Domain 4 Communication and Network Security Flashcards

Question 1

Q

Which of the following allows communicating partners to prove their identity to each other and establish a secure communication channel, and it is applied as an authentication component of IPSec?

Question 2

Q

Which of the following is NOT a best practice when hardening systems or bastion hosts?

Answer

A

The correct answer is: Deploying a NIDS

While deploying a NIDS - Network Intrusion Detection System is a good idea, it isn’t targeted at hardening a single system, but rather an entire network so this would be the correct answer because it is not a standard way of hardening a host.

Question 3

Q

following answers is BEST described as a SAN standard for connecting data storage facilities to communicate over IP networks?

Answer

A

The correct answer is: iSCSI

By transmitting SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets. iSCSI data can be transmitted over the internet, WANs or LANs.

Unlike Fiber Channel that requires specific cabling, iSCSI just connects to your network and uses IP Addresses as the interconnect mechanism.

Question 4

Q

Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?

Answer

A

The correct answer is: Hub

Repeaters and hubs are devices that only operate at the physical layer of the OSI model.

Repeaters

A repeater provides the simplest type of connectivity, because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance. The device amplifies signals because signals attenuate the farther they have to travel.

Repeaters can also work as line conditioners by actually cleaning up the signals. This works much better when amplifying digital signals than when amplifying analog signals, because digital signals are discrete units, which makes extraction of background noise from them much easier for the amplifier. If the device is amplifying analog signals, any accompanying noise often is amplified as well, which may further distort the signal.
A hub is a multi-port repeater. A hub is often referred to as a concentrator because it is the physical communication device that allows several computers and devices to communicate with each other. A hub does not understand or work with IP or MAC addresses. When one system sends a signal to go to another system connected to it, the signal is broadcast to all the ports, and thus to all the systems connected to the concentrator.

Repeater
Image from: http://www.erg.abdn.ac.uk/~gorry/course/images/repeater.gif

Bridges

A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.

Bridge
Image from: http://www.oreillynet.com/network/2001/01/30/graphics/bridge.jpg

Routers

Routers are layer 3, or network layer, devices that are used to connect similar or different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary. Because routers have more network-level knowledge, they can perform higher-level functions, such as calculating the shortest and most economical path between the sending and receiving hosts.

Router and Switch
Image from: http://www.computer-networking-success.com/images/router-switch.jpg

Switches

Switches combine the functionality of a repeater and the functionality of a bridge. A switch amplifies the electrical signal, like a repeater, and has the built-in circuitry and intelligence of a bridge. It is a multi-port connection device that provides connections for individual computers or other hubs and switches.

Gateways

Gateway is a general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions.

Usually a gateway is needed when one environment speaks a different language, meaning it uses a certain protocol that the other environment does not understand. The gateway can translate Internetwork Packet Exchange (IPX) protocol packets to IP packets, accept mail from one type of mail server and format it so another type of mail server can accept and understand it, or connect and translate different data link technologies such as FDDI to Ethernet.

Question 5

Q

Which of the following answers would BEST defend against Layer 2 - ARP Poisoning attacks?

802.1X
VMPS - VLAN Membership Protocol Server
Switch port Security
Network Antivirus

Answer

A

1X
1X - Certificate Security helps control access to physical media by validating systems using digital certificates.

DISCUSSION:
Summary: Layer 2 communications are normally unauthenticated and therefore untrusted unless 802.1x is used.

Discussion: ARP is a completely unauthenticated protocol and presents a clear danger to the operation of a trusted network. It is therefore necessary to strengthen security at this level by adding certificate security to be sure you are connecting to the host you think you are.

ARP/Layer 2 communications are vulnerable to attack and spoofing and using 802.1X to provide certificate security to network communications will greatly enhance security at layer 2.

Mitigation:
There are other ways of locking down layer 2 like switchport security or VMPS (Deprecated) but since MAC addresses can be faked these security measures are not often in use.

Question 6

Q

Of the following answers which would NOT help defend against Session Hijack Attacks?

Using Telnet based applications
OpenSSH
IPSec
ArpWatch

Answer

A

Using Telnet based applications

Summary: Telnet, like FTP or SNMP are clear text protocols which pass credentials in a way that is easy to sniff. Avoid the use of these protocols and switch to secure alternatives or modern versions like SNMPv3 which supports encryption.

