Chapter 8: Routing

Question 1

Router

Answer 1

Any piece of hardware or software that forwards packets based on their destination IP address.

Question 2

Routing Table

Answer 2

A list of paths to various networks required by routers.

Question 3

What two fields of a routing table are used to determine the route needed?

Answer 3

Destination LAN IP and Subnet Mask

Question 4

What two fields of a routing table tell the router what to do with the packet?

Answer 4

Gateway (for IP of next hop)
and
Interface (for port to use)

Question 5

If the network ID is directly connected, then the gateway field of the routing table gets set to _________

Answer 5

0.0.0.0
or
IP address of port you’re sending to

Question 6

Command to see your routing table in Linux/OSX

Answer 6

netstat -r

Question 7

Metric

Answer 7

A relative value that defines the cost of using this route. (Lowest routes win)

Question 8

Network Address Translation (NAT)

Answer 8

A means of translating a system’s IP address into another IP address before sending it out to a larger network.
Gives individual systems private IPs, and hides them behind the public IP

Question 9

Port Address Translation (PAT)

Answer 9

Form of NAT that uses port numbers to map traffic from specific machines in the network.

Question 10

NAT Translation Table

Answer 10

Special database in a NAT router that stores destination IP addresses and ephemeral source ports from outgoing packets and compares them against returning packets.

Question 11

Static NAT (SNAT)

Answer 11

Maps a single routable (public) IP address to a single machine, allowing you to access that machine from outside the network.

Question 12

Port Forwarding

Answer 12

Preventing the passage of any IP packets through any ports other than the ones prescribed by the system administrator.

Question 13

Dynamic NAT (DNAT)

Answer 13

Type of NAT in which many computers can share a pool of routable IP addresses that number fewer than the computers.

Question 14

Static Route

Answer 14

An entry in a router’s routing table that is not updated by any automatic route discovery protocols.

Question 15

Hop

Answer 15

Each time a packet goes through a router

Question 16

Possible Criteria for Determining a Metric

Answer 16

1) Hop
2) Bandwidth
3) Latency
4) Cost
5) Maximum Transmission Unit (MTU)
6) Shortest Path Bridging (SPB)
7) Administrative Distance

Question 17

Fragmentation

Answer 17

When a packet is too big and it’s broken into pieces.

Question 18

Distance Vector

Answer 18

Routing protocols that calculate the total cost to get to a particular network ID and compare that cost to the total cost of all other routes to get to that same network. It chooses the route with the lowest cost.

Question 19

Convergence

Answer 19

When routers using distance vector protocols continue sending their routing tables to each other, but the routing tables don’t change.

Question 20

What size of network is distance vector good for?

Answer 20

Smaller networks with less than 10 routers or so.

Question 21

Routing Information Protocol (RIP)

Answer 21

Distance vector routing protocol that dates from the 1980s

Question 22

Autonomous System (AS)

Answer 22

One or more networks that are governed by a single dynamic routing protocol, which provides routing for the Internet backbone.

Question 23

AS Number

Answer 23

32 bit number displayed as two 16 bit numbers separated by a dot.

Question 24

Exterior Gateway Protocols (EGP)

Answer 24

The protocols AS’s use to communicate with each other

Question 25

Interior Gateway Protocols (IGP)

Answer 25

The protocols that networks within an AS use to communicate

Question 26

Border Gateway Protocol (BGP)

Answer 26

• An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established.
• Hybrid or path vector routing protocol

Question 27

Edge-routers

Answer 27

The routers that handle AS-to-AS routing

Question 28

Route Aggregation

Answer 28

A way to simplify routing tables into manageable levels. Basically a tiering system, like a tree.

Question 29

Link State

Answer 29

Type of dynamic routing protocol that announces only changes to routing tables, as opposed to the entire routing tables.

Question 30

Open Shortest Path First (OSPF)

Answer 30

An interior gateway routing protocol developed for IP networks based on the link state algorithm.

Question 31

When you first launch OSPF-capable routers, they send out _________ called Hello packets looking for other OSPF routers

Answer 31

Link State Advertisements (LSAs)

Question 32

What is the routing protocol of choice for most large enterprise networks?

