Domain 3 – Telecom and Network Security Flashcards

Question 1

Q

DSL

Answer

A

Digital Subscriber Line

Question 2

Q

ISDN

Answer

A

Integrated Services Digital Network

Question 3

Q

PAP

Answer

A

Password Authentication Protocol – clear text

Question 4

Q

CHAP

Answer

A

Challenge Handshake Authentication Protocol – protects password

Question 5

Q

Remote User Management

Answer

A

Justification of remote access
Support Issues
Hardware and software distribution

Question 6

Q

Intrusion Detection…

Answer

A

Notification

* Remediation

Question 7

Q

CIRT

Answer

A

Computer Incident Response Team
CIRT Performs
•	Analysis of event
•	Response to incident
•	Escalation path procedures
•	Resolution – post implementation follow up

Question 8

Q

Network Based IDS

Answer

A

Commonly reside on a discrete network segment and monitor the traffic on that network segment.

Question 9

Q

Host Based IDS

Answer

A

Use small programs, which reside on a host computer. Detect inappropriate activity only on the host computer, not the network segment.

Question 10

Q

Knowledge Based IDS

Answer

A

Signature based
Pros:
Low false alarms	
Alarms Standardized	
Cons:
Resource Intensive
New or unique attacks not found

Question 11

Q

Behavioral Based IDS

Answer

A

Statistical Anomaly
Pros	:
Dynamically adapts	
Not as operating system specific	
Cons:
High False Alarm rates
User activity may not be static enough to implement

Question 12

Q

CIRT – (CERT)

Answer

A

Computer Incident Response Team
Responsibilities:
•	Manage the company’s response to events that pose a risk
•	Coordinating information
•	Mitigating risk, minimize interruptions
•	Assembling technical response teams
•	Management of logs
•	Management of resolution

Question 13

Q

Network Availability

Answer

A

RAID – Redundant Array of Inexpensive Disks
Back Up Concepts
Manage single points of failure

Question 14

Q

RAID

Answer

A

Redundant Array of Inexpensive Disks
• Fault tolerance against server crashes
• Secondary – improve system performance
• Striping – Caching and distributing on multiple disks
• RAID employs the technique of striping, which involves partitioning each drive’s storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.
• Hardware and software implementation

Question 15

Q

FRDS+

Answer

A

Protect from disk failure – can reconstruct disks by automatically hot swapping while server is running
Includes environmental
FRDS+ adds hazard warnings

Question 16

Q

RAID Advisory Board

Answer

A

• Three types – Failure Resistant Disk Systems (FRDS) - the only current standard, Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
• FRDS: provides the ability to reconstruct the contents of a failed disk onto a replacement disk.
• Enables the continuous monitoring of these parts and the alerting of their failure
FRDS+

Question 17

Q

RAID 0 (STRIPPING)

Answer

A

Creates one large disk by using multiple disks – striping
No redundancy
No fault tolerance (1 fail = all fail)
Read/Write performance is increased

Question 18

Q

RAID 1 (MIRRORING)

Answer

A

Mirroring
Duplicates data on other disks (usually one to one ratio)
Expensive (doubles cost of storage)

Question 19

Q

RAID 2 (HAMMING CODE PARITY)

Answer

A

Multiple disks
Parity information created using a hamming code
Can be used in 39 disk array 32 Data and 7 recovery
Not used, replaced by more flexible levels

Question 20

Q

RAID 3 (BYTE LEVEL PARITY) RAID 4 (BLOCK LEVEL PARITY)

Answer

A

RAID 3 – Byte level
RAID 4 – Block level
Stripe across multiple drives
Parity information on a parity drive
Provides redundancy
Can affect performance with single parity drive

Question 21

Q

RAID 5 (INTERLEAVE PARITY)

Answer

A

Most popular
Stripes data and parity information across all drives
Uses interleave parity
Reads and writes performed concurrently
Usually 3-5 drives. If one drive fails, can reconstruct the failed drive by using the information from the other 2.

Question 22

Q

RAID 7 (SINGLE VIRTUAL DISK)

Answer

A

Functions as a single virtual disk
Usually software over Level 5 hardware
Enables the drive array to continue to operate if any disk or any path to any disk fails.

