Question 16

SMTP

Answer 16

Simple Mail Transport Protocol

The standard communication protocol for sending and receiving emails between senders and receivers. The SMTP is an application layer protocol that operates at level 7.

Question 17

Protocols

Answer 17

A set of rules (formats and procedures) to implement and control some type of association (that is, communication) between systems.

Question 18

Payload

Question 19

Packet

Answer 19

Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.

Question 20

ICMP

Answer 20

Internet Control Message Protocol

An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available.

Question 21

IPv4

Answer 21

Internal Protocol version 4

Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

Question 22

De-encapsulation

Answer 22

The opposite process of encapsulation, in which bundles of data are unpacked or revealed.

Question 23

DNS

Answer 23

Domain Name Service

This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.

Question 24

FTP

Answer 24

Port 21, File Transfer Protocol (FTP) sends the username and password using plaintext from the client to the server. This could be intercepted by an attacker and later used to retrieve confidential information from the server. The secure alternative, SFTP, on port 22 uses encryption to protect the user credentials and packets of data being transferred.

Question 25

Encapsulation

Answer 25

Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.

Question 26

Phishing

Answer 26

An attack that attempts to misdirect legitimate users to malicious websites through the abuse of URLs or hyperlinks in emails could be considered phishing.

Question 27

Trojan

Answer 27

Named after the ancient story of the Trojan horse, the Trojan is a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network. For example, ransomware often uses a Trojan to infect a target machine and then uses encryption technology to encrypt documents, spreadsheets and other files stored on the system with a key known only to the malware creator.

Question 28

Malware

Answer 28

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system or otherwise annoying or disrupting the victim.

Question 29

Ransomware

Answer 29

Malware used for the purpose of facilitating a ransom attack. Ransomware attacks often use cryptography to “lock” the files on an affected computer and require the payment of a ransom fee in return for the “unlock” code.

Question 30

Insider Threat

Answer 30

Insider threats are threats that arise from individuals who are trusted by the organization. These could be disgruntled employees or employees involved in espionage. Insider threats are not always willing participants. A trusted user who falls victim to a scam could be an unwilling insider threat.

Question 31

On-path attack (MitM):

Answer 31

In an on-path attack, attackers place themselves between two devices, often between a web browser and a web server, to intercept or modify information that is intended for one or both of the endpoints. On-path attacks are also known as man-in-the-middle (MITM) attacks.

Question 32

IDS

Answer 32

Intrusion Detection System

Question 33

HIDS

Answer 33

Host-based Intrusion Detection System

A HIDS monitors activity on a single computer, including process calls and information recorded in system, application, security and host-based firewall logs. It can often examine events in more detail than a NIDS can, and it can pinpoint specific files compromised in an attack. It can also track processes employed by the attacker. A benefit of HIDSs over NIDSs is that HIDSs can detect anomalies on the host system that NIDSs cannot detect.

Question 34

NIDS

Answer 34

Network-based Intrusion Detection System

A NIDS monitors and evaluates network activity to detect attacks or event anomalies. It cannot monitor the content of encrypted traffic but can monitor other packet details. A single NIDS can monitor a large network by using remote sensors to collect data at key network locations that send data to a central management console. These sensors can monitor traffic at routers, firewalls, network switches that support port mirroring, and other types of network taps.

Question 35

Antivirus/anti-malware

Answer 35

Seeks to identify malicious software or processes

Question 36

Scans

Answer 36

Evaluates the effectiveness of Security Controls

Question 37

Firewalls

Answer 37

Filter Network Traffic, manages and controls network traffic and protects the network

Question 38

IPS

Answer 38

Intrusion Protection System

Question 39

SIEM

Answer 39

Security management involves the use of tools that collect information about the IT environment from many disparate sources to better examine the overall security of the organization and streamline security efforts. These tools are generally known as security information and event management (or S-I-E-M, pronounced “SIM”) solutions. The general idea of a SIEM solution is to gather log data from various sources across the enterprise to better understand potential security concerns and apportion resources accordingly.

SIEM systems can be used along with other components (defense-in-depth) as part of an overall information security program.

Question 40

MOU

Answer 40

Memorandum of Understanding

Question 41

MOA

Answer 41

Memorandum of Agreement

Question 42

Network Segmentation

Answer 42

Network segmentation involves controlling traffic among networked devices. Complete or physical network segmentation occurs when a network is isolated from all outside communications, so transactions can only occur between devices within the segmented network.

Question 43

DMZ

Answer 43

Demilitarised Zone

A DMZ is a network area that is designed to be accessed by outside visitors but is still isolated from the private network of the organization. The DMZ is often the host of public web, email, file and other resource servers.

Question 44

Defence in Depth

Answer 44

Defense in depth uses multiple types of access controls in literal or theoretical layers to help an organization avoid a monolithic security stance.

Question 45

NAC

Answer 45

Network Access Control

Network access control (NAC) is a security solution that enforces policy on devices that access networks to increase network visibility and reduce risk.

