Domain 4 -- Communication and Network Security Flashcards

Question 1

Q

What does the OSI Application Layer do?

Answer

A

The Application Layer does not provide Actual applications, but rather the protocols that support that applications.

The app layer works closest to the user and provides:

file transmissions
message exchanges
Terminal sessions
much more

Question 2

Q

What layer in the OSI Model is the Application Layer and what does it provide?

Answer

A

The application layer is layer 7 and it provides:

File Transmissions
Message Exchanges
Terminal sessions
And more

Question 3

Q

What does the OSI Presentation Layer do?

Answer

A

The presentation layer (Layer 6) receives information from the application layer and puts it in a format that any process operating at the same layer on a destination computer following the OSI model can understand.

It provides a common means of representing data in a structure that can be properly processed by the end system. (Think Tiff and JPEG)

Presentation layer also handles compression and encryption issues

Question 4

Q

Which layer is the Session Layer and what does it do?

Answer

A

The Session Layer is Layer 5
It is responsible for establishing communication between the two systems
Think Telephone conversation
Example protocols that work at this layer:
- Password Authentication Protocol (PAP)
- Point to Point Tunneling Protocol (PPTP)
- Network Basic Input output System (NetBIOS)
- Remote Procedure Call (RPC)
Session layer has 3 modes
- Simplex
- Half duplex
- Full duplex
Session layer protocols provide interprocess communication channels
Session level protocols are the least used and only required within a network. Thus, firewall rules should shut them down.

Question 5

Q

What’s the difference between what happens at the Session Layer and what happens at the Transport Layer?

Answer

A

The Session Layer protocols control Application to Application communication
The Transport Layer protocols control computer to computer communication

Question 6

Q

What layer is the Transport Layer and what does it do?

Answer

A

The transport layer is Layer 4
When connection oriented protocols are used between two systems, they must go through a handshaking process and exchange parameters. This handshaking process happens at Layer 4
The transport layer protocols are for systems, not applications
The transport layer recieves data from many different applications and assembles the data into a stream to be properly transmitted over the network.

Question 7

Q

What layer in the OSI model is the Network Layer and what does it do?

Answer

A

The Network layer is layer 3
The main responsibilities of it are to:
- insert information into the packet’s header so it can be properly addressed and routed
- And then to actually route the packets to their proper destination
Protocols at the network layer need to determine the best path for a packet to take to get to the destination
Routing protocols build and maintain their routing tables
Example Network Layer protocols:
- IP
- Internet Control Message Protocol
- Routing Information Protocol (RIP)
- Open Shortest Path First (OSPF)
- Border Gateway Protocol (BGP)
- Internet Group Management Protocol (IGMP)

Question 8

Q

What Layer of the OSI Model is the Data Link Layer and what does it do?

Answer

A

The Data Link Layer is Layer 2
It translates the packet into the LAN or WAN technology binary format for proper line transmission.

Question 9

Q

What are the two sub-layers in the data link layer?

Answer

A

The Logical Link Control layer (LLC)
- The Network layer above communicates with the LLC layer. It does not know whether the underlying network is Ethernet, or ATM or ___________.
- It takes care of flow control and error checking
Media Access Control
- The Media Access Control layer communicates with the physical layer
- It knows what the underlying network type is (Ethernet, etc.) and so addes the appropriate header/trailer records

Note –

Question 10

Q

What do the 802.XX specifications refer to? And where do they belong in the OSI stack?

Answer

A

The IEEE MAC spefications are:

802.3 - Ethernet
802.5 - Token Ring
802.11 - Wireless LAN
- Others

These protocols are at the MAC sublayer of the data link layer.

Question 11

Q

Give examples of protocols that work at the data link layer

Answer

A

Point to Point Protocol (PPP)
ATM
Layer 2 Tunneling protocol (L2TP)
FDDI
Ethernet
Token Ring

Question 12

Q

When the data link layer applies the last header and trailer to the data message, what is this called?

Answer

A

It is called framing.

The unit of data is called a frame.

Question 13

Q

What is the purpose of the physical layer? Which layer is it?

Answer

A

This layer controls synchronization, data rates, linie noise and transmission techniques.

Question 14

Q

Name the 7 layers of the OSI model in order from top to bottom.

Answer

A

All People Seem To Need Data Processing

Application
Presentation
Session
Transport
Network
Data Link
Physical

Question 15

Q

Name Six Protocols That operate at the Application Layer

Answer

A

File Transfer (FTP)
Trivial File Transfer Protocol (TFPT)
Simple Network Management Protocol (SNMP)
Simple Mail Transfer Protocol (SMTP)
Telnet
Hypetext Transfer Protocol (HTTP)

Question 16

Q

Name the Presentation Layer Services

Answer

A

Note that the Presentation Layer only has services, not protocols
ASCII
EBCDIC
TIFF (Tagges Image File Format)
Joint Photographic Experts Group (JPEG)
MPEG
MIDI

Question 17

Q

Name the Session Layer Protocols

Answer

A

It’s all about establishing connections between apps, dialog control, negotiation and tear down.

NetBIOS
Password Authentication Protocol (PAP)
Point to Point Tunneling Protocol (PPTP)
RPC (Remote procedure call)

Question 18

Q

Name the main purpose of the Transport Layer protocol and name some key protocols that operate at this layer

Answer

A

Transport layer protocols handle end-to-end transmission and segmentation of a data stream.

TCP
UDP
SPX (Sequenced Packet Exchange)

Question 19

Q

Name the key purpose of Network Layer Protocols and give examples

Answer

A

The responsibilities of the network layer protocols include internetworking, addressing and routing.

IP
Internet Control Message protocol (ICMP)
IGMP (Internet Group Management Protocol)
Routing Information Protocol (RIP)
Open Shortest Path First (OSPF)
Internet Packet Exchange (IPX)

Question 20

Q

What is the purpose of protocols at the data link layer and give examples of.

Answer

A

These protocols convert data into LAN or WAN frames for transmission and define how a computer accesses a network. It’s divided into the Logical Link Control and MAC sublayers

ARP
RARP (Reverse ARP)
PPP (Point to Point Protocol)
Serial Line Internet Protocol (SLIP)
Ethernet (IEEE 802.3)
Token Ring (IEEE 802.5
Wireless Ethernet (IEEE 802.3)

Question 21

Q

What does the physical layer do? Give examples of the interfaces that operate at this layer

Answer

A

Network interface cards and drivers convert signals and control the phscial aspects of data transmission, including optcal, electrical and mechanical requirements.

RS422
10Base-T, 10-Base2, 10Base5, 100Base-TX, 100Base FX, 100Base-T, 1000Base-T, 1000Base-SX
ISDN
DLS
SONET (Synchronous Optical Networking)

Question 22

Q

Which OSI layers can a computer process data on?

