CISSP-D2-Telecommunications

Question 1

Name the seven layers of the OSI Model

Answer 1

Application, Presentation, Session, Transport, Network, Data-Link, Physical

Question 2

What is half duplex?

Answer 2

Data transmission that can either be received or sent, however, only one at a time

Question 3

What is full duplex?

Answer 3

Data transmission that be sent and recieved at the same time

Question 4

What is CSMA/CD ?

Answer 4

Carrier Sense Multiple Access with Collision Detection

Question 5

What is the purpose of CSMA/CD ?

Answer 5

Allows a network device to either send or receive data, but not at the same time. It also provides a way for the network device to detect a collision and provides a protocol for retransmitting the data until the frame is successfully transmitted.

Question 5

What is a repeater?

Answer 5

Is a hardware device that regenerates electrical signals, sending all frames from physical cable segment to another. This is a Layer 1 device.

Question 6

What is a hub?

Answer 6

A layer 1 device that takes a signal that it receives from one connected device and passes it along or repeats it to all other connected devices. A hub cannot look at MAC addresses or data in an Ethernet frame.

Question 7

What is a bridge?

Answer 7

A bridge can break up collision domains, and operates at layer 2. It can learn MAC addresses. It can forward frames, and can control traffic.

Question 8

Spanning Tree Protocol

Answer 8

Is a protocol that selectively disables forwarding on individual ports of a bridge or switch to ensure that the network topology is loop free. This prevents forwarding storms.

Question 9

What is a switch?

Answer 9

A switch is a layer 2 device that enables full duplex data transmission. Switches can read layer 2 frames and build MAC address tables. Switches can also create virtual LANs (vLANs).

Question 10

What is a router?

Answer 10

A router is a layer 3 device. A router stores network location information in a routing table. Routers can change layer 2 data whenever they route data.

Question 11

What is a pattern matching IDS?

Answer 11

Traffic patterns that match signatures. It does well with known attacks, however it cannot detect new attacks.

Question 12

What is an anomaly detection IDS?

Answer 12

A traffic baseline is established. Any traffic that deviates from the baseline will trigger an alert. The challenge is establishing “normal” traffic, which is easier on smaller less complex networks. However, is more of a challenge on larger more complex networks.

Question 13

What is the difference between HIDS and HIPS?

Answer 13

HIDS is “Host Intrustion Detection System”. It only detects and alerts on intrustion attempts on the server or workstation host. HIPS is “Host Intrustion Prevention System”. It can detect, alert, and prevent host intrusion attempts on the server or workstation hosts.

Question 14

What are some whitelisting techniques used on the endpoint?

Answer 14

Binaries that are signed with a trusted code signing certificate, that match a known good cryptographic hash, known trusted path and name (also the weakest approach).

Question 15

What is a TCP SYN flood attack?

Answer 15

it is a common type of “Denial of Service” attack. An attacker attempts to subvert the TC 3-Way Handshake by sending SYNs and never responding with ACKs. This in turn fills the victims half-open table, where eventually no new connections (legitimate business users or customers) can be completed.

Question 16

What is a LAND attack?

Answer 16

It is a single packet denial of service attack where the host IP address & application port is forged to confuse the server. Such as a webserver on port 80. The attacker will forge a request to the webserver on port 80, as if it was coming from itself on port 80.

Question 17

What is a SMURF attack?

Answer 17

It is a denial of service attack where the attacker sends out a broadcast request such as an ICMP echo request, where the source is address is forged to be the “victims” host address. When everyone replies, all requests will go to the victims host address and not the attacker.

Question 18

What is a fraggle attack?

Answer 18

It is similar to a Smurf attack, where UDP echo requests are made in place ICMP echo requests. The source IP address is the victim address. This attack targets UNIX ports 7 (UDP Echoes) & 19 (characters are sent to sender).

Question 19

What is a tear drop attack?

Answer 19

A denial of service attack, which relies on fragmentation reassembly. Multiple overlapping large IP fragments are sent to the victim.

Question 20

Good security design assumes that a network eavesdropper will do what?

Answer 20

Sniff all packets between the client and authentication server.

Question 21

What is PAP?

Answer 21

Password Authentication Protocol. It sends the userid and password in clear text to the authentication server. It is a very weak authentication protocol and should not be used.

Question 22

What is CHAP?

Answer 22

Challenge handshake authentication protocol. It is a more secure authentication protocol that does not expose the password in clear text and is not susceptible to replay attacks.

Question 23

Explain the CHAP three-way authentication process? What takes place first before the three-way authentication process?

Answer 23

The client first sends an unauthenticated connection to the auth server via the LCP (Link Control Protocol).

