Domain 4

Question 1

Open System Interconnections (OSI)

Answer 1

The Open System Interconnections (OSI) reference model was defined in 1984 and published as ISO/IEC 7498-1
The (OSI) reference model is structured into 7 layers:
- Layer 7 -  Application.
- Layer 6 -  Presentation.
- Layer 5 -  Session.
- Layer 4 -  Transport.
- Layer 3 -  Network.
- Layer 2 -  Data Link.
- Layer 1 -  Physical.

Question 2

The TCP/IP Model

Answer 2

The TCP/IP Model (also known as the Department of Defence - DoD) reference model, is structured into four layers:

• Layer 1: Link Layer
• Layer 2: Internet Layer
• Layer 3: Transport Layer
• Layer 4: Application Layer.

Question 3

Layers Characteristics

Answer 3

Layers reference specific functions.

• Layers provide Encapsulation
• Layers provide Abstraction
• Layers provide decoupling.

Question 4

IP Convergence

Answer 4

IP Convergence is the use of the Internet Protocol (IP) for transmitting different types of traffic (e.g. voice, data, music, video, TC, teleconferencing) over single network.

• Introduces standardization.
• Reduces the number of service Providers.
• Reduces the number of service providers.

Question 5

Non-IP Networking

Answer 5

TCP/IP is the communications protocol of the Internet. To transverse the Internet, non-IP networking protocols must either be encapsulated. translatable, or used for non-Internet niche purpose.

Question 6

Multi-protocol Label Switching (MPLS)

Answer 6

Multi-protocol Label Switching (MPLS) is a scalable, protocol- independent transport technique for high performance networks.

• Operates between OSI Layers 2 and 3
• Data packets are assigned labels (tags)
• MPLS label edge routers (LER) make packet-forwarding decisions based on the short packet-label contents and quality of service (QoS) requirements.

Question 7

Distributed Network Protocol (DNP3)

Answer 7

Distributed Network Protocol (DNP3) is an open standard-based communications protocol used between components in process automation systems.

• Operates at Layers 2, 4 and 7.
• Used primarily in the electric, water, waste water transportation, oil, and gas industries.
• DNP3 was developed to meet the need fro a standard protocol that would allow SCADA system components developed by differing vendors.

Question 8

Fiber Channel over Ethernet (FCoE)

Answer 8

Fiber Channel over Ethernet (FCoE) is a Layer 2 standard-based protocol that allows Fibre Channel frames to be carried over Ethernet links.

• FCoE, network (IP), and storage (iSCSI) data traffic can be consolidated using a single network.
• FCoE is not routable at the IP layer.

Question 9

Wireless Modes

Answer 9

• Ad Hoc: peer-to-peer relationship.

- Infrastructure Mode: topology includes wireless devices, access points, and wired routes connected to the Internet.

Question 10

WPAN

Answer 10

Wireless Personal Area Network A.K.A Bluetooth. 802.15 Standard.
Interconnects devices within a limited range (e.g. keyboards)

Question 11

WLAN

Answer 11

Wireless Local Area Network.

802.11 Standard

Question 12

WMAN

Answer 12

Wireless Metropolitan Area Network.

802.16 Standard.

Question 13

WWAN

Answer 13

Wireless Wan Area Network.

Point-to-Point microwave links.

Question 14

802.11

Answer 14

Rate: 2 Mbps
Frequency: 2.4 GHz
Distance: 100m

Question 15

802.11b

Answer 15

Rate: 11 Mbps
Frequency: 2.4 GHz
Distance: 140m

Question 16

802.11a

Answer 16

Rate: 54 Mbps
Frequency: 5.0 GHz
Distance: 120m

Question 17

802.11g

Answer 17

Rate: 54 Mbps
Frequency: 2.4 GHz
Distance: 140m

Question 18

802.11n

Answer 18

Rate: 150 Mbps
Frequency: 2.4 GHz / 5.0 GHz
Distance: 250m

Question 19

802.11i

Answer 19

Security for 802.11 technologies.

Question 20

802.11e

Answer 20

Quality of Service (QoS) for priority and time sensitive data.