Question 23

Q

RAID Summary

Answer

A

0 – Striping
1 – Mirroring
2 – Hamming code parity
3 – Byte level parity
4 – Block level parity
5 – Interleave parity
7 – Single Virtual Disk

Question 24

Q

Redundant Servers

Answer

A

Primary Server mirrors to secondary server
Fail-over or rollover to secondary in the event of a failure
Server fault tolerance can be warm or hot

Question 25

Q

Server Cluster

Answer

A

Group of independent servers managed as a single system
Load Balancing
Improves performance
“Server Farm”
Microsoft Cluster Server

Question 26

Q

Full Back Up

Answer

A

every file

Question 27

Q

Incremental Backup

Answer

A

Only files that have been changed or added recently
Only files with their archive bit set are backed up.
This method is fast and uses less tape space but has some inherent vulnerabilities, one being that all incremental backups need to be available and restored from the date of the last full backup to the desired date should a restore be needed.
Restore = last full backup plus each incremental

Question 28

Q

Differential Backup

Answer

A

Only files that have changed since the last backup
All files to the full backup (additive)
Restore = full backup plus the last differential

Question 29

Q

Types of Tape Backup

Answer

A

DAT – Digital Audio Tape
QIC – Quarter Inch Cartridge – Small and slow
8mm Tape – Superceded by DLT
DLT – Digital Linear Tape – 4mm tape – large and fast

Question 30

Q

Other media

Answer

A

CD – permanent backups, longer shelf life than tape
ZIP – JAZZ – Common
Tape Array – 32 to 63 Tape Array using RAID technology
HSM – Hierarchical. Provides a continuous on-line backup by using optical or tape ‘jukeboxes’, similar to WORMs.

Question 31

Q

Common Backup Problems

Answer

A

Slow transfer of data to backup
Retrieval time to restore
Off hour processing and monitoring
Server disk space expands over time
Loss of data between last back up
Physical security of tapes

Question 32

Q

Single Points of Failure Cabling Failures

Coaxial:

Answer

A

many workstations or servers attached to the same segment of cable, which creates a single point of failure if it is broken (similar to cable TV cabling). Exceeding cable length is a source of failure.

Question 33

Q

Single Points of Failure Cabling Failures

Twisted Pair: (CAT3 and CAT 5)

Answer

A

The difference between the two has to do with the tightness the copper wires are wound. Tightness determines its resistance to interference. CAT3 is older. Cable length is a common failure

Question 34

Q

Single Points of Failure Cabling Failures

Fiber Optic

Answer

A

Immune to EMI. Longer usable length (upto 2kms). Drawback is costs.

Question 35

Q

Technology Failures

Ethernet

Answer

A

Most Popular

* Extremely resistance to failure, especially in a star-wired config.

Question 36

Q

Technology Failures

Token Ring

Answer

A

Since token is passed by every station on the ring

* NIC set at wrong speed or in error state can bring the network down

Question 37

Q

Technology Failures

FDDI – Fiber Distributed Data Interface

Answer

A

Dual rings fault tolerance (if first ring fails, the secondary ring begins working)
Sometimes uses second ring for improved performance

Question 38

Q

Technology Failures

Leased Lines

Answer

A

T1 and ISDN – go with multiple vendors to reduce failures

Question 39

Q

Technology Failures

Frame Relay

Answer

A

Public switched WAN
Highly Fault Tolerant
Bad segment diverts packets
Can use multiple vendors for high availability

Question 40

Q

Other Single Points of Failure

Answer

A

Can be any device where all traffic goes through a single device - Router, firewall, hub, switch
Power failure – surges, spikes – install UPS

Question 41

Q

Note: Trivial File Transfer Protocol (TFTP)

Answer

A

is good tool for router configuration

Question 42

Q

Classes of Network Abuse

Class A

Answer

A

unauthorized access through circumvention of security access controls. Masquerading, logon abuse (primarily internal attacks)

Question 43

Q

Classes of Network Abuse

Class B

Answer

A

non-business use of systems

Question 44

Q

Classes of Network Abuse

Class C

Answer

A

Eavesdropping
• Active: Tampering with a transmission to create a covert signaling channel or probing the network
• Passive: Covertly monitoring or listening to transmissions that is unauthorized.
• Covert Channel: using a hidden unauthorized communication
• Tapping: refers to the physical interception of a transmission medium (like splicing of cable).

Question 45

Q

Classes of Network Abuse

Class D

Answer

A

Denial of Service Saturation of network services

Question 46

Q

Classes of Network Abuse

Class E

Answer

A

Network Intrusion – penetration (externally)
• Spoofing – A spoofing attack involves nothing more than forging one’s source address. It is the act of using one machine to impersonate another.
• Piggy Backing – attack using another users connection
• Back Door – attack via dial up or external connection

Question 47

Q

Classes of Network Abuse

Class F

Answer

A

Probing
• Gives an intruder a road map of the network for DoS attack
• Gives a list of available services
• Traffic analysis via ‘sniffers’ which scans the host for available services
o Like a telephone wiretap allows the FBI to listen in on other people’s conversations, a “sniffing” program lets someone listen in on computer conversations.
• Tools: Telnet (manual), vulnerability scanners (automatic).

