Domain 4: (Communication & Network Security) Flashcards
1
Q
What enables network segmentation at a high scale, overcomes VLAN scale limitations, and is a tunneling protocol that encapsulates layer 2 in a UDP packet?
A
VXLAN
Virtual Extensible LAN
2
Q
What enables the network to be intelligently and centrally controlled using software, and can reprogram the data plane?
A
Software Defined Networks
SDN
3
Q
What are some vulnerabilities for a software defined network?
A
Man-in-the-middle attack
Denial of Service
4
Q
What enables users in branch offices to remotely connect to an enterprise’s network, allows use of many network services (MPLS, LTE) to securely connect users to apps, and security is mainly based on IPsec, VPN, and NGFWs.
A
Software Defined Wide-Area Networks
SD-WAN
5
Q
What uses and only needs LEDs to transmit data, can safely function in areas otherwise susceptible to electromagnetic interference, and can transmit at speeds of up to 100 Gbit/s.
A
Light Fidelity
LiFi
6
Q
What is a short-range wireless personal area network technology developed to support automation, machine-to-machine communication, remote control, and monitoring of IoT devices?
A
Zigbee
Personal Area Network
7
Q
What supports centralized and distributed security models, mesh topology, and assumes that symmetric keys used are transmitted securely for IoT devices?
A
Zigbee
8
Q
What is a geographically distributed network of proxy servers and their data centers, delivers content spatially relative to users, and have been targeted to inject malicious content into pages?
A
Content Delivery Networks
CDN
9
Q
What are the seven layers of the OSI model in order.
A
Physical
Data Link
Network
Transport
Session
Presentation
Application
10
Q
What protocol is on TCP and operates on port 20/21?
A
File Transfer Protocol
FTP
11
Q
What protocol is on TCP and operates on port 22?
A
Secure Shell
SSH
12
Q
What protocol is on TCP and operates on port 23?
A
Telnet
13
Q
What protocol is on TCP and operates on port 25?
A
Simple Mail Transfer Protocol
SMTP
14
Q
What protocol is on TCP/UDP and operates on port 53?
A
Domain Name System
DNS
15
Q
What protocol is on UDP and operates on port 67/68?
A
Dynamic Host Configuration Protocol
DHCP
16
Q
What protocol is on UDP and operates on port 69?
A
Trivial File Transfer Protocol
TFTP
17
Q
What protocol is on TCP and operates on port 80?
A
Hypertext Transfer Protocol
HTTP
18
Q
What protocol is on TCP and operates on port 110?
A
Post Office Protocol
POP3
19
Q
What protocol is on UDP and operates on port 123?
A
Network Time Protocol
NTP
20
Q
What protocol is on TCP/UDP and operates on port 137/138/139?
A
NetBIOS
21
Q
What protocol is on TCP and operates on port 143?
A
Internet Message Access Protocol
IMAP
22
Q
What protocol is on TCP/UDP and operates on port 161/162?
A
Simple Network Management Protocol
SNMP
23
Q
What protocol is on TCP and operates on port 179?
A
Border Gateway Protocol
BGP
24
Q
What protocol is on TCP/UDP and operates on port 389?
A
Lightweight Directory Access Protocol
LDAP
25
What protocol is on TCP and operates on port 443?
HTTPS
26
What protocol is on TCP/UDP and operates on port 636?
LDAP over TLS/SSL
27
What protocol is on TCP and operates on port 989/990?
FTP over TLS/SSL
28
What is the TCP/IP stack?
Link
Internet
Transport
Application
29
Where does layers 5-7 from the OSI model sit on the TCP/IP stack?
Application
30
Where does layer 4 sit on the TCP/IP stack?
Transport
31
Where does layer 3 sit on the TCP/IP stack?
Network
32
Where does layer 1-2 sit on the TCP/IP stack?
Link
33
What are the characteristics of TCP over UDP?
Connection Oriented
Byte stream
No support for multicasting/broadcasting
Supports full duplex transmission
Reliable service of data transmission
TCP packet is called a segment
Provides error detection and flow control
34
What are the characteristics of UDP over TCP?
Connection-less protocol
Message stream
Supports multicasting/broadcasting
No support for full duplex transmission
Unreliable service of data transmission
UDP packet is called a datagram
No support for error detection and flow control
35
What UTP cable type supports up to 100Mbps and is used for Ethernet, FastEthernet, and Token Rings
CAT5
36
What UTP cable type supports up to 1 Gbps and is used for Ethernet, FastEthernet, and Gigabit Ethernet?
CAT5e
37
What UTP cable type supports up to 10 Gbps and is used for Gigabit Ethernet, and 10G Ethernet (55 meters)
CAT6 & CAT6a
38
What UTP cable type supports up to 10 Gbps and is used for Gigabit Ethernet, and 10G Ethernet (100 meters)
CAT7
39
What network topology employs a centralized connection device, can be a simple hub or switch, and each sys is connected to the central hub by a dedicated segment?
