CNS

Question 1

the connection between a wireless and wired network

Answer 1

Access point

Question 2

Provides dial-in and dial-out connections to the network

Answer 2

Access server

Question 3

Directly connect two+ clients, no access point Infrastructure Mode – connects endpoints to a central network, not directly to each other, need access point and wireless clients for IM mode wireless

Answer 3

Ad hoc mode

Question 4

Used to match an IP address to a hardware MAC address. It sends out broadcast to a network node to reply with its hardware address. It stores the address in a dynamic table for the duration of the session, so it requests are only sent the first time

Answer 4

Address Resolution Protocol

Question 5

IP uses the destination IP to transmit packets thru networks until delivered

Answer 5

Addressing

Question 6

Asymmetric. More downstream bandwidth up to 18,000 feet over single copper cable pair

Answer 6

ADSL, Asymmetric Digital Subscriber Line

Question 7

Infinite wave form, continuous signal, varied by amplification

Asynchronous communications, broadband connections, and half‐duplex links can be digital or analog.

Answer 7

Analog signal

Question 8

Layer 4 network

Answer 8

Application

Question 9

Provides an interface for which applications and end users can utilize networked resources.
Examples: FTP, Telnet

Answer 9

Application OSI

Question 10

Second generation: AKA proxy server While transferring data stream to another network, it masks the data origin. operating at Application layer of OSI

Answer 10

Application level firewall

Question 11

Layer 7: actually 3 through 7, which look at content and can involve authentication and encryption, can be more flexible and secure but also tend to be far slower.

Answer 11

Application Proxy firewall

Question 12

Uses token passing in a star technology on coax

Answer 12

ARCnet

Question 13

used in applications that are dedicated, such as embedded systems, when individual processors can be dedicated to specific tasks at design time

Answer 13

AMP: Asymmetric Multiprocessing

Question 14

Sends bits of data sequentially. Same speed on both sides. Modems and dial-up remote access systems

Answer 14

Asynchronous

Question 15

very high bandwidth. It uses 53-byte fixed size cells instead of frames like Ethernet. It can allocate bandwidth up on demand making it a solution for Busty applications. Requires fiber optics

Answer 15

ATM: Asynchronous Transfer Mode

Question 16

A decrease in amplitude as a signal propagates along a transmission medium

Answer 16

Attenuation

Question 17

logical or physical identifier that a computer uses to distinguish different terminal input/output data streams

Answer 17

Access port

Question 18

attack on the authentication protocol where the attacker transmits data to the claimant or verifier. Examples include a man-in-the-middle, impersonation, and session hijacking.

Answer 18

Active attack

Question 19

illegal attaching of an unauthorized device for the purpose of obtaining access to data

Answer 19

Active wiretapping

Question 20

When attackers send unsolicited messages via Bluetooth

Answer 20

Bluejacking

Question 21

Targets the data or information on Bluetooth-enabled devices

Answer 21

Bluesnarfing

Question 22

When wireless workstation is on-lined it sends out a BootP request with its MAC address to get an IP address and the file from which it should boot. Replaced by DHCP

Answer 22

Bootstrap Protocol

Question 23

a layer 2 device that used to connect two network segments and regulate traffic

Answer 23

Bridge

Question 24

Forwards data to all other network segments if it’s not on the local segment. Operates at level 2 (thus no IP-addressing)

Answer 24

Bridges

Question 25

ISDN, cable modems, DSL, and T1/T3 lines that can support multiple simultaneous signals. They are analog and not broadcast technologies.

Answer 25

Broadband Technologies

Question 26

Source packet is copied and sent to all nodes

Answer 26

Broadcast

Question 27

Set of systems that can receive a broadcast from each other

Answer 27

Broadcast Domain

Question 28

a device that provides the functions of both a bridge and a router

Answer 28

Brouter

Question 29

All transmissions have to travel the full length of the cable

Answer 29

BUS

Question 30

User initiates a connection, supplies identifying code, and then the system will call back a predetermined telephone number. Also less useful for travelling users

Answer 30

Callback

Question 31

Checks incoming telephone number against an approval list and then uses Callback. Less useful for travelling users

Answer 31

Caller ID

Question 32

multiple building connected to fast backbone on a campus

Answer 32

CAN Campus Area Network

Question 33

for Ethernet. Workstations send out packet. If it doesn’t get an acknowledgement, it resends

Answer 33

CSMA Carrier Sense Multiple Access

Question 34

non-replayable challenge/response dialog

Answer 34

Challenge Handshake Authentication Protocol

Question 35

used by PPP servers to authenticate remote clients. Encrypts username and PW and performs periodic re authentication while connected using techniques to prevent replay attacks.

Answer 35

CHAP

Question 36

minimum bandwidth guarantee provided by service provider to customers

Answer 36

CIR Committed Information Rate

Question 37

Layer 5: looks at header of packet only, protects wide range of protocols and services than app-level proxy, but as detailed a level of control. Basically once the circuit is allowed all info is tunneled between the parties. Although firewalls are difficult to configure correctly, they are a critical component of network security.