Telnet is an deprecated application that sends data in clear text unless you’re using network encryption protocols like IPSec.

Question 7

Q

Which of the following server contingency solutions offers the highest availability?

Answer

A

Load balancing/disk replication

Question 8

Q

Which of the following is not a security goal for remote access?

Answer

A

Automated login for remote users

Question 9

Q

Which of the following statement INCORRECTLY describes circuit switching technique?
Packet uses many different dynamic paths to get the same destination
Connection oriented virtual links
Fixed delays
Traffic travels in a predictable and constant manner

Answer

A

Packet uses many different dynamic paths to get the same destination.

Message Switching

Message switching is a network switching technique in which data is routed in its entirety from the source node to the destination node, one hope at a time.

Packet Switching

Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.

Circuit Switching

Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate.

Virtual circuit

In telecommunications and computer networks, a virtual circuit (VC), synonymous with virtual connection and virtual channel, is a connection oriented communication service that is delivered by means of packet mode communication.

Question 10

Q

In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?

Answer

A

Transport layer

PHYSICAL LAYER

The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:

Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:

    What signal state represents a binary 1
    How the receiving station knows when a "bit-time" starts
    How the receiving station delimits a frame

DATA LINK LAYER

The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:

Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.

NETWORK LAYER

The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:

Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to "throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.

Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.

This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).

In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.

TRANSPORT LAYER

The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.

The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery.

The transport layer provides:

Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to “back-off” when no message buffers are available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).

Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, prepending a header to each frame.

The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.

End-to-end layers
Unlike the lower “subnet” layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true “source to destination” or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.

SESSION LAYER

The session layer allows session establishment between processes running on different stations. It provides:

Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.

PRESENTATION LAYER

The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.

The presentation layer provides:

Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.

APPLICATION LAYER

The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:

    Resource sharing and device redirection
    Remote file access
    Remote printer access
    Inter-process communication
    Network management
    Directory services
    Electronic messaging (such as mail)
    Network virtual terminals

Question 11

Q

Which wireless encryption method uses the same key for both Encryption and Authentication?

Answer

A

WEP - Wired Equivalent Privacy

Question 12

Q

Which wireless encryption method uses the same key for encryption as it does for authentication of all wireless clients?

Question 13

Q

What kind of encryption is realized in the S/MIME-standard?

Answer

A

Public key based, hybrid encryption scheme

Question 14

Q

Category 5 Unshielded Twisted Pair cabling is a:

Answer

A

four-pair wire medium that is used in a variety of networks.

Question 15

Q

Which of the following is less likely to be used today in creating a Virtual Private Network?
 L2TP 
PPTP 
IPSec 
L2F

Answer

A

The correct answer is: L2F

It is a Protocol that supports the creation of secure virtual private dial-up networks over the Internet.

Cisco developed its own VPN protocol called Layer 2 Forwarding (L2F), which is a mutual authentication tunneling mechanism. However, L2F does not offer encryption. L2F was not widely deployed and was soon replaced by L2TP.

As their names suggest, both operate at layer 2. Both can encapsulate any LAN protocol.

Layer 2 Tunneling Protocol (L2TP) was derived by combining elements from both PPTP and L2F. L2TP creates a point-to-point tunnel between communication endpoints. It lacks a built-in encryption scheme, but it typically relies on IPSec as its security mechanism. L2TP also supports TACACS + and RADIUS. IPSec is commonly used as a security mechanism for L2TP.

At one point L2F was merged with PPTP to produce L2TP to be used on networks and not only on dial up links.

IPSec is now considered the best VPN solution for IP environments.

Question 16

Q

At which layer of ISO/OSI does the fiber optics work?

Answer

A

Physical layer

Question 17

Q

In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate?

Answer

A

Circuit switching

Question 18

Q

Which of the following is a term used to describe a system on which you have done hardening, that resides outside your internal network and is often used to host services like a DNS server or a Web server and is accessible to the open internet?
 Bastion Host 
An Intrusion Detection System 
An Intrusion Prevention System 
A Honeypot

Answer

A

Bastion Host
This is the correct answer. A bastion host resides outside your internal network and is often used to host services like a DNS server or a Web server and is accessible to the open internet?

At best it should be deployed, stabilized and updated then imaged to a data file so it can be easily restored if attacked and destroyed.