Answer 32

OSPF

Question 33

Flooding

Answer 33

When a new router is sending a lot of LSAs

Question 34

Formula for hop cost in OSPF

Answer 34

100,000,000/(bandwidth in bps)

Question 35

Area

Answer 35

A group of logically associated OSPF routers designed to maximize routing efficiency while keeping the amount of broadcast traffic well managed.

Question 36

Area ID

Answer 36

Address assigned to routers in an OSPF network to prevent flooding beyond the routers in that particular network.

Question 37

When you interconnect multiple areas, what is the area id of the backbone?

Answer 37

0 or 0.0.0.0

Question 38

Route Redistribution

Answer 38

When a multiprotocol router learns route info using on protocol and announces that info using another routing protocol.

Question 39

Intermediate System to Intermediate System (IS-IS)

Answer 39

A protocol similar to OSPF, but with support for IPv6 since inception.

Question 40

Enhanced Interior Gateway Routing Protocol (EIGRP)

Answer 40

Cisco’s proprietary hybrid protocol that has elements of both distance vector and link state routing.

Question 41

Yost Cable

Answer 41

A cable used to interface with a Cisco device

Question 42

Managed Device

Answer 42

Networking devices, such as routers and advanced switches, that must be configured to use.

Question 43

Network Management Software (NMS)

Answer 43

Tools that enable you to describe, visualize, and configure an entire network.

Question 44

Basic Router Configuration Process

Answer 44

1) Set up the WAN side
2) Set up the LAN
3) Establish Routes
4) Configure a Dynamic Protocol

Question 45

When packets aren’t getting to the places you expect them, check the __________.

Answer 45

routing table

Question 46

If multiple honeypots are connected to form a larger network, what term is used to describe the network?

a. ​combolure
b. ​lurenet
c. ​honeycomb
d. ​honeynet

Answer 46

d. ​honeynet

Question 47

What feature on some network switches can be used to detect faked arp messages?

a. ​session monitoring
b. ​dynamic ARP inspection 
c. ​DHCP snooping
d. ​dynamic packet inspection

Answer 47

d. ​dynamic packet inspection

Question 48

1. A type of intrusion detection that protects an entire network and is situated at the edge of the network or in 2. a network’s protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns.
2. A program that runs independently and travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses.
3. ​A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network’s overall security net.
   ​5. A type of intrusion prevention that runs on a single computer, such as a client or server, to intercept and help prevent attacks against that one host.
   ​6. A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network’s security.
4. ​A type of intrusion detection that runs on a single computer, such as a client or server, to alert about attacks against that one host.
   ​8. A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices.
5. A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users.​
6. ​A specification created by the NSA to define protection standards against RF emanation, which when implemented are called EmSec (emission security).
   ​11. A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack.

Answer 48

a. ​ acceptable use policy (AUP)
b. ​ backdoor
c. ​ HIDS (host-based intrusion detection system)
d. ​ HIPS (host-based intrusion prevention system)
e. ​ NIDS (network-based intrusion detection system)
f. ​ proxy service
g. ​ smurf attack
h. ​ TEMPEST​
i. ​ virus
j. worm

Question 49

The simplest type of firewall is a content filtering firewall.​

True

False

Answer 49

False

Packet Filtering Firewall

Question 50

A firewall typically involves a combination of hardware and software.​

True
False

Answer 50

True

Question 51

At what layer of the OSI model do firewalls operate?​

a. ​Network
b. ​Transport
c. ​Application
d. ​Data link

Answer 51

a. ​Network

Question 52

Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below?​

a. ​network viruses
b. ​file-infector viruses
c. ​worms
d. ​macro viruses

Answer 52

c. ​worms

Question 53

A SOHO wireless router typically acts as a firewall and may include packet filtering options.​
True
False

Answer 53

True

Question 54

A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below?

a. ​event collector architecture
b. ​log organizer 
c. SIEM system​
d. ​syslog system

Answer 54

c. SIEM system​

Question 55

What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it’s just part of the wire?​

a. ​pass-thru mode
b. ​virtual access mode
c. ​virtual wire mode
d. ​transparent wire mode