Answer 37

Circuit Level Proxy

Question 38

There must be a dedicated physical circuit path exist during transmission. The right choice for networks that have to communicate constantly. Typically for a telephone company network Voice oriented. Sensitive to loss of connection

Answer 38

Circuit switched network

Question 39

Used to identify clients to servers via SSL (client authentication)

Answer 39

Client SSL Certificates

Question 40

Many workstations, length. 1000Base-T – 100 M
Twisted pair to long. Cat 5 better than cat3 for interference Fiber optics immune to EMI, can be broken and high cost/expertise Topology failures

Answer 40

Coaxial

Question 41

a cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor

Answer 41

OSI Layer 1->Physical->Wired
Coaxial cable

Question 42

used to code/decode a digital data stream

Answer 42

Codec

Question 43

Set of systems that could cause a collision if they transmitted at the same time, more number of systems in domain increases likelihood of network congestion due to more collisions

Answer 43

Collision Domain

Question 44

layer 1 network device that is used to connect network segments together, but provides no traffic control

Answer 44

Concentrator

Question 45

Carries multiple types of traffic like voice, video, and data

Answer 45

Converged Network

Question 46

The merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/ IP suite. The primary benefit of converged protocols is the ability to use existing TCP/ IP supporting network infrastructure to host special or proprietary services without the need for unique deployments of alternate networking hardware.

Answer 46

Converged Protocols

Question 47

z- are attached by 2 coax cables. In one direction only. Wireless 802.11

Answer 47

OSI Layer 2->traffic control->Contention
IEEE 802.3
CSMA with Collision Avoidance Workstations

Question 48

Only one host can send at the time, using jamming signals for the rest

Answer 48

OSI Layer 2->traffic control->Contention
IEEE 802.3
CSMA with Collision Detection

Question 49

z-C
This layer deals with addressing physical hardware. FRAMES
Translates data into bits and formats then into data frames with destination header and source address. Error detection via checksums.
Example: bridge

Answer 49

Data Link Layer 2

Question 50

z-also Channel Service Unit (CSU)
Digital interface device, used to terminate the physical interface on a DTE device. They connect to the closest telephone company switch in a central office (CO)

Answer 50

Data service unit (DSU)

Question 51

Occur at Application, Presentation, and Session layers.

Answer 51

Data streams

Question 52

a technique by which a computer is used to repeatedly dial a number (usually to a crowded modem pool) in an attempt to gain access immediately after another user had hung up

Answer 52

Demon dialer

Question 53

DHCP

Answer 53

z-Dynamic Host Configuration Protocol

Question 54

Saw tooth form, pulses, on-off only, these are a means of transmission that involves the use of a discontinuous electrical signal and a state change or on‐off pulses. Asynchronous communications, broadband connections, and half‐duplex links can be digital or analog.

Answer 54

Digital signal

Question 55

an asymmetric cryptography mechanism that provides authentication

Answer 55

Digital signature

Question 56

employs all the available frequencies simultaneously in parallel. This provides a higher rate of data throughput than FHSS. It also uses a special encoding mechanism known as chipping code to allow a receiver to reconstruct data even if parts of the signal were distorted because of interference.

Answer 56

DSSS, Direct Sequence Spread Spectrum

Question 57

domain validation tool

Answer 57

DKIM, Domain Keys Identified Mail

Question 58

When an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternative systems

Answer 58

DNS Poisoning

Question 59

When an attacker sends false replies to a requesting system, beating valid replies from the real DNS server

Answer 59

DNS Spoofing

Question 60

Consists of a host with 2 NIC’s. One connected to trusted, one to un-trusted. Can thus be used as translator between 2 network types like Ethernet/token ring. Internal routing capabilities must not be enabled to make it impossible to circumvent inspection of data.

Answer 60

Dual homed host firewall

Question 61

Fourth generation: Enables modification of the firewall rule. It provides limited support for UDP by remembering UDP packages across the network.

Answer 61

Dynamic Packet Filtering firewall

Question 62

a passive network attack involving monitoring of traffic

Answer 62

Eavesdropping

Question 63

forgery of the sender’s email address in an email header

Answer 63

E-mail spoofing

Question 64

potentially compromising leakage of electrical or acoustical signals

Answer 64

Emanations

Question 65

z-Encrypts IP packets and ensured integrity.
Header – contains information showing which security association to use and the packet sequence number. Like the AH, the ? sequences every packet to thwart replay attacks.

Answer 65

Encapsulating Security Payload

Question 66

Using CSMA with an BUS-topology

Answer 66

Ethernet IEEE 802.3

Question 67

More resistant than coaxial Token Ring because a token is passed by every station, a NIC that’s is set to wrong speed or error can take all network down

Answer 67

Ethernet twisted pair

Question 68

an authentication framework. Allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies, it was used for PPP connections

Answer 68

EAP, Extensible Authentication Protocol

Question 69

A shield against leakage of electromagnetic signals.

Answer 69

Faraday Cage/Shield

Question 70

allows existing high-speed networks to be used to carry storage traffic

Answer 70

FCoE, Fiber Channel Over Ethernet

Question 71

Form of token ring that has second ring that activates on error
Leased lines use multiple lines and/or multiple vendors

Answer 71

OSI Layer 2->Traffic Control->Token
IEEE 802.5
Fiber Distributed Data Interface

Question 72

bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.

Answer 72

OSI Layer 1->Physical->Wired
Fiber optics

Question 73

z-a form of network data-storage solution (SAN or NAS) that allows for high-speed file transfers at upward of 16 GBps. It was designed to be operated over fiber-optic cables; support for copper cables was added later to offer less-expensive options. It can be used to support it over the existing network infrastructure. It is used to encapsulate Fibre Channel communications over Ethernet networks. Fibre Channel operates as a Network layer or OSI layer 3 protocol, replacing IP as the payload of a standard Ethernet network.