1. Then the CHAP server sends a challenge (nonce), which is a random string
2. The client then uses a hashing algorithm (e.g. MD5), and hashes the challenge & password
3. The server then hashes the string & received password. if the value matches the hash received from the client then the client is authenticated.

Question 24

What are the drawbacks to using CHAP?

Answer 24

The CHAP server stores the clients passwords in clear text. So, if an attacker can compromise the server, then all the passwords are compromised.

Question 25

What is the difference between 802.1X and 802.11?

Answer 25

802.1X is Port-Based Network Access Control and works with EAP. 802.11is a wireless.

Question 26

What is EAP?

Answer 26

Extensible Authentication Protocol. It operates at Layer 2 and authenticates a client before an IP address can be granted. It is available for both wired and wireless networks, but most commonly used on WLANs.

Question 27

What are the major 802.1X roles?

Answer 27

Supplicant - An 802.1X Client
AS - Authenticating Server that authenticates a supplicant
Authenticator - A device such as an access Point that authenticates a supplicant and grants connection

Question 28

Describe EAP-MD5?

Answer 28

This is the weakest forms of the EAP. It supports client –> server authentication only. All others support mutual authentication. This version of EAP is susceptible to man in the middle attacks, and password cracking.

Question 29

Describe EAP-LEAP.

Answer 29

EAP-lightweight extensible authentication protocol. it was developed by Cisco, and has significant security flaws and should not be used.

Question 30

Describe EAP-TLS.

Answer 30

EAP-Transport layer Security. Uses PKI, and uses client side and server side certificates. This is very secure but complex and costly due to PKI.

Question 31

Describe EAP-FAST.

Answer 31

EAP-Flexible Authentication via Secure Tunneling. It was designed by Cisco to replace LEAP. It uses PAC (Protected Access Credential) which acts as a pre-shared key.

Question 32

Describe EAP-TTLS.

Answer 32

EAP-Tunneled transport layer security. It was developed by Funk Software and simplifies EAP-TLS by dropping the client side certificate. However it is less secure as a result.

Question 33

Describe PEAP.

Answer 33

Protected EAP. Which was developed by Microsoft, Cisco, and RSA Security. It is similar to EAP-TTLS (and competitor to) by dropping the client side certificate requirement.

Question 34

What is PPP?

Answer 34

Point to Point Protocol. It is a Layer 2 protocol. It has replaced SLIP (Serial Line internet Protocol). It provides confidentiality, integrity, and authentication via Point to Point links. PPP supports synchronous links such as T1’s.

Question 35

What is SLIP?

Answer 35

Serial Line internet protocol, which is a layer 2 protocol. It supports asynchronous links such as modems. It provides no confidentiality, integrity, and authentication. it has been replaced by PPP.

Question 36

What is PPTP?

Answer 36

Point to Point tunneling protocol which tunnels PPP over IP. TCP is used for control.

Question 37

What is L2TP?

Answer 37

Layer 2 Tunneling Protocol. L2TP focuses on authentication, and it does not provide confidentiality. It uses IPSec to provide encryption. Unlike PPTP, it can also operate on non-IP networks such as ATM.

Question 38

Describe IPSec:

Answer 38

It is a suite of protocols. The 2 major protocols are ESP (Encapsulating Security Protocol) and AH (Authentication Header). ESP is protocol 50 and AH is protocol 51. IPSec provides confidentiality, integrity, and authentication.

Question 39

What are the three IPSec Architectures?

Answer 39

Host-to-Gateway, Gateway-to-Gateway, Host-to-Host.

• > Host-to-Gateway is used to connect one system running IPSec software to an IPSec gateway
• > Gateway-to-Gateway connects one IPSec gateway to another, and acts as a shared network connection like a T1.
• > Host-to-Host connects two host systems such as file servers. Operating Systems such as Windows 7 or Ubuntu have IPSec to allow Host-to-Host and Host-to-Gateway connections.

Question 40

Describe IPSec tunnel mode:

Answer 40

This mode provides confidentiality (ESP) and/or authentication (AH) to the entire original IP packet, including the IP headers. New IP Headers are added which include the source/destination of the IPSec gateways.

Question 41

Describe IPSec transport mode:

Answer 41

This mode protects only the IP Data (Layers 4-7). The original IP Header is left unprotected. IPSec does add either and ESP and/or AH header.

Question 42

Describe the VoIP protocol RTP:

Answer 42

Real-Time transport Protocol, which is designed to carry streaming audio and video. Protocols carried by RTP include SIP (Session Initiation Protocol) and H.323.

Question 43

Describe VoIP protocol SRTP:

Answer 43

Secure Real-Time Transport Protocol. It secure VoIP communications. It provides confidentiality, integrity, and secure authentication. It uses AES for confidentiality and SHA-1 for integrity.