Question 19

Q

Routers

Question 20

Q

RIP (Routing Information Protocol)

Answer

A

Distance vector routing that uses hop count as its metric

Question 21

Q

BGP

Answer

A

Border Gateway Protocol
Routing protocol used on the internet
Path vector routing protocol

Question 22

Q

Which of the following OSI layers provides routing and related services?

Answer

A

Network Layer

Question 23

Q

Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

Answer

A

Peer Authentication

Question 24

Q

Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?

Question 25

Q

An Internet Protocol (IP) address contains information that aids in:

Answer

A

routing messages

Question 26

Q

Which two of the following technologies help protect web communications and promote a secure online environment?

Answer

A

TLS and SSL

Question 27

Q

Which of the following layer of an OSI model transmits and receives the bit stream as electrical, optical or radio signals over an appropriate medium or carrier?

Answer

A

Physical Layer

Question 28

Q

Which of the following functionality is NOT supported by SSL protocol?

Answer

A

Availability

Question 29

Q

How many bits is the address space reserved for the source IP address within an IPv6 header?

Answer

A

128

An IPV6 address is 128bits so the source address will have to take up that much space in the header (as will the destination address). The key is to distinguish between the size of an IPV6 address and the fact that the source and destination addresses are part of the packet header.

Question 30

Q

While no modern operating system is vulnerable to such attack, sending a fragmented PING packet exceeding the maximum size of 65,535 bytes once reassembled was once known as what?

Answer

A

PING of Death

Question 31

Q

In a session hijack scenario, why is it dangerous that an attacker could respond to clients queries before the legitimate server answered the client query?

Answer

A

The attacker could pretend to be the legitimate service

Question 32

Q

Which of the following is an IDS that acquires data and defines a “normal” usage profile for the network or host?

Answer

A

Statistical Anomaly-Based ID

Question 33

Q

Packet Filtering Firewalls can also enable access for:

Answer

A

only authorized application port or service numbers.

Question 34

Q

Which cable technology refers to the CAT3 and CAT5 categories?

Answer

A

Twisted Pair cables

Question 35

Q

Which of the following offers security to wireless communications?

Answer

A

Wireless Transport Layer Security (WTLS) is a communication protocol that allows wireless devices to send and receive encrypted information over the Internet. S-WAP is not defined. WSP (Wireless Session Protocol) and WDP (Wireless Datagram Protocol) are part of Wireless Access Protocol (WAP).

Question 36

Q

Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?

Answer

A

Mail services.

Question 37

Q

Communication products and services that ensure network components (devices, protocols, access methods) work together is referred to as:

Answer

A

Network Architecture.

Question 38

Q

Which of the following is less likely to be used today in creating a Virtual Private Network?

Answer

A

L2F
It is a Protocol that supports the creation of secure virtual private dial-up networks over the Internet.

Cisco developed its own VPN protocol called Layer 2 Forwarding (L2F), which is a mutual authentication tunneling mechanism. However, L2F does not offer encryption. L2F was not widely deployed and was soon replaced by L2TP.

Question 39

Q

A spoofing attack at layer 2 of the OSI model is also known as what?

Answer

A

MAC Spoofing

Question 40

Q

Which of the following statements CORRECTLY describes the difference between IPSec and SSH protocols?

Answer

A

IPSec works at the network layer where as SSH works at the application layer of an OSI Model

Question 41

Q

What is the main difference between a Smurf and a Fraggle attack?

Answer

A

A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.

Fraggle is an attack similar to Smurf, but instead of using ICMP, it uses UDP.

Question 42

Q

What type of attack involves IP spoofing, ICMP ECHO and a bounce site?

Answer

A

Smurf attack

A smurf attack occurs when an attacker sends a spoofed (IP spoofing) PING (ICMP ECHO) packet to the broadcast address of a large network (the bounce site). The modified packet containing the address of the target system, all devices on its local network respond with a ICMP REPLY to the target system, which is then saturated with those replies. An IP spoofing attack is used to convince a system that it is communication with a known entity that gives an intruder access. It involves modifying the source address of a packet for a trusted source’s address. A teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets. A SYN attack is when an attacker floods a system with connection requests but does not respond when the target system replies to those requests.

Question 43

Q

Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ?