Answer

A

computers can access data at all of the 7 layers

Question 23

Q

What layer does a router operate at?

Answer

A

A router operates at the Network Layer (L3)

Question 24

Q

Name two types of devices that only understand up to the Data Link Layer1

Answer

A

Bridges and Switches

Question 25

Q

Name a devices that operates on the Physical (L1) layer

Answer

A

A repeater

Question 26

Q

What is a multilayer protocol?

Answer

A

Protocols that don’t fit neatly into the OSI Model?

Question 27

Q

What is the DNP3 Protocol?

Answer

A

DNP3 stands for Distribruted Network Protocol 3
It is an example of a 3 Layer protocol
It is used in SCADA systems, particularly those in the power sector
It does not support routing
Does not include encryption or authentication (deverlopers thought it was only going to be a system of devices connected to each other (not the outside world)
SCADA systems were eventually connected to the Internet
No Intrusion Detection / Intrusion Detection

Question 28

Q

What is the Controller Area Network Bus?

Answer

A

It stands for Controller Area Network
It’s a multilayer protocol
Runs on most automobiles worldwide
Allows controllers and other embedded controllers to communicate via a shared buss
Originally, the designers didn’t think security would be needed
As cars started to get WiFi, new attack vectors emerged
Jeep was hacked

Question 29

Q

What are the main components of TCP/IP

Answer

A

IP is a connectionless network layer protocol that provides datagram routing services
IP’s main task is to support internetwork addressing and packet routing
There are two main protocols that function at the transport layer:
- TCP – reliable, connection-oriented protocol
- UDP – unreliable, connectionless protocol

Question 30

Q

If the Internet Protocol (IP) were to be compared to mailing a letter in the postal system, what would the three main components be?

Answer

A

Data = Letter
IP = Addressed Envelope
Network = Postal System

Question 31

Q

What are the main characteristics of TCP?

Answer

A

TCP is connection oriented, because a connection must first be established via handshaking
By contrast, UDP is connectionless
Both are transport protocols
TCP and UDP both use ports to communicate with upper OSI layers

Question 32

Q

What are the three components of a socket?

Answer

A

The combination of the following make up a socket:

Protocol (TCP or UDP)
Port
IP address

Question 33

Q

What are well-known ports and give examples

Answer

A

Well-known ports are 0 - 1023 (Can only be used by privileged/root users)
SMTP - 25
FTP - 21, 20
HTTP - 80
Telnet - 23
SNMP = 161, 162
*

Question 34

Q

What are the port ranges for

Well Known Ports
Registered Ports
Dynamic ports

Answer

A

Well Known ports: 0 - 1023
Registered ports: 1024 - 49151
Dynamic ports (49152 - 65535)

Question 35

Q

What are the three steps in the TCP handshake?

Answer

A

SYN —>
SYN/ACK <———
ACK ——->

Question 36

Q

Give the names of units of transmission for the TCP/IP networking model

Answer

A

Application Layer - Data
Transport Layer - Segments
Internetwork Layer - Packets
Data Link Layer - Frames
Physical layer - Bits

Question 37

Q

How many bits are used for IPv4 addressing?

How many bits are used for IPv6 addressing?

Answer

A

IPv4 uses 32 bits for addressing
IPv6 uses 128 bits for addressing

Question 38

Q

What is subnetting?

Answer

A

Subnetting allows larger IP ranges to be divided into smaller, logical, and more tangible network segments.

Question 39

Q

What is classful or classical IP addresses

Answer

A

This is used for traditional IP subnet masks.

Question 40

Q

What is CIDR and what does it do?

Answer

A

CIDR stands for Classless Interdomain Routing
Since Class B adddress ranges are usually too large and Class C are usually too small, CIDR provides the flexibility to increase or decrease the split between network address ranges and host address ranges
CIDR is also referred to as supernetting

Question 41

Q

What are some of the key operational characteristics of the Internet Protocol (IP)?

Answer

A

TTL (Time to Live) value to prevent packets from being retransmitted forever
ToS (Type of Service) capability to enable prioritization

Question 42

Q

List 6 key benefits of IPV6 vs. IPV4

Answer

A

Address size increased from 32 bits to 128 bits
Scope field introduced for multicast addresses / anycast address
Some IPV4 header fields have been dropped or made optional
Changes in IP header options are encoded for more efficient forwarding
Packet labeling for particular flows (e.g. QoS or real-time)
Extensions to support authentication, data integrity and (optional) data confidentiality

Question 43

Q

Compare and Contrast MACsec with VPN?

Answer

A

IEEE 802.1AE is the MACSec standard. It provides data confidentiality, data integrity and data origin authentication
MACSec works with Ethernet LANs.
VPN provides protection at higher levels in the stack

Question 44

Q

What does IEEE 802.1AR provide?

Answer

A

It provides a DEV-ID – a unique per device identifier, that can’t be easily spoofed.

Question 45

Q

Give 3 examples of Converged Protocols

Answer

A

Fibre Channel over Ethernet (FCoE)
Multiprotocol Label Switching (MPLS)
Internet Small Computer System interface (iSCSI)

Question 46

Q

What is an example of IP Convergence?

Answer

A

IP Convergence is the transition of services from disparate transport media and protocols to IP.

Example: VoIP

Question 47

Q

What are the 3 broad types of transmission media?

Answer

A

Electrical wires
Optical fibers
Free space

Question 48

Q

What’s the difference between bandwidth and Data Throughput?

What units are they measured in?

Answer

A

Bandwidth is the number of electrical pulses that can be transmitted over a link in 1 second
Throughput is the actual amount of data that can be carried over the connection

Data throughput can be higher than bandwith as a result of compression mechanisms

Both Bandwidth and Throughput are measured in bits/sec

Question 49

Q

Compare and Contrast Asynchronous and Synchronous Communications

Answer

A

Asynchronous

No timing component
Surrounds each byte with processing bits
Parity bit used for error control
Each byte requires three bits of instruction (start, stop, parity)

Synchronous

Timing component for data transmission synchronization
Robust error checking via CRC
Used for high speed, high volume transmissions
Minimal Overhead

Question 50

Q

Give examples of Broadband technologies

Answer

A

Broadband

CATV coaxial cable
DSL
WiFi

Question 51

Q

Which is more secure, Fiber or Copper cabling? Why?

Answer

A

Fiber is more secure because it does not radiate signals and is therefore not susceptible to eavesdropping

Question 52

Q

What are the components of fiber optic communication?