Answer 73

FCoE, Fibre Channel over Ethernet

Question 74

For file transfers. Cannot execute remote files as programs. Authentication. Port 20 and 21

Answer 74

File Transfer Protocol

Question 75

a group of systems that enforces an access control policy between two networks

Answer 75

Firewalls

Question 76

a denial of service attack initiated by sending spoofed UDP echo request to IP broadcast addresses

Answer 76

Fraggle

Question 77

IP will subdivide a packet if its size is greater than the maximum allowed on a local network
Message routing, error detection and control of node data are managed. IP, IPSEC, ICMP, BGP, OSPF, RIP, BOOTP, DHCP, ZIP, DDP, X.25, NAT and IGMP

Answer 77

Fragmentation

Question 78

High performance WAN protocol designed for use across ISDN interfaces. Is fast but has no error correction, supports multiple PVCs, unlike X.25, packet switched technology that provides CIR, requires DTE/DCE at each connection point

Answer 78

Frame Relay

Question 79

Over a public switched network. High Fault tolerance by relaying fault segments to working.

Answer 79

Frame Relay WAN

Question 80

The entire range of available frequencies is employed, but only one frequency at a time is used.

Answer 80

FHSS: Frequency Hopping Spread Spectrum

Question 81

a secure connection to another network

Answer 81

Gateway

Question 82

T1 speed over two copper cable pairs up to 12,000 feet

Answer 82

HDSL, High Rate Digital Subscriber Line

Question 83

extension to SDLC also for mainframes. Uses data encapsulation on synchronous serial links using frame characters and checksums. Also data link layer High Speed Serial Interface (HSSI) - Defines electrical and physical interfaces to use for DTE/DCE communications. Physical layer of OSI

Answer 83

HDLC, High-level Data Link Control

Question 84

interception and take over of a communication session by an attacker

Answer 84

Hijacking

Question 85

Layer 3 (Transport)

Answer 85

Host to Host

Question 86

layer 1 network device that is used to connect network segments together, but provides no traffic control

Answer 86

Hub

Question 87

Connect multiple LAN devices into a concentrator. Is actually a multi-port repeater (physical)

Answer 87

HUBS

Question 88

May be software defined, but it could also use traditional network devices running as virtual machines

Answer 88

Hypervisor-based Network

Question 89

an attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input

Answer 89

Injection

Question 90

combination of digital telephony and data transports. Overtaken by xDSL, not all useable due to “D Channel” used for call management not data

Answer 90

ISDN, Integrated Services Digital Network

Question 91

unauthorized access of information (e.g. tapping, sniffing, unsecured wireless communications, emanations)

Answer 91

Interception

Question 92

Layer 2 (corresponds to OSI network layer) Defines the IP datagram and handles routing of data across networks
Protocols: IP, ARP, RARP, ICMP

Answer 92

Internet

Question 93

Sends messages between network nodes regarding the health of the network. Also informs about rerouting in case of errors. Utility PING uses these messages to check physical connectivity of the network machines

IPX, Appletalk, and NetBEUI are non-IP protocols

Answer 93

ICMP, Internet control message protocol

Question 94

? is global, ? is local for use within companies and ? can be used e.g. by your customers and clients but is not public.

Answer 94

Internet, Intranet, Extranet

Question 95

z-All hosts have an IP address. Each data packet has an IP address of sender and recipient. Routing in network is based upon these addresses. Datagram service is considered unreliable because there’s no guarantee that the packet will be delivered, not even that its delivered only once and no guarantee that its delivered in the same sequence that its sent
32 bits long, IPv6 is 128 bits long

Answer 95

Internet Protocol

Question 96

Converged protocol that allows location-independent file services over traditional network technologies. Cost less than Fiber. Standard for linking data storage sites

Answer 96

iSCI, Internet Small Computer Interface

Question 97

a networking storage standard based on IP. This technology can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public Internet connections.
It is often viewed as a low-cost alternative to Fibre Channel.

Answer 97

iSCSI, Internet Small Computer System Interface

Question 98

forging of an IP address

Answer 98

IP address spoofing

Question 99

an attack that breaks up malicious code into fragments, in an attempt to elude detection

Answer 99

IP fragmentation

Question 100

z-Operates at Network Layer of OSI
Enables multiple and simultaneous tunnels
Encrypt and authenticate
Build into IPv6
Network-to-network use
Creates a private, encrypted network via a public network
Encryption for confidentiality and integrity

Answer 100

IPSEC

Question 101

Encryption via Tunnel mode (entire data package encrypted) or Transport mode (only datagram encrypted)
Only works with IP at Network layer of OSI NON IP-sec compatible

Answer 101

IPSEC Compatible

Question 102

PRI (Primary Rate Interface) bandwidth of 1.544 Mbps, faster than BRI’s 144 Kbps

Answer 102

ISDN

Question 103

Fifth generation: Application level Firewall Runs in windows NT, modular, kernel based, multiplayer session evaluation. Uses dynamic TCP/IP stacks to inspect network packages and enforce security policies.

Answer 103

Kernel Proxy Firewall

Question 104

z-Cisco developed its own VPN protocol called which is a mutual authentication tunneling mechanism.
It does not offer encryption. It was not widely deployed and was soon replaced by L2TP. Both operate at layer 2. Both can encapsulate any LAN protocol.

