Domain 4: Communication and Network Security

Question 1

Protocol

Answer 1

A protocol is a set of rules that dictates how computers communicate over networks.

Question 2

Application layer

Answer 2

Application layer

Layer 7

Contains services and protocols required by the user’s applications for networking functionality.

Question 3

Presentation layer

Answer 3

Presentation layer

Layer 6

Formats data into a standardized format and deals with the syntax of the data, not the meaning.

Question 4

Session layer

Answer 4

Session layer

Layer 5

Sets up, maintains, and breaks down the session (dialog) between two applications. It controls the session organization and synchronization.

Question 5

Transport layer

Answer 5

Transport layer

Layer 4

Provides end-to-end transmissions.

Question 6

Network layer

Answer 6

Network layer

Layer 3

Provides routing, addressing, and fragmentation of packets. This layer can determine alternative routes to avoid network congestion.

Question 7

What layer do routers work at?

Answer 7

Routers work at the network layer, layer 3.

Question 8

Data Link layer

Answer 8

Data link layer

Layer 2

Prepares data for the network medium by framing it.

This is where the different LAN and WAN technologies work.

Question 9

Physical layer

Answer 9

Physical layer

Layer 1

Provides physical connections for transmission and performs the electrical encoding of data.

This layer transforms bits to electrical signals.

Question 10

TCP/IP

Answer 10

TCP/IP is a suite of protocols that is the de facto standard for transmitting data across the Internet.

• TCP is a reliable, connection-oriented protocol
• IP is an unreliable, connectionless protocol

Question 11

Encapsulation

Answer 11

Data is encapsulated as it travels down the network stack on the source computer, and the process is reversed on the destination computer.

During encapsulation, each layer adds its own information so the corresponding layer on the destination computer knows how to process the data.

Question 12

Transport layer protocols

Answer 12

TCP and UDP

Question 13

UDP

Answer 13

UDP is a connectionless protocol that does not send or receive acknowledgments when a datagram is received.

It does not ensure data arrives at its destination. It provides “ best-effort ” delivery.

Question 14

TCP

Answer 14

TCP is a connection-oriented protocol that sends and receives acknowledgments. It ensures data arrives at the destination.

Question 15

ARP vs. RARP

Answer 15

• ARP translates the IP address into a MAC address (physical Ethernet address)
• RARP translates a MAC address into an IP address.

Question 16

ICMP

Answer 16

ICMP works at the network layer and informs hosts, routers, and devices of network or computer problems.

It is the major component of the ping utility.

Question 17

DNS

Answer 17

DNS resolves hostnames into IP addresses and has distributed databases all over the Internet to provide name resolution.

Question 18

ARP poisoning

Answer 18

Altering an ARP table so an IP address is mapped to a different MAC address

ARP poisoning can redirect traffic to an attacker’s computer or an unattended system.

Question 19

Packet filtering

Answer 19

Packet filtering (screening routers) is accomplished by ACLs and is a first-generation firewall.

Traffic can be filtered by addresses, ports, and protocol types.

Question 20

Tunneling protocol

Answer 20

Tunneling protocols move frames from one network to another by placing them inside of routable encapsulated frames.

Question 21

Packet filtering advantages and disadvantages

Answer 21

• Advantages
  
  • Provides application independence
  • High performance
  • Scalability
• Disadvantages
  
  • Provides low security
  • No protection above the network layer

Question 22

How do you bypass a dual-homed firewall?

Answer 22

Dual-homed firewalls can be bypassed if the operating system does not have packet forwarding or routing disabled.

Question 23

How do firewalls with proxies work?

Answer 23

Firewalls that use proxies transfer an isolated copy of each approved packet from one network to another network.

Question 24

Application proxy

Answer 24

An application proxy requires a proxy for each approved service and can understand and make access decisions on the protocols used and the commands within those protocols.

Question 25

Circuit-level firewall

Answer 25

Circuit-level firewalls also use proxies but at a lower layer. Circuit-level firewalls do not look as deep within the packet as application proxies do.

Question 26

Proxy firewall

Answer 26

A proxy firewall is the middleman in communication. It does not allow anyone to connect directly to a protected host within the internal network.

Proxy firewalls are second-generation firewalls.