Answer

A

Light sources

LED’s
Diode lasters

Cable

Single mode - used for transmission over long distances, less susceptible to attenuation than multi-mode
Multimode - Can carry more data because multiple frequencies are used. Better for short distances. More susceptible to attenuation

Question 53

Q

List three Cabling problems

Answer

A

Noise
Attenuation
Cross Talk

Question 54

Q

What does spread spectrum mean with respect to wireless communications

Answer

A

Spread spectrum means using more than one frequency at a time.

Question 55

Q

What is frequency hopping spread spectrum?

Answer

A

First piece of data goes on one frequency

Next piece of data goes on a different frequency.

The idea is to help avoid collisions

Question 56

Q

What is Direct Sequence Spread Spectum (DSSS)?

Answer

A

It is a wireless communication approach that uses sub-bits

Sub bits are called chips.

Question 57

Q

Compare and Contrast FHSS and DSSS

Answer

A

FHSS moves data by changing frequencies
DSSS takes a different approach by applying sub-bits to a message and uses all of the availale frequencies at the same time

Question 58

Q

Where is Orthogonal Frequency Division Multiplexing (OFDM) used?

Answer

A

OFDM is used for:

digital television
audio broadcasting
DSL broadband Internet access
Wireless networks
4G Mobile communication

Question 59

Q

What is a Wireless AP and what does it do?

Answer

A

AP stands for wireless Access Point. It’s the device through which computers can access a WLAN

Question 60

Q

What are the three types of WLAN’s and briefly describe them

Answer

A

An infrastructure WLAN is when more than one AP is used to extend an existing wired network
An ad hoc WLAN has no AP’s. Each wireless device communicates directly with the others (peer to peer)
Standard (km) where wireless devices go through an AP to get to the network

Question 61

Q

With respect to Wireless LAN’s, what is a channel?

Answer

A

A channel is a certain frequency range within a given frequency band.

AP’s are configured to communicate over a specific channel

Question 62

Q

What does SSID stand for and how is it used?

Answer

A

SSID stands for Service Set ID. Any hosts that wish to participate in a particular WLAN must be configured with the appropriate SSID.

A WLAN can be segmented into multiple SSID’s for the same reasons as using multiple wired network segments

Question 63

Q

What is a Basic Service Set (BSS)?

Answer

A

When wireless devices work in infrastructure mode, the AP and wireless clients form a group called a Basic Service Set (BSS).

Question 64

Q

Compare and contrast Open System Authentication (OSA) and Shared Key Authentication (SKA) of the 802.11 Wireless LAN standard

Answer

A

OSA does not require the wireless device to prove it has a specific cryptographic key to allow for authentication purposes.
- Usually, just the SSID is needed
- All transactions are in cleartext
With SKA (WEP), the AP sends a random value to the wireless device. The device encrypts it with its cryptographic key and returns it
The AP decrypts it and if it matches the original random number, the device is authenticated

Answer 65

A

The use of static encryption keys on all devices
Ineffective use of Initialization vectors
- Usually the same IV used over and over
Lack of packet integrity assurance

Answer 66

A

WEP stands for Wired Equivalency Privacy

Answer 67

A

802.11i was introduced to address the security issues with WEP
It provides for Wifi Protected Access II (WPA2)
Before there was WPA2, there was WPA and it introduced:
- Temporal Key Integrity Protocol (TKIP)
- TKIP generates a new key for every frame that is transmitted
- TKIP addresses WEP deficiencies related to static keys and inadequate use of IV’s.
WPA2 improves upon WPA by providing AES with CBC-MAC (Counter Mode, Cipher Block Chaining Message Authentication Code protocol)

Answer 68

A

No, it is an access control protocol that can be implemented on both wired and wireless networks

Answer 69

A

WEP provides system authentication
802.1X provides user authentication

Answer 70

A

EAP stands for Extensible Authentication Protocol

It means the device has to authenticate to the Authenticator and the Authenticator has to authenticate to the device.

It prevents against a rogue AP attack.

Answer 71

A

Supplicant (Wireless Device)
Authenticator (AP)
Authentication Server (usually a RADIUS server

Answer 72

A

Passwords
Tokens
one-time passwords
Certificates
smart cards
kerberos

Answer 73

A

Data Link Layer.

The authentication protocols themselves operate at a higher level. So, there are many ways to use EAP.

Answer 74

A

The RC4 algorithm – which is not a great fit.

Answer 75

A

Robust Security Network

Answer 76

A

1-2MB
2.4GHz

Answer 77

A

11Mbps
2.4GHz
DSSS
Backward compatible with 802.11

Answer 78

A

54Mbps
5GHz (works in US, but not all other contries have allocated this band for wireless
OFDM

Answer 79

A

Provided QoS support for multimedia traffic

Answer 80

A

802.11f deals with conveying authentication informatino between AP’s so users can roam seamlessly

Answer 81

A

802.11g provides up to 54Mbps
still works in 2.4GHz spectrum
*

Answer 82

A

It builds upon the 802.11a standard to meet European rules so 5.0 GHz devices can be used in Europe

Answer 83

A

Its focus is interoperability where different countries have their own rules

Answer 84

A

802.11n operates at 5.0GHz and can support throughput up to 100Mbps

Uses MIMO (Multiple Input / Multiple Output)
MIMO uses two input antennae and two output antennae

Answer 85

A

It improves upon 802.11n
5GHz band
Throughput up to 1.3GHz
Support beamforming
- shaping of radio signals to improve performance in specific directions
Better for high data rates at longer ranges than predecessor tech

Answer 86

A

It’s the Metropolitan Area Network Standard.

A commercial implementation is WiMAX

Answer 87

A

802.15.4 is a WPAN standard (Wireless Personal Area Network)
2.4GHz band
ITO
Wireless keyboards
etc.
Zigbee is a popular protocol based on 802.15.4
- ZigBee links operate at 250kbps
- 128 bit symmetrical key encryption

Answer 88

A

Bluejacking is where someone sends an unsolicited message to a bluetooth device
- Often sends a business card
- The countermeasure is to put bluetooth device in non-discoverable mode
Bluesnarfing is the unauthorized access from a wireless device through a bluetooth connection
- user can access calendar, contact list, emails and text and can copy pictures and private videos

Answer 89

A

Change default SSID
Implement WPA2
Use separate VLAN for each class of user
To support visitors, make sure they are on an untrusted network outside trusted perimeter
Deploy a Wireless Intrusion Detection System (WIDS)
Physically put the AP in the center of the building
Logically, put the AP in the DMZ with a firewall between the DMZ and internal network
Implement VPN for wireless devices to use

Answer 90

A

Configure MAC to only allow known MAC addresses to use it.
Carry out penetration tests on the WLAN

Answer 91

A

Satellite (Ground to Orbiter to Ground)
Terrestrial (Ground to Ground)

