Domain 4 Flashcards

1
Q

OSI Model

A

7 layers APSTNDP

  1. Application
  2. Presentation
  3. Session
  4. Transport
  5. Network
  6. Data link
  7. Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Layer 7 Protocols

A

Application

SSH, HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S RPC, and SET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Layer 6 Protocols

A

Presentation

Encryption protocols and format types, such as ASCII, EBCDICM, TIFF, JPEG, MPEG, MIDI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Layer 5 Protocols

A

Session

SMB, RPC, NFS, and SQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Layer 4 Protocols

A

Transport

SPX, SSL, TLS, TCP, and UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Layer 3 Protocols

A

Network

ICMP, RIP, OSPF, BGP, IGMP, IP, IPSec, IPX, NAT, and SKIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Layer 2 Protocols

A

Data link

ARP, SLIP, PPP, L2F, L2TP, PPTP, FDDI, ISDN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Layer 1 Protocols

A

Physical

EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET, V.24, V.35, 802.15 Bluetooth, 802.11 Wifi, and Ethernet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Port TCP 20/21

A

File Transfer Protocol (FTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Port TCP 22

A

Secure Shell (SSH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Port TCP 23

A

Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Port TCP 25

A

Simple Mail Transfer Protocol (SMTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Port TCP/UDP 53

A

Domain Name System (DNS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Port UDP 67/68

A

Dynamic Host Configuration Protocol (DHCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Port UDP 69

A

Trivial File Transfer Protocol (TFTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Port TCP 80

A

Hypertext Transfer Protocol (HTTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Port TCP 110

A

Post Office Protocol (POP3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Port UDP 123

A

Network Time Protocol (NTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Port TCP/UDP 137/138/139

A

NetBIOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Port TCP 143

A

Internet Message Access Protocol (IMAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Port TCP/UDP 161/162

A

Simple Network Mgmt Protocol (SNMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Port TCP 179

A

Border Gateway Protocol (BGP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Port TCP/UDP 389

A

Lightweight Directory Access Protocol (LDAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Port TCP 443

A

HTTP over SSL/TLS (HTTPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Port TCP/UDP 636

A

LDAP over TLS/SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Port TCP 989/990

A

FTP over TLS/SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

TCP/IP Stack

A

ATINA

Application
Transport
Internet
Network Access (Link)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

OSI/TCP/UDP components

A

DSPFB

Data
Segments
Packets
Frames
Bytes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

TCP Characteristics

A

1 Connection oriented
2 Byte stream
3 No support for multicasting/broadcasting
4 Supports full duplex transmission
5 Reliable service of data transmission
6 TCP packet is called a segment
7 Provides error detection and flow control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

UDP Characteristics

A

1 Connection less protocol
2 Message stream
3 Supports multicasting/broadcasting
4 No support for full duplex transmission
5 Unreliable service of data transmission
6 UDP packet is called a datagram
7 No support for error detection and flow control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

UTP

A

Unshielded Twisted Pair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
Cat 5
Cat 5e
Cat 6
Cat 6e
Fiber optic
A
100BaseT, 100 Mbps, 100m max length
1000BaseT, 1 Gbps, 100m max length
10 Gbps, 100m max length
10 Gbps, 100m max length
up to 2+ Gbps, 2+ kilometers max length
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Star Topology

A

Employs a centralized connection device.

Can be a simple hub or switch.

Each system is connected to the central hub by a dedicated segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Mesh Topology

A

Connects systems to all other systems using numerous paths.

A partial mesh topology connects many
systems to many other systems.

Provides redundant connections to
systems, allowing multiple segment failures without seriously affecting connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Ring Topology

A

Connects each system as points on a circle.

The connection medium acts as a
unidirectional transmission loop.

Only one system can transmit data at a
time. Traffic management is performed
by a token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Bus Topology

A

Connects each system to a trunk or backbone cable.

All systems on the bus can transmit
data simultaneously, which can result in
collisions.

A collision occurs when two systems
transmit data at the same time; the signals interfere with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Synchronous Timing

A

Example: networking

Communications rely on a timing or clocking mechanism based on either
an independent clock or a time stamp embedded in the data stream.

Are typically able to support very high rates of data transfer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Asynchronous Timing

A

Example: example: public switched telephone network (PSTN) modems

Communications rely on a stop and start delimiter bit to manage the transmission of data.

Best suited for smaller amounts of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Baseband

A

Example: ethernet

can support only a single communication channel.

it uses a direct current applied to the cable. A current that is at a higher level
represents the binary signal of 1, and a lower level is binary signal of 0 is a form of digital signal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Broadband

A

can support multiple simultaneous signals. uses frequency modulation to support
numerous channels.

each supporting a distinct communication session. suitable for high throughput
rates, especially when several channels are multiplexed.

is a form of analog signal.
TV, cable modem, ISDN, DSL, T1, T3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Broadcast

A

technology supports communications to all

possible recipients.

42
Q

Multicast

A

technology supports communications to

multiple specific recipients.

