Final exam Flashcards
Well-known services ports
0-1024
The name of the group responsible for drafting, testing, proposing and maintaining official internet standards.
IETF Internet Engineering task force
The group responsible for managing all internet domain names, network addresses and protocol parameters.
ICANN Internet corporation for assigned names and numbers
RFC
Request for comments
RFC process order
- Proposed Standard2. Draft Standard3. internet standard4. retired standard or historic standard
OSI network reference layers
- Application layer6. Presentation layer5. Session layer4. Transport layer3. Network layer2. Data link layer1. Physical layer
Data link layer pdu
frames
Network layer pdu
packet
transport layer pdu
segment
Session layer includes mechanisms to maintain reliable ongoing conversations, called___
checkpoints
data link layer addressing
MAC address
Network layer addressing
IP address
Combining the various sources of outgoing data into a single output data stream is called___
multiplexing
______is the process of tapping into the network communications system, capturing packets that cross the network, gathering network statisticss, and decoding the packets into readable form.
protocol analysis
Three options for analyzing switched networks:
- Hubbing out2. Port redirection3. Remote monitoring
The minimum ethernet frame size is ___
64 bytes
The maximum ethernet frame size is ____
1518 bytes
Ethernet II frame structure
- Preamble 8 bytes2. Destination address 6 bytes3. Source address 6 bytes4. type field 2 bytes5. Data field 46-1500 bytes6. Frame check sequence 4 bytes
Frame check sequence field includes the result of the ____
CRC
Flags field bit 0
reserved: set to 0
Flags field bit 1
Don’t fragment bit: 0=may fragment 1=don’t fragment
Flags field bit 2
More fragments bit: 0=last fragment; 1=more to come
IP protocol field # 1
ICMP
IP protocol field #6
TCP
IP protocol field #17
UDP
The primary function of the _______layer is to provide a globally unique address to every host on the internet and paths to and from hosts.
network
When two or more RFCs cover the same topic they usually also share the same title. True or false
True
_________involves cutting up a big message into a numbered sequence of chunks, called segments, in which each chunk represents the maximum data payload that the network media can carry between sender and receiver.
segmentation
The Session layer includes mechanisms to maintain reliable ongoing conversations, called ____________________.
checkpoints
The most important TCP/IP Network Access layer protocol is ____________________.
PPP Point-to-Point-Protocol point-to-point-protocol
TCP/IP application processes are sometimes called ____ and are identified by port numbers.
network services
____ is considered a premium service connection, offering a service that appears as a “virtual lease line” between end points.
expedited forwarding
____ is used to obtain an IP address for an associated data link address.
RARP
The ____ field provides error detection on the contents of the IP header only.
IP header checksum
IP fragmentation enables a larger packet (for example, a token ring 4,096-byte packet) to be automatically fragmented by a ____ into smaller packets to cross a link that supports a smaller MTU, such as an Ethernet link.
router
____ was designed to provide devices with a method for notifying each other that a link is experiencing congestion before the routers start to drop packets.
Explicit Congestion Notification
The ____________________ field is a two-byte field that provides bit-level integrity checks for data as sent.
FCS Frame-check-sequence
When a packet is fragmented, all fragments are given different TTL values. true of false
false
0x0800
IPv4
0x0806
ARP
IP Header fields
- Version2. Hdr length3. Type of Service4. Total lenght5. Identification6. Flags7. Fragment offset8. Time to live9. Protocol10. Header checksum11. Source IP12. Dest IP13. Options (if any)
For any network node to communicate and exchange data with another network node, some way of forwarding packets from the sender to the receiver must exist. This concept is called _______-
reachability
The ICMP router solicitation packet is sent to the all-routers IP multicast address of _____
224.0.0.2
Hackers can use ICMp as part of a _________ to learn about active network addresses and active processes.
reconnaissance process
ICMP type number 0
Echo Reply
ICMP type number 3
Destination unreachable
ICMP type number 5
Redirect
ICMP type number 8
Echo
ICMP type number 9
Router Advertisement
ICMP type number 10
Router Solicitation
ICMP type number 11
Time exceeded
The checksum field provides error detection for the ________ only.