Answer 92

A

Frequency Division Multiple Access (FDMA)
Time Division Multiple Access (TDMA)
Code Division Multiple Access (CDMA)
Orthogonal Frequency Division Multiple Access (OFDMA)

Answer 93

A

Earliest (1G)
Frequency range divided into channels
One channel per subscriber / exclusive control of the channel

Answer 94

A

CDMA assigns a unique code to each voice call or data transmission
Calls are spread across the entire frequency band
Every user can simultaneously use every channel
A cell can simultaneously interact with multiple other cells
This is the main technology in cellular today

Answer 95

A

OFDMA is a combination of FDMA and TDMA
Each channel is divided into a set of closely spaced orthogolan frequencies with narrow bandwidths (subchannels)
Each of the different subchannels can transmit and receive simultaneously in a MIMO (Multiple Input Multiple Output) mode
4G requires OFDMA

Answer 96

A

analog transmission of voice-only data over circuit switched networks
19.2Kbps

Answer 97

A

Digitally encoded voice and data
All of the following fall under the 2G umbrella:
- TDMA
- CDMA
- GSM
- PCS
Supports data encryption, fax transmissions and SMS

Answer 98

A

3G incorporates:

FDMA
TDMA,
CDMA
Packet switching (not circuit switching)
Global roaming
Internet services
multimedia
Reduced latency / faster speed

Answer 99

A

Higher data rates
OFDMA technology

Answer 100

A

Based on all-IP packet-switched network
Data exchange at 100Mbps to 1Gbps

Answer 101

A

Token Ring

FDDI

Answer 102

A

CSMA/CD stands for Carrier Sense Multiple Access / Collision Detect
Assume you can transmist and detect collisions if they occur
Ethernet

Answer 103

A

CSMA/CA stands for Carrier Sense Multiple Access / Collision Avoidance

Basic premise is that each computer signals its intent to transmit before actually doing so

Answer 104

A

Carrier Sensing

Answer 105

A

Broadcast domains are sets of computing nodes that all receive a layer 2 broadcast frame
- Normally nodes interconnected by switches, hubs, bridges, but with no routers between them
Collision Domains are sets of computing nodes that may produce collisions when they transmit data
- Normally connected by hubs, repeaters or Wireless Access points

Answer 106

A

DHCP Discover
DHCP Offer
DHCP Request
DHCP Ack

Answer 107

A

ICMP Tunneling
Attackers know that routers and firewalls allow ICMP traffic
An attacker installs software on a server
Using client software, the attacker is able to open up a shell
It’s an older approach, but still effective

Answer 108

A

Traceroute

Answer 109

A

Only SNMP Version 3 supports encryption and is considered secure

Answer 110

A

.COM
.EDU
.MIL
.INT - International Treaty Org
GOV - Government
ORG - Organizational
NET - Networks

Answer 111

A

A user on Server A needs to go to a site
Server A doesn’t have the IP address so it asks for one
An attacker intercepts the request and sends server A bogus IP address for the site
Now, not only the initial user, but subseqeunt users will be redirected to the wrong IP address because Server A caches the result it received from the attacker.
The fundamental problem is that there is no way to authenticate the Server that served the DNS request

Answer 112

A

Use DNSSEC, which implements

PKI and
Digital signatures
This allows DNS to validate the origin of a message to ensure that it is not spoofed and potentially malicious

Answer 113

A

In order to really make it work, it would be required that all DNS Servers on the Internet would have to participate in PKI.

Figuring out a way to implement Internet wide PKI has been difficult.

But we are getting there slowly but surely.

Answer 114

A

Split DNS means putting a DNS Server in the DMZ for external DNS requests
- Which doesn’t contain records re internal servers
And also using an internal DNS Server
- Which only contains records for internal servers

Answer 115

A

Attackers can map the host name for antivirus update site to 127.0.0.1.

The most effective technique for preventing HOSTS intrusions is to set it as read-only and implement a host-based IDS that watches for critical file modification attempts

Answer 116

A

A cyber squater is a person who registers prominent or established names, hoping to sell at a profit.

Answer 117

A

Domain grabbing means that a person keeps track of when a URL will expire and tries to grab it from its current owner if they are not closely tracking the expiration date.

Answer 118

A

SMTP – Simple Main Transfer Protocol

In email clients SMTP works as an email transfer agent (send to server)
SMTP is also a message transfer protocol between email servers
SMTP is also a message exchange addressing standard (Person@somewhere.com)
- Many times a message must traverse many email servers to get from source to destination

Answer 119

A

IMAP stands for Internet Message Access Protocol
Whereas POP will download all of the users messages from the mailbox,
Note that POP is commonly used for Internet based email and IMAP is commonly used for corporate accounts
IMAP is “Store and Foreward” technology. A user can download messages to his own account, but that’s up to the user.

Answer 120

A

It uses Simple Authentication and Security Layer (SASL).

Other protocols, including POP, can also use SASL

Answer 121

A

Most companies put a mail server in the DMZ and another mail server internally
Mail servers use a relay agent to send a message from one mail server to another
Mail should only be accepted for mail intended for use by the company.
Mail should only be sent to trustworthy email servers
What the attackers do is to find a “wide open” email server that will receive mail from it and send mail from it. The mail will appear to come from the legitimate site

Answer 122

A

Filtering of both incoming and outgoing email messages

Answer 123

A

Email spoofing is forging an email to make it appear to come from a legitimate source.
SMTP-Auth (Authentication) it allows clients to authenticate to the mail server before an email is sent
Log all connections to mail servers
SPF (Sender Policy Framework) is an email validation system where the SPF admins specify which hosts are allowed to send email from a given domain.
Domain Keys Identified Mail standard allows email servers to digitally sign messages and uses the domains certificate

Answer 124

A

DMARC stands for Domain-based Message Authentication, Reporting and Conformance
specifies how domains communicate to the rest of the world
It also codifies mechanisms by which receiving servers provide feedback to the sends on the results of their validation of individual messages.

Answer 125

A

Phishing is a social engineering attack that is commonly carried out through mliciously crafted email messages.

Goal is to get user to click on malicious link or for the user to send confidentioal information

Answer 126

A

NAT enables a company to use private IP addresses and still be able to communicate transparently with computers over the Internet.

Private address ranges:

10.0.0.0-10.255.255.255 Class A Networks
172.16.0.0. - 172.31.255.255 Class B Networks
192.168.0.0 - 192.168.255.255 Class C Networks

Answer 127

A

Static Mapping – used for servers
Dynamic mapping – NAT maintains a pool of address and dynamically assigns them to users as they need to communicate outside the network.
Port Address Translation – A company has a single IP to the internet and all users on the internal network use the same address, but are dynamically assigned different ports

Answer 128

A

An Autonomous System (AS) are individual networks independently controlled by different organizations and service providers.