Question 48

Q

Common DoS Attacks

Answer

A

Filling hard drive space with email attachments
Sending a message that resets a targets host subnet mask causing routing disruption
Using up all of the target’s resources to accept network connections

Question 49

Q

Buffer Overflow Attack

Answer

A

When a process receives much more data than expected.
Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Question 50

Q

PING

Answer

A

Packet Internet Groper – uses ICMP – Internet Control Message Protocol

Question 51

Q

PING of Death

Answer

A

Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang.

Question 52

Q

SYN Attack

Answer

A

Attacks the buffer space during a Transmission Control Protocol (TCP)
Attacker floods the target system’s ‘in-process’ queue with connection requests causing the system to time-out.

Question 53

Q

Teardrop Attack

Answer

A

Modifying the length of the fragmentation fields in the IP Packet
When a machine receives this attack, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous blue screen of death. Becomes confuse and crashes.

Question 54

Q

Smurf Attack

Answer

A

• (Source Site) Sends spoofed network request to large network (bounce site) all machines respond to the (target site). IP broadcast addressing.

Question 55

Q

Fraggle Attack

Answer

A

• The “smurf” attack’s cousin is called “fraggle”, which uses UDP echo packets in the same fashion as the ICMP echo packet.

Question 56

Q

Session Hijacking Attacks :

IP Spoofing

Answer

A

IP spoofing is used to convince a system that it is communicating with a known entity that gives an intruder access. IP spoofing involves altering the packet at the TCP level. The attacker sends a packet with an IP source address of a known, trusted source. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.

Question 57

Q

Session Hijacking Attacks

TCP Sequence number

Answer

A

tricks the target in believing that it’s connected to a trusted host and then hijacks the session by predicting the target’s choice of an initial TCP Sequence number. Then it’s used to launch various other attacks on other hosts.

Question 58

Q

Salami Attack

Answer

A

A series of minor computer crimes that are part of a larger crime.

Question 59

Q

Rainbow Series

Answer

A

Redbook – TNI - Trusted Network Interpretation
Time and technological changes lessen the relevancy of the TNI to contemporary networking.
Deals with technical issues outside the scope of the Orange Book wrt to networks
Redbook interprets the Orange Book
Orange Book – Trusted Computer Security Evaluation Criteria

Question 60

Q

TNI Evaluation Classes

Answer

A

D – Minimal protection
C – Discretionary protection
C1 – Discretionary Security Protection
C2 – Controlled Access protection
B – Mandatory
B1 – Labeled Security
B2 – Structured
B3- Security Domains

Question 61

Q

Protocols

Answer

A

is a standard set of rules that determines how computers communicate with each other across networks despite their differences (PC, UNIC, Mac..)

Question 62

Q

Layered architecture

Answer

A

shows how communication should take place
• Clarify the general functions of a communication process
• To break down complex networking processes into more manageable sublayers
• Using industry-standard interfaces enables interoperability
• To change the features of one layer without changing all of the code in every layer
• Easier troubleshooting

Question 63

Q

Layer 7

Answer

A

Application Security: Confidentiality, authentication, data integrity, non-repudiation
Technology: gateways
Protocols: FTP, SMB, TELNET, TFTP, SMTP, HTTP, NNTP, CDP, GOPHER, SNMP, NDS, AFP, SAP, NCP, SET n Responsible for all application-to-application communications. User information maintained at this layer is user data.

Question 64

Q

Layer 6

Answer

A

Presentation Security: confidentiality, authentication, encryption
Technology: gateway
Protocols: ASCII, EBCDIC, POSTSCRIPT, JPEG, MPEG, GIF n Responsible for the formatting of the data so that it is suitable for presentation. Responsible for character conversion (ASCII/EBCDIC), Encryption/Decryption, Compression, and Virtual Terminal Emulation. User information maintained at this layer is called messages.

Answer 65

A

Session Security: None
Technology: gateways
Protocols: Remote Procedure Calls (RPC) and SQL, RADIUS, DNS, ASP n Responsible for the setup of the links, maintaining of the link, and the link tear-down between applications.

Answer 66

A

Transport Security: Confidentiality, authentication, integrity
Technology: gateways
Protocols: TCP, UDP, SSL, SSH-2, SPX, NetBios, ATP n Responsible for the guaranteed delivery of user information. It is also responsible for error detection, correction, and flow control. User information at this layer is called datagrams.

Answer 67

A

Network Security: confidentiality, authentication, data integrity
Technology: virtual circuits (ATM), routers
Protocols: IP, IPX, ICMP, OSPF, IGRP, EIGRP, RIP, BOOTP, DHCP, ISIS, ZIP, DDP, X.25 n Responsible for the routing of user data from one node to another through the network including the path selection. Logical addresses are used at this layer. User information maintained at this layer is called packets.