Question 27

Application proxy firewall advantages and disadvantages

Answer 27

• Advantages
  
  • Provide high security
  • Full application-layer awareness
• Disadvantages
  
  • Poor performance
  • Limited application support
  • Poor scalability

Question 28

Stateful inspection

Answer 28

Stateful inspection keeps track of each communication session. It must maintain a state table that contains data about each connection.

It is a third-generation firewall.

Question 29

What tunneling protocols can VPN use?

Answer 29

• PPTP
• L2TP
• TLS
• IPSec

Question 30

PPTP vs. IPSec

Answer 30

PPTP works at the data link layer and can only handle one connection.

IPSec works at the network layer and can handle multiple tunnels at the same time.

Question 31

Dedicated links

Answer 31

• WAN
• Usually the most expensive type of WAN connectivity method
• Fee is based on the distance between the two destinations rather than on the amount of bandwidth used.
• T1 and T3 are examples of dedicated links.

Question 32

What are the packet-switched WAN technologies?

Answer 32

• Frame relay
• X.25

They use virtual circuits instead of dedicated ones.

Question 33

How does a switch behave in a star topology?

Answer 33

A switch in star topologies serves as the central meeting place for all cables from computers and devices.

Question 34

Switch

Answer 34

A switch is a device with combined repeater and bridge technology.

It works at the data link layer and understands MAC addresses.

Question 35

Router

Answer 35

Routers link two or more network segments, where each segment can function as an independent network.

• Works at the network layer
• Works with IP addresses
• Has more network knowledge than bridges, switches, or repeaters

Question 36

Bridge vs. Router

Answer 36

A bridge filters by MAC addresses and forwards broadcast traffic.

A router filters by IP addresses and does not forward broadcast traffic.

Question 37

Layer 3 switch

Answer 37

Layer 3 switching combines switching and routing technology.

Question 38

Attenuation

Answer 38

Attenuation is the loss of signal strength when a cable exceeds its maximum length.

Question 39

STP & UTP

Answer 39

STP and UTP are twisted-pair cabling types that are the most popular, cheapest, and easiest to work with.

However, they are the easiest to tap into, have crosstalk issues, and are vulnerable to EMI and RFI.

Question 40

Fiberoptic cable

Answer 40

• Carries data as light waves
• Expensive
• Can transmit data at high speeds
• Difficult to tap into
• Resistant to EMI and RFI.

If security is extremely important, fiber-optic cabling should be used.

Question 41

ATM

Answer 41

• WAN technology
• Transfers data in fixed cells
• Transmits data at very high rates
• Supports voice, data, and video applications

Question 42

FDDI

Answer 42

• LAN and MAN technology
• Usually used for backbones
• Uses token-passing technology
• Has redundant rings in case the primary ring goes down

Question 43

Token Ring

Answer 43

Token Ring, 802.5, is an older LAN implementation that uses a token-passing technology.

Question 44

CSMA/CD

Answer 44

Ethernet uses CSMA/CD, which means all computers compete for the shared network cable, listen to learn when they can transmit data, and are susceptible to data collisions.

Question 45

Circuit-switching vs. Packet-switching

Answer 45

Circuit-switching technologies set up a circuit that will be used during a data transmission session.

Packet-switching technologies do not set up circuits — instead, packets can travel along many different routes to arrive at the same destination.

Question 46

ISDN

Answer 46

ISDN has a BRI (Basic Rate Interface) rate that uses two B channels and one D channel, and a PRI (Primary Rate Interface) rate that uses up to 23 B channels and one D channel.

They support voice, data, and video.

Question 47

PPP

Answer 47

PPP (Point-to-Point Protocol) is an encapsulation protocol for telecommunication connections.

It replaced SLIP and is ideal for connecting different types of devices over serial lines.

Question 48

PAP vs. CHAP

Answer 48

PAP (Password Authentication Protocol) sends credentials in cleartext

CHAP (Challenge Handshake Authentication Protocol) authenticates using a challenge/response mechanism and therefore does not send passwords over the network.

Question 49

SOCKS

Answer 49

SOCKS is a proxy-based firewall solution.

It is a circuit-based proxy firewall and does not use application-based proxies.

Question 50

IPSec tunnel mode vs. IPSec transport mode

Answer 50

IPSec tunnel mode protects the payload and header information of a packet, while IPSec transport mode protects only the payload.

Question 51

Screens

Answer 51

A screened-host firewall lies between the perimeter router and the LAN, and a screened subnet is a DMZ created by two physical firewalls.

