Chapter 4: Network and Communications

Question 1

What are the well known/ registerd and dynamic ports

Answer 1

well known : 0 to 1023

Registered : 1024 to 49151

Dynamic: 49152 to 65535

Question 2

Name a few common session layer protocols

Answer 2

1. PAP
2. PPTP
3. Netbios
4. RPC

Question 3

What is the difference between session layer and transport layer protocols

Answer 3

Session: Application to application communication

Transport: computer to computer

Question 4

what is a key service that session layer protocols should provide

Answer 4

secure authentication capabilities

Question 5

what are the sublayers of data link

Answer 5

Logical Link Control (takes care of flow control and error checking)

Media Access control ( knows how to put the data on the wire)

Eg of MAC are 802.3 (ethernet),802.11 etc

Question 6

What are some of the protocols that work at data link layer

Answer 6

1. Point to Point protocol
2. Layer 2 tunneling protocol
3. ATM
4. FDDI
5. Ethernet
6. Token ring

Question 7

Acronym for OSI Layers

Answer 7

All People Seem To Need Data Processing

Application

Presentation

Session

Transport

Network

Datalink

Physical

Question 8

Sample application layer protocols

Answer 8

HTTP, FTP, SNMP, SMTP, TFTP

Application layer data is known as MESSAGE

Question 9

Services that work at presentation layer

Answer 9

ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI,

Question 10

Transport layer protocols

Answer 10

TCP/UDP/SPX

TCP Data - Segment

UDP Data - Datagram

Question 11

Protocols at network layer

Answer 11

IP, ICMP, IGMP, RIP, OSPF, IPX

Data at network layer is packets

Question 12

Protocols at data link layer

Answer 12

ARP, RARP,

PPP,

Serial Line internet (SLIP)

Ethernet (802.3), Token ring (802.5), Wireless ethernet (802.11)

Question 13

Protocols at physical layer

Answer 13

RS/EIA/TIA-422, 423, 449, 485, 10BaseT, 10base2, ISDN, SONET, DSL,

Question 14

What communication protocol is used by SCADA systems

Answer 14

Distributed Network Protocol 3 (DNP 3)

• Uses simple three layer model called Enhanced performance architecture (EPA)
• Corresponds to layers 2,4, 7 of OSI (roughly)

Question 15

Controller Area Network Bus (CAN Bus)

Answer 15

allows microcontrollers and other embedded devices to communicate with each other on shared bus

Used in smart/connected cars

Question 16

What is a socket

Answer 16

Socket = TCP/UDP + IP Address + Port

Question 17

how can SYN floods be prevented

Answer 17

use of SYN caches that delays the allocation of a socket untill the handshake is completed

Question 18

how can TCP session hijacking take place

Answer 18

through correctly guessing sequence number and spoofing it

Question 19

IPV4 vs IPV6

Answer 19

32 bits :: 128 bits

65535 byte packets :: 4.3 billion byts (jumbograms)

Less multicasting:: Better Mutlicasting

No unicast :: new concept of unicast

inefficient forwarding :: efficient forwarding

No labelling and QoS :: Labelling enables QoS

no security support :: supports integrity, authentication, confidentiality

Question 20

What are some of the IPV6 to IPV4 tunneling protocols

Answer 20

6 to 4 (intersite ie between two networks, hence can be used on internet)

Teredo (intersite, same as above)

Intrasite automatic tunnel addressing protocol (ISATAP)

Question 21

What are the security standards for data link layer

Answer 21

802. 1 AE - for encryption of frames
803. 1 AF - for key management and distribution
804. 1 AR - unique id for each device

Question 22

What framework does 802.1AE/F/R work with

Answer 22

802.1X EAP-TLS framework

Question 23

why is MPLS considered a converged protocol

Answer 23

MPLS is a converged protocol as it can encapsulate any higher level protocol and tunnel it over a variety of links

Question 24

Difference between bandwidth and data throughput

Answer 24

Bandwidth is the data transfer capability of a link and is associated with the available frequencies in the link and the link speed

Data throughput is the actual amount of data that can be carried acroos this link

Question 25

what affects the througput of the links

Answer 25

Data through put can be higher if compression is used. If links are congested, throughput can be lower

Question 26

synchronous vs asynchronous timing in connection links

Answer 26

Asynchronous uses start and stop bits

Synchronous timing - large amount of data in predictable manner

Asynchronous timing - data in unpredictable manner

Question 27

what is broadband

Answer 27

Any communication technology that chops us one communication channel into many is considered broadband