Answer 104

L2F, Layer 2 Forwarding

Question 105

z-Also in data-link layer of OSI
Single point-to-point connection per session
Dial-up network use
Port 115
Uses IPsec

Answer 105

L2TP, Layer 2 Tunneling Protocol

Question 106

Remote access, multi layer switch that connects LANs over a WAN

Answer 106

LAN extenders

Question 107

Involves sending a spoofed TCP SYN packet (connection initiation) with the target host’s IP address and an open port as both source and destination.
The reason this attack works is because it causes the machine to reply to itself continuously.

Answer 107

Land Attack

Question 108

Client/server based directory query protocol loosely based upon X.500, commonly manages user information, for accessing directory services and manage certificates Ex. Active Directory, cn=ben+ou=sales
Zero or more, comma separated, no semi-colon, + to join

Answer 108

LDAP, Lightweight Directory Access Protocol

Question 109

Cisco proprietary protocol to handle problems with TKIP, security issues don’t use. Provides reauthentication but was designed for WEP

Answer 109

LEAP, Lightweight Extensible Authentication Protocol

Question 110

created for use with X25, defines frame types and is capable of retransmitting, exchanging and acknowledging frames as detecting out of sequence or missing frames

Answer 110

LAPB, Link Access Procedure-Balanced

Question 111

Limited geographically to e.g. a building. Devices are sharing resources like printers, email and files. Connected through copper wire or fiber optics.

Answer 111

LAN, Local Area Network

Question 112

Flow control and error notification

Answer 112

Logical Link Control Sub layer

Question 113

hardware address of machine, can tell manufacturer,

Answer 113

MAC, Machine Access Control

Question 114

network extends over cities

Answer 114

MAN, Metropolitan Area Network

Question 115

z-Physical addressing. Concerns frames, logical topologies and MAC-addresses
Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP,
IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex
A, Annex D, HDLC, BPDU, LAPD, ISL, MAC,
Ethernet, Token Ring, FDDI

Answer 115

Media Access Control layer

Question 116

All nodes interconnected

Answer 116

MESH

Question 117

Involves the transmission of messages from node-to-node. Messages are stored on the network until a forwarding path is available.

Answer 117

Message switching networks

Question 118

high frequency, highly directional radio signals. Attackers target interception attempts at transmission and relay stations.

Answer 118

OSI Layer 1->Wireless
Microwave

Question 119

a device that converts between digital and analog representation of data

Answer 119

Modems

Question 120

a type of attack involving attempted insertion, deletion or altering of data

Answer 120

Modification

Question 121

provides authentication, confidentiality, integrity, and nonrepudiation

Answer 121

MOSS, MIME Object Security Services

Question 122

Source packet is copied and sent to multiple destinations

Answer 122

Multicast

Question 123

Allow encryption at various layers, support a range of protocols at higher levels. Bad – conceal covert channels, filters can be bypassed, sometimes logical boundaries can be bypassed

Answer 123

Multilayer Protocols

Question 124

a device that sequentially switches multiple analog inputs to the output

Answer 124

Multiplexers

Question 125

high performance networking, uses path labels instead of network addresses, wide area networking protocol, label switching, finds final destination and then labels route for others to follow

Answer 125

MPLS, Multiprotocol Label Switching

Question 126

Layer 1 (Data link, Physical)
Routines for accessing physical networks and the electrical connection

Answer 126

Network access

Question 127

Protocol that supports file sharing between two different file systems

Answer 127

Network File System

Question 128

z-C, AU, I
Path selection and logical/network addressing.
Technology: Virtual circuits (ATM), routers. Packets
Example: router

Answer 128

Network Layer 3

Question 129

z-Developed by Department of Defense in the 1970s to support the construction of the internet
HINT: AHIN

Answer 129

Network layers TCP/IP Model

Question 130

Ability to access resources from another service

Answer 130

OAuth

Question 131

a mail server that improperly allows inbound SMTP connections for domains it does not serve

Answer 131

Open mail relay servers

Question 132

z-Routing protocol short path

Answer 132

Open Shortest Path First

Question 133

Paired with OAuth is a RESTful, JSON-based authentication protocol can provide identity verification and basic profile information, phishing attack possible by sending fake data

Answer 133

OpenID

Question 134

Default, stores user PW in the clear

Answer 134

OpenLDAP

Question 135

employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. The modulated signals are perpendicular and thus do not cause interference with each other.

Answer 135

OFDM, Orthogonal Frequency-Division Multiplexing

Question 136

a denial of service attack that exploits packet filter firewalls that only inspect the initial fragment of a fragmented packet

Answer 136

Overlapping fragment attack

Question 137

a basic level of network access control that is based upon information contained in the IP packet header

Answer 137

Packet filtering

Question 138

First generation (static) AKA screening router Examines source/destination address, protocol and ports of the incoming package. Based on ACL’s access can be denied or accepted. Is considered a firewall and operates at Network or Transport layer of OSI

Answer 138

Packet filtering firewall

Question 139

Sits between trusted and un-trusted network, sometimes used as boundary router. Uses ACL’s. Protects against standard generic external attacks. Has no user authentication, has minimal auditing.

Answer 139

Packet filtering routers

Question 140

Nodes share bandwidth with each other by sending small data units called packets. Packets will be send to the other network and reassembled. Data oriented. Sensitive to loss of data. More cost effective than circuit switching because it creates virtual circuits only when they are needed.

Answer 140

PSN or PSDN, Packet switched networks

Question 141

 layer 3/4 : use rules based on a packet’s source, destination, port or other basic information to determine whether or not to allow it into the network.