Question 52

NAT

Answer 52

NAT is used when companies do not want systems to know internal hosts ’ addresses, and it enables companies to use private, nonroutable IP addresses.

Question 53

802.15

Answer 53

The 802.15 standard outlines wireless personal area network (WPAN) technologies.

Question 54

WLAN segmentation

Answer 54

Environments can be segmented into different WLANs by using different SSIDs.

Question 55

802.11b vs. 802.11a

Answer 55

802. 11b works in the 2.4-GHz range at 11 Mbps
803. 11a works in the 5-GHz range at 54 Mbps

Question 56

IPv4 vs. IPv6

Answer 56

IPv4 uses 32 bits for its addresses, whereas IPv6 uses 128 bits; thus, IPv6 provides more possible addresses with which to work.

Question 57

Subnetting

Answer 57

Subnetting allows large IP ranges to be divided into smaller, logical, and easier-to-maintain network segments.

Question 58

SIP

Answer 58

SIP (Session Initiation Protocol) is a signaling protocol widely used for VoIP communications sessions.

Question 59

Open relay

Answer 59

Open relay is an SMTP server that is configured in such a way that it can transmit e-mail messages from any source to any destination.

Question 60

SNMP

Answer 60

SNMP uses agents and managers.

Agents collect and maintain device-oriented data, which is held in management information bases.

Managers poll the agents using community string values for authentication purposes.

Question 61

Multiplexing (3 types)

Answer 61

• Statistical time division
• Frequency division
• Wave division.

Question 62

RTP

Answer 62

Real-time Transport Protocol (RTP) provides a standardized packet format for delivering audio and video over IP networks.

It works with RTP Control Protocol, which provides out-of-band statistics and control information to provide feedback on QoS levels.

Question 63

802.1A_

Answer 63

• 802.1AR provides a unique ID for a device.
• 802.1AE provides data encryption, integrity, and origin authentication functionality at the data link level.
• 802.1AF carries out key agreement functions for the session keys used for data encryption.

Each of these standards provides specific parameters to work within an 802.1X EAP-TLS framework.

Question 64

Lightweight EAP

Answer 64

Lightweight EAP was developed by Cisco and was the first implementation of EAP and 802.1X for wireless networks.

It uses preshared keys and MS-CHAP to authenticate client and server to each other.

Question 65

EAP-TLS

Answer 65

In EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) the client and server authenticate to each other using digital certificates.

The client generates a pre-master secret key by encrypting a random number with the server’s public key and sends it to the server.

Question 66

EAP-TTLS

Answer 66

EAP-TTLS is similar to EAP-TLS, but only the server must use a digital certification for authentication to the client.

The client can use any other EAP authentication method or legacy PAP or CHAP methods.

Question 67

Network convergence

Answer 67

Network convergence means the combining of server, storage, and network capabilities into a single framework.

Question 68

Mobile Telephony generations

Answer 68

• 1G (FDMA)
• 2G (TDMA)
• 3G (CDMA)
• 4G (OFDM).

Question 69

Link encryption

Answer 69

Link encryption is limited to two directly connected devices, so the message must be decrypted (and potentially re-encrypted) at each hop.

Question 70

End-to-end encryption

Answer 70

End-to-end encryption involves the source and destination nodes, so the message is not decrypted by intermediate nodes.

Question 71

TLS

Answer 71

Transport Layer Security (TLS) is an example of an end-to-end encryption technology.

Question 72

MIME

Answer 72

Multipurpose Internet Mail Extensions (MIME) is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred.

Question 73

S/MIME

Answer 73

Secure MIME (S/MIME) is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions using public key infrastructure (PKI).

Question 74

PGP

Answer 74

Pretty Good Privacy (PGP) is a freeware e-mail security program that uses PKI based on a web of trust.

Question 75

S/MIME vs. PGP

Answer 75

• S/MIME uses centralized, hierarchical Certificate Authorities (CAs)
• PGP uses a distributed web of trust

Question 76

HTTPS

Answer 76

HTTP Secure (HTTPS) is HTTP running over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).

Question 77

SSL

Answer 77

SSL was formally deprecated in June of 2015.

Question 78

Cookies

Answer 78

Cookies are text files that a browser maintains on a user’s hard drive or memory segment in order to remember the user or maintain the state of a web application.