Question 28

what does bandwidth of a cable indicate

Answer 28

The bandwidth of a cable indicates the highest frequency range it uses eg 10BaseT uses 10 Mhz, 100 Base TX uses 80 Mhz and 1000Base T uses 100 Mhz

Question 29

how is attenuation impacted by higher frequencies

Answer 29

Effects of attenuation increase with higher frequencies. Hence cables used to transmit data at higher frequencies should have shorter cable runs

Question 30

What are the data rates of 10 Base T, 100 Base T and 1000 Base T

Answer 30

10Mbps

100Mbps

1000Mbps

Question 31

Single mode fiber vs multi-mode

Answer 31

Single mode fiber - high speed data transmission over long distances

Multimode fiber - shorter distances, can carry more data

(single mode like 2 lane highway, multimode 6 lane city road)

Question 32

Plenum vs non plenum cables

Answer 32

Plenum rated cables - jacket covers made of fluoropolymers

Non Plenum cables - usually have a polyvinyl chloride (PVC) jacket covering

Question 33

What is Maximum Transmission Unit (MTU)

Answer 33

indicates how much data a frame can carry on a particular network. Frames may need to be fragmented as well

Question 34

CSMA CD vs CSMA CA

Answer 34

CSMA/CD (collision detection) - each computer detects if wire is free before talking ie transmitting

CSMA/CA (collision avoidance) - each computer does the above and then puts a message that it is going to start to transmit and then transmit the data

Question 35

What does wireless technology use to avoid collision

Answer 35

802.11x uses CSMA/CD

Question 36

What does Internet group management protocol (IGMP) do

Answer 36

used to report multicast group membership to routers

Question 37

What is RARP used for

Answer 37

used to find IP address by diskless workstations who know their MAC address

Question 38

What is SNMP community string

Answer 38

is a password that the snmp manager uses to request data from the agent.

Snmp v3 has cryptographic functionality and is secure

Question 39

What are DNS Zones

Answer 39

DNS Namespaces are split up administratively into zones

DNS server that hosts the files for the zone is the authoritative name server for that zone

A zone may contain one or more domains

Question 40

common use of POP and IMAP

Answer 40

POP - internet based accounts (all messages are downloaded ie popped on checking for new mail)

IMAP - corporate accounts (messages are kept on server or downloaded at user requirement)

Question 41

Key points of Simple Authentication and Security Layer (SASL)

Answer 41

• Protocol independent framework
• performs authentication
• new & legacy protocols use it
• used by protocols so that they dont have to design authentication

Question 42

How does sender policy framework (SPF) work

Answer 42

• validates senders IP address (prevents spoofing)
• SPF record tags authorised mail server IDs to domain
• mail exchanges use DNS to validate the IP

Question 43

What protocol replaced Exterior Gateway Protocol (EGP)

Answer 43

Replaced by BGP

BGP uses a combination of linkstate and _distance vecto_r routing algorithms

Question 44

how does Source Routing work

Answer 44

the packets contain the routing information built in them instead of depending on a bridge or networking devices

External devices and border routers should not accept source routing as it can override the forwarding and routing tables configured in the intermediate devices

Question 45

What is 802.1Q

Answer 45

802.1Q is about how VLANs should be constructed and how tagging is to take place

Question 46

How can VLAN traffic be compromised

Answer 46

A compromised system can function as a switch and insert itself between different vlans and gain access to traffic

Question 47

What is a double tagging attack in VLANs

Answer 47

An attacker can insert vlan tags to manipulate the control of traffic at the data link layer

Question 48

What are Weaknesses of packet filtering firewalls

Answer 48

• No application specific visibility
• Limited logging
• No advanced user authentication support
• Cannot detect spoofed address
• Cannot detect packet fragmentation attacks

Question 49

What is a circuit-level proxy

Answer 49

A proxy based firewall that works at lower layers

works at session layer and monitors traffic from a network based view

Creates a communication between two systems

Question 50

What is the main feature of application level proxy

Answer 50

An application level proxy firewall has one proxy for each protocol

Question 51

What is SOCKS

Answer 51

SOCKS is an example of a circuit level proxy gateway that provides a secure channel between two computers

Question 52

Dynamic packet filtering firewall

Answer 52

• the return journey is automatically mapped as a dynamic ACL

Question 53

What are key features of Kernel proxy firewall

Answer 53

• Creates dynamic , customised network stacks when a packet needs to be evaluated.
• faster than app level proxy firewalls because all of the inspection and processing takes place at the kernel

