Communication and Network Security Flashcards

1
Q

This layer of the OSI model controls application-to-application communication. It’s DIALOG MANAGEMENT works in three phases:

  1. Connection Establishment
  2. Data Transfer
  3. Connection Release
A

Session layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This layer of the OSI model provides a common means of representing data in structure that can be properly processed by the end system.

A

Presentation layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This network architecture is one that no vendor owns.

A

Open architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This OSI layer contains the protocols that support applications.

A

Application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This layer of the OSI model can enable communication to happen in three different modes.

  1. ) Simplex - One direction
  2. ) Half-Duplex - Both directions but only one side at a time.
  3. ) Full-Duplex - Both directions at hte same time.
A

Session Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This layer of the OSI model controls computer-to-computer communication.

A

Transport layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two sublayers of the Data Link Layer?

A

LLC - Logical Link Control

MAC - Media Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This sublayer of the Data Link Layer is responsible for ERROR DETECTION.

A

LLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Maps known IP address to a MAC address.

A

ARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Maps a known MAC address to an IP address.

A

RARP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This is the IEEE standard for CSMA/CD Carrier Sense Multiple Access with Collision Detection for Ethernet:

a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11

A

b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This is the IEEE standard for CSMA/CA Carrier Sense Multiple Access with Collision Avoidance for Wireless:

a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This is the name of an attack where the bad guy is able to modify the MAC address table in a switch or computer with incorrect MAC addresses.

a. ) cache poisoning
b. ) spoofing
c. ) MAC poisoning
d. ) ARP table cache poisoning

A

d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the best countermeasure for ARP table cache poisoning?

a. ) MAC to IP mapping
b. ) IDS sensor monitoring for attacks.
c. ) port security
d. ) disable ARP

A

b.)

Attacks would be easy to detect b/c attacker has to keep transmitting bogus ARP replies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Put these DHCP stages in order:

a. DHCP Request
b. ) DHCP Discover
c. ) DHCP Offer
d. ) DHCP Pack

A

b, c, a, d

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This protocol was created after RARP to enhance functionality that RARP provides for diskless stations. Workstations receive its IP address, the name server address, and the default gateway.

A

BOOTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This protocol is sometimes used by connectionless protocols to send error messages back to the sending system to indicate network problems. It’s wide usage makes it a perfect vehicle for this kind of attack.

A

ICMP

ICMP tunneling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This protocol is sometimes used by routers to update each other on network link status and can be used for nefarious purposes by an attacker.

A

ICMP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SNMP has two main components: managers and agents. The agent has a list of objects that it is to keep track of, which is held in a database-like structure called the _______________.

A

MIB

Management Information Base

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The SNMP manager polls the individual agenst for the data they collected. The _____ operation allows agents to inform a manager of an event instead of having to wait to be polled.

A

trap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

__________ were developed in SNMP to restrict which managers can request information of an agent.

A

Communities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A community string is basically a password a manger used to request data from the agent, and there are two main strings with different levels of access. What are they?

a. ) read only
b. ) write only
c. ) read/write
d. ) read/write/execute

A

a, c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which version of SNMP provides cryptographic functionality, message integrity, and authentication security?

A

SNMPv3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

If the default SNMP community strings are not changed, which of the following attacks is the network susceptible to?

a. ) DDOS
b. ) ARP table cache poisoning
c. ) device reconfiguration
d. ) rainbow attack

A

c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Primary and secondary DNS servers synchronize their information through a ____________. Unauthorized _________ can give an attacker a wealth of information about the network and the systems on it.

A

Zone transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How does DNSSEC mitigate DNS threats?

A

Implements PKI and digital signatures, which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is DNS splitting?

A

The DNS server in the DMZ handles external hostname-to-IP address resolution requests, while internal DNS server handles only internal requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The ________ on a mail server needs to be properly configured so a company’s mail server is not used by a malicious entity for spamming activity.

A

relay agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SMTP authentication (SMTP-AUTH) and Sender Policy Framework (SPF) were developed to address this email threat.

A

email spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following is hte Class B private IP address range?

A) 172.32.0.0 - 172.63.255.255
B) 172.16.0.0 - 172.64.255.255
C) 172.16.0.0 - 172.31.255.255
D) 172.16.0.0 - 172.16.31.255

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Choose the implementation type of NAT so that only one public IP address is needed.

A. Static Mapping
B. Dynamic Mapping
C. Port Address Translation
D. Recursive Mapping

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

This type of attack captures a packet at one location in the network and tunnels it to another location in the network.