Question 79

SSH

Answer 79

Secure Shell (SSH) functions as a type of tunneling mechanism that provides terminal-like access to remote computers.

Question 80

DoS

Answer 80

A denial-of-service (DoS) attack results in a service or resource being degraded or made unavailable to legitimate users.

Question 81

DNS hijacking

Answer 81

DNS hijacking is an attack that forces the victim to use a malicious DNS server instead of the legitimate one.

Question 82

What are three types of LAN transmission methods?

Answer 82

1. Unicast: The packet is sent from a single source to a single destination address.
2. Multicast: The source packet is copied and sent to specific multiple destinations on the network.
3. Broadcast: The packet is copied and sent to all the nodes on a network or segment of a network.

Question 83

What are the two configuration types for IPSec?

Answer 83

• Transport adjacency
• Iterated tunneling

Transport adjacency means that more than one security protocol (ESP and AH) is applied to a packet.

Iterated tunneling means an IPSec tunnel is tunneled through another IPSec tunnel.

Iterated tunneling would be used if the traffic needed different levels of protection at different junctions of its path.

Question 84

What are the two common types of transmission methods that can be used with various types of medium?

Answer 84

• Baseband transmission: Uses the full bandwidth for only one channel and has a low data transfer rate.
• Broadband transmission: Divides the bandwidth into many channels, enabling different types of data to be transmitted, and provides a high data transfer rate

Question 85

What are the two types of proxy-based firewalls?

Answer 85

• Circuit-level firewalls
• Application proxy firewalls

Question 86

How does a SOCKS-based firewall provide protection?

Answer 86

SOCKS firewalls can:

• Screen
• Filter
• Audit
• Log
• Control

data flowing in and out of a protected network.

SOCKS-based firewalls are circuit-level firewalls. This means they look only at packet header information (address and port numbers) to make access decisions.

When a SOCKS-enabled client sends a request to access a computer on the Internet, this request actually goes to the network’s SOCKS proxy firewall, which inspects the packets for malicious information and checks its policy rules to see whether this type of connection is allowed.

Question 87

List three characteristics of the IEEE 802.11a standard.

Answer 87

• Works in the 5GHz range
• Uses the OFMD spread spectrum technology
• Provides 52 Mbps in bandwidth

Question 88

What is an intranet?

Answer 88

An intranet is a firm’s internal, physical network infrastructure. It may contain many interconnected LANs.

The main purpose of an intranet is to share company information and computing resources among employees. When a company uses the Internet and web-based technologies inside its networks, it is using an intranet, a private network that uses Internet technologies, such as TCP/IP.

The company has web servers and client machines using web browsers, and it uses the TCP/IP protocol suite. The web pages are written in HTML or XML and are accessed via HTTP.

Question 89

Describe a TCPIP socket and what it is made up of.

Answer 89

A socket is the combination of:

• Node address
• Port number

When a connection is made between two systems, the packets will need to contain the IP address and port address of the sending and receiving system. This is so the packet can be properly routed to the receiving system and so that the receiving system knows whom to reply to.

The IP address acts as the doorway to a computer, and the port acts as the doorway to the actual protocol or service.

Question 90

What are common configuration requirements of a bastion host?

Answer 90

• Must be extremely secure
• No unnecessary services should be running
• Unused subsystems must be disabled
• Vulnerabilities must be patched
• Unnecessary user accounts must be disabled
• Unneeded ports must be closed

A bastion host is a locked-down (or hardened) system. A bastion host is usually a highly exposed device, because it is the front line in a network’s security and its existence is known on the Internet. As such, bastion hosts have the configuration requirements outlined in the answer field.

Question 91

Point-to-Point Tunneling Protocol (PPTP) is a Microsoft virtual private network (VPN) protocol. How does it provide protection for data?

Answer 91

It provides encapsulation, which means it repackages the original frame and encrypts it.

This encapsulation allows for secure communication to take place via an untrusted network, such as the Internet. When using PPTP, the payload is encrypted with Microsoft Point-to-Point Encryption (MPPE) using MS-CHAP or EAP-TLS.

Along with encryption, the frame must be encapsulated as well. A series of encapsulations takes place in this technology. The user’s data is encapsulated within the Point-to-Point Protocol (PPP), and then this frame is encapsulated by PPTP with a Generic Routing Encapsulation (GRE) header and IP header.