AS’s are made up of routers, which use the Interior Gateway Protocol (IGP) within its own boundary.

The Internet is a network made up of AS’s and routing protocols

Answer 129

A

Static protocols are fixed and require an administrator to manually configure the routing table
Dynamic protocols detect that a router is down and send a message to other nearby routers. As a result, the routing tables are automatically kept up to date without manual intervention.

Answer 130

A

Route flapping is when there are constant changes in the availability of routes

Answer 131

A

If a router does not receive an update that a link has gone down and continues to forward packets to that route, it’s called a black hole.

Answer 132

A

Distance-vector routing protocols make routing decisions based on the number of hops. Example - Routing Interface (RIP) protocol
Link state routing protocols – build a topology database that includes packet size, link speed, network load, reliability. Example – Open Shortest Path First (OSPF).

Link state protocols are more accurate

Answer 133

A

Routing Information Protocol – Distance Vector. Slow. Considered legacy
Open Shortest Path First – Link state. Requires more CPU and resources. No passwords, or cleartext passwords or hashed passwords
Interior Gateway Routing Protocol (IGRP) - Distance vector. Proprietary Cisco protocol. Weights can be assigned to different metrics
Enhanced Interior Gateway Routing Protocol (EIRGP) – Advanced Distance vector. Proprietary Cisco
Virtual Router Redundancy Protocol (VRRP) – Two physical routers are mapped to one virtual router for high availability
Intermediate System to Intermediate System (IS-IS). Link state protocol, where each router can independenty build its own router topology. It uses ISO addresses, rather than IP addresses. Did not have to be redesigned for IPV6.

Answer 134

A

Exterior Gateway protocols are used to interconnect two AS’s.

Exterior Gateway Protocol (EGW) is now a legacy protocol, but the term is still used generically.
Border Gateway Protocol (BGP) is the main one in use today.
- Uses a combination of link state and distance vector algorithms
- Configurations collectively are called Routing Policy

Answer 135

A

Misdirecting traffic via spoofed ICMP messages.
An attacker can masquerade as another router and submit bogus routing table information to the victim router
These attacks are mainly successful when routing protocol authentication is not enabled
DoS attacks
- flooding a router port
- buffer overflows
- Syn floods
Countermeasures mainly authentication and encryption of routing data using shared keys or IPSec

Answer 136

A

A wormhole attack consist of capturing a packet at one location and tunneling it to another location on the network

Two attackers required
Attacker A captures an auth token being sent to auth server and gives it to Attacker B
Attacker B takes this token and uses it to gain unauthorized access to a resource.
Easier to do on wireless networks
The countermeasure is a leash - either geographical (token can only be used within a certain distance) or temporal (where the token will expire after a certain time)

Answer 137

A

A repeater doesn’t work with addresses at all. It simply amplifies whatever signal it receives

Answer 138

A

A bridge is used to connect two LAN segments.

It works with MAC addresses

Answer 139

A

Segments a large network into smaller, more controllable pieces
Uses filtering based on MAC addresses
Joins different types of network links while retaining the same broadcast domain
Isolates collision domains within the same broadcast domain
Can take place locally within a LAN or remotely to connect two distant LANs
Can translate between protocol types (e.g. Ethernet and Token Ring)

Answer 140

A

If you use a bridge
- LAN’s are extended because same broadcast domain
If you use a router
- Separate broadcast domain
- Two LAN’s connected by a router results in an internetwork
- Internet is an example of an internetwork

Answer 141

A

No.

YOU (the network admin) want to control how traffic traverses your network
You can’t let packets to have this much control
Attackers can use source routing in their attacks

Answer 142

A

Repeaters work on the Physical (L1) layer
Bridges work on the the Data Link (L2) layer
Routers work on the Network (L3) layer

Answer 143

A

ACL’s indicate:

What packets are allowed in an what packets are denied
Access decisions are basesd on source and destination IP addresses, protocol type and ports
Example – an administrator can block FTP traffic

Answer 144

A

Router receives packet and checks its own routing data
Router retrieves the destination IP from the packet
Router looks at its routing table to see which port matches the requested destination IP address
If Router does not have information about how to route it, it sends an ICMP error message to the sending computer
If router has a route, it decrements the TTL value, checks the MTU size for the desitination network. If necessary it will fragment the datagram
The router changes header information in the packet so it can go to the next correct router
The router sends the packet to its output queue for the necessary interface.

Answer 145

A

Repeater

Bridge

Answer 146

A

Attackers can poison cache memory on switches to divert traffic to their desired location

Answer 147

A

The basic distinction is the header information the device looks at to make forwarding or routing decisions
- L2 - Data Link (MAC address)
- L3 - Network (IP address)
- L4 - Transport OSI
L3 and L4 networks can append tags
All switches between the first switch and the destination switch only look at the tag to make forwarding or routing decision
At the last switch, the tag is removed and packet sent to destination
Routing based on tags is quicker than analyzing the full header

Answer 148

A

Multi-Protocol Labeled Switching - MPLS

different tags can have different QoS requirements and can be prioritized

Answer 149

A

With switches, no broadcast and collision information is continually traveling throughout the network.

Answer 150

A

Physical location

Answer 151

A

With VLAN’s, administrators can group resources logically based on the users/company’s needs, rather than physical location.

Answer 152

A

IEEE 802.1Q

Answer 153

A

VLAN hopping attacks. An attacker makes a device act like a switch
Switch spoofing attack
Double tagging attack

Answer 154

A

In general, a gateway connects two different environments
- Many times acts as a translator
- Sometimes restricts their interactions
Example is an email gateway
Example is Network Access Server (NAS)

Answer 155

A

A phone hacker

Answer 156

A

A firewall restricts access from one network to another

Answer 157

A

A DMZ is a network segment located between the protected and unprotected networks

Answer 158

A

DMZ’s typically have:

web servers
mail servers
DNS Servers
IDS sensors that listen for malicious and suspicious behavior

Answer 159

A

First generation firewalls
Makes access decisions based on network-level protocol header values
Is configured with ACL’s that dictate the type of traffic allowed into and out of specific networks
Also called stateless inspection
Decisions made completely according to an individual packet
Only examine packet’s header, not the data it contains

Answer 160

A

Input filtering = Ingress filtering

Output filtering = Egress filtering

Answer 161

A

Do not prevent attacks that employ application-specific vulnerabilities or functions
Limited logging functionality
Most do not support advanced user authentication schemes
Many cannot detect a spoofed address
They may not be able to detect packet fragmentation attacks

Answer 162

A

they are scalable
not application dependent
high performance
commonly used as a first line of defense at the network edge