Answer 55

a. ​pass-thru mode

Question 56

What feature on some network switches can be used to detect faked arp messages?

a. ​DHCP snooping
b. ​session monitoring
c. ​dynamic ARP inspection 
d. ​dynamic packet inspection

Answer 56

c. ​dynamic ARP inspection

Question 57

Different types of organizations have similar levels of network security risks.
(A) True
(B) False

Answer 57

(B) False

Question 58

A firewall typically involves a combination of hardware and software.​
(A) True
(B) False

Answer 58

Answer : (A)

Question 59

The simplest type of firewall is a content filtering firewall.​
(A) True
(B) False

Answer 59

Answer : (B)

Question 60

A SOHO wireless router typically acts as a firewall and may include packet filtering options.​
(A) True
(B) False

Answer 60

Answer : (A)

Question 61

The term malware is derived from a combination of the words malicious and software.​
(A) True
(B) False

Answer 61

Answer : (A)

Question 62

Which software below combines known scanning techniques and exploits to allow for hybrid
exploits?​ 
(A) ​Nessus 
(B) ​metasploit 
(C) ​nmap 
(D) ​Sub7

Answer 62

Answer : (B)

Question 63

What kind of attack involves a flood of broadcast ping messages, with the originating source address being spoofed to appear as a host on the network?​ 
(A) ​amplification attack 
(B) smurf attack​ 
(C) ​zombie attack 
(D) ​SYN attack

Answer 63

Answer : (B)

Question 64

Botnets often make use of what chat protocol in order to receive commands?​ 
(A) ​XMPP 
(B) ​AIM 
(C) ​IRC 
(D) ​Skype

Answer 64

Answer : (C)

Question 65

​Which virus below combines polymorphism and stealth techniques to create a very destructive virus? 
(A) ​Natas 
(B) ​Macro 
(C) ​Michelangelo 
(D) ​Stoned

Answer 65

Answer : (A)

Question 66

​What characteristic of viruses make it possible for a virus to potentially change its
characteristics (such as file size, and internal instructions) to avoid detection?
(A) ​encryption
(B) stealth​
(C) ​polymorphism
(D) ​time dependence

Answer 66

Answer : (C)

Question 67

What type of virus are dormant until a specific condition is met, such as the changing of a file or a match of the current date?​ 
(A) ​encrypted virus 
(B) logic bomb​ 
(C) ​boot sector virus
(D) ​worm

Answer 67

Answer : (B)

Question 68

Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below?​ 
(A) ​file-infector viruses 
(B) ​worms 
(C) ​network viruses
 (D) ​macro viruses

Answer 68

Answer : (B)

Question 69

​If multiple honeypots are connected to form a larger network, what term is used to describe the network? 
(A) ​combolure 
(B) ​lurenet 
(C) ​honeycomb 
(D) ​honeynet

Answer 69

Answer : (D)

Question 70

A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below? 
(A) ​event collector architecture 
(B) ​syslog system 
(C) SIEM system​ 
D) ​log organizer

Answer 70

Answer : (C)

Question 71

A proxy that provides Internet clients access to services on its own network is known as what type of proxy?​ 
(A) ​reverse proxy 
(B) ​cache proxy 
(C) ​service proxy
(D) ​inverse proxy

Answer 71

Answer : (A)

Question 72

At what layer of the OSI model do firewalls operate?​ 
(A) ​Transport 
(B) ​Data link
(C) ​Network
 (D) ​Application

Answer 72

Answer : (C)

Question 73

Which software below serves as the firewall for Linux systems?​ 
(A) ​ZoneAlarm 
(B) ​Comodo 
C) ​iptables 
D) ​ipf

Answer 73

Answer : (C)

Question 74

​A reflective attack can be increased in intensity by combining it with what type of attack?
(A) ​smurf attack 
(B) ​SYN attack 
(C) ​amplification attack 
D) ​friendly attack

Answer 74

Answer : (C)

Question 75

An attack in which hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts is known as what option below?​ 
A) ​banner-grabbing attack 
B) ​reflective attack 
C) ​friendly attack 
D) ​IP spoofing attack