ICMP header
ICMP is a distinct Network layer TCP/IP protocol that has nothing in common with IP. True/False
False
What is the name of the concept that indicates that a path exists between two TCP/IP hosts on an internetwork?
reachability
Which of the following services does ICMp add to basic IP datagram deliver services?A. improved reliability for datagram deliveryb. reachability analysis supportc. path discovery servicesd. delivery error reportinge. network congestion managementf. network utilization metrics
b. reachability analysisd. delivery error reportinge. network Congestion managementeporting
It’s up to the IP host that receives incoming ICMP messages to act on the content of those messages. True or false?
True
Which of the following RFCs describes ICMP?a. 792b. 950c. 1191d. 1812
a. 792
ping -l
sets the size of the data to send
ping -f
sets the don’t fragment bit
ping -i
sets the TTL value of the TTL field in the IP header
The process of PMTU discovery continues until the ____________ is discovered.
end-to-end minimum MTU size
ICMP reports errors only about IP datagrams. Errors about error messages are not reported. True of False?
True
Which of the following ICMP message types relates to the reachability analysis?a. Destination Unreachableb. echo/echo replyc. redirect d. Source Quench
b. echo/echo reply
Which of the following ICMp message types reports delivery errors?a. Destination Unreachableb. echo/echo replyc. redirect d. Source Quench
a. Destination unreachable
Which of the following ICMP message types relates to congestion control?a. Destination Unreachableb. echo/echo replyc. redirect d. Source Quench
d. source quench
Which of the following ICMP message types relates to route optimization?a. Destination Unreachableb. echo/echo replyc. redirect d. Source Quench
c. redirect
Which of the following Windows command-line utilities performs connectivity or reachability tests?a. pingb. tracertc. tracerouted. ipconfig
a. ping
which of the following Windows command-line utilities performs patch discovery tests?a. pingb. tracertc. tracerouted. ipconfig
b. tracert
What additional functionality does PATHPING provide?a. reports on all the visted hosts and routers between a sender and a receiver.b. resolves all possible IP addresses into symbolic names for visted nodesc. uses the ICMP TRACEROUTE message typed. test router and link latency
d. tests router and link latency
Which of the following statements best defines the intent of the PMTU process?a. determines the largest possible MTU in the path between sender and recieverb. determines the smallest possible MTU in the path between sender and receiverc. instructs the sender what MTU to use to avoid further fragmentation en routed. justifies the inclusion of the Don’t Fragment flag in ICMP messages
c. instructs the sender what MTU to use to avoid further fragmentation en route
Which of the following statements best describes a black hole router?a. a router that discard all incoming trafficb. a router tat does not support PMTU, but is configured to send Destination Unreachable messagesa router that does not support PMTU, and is configured not to send destination unreachable messagesd. a router that does not support PMTU
c. a router that does not support PMTU and is configured no to send destination unreachable messages
Which of the following accurately represents the default advertising rate for unsolicited ICMP Router Advertisements?a. every 30 secondsb. every 60 secondsc. two to five minutesd. 7 to 10 minutes
d. 7 to 10 minutes
The ICMP redirection process serves only IP routers, not IP hosts. True or False?
Fales, it only serves hosts
What type of scan occurs when a series of PING requests for a range of IP addresses is performed?a. port scanb. protocol scanc. host probed. network mapping
c. host probe
which of the following ICMP Type nubmers identify echo and echo reply messages? Choose all that applya. 0b. 1c. 3d. 8e. 30
a. 0d. 8
Which of the following ICMP type numbers relate to Router Advertisement and solicitation messages?a. 8b. 9c. 10d. 11e. 12
b. 9c. 10
Which of the following TCP/IP protocols are Transport layer protocols? (choose all that apply)a. IPb. TCPc. UDPd. FTP
b. TCPc. UDP
Whereas UDP is a _____________ protocol, TCP is a _________ protocol.
connectionless, connection-oriented
Which of the following services are characteristic of a connection-oriented protocol? (choose all that apply).a. connection handlingb. delivery guaranteesc. segmentation and reassemblyd. message-level checksum in header
a. connection handlingb. delivery guarenteesd. message level checksum in header(not 100% sure on this answer)
A connection-oriented protocol creates more overhead than a connectionless protocol. True or False?
true
Connectionless protocols usually run slower than connection-oriented protocols. True or false
false
For connectionless protocols, the application layer protocol or service must provide messages that do no exceed a datagram’s MTU. True of false?
true
Which of the following services does UDP provide? (choose all that apply)a. segmentationb. optional header checksumc. identification of source and destination port addresseesd. explicit transmission of acknowledgmente. reassembly
b. optional header checksumc. id of source and destination port addresses
how many bytes are in a UDP header?
a. 8
What range of addresses traditionally defines a well-known port address?