Answer 68

A

Data Link Security: confidentiality,
Technology: bridges, switch
Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex A, Annex D, HDLC, BPDU, LAPD, ISL, MAC, Ethernet, Token Ring, FDDI n Responsible for the physical addressing of the network via MAC addresses. Ther are two sublevels to the Data-Link layer. MAC and LLC. The Data-Link layer has error detection, frame ordering, and flow control. User information maintained at this layer is called frames.

Answer 69

A

Physical Security: confidentiality
Technology: ISDN, Hubs, Repeaters, Cables
Protocols: 10BaseT, 100BaseT, 1000BaseT, 10Base2, 10Base5, OC-3, OC-12, DS1, DS3, E1, E3, ATM, BRI, PRI, X.23 n Responsible for the physical transmission of the binary digits through the physical medium. This layer includes things such as the physical cables, interfaces, and data rate specifications. User information maintained at this layer is called bits (the 1s and 0s).

Answer 70

A

is the process in which information from one packet is wrapped around or attached to the data of another packet. In OSI model each layer encapsulates the layer immediately above it.

Answer 71

A

Process down the stack and up the stack

* Each layer communicates with corresponding layer through the stack.

Answer 72

A

A security service is a collection of security mechanisms, files, and procedures that help protect the network.
•	Logging and monitoring
•	Authentication
•	Access control
•	Data confidentiality
•	Data integrity
•	Non-repudiation

Answer 73

A

A security mechanism is a control that is implemented in order to provide the 6 basic security services.
•	Encipherment
•	Digital signature
•	Access Control
•	Data Integrity
•	Authentication
•	Traffic Padding
•	Routing Control
•	Notarization

Answer 74

A

Transmission Control Protocol
• Connection Oriented
• Sequenced Packets
• Acknowledgment is sent back for received packets
• If no acknowledgement then packet is resent
• Packets are re-sequenced
• Manageable data flow is maintained

Answer 75

A

User Datagram Protocol
•	Best effort
•	Doesn’t care about sequence order
•	Connectionless
•	Less overhead and faster than TCP

Answer 76

A

All hosts on a network have an IP address
Each data packet is assigned the IP address of the sender and receiver

It provides an ‘unreliable datagram service’. Provides:
• No guarantees that the packet will be delivered
• No guarantee that the packet will be delivered only once
• No guarantee that it will be delivered in the order which it was sent

Answer 77

A

Use the IP Address to get the MAC Address
MAC address is 48 bit
IP address is 32 bit
Only broadcast to network first time, otherwise stores IP and MAC info in table

Answer 78

A

Use the MAC Address to get the IP Address

* RARP Server tells diskless machines IP Address

Answer 79

A

Management Protocol and messaging service provider for IP.
Sends messages between network devices regarding the health of the network.
Ping is ICMP packet
Ping checks if a host is up and operational

Answer 80

A

Terminal Emulation (No File Transfer)

Answer 81

A

Network File Sharing

Answer 82

A

Simple Mail Transfer Protocol
Internet Protocol
Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission. First defined by RFC 821 in 1982

Answer 83

A

Line Printer Daemon – with LPR enables print spooling

Answer 84

A

Simple Network Management Protocol
• Provides for the collection of network information by polling the devices on the network from a management station.
• Sends SNMP traps (notification) to MIBS Management Information Bases

Answer 85

A

Management Information Bases

Sends SNMP traps (notification) to MIBS Management Information Bases

Answer 86

A

Diskless boot up. BootP server hears the request and looks up the client’s MAC address in its BootP file. It’s an internet layer protocol.

Answer 87

A

• Originated by Visa and MasterCard
• Being overtaken by SSL
At the Application Layer (OSI Model)

Answer 88

A

• Early standard for encrypting HTTP documents
• Also being overtaken by SSL
At the Transport Layer (OSI Model)

Answer 89

A

Secure Socket Layer
• Contains SSL record protocol and SSL Handshake Protocol
• Uses symmetric encryption and public key for authentication
• MAC – Message Authentication Code for Integrity
At the Transport Layer (OSI Model)

Answer 90

A

Simple Key Management for Internet Protocol

Similar to SSL – no prior communication required

Answer 91

A

Screening Router
Operates at Network and Transport level
Examines Source and Destination IP Address
Can deny based on ACLs
Can specify Port

Answer 92

A

Proxy Server
Copies each packet from one network to the other
Masks the origin of the data
Operates at layer 7 (Application Layer)
Reduces Network performance since it has do analyze each packet and decide what to do with it.
Also Called Application Layer Gateway

Answer 93

A

Packets Analyzed at all OSI layers
Queued at the network level
Faster than Application level Gateway

Answer 94

A

Allows modification of security rules
Mostly used for UDP
Remembers all of the UDP packets that have crossed the network’s perimeter, and it decides whether to enable packets to pass through the firewall.