Question 54

What is the precaution to take on a dual homed firewall configuration

Answer 54

On dual homed firewall installed on a system, underlying OS should have packet forwarding and routing turned off, else acls will be skipped

Question 55

What is a screened host

Answer 55

A screened host is a firewall that communicates directly with a perimeter router and the internal network. Also known as single tiered configuration

Question 56

what is a a screened subnet configuration

Answer 56

A screened subnet is when the screened host firewall forwards traffic to another firewall which is controlling traffic to internal network. This creates a dmz between the two firewalls. Also knownd as two tiered configuration

If three firewalls are used to create two dmzs, it is known as three tiered configuration

Question 57

What are the three approaches to SDN

Answer 57

• Open / from open networking foundation
• Api / from cisco that enhances the ONF approach
• Overlay

Question 58

how is routing done in SDN

Answer 58

the routing decisions are made by controller

Hence the networking devices behave and are referred to as switches

Question 59

What is a virtual private lan service

Answer 59

emulates a LAN over a managed IP/MPLS

Question 60

How many calls and bandwidth does T1 provide

Answer 60

T1 trunks provided 24 voice communication calls over two pairs of copper wires

this provided a 1.544mbps transmission rate

Question 61

How many T1 lines are within T3

Answer 61

T3 lines carry 28 T1 lines

Question 62

What does SONET enable

Answer 62

SONET standard enables all carriers to interconnect

SONET is standard for NorthAmerica , SDH (synchronous digital hierarchy) is the standard for rest of world

Question 63

Asynchronous transfer mode (ATM)

Answer 63

encapsulates data in fixed cells and carried over SONET

ATM is the car and SONET is the highway

Question 64

What are the Optical carrier lines and their different bandwidth values

Answer 64

OC1 - 51.84Mbps

OC3 - 155.52 Mbps

OC12 - 622.08

(3 is 3x of 1, 12 is 12x of 1)

Question 65

Speeds of E1/E3 and T1/T3

Answer 65

E1 - 2.048Mbps / E3 - 34.368 Mbps

T1 - 1.544Mbps / T3 - 44.736Mbps

Question 66

Number of channels in T1/T2/T3/T4

Answer 66

T1 - 24 channels

T2 - 96 (4 T1s)

T3 - 672 (28 T1s)

T4 - 4032 (168 T1s)

Question 67

what is the role of Channel Service Unit / Data Service Unit

Answer 67

• required when digital requirement will be used to connect a LAN to a WAN
• functions as a translator and line conditioner
• connects the lan to the service providers line

Question 68

which are the two most prominent packet switching protocols

Answer 68

Frame Relay

X.25

Question 69

How does Frame Relay and X.25 work

Answer 69

• both forwards frames across virtual circuits (VCs)
• VCs can be either permanent or switched

the frame relay cloud is the group of devices that provides switching and data communications functionality

X.25, data is divided into 128 bytes and encapsulated in high level data link control (HDLC) frames

Question 70

How does ATM (Asynchronous transfer mode) work

Answer 70

• uses cell switching
• Data segmented into fixed size cells of 53 bytes

Question 71

What are the QoS parameters in ATM

Answer 71

constant bit rate - for time sensitive apps like video

Variable bit rate - for time insensitve app, flow is uneven

Unspecified bit rate - no promise on data throughput

Available bit rate - bandwidth provided from what is left over after guaranteed rate is met

Question 72

What are the typcial three levels of QoS

Answer 72

Best effort - no guarantee

Differentiated - more b/w shorter delays

Guaranteed service - ensures specific data throughput at guaranteed speed

Question 73

What is Synchronous Data Link Control

Answer 73

• used in networks that use dedicated links
• generally in mainframe environments
• used for communication with IBM hosts in systems network architecture (SNA)

Question 74

What are the offshoots of SDLC

Answer 74

• HDLC (device to device wan communication)
• Link access procedure (LAP)
• Link access procedure - Balanced (LAP-B)

Question 75

What is the Point to Point (PPP) protocol

Answer 75

It is a WAN protocol and has two subprotocols

1. Link control protocol - establishes, maintains and configures connection
2. Network control protocol - makes sure that PPP can integrate and work with many different protocols like IP, IPX, Netbeui (if only ip traffic was to be moved then NCP would not have been required)

Question 76

How does PPP provide for user authentication

Answer 76

PPP provides user authentication through

• PAP (Password authentication protocol)
• CHAP (Challenge Handshake authentication protocol)
• EAP (Extensible authentication protocol)

Question 77

What is the High Speed Serial Interface (HSSI)

Answer 77

HSSI is an interface used to connect multiplexers and routers to high speed communication services such as ATM and Frame relay

Question 78

What is the difference between HDLC and PPP

Answer 78

HDLC - data encapsulation method for synchronous links

PPP - above plus asynchronous

Question 79

what is commanality between HDLC and PPP

Answer 79

both are used for point to point and multipoint communication

Question 80

What network should be used for time sensitive applications

Answer 80

Applications that are time sensitive such as voice and video signals need to work over an isochronous network.