0-1023
What range of addresses corresponds to the registered port numbers?
1024-49151
What range of addresses corresponds to the dynamic port numbers?
49152-65535
Identical UDP and TCP port numbers always map to the same TCP/IP protocol or service. True or False?
false, usually but not always
An acknowlegement is tantamount to a positive response, indicating that a set of data arrived at it’s destination. True or false
True
What does TCP use to track the transfer of data and it’s successful delivery? (choose all that apply)a. logical connection between peersb. acknowledgementsc. sequence numbersd. retry mechanism
b. acknowledgementsc. sequence numbers
what makes TCP preferable for reliable delivery requirements?a. sequencingb. error recoveryc. end to end reliabilityd. use of the handshake process
c. end to end reliability
The name of the TCP process used to maintain an active connection between peers is called _________a. TCP startup connectionb. TCP connection terminationc. Keep-alived. congestion control
c. keep-alive
How many steps occur in the TCP hanshake process?
Three
Which of the following statements best defines a half-open connection?a. The handshake process does not end with a final SYN.b. The handshake process does not end with a final ACK.c. The handshake process does not end with a final FIN.d. The handshake process does not end with a final RST
b. the handshake process does not end with a final ACK
TCP keep-alives are enabled by default on Windows 2000 and XP. True or False
false
What is the proper response to a TCP connection termination?a. Host 1 sends a TCP packet with no data, with FIN and ACK flags set.b. Host 2 sends a TCP packets with no data, with FIN and ACK flags set.c. Host 2 sends an ACK to respond, followed by a TCP packet with no data and FIN and ACK flags set.d. Host 1 returns an ACK response.
d. Host 1 returns an ACK response.
TCP acknowledgments include sequence numbers to indicate what was received. True of false?
False
Which of the following mechanisms is part of TCP’s error-detection and error-recovery capabilities?a. Sequencing and reassemblyb. retransmission timerc. explicit acknowledgmentd. Congestion control
b. retransmission timer the value is the RTO (retransmission timeout)
The current TCP window size is always the greater of what the network and the receiver can handle at any given moment. True or false
true
Where is TCP data stored when it is received?a. on the receiver’s network interface cardb. inside the TCP windowc. in the TCP buffer aread. inside the network window
c. in the TCP buffer area
What is the initial size of the TCP congestion window?a. twice the maximum receiver buffer sizeb. twice the MTU sizec. twice the sender’s MSSd. twice the receiver’s MSS
c. twice the sender’s MSS
What sequence of events signals the TCP Fast recovery process?a. duplicate ACKsb. Three sets of duplicate ACKSc. duplicate FINsd. three duplicate FINs
b. Three sets of duplicate ACKS
Which of the statements define the edges of the TCP sliding window mechanism? (choose both correct answers)a. acknowledged data plus the receiver’s window sizeb. all data that was receivedc. all data pending transmissiond. all data that was acknowleged
a. acknowledged data plus the receiver’s window sizeb. all data that was receivednot sure on this one…
Which of the following values are valid TCP Flag settings? (choose all that apply)a. SYNb. ACKc. NULd. FINe. PSH
a. SYNb. ACKd. FINe. PSH (push
Protocol 17
UDP
Protocol 06
TCP
UDP port 53
DNS
UDP port 161
SNMP
UDP port 69
TFTP
UDP port 520
RIP
UDP port 67 + 68
DHCP
TCP port 53
DNS
TCP port 21
FTP
TCP port 23
Telnet
TCP port 80
HTTP
TCP port 110
POP3
TYPE 0800
IPv4
________is the overloading of the network or a receiver.
congestion
_________is a management method for data transmission used to determine the amount of unacknowledged data that can go out on the wire from any sender
sliding window mechanism
TCP header size
at least 20 bytes
TCP header fields
Source port Destination portsequence numberacknowledgment numberheader lengthflagsWindow sizeTCP checksumUrgent pointTCP options
TCP flags field settings
URGACKPSHresetSYNFIN
ICMP fields
TypeCodeChecksum
______means to point out another path.
redirect
The route a packet can take through the network.