Answer 163

A

Like a nosey neighbor
maintains a state table
It knows how protocols are supposed to work and if things are taking place outside of the standard protocols, it will flag it and not allow the traffic to pass through
Once the initial inspection is done, it will be deemed safe and after that it will base decisions on the header only.
Works well with TCP because it is connection-oriented
Provides data for tracking connectionless protocols such as UDP and ICMP
Stores and updates the state and context of the data within the packets

Answer 164

A

They have been the victims of many types of DoS attacks
- Flood state table with bogus information

Answer 165

A

A proxy firewall is a middle man
It breaks the connection; thus, there is no direct connection between source and destination
It stops and restarts the communication session on behalf of the sending system
When it works at the application layer, it is called an application-level proxy
It can work at the lower layers of the stack and when it does it is called a circuit-level proxy (works at the Session Layer).
Traffic that flows through a circuit level proxy appears to come from the firewall

Answer 166

A

They make decisions based on various services and protocols
They can distinguish between FTP GE T and FTP PUT
Each app-level proxy must have portions of it dedicated to different protocols. It knows the nuances of the various protocols and knows how to make sure that they are not passing suspicious traffic

Answer 167

A

Extensive logging capabilities because they can see the entire packet
They can authenticate a user directly (rather than just system level authentication)
They can address spoofing attacks and other sophisticated attacks

Answer 168

A

Not well suited to high bandwidth and real-time applications
Tend to be limited in supporting new network applications and protocols
Create performance problems due to per packet processing requirements

Answer 169

A

When internal systems must communicate with untrusted networks, it must select a port number of greater than 1023 for itself
A dynamic packet filtering firewall then creates an ACL that allows the external entity to communicate with the internal system (say, port number 11,111)
For connection oriented protocols (TCP), as soon as the connection is terminated, the ACL will be removed
For connectionless protocols (UDP), the connection times out and is then removed from the list
Without Dynamic packet filtering firewalls, it would be necessary to open up all ports gretaer than 1023.

Answer 170

A

When a packet arrives at a kernel proxy firewall, a new virtual network stack is created, which is made up of only the protocol proxies necessary to examine this specific packet properly.
Thus everything is examined
Faster than application level proxies because the inspection takes place in the kernel and does not need to be passed up to a higher software layer in the OS.
Still a proxy-based system because the connection is broken
It can perform NAT (just like all other proxy based firewalls).

Answer 171

A

Does everything all the other firewalls do, plus:
Incorporates a signature-based IPS engine
Once a new attack is detected on one firewall, it will make other firewalls from same vendor aware of it.
Biggest negative is that they are very pricey

Answer 172

A

A bastion host is a highly exposed device that is most likely to be targeted by attackers.
Any system on the public side of a DMZ is considered a bastion host
Any system directly connected to an untrusted network is a bastion host
Should have all unnecessary services disabled
Should have all unnecessary acounts removed
Unused apps and utilities should be removed

Answer 173

A

A dual-homed firewall has 2 NICs
A multi-homed firewall has more than two NICs.
- enables setting up multiple DMZ’s

Answer 174

A

A screened host is a firewall that communicates directly with a perimeter router and the internal nework.

Answer 175

A

A screened subnet architecture adds another layer of security to the screened host architecture.

It adds a second firewall.

More layers of defense. Defense in depth.

See diagram

Answer 176

A

Deny all packets not explicitly allowed
If a packet comes from an internal network address, it should be denied because there’s no reason that an internal packet should be coming through the firewall
No packet should be allowed to leave the network that does not have a valid internal address.
- This is how DDoS attacks work. Sending address is spoofed
Firewalls should reassemble fragmented packets before sending them to their destination. Attackers like to use fragments so firewall doesn’t have the complete picture

Answer 177

A

IP Fragmentation – Fragmentation and Reassembly flaws within IP are exploited, which causes DoS
Teardrop attack - Malformed fragments are created by the attacker and once they are reassembled, they could cause the victim system to become unstable
Overlapping fragment attack – Used to subvert packet filters that do not reassemble packet fragments before inspection. A malicious fragment overwrites a previously approved fragment and executes an attack on the victim’s system

Answer 178

A

Silent Rule – drops noisy traffic without logging it. Reduces log sizes by not responding to packets that are deemed unimportant
Stealth rule – disallows access to firewall software from unauthorized systems
Cleanup rule – Last rule in rule base, drops and logs any traffic that does not meet any of the preceeding rules
Negate rule – used instead of broad “any rules. Provides tighter permission rights by specifying what system can be accessed and how

Answer 179

A

Usually a distributed approach is necessary. Usually a single firewall won’t do the job
Firewalls can present a potential bottleneck to the flow of traffic and a single point of failure threat
Some firwalls do not provide protection from malware and can be fooled by the more sophisticated attack types.
Firewalls do not protect against sniffers or rogue wireless access points and provide little protection against insider attacks.

Answer 180

A

Proxy servers act as an intermediary between the clients that want access to certain services and the servers that provide those services

You do not want internal systems to directly connect to external servers without control.

Example – all internal web browsers could be configured to send web requests to web proxy server, which make the request on the user’s behalf.

Answer 181

A

Forwarding proxy - allows the client to specify the server it wants to communicate with
Open Proxy - A forwarding proxy that is open for anyone to use
- An anonymous open proxy allows users to conceal their IP address while browsing websites
Reverse Proxy – appears to the client as the original server. Client adds a request to what it thinks is the original server, but the reverse makes the request and sends a response to user

Answer 182

A

Upside – increased privacy for ordinary users
Downside – attackers use proxy servers to conceal their identities

Answer 183

A

Unified Threat Management is about having a single appliance that is responsible for many security functions, including firewall, VPN, antimalware, etc.

Downsides:

Single point of failure for traffic (assuming no redundancy)
Single point of compromise
Performance issues - choke point
*

Answer 184

A

A content Distribution Network consists of multiple servers distributed across a large region in order to provide content for users closest to it.

It avoids all users across the country/globe having to go long distance to get to their content

Answer 185

A

Because content servers are distributed, the organization is less vulnerable to a DoS attack. Even if they succeed in taking down one server, they won’t succeed in taking down a different one.

Companies now intentionally use CDN’s as a security mechanism.

