Communication and Network Security

Question 1

This layer of the OSI model controls application-to-application communication. It’s DIALOG MANAGEMENT works in three phases:

1. Connection Establishment
2. Data Transfer
3. Connection Release

Answer 1

Session layer

Question 2

This layer of the OSI model provides a common means of representing data in structure that can be properly processed by the end system.

Answer 2

Presentation layer

Question 3

This network architecture is one that no vendor owns.

Answer 3

Open architecture

Question 4

This OSI layer contains the protocols that support applications.

Answer 4

Application layer

Question 5

This layer of the OSI model can enable communication to happen in three different modes.

1. ) Simplex - One direction
2. ) Half-Duplex - Both directions but only one side at a time.
3. ) Full-Duplex - Both directions at hte same time.

Answer 5

Session Layer

Question 6

This layer of the OSI model controls computer-to-computer communication.

Answer 6

Transport layer

Question 7

What are the two sublayers of the Data Link Layer?

Answer 7

LLC - Logical Link Control

MAC - Media Access Control

Question 8

This sublayer of the Data Link Layer is responsible for ERROR DETECTION.

Answer 8

LLC

Question 9

Maps known IP address to a MAC address.

Answer 9

ARP

Question 10

Maps a known MAC address to an IP address.

Answer 10

RARP

Question 11

This is the IEEE standard for CSMA/CD Carrier Sense Multiple Access with Collision Detection for Ethernet:

a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11

Answer 11

b

Question 12

This is the IEEE standard for CSMA/CA Carrier Sense Multiple Access with Collision Avoidance for Wireless:

a. ) 802.1
b. ) 802.3
c. ) 802.5
d. ) 802.11

Answer 12

d

Question 13

This is the name of an attack where the bad guy is able to modify the MAC address table in a switch or computer with incorrect MAC addresses.

a. ) cache poisoning
b. ) spoofing
c. ) MAC poisoning
d. ) ARP table cache poisoning

Answer 13

d

Question 14

What is the best countermeasure for ARP table cache poisoning?

a. ) MAC to IP mapping
b. ) IDS sensor monitoring for attacks.
c. ) port security
d. ) disable ARP

Answer 14

b.)

Attacks would be easy to detect b/c attacker has to keep transmitting bogus ARP replies

Question 15

Put these DHCP stages in order:

a. DHCP Request
b. ) DHCP Discover
c. ) DHCP Offer
d. ) DHCP Pack

Answer 15

b, c, a, d

Question 16

This protocol was created after RARP to enhance functionality that RARP provides for diskless stations. Workstations receive its IP address, the name server address, and the default gateway.

Answer 16

BOOTP

Question 17

This protocol is sometimes used by connectionless protocols to send error messages back to the sending system to indicate network problems. It’s wide usage makes it a perfect vehicle for this kind of attack.

Answer 17

ICMP

ICMP tunneling

Question 18

This protocol is sometimes used by routers to update each other on network link status and can be used for nefarious purposes by an attacker.

Answer 18

ICMP

Question 19

SNMP has two main components: managers and agents. The agent has a list of objects that it is to keep track of, which is held in a database-like structure called the _______________.

Answer 19

MIB

Management Information Base

Question 20

The SNMP manager polls the individual agenst for the data they collected. The _____ operation allows agents to inform a manager of an event instead of having to wait to be polled.

Answer 20

trap

Question 21

__________ were developed in SNMP to restrict which managers can request information of an agent.

Answer 21

Communities

Question 22

A community string is basically a password a manger used to request data from the agent, and there are two main strings with different levels of access. What are they?

a. ) read only
b. ) write only
c. ) read/write
d. ) read/write/execute

Answer 22

a, c

Question 23

Which version of SNMP provides cryptographic functionality, message integrity, and authentication security?

Answer 23

SNMPv3

Question 24

If the default SNMP community strings are not changed, which of the following attacks is the network susceptible to?

a. ) DDOS
b. ) ARP table cache poisoning
c. ) device reconfiguration
d. ) rainbow attack

Answer 24

c

Question 25

Primary and secondary DNS servers synchronize their information through a ____________. Unauthorized _________ can give an attacker a wealth of information about the network and the systems on it.

Answer 25

Zone transfer

Question 26

How does DNSSEC mitigate DNS threats?

Answer 26

Implements PKI and digital signatures, which allows DNS servers to validate the origin of a message to ensure it is not spoofed and potentially malicious.

Question 27

What is DNS splitting?

Answer 27

The DNS server in the DMZ handles external hostname-to-IP address resolution requests, while internal DNS server handles only internal requests.

Question 28

The ________ on a mail server needs to be properly configured so a company’s mail server is not used by a malicious entity for spamming activity.

Answer 28

relay agent

Question 29

SMTP authentication (SMTP-AUTH) and Sender Policy Framework (SPF) were developed to address this email threat.

Answer 29

email spoofing

Question 30

Which of the following is hte Class B private IP address range?