Answer 95

A

Runs in NT Kernel

* Uses dynamic and custom TCP/IP-based stacks to inspect the network packets and to enforce security policies.

Answer 96

A

Sits between trusted and untrusted networks
Uses ACLs
ACLs can be manually intensive to maintain
Lacks strong user authentication
ACLs can degrade performance
Minimal Auditing

Answer 97

A

Employs packet filtering and Bastion Host
Provides network layer (packet filtering) and
application layer (proxy) services
Penetration requires getting by external router
(packet filtering) and Bastion Host (proxy).

Answer 98

A

Contains two NICs
One connected to the local “trusted” network
One connected to the external “untrusted” network
Blocks or filters traffic between the two.
IP forwarding is disabled

Answer 99

A

One of the most secure
Two packet filtering routers and a Bastion Host
Provides network layer (packet filtering) and
application layer (proxy) services
Provides DMZ
Complex configuration

Answer 100

A

Circuit level proxy server
Requires SOCKS client on all machines
Used to manage outbound Internet access
IT Overhead intensive

Answer 101

A

Network Address Translation

Answer 102

A

Global Nonroutable Addresses
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
• Class A addresses are for large networks with many devices. 1-127
• Class B addresses are for medium-sized networks. 128-191
• Class C addresses are for small networks (fewer than 256 devices). 192-223
• Class D addresses are multicast addresses.

Answer 103

A

• Secure connection between two nodes using secret encapsulation method.
• Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
Tunnel can be created by the following three methods:
• Installing software or agents on client or network gateway.
• Implementing user or node authentication systems.
• Implementing key and certificate exchange systems.

Answer 104

A

Works at the Data Link Layer
Single point to point connection from client to server
Common with asynchronous connections with NT and Win 95

Answer 105

A

VPN Protocol Standards
• Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F)
• Multiple protocols can be encapsulated within the L2TP
• Single point to point connection from client to server
• Common with Dial up VPNs

Answer 106

A

Operates at the network layer
Allows multiple and simultaneous tunnels
Encrypt and authenticate IP data
Focuses more on Network to Network Connectivity

Answer 107

A

Installed on a networks perimeter and encrypt traffic between the two
Because IPSec only work with IP
Operate at Network Layer
Two Modes:
• Tunnel Mode – entire packet is encrypted and encases in IPSec packet
• Transport Mode – Only datagram is encrypted leaving IP address visible.
Datagram: A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination.

Answer 108

A

• Common non-IPSec compatible include SOCKS, PPTP and SSH
• SOCKS is not traditional VPN protocol but is robust and operates at Application Layer.
PTP implemented in Win95 and NT
• Multiprotocol and uses PAP and CHAP user authentication.
• Compresses Data
• End-to-End encryption
Secure Shell SSH-2
• Not strictly VPN but can be used as one with Terminal Session

Answer 109

A

Frequently available with Third Generation (Stateful Inspection) Firewalls
Operate at the Application layer
Performance degradation is often a problem

Answer 110

A

Local Area Network (LAN)
Wide Area Network (WAN)
Internet, Intranet, and Extranet

Answer 111

A

• Discrete network for limited geographical area like a building or a single floor
• Two most popular LANs are:
CAN - Campus Area Network – connects multiple buildings with each other over switched backbone
MAN – Metropolitan Area Network – LAN over a city wide metropolitan area.
• Both CAN and MAN can have a connection to WAN

Answer 112

A

Network of sub networks that interconnect LANs over large geographic areas.
WAN is basically everything outside of LAN

Answer 113

A

The Internet is a WAN originally funded by the DOD

* Uses TCP/IP

Answer 114

A

Internet like logical network that uses a companies internal physical network structure
More security and control than Internet
Uses Internet tools like browsers.

Answer 115

A

Extranet can be accessed by users outside of the company, (i.e. vendors and partners) but not the general public.
Includes some type of authentication or encryption

Answer 116

A

Asynchronous is basis of modems and dial up remote access. Must operate at same speed.
Start and stop bits mark the beginning and the end of each transfer.
Synchronous is very high speed, governed by electronic clock timing signals.