Star Topology
40
What network topology connects systems to all other systems using numerous paths and provides redundant connections to systems, allowing multiple segment failures without badly affecting connectivity?
Mesh Topology
41
What is a ring base network topology, that connects each sys as points on a circle, acts as a unidirectional transmission loop, and only one sys can transmit data at a time while traffic management is performed by a token.
Ring Topology
42
What topology connects each sys to a trunk or backbone cable, and can transmit data simultaneously which can result in collisions.
Bus Topology
43
What communications method relies on a timing or clocking mechanism based on either an independent clock or time stamp embedded in the data stream and are able to support very high rates of data transfers.
Synchronous communications
44
What communications method relies on a stop and start delimiter bit to manage the transmission of data and is best suited for smaller amounts of data.
Asynchronous communications
45
What can only support a single communication channel, uses a direct current applied to the cable, and is a form of digital signal.
Baseband
46
What can support multiple simultaneous signals, uses frequency modulation to support numerous channels, is suitable for high throughput rates, and is a form of analog signal.
Broadband
47
What technology supports communications to all possible recipients?
Broadcast
48
What technology supports communications to multiple specific recipients?
Multicast
49
What technology support only a single communication to a specific recipient?
Unicast
50
What was developed to decrease the chances of collisions when two or more stations start sending their signals for the datalink layer and requires that each station first check the state of the medium before sending?
Carrier Sense Multiple Access
CSMA
51
What attempts to avoid collisions by granting only a single permission to communicate at any given time?
CSMA/CA
52
What responds to collisions by having each member of the collision domain wait for a short but random period of time before starting the process over?
CSMA/CD
53
What are the characteristics of CSMA/CD?
Effective after a collision
Used in wired networks
Reduces recovery time
Resends the data frame whenever a conflict occurs
Used in 802.3 standard
More efficient than simple CSMA
54
What are the characteristics of CSMA/CA?
Effective before a collision
Used in wireless networks
Minimized the possibility of collision
Will first transmit the intent to send for data transmission
Used in 802.11 standard
Similar to simple CSMA
55
What performs communications using a digital token and once its transmission is complete it releases the token to the next sys.
Token Passing
56
What performs communications using a master-slave configuration where the primary system polls each secondary sys in turn whether they have a need to transmit data.
Polling
57
What can prevent collisions in rink networks?
Token Passing
58
What is a private network that is designed to host the same info services found on the internet?
Intranet
59
What is a section of an organization's network that has been sectioned off to act as an intranet for the private network but also serves information to the public internet?
Extranet
60
What is an extranet for public consumption?
Demilitarized Zone/Perimiter Network
DMZ
61
What is used to control traffic and isolate static/sensitive environments?
DMZ
62
What technique is where a person pushes unsolicited messages to engage or annoy other nearby bluetooth users by taking advantage of a loophole in the technology's messaging options?
Bluejacking
63
What technique is where thieves wirelessly connect to some early bluetooth-enabled mobile devices without the owner's knowledge to download and/or alter phonebooks, calendars, etc?
Bluesnarfing
64
What attack grants hackers remote control over the feature and functions of a bluetooth device?
Bluebugging
65
What 802.11 standard runs at 54 Mbps with 5GHz?
802.11a
66
What 802.11 standard runs at 11 Mbps with 2.4GHz?
802.11b
67
What 802.11 standard runs at 54 Mbps with 2.4GHz?
802.11g
68
What 802.11 standard runs at 200+ Mbps with 2.4GHz?
802.11n
69
What 802.11 standard runs at 1 Gbps with 5GHz?
802.11ac
70
What was created to replace WEP without the need to replace legacy hardware and was implemented into 802.11 wireless networking under the name WPA?
Temporal Key Integrity Protocol
TKIP
71
What was created to replace WEP and TKIP/WPA and uses AES with a 128-bit key, also known as WPA2.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
CCMP
72
What is a form of network data storage solution that allows for high-speed file transfers?
Fibre Channel
73
What is used to encapsulate Fire Channel communications over Ethernet networks?
Fibre Channel over Ethernet
FCoE
74
What is a networking storage standard based on IP?
Internet Small Computer System Interface
iSCSI
75
What is the process of investigating the presence, strength, and reach of wireless access points deployed in an environment?
Site Survey
76
What is a Cisco proprietary alternative to TKIP for WPA and was developed to address deficiencies in TKIP before the 802.11i/WPA2 system was ratified as a standard?
Lightweight Extensible Authentication Protocol
LEAP
77
What encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption?
Protected Extensible Authentication Protocol
PEAP
78
What is an authentication framework that allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies?
Extensible Authentication Protocol
EAP
79
What is a list of authorized wireless client interface MAC addresses and is used by a wireless access point to block access to all nonauthorized devices?
MAC Filtering
80
What is an authentication technique that redirects a newly connected wireless web client to a portal access control page?