An isochronous network contains the necessary protocols and devices that guarantee continuous bandwidth without interruption

Question 81

What is an example of a media gateway

Answer 81

A media gateway is the translation unit between different telecommunications network. Eg VOIP media gateways perform the conversion between TDM voice to VOIP

Question 82

What is the session initiation protocol

Answer 82

• setup and breakdown call sessions
• works over tcp as well as udp
• two components , user agent client (UAC) and user agent servers (UAS)

SIP is not used to carry actual voice or video

Question 83

What does UAC and UAS don in SIP

Answer 83

User agent client (UAC) -creates call request eg softphone or ipphone

User agent server (UAS) - handles routing and signalling

Question 84

What is Real Time Protocol (RTP)

Answer 84

• Used to carry actual voice or video
• provides standardised packe format for delivering voice and video over IP networks

Question 85

What are the 3 server roles in a SIP architecture

Answer 85

Proxy servers - relay packets within a network between the UAC and UAS

Registrar servers -centralised record of the updated locations of all the users on the network

Redirect servers - for connectivity across network zones (intraorganizational)

Question 86

Why is DSL faster than analog

Answer 86

because it uses all frequencies on the line

Question 87

what is point to point tunneling protocol userd for (PPTP)

Answer 87

• tunnel PPP connections over an IP network
• included security features
• uses Generic Routing Encapsulation (GRE) and TCP to encapsulate PPP packets and extend a PPP connection through an IP network

Question 88

What is the limitation of PPTP

Answer 88

• PPTP cannot support multiple connections within single VPN tunnel
• Hence it can be used for system to system communication and not gateway to gateway communication

Question 89

Why is PPP used over an IP network like internet

Answer 89

Point to point line devices that connect individual systems to the internet do not understand IP. So the traffic that travels over these links have to be encapsulated in PPP)

Question 90

When is Layer 2 tunneling protocol used (L2TP)

Answer 90

When PPP connection has to be carried over a non IP network eg framerelay

Question 91

At what layer does PPTP and L2TP work

Answer 91

Data Link Layer

Question 92

At what layer does IPSec work

Answer 92

Network layer

Question 93

What are the main protocols within the IPSec suite

Answer 93

1. Authentication Header (AH)- data integrity, origin authentication, protection from replay
2. Encapsulating security payload (ESP)- data integrity, origin authentication , confidentiality
3. Internet security association and Key management protocol (ISAKMP) - framework for security association creation and key exchange
4. Internet Key exchange (IKE)- provides authenticated keying material for use with ISAKMKP

Question 94

How does iterated tunneling work in IPSec

Answer 94

IPSec tunnel is tunneled through another IPSec tunnel

e.g for internal tunnel only AH is used, while for routing this tunnel over the internet , ESP is used which further tunnels the AH payload

Question 95

At what layer does TLS work

Answer 95

Session layer

Question 96

What is a TLS Portal VPN

Answer 96

an individual uses a single standard TLS connection to a website to securely access multiple network services

Question 97

what is the use of PAP/ CHAP / EAP

Answer 97

used by remote users to authenticate over PPP connections

CHAP does not need password to be transferred over the wire

Question 98

which is least to most secure among PAP/CHAP/EAP

Answer 98

PAP least secure

CHAP better secure

EAP most secure among three

Question 99

how does CHAP function

Answer 99

1. server sends a challenge (nonce)
2. client encrypts it using the password entered
3. server decrypts it basis the stored password
4. if the nonce matches, then it means same password was used to encrypt and decrypt

Question 100

What are the different authentication techniques that EAP enables

Answer 100

• OTPs,
• token cards,
• biometrics,
• kerberos,
• digital certificates and
• future mechanisms

Question 101

what all protocols can EAP be used with

Answer 101

EAP can be used with PPP, PPTP, L2TP, 802.11, 802.16 etc

Question 102

FHSS vs DHSS

Answer 102

FHSS uses frequency hopping (spectrum is split into subchannels)