43
Q

Unicast

A

technology supports only a single communication to a specific recipient.

44
Q

Carrier Sense Multiple Access Collision Avoidance (CSMA/CA)

A

attempts to avoid collisions by granting only a single permission to communicate at any given time.

802.11 WIFI

effective before a collision

45
Q

Carrier Sense Multiple Access Collision Detection (CSMA/CD)

A

responds to collisions by having each member of the collision domain wait
for a short but random period of time before starting the process over.

802.3 Ethernet (token ring)

effective after a collision

46
Q

Token Passing

A

Performs communications using a
digital token. Once its transmission is complete, it releases the token to the next system.

prevents collisions in ring networks

47
Q

Polling

A

Performs communications using a
master slave configuration . The primary system polls each secondary system in turn whether they have a need to transmit data.

48
Q

Intranet

A

a private network that is designed to host the same information services found on the Internet

49
Q

Extranet

A

a section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to the public Internet

50
Q

DMZ

A

demilitarized zone

an extranet for public consumption is typically labeled a demilitarized zone ( or
perimeter network

51
Q

Bluetooth

A

Bluetooth, or IEEE 802.15, personal area
networks (PANs) are another area of
wireless security concern.

Connects headsets for cell phones, mice,
keyboards, GPS, and other devices

Connections are set up using pairing, where primary device scans the 2.4 GHz radio frequencies for available devices

Pairing uses a 4 digit code (often 0000) to reduce accidental pairings but is not actually secure.

52
Q

Bluejacking

A

annoyance

Think of it as a high tech version of ding dong ditch, where savvy pranksters push unsolicited messages to engage or annoy other nearby Bluetooth users by taking advantage of a loophole in the technology’s messaging options.

53
Q

Bluesnarfing

A

data theft

With bluesnarfing , thieves wirelessly connect to some early Bluetooth enabled mobile devices without the owner’s knowledge to download and/or alter phonebooks, calendars or worse.

54
Q

Bluebugging

A

remote control

An attack that grants hackers remote control over the feature and functions of a Bluetooth device. This could include the ability to turn on the microphone to use the phone as an audio bug.

55
Q

802.11

A

WIFI

Defines WEP

56
Q

WIFI Speeds and Frequencies

  1. 11
  2. 11a
  3. 11b
  4. 11g
  5. 11n
  6. 11ac
A
  1. 11 - 2 Mbps - 2.4 GHz
  2. 11a - 54 Mbps - 5 GHz
  3. 11b - 11 Mbps - 2.4 GHz
  4. 11g - 54 Mbps - 2.4 GHz
  5. 11n - 200+ Mbps - 2.4 GHz
  6. 11ac - 1 Gbps - 5 GHz
57
Q

TKIP

A

Temporal Key Integrity Protocol

was designed as the replacement for WEP
without the need to replace legacy hardware

implemented into 802.11 wireless networking under the name WPA (Wi Fi Protected Access).

58
Q

CCMP

A

Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol

created to replace WEP and TKIP/WPA

uses AES (Advanced Encryption Standard)
with a 128 bit key

used with WPA2, which replaced WEP and WPA

59
Q

WPA2

A

a new encryption scheme known as the
Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP)

CCMP is based on the AES encryption scheme

60
Q

Fibre Channel

A

a form of network data storage solution (i.e., SAN (storage
area network) or NAS (network attached storage)) that
allows for high speed file transfers.

61
Q

FCoE

A

Fibre Channel over Ethernet is used to encapsulate Fibre Channel communications over Ethernet networks.

62
Q

iSCSI

A

iSCSI (Internet Small Computer System
Interface) is a networking storage standard
based on IP.

63
Q

Site Survey

A

The process of investigating the presence,
strength, and reach of wireless access
points deployed in an environment.

64
Q

LEAP

A

to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard.

65
Q

PEAP

A

Protected Extensible Authentication Protocol

encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption.

66
Q

EAP

A

Extensible Authentication Protocol

technologies to be compatible with existing wireless or point to point connection technologies

67
Q

MAC Filtering

A

a list of authorized wireless client interface
MAC addresses

used by a wireless access point to block
access to all nonauthorized devices.

68
Q

Captive Portals

A

an authentication technique that redirects a newly connected wireless web client to a portal access control page.

Like hotel WIFI

69
Q

Antenna Types

A
monopole
panel
dipole
loop
cantenna
yagi
parabolic
70
Q

Firewalls

A

Firewalls are essential tools in managing and controlling network traffic. A firewall is a network device used to filter traffic.

71
Q

Switch

A

Layer 2 device

repeats traffic only out of the port on which the destination is known to exist. Switches offer greater efficiency for traffic delivery, create separate collision domains, and improve the overall throughput of data.

72
Q

Routers

A

Layer 3 device

used to control traffic flow on networks and are often used to connect similar
networks and control traffic flow between the two. They can function using statically
defined routing tables, or they can employ a dynamic routing system.

