ID/Access & Network

Question 1

Kerberos

Answer 1

Network authentication protocol

Uses KDC/TGT to communicate with directories (key distribution center/ticket granting ticket)

UDP 88

Question 2

SAML

Answer 2

Security Assertion Markup Language

Defines security authorization for single sign on web based applications, eg Shibboleth.

Exchanges authentication and authorization info between identity providers and service providers.

Question 3

LDAP

LDAPS

Answer 3

Lightweight directory access control (TCP 389)

LDAP Secure (TLS TCP 636)

Access protocol with formats and methods for querying directories

Extends X.500 directory standard

Question 4

NTLM

Answer 4

New Technology LAN manager

Suite of protocols providing authentication, confidentiality & integrity in Windows systems

Uses a message digest hashing algorithm the challenge users and check credentials

Question 5

TOTP
HMAC
HOTP

Answer 5

Time based one time password

Key hash message authentication code

HMAC based one time password

Question 6

SFTP
FTPS
TFTP

Answer 6

Secure file transfer protocol
File transfer protocol secure
Trivial file transfer protocol

SFTP SSH on TCP 22

FTPS uses TLS on TCP 989 990 or TCP 20 21 (FTP)

TFTP UDP 69 for small amounts of data. Usually disabled because it is not essential

Question 7

IPsec

Answer 7

Encrypt IP
native to IPv6 but works with IPv4

Encapsulates and encrypts IP packet payloads and uses tunnel mode to protect VPN traffic

Two main components are authentication header (AH) identified by protocol ID number 51 and encapsulating security payload (ESP) identified by ID number 50

It uses the Internet key exchange (IKE) over UDP port 500 to create a security association for the VPN

Question 8

SSH

Answer 8

Secure shell

Encrypt traffic using TCP 22

Question 9

SSL

Answer 9

Secure sockets layer protocol secures HTTP traffic as HTTPS

It can encrypt SMTP and LDAP

It has been compromised and is not recommended for use. Poodle attack

Question 10

STARTTLS

Answer 10

A command used to upgrade an Unencrypted connection to an encrypted connection on the same port

Removes the need to use one port to transmit data include text and a second port to transmit data in cipher text

Question 11

SMTP

Answer 11

Simple mail transfer protocol

TCP 25

Before STARTTLS,
used TCP 465 with SSL and
TCP 587 with TLS

Question 12

POP3

Secure POP3

Answer 12

Post office protocol V3
TCP 110

transfers emails from servers down to clients

Secure POP can use SSL or TLS

used TCP 995 before STARTTLS

Question 13

IMAP4

Secure IMAP4

Answer 13

Internet message excess protocol version 4
TCP 143

Protocol to store email on an email server (gmail)

Secure IMAP4 used TCP 993 before STARTTLS

Question 14

HTTP

HTTPS

Answer 14

TCP 80

TCP 443 with SSL or TLS

Question 15

GPO

Answer 15

Group policy setting

A directory service

Question 16

Poisoning attack

Answer 16

Corrupt cache stores by protocols for temporary access

Question 17

TCP

Answer 17

Transmission control protocol provide the connection oriented traffic i.e. guarantee delivery. DCP uses a three-way handshake. It sends a synchronize packet the server responds with a synchronize/acknowledge packet and the client returns and acknowledge packet to establish the connection.

Question 18

UDP

Answer 18

User datagram protocol

Provides connection less sessions. UDP delivers traffic without using extra traffic to ensure delivery. ICMP traffic and audio/video streaming use UTP. Many denial of service attack use UDP

Question 19

TCP/IP

Answer 19

Uses IP to reach destination and the MAC address through the ARP to reach correct host

Question 20

ARP poisoning

Answer 20

Clients receive false hardware address updates and attackers use it to redirect or interrupt network traffic

Question 21

NDP

Answer 21

Neighbor discovery protocol

Perform several functions on IPV6

Question 22

RTP

SRTP

Answer 22

(Secure) real time transport protocol

Delivers audio and video over IP networks. This includes voice over Internet protocol communications streaming media media video teleconferencing applications and devices using web-based push to talk features.

SRTP protects against replay attacks

Question 23

Replay attack

Answer 23

An attacker capture data sent between two entities modifies it and then attempt to impersonate one of the parties by replaying the data

Question 24

Remote access to systems

Answer 24

SSH, e.g. SSH secures Netcat in Linux system

RDP (Remote Desktop protocol) TCP/UDP 3389

VPN

Question 25

NTP

Answer 25

Network time protocol

Most common time synchronization protocol

Uses complex algorithms; SNTP (simple NTP) does not use algorithms

Question 26

IPv4 private address ranges

Answer 26

Defined by RFC 1918

10. 0.0.0-10.255.255.255
11. 16.0.0-172.31.255.255
12. 168.0.0-192.168.255.255

Question 27

IPv4

Answer 27

32 bits binary

Question 28

IPv6

Answer 28

128 bits hexadecimal
4 bits per character

uses unique local addresses allocated in private networks; not assigned to systems on internet

unique local addresses start with fc00

Question 29

DNS

Answer 29

domain name system

UDP 53

Question 30

DNS server cache

Answer 30

DNS servers store queries in a cache so it doesn’t have to repeat the query again.

Question 31

DNS server records

Answer 31

hosted in zones
A (host record): host name and IPv4 address; most common record; client query uses name with a forward lookup request

AAAA: host name and IPv6 address

PTR (pointer record): query is IP address; returns name

MX (mail exchange): identifies mail server; linked to A or AAAA record of mail server

CNAME (canonical name): allows a single system to have multiple names associated with a single IP address

SOA (start of authority): info on DNS zone and some settings (TTL)

Question 32

DNS server software

Answer 32

most DNS servers on internet run Berkeley Internet Name Domain (BIND) and run on Unix/Linux servers.

Internal networks can use BIND but in Microsoft networks, DNS servers commonly use Microsoft DNW software

Question 33

zone transfer

Answer 33

process of DNS servers sharing information with each other

TCP 53

only includes a small number of update records

Question 34

Domain Name Resolution

Answer 34

DNS zones include records: A (IPv4 addresses), AAAA (IPv6 addresses)

DNS uses TCP 53 for zone transfers (info sharing between DNS servers)

DNS uses UDP 53 for DNS clien queries

Most Internet-based DNS servers run BIND on Unix/Linux serves.

Common to configure DNS serves to only use secure zone transfers

DNSSEC helps preven DNS poisoning attacks.

Nslookup (MSFT) and dig (Un/Ln) are command line tools to test DNS

Question 35

SNMPv3

Answer 35

simple network management protocol

UDP 161
UDP 162 to send error messages