Question 44

How can you secure VoIP traffic transmitted across unsecured networks?

Answer 44

Use SRTP (Secure Real-Time Transport Protocol) or IPSec.

Question 45

What are two methods of sending traffic over a radio band?

Answer 45

FHSS (Frequency Hopping Spread Spectrum) and DSSS (Direct Sequence Spread Spectrum).

Question 46

What is an ISM band?

Answer 46

Industrial, Scientific, & Medical. Which are set aside for unlicensed use. Wireless devices such as cordless phones, 802.11 wireless, and Bluetooth use ISM bands.

Question 47

Describe the difference between 802.11, a, b, g, n:

Answer 47

• 802.11 was the original wireless speed which operated at 2Mbps using the 2.4 GHz frequency.
• 802.11b supplanted the original 802.11 and operates at 11Mbps on the 2.4 GHz frequency.
• 802.11g was designed to be backwards compatible with 802.11b and provides speeds up to 54 Mbps and operates at 2.4 GHz frequency.
• 802.11a operates at 54Mbps on the 5GHz frequency.
• 802.11n operates at speeds of 144Mbps & higher by operating at 2.4GHz & 5GHz frequencies using Multiple-Input, Multiple-Output (MIMO).

Question 48

Describe the difference between 2.4GHz and 5GHz frequencies:

Answer 48

2.4GHz frequencies are more crowded (# of devices on the 2.4GHz frequency) and susceptible to more interference (e.g. Microwave can cause interference). 2.4GHz waves can penetrate walls.

5GHz frequencies are less crowded, and not as susceptible to interference. 5GHz waves cannot penetrate walls.

Question 49

What are the four modes that an 802.11 Wireless NIC can operate in:

Answer 49

Managed, Master, AD-Hoc, Monitor Mode.

Question 50

Describe 802.11 managed mode:

Answer 50

In this mode, wireless clients can only communicate with the Access Point to which they are connected. They cannot directly communicate with other wireless clients.

Question 51

Describe 802.11 Master mode:

Answer 51

Also known as “Infrastructure Mode”. Wireless access points operate in this mode. A wireless card in this mode can talk directly to other wireless clients operating in managed mode.

Question 52

Describe 802.11 ad-hoc mode:

Answer 52

This is a peer-to-peer mode where there is no central access point. A wireless client operating in this mode can advertise itself for internet connection sharing.

Question 53

Describe the 802.11 monitor mode:

Answer 53

This mode is read-only and is used for sniffing WLANs.

Question 54

True or False. An SSID cannot be sniffed if it’s broadcast has been disabled?

Answer 54

False. An SSID can be discovered if someone sniffs WLANs using 802.11 “monitor mode”.

Question 55

True or False: MAC addresses are exposed in cleartext on WLANs and can be sniffed?

Answer 55

True. Using wireless MAC filtering provides “limited” security as a result. As these addresses can be spoofed.

Question 56

What are the three Bluetooth class devices and their transmit distance?

Answer 56

Class 3 - Less than 10 Meters
Class 2 - 10 Meters
Class 1 - 100 Meters

Question 57

What type of encryption does Bluetooth use?

Answer 57

128-bit E0 symmetric streaming cipher. It is a weak cipher.

Question 58

Describe WAP (Wireless Application Protocol):

Answer 58

It was designed to provide secure web services to handheld wireless devices such as smartphones & PDAs. It is based on HTML and includes Handheld Device Markup Language (HDML). Authentication is provided by Wireless Transport Layer Security (WTLS).

Question 59

True or False. A WAP browser is a full browser.

Answer 59

False. A WAP browser is a micro-browser which is simpler than a full web browser, requires fewer resources, and connects to a WAP gateway, which is a proxy. The microbrowser accesses sites written in (or converted to) Wireless Markup Language (WML).

Question 60

Robust Security Network is also known as:

Answer 60

WPA2 (Wi-Fi Protected Access 2), a full implementation of 802.11i.

Question 61

Describe SDSL:

Answer 61

Symmetric Digital subscriber line, which provides matching speeds for download and uploads.

Question 62

Describe ADSL:

Answer 62

Asymmetric Digital subscriber line, which provides faster download speeds than upload speeds.

Question 63

Describe VDSL:

Answer 63

Very-high Rate Digital Subscriber Lines, which provide faster speeds than ADSL.

Question 64

The closer a site is to a CO (Central Office)….The faster OR slower the connection?

Answer 64

Faster.

Question 65

What is the difference between ISDN BRI & PRI?

Answer 65

Basic Rate Interface provides two 64k digital channels, and one 16K signaling channel. Primary Rate Interface provides 23 64K digital channels, and one 16K signaling channel.