Question 21

802.11 Security Protocols

Answer 21

• WEB
• WPA
• WPA2

Question 22

WEP

Answer 22

• Authentication: Preshared key (PSK) or open.
• Key: 64- or 128-bit key . All users and services use the same key.
• Encryption: RC4 Stream Cipher
• Integrity: 32-bit CRC Hash
• Status: Insecure

Question 23

WPA

Answer 23

• Authentication: Enterprise RADIUS, Certificate or Personal PSK
• Key: Separate keys (TKIP) 256-bit key
• Encryption: RC4 Stream Cipher
• Integrity: 64-bit MIC
• Status: Temporary Fix. Superseded by WPA2

Question 24

WPA2

Answer 24

• Authentication: Enterprise RADIUS, Certificate or Personal PSK
• Key: Separate keys 256-bit key and block size.
• Encryption: AES Block Cipher
• Integrity: CCMP
• Status: Current standard Vulnerability if using Wi-Fi Protected Setup (WPS)

Question 25

Wi-Fi Protected Setup

Answer 25

Created by the Wi-Fi alliance and introduced in 2006, the goal was to make it easy to add new devices to an existing network without entering long passphrases.
- The PIN flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the networks WPA.WPA2 per-shared key .

Question 26

War Driving

Answer 26

War Driving is the physical scanning for unprotected wireless networks.

Question 27

War Chalking

Answer 27

War Chalking is marking a physical area to indicate a free, open, and/or insecure wireless network access point.

Question 28

Bluejacking

Answer 28

Bluejacking - Bluetooth Discovery.

- Enables an attacker to send an unsolicited/unwanted message to a Bluetooth device.

Question 29

Bluesnarfing

Answer 29

Bluesnarfing - Bluetooth Authentication.

- Discovering and connecting to a Bluetooth device with weak or non-existent authentication requirements.

Question 30

Blueborne

Answer 30

Blueborne - Device Takeover

- Exploits protocol weakness.

Question 31

NFC (Near Field Communication) Bump

Answer 31

NFC (Near Field Communication) Bump

- Enables an NFC-enabled attacker to connect to an NFC device by being in close enough range.

Question 32

Evil Twin

Answer 32

Rogue access point with the same SSID,

• Enables an attacker to “trick” a user into connecting to a an attacker controlled network.
• May also impersonate a “captive portal” to capture credentials and/or payment information.
• Can be used as a stepping store to a MiTM attack

Question 33

Transmission Characteristics.

Answer 33

• Throughput
• Signal Strength
• Environmental sensitivity (EMI and RFI)
• Temperature fluctuations.
• Interceptions capabilities (emanation)

Question 34

Emanations Secuirty (EMSEC)

Answer 34

Attacker scan use radio signals, sounds, and vibrations, to obtain information. Protection mechanisms include shielding, filtering, and masking.
- Fiber optic has no electromagnetic protection standards.

Question 35

TEMPEST

Answer 35

TEMPEST is a National Security Agency and NATO emanation certification program that includes both classified and unclassified protection standards.

Question 36

Ethernet

Answer 36

Ethernet is defacto physical layer networking technology.

• Ethernet is a Carrier Sense Multiple Access / Collision Detection (CSMA/CD) Protocol.
• Current versions include Fast Ethernet (100 Mbps), Gigabit Ethernet (up to 100 Gbit/s) and Terabit Ethernet (above 100 Gbit/s).

Question 37

Hubs

Answer 37

Hubs re-transmit a signal received on one connection point to all ports. Level 1 devices.

Question 38

Repeaters

Answer 38

Repeaters amplify signals. Level 1 devices.

Question 39

Bridges / Wireless Access Points

Answer 39

Bridges, Wireless Access Points filter traffic based on MAC address, amplify signals, and can connect dissimilar media.

Question 40

Switch

Answer 40

Switches are used to create connections between two ports and eliminate collisions.

Question 41

Routers

Answer 41

Routers forward packets using IP addresses and routing protocols.

Question 42

Port Security

Answer 42

Port Security is a dynamic feature that can be used to limit and identify the MAC addresses of the stations that allow access to the same physical network.

Question 43

Virtual Local Area Networks (VLAN)

Answer 43

Virtual Local Area Networks (VLAN) management allows for the software configuration of endpoints to be logically grouped together even if they are not attached to the same network switch.

Question 44

Network Latency

Answer 44

Network Latency is an expression of how much time it takes for a packet of data to get from one designated point to another.

Question 45

Throughput

Answer 45

Throughput is the quality of useful work made by the system per unit of time.