A

Wormhole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

The countermeasure to a wormhole attack is called a ________, which restricts the maximum allowed transmission distance. The leash can be geographical or temporal.

A

Leash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

External devices and border routers should not accept packets with ________ routing information within their headers because that information will override what is laid out in the forwarding and routing tables.

A

source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

The following describes what type of attack?

An attacker inserts VLAN tags to manipulate the control of traffic at the data link layer.

a. ) Switch spoofing attack
b. ) VLAN jumping attack
c. ) double tagging attack
d. ) VLAN spoofing attack

A

c

36
Q

Layer 3 adn 4 switches can use tags assigned to each destination network or subnet. The use of these types of tags are referred to as what?

A

MPLS

Multiprotocol Label Switching

37
Q

A general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions.

A

Gateway

38
Q

A firewall technology that makes access decisions based upon network-level protocol header values.

A

Packet-Filtering Firewall

39
Q

This type of firewall keeps track of what packets went where until each particular connection is closed. It is a third generation firewall.

A

Stateful Firewalls

40
Q

Pick two protocols that bear special consideration when using a stateful firewall. Describe why.

a. TCP
b. UDP
c. FTP
d. HTTP
e. HTTPS
f. DNS

A

b. UDP
It’s connectionless. Source and destination address are added to state table, but times out after a certain period of time.
Also, ICMP must be allowed outbound and associated with the UDP connection b/c ICMP is used for flow-control for some UDP connections.

c.) FTP
FTP uses one outbound connection for the control channel and one inbound connection for the data channel.

41
Q

This firewall type intercepts and inspects messages before delivering them. It does not allow a direct connection. It is a second generation firewall.

A

Proxy Firewalls

42
Q

What are the two types of proxy firewalls and what level of the OSI model do they operate at?

A

Circuit-level proxy - Session

Application-level proxy - Application

43
Q

This type of proxy firewall provides more granular protection but requires a unique proxy for each protocol and more processing per packet.

A

Application-level proxy

44
Q

SOCKS is an example of a ________-level proxy gateway that provides a secure channel between two computers.

A

Circuit-level

45
Q

SCADA systems use the following protocol with encryption and authentication added in as an afterthought.

A

DNP3

46
Q

This controls almost every aspect of a vehicle’s functions: steering, braking, and throttling, which is a vulnerabiltiy now that cars got connected to wi-fi and cellular data networks (GPS, sound systems)

A

CAN bus

Controller Area Network Bus

47
Q

SYN flood is a type of DOS attack. One mitigation described in IETF RFC 4987 is the use of something that delays the allocation of a socket until the handshake is complete. What is that something called?

A

SYN caches

48
Q

This attack uses TCP sequence numbers as an attack vector. An attacker spoofs an IP address and correctly predicts the correct sequence number values.

A

TCP session hijacking

49
Q

This type of firewall allows internal systems to communicate with an entity outside its trusted network by setting up an ACL “on-the-fly” with a non-well-known port (above 1023).

A

Dynamic Packet-Filtering

50
Q

This fifth generation firewall creates a new virtual network stack for every packet receives based on it’s protocol.

A

Kernel Proxy Firewall

51
Q

This firewall type incorporates a signature-based IPS engine and can connect to external data sources such as Active Directory, whitelists, blacklists, and policy servers. Typically very fast and supportive of high bandwidth. Also very expensive.

A

NGFW

Next-Generation Firewall

52
Q

What must you do to a dual-homed firewall?

A

Must disable the OS’s forwarding and routing functionality, otherwise, filtering/inspection might be skipped.

53
Q

A router filters (screens) traffic before it is passed to the firewall.

A

Screened host

54
Q

An external router filters traffic before it enters the subnet, creating a DMZ. Traffic headed toward the internal network then goes through two firewalls.

A

Screened subnet

55
Q

The following are “shoulds” of firewalls except for which one?

a. Deny all inbound packets with an internal source address.
b. Deny all outbound traffic without an internal source address.
c. Deny all packets not explicitly allowed.
d. Allow all packets not explicitly denied.
e. Reassemble fragmented packets before sending them on to their destination.