path
What kind of message architecture supports all TCP/IP application layer protocols and services?a. Client/serverb. peer-to-peerc. request/replyd. push-pull
c. request/reply
When the TCP/IP host that initiats contact with another TCP/IP host nearly always makes requests, and the contacted host invariably reponds to those requests, what kind of relationship exists between those host for that service?a. Client/serverb. peer-to-peerc. request/replyd. push-pull
a. client/server
When a TCP/IP host can initiate contact with another TCP/IP host to make a request for service, but the other host can turn around and do the same thing, what kind of relationship exsits between those hosts for that service? a. Client/serverb. peer-to-peerc. request/replyd. push-pull
b. peer-to-peer
When two servers want to exchange data, and the sending host originates the transfer of data to the receiver, what is this kind of transfer operation called?a. pullb. pushc. push-pulld. store and forward
b. push
When two servers can exchange data, and the sender initiates transfer to the receiver once data changes occur, but the receiver periodically initiates transfers, what is this kind of transfer called?a. pullb. pushc. push-pulld. store and forward
c. push-pull
Which two advantages are derived immediately when replicating data across multiple servers?a. backup and recoveryb. availabilityc. redundancyd. robustness
b. availabilityd. robustness
Which form of FTP client operates as a popular, standalone software application?a. command-line FTP programc. embedded FTP codec. Web-based FTP accessd. graphical FTP program
d. graphical FTP program
Which software component on an FTP server handles incoming user commands?a. command interpreterb. protocol interpreterc. runtime libraryd. user interface
b. protocol interpreter
Telnet supports only unidirectional, byte-oriented communications. True or false?
false
Telnet passes account names and passwords in clear text from the local host to the remote host. True or False?
true
Which of the following statements best describes the sender-SMTP process?a. sends reply codes, including responses to codes and mail messages sentb. forwards e-mail messages from one server to anotherc. sends mail commands and mail messagesd. tracks delivery and reception of all mail messages sent.
c. sends mail commands and mail messages
Which of the following statements best describes the receiver-SMTP process?a. sends responses to all mail messages received.b. sends reply codes, including responses to codes and mail messages sent.c. forwards e-mail messages from one server to anotherd. sends mail commands and mail messages
b. sends reply codes, including responses to codes and mail messages sent.
A store and forward email system stores all inbound messages destined for local clients and forwards all inbound messages destined for clients on other email servers. True or False?
True
The generic named used to identify a Web resource is a:a. Uniform Resource locator (URL)b. Uniform Resource Name (URN)c. Uniform Resource Identifier(URI)d. Universal Naming convention(UNC)
c. Uniform Resource Identifier (URI)
The abbreviation for the secure implementation of HTTP is called:a. SHTTPb. HTTPSc. SSLd. SSH
b. HTTPS
Which of the following ongoing connections does FTP maintain during an active session? (Choose all that apply)a. session connectionb. client connectionc. command connection (port 21)d. server connectione. data connection (port 20)
c. command connectione. data connection
Which of the following basic TCP/IP services responds to a service request with an arbitrary stream of characters?a. Fingerb. echoc. chargend. QODe. whois
c. chargen
Which of the following basic TCP/IP services can provide information about registered domain names?a. Fingerb. echoc. chargend. QODe. whois
e. Whois
Which of the following basic TCP?IP utilities is not included in Simple TCP/IP Services in windows 2000 and Windows XP?a. Echob. Chargenc. QODd. Whois
a. echob. chargen
Why is Finger so soldom available to users of most internet servers?a. It’s no longer neededb. it’s no longer popularc. it proved to be vulnerable to security exploitsd. The term has an unpleasant connotation under some circumstances
c. it proved to be vulnerable to security exploits
RPC provides a standard mechanism to create custom distributed applications over TCP/IP. True/False?
True
An SNMP agent must be present on a host or device for it to report to a remote management console. True or false?
