Communications and Network

Question 1

Directory traversal

Answer 1

Directory traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

Question 2

FQDN

Answer 2

Fully Qualified Domain names

Question 3

Class of IP address

Answer 3

Class A - 1 to 127
Class B - 128 to 191
Class C - 192 to 223
Class D - 224 to 239

Question 4

PPP and SLIP

Answer 4

The Point-to-Point Protocol (PPP) is
an encapsulation protocol designed to support the transmission of IP traffi over dial-up
or point-to-point links. PPP includes a wide range of communication services, including
assignment and management of IP addresses, management of synchronous communications,
standardized encapsulation, multiplexing, link confi guration, link quality testing,
error detection, and feature or option negotiation (such as compression). PPP was originally
designed to support CHAP and PAP for authentication. However, recent versions of PPP
also support MS-CHAP, EAP, and SPAP. PPP replaced Serial Line Internet Protocol (SLIP).
SLIP offered no authentication, supported only half-duplex communications, had no errordetection
capabilities, and required manual link establishment and teardown

Question 5

CHAP

Answer 5

Uses MD5 challenge

Question 6

ICMP Message Reject and Drop

Answer 6

Reject allows failed traffic to create an ICMP error message and return it to the sending device.
Drop silently discards any traffic that is not allowed into the network or that creates an ICMP error message.

Question 7

Ethernet

Answer 7

Baseband Technology

Star or Bus Topology

Question 8

DSL, Cable Modem, cable TV

Answer 8

Broadband

Question 9

Anycast

Answer 9

Anycast addressing routes datagrams to a single member of a group of potential receivers that are all identified by the same destination address. This is a one-to-nearest association.
Broadcast addressing uses a one-to-many association, datagrams are routed from a single sender to multiple endpoints simultaneously in a single transmission. The network automatically replicates datagrams as needed for all network segments (links) that contain an eligible receiver.
Multicast addressing uses a one-to-unique many association, datagrams are routed from a single sender to multiple selected endpoints simultaneously in a single transmission.
Unicast addressing uses a one-to-one association between destination address and network endpoint: each destination address uniquely identifies a single receiver endpoint.
Geocast refers to the delivery of information to a group of destinations in a network identified by their geographical locations. It is a specialized form of Multicast addressing used by some routing protocols for mobile ad hoc networks.

Question 10

WAN

Answer 10

Digital Data Service - Circuit Switch

Frame Relay, X.25, ATM - Packet Switch

Question 11

APIPA Automatic Private IP Addressing

Answer 11

Automatic address scheme when no address server is found or if DHCP fails
169.254.0.1 to 169.254.255.254 with Class B subnet mask

Question 12

Port Spanning

Answer 12

Allows one port to see another port’s traffic

Question 13

Ethernet switch

Answer 13

Perform physical segmentation and not logical segmentation

Question 14

Type of attacks to overcome the segmentation of switch

Answer 14

1) Flooding - Process of sending large traffic in to the network. Flood with MAC address and switch will act as Hub
2) ARP Poisoning.

Question 15

Wormhole attack

Answer 15

The attacking node captures the packets from one location and transmits them to other distant located node which distributes them locally.

Question 16

Blackhole Attack

Answer 16

destination when data is sent to a nonexistent receiver

Question 17

Tunneling Attack

Answer 17

Method to move the data between attackers

Question 18

out-of-band attack

Answer 18

Was DOS attack against Windows 95 and windows for Workgroups

Question 19

IPSec Transport adjacency

Answer 19

More than one secuirty protocol (AH and ESP) is used in VPN tunnel.

Question 20

IPSec Internal Tunneling

Answer 20

Used if traffic needs different levels of protection at different junctions of its path. For internal needs only AH but for external needs ESP

Question 21

Is Modem asynchronous

Answer 21

Yes, Transmitted data can travel at any time, can be any length, and uses stop and start delimiters.

Question 22

Wireless Application Protocol

Answer 22

Wireless Application Protocol (WAP) was designed to meet the needs of a variety of wireless devices.
Class 1 is anonymous authentication,
Class 2 is server authentication
Class 3 is two-way client/server authentication.
One of the WAP protocol - WTLS Wireless Transport Layer Security

Question 23

Exterior Routing Protocol

Answer 23

BGP

Question 24

Interior Routing Protocol

Answer 24

OSPF, RIP

Question 25

TSIG - Transaction Signature

Answer 25

Used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a DNS database. It is most commonly used to update Dynamic DNS or a secondary/slave DNS server.