Answer 141

Packet-filtering firewalls

Question 142

Provides identification and authentication of the user using static replayable passwords. No encryption of user-id or password during communication

Answer 142

PAP, Password Authenticate Protocol

Question 143

sends PW unencrypted

Answer 143

PAP, Password Authentication Protocol

Question 144

provides a physical cross connect point for devices

Answer 144

Patch panels

Question 145

is a telephone exchange for a specific office or business

Answer 145

PBX, Private Branch Exchange

Question 146

Provides encryption for EAP methods and can provide authentication, does not implement CCMP, encapsulates EAS in a TLS tunnel

Answer 146

PEAP

Question 147

Provides authentication, confidentiality, integrity, and nonrepudiation

Answer 147

PEM

Question 148

like a dedicated leased line; the logical circuit always exists and is waiting for the customer to send data. Like a walkie-talkie

Answer 148

PVC, Permanent virtual circuits

Question 149

a social engineering attack that uses spoofed email or websites to persuade people to divulge information

Answer 149

Phishing

Question 150

z- C
Physical signaling. Coverts bits into voltages or light impulses. Electrical, Hardware and software drivers are on this level. It sends and receives bits.
Repeaters, hubs, cables, USB, DSL, ISDN, ATM
Physical topologies: BUS, MESH, STAR, TREE, RING

Answer 150

Physical Layer 1

Question 151

unauthorized access of network devices

Answer 151

Physical tampering

Question 152

improvement on slip, adds login, password and error (by CHAP and PAP) and error correction. Data link.

Answer 152

PPP, Point to Point Protocol

Question 153

Most common, used for dial up connections, replaced SLIP

Answer 153

PPP, Point to Point Protocol

Question 154

Host can only transmit when he polls a secondary to see if its free

Answer 154

Polling

Question 155

802.1x, can be used with EAP

Answer 155

Port Based Authentication

Question 156

z-Works at data link layer of OSI
Only one single point-to-point connection per session
Point To Point protocol (PPP) for authentication and tunneling
Dial-up network use
Does not support EAP
Sends initial packets in plaintext

Answer 156

PPTP, Point to Point tunneling protocol

Question 157

z-C, AU, Encryption
Translations like EBCDIC/ANSI; compression/decompression and encryption/decryption. Uses a common format to represent data, Standards like JPEG, TIFF, MID, HTML; Technology: Gateway.

Messages

Answer 157

Presentation Layer 6

Question 158

mediates communication between un-trusted hosts on behalf of the hosts that it protects

Answer 158

Proxies

Question 159

Form of gateway that provide clients with a filtering, caching, or other service that protects their information from remote systems

Answer 159

Proxy

Question 160

PVCs

Answer 160

z-Private Virtual Circuits

Question 161

z-Provides terminal sessions w/out

Answer 161

RDP

Question 162

layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).

Answer 162

Repeaters

Question 163

Incoming calls are only allowed from specific addresses on an approval list. This authenticates the node, not the user!

Answer 163

Restricted Address

Question 164

When a hardware address is known but the IP address has to be found. (like an diskless machine)
Switches, bridges, hardware addressing

Answer 164

Reverse address resolution protocol

Question 165

Workstations are connected to form a closed loop

Answer 165

RING

Question 166

unauthorized wireless network access device

Answer 166

Rogue access points

Question 167

a layer 3 device that used to connect two or more network segments and regulate traffic

Answer 167

Routers

Question 168

Used to reset or disconnect a session, resumed by restarting the connection via a new three-way handshake

Answer 168

RST flag

Question 169

Used for signed and encrypted emails, can form sign, and use as part of a SSO solution

Answer 169

S/MIME Certificates

Question 170

a specialized wireless receiver/transmitter placed in orbit that facilitates long distance communication

Answer 170

OSI Layer 1->Wireless
Satellite

Question 171

Has both a packet-filter router and a bastion host. Provides both network layer (package filtering) as application layer (proxy) server.

Answer 171

Screened-Host firewall system

Question 172

Copy actual screen, subset of remote control

Answer 172

Screenscraper

Question 173

 z-Unique approach to network operation, design, and management. Aims at separating the infrastructure layer (i.e., hardware and hardware-based settings) from the control layer (i.e., network services of data transmission management). Furthermore, this also removes the traditional networking concepts of IP addressing, subnets, routing, and so on from needing to be programmed into or be deciphered by hosted applications. Offers a new network design that is directly programmable from a central location, is flexible, is vendor neutral, and is open-standards based.

Answer 173

SDN, Software Defined Network

Question 174

Symmetric up to 10,000 feet over single copper cable pair

Answer 174

SDSL, Symmetric Digital Subscriber Line

Question 175

Authentication for credit card transactions. Overtaken by SSL
Also uses message authentication code for integrity checking.

Answer 175

Secure Electronic Transaction

Question 176

Authentication, compression, confidentiality and integrity.
Uses RSA certificates for authentication and triple DES for encryption

Answer 176

Secure Shell

Question 177

Encryption technology to provide secure transactions like credit card numbers exchange. Two layered: record protocol and handshake protocol. Same as SSH it uses symmetric encryption for private connections and asymmetric or public key cryptography for peer authentication.