True
NetBIOS over TCP/IP is required on any networks that include versions of Windows older than Windows 2000, no matter what protocols are in use. True or False?
false
Which of the following statements best explains the importance of data offset values when decoding Application layer protocols?a. Those values pinpoint the location of key fields, such as application layer header information.b. Those values allow the contents of the payload to be inspected at will.c. Those values determine where key fields start and stopd. Those values determine how the Application layer payload should be interpreted.
c. Those values determine where key fields start and stop
File with information on DNS root servers, that should be pre-loaded on any DNS server.
named.root
What method of name resolution was used on the internet prior to the introduction of DNS?a. dynamic name resolutionb. static name resolutionc. active name resolutiond. passive name resolution
b. static name resolution
What is the name of the file that contains name-to-IP address mapping information for Windows and Linux?a. LMHOSTSb. ZONEINFOc. ROOT.dnsd. HOSTS
d. Hosts
What is the name of the most widely used DNS server implementation on the internet today?a. EasyDNSb. BINDc. WinDNSd. JEEVES
b. BIND (berkeley INternet Name Domain)
Which of the following characterize valid aspects of DNS? (choose all that apply)a. local control over domain name database segmentsb. designation of optional primary name servers and mandatory secondary name serversc. data from all database segments, available everywhered. highly robust and available database informatione. requires implementation of a relational database management system, such as oracle or sybase
a. local control over domain name database segmentsc. data from all database segments, available everywhered. highly robust and available database information
in the domain name hierarchy, all domains meet at the root. True or false?
True
Top-level domain names include two- and three-letter country codes, as well as organizational codes, such as .com, .edu, and .org. True or false?
true
What is the process whereby a DNS server higher in the domain name hierarchy confers responsibility for portions of the global DNS database to DNS servers lower in its hierarchy?a. subordination of authorityb. database consolidationc. delegation of authorityd. database segmentation
c. delegation of authority
Which DNS resource records allow use of the FQDNs for domain names? (choose all the apply)a. Ab. SOAc. PTRd. MXe. all of the above
a. Ac. PTR
Which DNS resource record is used to create aliases for domain names?a. Ab. SOA.c. PTRd. MXe. CNAME
e. CNAME
Which DNS resource record appears at the beginning of every DNS file?a. Ab. SOA.c. PTRd. MXe. CNAME
b. SOA
Which DNS resource record enable inverse lookups (also known as revers DNS lookups)?a. Ab. SOA.c. PTRd. MXe. CNAME
c. PTR
Which DNS resource record maps domain names to IP addresses?a. Ab. SOA.c. PTRd. MXe. CNAME
a. A
Any type of DNS server also can be a caching-only server. True of False?
True
What is the minimum and maximum number of primary database servers allowed in any single DNS database zone?a. 1b. 2c. 4d. 8e. 16
a. 1
It is mandatory to have one or more secondary DNS servers for any DNS database zone. True or False?
true
What size or type of organizations are likely to benefit from a caching-only DNS server? (choose all that apply)a. smallb. mediumc. larged. service provider
c. larged. service provider
What kinds of data are most likely to show up in a response to a DNS query of any kind?a. address forwarding instructionsb. DNS resource recordsc. address impersonation alertsd. error messages
b. DNS resource recordsd. error messages
Which of the following query sequences represents a typical DNS lookup?a. iterative, then recursiveb. recursive, then iterativec. static then dynamicd. dynamic, then static
b. recursive, then iterative
Why do “all DNS queries end at the root?”a. The root maintains a copy of the global DNS databaseb. The root can access any and all authoritative name servers for any database segmentc. Any DNS server can access the root at any timed. Multiple root servers prevent the root of domain name hierarchy from becoming bogged down with requests
b. the root can access any and all authoritative name servers for any database segment
When using NSLOOKUP, an authoritative response is:a. explicitly labeled as suchb. available only if the authoritative name server is explicitly targeted for lookupc. available only by request, using the ‘a optiond. implied by the absence of “non-authoritative response” in the reply.
d. implied by the absence of “non-authoritative response” in the reply
It is necessary to add resource records for the DNS root servers to the cache of any DNS server during initial configuration and setup. True of false?
true
One common name for presenting a false IP address or domain name when attempting illicit system entry or communications is;a. IP masqueradingb. IP impersonationc. IP spoofingd. False IP credentials
c. IP spoofing
Because it is a predefined domain name and address pair, it is not necessary to create DNS files for the localhost and the loopback addresses 127.0.0.0 and 127.0.0.1. True of false
True