DHSS uses sub bits to a message and uses all available frequencies

Question 103

OFDM

Answer 103

is a multiplexing technology and not a spread spectrum technology but is used in similar manner

Question 104

Infrastructure WLAN

Answer 104

APs connected to wired and wireless lans

APs and clients form Basis

Question 105

What is 802.11

Answer 105

Wired equivalent Privacy

Question 106

what is the 802.11i full standard also known as

Answer 106

WPA2

Question 107

What are the two modes of authentication in WEP

Answer 107

OSA - open system auth- all transactions in cleartex. No encryption

SKA shared key authentication - symmetric encryption, same key on device and AP

Question 108

What are the four major issues with WEP

Answer 108

1. static encryption keys on all devices
2. same IV values are used which leads to detection of patterns and hence the detection of keys
3. data integrity is an issue
4. WEP does not allow for mutual authentication

Question 109

how is 802.1X used in 802.11i

Answer 109

provides access control by restricting access until full authentication and authorisation have been completed

Question 110

How does TKIP address concerns with WEP

Answer 110

1. 1. addresses issue pertaining to static WEP keys
2. increases the length of the IV value
3. addresses integrity issue by using a MIC instead of a ICV

Question 111

What are the two layers to understand 802.11i

Answer 111

Upper layer - authentication using 802.1x

lower layer - encyrption using TKIP and CCMP

No network traffic is allowed to flow until the authentication is completed

Question 113

what are the 802.1x components for wireless

Answer 113

Wireless Device

Access Point

Authentication server (RADIUS)

Question 114

802.1X works on both Wired and Wireless : TRUE or FALSE

Answer 114

TRUE

Question 115

Why use 802.1x instead of or over WEP

Answer 115

WEP allows for only system authentication. Use of 802.1X over wireless allows for user authentication which provides higher degree of confidence

Question 116

Is mutual authentication allowed in WEP

Answer 116

No, only Wireless device can authenticate to AP

Question 117

How does 802.11i solve the mutual authentication issue of WEP

Answer 117

802.11i solves this issue by the use of EAP

Question 118

What encryption algorithm is used by WEP and TKIP

Answer 118

RC4 (not best fit for wireless)

Question 119

what is the other name for WPA2

Answer 119

Robust network security

Question 120

What are the different wireless LAN standards

Answer 120

802. 11b , 11Mbps, 2.4Ghz
803. 11a , 54Mbps , 5 Ghz (OFDM)
804. 11g (54 Mbps, backward compatible with 802.11b)
805. 11e QoS
806. 11f user roaming across multiple APs
807. 11h (European equivalent of 802.11a)
808. 11j (bringing together disparate standards)
809. 11 n , 100 Mhz, 5 Ghz
810. 11 ac , 1.3 Gbps, 5Ghz (longer distance)

Question 121

how to remember key 802.11 protocols

Answer 121

B.A.G n AC

Question 122

what is the wireless man standard

Answer 122

802.16

Wimax is one implementation

Question 123

what is 802.15.4

Answer 123

Wireless personal area network (PAN)

Question 124

what is the use case of 802.15.4

Answer 124

• low bandwidth
• low distances
• IoT and M2M use cases

Question 125

what is bluejacking

Answer 125

sending unsolicited message to a bluetooth listening device

Question 126

What is bluesnarfing

Answer 126

using a wireless device to break into a bluetooth enabled device

Question 127

What are the pros and cons of end to end encryption

Answer 127

Pros: message remains encrypted till destination

Cons: attackers get more information about packets

Question 128

what gets covered in link encryption

Answer 128

everything except datalink headers and trailers

Question 129

What is MIME

Answer 129

Multipurpose internet mail extension - MIME is a specification that dictates how certain file types must be handled and transferred

Question 130

What is S/MIME

Answer 130

standard for encrypting and digitally signing email

Question 131

how does PGP / Pretty Good Privacy work

Answer 131

it uses a web of trust rather than a CA authority structure

trusted users sign public keys for each other

Question 132

What is the drawbakc of PGP

Answer 132

managing keys in decentralised manner is difficult especially revocation of private key

Question 133

What is TLS

Answer 133

The open community and standardised version of SSL

Question 134

At what layer does TLS work

Answer 134

Transport

Question 135

why are cookies required

Answer 135

because HTTP is stateless protocol

Question 136

how does one protect from Syn Flood attacks

Answer 136

Delayed binding - half open connections are not tied to a socket till the three way handshake is completed.