Question 26

Bluejagging

Answer 26

Transmit SMS-like message to the phone

Question 27

BlueSnarfing

Answer 27

Connect with device via bluetooth without owners knowledge and extract information

Question 28

Bluebugging

Answer 28

get hackers remote control over the phone

Question 29

Application Proxy

Answer 29

Make decision based on protocol command structure and understand the granularity of protocol

Question 30

Circuit proxy

Answer 30

Make decisions based on the header information

Question 31

Metro Ethernet - MAN Protocol

Answer 31

Access Layer - Connects customer network to SP’s aggregation network
Aggregation Layer - Occurs on distribution network
Metro Layer - Is the Metropolitan Area Network
Core Layer - Connects different Metro network

Question 32

DHCP Snooping

Answer 32

Ensures that DHCP servers can assign IP addresses to only selected systems,identified by their MAC addresses.

Question 33

SYN Flood

Answer 33

Half open DOS attack

Question 34

DNSSEC - DNS Secuirty Exchange

Answer 34

If DNSSEC were enabled on a DNS server, then the server would, upon receiving a response, validate the digital signature on the message before accepting the information to make sure that the response is from an authorized DNS server.

Question 35

Email - Sender Policy Framework - SPF

Answer 35

Sender policy framework (SPF) is an e-mail validation system designed to prevent spam and malicious e-mail by detecting e-mail spoofing. Attackers commonly spoof e-mail addresses to try and fool the receiver into thinking that the message came from a known and trusted source. SPF allows network administrators to specify which hosts are allowed to send mail from a given domain by implementing an SPF record in the Domain Name System (DNS)

Question 36

Socket

Answer 36

When a TCP or UDP message is formed, a source and a destination port are contained within the header information along with the source and destination IP addresses. This makes up a socket, which is how packets know where to go—by the address—and how to communicate with the right service or protocol on the other computer—by the port number

Question 37

VPN Tunneling Protocol for dial up

Answer 37

PPTP

Question 38

DNS Sppofing - REcursive and Iterative query

Answer 38

In a recursive query the DNS server often forwards the query to another server and returns the inquirer the proper response. In an iterative query, the DNS server responds with an address for another DNS server that might be able to answer the question, and the client then proceeds to ask the new DNS server. Attackers use recursive queries to poison the cache of a DNS server. In this manner, attackers can point systems to a web site that they control and that contains malware or some other form of attack. Here’s how it works: An attacker sends a recursive query to a victim DNS server asking for the IP address of the domain www.logicalsecurity.com. The DNS server forwards the query to another DNS server. However, before the other DNS server responds, the attacker injects his own IP address. The victim server accepts the IP address and stores it in its cache for a specific period of time. The next time a system queries the server to resolve www.logicalsecurity.com to its IP address, the server will direct users to the attacker’s IP address. This is called DNS spoofing or DNS poisoning.

Question 39

Cybersquating

Answer 39

Cybersquatting occurs when an attacker purchases a well-known brand or company name, or variation thereof, as a domain name with the goal of selling it to the rightful owner. In the meantime, the company can be misrepresented to the public.

Question 40

ISDN PRI Primary Rate interface

Answer 40

2 to 23 B channel
One 64kbps D channel

193 to 1544 Kbps

Question 41

Ethernet

Answer 41

Transmits timing info with preamble of 1 and 0.

Use CSMA/CD

Question 42

ARP request never leave broad cast domain and never pass router.

True or False

Answer 42

True

Question 43

IP protocol field value

Answer 43

ICMP 0x01
TCP 0x06
UDP 0x11
IGRP 0x58

Question 44

Types of XSS Vulnerablity

Answer 44

Persistent or second order
Non Persistent or Reflected
DOM based

Question 45

Persistent or second order XSS vulnerability

Answer 45

Targets web sites that allow users to input data that is stored in a database.
CM: Secure Programming practices

Question 46

Non Persistent or reflected XSS Vulnerability

Answer 46

Attacker tricks the victim into opening a URL programmed with a rogue script to steal the victim’s sensitive information, such as a cookie or session ID

Question 47

DOM - Document Object Model (DOM) Based XSS Vulnerability

Answer 47

Modify the original client-side JavaScript. This causes the victim’s browser to execute the resulting abusive JavaScript code. Thus, cross-site attacks can be used to exploit vulnerabilities in the victim’s web browser. Once the system is successfully compromised by the attacker, he may further penetrate into other systems on the network or execute scripts that may spread through the internal network.
CM:
Disable scripting language support in the browser.
Content filtering proxy servers

Question 48

Cybersquating

Answer 48

Cybersquatting occurs when an attacker purchases a well-known brand or company name, or variation thereof, as a domain name with the goal of selling it to the rightful owner. In the meantime, the company can be misrepresented to the public.

Question 49

Virtual Firewall - Bridge mode

Answer 49

Monitor individual traffic links between virtual machines, or they can be integrated within the hypervisor of a virtualized environment

Question 50

Virtual Firewall - Hypervisor Mode

Answer 50

he hypervisor is the software component that carries out virtual machine management and oversees guest system software execution. If the firewall is embedded within the hypervisor, then it can “see” and monitor all the activities taking place within the host system.