Question 92

What is a wide area network (WAN)?

Answer 92

A wide area network (WAN) can be thought of as a network of subnetworks that physically or logically interconnect LANs over a large geographic area.

Question 93

What is the 802.1x protocol?

Answer 93

The 802.1X standard is a port-based network access control that ensures a user cannot make a full network connection until he is properly authenticated.

This means a user cannot access network resources and no traffic is allowed to pass, other than authentication traffic, from the wireless device to the network until the user is properly authenticated.

Question 94

What is TCP/IP?

Answer 94

Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of protocols that governs the way data travels from one device to another.

TCP/IP uses a four layer model:

• Link Layer
• Internet Layer
• Transport Layer
• Application Layer

Question 95

What are the three primary types of cables used for networking?

Answer 95

• Coaxial cable
• Twisted pair
• Fiber

Coaxial cable: Consists of a single, solid copper wire. The copper core is surrounded by a shielding layer and grounding wire. While used widely in early network deployments, it is rarely used today.

Twisted pair: The most commonly used deployment in office LANs today. The common connector for Ethernet twisted pair is the RJ-45. Unshielded twisted pair (UTP) is a common variety due to its cheap cost and workability. A drawback to twisted pair is its vulnerability of being tapped and the electrical emanation. If the cable has an outer foil shielding, it is referred to as shielded twisted pair (STP), which adds protection from radio frequency interference and electromagnetic interference.

Fiber: Fiber uses a type of glass as the physical media. The data is carried over light waves in the form of photons. There are two types of fiber modes: multi-mode (powered by LEDs) and single-mode (powered by laser light). Fiber is difficult to tap and does not have electrical emanations; therefore, it has a security advantage over twisted pair.

Question 96

What is synchronous optical networking (SONET)?

Answer 96

SONET is a standard for fiber-optic cabling and uses self-healing network rings.

SONET describes the interfaces that can be used over fiber lines and the signaling that must be employed. SONET works at the physical layer of the OSI model.

All SONET lines and rings are fully redundant. The redundant line waits in the wings in case anything happens to the primary ring.

Question 97

What is the committed information rate (CIR)?

Answer 97

CIR is a premium service offered by service providers in frame relay networks that guarantees a company a specified amount of bandwidth.

Frame relay is bursty in nature, meaning that a company may have access to a larger amount of bandwidth until the network gets busy. If a company needs to ensure it will have a certain amount of bandwidth always available, it will have to pay this extra rate.

Question 98

Describe the OSI model and its purpose.

Answer 98

The OSI model is an attempt to describe conceptually where the different functionalities of different protocols take place in a networking stack. The model attempts to draw boxes around reality to help people better understand the stack. Each layer has a specific functionality and has several different protocols that can live at that layer and carry out that specific functionality.

Question 99

What are the two broad categories of WAN technologies?

Answer 99

• Circuit switching
• Packet switching

Circuit switching establishes a virtual connection that acts like a dedicated link, or circuit, between two systems. Examples:

• ISDN
• Telephone calls

Packet switching does not set up a dedicated virtual link. It allows packets to pass through a number of different individual devices rather than being forced to follow the same path as preceding packets. Examples:

• Internet
• X.25
• Frame relay

Question 100

What is a local area network (LAN)?

Answer 100

A local area network (LAN) is composed of:

• One or more computers
• Communication protocol
• Network topology
• Cabling or a wireless network to connect the systems that communicate over a small geographical area such as a building floor.

Question 101

What is an extranet?

Answer 101

An extranet extends outside the bounds of the company’s network to enable two or more companies to share common information and resources.

Business partners commonly set up extranets to accommodate business-to-business communication. An extranet enables business partners to work on projects together, share marketing information, communicate and work collaboratively on issues, post orders, and share catalogs, pricing structures, and information on upcoming events.

Question 102

What are five common network topologies?

Answer 102

• Bus
• Star
• Ring
• Tree
• Mesh

Bus: A single cable runs the entire length of the network, and systems, or nodes, are attached to the network through drop points connected to this cable.

Star: Connects all the nodes through a central device such as a switch. Each of the nodes has its own dedicated link to the central networking device.

Ring: A series of devices connect by unidirectional transmissions links. These links form a closed loop and do not connect to a central system. Each node is dependent on the preceding nodes, and in a single node failure, all other systems might be negatively affected due to their interdependence.