Answer 177

Secure Socket Layer

Question 178

 z-The first line of protection between trusted and untrusted networks. Generally includes a firewall and router that help filter traffic. May also include proxies, IDSs, and IPSs.
Zero Day – application white list

Answer 178

Security Perimeter

Question 179

An attack involving the hijacking of a TCP session by predicting a sequence number.

Answer 179

Sequence Attacks

Question 180

z- – None
Inter-host communication, logical persistent connection between peer hosts, a conversation, simplex, half duplex, full duplex. Protocols as NSF, SQL, RADIUS, and RPC. Protocols: PAP, PPTP, RPC Technology: Gateway
Examples: DNS, NFS

Answer 180

Session Layer 5

Question 181

Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.

Answer 181

Shielding

Question 182

Encrypting HTTP documents. Also overtaken by SSL

Answer 182

SHTTP

Question 183

Provides high availability in encrypted sessions to protect against crashes. Exchanges keys on a session by session basis.

Answer 183

Simple Key Management for Internet Protocols

Question 184

Email queuing. Port 25

Answer 184

SMTP, Simple Mail Transfer protocol

Question 185

Collection of network information by polling the devices from a management station. Sends out alerts –called traps- to an database called Management Information Bases (MIBs)

Answer 185

SNMP, Simple Networking Management Protocol

Question 186

Identify areas where wireless network may be accessible

Answer 186

Site Survey

Question 187

A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses

Answer 187

Smurf

Question 188

Has also defined a De-Militarized Zone (DMZ) : a small network between trusted an untrusted

Answer 188

Screened-subnet firewalls

Question 189

an attack involving the hijacking of a TCP session by predicting a sequence number

Answer 189

Sequence attacks

Question 190

eavesdropping on network communications by a third party

Answer 190

Sniffing

Question 191

Every workstation gets some Socks software to reduce overhead

Answer 191

Socks firewall

Question 192

defined and configured as code or software, quickly change the network based on organizational requirements

Answer 192

SDN, Software designed networking

Question 193

Protocol for sending multiple optical streams over fiber

Answer 193

SONET

Question 194

a vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network

Answer 194

Source routing exploitation

Question 195

unsolicited commercial email

Answer 195

Spam

Question 196

T-1 – 1.544 Mbps,
T-3 – 44,736 Mbps (45)
ATM – 155 Mbps,
ISDN – 64 or 128 Mbps
CAT 3 UTP; 10 Mbps,
CAT 5;100 Mbps
CAT 5e/6 – 1,000 Mb

Answer 196

Speeds

Question 197

Spam over Internet Telephony and targets VoIP systems

Answer 197

SPIT attacks

Question 198

Normally disabled for secure networks

Answer 198

SSID

Question 199

Isolated system

Answer 199

Stand-alone Mode

Question 200

Nodes are connected to a central LAN device

Answer 200

STAR

Question 201

Third generation: (also known as Dynamic) All packages are inspected at the Networking layer so it’s faster. By examining the state and context of the data packages it helps to track connectionless protocols like UDP and RPC. Analyzed at all OSI Layers.

Answer 201

Stateful inspection firewall

Question 202

Layer 7 : have access to information such as; conversation, look at state table and context of packets; from which to make their decisions.

Answer 202

Stateful packet filtering firewalls

Question 203

z- Layer 3

Answer 203

Static Packet Firewall

Question 204

Logical division of a network

Answer 204

SUBNET

Question 205

Made up of two or more networks

Answer 205

Supernet

Question 206

high speed communication over public switches networks for exchanging
‘bursts of data’ between enterprises

Answer 206

SMDS, Switched Multimegabit DATA Service

Question 207

more like a shortwave or ham radio. You must tune the transmitter and receiver to a new frequency every time you want to communicate with someone.

Answer 207

SVC, Switched Virtual Circuit

Question 208

a layer 2 device that used to connect two or more network segments and regulate traffic

Answer 208

Switches

Question 209

hardware and software architecture where two or more identical processors are connected to a single, shared main memory, have full access to all I/O devices, and are controlled by a single operating system instance that treats all processors equally, reserving none for special purposes.

Answer 209

SMP, Symmetric Multiprocessors

Question 210

a denial of service attack that floods the target system with connection requests that are not finalized

Answer 210

SYN flooding

Question 211

Very high speed governed by electronic clock timing signals

Answer 211

Synchronous

Question 212

created by IBM for mainframes to connect to their remote offices. Uses a polling media access method. Works with dedicated leased lines permanent up.Data link layer of OSI model

Answer 212

SDLC, Synchronous Data Link Control

Question 213

eavesdropping on network communications by a third party

Answer 213

tapping

Question 214

mitigation of spamming and other attacks by delaying incoming connections as long as possible

Answer 214

Tar pits

Question 215

SYN, SYN-/ACK, ACK
Protocols: TCP, UDP, SSL, SSH-2, SPX, NetBIOS, ATP

Answer 215

TCP Three-way Handshake

Question 216

a denial of service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments

Answer 216

Teardrop

Question 217

Terminal emulation enables user to access resources on another machine. Port 23

Answer 217

Telnet

Question 218

a codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment

Answer 218

TEMPEST

Question 219

10Base5, coax up to 500 meters

Answer 219

Thicknet

Question 220

10base2 with coax cables up to 185 meters

Answer 220

Thinnet

Question 221

z-Design separates distinct protected zones and can be protected by a single firewall that has multiple interfaces

Answer 221

Tiers

Question 222

Temporal Key Integrity Protocol, uses RC4

Answer 222

TKIP

Question 223

Used in token rings, Hosts can only transit when they receive a clear to send token. DATA NETWORK TYPES

Answer 223

Data Link->Traffic Control
Token passing

Question 224

IBM created. All end stations are connected to a MAU Multi Access Unit. CAU: Controlled Access Units – for filtering allowed MAC (Extended Unique Identifier) addresses.