Answer 186

A

Software Defined networking relies on distributed software to quickly provision new network devides to deal with dynamic changes
Traditional networking relies on distributed devices to coordinate with one another
Traditional networking relies on manual configuration
SDN has centralized configuration and management. It reacts/adapts to new traffic and is able to proactively spin up new devices to respond to them
SDN abstracts the control and forwarding planes

Answer 187

A

The control plane:
- Is where internetwork routing decisions are made (e.g. OSPF)
- Discovers topology of neighboring networks
Forwarding plane:
- Is where traffic forwarding decisions are made
  - Packet from Eth0 must go to Eth3
In traditional networking, each networking device has its own control plane and its own forwarding plane implemented in a proprietary OS
In SDN, the control plane is implemented in a central node that is responsible for managing all devices in the network

Answer 188

A

Open – Championed by the Open Networking Foundation (ONF) is the most common
- Relies on open source building blocks
- Controller communicates with switches using OpenFlow
API – Championed by Cisco
- Uses OpenFlow plus a rich API on the switches to allow greater control of traffic
Overlays – The SDN is simply an overlay (abstraction layer) over the underlying physical network.

Answer 189

A

An endpoint is any computing device that communicates through a network and whose principal function is not to mediate communications for other devices on that network.

Answer 190

A

Honeypot – networking device that is intended to be exploited by attackers to gain info re the attackers
Honeynet – when two or more honeypots are used together
Tarpits – similar to honeypots, but their goal is to allow a connection that appears to be good at first, but then slows down or times out so that automated data gathering by the attackers will not be successful.

Answer 191

A

IT’s a set of policies and controls that are used to control access to our networks

Answer 192

A

An extranet extends outside the bounds of the company’s network to enable two or more companies to share common information and resources.

Answer 193

A

Walmart subscribes to a Value Added Network.

When inventory gets low, Walmart sends a request to its VAN
That way, Walmart doesn’t need to keep track of thousands of suppliers
The VAN keeps track of the suppliers that Walmart wants to use and places the order on Walmart’s behalf

Answer 194

A

SONET rings

Answer 195

A

LAN protocols tend to be connectionless

WAN protocols tend to be connection oriented – more likely to have errors, thus it makes sense to maintain a connection

Answer 196

A

Copper lines carrying analog signals
T1 lines carrying up to 24 conversations
T3 lines carrying up to 28 T1 lines
Fiber Optics and the SONET network
ATM over SONET

Answer 197

A

T-carriers are dedicated lines that carry voice and data over trunk lines

T1 & T3

Answer 198

A

An E-Carrier is like a T-Carrier, except for Europe

Answer 199

A

Hi speed fiber-optic connections are measured in optical carrier transmission rates.

Answer 200

A

CSU - Channel Service Unit
DSU – Data Service Unit

A CSU/DSU is needed because signals and frames can vary between a LAN and a WAN

Answer 201

A

Circuit switching sets up a virtual connection that acts like a dedicated link between two systems
- ISDN and telephone calls are examples of circuit switching
- The two devices set up a communication channel
- Channel stays in place till connection is torn down
Packet switching –
- There is no dedicated virtual link
- Packets can flow through different devices
- X.25 and Frame Relay are examples
- Frame Check Sequence (FCS) numbers enable putting them back together again in order at the destination

Answer 202

A

Frame Relay is obsolete tech
It operates at the data link layer
The idea is that instead of having to have dedicated lines, multiple companies could share the same line
Any to any service shared by many users
Commited Information Rate (CIR) gives a certain amount of guaranteed bandwidth

Answer 203

A

Permanent Virtual Circuits (PVC’s) – Virtual circuits always available
Switched Virtual Circuits - Virtual circuits not permanent and must be created and then are torn down.

Answer 204

A

Older than Frame Relay, but similar
Data encapsulated into HDLC frames
Old technology that included lots of error checking that wouldn’t be included today
It is very fat, compared to today’s technology

Answer 205

A

Instead of using variable sized packets, it uses fixed sized cells (53-bytes).
Connection oriented
Sets up virtual circuits
Supports QoS
Used for Voice and Video

Answer 206

A

Constant Bit Rate (CBR) - Connection oriented
Variable Bit Rate (VBR) - Connection oriented
Unspecified Bit Rate (UBR) - Connectionless
Available Bit Rate (ABR) - Connection oriented that allows bit rate to be adjusted

Answer 207

A

Synchronous Data Link Control – IBM SNA networks.

Used for leased line connections

Answer 208

A

HDLC stands for High-level Data Link Control
Bit oriented link layer protocol and is used for serial device to device WAN Communication
HDLC is a framing protocol that is used mainly for device to device communication, such as two routers communicating over a WAN link.

Answer 209

A

It’s similar to HDLC in that it is a data link protocol that carries out framing and encapsulation for p2p connections
Includes:
- Link Control Protocol (LCP)
- Network Control protocols (NCP)
- Password Authentication Protocol (PAP)
  - Sends passwords in cleartext - only use on encrypted links
- Challenge Handshake Authentication Protocol (CHAP)
- Extensible Authentication Protocol (EAP)

Answer 210

A

HSSI stands for High Speed Serial Interface
used to connect multiplexers and routers to high speed communications services such as ATM and Frame Relay

Answer 211

A

Multiservice Access technologies combine several types of communication categories (data, voice and video) over one transmission line

Answer 212

A

SIP stands for Session Initiation Protocol (used in VOIP)
It is a signaling protocol
SIP is an application layer protocol
It can work over TCP or UDP

Answer 213

A

H.323 is a set of recommendations from the ITU-T
Also a standard that deals with:
- video
- real-time audio
- data packet-based transmissions where multiple users are involved

Answer 214

A

User Agent Client (UAC)
- creates the SIP requests for initiating a communication session
- generally messaging tools and softphone applications used to place VOIP calls
User Agent Server
- SIP Server
- Responsible for handling all routing and signalling involved in VOIP calls
SIP relies on a 3-way handshake

Answer 215

A

Keep patches up to date
- call manager server
- voicemail system
- gateway server
Identify rogue telephony devices
install and maintain:
- Stateful firewalls
- VPN for sensitive data
- Intrusion detection
Disable unnecessary ports on all networking components involved in VoIP
Employ real-time monitoring that looks for attacks, tunneling and abusive call patterns through IDS/IPS

Answer 216

A

ISDN stands for Integrated Services Digital Network
Provided by telephone companies, ISP’s
It is NOT Always On
Enables data, voice and other types of traffic over a medium that had previously been used only for voice transmission
Same wires as analog dial-up, but everything happens digitally

Answer 217

A

DOCSIS – Data Over Cable Service Interface Specifications

Answer 218

A

A VPN is a secure, private connection through an untrusted network

It requires a tunnel
It assumes encryption

Answer 219

A

Point to Point Tunneling Protocol (PPTP)
- Uses Generic Routing Encapsulation and TCP to encapsulate PPP packets and extend a PPP connection through an IP network
- Cannot support multiple connections over one VPN tunnel
- It can only be used for system to system communication
L2TP (different option)
- Combines PPTP and Cisco’s Layer 2 Forwarding Protocol
- Inherits PPP authentication
- Integrates with IPSec
Note:
- PPP provides user auth via PAP, CHAP, EAP-TLS
- IPSec provides system auth

Answer 220

A

No, only when P2P connections are involved.