Answer 117

A

Relatively slow speed
Two insulated wires can be shielded (STP) or unshielded (UTP)
UTP is a four-pair medium comes in several categories
UTP can be easily tapped by eavesdroppers than the other cable types.
Category based on how tightly wound the wires are, tighter the wind the higher the rating and resistance to interference.
Cat 1 UTP– was used for telephone lines not good for data.
Cat 2 UTP – up to 4 MBps
Cat 3 UTP – Used for 10BaseT networks up to 10 MBps
Cat 4 UTP – Used in Token Ring Networks up to 16 MBps
Cat 5 UTP - Current UTP standard for new installations up to 100 MBps
Cat 6 UTP – up to 155 MBps
Cat 7 UTP – up to 1 GBps

Answer 118

A

Hollow outer conductor surrounds inner wire conductor. Currently two types in LANs
50-ohm Cable for digital signaling
75-ohm Cable for analog signaling and high speed digital signaling
Coax is more expensive but is more resistant to Electromagnetic Interference (EMI).
Used rarely except in Broadband communications
Comes in two types:
Thinnet – (RG58)
Thicknet – (RG8 or RG11)
Two common types of coaxial transmission methods:
Baseband – The cable carries a single channel
Broadband – cable carries several channels such as data, voice, audio, and video

Answer 119

A

Conducts modulated light transmission
Light waves are faster and travel greater distances
Difficult to tap
Resistant to EMI
Usually connects backbones in larger networks
Can be used to connect workstations to the network.
Expensive to install and to terminate.

Answer 120

A

Rules for communication between computers on a LAN

* Formatting of the data frame, the timing and sequencing of packet delivery, and resolution of error states.

Answer 121

A

Foundation of Ethernet Protocol.
Workstation continuously monitors the line waiting until it thinks it is free.
If the workstation doesn’t receive an acknowledgement from the destination to which it sent the packet, it assumes a collision has occurred and it resends the packet.
Persistent Carrier Sense - Unless receives acknowledgement it will resend.
Nonpersistent Carrier Sense – waits random amount of time and resends.

Answer 122

A

Carrier Sense Multiple Access Collision Avoidance – Workstations connected to two coax cables, one to send and one to receive data.

Answer 123

A

Carrier Sense Multiple Access Collision Detection – Ethernet
If the host detects another signal while transmitting it will send a jam signal causing all nodes to stop sending data. Nodes wait to resend. Designed to avoid collisions.

Answer 124

A

a primary workstation polls another at a predetermined time to determine if it has data to transmit. Primary must give permission to others to transmit.

Answer 125

A

Token Ring and FDDI and ARCnet
Cannot transmit without the token
Each station can hold token for maximum predetermined amount of time

Answer 126

A

refer to the way packets are sent on the network
• Unicast – from single source to single destination
• Multicast - source copied and sent to multiple destinations
• Broadcast - source copied and sent to all nodes on the network

Answer 127

A

defines the manner in which the network devices are organized to facilitate communications.

Answer 128

A

All transmissions travel full length of the cable and received by all other stations.
Single point of failure in the cable.
If one of the links between any of the computers is broken, the network is down.
Primarily Ethernet.
These networks were originally designed to work with more sporadic traffic.

Answer 129

A

Unidirectional transmission links form closed loop.
Token Ring and FDDI.
Similar to the Star topology, however there’s a device called a Multistation Access Unit (MAU).
MAU works the same as a hub, but with Token Ring networks instead of Ethernet networks.
These networks were originally designed to serve large, bandwidth-consuming applications.

Answer 130

A

Nodes connected to a central LAN or a junction box called a hub or a concentrator at the center of the network.
Ads: reliability
Ring and Bus often use Star as physical connection.

Answer 131

A

branches can have multiple nodes.

Answer 132

A

all nodes connected to every other node.

Answer 133

A

• Ethernet – uses CSMA/CD – Designed for sporadic traffic
• Ethernet defines a bus topology with three different cabling standards
Thinnet – 10Base2 – coax with segments up to 185 meters.
Thicknet – 10BaseS – coax with segments up to 500 meters.
UTP – Unshielded Twisted Pair – all devices connected to a hub or switch 10BaseT 10 Mbps, 100BaseT 100 Mbps and 1000BaseT 1 GBps

Answer 134

A

Early LAN technologies

* Uses token passing in a Star topology on coax cable.

Answer 135

A

Second to Ethernet
All end stations connected to a Multistation Access Unit (MSAU)
One station is designated as the Active Monitor
If a transmitting station fails, the Active monitor will remove the token and generate a new one.

Answer 136

A

Dual token ring LAN at 100 MBps on Fiber
Dual counter rotating rings only one active at a time
Operates over long distances with minimal interference
Predictable delays, deterministic
Permits several tokens to be present at a time
Expensive and requires expertise
Copper Distributed Data Interface (CDDI) – can be used with UTP cable but subject to interference and length issues associated with Copper.