Tree: Similar to a bus topology except that rather than single nodes branching off of the bus line, additional bus lines with their own connected nodes branch off of the main bus line like branches on a tree.

Mesh: Interconnects all systems and resources to each other in a way that does not follow the uniformity of the other topologies. Typically there are redundant interconnections providing resiliency and fault tolerance if any system or network link goes down.

Question 103

What is war driving?

Answer 103

War driving is the practice of walking or driving around with a wireless device equipped with the necessary equipment and software to identify and break into access points (AP).

Wireless APs may be misconfigured, which allows hackers to exploit these configurations and break into the wired network. Wireless APs are commonly easy ways to enter networks because of their weak security.

Question 104

What are the three protocols that work at the session layer of the OSI model?

Answer 104

• Network File System (NFS)
• NetBIOS
• Structured Query Language (SQL)

The session layer protocols:

• Set up connections between applications
• Maintain dialog control
• Negotiate, establish, maintain, and tear down the communication channel

Question 105

List at least three benefits of network address translation (NAT).

Answer 105

• Allows companies to use a limited number of registered Internet addresses
• Saves on funds
• Provides an amount of security
• External entities can see only the address of the router (or the public address the NAT device is using) and not the true addresses of the internal hosts
• The company can use private address schemes instead of having to pay for public addresses

Question 106

What is the Internet?

Answer 106

The Internet is a network of networks—in other words, a system of interconnected networks spread all over the world using TCP/IP as the standard protocol for sharing data.

The term “Internet” was first used to refer to the Advanced Research Projects Agency Network (ARPANET), conceived by the U.S. Department of Defense in 1969. Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide.

Question 107

What functionality takes place at the data link layer within the OSI model and what are the two sublayers that make it up?

Answer 107

The protocols at the data link layer:

• Convert data into LAN or WAN frames for transmission
• Convert messages into bits
• Define how a computer accesses a network

This layer is divided into:

• Logical Link Control (LLC) sublayer
• Media Access Control (MAC) sublayer

Question 108

What are two versions of Carrier Sense Multiple Access (CSMA)?

Answer 108

• CSMA/CD
• CSMA/CA

A transmission is called a carrier, so if a computer is transmitting frames, it is performing a carrier activity.

When computers use the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol, they monitor the transmission activity, or carrier activity, on the wire so they can determine when would be the best time to transmit data.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is an access method in which each computer signals its intent to transmit data before it actually does so. This tells all other computers on the network not to transmit data right now because doing so could cause a collision.

Question 109

What does encapsulation refer to with respect to the OSI model?

Answer 109

Encapsulation is the process of adding headers and trailers to user data as it is handed from each layer to the next lower layer.

As data is passed to the application layer from a program and sent down through the protocol stack, each protocol at each layer adds its own information to the message and passes it down to the next level. The headers and trailers are added so that the receiving system knows how to interpret and process the data as it goes up the network stack.

Question 110

What is plenum-grade cable?

Answer 110

Plenum-grade cable is cable that is coated with a fire retardant designed for use in crawlspaces, false ceilings, and below raised floors. The coating is designed to not give off toxic fumes as it burns.

Question 111

Name at least three standards that work in the presentation layer of the OSI model.

Answer 111

• American Standard Code for Information Interchange (ASCII)
• Extended Binary-Coded Decimal Interchange Mode (EBCDIC)
• Tagged Image File Format (TIFF)
• Joint Photographic Experts Group (JPEG)
• Motion Picture Experts Group (MPEG)

The services of the presentation layer handle translation into standard formats, data compression and decompression, and data encryption and decryption.

Question 112

How does an ARP attack work?

Answer 112

In an ARP attack, an attacker manipulates the ARP table so that traffic with the correct IP address goes to an incorrect MAC address.

ARP (Address Resolution Protocol) finds MAC (Media Access Control) addresses for IP addresses. It broadcasts a request and only the system with the IP address within the broadcast domain responds. ARP takes the MAC address from this response and places it in its ARP table. An attacker can manipulate this ARP table so that traffic with the correct IP address goes to an incorrect MAC address. The traffic goes to the attacker’s MAC address instead of the intended receiver.

Question 113

802.16

Answer 113

802.16 addresses wireless MAN technologies.