A) 172.32.0.0 - 172.63.255.255
B) 172.16.0.0 - 172.64.255.255
C) 172.16.0.0 - 172.31.255.255
D) 172.16.0.0 - 172.16.31.255

Answer 30

C

Question 31

Choose the implementation type of NAT so that only one public IP address is needed.

A. Static Mapping
B. Dynamic Mapping
C. Port Address Translation
D. Recursive Mapping

Answer 31

C

Question 32

This type of attack captures a packet at one location in the network and tunnels it to another location in the network.

Answer 32

Wormhole attack

Question 33

The countermeasure to a wormhole attack is called a ________, which restricts the maximum allowed transmission distance. The leash can be geographical or temporal.

Answer 33

Leash

Question 34

External devices and border routers should not accept packets with ________ routing information within their headers because that information will override what is laid out in the forwarding and routing tables.

Answer 34

source

Question 35

The following describes what type of attack?

An attacker inserts VLAN tags to manipulate the control of traffic at the data link layer.

a. ) Switch spoofing attack
b. ) VLAN jumping attack
c. ) double tagging attack
d. ) VLAN spoofing attack

Answer 35

c

Question 36

Layer 3 adn 4 switches can use tags assigned to each destination network or subnet. The use of these types of tags are referred to as what?

Answer 36

MPLS

Multiprotocol Label Switching

Question 37

A general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions.

Answer 37

Gateway

Question 38

A firewall technology that makes access decisions based upon network-level protocol header values.

Answer 38

Packet-Filtering Firewall

Question 39

This type of firewall keeps track of what packets went where until each particular connection is closed. It is a third generation firewall.

Answer 39

Stateful Firewalls

Question 40

Pick two protocols that bear special consideration when using a stateful firewall. Describe why.

a. TCP
b. UDP
c. FTP
d. HTTP
e. HTTPS
f. DNS

Answer 40

b. UDP
It’s connectionless. Source and destination address are added to state table, but times out after a certain period of time.
Also, ICMP must be allowed outbound and associated with the UDP connection b/c ICMP is used for flow-control for some UDP connections.

c.) FTP
FTP uses one outbound connection for the control channel and one inbound connection for the data channel.

Question 41

This firewall type intercepts and inspects messages before delivering them. It does not allow a direct connection. It is a second generation firewall.

Answer 41

Proxy Firewalls

Question 42

What are the two types of proxy firewalls and what level of the OSI model do they operate at?

Answer 42

Circuit-level proxy - Session

Application-level proxy - Application

Question 43

This type of proxy firewall provides more granular protection but requires a unique proxy for each protocol and more processing per packet.

Answer 43

Application-level proxy

Question 44

SOCKS is an example of a ________-level proxy gateway that provides a secure channel between two computers.

Answer 44

Circuit-level

Question 45

SCADA systems use the following protocol with encryption and authentication added in as an afterthought.

Answer 45

DNP3

Question 46

This controls almost every aspect of a vehicle’s functions: steering, braking, and throttling, which is a vulnerabiltiy now that cars got connected to wi-fi and cellular data networks (GPS, sound systems)

Answer 46

CAN bus

Controller Area Network Bus

Question 47

SYN flood is a type of DOS attack. One mitigation described in IETF RFC 4987 is the use of something that delays the allocation of a socket until the handshake is complete. What is that something called?

Answer 47

SYN caches

Question 48

This attack uses TCP sequence numbers as an attack vector. An attacker spoofs an IP address and correctly predicts the correct sequence number values.

Answer 48

TCP session hijacking

Question 49

This type of firewall allows internal systems to communicate with an entity outside its trusted network by setting up an ACL “on-the-fly” with a non-well-known port (above 1023).

Answer 49

Dynamic Packet-Filtering

Question 50

This fifth generation firewall creates a new virtual network stack for every packet receives based on it’s protocol.

Answer 50

Kernel Proxy Firewall

Question 51

This firewall type incorporates a signature-based IPS engine and can connect to external data sources such as Active Directory, whitelists, blacklists, and policy servers. Typically very fast and supportive of high bandwidth. Also very expensive.

Answer 51

NGFW

Next-Generation Firewall

Question 52

What must you do to a dual-homed firewall?

Answer 52

Must disable the OS’s forwarding and routing functionality, otherwise, filtering/inspection might be skipped.

Question 53

A router filters (screens) traffic before it is passed to the firewall.

Answer 53

Screened host

Question 54

An external router filters traffic before it enters the subnet, creating a DMZ. Traffic headed toward the internal network then goes through two firewalls.

Answer 54

Screened subnet

Question 55

The following are “shoulds” of firewalls except for which one?

a. Deny all inbound packets with an internal source address.
b. Deny all outbound traffic without an internal source address.
c. Deny all packets not explicitly allowed.
d. Allow all packets not explicitly denied.
e. Reassemble fragmented packets before sending them on to their destination.