Answer 224

Token Ring IEEE 802.5

Question 225

z-Reliable, sequences and works with acknowledgements. Provides a manageable data flow to avoid congestions overloading and data loss. (Like having a telephone conversation with someone). Connection Oriented.

User UDP, Datagram protocol – unreliable, scaled down version of ?, no error correction, no sequencing. Less overhead. (Like sending a letter to someone). Connectionless.

Answer 225

Transmission control protocol

Question 226

z- C, AU, I
End-to-end data transfer services and reliability. Technology:
Gateways. Segmentation, sequencing, and error checking at this layer. Datagrams
Examples: TCP which uses IP in network layer, UDP, SSH

Answer 226

Transport Layer 4

Question 227

encrypt and protect transactions to prevent sniffing while data is in transit along with VPN and IPsec
most effective control against session hijacking
ephemeral session key is used to encrypt the actual content of communications between a web server and client

Answer 227

TLS - MOST CURRENT not SSL!!!
Transport Layer Security

Question 228

Bus type with multiple branches

Answer 228

TREE

Question 229

Stripped down, can only send/receive but not browse directories. No authentication thus insecure. Port 69

Answer 229

Trivial File Transfer Protocol

Question 230

a simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference

Answer 230

OSI Layer 1->Physical->Wired
Twisted pair

Question 231

z-Uses the 802.11x specification to create a wireless LAN

Answer 231

Types of Wireless Networks

Question 232

Packet is sent from single source to single destination

Answer 232

Unicast

Question 233

lightweight service for connectionless data transfer without error detection and correction

Answer 233

UDP, User Datagram Protocol

Question 234

10BaseT=10MBps
100baseT=Fast Ethernet =100MBps
1000BaseT=Gigabit Ethernet=1GBps
Ethernet networks were originally designed to work with more sporadic traffic than token ring networks

Answer 234

UTP

Question 235

Valid Subnet Masks

Answer 235

255, 254, 252, 248, 240, 224, 192, 128

Question 236

13-52 MBps down,
1,5-2,3 Mbps upstream
over a single copper pair
over 1,00 to 4500 feet

Answer 236

VDSL, Very High speed Digital Subscriber Line

Question 237

Created by dynamically building a secure communications link between two nodes, using a secret encapsulation method via network address translation (NAT) where internal IP addresses are translated to external IP addresses. Cannot double NAT with the same IP range, same IP address cannot appear inside and outside of a NAT router.

Answer 237

VPN, Virtual Private Networks

Question 238

a protocol for the efficient transmission of voice over the Internet

Answer 238

Voice over Internet Protocol (IP) (VoIP)

Question 239

Hardware or software to create secure tunnels

Answer 239

VPN Devices

Question 240

WAF

Answer 240

Web Application Firewall

Question 241

Multi-port networking devices that are used in carrier networks. Connect private data over public data by using digital signals. Data link layer.

Answer 241

WAN switches

Question 242

reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems

Answer 242

War dialing

Question 243

searching for wireless networks in a moving car

Answer 243

War driving

Question 244

wireless local area network technology specified in the 802.11 sub group A, B, G, or N

Answer 244

OSI Layer 1->Wireless
Wi-Fi

Question 245

“Worldwide Interoperability of Microwave Access” (IEEE 802.16) is a specification for wireless Metropolitan Area Networks that provides an alternative to the use of cable and DSL for last mile delivery

Answer 245

WI-MAX

Question 246

Connects LANS over a large geographical area

Answer 246

WAN, Wide Area network

Question 247

Uses WAP to link wireless clients to a wired network

Answer 247

Wired Extension Mode

Question 248

Wireless speeds

Answer 248

Wi-Fi 6E (802.11ax), Max Linkrate = 600 to 9608 Mbit/s, Adopted = 2020, Frequency = 6 GHz
Wi-Fi 6 (802.11ax), Max Linkrate = 600 to 9608 Mbit/s, Adopted = 2019, Frequency = 2.4/5 GHz
Wi-Fi 5 (802.11ac), Max Linkrate = 433 to 6933 Mbit/s, Adopted = 2014, Frequency = 5 GHz
Wi-Fi 4 (802.11n), Max Linkrate = 72 to 600 Mbit/s, Adopted = 2008, Frequency = 2.4/5 GHz
(Wi-Fi 3)* 802.11g, Max Linkrate = 6 to 54 Mbit/s, Adopted = 2003, Frequency = 2.4 GHz
(Wi-Fi 2)* 802.11a, Max Linkrate = 6 to 54 Mbit/s, Adopted = 1999, Frequency = 5 GHz
(Wi-Fi 1)* 802.11b, Max Linkrate = 1 to 11 Mbit/s, Adopted = 1999, Frequency = 2.4 GHz
(Wi-Fi 0)* 802.11, Max Linkrate = 1 to 2 Mbit/s, Adopted = 1997, Frequency = 2.4 GHz

Question 249

Uses TKIP for data encryption

Answer 249

WPA

Question 250

Based on 802.11i, uses AES, key management, reply attack protection, and data integrity, most secure, CCMP included, WPA2 ENTERPRISE Mode - uses RADIUS account lockout if a password-cracker is used