Question 44

Q

Which of the following is the biggest concern with firewall security?

Answer

A

Complex configuration rules leading to misconfiguration

Question 45

Q

During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate?

Answer

A

The firewall should be tested online first to validate proper configuration.

As it is very clearly state in NIST SP 800-41-Rev1:
New firewalls should be tested and evaluated before deployment to ensure that they are working properly. Testing should be completed on a test network without connectivity to the production network. This test network should attempt to replicate the production network as faithfully as possible, including the network topology and network traffic that would travel through the firewall.

Question 46

Q

As described within your security policy, the CSO has implemented an e-mail package solution that ensures integrity of messages sent using the SMIME standard. Which of the options below BEST describes how it implements the enviroment to fulfill the policy´s requirement?

Answer

A

Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.

Question 47

Q

Which method of remote access was largely retired by Microsoft because it relies on LANMAN hashes, reuse of session keys and the use of an unauthenticated control channel?

Answer

A

PPTP

PPTP is the acronym for the Point to Point Tunneling Protocol. It is a VPN method that uses a TCP Control channel and a GRE tunnel to encapsulate PPP packets. PPTP is considered broken and therefore unsafe.

Microsoft and other companies in the mid 1990s led other vendors to develop PPP into PPTP to enable secure data transfer via a VPN. PPTP was found to have weaknesses like those mentioned in the question.

Question 48

Q

Like an intranet, an extranet is a private network that uses which of the following?

Answer

A

Internet protocols.

Question 49

Q

Low-cost Internet products, including Web browsers, can be utilized by intranets due to which of the following?

Answer

A

Intranets use TCP/IP and HTTP standards.

Question 50

Q

Why is Network File System (NFS) used?

Answer

A

It enables two different types of file systems to interoperate.

Network File System (NFS) is a TCP/IP client/server application developed by Sun that enables different types of file systems to interoperate regardless of operating system or network architecture.

Question 51

Q

Which answer BEST describes the name of the file system used on most Microsoft Windows Computers and supports encryption and offers file-level security?

Question 52

Q

In which of the following media access technology nodes attempt to avoid collisions by transmitting only when the channel is sensed to be “idle”?

Answer

A

CSMA/CA
Carrier sense multiple access with collision avoidance (CSMA/CA) in computer networking, is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be “idle”.When they do transmit, nodes transmit their packet data in its entirety.

CSMA/CD - Carrier sense means that a transmitter uses feedback from a receiver to determine whether another transmission is in progress before initiating a transmission. That is, it tries to detect the presence of a carrier wave from another station before attempting to transmit. If a carrier is sensed, the station waits for the transmission in progress to finish before initiating its own transmission. In other words, CSMA is based on the principle “sense before transmit” or “listen before talk”.
Token Ring - Token ring local area network (LAN) technology is a protocol which resides at the data link layer (DLL) of the OSI model. It used a special three-byte frame called a token that travels around the ring. Token-possession grants the possessor permission to transmit on the medium. Token ring frames travel completely around the loop.
FDDI - Fiber Distributed Data Interface (FDDI) technology, developed by the American National Standards Institute (ANSI), is a high-speed, token-passing, media access technology. FDDI has a data transmission speed of up to 100 Mbps and is usually used as a backbone network using fiber-optic cabling. FDDI also provides fault tolerance by offering a second counter-rotating fiber ring. The primary ring has data traveling clock- wise and is used for regular data transmission. The second ring transmits data in a counterclockwise fashion and is invoked only if the primary ring goes down.

Question 53

Q

How many hosts are IP addresses available on a subnet with a mask of 255.255.255.192?

Answer

A

62 - See subnetting notes below

The most simple way to quickly figure this is:
1. Take the number of hosts you must accommodate and round up to the next possible net block.
Example: If you have 48 hosts, you must round up to a net block of 64 addresses with a subnet mask of 255.255.255.192.

11111111.11111111.11111111.11000000 Blue numbers = Network ID, red = host ID.

To figure your network IDs subtract your mask number from 256. This will give you your net blocks to work with:
- 256 - 192 = 64 (Minus 2 for network ID and broadcast addresses)
- This gives us the network blocks to subnet with.
Your network blocks would be as such:
0, 64, 128, 192.

Question 54

Q

Which of the following is a basic way to defend against ARP Poisoning?