Captive Portals
81
What antenna type reaches multiple frequencies and commonly used for TV and RFID systems and is Omnidirectional if horizontally mounted.
Loop
82
What antenna type is omnidirectional and can send and receive signals in all directions perpendicular to the line of the antenna itself?
Monopole
83
What antenna type is omnidirectional, can generate a powerful signal in a restricted space, and is composed of two monopoles.
Dipole
84
What antenna type is directional and are flat devices that focus from only one side of the panel.
Panel
85
What antenna type is directional and are used to focus signals from very long distances or weak sources.
Parabolic
86
What antenna type is directional and is crafted from a straight bar with cross sections to catch specific radio frequencies in the direction of the main bar.
Yagi
87
What antenna type is directional and is created from tubes with one sealed end and focuses along the directions of the open end of the tube.
Cantenna
88
What is used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol and operates at layer one.
Repeaters, Concentrators, and Amplifiers
89
What is used to connect two networks in order to connect network segments that use the same protocol and operates at layer two.
Bridges
90
What are used to connect multiple systems and connect network segments that use the same protocol, is a multiport repeater, and operate at layer one.
Hubs
91
What is a remote access, multilayer switch used to connect distant networks over WAN links?
LAN Extenders
92
What technology uses virtual circuits instead of dedicated physical circuits and is more efficient and cost effective?
Packet-switching
93
What are some packet-switching technologies?
X.25 Frame Relay
Asynchronous transfer mode (ATM)
Synchronous Data Link Control (SDLC)
High-Level Data Link Control (HDLC)
94
What type of firewall operates at layer 3 and up, and filters traffic by examining data from a message header?
Static Packet-Filtering Firewall
95
What firewall operates at layer 7 and filters traffic based on a single internet service, protocol, or application?
Application-Level Firewalls
96
What firewall operates at layer 5 and is used to establish connection sessions between trusted partners?
Circuit-Level Firewalls
97
What firewall evaluates the state, session, or the context of network traffic?
Stateful Inspection Firewalls
98
What firewall is used to filter the payload contents of a communication rather than only on the header values and operates at layer 7?
Deep Packet Inspection Firewalls
99
What firewall state can watch network and restrict/block packets based on source and destination addresses or other static values, isn't aware of traffic patterns or data flows, and typically faster and perform better under heavier traffic loads.
Stateless
100
What firewall state can watch traffic streams from end to end and are aware of communication paths and can implement various IP security functions such as tunnels and encryption.
Stateful
101
What can protect web apps by filtering and monitoring HTTP traffic between a web app and the internet, and usually protects web apps from common attacks like XSS, CSRF, and SQL injection.
Web Application Firewall
WAF
102
What can perform a deep-packet inspection that moves beyond port/protocol inspection and blocking and adds app-level inspection, intrusion prevention, and brings intelligence from outside the firewall.
Next Generation Firewall
NGFW
103
What method can detect protocol non-compliance, spam, viruses, and intrusions and inspects/filters both the header and payload of a packet.
Deep Packet Inspection
104
What is a multifunction device composed of several security features in addition to a firewall?
Unified Threat Management
UTM
105
What allows private subnets to communicate w/ other cloud services and the internet but hides the internal network from internet users and has the network access control list for the private subnets?
Network Access Translation Gateway
NAT
106
What looks at the content on the requested web page and blocks request depending on filters?
Content/URL Filter
107
What type of software is where the vendor makes the license freely available and allows access to the source code but there is not vendor support?
Open Source
108
What type of software is more expensive but tend to provide more/better protection and more functionality and support at a cost?
Proprietary
109
What analyses whole packets, both header and payload, looking for known events and when a knowns event is detected, a log message is generated.
Intrusion Detection System
IDS
110
What analyses whole packets, both header and payload, looking for known events, and when a know event is detected, the packet is rejected.
Intrusion Prevention System
IPS
111
What type of IDS creates a baseline of activity to identify normal behavior and then measures system performance against the baseline to detect abnormal behavior?
Behavior based
112
What IDS uses signatures similar to the signature definitions used by anti-malware software?
Knowledge based
113
What computer or appliance that is exposed on the internet and has been hardened by removing all unnecessary elements?
Bastion Hosts
114
What is a firewall-protected system logically positioned just inside a private network?
Screened Host
115
What is a DoS attack that involves sending fragmented packets to a target machine, which causes the packets to overlap one another and crash the target network device?
Teardrop Attack
116
What is a DoS attack that involves sending large amounts of spoofed UDP traffic to a router's broadcast address within a network?
Fraggle Attack
117
What is a layer 4 DoS attack in which, the attacker sets the source and destination info of a TCP segment to be the same, which will cause a machine to crash or freeze due to the packet being repeatedly processed by the TCP stack.
Land Attack
118
What is a form of a DoS attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the sys unresponsive to legitimate traffic?
SYN Flood Attack
119
What attack employs an oversized ping packet?
Ping of Death