Question 46

Network-based IDS/IPS

Answer 46

Network-based IDS/IPS analyzes and reports on network traffic. A network-based IPS (NIPS) can take responsive action.
A network IDS/NIPS can be situated out-of-band or in-band.

Question 47

Firewalls

Answer 47

The primary objective of a firewall is to isolate network segments by controlling ingress and egress access.

• Firewalls are preventive controls because they can be configured to restrict ingress and egress network traffic, repel known attacks, manage nonreturnable IP addresses, and anonymize internal addresses.
• Firewalls can also be detective controls, because they can be configured to log events and to send alerts.

Question 48

Firewall Security Features

Answer 48

• Packet Filtering
• Access Control List
• State
• Application layer Filtering
• Network Address Translation.

Question 49

Types of Firewall Filters

Answer 49

• Malware
• File Type
• Anti-Spam
• Message Content
• DLP
• URL

Question 50

Proxy Server

Answer 50

A Proxy Server is an intermediary machine, between a client and a server, which is used to filter or cache requests made by the client.
- A proxy server can be single purpose - supporting one protocol, (e.g http) or multi-purpose - supporting multiple protocols.

Question 51

Normal / Forward Proxy

Answer 51

The Clients (browsers) are configured to send requests to the proxy server. 
- The proxy server receives the requests, fetches the content and stores a copy for future use (Cache)

Question 52

Transparent Proxy

Answer 52

The same as forward proxy except that the client (browser) does not need to be configured. The proxy server resides on the gateway and intercepts requests.

Question 53

Reverse Proxy

Answer 53

A Reverse Proxy appears to the client just like an ordinary web server.

• The proxy caches all the static answers from the web server and replies to the clients from its cache to reduce the load on the web server.
• This type of setup is also known as Web Server Acceleration.

Question 54

Web Security Gateway

Answer 54

A Web Security Gateway is an appliance that operates as a proxy and can filter content, enforce rules, and inspector malicious content at the application level.

Question 55

A network Segment within a trusted segment

Answer 55

Enclave

Question 56

Network Access Control (NAC)

Answer 56

Network Access Control (NAC) is an agent or agentless approach to network security that attempts to unify endpoint security technology, user or system authentication, and network security enforcement.

Question 57

NAC Agents

Answer 57

• Persistent or Permanent: Installed on a device and runs continuously.
• Dissolvable: Downloads and runs when required. (one time authentication and then disappears).
• Agentless: Integrates with a directory services (e.g. Active Directory)

Question 58

NAC Policies

Answer 58

NAC pre-admission policies determines if a device is allowed on the network and if so, what segment based on host health (e.g. AV, patch level, firewall and IDS status, configuration settings)
- NAC post-admission policies regulate and restrict access once the connection is allowed.

Question 59

Endpoint Firewalls

Answer 59

Endpoint Firewalls (known as local, host-based, or software firewall) is a proactive boundary for the local device that monitors and restricts ingress and egress access.

Question 60

Endpoint IDS/IPS

Answer 60

Endpoint IDS/IPS (known as HIDS) monitors and analyzes local behavior as well as network connectivity and can (if IPS functionality is available) be configured to take a corresponding action.

Question 61

Voice over IP (VoIP)

Answer 61

Voice over IP (VoIP) is the transmission of voice traffic over IP-based networks instead of using traditional analog circuits.

Question 62

IP Convergence

Answer 62

IP as the standard transport for transmitting all information.

Question 63

IP Telephony

Answer 63

Full suite of VoIP enabled services previously provided by a PBX.

Question 64

H.323

Answer 64

H.323 was the first widely adopted and open ViIP protocol.

Question 65

Session Initiation Protocol

Answer 65

Session Initiation Protocol (SIP) is designed to manage multimedia connections such as VoIP, video calls, and instant messaging over IP.
- SIP provides integrity protection by utilizing MD5.

Question 66

Real-time Transmission Protocol (RTP)

Answer 66

VoIP uses Real-time Transmission Protocol (RTP) which does not guarantee delivery but is designed to requires re-delivery of packet.

Question 67

Secure Real-Transport Protocol (SRTP)

Answer 67

Secure Real-Transport Protocol (SRTP) is an extension of RTP that incorporates enhanced security features. Uses encryption and authentication to minimize risk of denial of service and replay attacks.