Answer 250

WPA2

Question 251

Defines point-to-point communication between Data terminal Equipment (DTE) and Data Circuit Terminating Equipment (DCE)

Answer 251

X25

Question 252

Digital subscriber Line uses telephone to transport high bandwidth data to remote subscribers

Answer 252

xDSL

Question 253

organizations should not automatically trust anything inside or outside its perimeters and instead must authenticate and verify all subjects, objects, and actions before granting access

Answer 253

zero trust

Question 254

OSI Layer 1

Answer 254

Physical - Responsible for transmission of bits. Implemented primarily through hardware. Encompasses signaling method, electrical and mechanical interfaces

Devices = access point, concentrator/patch panel, hub, multiplexers, modem, repeater

Protocol = EIA-TIA 534

Security Protocol =

Attacks = Physical

Question 255

OSI Layer 2

Answer 255

Data Link = responsible for error-free, reliable, transmission of data. Flow control, error detection and correction, retransmission. Uses MAC addresses.

Devices = bridge, switch

Protocol = X.25, Frame Relay, Asynchronous Transfer Mode (ATM), DOCSIS, Multi Protocol Label Switching (MPLS), Generic MPLS

Security Protocol =

Attacks = Physical

Question 256

OSI Layer 3

Answer 256

Network = Transport of information. Abstraction of routing information. Not needed on direct links.

Devices = router

Protocol =
Routing->Authenticated(BGP, OSPF)
Routing->Unauthenticated(Routing Information Protocol, RIP, routing table compromise)

Network->Internet Protocol (IP)->IPv4
Network->Internet Protocol (IP)->IPv6
Network->Not answers->IPX (Novell), DRP (DECnet), DDP, (AppleTalk), CLNP (ISO)

Testing->Internet Control Message Protocol (ICMP)

Multicast->Internet Group Message Protocol (IGMP)

Tunneling -> Point to Point Tunneling Protocol (PPTP)
Tunneling-> Layer 2 Tunneling Protocol (L2TP)

Security Protocol = IPSec

Attacks =

Integrity =
port scanning (scanning tool, FIN NULL XMAS scanning, source routing exploitation, syn scanning)
session hijacking (tcp sequence number attacks, sequence attacks)
IP address spoofing,
ping scanning,
traceroute exploitation

Confidentiality =
source routing exploitation,
eavesdropping

Availability =
ICMP redirect attacks,
denial of service/distributed denial of service (syn flooding, smurf, fraggle),
ping of death,
IP fragmentation attacks (overlapping fragment attack, teardrop)

Question 257

OSI Layer 4

Answer 257

Transport = Connection, Connectionless, 3-way handshake, Exchange of data between end systems, error free, in sequence, no losses, no duplicates, quality of service

Devices =

Protocol =
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
SPX -> old, not answer for exam

Security Protocol =

Attacks =

Integrity =
port scanning (scanning tool, FIN NULL XMAS scanning, source routing exploitation, syn scanning)
session hijacking (tcp sequence number attacks, sequence attacks)
IP address spoofing,
ping scanning,
traceroute exploitation

Confidentiality =
source routing exploitation,
eavesdropping

Availability =
ICMP redirect attacks,
denial of service/distributed denial of service (syn flooding, smurf, fraggle),
ping of death,
IP fragmentation attacks (overlapping fragment attack, teardrop)

Question 258

OSI Layer 5

Answer 258

Session = control of dialogues between applications, dialogue discipline, recovery, sockets/winsock

Devices =

Protocol =

Remote Procedure Call (RPC),
Real-time Transport Control Protocol (RTCP),
SOCKS (Internet socket)

Security Protocol =

Attacks = application buffer overflows

Question 259

OSI Layer 6

Answer 259

Presentation = Data conversion. Character Code Translation. Compression. Encryption and Decryption.

Devices =

Protocol =
CODEC (Compression/Decompression)
Compression formats (Video [jpeg, h.261], Audio [mpeg, g.711]),
Abstract Syntax Notation One (ASN.1)

Security Protocol =

Attacks = application buffer overflows

Question 260

OSI Layer 7

Answer 260

Application =

Asynchronous messaging (e-mail and news, Simple mail transfer protocol, Post office protocol, Internet message access protocol, Network news transfer protocol)

Instant messaging (Open protocols, applications and services, proprietary application and services)

Data exchange (world wide web, file transfer protocol, trivial file transfer protocol, hypertext transfer protocol, passive and active content [activex, java, javascript])

Administrative services (Simple network management protocol v3, RMON by Cisco)

Remote access services (RADIUS Remote Authentication Dial In User Service, Telnet Terminal emulation protocol, Remote login [rlogin], remote shell [rsh], remote copy [rcp])

Devices =
Protocol =
Security Protocol =

Attacks = application buffer overflows

Question 261

when an adversary drains a client node’s battery by sending a constant series of management messages to the subscriber station/mobile subscriber (SS/MS)

Answer 261

Water torture attack

Question 262

ports

Answer 262

FTP: 20/21
SSH: 22
Telnet: 23
SMTP: 25
DNS: 53
HTTP: 80
POP3: 110
NTP: 123
Windows File Sharing: 135, 137-139, 445
HTTPS: 443
LPR/LPD: 515
Microsoft SQL Server: 1433/1434
Oracle: 1521
H.323: 1720
PPTP: 1723
RDP: 3389
HP JetDirect printing: 9100