73
Q

Gateways

A

Layer 3 device

a gateway connects networks that are using different network protocols. also known as protocol translators, can be stand alone hardware devices or a software service.

74
Q

Repeaters, Concentrators, Amplifiers

A

Layer 1 device

used to strengthen the communication signal over a cable segment as well as
connect network segments that use the same protocol.

75
Q

Bridges

A

Layer 2 device

used to connect two networks (even networks of different topologies, cabling types, and speeds) in order to connect network segments that use the same protocol.

76
Q

Hubs

A

Layer 1 device

Hubs were used to connect multiple systems and connect network segments that use the same protocol. A hub is a multiport repeater. Hubs operate at OSI layer 1.

77
Q

LAN Extenders

A

a remote access, multilayer switch used to connect distant networks over WAN links.

78
Q

Private Circuit Technologies

A

use dedicated physical circuits

— dedicated or leased lines
— PPP (point to point protocol
— SLIP (serial line internet protocol)
— ISDN (integrated services digital network)
— DSL (digital subscriber line)
79
Q

Packet-switching Technologies

A

use virtual circuits (efficient and cost effective)

— X.25, Frame Relay
— Asynchronous transfer mode (ATM),
— Synchronous Data Link Control (SDLC)
— High Level Data Link Control (HDLC)

80
Q

Static Packet-Filtering Firewalls

A

filters traffic by examining data from a message header.

81
Q

Application-Level Gateway Firewalls

A

a mechanism that copies packets from one network into another; and changes the source and destination addresses to protect identity of internal or private network.

82
Q

Circuit-Level Gateway Firewalls

A

used to establish communication sessions between trusted partners. They operate at the Session layer (layer 5) of the OSI model.

83
Q

Stateful Inspection Firewalls

A

evaluate the state or the context of network traffic.

84
Q

Deep Packet Inspection Firewalls

A

a filtering mechanism that operates typically at the application layer in order to filter the payload contents of a communication rather than only on the header values.

85
Q

Next-Gen Firewalls

A

a multifunction device (MFD) composed of several security features in addition to a firewall; such as an IDS, IPS, a TLS/SSL proxy, web filtering, QoS mgmt , bandwidth throttling, NAT, VPN anchoring, and antivirus

86
Q

Stateless (firewall state)

A

Watch network traffic and restrict or block packets based on source and destination addresses or other static values.

Not ‘aware’ of traffic patterns or data
flows.

Typically, faster and perform better under heavier traffic
loads.

87
Q

Stateful (firewall state)

A

Can watch traffic streams from end to end.

Are aware of communication paths and can implement various IP security functions such as tunnels and encryption.

Better at identifying unauthorized and forged communications.

88
Q

IDS

A

Intrusion Detection System

analyzes whole packets, both header and
payload, looking for known events. When a known event is detected, a log message is generated.

89
Q

IPS

A

Intrusion Prevention System

analyzes whole packets, both header and
payload, looking for known events. When a known event is detected, packet is rejected

90
Q

Behavior Based IDS

A

can detect previously unknown attack methods

creates a baseline of activity to identify
normal behavior and then measures system performance against the baseline to detect abnormal behavior.

91
Q

Knowledge Based IDS

A

only effective against known attack methods

uses signatures similar to the signature
definitions used by anti-malware software.

92
Q

Bastion Host

A

computer or appliance that is exposed on the Internet and has been hardened by removing all unnecessary elements, such as services, programs, protocols, and ports.

93
Q

Screened Host

A

is a firewall protected system logically positioned just inside a private network.

Most secure

94
Q

Screened Subnet

A

similar to the screened host in concept, except a subnet is placed between two routers or firewalls and the bastion
host(s) is located within that subnet.

95
Q

Proxy Server

A

A proxy server functions on behalf of the client requesting service, masking the true origin of the request to the resource.

96
Q

Honeypot

A

Lure bad people into doing bad things. Lets you watch them.

Only ENTICE, not ENTRAP. you are not allowed to let them download items with “Enticement”.

For example, allowing download of a fake
payroll file would be entrapment.

Goal is to distract from real assets and isolate in a padded cell until you can track them down.

97
Q

Teardrop attack

A

is a denial of service (DoS) attack that involves sending fragmented packets
to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.

98
Q

Fraggle attack

A

is a denial of service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router’s broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic using a 3rd party network rather than UDP traffic to achieve the same goal.

99
Q

Land attack

A

is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and
destination information of a TCP segment to be the same. A vulnerable machine will
crash or freeze due to the packet being repeatedly processed by the TCP stack

100
Q

SYN Flood attack

A

is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server
resources to make the system unresponsive to legitimate traffic.

101
Q

Ping of Death attack

A

Employs an oversized ping packet. Max allowed ping packet size is 65,536 bytes. Ping of death sends package 65,537 bytes or larger.

102
Q

TCP 3-way handshake

A
  1. SYN 2. SYN-ACK 3. ACK

a process used in a TCP/IP network to make a connection between the server and client