Answer

A

Static ARP Entries

Question 55

Q

What is the proper term to refer to a single unit of Ethernet data at the link layer of the DoD TCP model ?

Answer

A

Ethernet Frame.

Question 56

Q

Which protocol makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank?

Answer

A

SET (Secure Electronic Transaction)

Question 57

Q

An Intrusion Detection System (IDS) is what type of control?

Answer

A

A detective control.

Question 58

Q

Frame relay uses a public switched network to provide:

Answer

A

Wide Area Network (WAN) connectivity.

Question 59

Q

Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?

Answer

A

Data link

Question 60

Q

Which of the following statements pertaining to packet filtering is incorrect?

Answer

A

It keeps track of the state of a connection.

Packet filtering is used in the first generation of firewalls and does not keep track of the state of a connection. Stateful packet filtering does.

Question 61

Q

Which remote access technology providing confidentiality, integrity and non-repudiation is BEST described by the following?

Allows for geographically separated networks to appear as one local network
Data is encapsulated into another packet for transmission across the internet
Network resources appear local as if they were in the same room
Remote users can work as if they were on the LAN with other users

Question 62

Q

When sniffing on a switched network and you are only seeing broadcast packets or traffic to and from your own computer, what is a way to ‘see’ all traffic passing on the switch?

Answer

A

Perform an ARP spoofing attack

The principle of ARP spoofing is to send fake, or spoofed, ARP messages onto a LAN. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host (such as the default gateway).

This might cause th switch to act like a hub permitting you to ‘see’ all network traffic.

Question 63

Q

Which one of the following is usually not a benefit resulting from the use of firewalls?

Answer

A

prevents the spread of viruses.

Question 64

Q

Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?

Answer

A

Tunnel mode

Answer 58

A

ISDN, ARP, IP, TCP, NetBIOS, MP3 and HTTP.

Answer 59

A

Smurf Attack

Answer 60

A

Encrypted Traffic

Answer 61

A

TCP

If the protocol field has a value of 6 then it would indicate it was TCP.

DISCUSSION:
An IP Header contains various fields as shown in the image.
One of which is the Protocol field and it’s 8 bits long.
These values tell the receiving station how to process the packet.

Common IP Header Protocol field values are:
ICMP=1
IGMP=2
TCP= 6
UDP=17

Answer 62

A

HTTPS - 443
Netbios - 137 - 139
Kerberos - 88
LDAP -   389
LDAP over SSL (LDAPS) - 636

20,21 - FTP, File Transfer Protocol
22 - ssh, secure shell
23 - Telnet
25 - SMTP, Simple Mail Transport Protocol
53 - DNS
69 - TFTP, Trivial File Transfer Protocol
80 - HTTP, HyperText Transfer Protocol
110 - POP3, Post Office Protocol (version 3)
119 - NNTP, Network News Transport Protocol
124 - NTP, Network Time Protocol
143 - MAP, Internet Message Access Protocol (version 4)
161 - SNMP, Simple Network Management Protocol
3389 - RDP, Remote Desktop Protocol
6000- X-Windows

Answer 63

A

Bootstrap Protocol (BootP).

Answer 64

A

Confidentiality

AH provides integrity, authentication, and non-repudiation. AH does not provide encryption which means that NO confidentiality is in place if only AH is being used. You must make use of the Encasulating Security Payload if you wish to get confidentiality.

IPSec uses two basic security protocols: Authentication Header (AH) and Encapsulation Security Payload.

AH is the authenticating protocol and the ESP is the authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality and message integrity.

Answer 65

A

Tunnel mode of operation is required

Transport mode is established when the endpoint is a host. If the gateway in a gateway-to-host communication was to use transport mode, it would act as a host system, which is acceptable for direct protocols to that gateway. Otherwise, TUNNEL mode is required for gateway services… This is the most common mode of operation and is required for gateway-to-gateway and host-to-gateway communications.

Answer 66

A

PPP

The Point-to-Point Protocol (PPP) was designed to support multiple network types over the same serial link, just as Ethernet supports multiple network types over the same LAN. PPP replaces the earlier Serial Line Internet Protocol (SLIP) that only supports IP over a serial link. PPTP is a tunneling protocol.