Question 68

VoIP Security

Answer 68

• Enclave VoIP servers.
• Implement VoIP servers.
• Disable unnecessary services on VoIP devices.
• Include servers in vulnerability and patch management program.
• Include VoIP in threat intelligence program.
• Vendor SLA

Question 69

Content distribution network (CDN)

Answer 69

A Content distribution network (CDN) is a large distributed system of servers, Internet Service providers, and network operations.
- The goal of CDN is to serve content to end users with high availability and high performance.

Question 70

Remote Access Applications

Answer 70

• Telnet
• Secure Shell (SSH)
• Remote Desktop Software (RDP)
• Virtual Private Network (VPN)

Question 71

Telnet

Answer 71

Telnet facilitates the connection to a remote system and the execution of commands.

• Telnet provides basic authentication.
• Telnet communication is in clear text.
• Port TCP 23.

Question 72

Secure Shell (SSH)

Answer 72

SSH facilitates the connection to a remote system and the execution of commands.

• SSH creates a secure encrypted tunnel to the remote system.
• Port TCP 22.

Question 73

Remote Desktop Software (RDP)

Answer 73

Software or OS feature that allows a desktop environment to be run remotely.

Question 74

Virtual Private Network (VPN)

Answer 74

VPN in a secure private connection between two endpoints.

Question 75

VPN Tunneling

Answer 75

VPNs isolate the network frames from the surrounding networking using a process known as encapsulation or tunneling.

• Full Tunneling allow the routing of some traffic over the VPN while letting other traffic directly access the internet.
• Split Tunneling: allows the routing of some traffic over the CPN while letting other traffic directly access the internet.

Question 76

VPN Protocols

Answer 76

• PPTP
• L2TP
• SSL
• IPsec

Question 77

PPTP

Answer 77

Microsoft’s implementation of secure communication over a VPN.

• Designed to secure Point-to-Point (PPP)
• No longer considered secure.

Question 78

L2TP

Answer 78

Cisco’s implementation of secure communication over a VPN.

• Combines Layer 2 Forwarding and PPTP
• Can be used on IP and non-IP networks.

Question 79

SSL

Answer 79

Uses SSL or its successor TLS for single or multiple connections using a browser.

• User connects to a SSL gateway or endpoint.
• SSL VPN Portal is a single connection to multiple services.

Question 80

IPsec

Answer 80

Defacto standard for IP based VPNs.

• Host-to-host, host-to-site, and site-to-site connections,
• Uses cryptography to provide authentication, integrity, confidentiality, and non-repudiation.

Question 81

IPsec Modes

Answer 81

• Transport Mode.

- Tunnel Mode.

Question 82

Transport Mode IPsec

Answer 82

Transport Mode use used for end-to-end communication between client and server.

• The IP payload is encrypted
• Transport is the default mode of IPsec.

Question 83

Tunnel Mode IPsec

Answer 83

Tunnel Mode is used between server-server , server-gateway, or gateway-gateway.
- The entire Packet is encrypted.

Question 84

Authentication Header (AH)

Answer 84

Integrity, Origin Authentication, Replay Attack Protection (HMAC)

Question 85

Encapsulation Security Payload (ESP)

Answer 85

Integirty, origin Authentication, Replay Attack protection, and Confidentiality (HMAC & Symmetric Encryption).

Question 86

Internet Key Exchange (IKE)

Answer 86

Device authentication and establishing security association.

Question 87

Security Association (SA)

Answer 87

A negotiation that includes the algorithms that will be used, key length, and key information.

Question 88

Security Parameter Index (SPI)

Answer 88

Security Association Identifier.

Question 89

Always-on VPN

Answer 89

An Always-on VPN starts automatically as soon as a client device recognizes an internet connection.

• Connection and authentication are transparent to the user.
• Non- Compliant devices are rejected.

Question 90

Secure Socket Layer (SSL)

Answer 90

Secure Socket Layer (SSL) is used to establish a secure communication channel between two TCP sessions by negotiation. Default SSL port is 443.

Question 91

Transport Layer Security (TLS)

Answer 91

Transport Layer Security (TLS) is used to establish a secure communication channel between two TCP sessions using a cryptographic key exchange. Default TLS port is 443.
TLS is the successor and recommended replacement for SSL. TLS 1.1 or higher should be used. TLS 1.o has been broken.