Answer 75

Answer : (A)

Question 76

​An attack that involves a person redirecting or capturing secure transmissions as they occur is known as what type of attack? 
(A) ​buffer overflow 
(B) ​session hijacking attack 
(C) ​man-in-the-middle attack
(D) ​banner-grabbing attack

Answer 76

Answer : (C)

Question 77

​Which option below is a standard created by the NSA that defines protections against radio frequency emanations? 
(A) ​EmSec 
(B) ​TEMPEST 
(C) RFGUARD​ 
(D) BlockSec

Answer 77

Answer : (B)

Question 78

The process in which a person attempts to glean access for authentication information by posing
as someone who needs that information is known as what option below?​
(A) ​mining
B) ​phishing
C) ​hunting
D) ​doxing

Answer 78

Answer : (B)

Question 79

​What feature on some network switches can be used to detect faked arp messages? 
(A) ​DHCP snooping 
(B) ​session monitoring 
(C) ​dynamic packet inspection 
(D) ​dynamic ARP inspection ​

Answer 79

Answer : (D)

Question 80

​In ACL statements, the any keyword is equivalent to using which wildcard mask? 
(A) ​255.255.255.255
 (B) 0.0.0.0​ 
C) ​0.0.255.255 
(D) ​255.255.0.0

Answer 80

(B) 0.0.0.0​

Question 81

What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it's just part of the wire?​ 
(A) ​transparent wire mode 
(B) ​virtual access mode 
(C) ​pass-thru mode
(D) ​virtual wire mode

Answer 81

Answer : (D)

Question 82

What two types of agents are used to check compliance with network security policies?​
(A) ​dissolvable agent 
(B) ​temporary agent 
(C) ​persistent agent 
(D) ​permanent agent

Answer 82

Answer :

Question 83

What two options below are IDS implementations used to provide additional security on a network? 
(A) ​IIDS
 (B) ​PIDS
(C) ​HIDS 
(D) ​NIDS

Answer 83

Answer :

Question 84

What two terms describe a network of compromised computers that are then used to perform coordinated DDoS attacks without their owners' knowledge or consent?​ 
(A) ​reflectors 
(B) ​botnet 
(C) ​zombie army
 (D) ​repeaters

Answer 84

Answer :

Question 85

​Which two viruses below are examples of boot sector viruses? (
A) ​Michelangelo 
(B) ​Stoned 
(C) ​Natas 
(D) ​Klez

Answer 85

Answer :

Question 86

Which two terms can be used to describe a decoy system that is purposely vulnerable for the sake of attracting attackers?​
(A) ​honeypot 
(B) ​pandora box
(C) ​trap 
(D) ​lure

Answer 86

Answer :

Question 87

The _____________ proxy server software is available for use on the UNIX / Linux platform.​

Answer 87

Answer : SQUID

Question 88

The ________________ utility is a Windows console that is used to control what users do and how the system can be used.​

Answer 88

Answer : gpedit.msc

Question 89

Networks that use ________________, such as T-1 or DSL connections to the Internet, are vulnerable to eavesdropping at a building’ s demarc (demarcation point), at a remote switching facility, or in a central office.

Answer 89

Answer : leased public lines

Question 90

A ______________ on a device attempts to alter management interfaces within the hardware to the point where the device is irreparable.

Answer 90

Answer : physical attack

Question 91

A _________________ form is a document that is used to ensure that employees are aware of the fact that their use of company equipment and accounts will be monitored and reviewed as needed for security purposes.

Answer 91

​Answer : consent to monitoring

Question 92

The act of taking advantage of a vulnerability is known as which of the following? a. hacker b. poisoning c. snooping d. exploit

Answer 92

Answer: D

Question 93

____________________ occurs when a person attempts to glean access or authentication information by posing as someone who needs that information.

Answer 93

Answer: Phishing

Question 94

Which of the following describes an attack where high volumes of traffic overwhelm a wireless network? a. port scanning b. jamming c. phishing d. man-in-the-middle

Answer 94

Answer: B