Answer 67

A

SNMP V3

Although SNMPv3 makes no changes to the protocol aside from the addition of cryptographic security, it looks much different due to new textual conventions, concepts, and terminology. SNMPv3 primarily added security and remote configuration enhancements to SNMP.

Answer 68

A

A security association (SA) is a relationship between two or more entities that describes how the entities will use security services to communicate securely.

In phase 1 of this process, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase.

In phase 2 IKE negotiates the IPSec security associations and generates the required key material for IPSec. The sender offers one or more transform sets that are used to specify an allowed combination of transforms with their respective settings.

Answer 69

A

client authentication.
Secure shell (SSH) was designed as an alternative to some of the insecure protocols and allows users to securely access resources on remote computers over an encrypted tunnel.  The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network.  The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol.

Answer 70

A

SMTP (Simple Mail Transfer Protocol) works as a message transfer agent.

Answer 71

A

IP address.

Answer 72

A

The Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications.

Answer 73

A

Static Keys

Uses AES Encryption: this is a feature of WPA2.

Personal and Enterprise Version: this is a feature of WPA2.
Full IEEE 802.1i standard: this is a feature of WPA2.

Answer 74

A

local loop

Answer 75

A

PAP (Password Authentication Protocol)

is a very weak authentication protocol. It sends the username and password in cleartext.

Answer 76

A

CHAP (Challenge-Handshake Authentication Protocol)

secure authentication protocol that does not expose the cleartext password, and is not susceptible to replay attacks. CHAP relies on a shared secret: the password.

Answer 77

A

802.1X is “Port Based Network Access Control,” and includes EAP (Extensible Authentication Protocol).

EAP is an authentication framework that describes many specific authentication protocols. EAP is designed to provide authentication at Layer 2 (it is “port based,” like ports on a switch), before a node receives an IP address. It is available for both wired and wireless, but is more commonly deployed on WLANs. The major 802.1X roles are: • Supplicant: An 802.1X client • Authentication Server (AS): a server that authenticates a supplicant • Authenticator: a device such as an access point that allows a supplicant to authenticate and connect

Answer 78

A

PPP (Point-to-Point Protocol) is a Layer 2 protocol that has largely replaced SLIP (Serial Line Internet Protocol)

PPP is based on HDLC (discussed previously), and adds confidentiality, integrity, and authentication via point-to-point links.

Answer 79

A

L2TP (Layer 2 Tunneling Protocol) combines PPTP and L2F (Layer 2 Forwarding, designed to tunnel PPP). L2TP focuses on authentication and does not provide confidentiality: it is frequently used with IPsec to provide encryption. Unlike PPTP, L2TP can also be used on non-IP networks, such as ATM.

Answer 80

A

IPsec has three architectures: host-to-gateway, gateway-to-gateway, and host-to-host. Host-to-gateway mode (also called client mode) is used to connect one system that runs IPsec client software to an IPsec gateway. Gateway-to-gateway (also called point-to-point) connects two IPsec gateways, which form an IPsec connection that acts as a shared routable network connection, like a T1. Finally, host-to-host mode connects two systems (such as file servers) to each other via IPsec. Many modern operating systems, such as Windows 10 or Ubuntu Linux, can run IPsec natively, allowing them to form host-to-gateway or host-to-host connections.

Answer 81

A

Tunnel and Transport mode

Tunnel - IP headers and data protected

Transport - data protected

Answer 82

A

use a series of distributed caching servers to improve performance and lower the latency of downloaded online content. They automatically determine the servers closest to end users, so users download content from the fastest and closest servers on the Internet. Examples include Akamai, Amazon CloudFront, CloudFlare and Microsoft Azure.

Answer 83

A

MAC Address

Answer 84

A

Normal Response Mode (NRM)

Answer 85

A

Frame Relay

Answer 86

A

Application Layer Proxy Firewall

Answer 87

A

Tunneling

Answer 88

A

LAND attack

A LAND - Local Area Network Denial attack is simply a series of packets sent to the target where the source and destination IP Addresses are the same as the victim.

Answer 89

A

Examples of which attacks a firewall cannot mitigate:

Reverse-Engineering HTTP Cookies
URL Interpretation attacks
User Input validation attacks
SQL query poisoning

Brainscape's Knowledge GenomeTM

Domain 4 Communication and Network Security Flashcards

Brainscape's Knowledge Genome^TM