Communication and Network Security Flashcards
This layer of the OSI model controls application-to-application communication. It’s DIALOG MANAGEMENT works in three phases:
- Connection Establishment
- Data Transfer
- Connection Release
Session layer
This layer of the OSI model provides a common means of representing data in structure that can be properly processed by the end system.
Presentation layer
This network architecture is one that no vendor owns.
Open architecture
This OSI layer contains the protocols that support applications.
Application layer
This layer of the OSI model can enable communication to happen in three different modes.
- ) Simplex - One direction
- ) Half-Duplex - Both directions but only one side at a time.
- ) Full-Duplex - Both directions at hte same time.
Session Layer
This layer of the OSI model controls computer-to-computer communication.
Transport layer
What are the two sublayers of the Data Link Layer?
LLC - Logical Link Control
MAC - Media Access Control
This sublayer of the Data Link Layer is responsible for ERROR DETECTION.
LLC
Maps known IP address to a MAC address.
ARP
Maps a known MAC address to an IP address.
RARP
This is the IEEE standard for CSMA/CD Carrier Sense Multiple Access with Collision Detection for Ethernet:
a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11
b
This is the IEEE standard for CSMA/CA Carrier Sense Multiple Access with Collision Avoidance for Wireless:
a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11
d
This is the name of an attack where the bad guy is able to modify the MAC address table in a switch or computer with incorrect MAC addresses.
a. ) cache poisoning
b. ) spoofing
c. ) MAC poisoning
d. ) ARP table cache poisoning
d
What is the best countermeasure for ARP table cache poisoning?
a. ) MAC to IP mapping
b. ) IDS sensor monitoring for attacks.
c. ) port security
d. ) disable ARP
b.)
Attacks would be easy to detect b/c attacker has to keep transmitting bogus ARP replies
Put these DHCP stages in order:
a. DHCP Request
b. ) DHCP Discover
c. ) DHCP Offer
d. ) DHCP Pack
b, c, a, d
This protocol was created after RARP to enhance functionality that RARP provides for diskless stations. Workstations receive its IP address, the name server address, and the default gateway.
BOOTP
This protocol is sometimes used by connectionless protocols to send error messages back to the sending system to indicate network problems. It’s wide usage makes it a perfect vehicle for this kind of attack.
ICMP
ICMP tunneling
This protocol is sometimes used by routers to update each other on network link status and can be used for nefarious purposes by an attacker.
ICMP
SNMP has two main components: managers and agents. The agent has a list of objects that it is to keep track of, which is held in a database-like structure called the _______________.
MIB
Management Information Base
The SNMP manager polls the individual agenst for the data they collected. The _____ operation allows agents to inform a manager of an event instead of having to wait to be polled.
trap
__________ were developed in SNMP to restrict which managers can request information of an agent.
Communities
A community string is basically a password a manger used to request data from the agent, and there are two main strings with different levels of access. What are they?
a. ) read only
b. ) write only
c. ) read/write
d. ) read/write/execute
a, c
Which version of SNMP provides cryptographic functionality, message integrity, and authentication security?
SNMPv3
If the default SNMP community strings are not changed, which of the following attacks is the network susceptible to?
a. ) DDOS
b. ) ARP table cache poisoning
c. ) device reconfiguration
d. ) rainbow attack
c
Primary and secondary DNS servers synchronize their information through a ____________. Unauthorized _________ can give an attacker a wealth of information about the network and the systems on it.
Zone transfer
How does DNSSEC mitigate DNS threats?
Implements PKI and digital signatures, which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious.
What is DNS splitting?
The DNS server in the DMZ handles external hostname-to-IP address resolution requests, while internal DNS server handles only internal requests.
The ________ on a mail server needs to be properly configured so a company’s mail server is not used by a malicious entity for spamming activity.
relay agent
SMTP authentication (SMTP-AUTH) and Sender Policy Framework (SPF) were developed to address this email threat.
email spoofing
Which of the following is hte Class B private IP address range?
A) 172.32.0.0 - 172.63.255.255
B) 172.16.0.0 - 172.64.255.255
C) 172.16.0.0 - 172.31.255.255
D) 172.16.0.0 - 172.16.31.255
C
Choose the implementation type of NAT so that only one public IP address is needed.
A. Static Mapping
B. Dynamic Mapping
C. Port Address Translation
D. Recursive Mapping
C
This type of attack captures a packet at one location in the network and tunnels it to another location in the network.
Wormhole attack
The countermeasure to a wormhole attack is called a ________, which restricts the maximum allowed transmission distance. The leash can be geographical or temporal.
Leash
External devices and border routers should not accept packets with ________ routing information within their headers because that information will override what is laid out in the forwarding and routing tables.
source