Answer 137

A

amplify signal, no added intelligence, no filtering – Physical Layer (1)

Answer 138

A

used to connect multiple LAN devices, no added intelligence – Physical Layer (1)

Answer 139

A

Amplify signal, add some intelligence. A bridge forwards the data to all other network segments if the Media Access Control (MAC) or hardware address of the destination computer is not on the local network segment. Automatically forwards all broadcast traffic. Does not use IP address because IP is contained in the Network Layer (3) – Data Link Layer (2)

Answer 140

A

Will only send data to the port where the destination MAC address is, not to all ports. Primarily operate at the Data Link Layer (2), although extremely fast layer 3 devices combining switching and routing are being used.

Answer 141

A

router opens packet and looks at either the MAC or IP address only forwards to the network that it is destined. Operates at Network Layer (3)

Answer 142

A

primarily software, can be multi-protocol, can examine entire packet.

Answer 143

A

Used in WANs and CANs. Use cell relay technology.

Answer 144

A

remote access multi layer switch connected to host router, filters based on MAC address or Network Layer protocol, not capable of firewalling.

Answer 145

A

Evolved before packet switching networks. Dedicated analog or digital point-to-point connection. Serial Line Internet Protocol (SLIP), Point-to Point protocol (PPP), ISDN, xDSL.
• Dedicated Line – indefinitely and continuously reserve for transmissions.
• Leased Line – Type of dedicated line leased from carrier.

Answer 146

A

Types and Speeds of Leased Lines:
• Digital Signal Level 0 – DS-0 – single channel at 64KBps on a T1
• Digital Signal Level 1 – DS-1 – 1.544 MBps in US on a T1 and 2.108 MBps in Europe on a E1
• Digital Signal Level 3 – DS-3 – 44.736 MBps on a T3

T1 – Transmits DS-1 data at 1.544 MBps on telephone switching network
T3 – Transmits DS-3 data at 44.736 MBps on telephone switching network
E1 – predominately used in Europe carries data at 2.108 MBps
E3 - predominately used in Europe carries data at 34.368 MBps

Answer 147

A

developed in 1984 to support TCP/IP over low speed serial interfaces. Using Windows NT RAS, NT computers can use TCP/IP and SLIP to communicate to remote hosts.

Answer 148

A

over dial up and dedicated links, includes login, password, and error correction. Operates at the Data Link Layer (2) and uses CHAP and PAP.

Answer 149

A

Integrated Services Digital Network - integration of digital telephony and data transport. Digitization of the telephone network, allowing voice, data, etc. Overtaken by DSL.

Answer 150

A

Digital Subscriber Line – uses existing twisted pair telephone lines.
n ADSL – Asymmetric Digital Subscriber Line more bandwidth downstream from 1.5 to 9 MBps with upstream 16 to 640 KBps. ADSL works at 18,000 feet lengths, theoretical and 14,400 practical over single copper twisted pair.
n SDSL - Single-line (Symmetric) Digital Subscriber Line provides from 144 KBps up to 1.544 MBps both down and up, depending on distance, over single copper twisted pair, works at 10,000 feet lengths.
n HDSL – High-Rate Digital Subscriber Line - 1.544 MBps both down and up over two copper twisted pair. Provides T1 speeds. Can do 2.048 MBps on three copper twisted pair.
n VDSL – Very-high Rate Digital Subscriber Line – 13-52 MBps down and 1.5 MB to 2.3
MBps upstream over single copper twisted pair operating range 1,000 – 4,500 feet

Answer 151

A

Defined as a switching system in which a physical circuit path must exist for the duration of the transmission
Physical permanent connections from one point to another
Older technology than Packet Switching
Phone companies use this a lot

Answer 152

A

Create virtual circuits used as needed and reduce cost.
Defined as a switching system where nodes share bandwidth by sending small packets.
Each packet sent to the next destination by the router.
Packets reassembled based on original sequence

Answer 153

A

X.25, Link Access Procedure Balance (LABP), Frame Relay, Switched Multimegabit Data Service (SMDS), Asynchronous Transfer Mode (ATM), Voice over IP (VoIP)

Answer 154

A

First packet switching network
Supports Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs)
Designed to operate effectively regardless of the type of systems connected to
Currently much more predominant overseas than in the US

Answer 155

A

Designed for use with X.25
Defines frame types
Can retransmit, exchange and detect out of sequence frames or missing frames.