Answer 55

d

Question 56

All of the following are the name of fragmentation attack except:

a. Overlapping fragmentation attack
b. Teardrop attack
c. IP fragmentation attack
d. TCP fragmentation attack

Answer 56

d

Question 57

Common firewall rules

Last rule in the rule base, drops and logs any traffic that does not meet preceding rules.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

Answer 57

d

Question 58

Common firewall rules

Drops noisy traffic without logging it.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

Answer 58

a

Question 59

Common firewall rules

Disallows access to firewall software from unauthorized systems.

a. Silent rule
b. Stealth rule
c. Negate rule
d. Cleanup rule

Answer 59

b

Question 60

The following are some draw backs to Unified Threat Management (UTM) devices except for which one?

a. ) Single point of failure for traffic
b. ) Single point of compromise
c. ) Performance issues
d. ) Centralized control

Answer 60

d

Question 61

__________________ consist of multiple servers distributed across a large region, each of which provides content that is optimized for users closest to it.

Answer 61

Content Distribution Network (CDN)

Question 62

This implementation of SDN allows the devices implementing the forwarding plane to provide information (such as utilizaiton data) to the controller, while allowing the controller to update the flow tables (akin to routing tables) on the devices. Applications communicate with the controller using RESTful or Java APIs.

Answer 62

Open

Question 63

This SDN approach, championed by Cisco, can provide deep packet inspection and manipulation and is not reliant on a centralized control plane.

Answer 63

API

Question 64

This SDN approach is to virtualize all network nodes and treat them independently of the physical networks upon which the virtualized infrastructure exists.

Answer 64

Overlays

Question 65

Trading partners often use this type of extranet which provides structure and organization to electronic documents, orders, invoices, purchase orders, and data flow. A Value-Added Network (VAN) is an example of one that is developed and maintained by a service bureau.

Answer 65

Electronic Data Interchange (EDI)

Question 66

_____________ functions as a type of tunneling mechanism that provides terminal-like access to remote computers. It is a program and a protocol that can be used to log into another computer over the network. It can also be used for secure channels for file transfer and port redirection.

Answer 66

SSH

Question 67

The (outdated) Ping of Death where a single ICMP Echo Request is changed to be larger than 66KB is an example of this type of network attack.

a. Denial of Service
b. Malformed packet
c. Drive-by Download
d. Flooding

Answer 67

Malformed packet

Question 68

An attacker tells a server that his own server is the authoritative one for a domain or domains that don’t belong to him. What type of attack is this?

Answer 68

DNS hijacking

server based

Question 69

This attack exploits the three-way handshake that TCP uses to establish connections by sending just one part of the handshake process.

Answer 69

SYN flood

Question 70

As a countermeasure for Syn Flooding, you can configure your servers to use a technique in which the half-open connection is not allowed to tie up (or bind to) a socket until the three-way handshake is complete. What is this called?

Answer 70

delayed binding

Question 71

What are some mitigation techniques for a Drive-by Download attack?

Answer 71

Disable browser plug-ins by default
Ensure all plug-ins a patched
Java should be enabled on a case-by-case basis

Question 72

Defines a security infrastructure to provide data confidentiality, data integrity, and data origin at Layer 2.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

Answer 72

IEEE 802.1AE

aka MAC Security

Question 73

Specifies unique, per-device identifiers and the management and cryptographic binding of a device to its identifiers. Uses of public cryptology and digital certificates.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

Answer 73

IEEE 802.1AR

Question 74

Carries out key agreement functions for the session keys used for data encryption.

a. IEEE 802.1AR
b. IEEE 802.1AE
c. IEEE 802.1AF
d. IEEE 802.1X

Answer 74

IEEE 802.1AF

Question 75

Which type of fiber cable is less susceptible to attenuation?

A. Single-mode
B. Multimode

Answer 75

A

Question 76

Which type of fiber cable has a larger glass core and therefore is able to carry more data?

A. Single-mode
B. Multimode

Answer 76

B

Question 77

This is the number of electric pulses that can be transmitted over a link within a second.

Answer 77

Bandwidth

Question 78

This is the actual amount of data that can be carried over a connection.

Answer 78

Data Throughput

Question 79

This transmission type has no timing components, surrounds each byte with processing bits, uses parity bit for error control, and each byte requires three bits of instruction (start, stop, parity)

Answer 79

Asynchronous

Question 80

This transmission type uses a timing component for data transmission, has robust error checking though CRC, and is used for high-speed, high volume transmissions.

Answer 80

Synchronous

Question 81

In this tunneling method, the tunnel endpoints are determined using a well-known IPv4 anycast address on the remote side and embedding IPv4 address data within IPv6 addresses on the local side.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

Answer 81

c. 6to4

Question 82

This tunneling technique uses UDP encapsulation so that NAT address translations are not affected.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

Answer 82

a. Teredo

Question 83

This tunneling technique treats the IPv4 network as a virtual IPv6 link, with mappings from each IPv4 address to a link-local IPv6 address.

a. Teredo
b. ISATAP
c. 6to4
d. ITASAP

Answer 83

b. ISATAP

Intra-Site Automatic Tunnel Address Protocol

Question 84

This is defined by the standard IEEE 802.3

Answer 84

Ethernet

Question 85

1000Base-T has speeds up to what? And what kind of wire does it travel on?

Answer 85

1 gigabit

Category 5