A

d

56
Q

All of the following are the name of fragmentation attack except:

a. Overlapping fragmentation attack
b. Teardrop attack
c. IP fragmentation attack
d. TCP fragmentation attack

A

d

57
Q

Common firewall rules

Last rule in the rule base, drops and logs any traffic that does not meet preceding rules.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

A

d

58
Q

Common firewall rules

Drops noisy traffic without logging it.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

A

a

59
Q

Common firewall rules

Disallows access to firewall software from unauthorized systems.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

A

b

60
Q

The following are some draw backs to Unified Threat Management (UTM) devices except for which one?

a. ) Single point of failure for traffic
b. ) Single point of compromise
c. ) Performance issues
d. ) Centralized control

A

d

61
Q

__________________ consist of multiple servers distributed across a large region, each of which provides content that is optimized for users closest to it.

A

Content Distribution Network (CDN)

62
Q

This implementation of SDN allows the devices implementing the forwarding plane to provide information (such as utilizaiton data) to the controller, while allowing the controller to update the flow tables (akin to routing tables) on the devices. Applications communicate with the controller using RESTful or Java APIs.

A

Open

63
Q

This SDN approach, championed by Cisco, can provide deep packet inspection and manipulation and is not reliant on a centralized control plane.

A

API

64
Q

This SDN approach is to virtualize all network nodes and treat them independently of the physical networks upon which the virtualized infrastructure exists.

A

Overlays

65
Q

Trading partners often use this type of extranet which provides structure and organization to electronic documents, orders, invoices, purchase orders, and data flow. A Value-Added Network (VAN) is an example of one that is developed and maintained by a service bureau.

A

Electronic Data Interchange (EDI)

66
Q

_____________ functions as a type of tunneling mechanism that provides terminal-like access to remote computers. It is a program and a protocol that can be used to log into another computer over the network. It can also be used for secure channels for file transfer and port redirection.

A

SSH

67
Q

The (outdated) Ping of Death where a single ICMP Echo Request is changed to be larger than 66KB is an example of this type of network attack.

a. Denial of Service
b. Malformed packet
c. Drive-by Download
d. Flooding

A

Malformed packet

68
Q

An attacker tells a server that his own server is the authoritative one for a domain or domains that don’t belong to him. What type of attack is this?

A

DNS hijacking

server based

69
Q

This attack exploits the three-way handshake that TCP uses to establish connections by sending just one part of the handshake process.

A

SYN flood

70
Q

As a countermeasure for Syn Flooding, you can configure your servers to use a technique in which the half-open connection is not allowed to tie up (or bind to) a socket until the three-way handshake is complete. What is this called?

A

delayed binding

71
Q

What are some mitigation techniques for a Drive-by Download attack?

A

Disable browser plug-ins by default
Ensure all plug-ins a patched
Java should be enabled on a case-by-case basis

72
Q

Defines a security infrastructure to provide data confidentiality, data integrity, and data origin at Layer 2.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

A

IEEE 802.1AE

aka MAC Security

73
Q

Specifies unique, per-device identifiers and the management and cryptographic binding of a device to its identifiers. Uses of public cryptology and digital certificates.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

A

IEEE 802.1AR

74
Q

Carries out key agreement functions for the session keys used for data encryption.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

A

IEEE 802.1AF

75
Q

Which type of fiber cable is less susceptible to attenuation?

A. Single-mode
B. Multimode

A

A

76
Q

Which type of fiber cable has a larger glass core and therefore is able to carry more data?

A. Single-mode
B. Multimode

A

B

77
Q

This is the number of electric pulses that can be transmitted over a link within a second.

A

Bandwidth

78
Q

This is the actual amount of data that can be carried over a connection.

A

Data Throughput

79
Q

This transmission type has no timing components, surrounds each byte with processing bits, uses parity bit for error control, and each byte requires three bits of instruction (start, stop, parity)

A

Asynchronous

80
Q

This transmission type uses a timing component for data transmission, has robust error checking though CRC, and is used for high-speed, high volume transmissions.

A

Synchronous

81
Q

In this tunneling method, the tunnel endpoints are determined using a well-known IPv4 anycast address on the remote side and embedding IPv4 address data within IPv6 addresses on the local side.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

A

c. 6to4

82
Q

This tunneling technique uses UDP encapsulation so that NAT address translations are not affected.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

A

a. Teredo

83
Q

This tunneling technique treats the IPv4 network as a virtual IPv6 link, with mappings from each IPv4 address to a link-local IPv6 address.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

A

b. ISATAP

Intra-Site Automatic Tunnel Address Protocol

84
Q

This is defined by the standard IEEE 802.3

A

Ethernet

85
Q

1000Base-T has speeds up to what? And what kind of wire does it travel on?

A

1 gigabit

Category 5