Answer 156

A

High performance WAN protocol
Operates at Physical and Data Link Layers (1 and 2)
Originally designed for ISDN
Replaces X.25 and LAPB
Simple and fast, no error correcting
Supports Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs)
Not available everywhere

Answer 157

A

High Speed over public switched networks

* Connectionless bandwidth on demand

Answer 158

A

High bandwidth, low delay
Uses switching and multiplexing
Uses 53 byte fixed size cells instead of frames
Can allocate bandwidth on demand
Taking place of FDDI in Campus Backbone

Answer 159

A

Combines media types (voice, video, data, audio) into one IP packet
Provides benefits in cost, performance and interoperability
Very new but far reaching potential

Answer 160

A

Uses polling access method for mainframes
Based on dedicated leased line
Evolved into HDLC and LAPB
Operates at Data Link Layer (2)

Answer 161

A

Derived from SDLC
Specifies data encapsulation method on synchronous serial links
Operates at Data Link Layer (2)

Answer 162

A

Defines the electrical and physical interfaces to be used by DTE/DCE
Operates and the Physical Layer (1)

Answer 163

A

router opens packet and looks at either the MAC or IP address only forwards to the network that it is destined. Operates at Network Layer (3)

Answer 164

A

MUX enables more than one signal to be sent out over one physical circuit

Answer 165

A

multi-port network devices operate at the Data Link Layer (2). Typically switch Frame Relay, X.25 and SMDS

Answer 166

A

provides dial in and dial out access connections to a network. Typically asynchronous.

Answer 167

A

interprets digital and analog signals, transmits over voice grade telephone lines.

Answer 168

A

used to terminate the physical interface on a DTE device such as a terminal.

Answer 169

A

Provide remote user (employee, vendor, partner) access into the network while maintaining C.I.A. (Confidentiality, Integrity, Availability)

Answer 170

A

Providing employees flexible work styles, Telecommuting
Building efficient ties with vendors, partners, suppliers and employees.
Reducing costs by replacing dedicated network lines

Answer 171

A

How most people access Internet

* Use existing public switched phone network to access ISP

Answer 172

A

Carries voice, data over telephone networks
Two Interface Types
BRI – Basic Rate Interface composed of two B channels and one D Channel
PRI – Primary Rate Interface composed of a single 64 KBps D channel plus 23(T1) or 30 (E1) channels

Answer 173

A

Digital Subscriber Line

• Uses existing twisted pair telephone lines.

Answer 174

A

High speed access from the cable company
Users share the Coax connection
Throughput varies depending on number of users
Considered insecure because local segment is not filtered or firewalled (Says Who?)

Answer 175

A

Fastest Growing area of connectivity
Encryption is being developed
802.11a – 5 Ghz wireless - very soon
802.11b – 2.4 Ghz currently most popular up to 11 MBps
802.11g – 2.4 Ghz but faster than 802.11b
WEP – Wired Equivalency Protocol – up to 128-bit WEP
WAP - Wireless Access Point
SSID – Service Set Identifier – Network Name
Use encryption, VPN, treat as external connection, directional antenna

Answer 176

A

Filtering by source IP address

* Node authentication not user authentication

Answer 177

A

Caller ID checks incoming number against approved list
Very commonly used, hard to defeat
Hard to administer for traveling users

Answer 178

A

Caller supplies password or identifier and hangs up
System dials back number listed for the user
Hard to administer for traveling users

Answer 179

A

Verify who is remotely communication.
Identification - Who
Authentication – Verify and Trust

Answer 180

A

Remote security protocol. Provides Identification and Authentication.
Uses static replayable password for authentication (now considered weak)
Does not encrypt the User ID or Password

Answer 181

A

Next evolution of PAP uses stronger authentication
Nonreplayable Challenge/Response
Verifies Identity of the node
Often used to enable network-to-network communication
Commonly used by remote access servers and xDSL, ISDN, and cable modems

Answer 182

A

TACACS – Terminal Access Controller Access Control System (TCP)
TACACS+ – includes the use of two factor authentication
RADIUS – Remote Access Dial-In User Service (UDP)

Answer 183

A

Provides remote authentication and related services
User password administered in a central database rather than in individual routers
TACACS enabled network device prompts for user name and static password
TACACS enabled network device queries TACACA server to verify password
Does not support prompting for password change or use of dynamic tokens

Answer 184

A

Proprietary CISCO enhancement
Two factor Authentication
User can change password
Ability to use secure tokens
Better Audit Trails

Answer 185

A

• Offers similar benefits to TACACS+
• Often used as a stepping stone to TACACS+
• Radius Server contains dynamic password and network service access information (Network ACLS)
• Radius is a fully open protocol, can be customized for almost any security system
• Can be used with Kerberos and provides CHAP remote node authentication
Except does not work with:
• Apple Talk Remote Access Resolution Protocol
• NetBios Frame Protocol Control Protocol
• Netware Asynchronous Services Interface
• X.25 PAD Connection

Does not provide two-way authentication and is not used for router-to-router authentication.

Brainscape's Knowledge GenomeTM

Domain 3 – Telecom and Network Security Flashcards

Brainscape's Knowledge Genome^TM