Question 46

Micro-segmentation

Answer 46

Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places firewall at every connection point.

Question 47

OSI

Answer 47

The OSI model organises communicating systems according to 7 layers:
- Physical layer:
- Data Link layer
- Network layer
- Transport layer
- Session layer
- Presentation layer
- Application layer

Question 48

IP

Answer 48

The Internet Protocol (IP) is a set of requirements for addressing and routing data on the Internet. IP can be used with several transport protocols, including TCP and UDP. Protocols. Network layer. How Internet works. Internet Protocol (IP) is known to be a level 3 protocol.

Question 49

SNMP

Answer 49

Simple Network Management Protocol (SNMP) is a protocol used to configure and monitor devices attached to networks. It is an application-level protocol (level 7), and therefore the only option that is not from level 3.

Question 50

IGMP

Answer 50

The Internet Group Management Protocol (IGMP) is a protocol that allows several devices to share one IP address so they can all receive the same data. IGMP is a network layer protocol used to set up multicasting on networks that use the Internet Protocol version 4 (IPv4). Specifically, IGMP allows devices to join a multicasting group.

Question 51

Ranges of Private IP addresses

Answer 51

The ranges of IP addresses 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254, and 192.168.0.0 to 192.168.255.254 are reserved for private use

Question 52

Port 80

Answer 52

Port 80 is reserved for plain HTTP connections.

Question 53

Port 69

Answer 53

Port 69 is reserved for TFTP protocol.

Question 54

Port 25

Answer 54

Port 25 is reserved for SMTP protocol.

Question 55

Port 443

Answer 55

Port 443 is reserved for HTTPS connections.

Question 56

IPv6

Answer 56

An IPv6 address is a 128-bit address represented as a sequence of eight groups of 16-bit hexadecimal values.

Example: 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a

Question 57

Subnet mask

Answer 57

A subnet mask is a number that distinguishes between the network address and the host address. Subnetting divides a network into two or more subnets

Question 58

Standard temperature for server room

Answer 58

• 18 to 27 Celsius
• 3 temperature sensors: one at the top, one in the middle and one at the bottom.

Question 59

APT

Answer 59

Advanced Persistent Threat

Question 60

Port numbers ranges

Answer 60

Port numbers are divided into three ranges:

• Known Ports (0-1023)
• Registered Ports (1024-49151)
• Dynamic or Private Ports (49152-65535).

The dynamic or private ports are those from 49152 to 65535. These ports are typically used for ephemeral ports, which are temporary and only used for the duration of a specific communication session

Question 61

Ping command

Answer 61

The ‘ping’ command is a common network diagnostic tool used to test the availability of a host by measuring the round-trip time for Internet Control Message Protocol (ICMP) echo requests messages to the target host. If the server is unavailable, ‘ping’ will display a timeout.

Question 62

Port 21

Answer 62

FTP File Transfer Protocol

Question 63

Port 22

Answer 63

SFTP Secure File Transfer Protocol

Question 64

Port 23

Answer 64

Telnet

Question 65

Port 25

Answer 65

Port 25, Simple Mail Transfer Protocol (SMTP) is the default unencrypted port for sending email messages. Since it is unencrypted, data contained within the emails could be discovered by network sniffing.

Question 66

Port 37

Answer 66

Port 37, Time Protocol, may be in use by legacy equipment and has mostly been replaced by using port 123 for Network Time Protocol (NTP). NTP on port 123 offers better error-handling capabilities, which reduces the likelihood of unexpected errors.

Question 67

Port 53

Answer 67

Port 53, Domain Name Service (DNS), is still used widely. However, using DNS over TLS (DoT) on port 853 protects DNS information from being modified in transit.

Question 68

Port 143

Answer 68

Port 143, Internet Message Access Protocol (IMAP) is a protocol used for retrieving emails. IMAP traffic on port 143 is not encrypted and susceptible to network sniffing. The secure alternative is to use port 993 for IMAP, which adds SSL/TLS security to encrypt the data between the mail client and the mail server.

Question 69

Port 161/162

Answer 69

Ports 161 and 162, Simple Network Management Protocol, are commonly used to send and receive data used for managing infrastructure devices.

Question 70

Port 445

Answer 70

Port 445, Server Message Block (SMB), is used by many versions of Windows for accessing files over the network. Files are transmitted unencrypted, and many vulnerabilities are well-known.

Question 71

Port 389

Answer 71

Port 389, Lightweight Directory Access Protocol (LDAP), is used to communicate directory information from servers to clients. This can be an address book for email or usernames for logins. The LDAP protocol also allows records in the directory to be updated, introducing additional risk.

Question 72

Port 443

Answer 72

HTTPS
HyperText Transfer Protocol Secure

Question 73

Port 445

Answer 73

SMB
Server Message Block

Question 74

Port 445

Answer 74

SMB
Server Message Block

Question 75

Port 3389

Answer 75

RDP
Remote Desktop Protocol