When two gateway routers are connected over the internet and provide VPN functionality, they only have to use IPSec

Answer 221

A

IPSec is a suite of protocols developed for IP traffic.

It works at the Network layer of the OSI model and includes:
- Authentication Header- provides data integrity, data origin auth and protection from replay attacks
- Encapsulating Security Payload – provides confidentiality, data origin auth and data integrity
- Internet Security Association and Key Management Protocol (ISAKMP)
  - Provides a framework for security association creation and key exchange
- Internet Key Exchange (IKE) - provides authenticated keying material for use with ISAKMP

Answer 222

A

TLS works at the session layer of the network stack
Mainly used to protect HTTP traffic

Answer 223

A

PPTP
- client/server
- works at data link layer
- transmits over IP networks only
L2 Tunneling Protocol (L2TP)
- Extends and protects PPP connections
- works at data link layer
- transmits over multiple network types, not only IP
- Can be combined with IPSec for security
IPSec
- Handles multiple VPN connections at a time
- Provides secure auth and encryption
- Supports only IP networks
- Focuses on LAN to LAN communication, rather than user to user communication
TLS (Transport Layer Security)
- Works at the session layer
- Mostly used for web and email traffic
- Granular access control and configuration are available
- Easy deployment since already embedded in web browsers
- Can only protect a small number of protocol types, thus it is not an infrastructure level VPN solution

Answer 224

A

PAP = Password Authentication Protocol. Not secure because credentials sent in cleartext
Challenge Handshake Authentication Protocol (CHAP). Microsoft’s version is MS-CHAP. Uses a Nonce
Extensible Authentication Protocol (EAP). It extends auth possibiliities of PAP and CHAP to other methods (one-time passwords, token cards, biometrics, Kerberos, digital certs and future mechanisms
*

Answer 225

A

Link encryption encrypts all the data along a specific communication path
- Not only is user info encrypted, but headesr, trailers, addresses, everything is encrypted
- The only thing not encrypted is the data link control messaging info
- Provides protection against packet sniffers and eavesdroppers
- Decryption/Encryption are required at every hop
With E2E encryption, the headers, addresses, routing info and trailers are NOT encrypted – which enable hackers to sniff and eavesdrop
- It’s called E2E because it’s encrypted for the length of its journey, not just a specific link

Answer 226

A

E2E encryption - within applications
TLS encryption - at the session layer
PPTP encryption - at the data link layer
Link encryption - at the data link and physical layers

Answer 227

A

Advantages
- More flexible – user chooses what gets encrypted
- Higher granularity of function because each app can do it differently
- Each hop device doesn’t have to encrypt/decrypt
Disadvantages
- Headers, addresses and routing info are not encrypted and therefore not protected

Answer 228

A

Advantages
- All data is encrypted, including headers, etc.
- Users don’t need to do anything to inintiate it. It just happens
Disadvantages
- Key distribution and management are more difficult because each hop device must receive a key and when keys change they must be updated
- packets are decrypted at each hop, thus there are more points of vulnerability

Answer 229

A

MIME stands for Multipurpose Internet Mail Extensions (MIME)

Technical spec re how multimedia data and email binary attachments are to be handled
So if you receive a .jpeg file, your system will know how to open it

S/MIME - Extends MIME by allowing for encryption of email attachments

Answer 230

A

The Ring of Trust, rather than Certificate Authorities
Public Domain
DeFacto standard

Answer 231

A

Secure Socket Layer

Uses Public Key Encryption
Provides:
- Data encryption
- Server authentication
- message integrity
- optional client authentication
Operates beneath the app layer and above the network layer
For the purposes of the exam – SSL works at the transport layer
No longer considered secure

Answer 232

A

SSL is proprietary (Netscape) and TLS is the public version of it.
Usually used for encrypting data in transit

Answer 233

A

SSH stands for Secure Shell

Tunneling mechanism that provides terminal-like access to remote computers
It’s a program and a protocol
Can also be used for secure channels and port redirection
Uses session keys to establish a secure channel

Answer 234

A

All People Seem To Need Data Processing

Answer 235

A

Please Do Not Throw Sausage Pizza Away

Answer 236

A

10.0.0.0 -> 10.255.255.255 Class A Total addresses: 16,777,216
172.16.0.0 -> 172.31.255.255 Class B Total addresses: 1,048,576
192.168.0.0 -> 192.168.255.25 Class C Total addresses: 65,536

Answer 237

A

A PVC is a Private Virtual Circuit

Answer 238

A

Frame Relay supports multiple PVC’s over a single WAN carrier connection (X.25 does not)
Frame Relay also supports a Committed Information Rate (CIR)
Frame Relay requires a DTE/DCE at each connection point

Answer 239

A

No. LEAP is Lightweight Extensible Authentication Protocol, which is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS.

Answer 240

A

Infrastructure Mode- connects endpoints to a central network, not directly to each other
Wired Extension Mode - uses a wireless access point to link wireless clients to a wired network
Ad hoc mode - directly connects two clients.
Stand-alone mode - connects clients using a wireless access point but not to wired resources like a central network.

Answer 241

A

RST means “Reset.” The TCP session will be disconnected.

Answer 242

A

See image

Answer 243

A

CHAP is the Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks.

Answer 244

A

RADIUS stands for Remote Dial In User Service.

The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication.

Answer 245

A

The number of tiers refers to the number of protected zones

Answer 246

A

See diagram

Answer 247

A

DHCPDISCOVER
DHCPREQUEST
DHCPOFFER
DHCPACK

Answer 248

A

A Smurf attack sends ICMP Echo Requests to the network broadcast address, using a forged source address, usually the victim’s IP address. Since this attack sends to the broadcast address, all hosts on the segment will receive the broadcast. They will then all reply to the source address, which in this case is the victim.

Answer 249

A

SYN

SYN/ACK - confirms sequenc numbers and windowing for both hosts

ACK

Answer 250

A

Fiber Optics

Answer 251

A

Session Initiation Protocol (SIP)

Answer 252

A

Accountability

Authentication

Authorization

Answer 253

A

It typically requires system-level privilege on the host doing the sniffing, and some manipulation of the switch to gain access to all of the frames.

Answer 254

A

Traffic is bursty in nature and broadcasts data to all hosts on the subnet.

Answer 255

A

Network and data link

Brainscape's Knowledge GenomeTM

Domain 4 -- Communication and Network Security Flashcards

Brainscape's Knowledge Genome^TM