Question 92

SSL/TLS Accelerators

Answer 92

SSL/TLS encryption / decryption is a processor intensive operation.

• SSL/TLS Application Specific Integrated Circuits (ASICS) are processes that are specifically designed to perform SSL?TLS operations.
• SSL/TLS Accelerator is an ASIC appliance that sits between a user and server, accepting SSL/TLS connections from the client and sending them via private network to the server encrypted.

Question 93

SSL Decryptors

Answer 93

SSL Decryptors are controversial perimeter devices (either built into the firewall or standalone appliance) used to decrypt SSL/TLS packets, inspect the contents, re-encrypt, and forward the packet.

Question 94

Hypertext Transfer Protocol (HTTP)

Answer 94

Hypertext Transfer Protocol (HTTP) is the underlying protocol used by websites and defines what actions browsers and web-servers should take in response to commands. HTTP is a clear text protocol and subject to eavesdropping, reply and MiTM attacks.

Question 95

Hypertext Transfer Protocol (HTTPS)

Answer 95

Hypertext Transfer Protocol (HTTPS) is an extension to HTTP that adds support for SSL and TLS in order to encrypt communication between a browser and a website (TCP Port 443)

Question 96

File Transfer Protocol (FTP)

Answer 96

File Transfer Protocol (FTP) is used for file access, file transfer, and file management. Authentication data payload are transmitted in clear text and subject to eavesdropping, relay, and MiTM attacks.

Question 97

File Transfer Protocol Secure (FTPS)

Answer 97

File Transfer Protocol Secure (FTPS) is an extension of FTP that adds support for SSL and TLS in order to encrypt the file transfer channel (TCP port 990 or 21)
- Don’t confuse FTPS with SFTP. SFTP uses SSH on port 22.

Question 98

Secure POP3

Answer 98

POP3 is used to receive email from an email server to a local email account.

• Downloaded files are removed from the email server (default).
• POP3 allows clear text authentication (port 110)
• Secure POP3 is an extension of POP3 that supports SSL/TLS for secure login (port 995)

Question 99

Secure IMAP

Answer 99

IMAP is used to receive email from an email server to a local email account.

• Downloaded files remain on the email server - important if you use multiple devices to access email.
• IMAP allows clear text authentication (port 143)
• Secure IMAP is an extension of IMAP that supports SSL/TLS for secure login (port 993)

Question 100

S/MIME

Answer 100

S/MIME is a protocol for sending digitally signed and encrypted emails.
- Encryption (confidentiality) and digital signature (integrity and non-repudiation)

Question 101

Server Virtualization

Answer 101

Server Virtualization allocates the resources of the host to guest server (virtual) computers.

• The physical host computer hardware has processor, memory, storage, and networking components. Specialized software dynamically allocates resources.
• Guest computers (virtual machines) act exactly as though they are physical machines each with independent operating systems, applications, and network connections.

Question 102

Hypervisors

Answer 102

Hypervisors are software or firmware components that can visualize systems resources.

Question 103

Type 1 Hypervisors

Answer 103

Type 1 (bare metal/native) hypervisors run directly on the system hardware. Direct access to hardware. No operating system to load as the hypervisor is the operating system.

Question 104

Type 2 Hypervisors

Answer 104

Type 2 Hypervisors run on a host operating system that provides virtualization services.

Question 105

Network Virtualization (NSX)

Answer 105

Network Virtualization (NSX) is the complete reproduction of physical network in software.

• Network virtualization presents logical networking devices and services (e.g. logical ports, switches, routers, firewalls, load balancers, VPNs).
• Virtual networks offer the sam features and guarantees of physical network with the operational benefits and hardware independence of virtualization.

Question 106

Desktop Virtualization (VDI)

Answer 106

Virtual Desktop Infrastructure (VDI) is virtualization technology that hosts a desktop operating system on a centralized server in a data center.

• Persistent VDI provides each user with his on her own desktop image.
• Nonpersistent VDI provides a pool of uniform desktops that users can access when needed.

Question 107

VM Sprawl

Answer 107

Virtualization Sprawl occurs when the number of virtual machines is out of control - potentially unmanaged, unnecessary, and not in compliance with licensing agreements.

Question 108

VM Scape

Answer 108

A virtual machine escape occurs when a virtual machine and the host operating system interact. This should never happen.