Introduction to Networking&7-Layer OSI Network Model Flashcards
Computer network
two or more connected computers that can communicate with each other (send and receive)
how is the internet like a postal mail system
there is a sender and receiver
components in a network
client and server computers
network interface cards
connection medium
network operating system
router, switch, modem, access point
client computer
client is a program or computer that makes requests to a server
server computer
program that fulfills the requests made by the client
network interface card
allows computers to communicate with other devices on a network
connection medium
physical means through which data is transferred from one device to another
network operating system
computer operating system meant for network devices like routers or firewalls
router
connects two or more packet switched networks or subnetworks
modem
converts data from digital format (computer only reads digital signals) into a format suitable for an analog (internet signals) transmission medium such as telephone or radio
switch
a device in a computer network that connects other devices together
access point
device that bridges wired and wireless networks
topology
how parts of a whole work together
logical topology
software; how access to network is controlled
Network operating system
controls access to the entire network
NOS is required by
client server models
Peer to Peer network model
the operating system of each computer on the network is responsible for controlling access to its own resources
peer to peer networks have no
centralized server
advantages of a peer to peer network model
simple configuration
less expensive
disadvantages of a peer to peer network model
not scalable
not really secure
not practical for large installations
client server network model
resources are managed by the Network Operating System through a centralized directory database
windows domain
a logical group of computers that a windows server can control
active directory
centralized directory database that contains user account information and security for the entire group of computers
what can a user do in a client server network model
they can sign on the network from any computer on the network and gain access to the resources that AD allows
in a client server network model, client resources are
not shared directly with each other
how is the internet a client server network
it consists of a request respond cycle between client and server
how is access controlled in a centralized domain database
through entries
NOS is responsible for
Manages client data, resources
Ensures authorized user access
Controls user file access
Restricts user network access
Dictates computer communication rules
Supplies application to clients
what is required for an NOS
more memory, processing, and storage capacity
special hardware
advantages of client server network models when compared to peer to peer networks
User credential assigned from one central place
Multiple shared resource access centrally controlled
Central problem monitoring, diagnostics, and correction capabilities
More scalable
network services
the resources a network makes accessible to its users
in client server applications
a client computer requests data or a service from the server computer
protocols
rules for communication between networked devices
two primary protocols
TCP and IP
Local area network LAN
Usually held in a small space
switch
Receives data from one of its ports and redirects it to another port
hub
dumb switch
star topology
all devices connect to a central device
network interface card (NIC)
attaches a device to a network
Router
Finds the best path for traffic to get from one network to another
router vs switch
Router connects networks and belongs to two or more local networks while a switch only belongs to its local network
application layer
describes the border between two applications on separate computers
two categories of application layer programs
- provide service to user (browser or web server)
- utility programs - provide services to the system
payload
data spread between applications and the OS
presentation layer
Responsible for squeezing, reformatting, and or encrypting data for the receiving application
session layer
how data between applications is blended and recovered if messages don’t arrive complete at the receiving application
transport layer
transports payloads between applications
Two main transport layer protocols
TCP and UDP
TCP or connection oriented protocol
checks whether data was received
UDP or connectionless protocol
first connects and then checks if data was received
protocols add their own
control information
where do protocols add their own control information
in the header
header
beginning of the payload
encapsulation
adds a header to the data inherited from the layer above
network layer
moves messages from one node to another until they reach their destination
IP’s network layer message
packet
IP address is assigned to each
node on a network
network layer uses the IP address to
identify each host
IP relies on
several routing protocols
why does IP rely on several routing protocols
to find the best route for a packet to take to reach its destination
fragmentation is when network layer protocol will divide
large packets into smaller packets
which layers are responsible for connecting with hardware on the local network
2 and 1
protocols at layers 1 and 2 are programmed into the
firmware of a computer’s NIC and other hardware
what determines the link layer protocol
types of networking hardware or technology used
the link layer will put the control information in a
link layer header and at the end of the packet in a trailer
entire link is called a
frame
MAC
hardware address of the source and destination of NICs
physical layer
responsible for sending bits
two categories of information security workforce
managerial personnel and technical personnel
managerial personnel
administer plans, policies, and people
technical personnel
design, configure, install, and maintain security equipment
According to the text, how is security sometimes defined
Being free from danger
What is the main focus of security efforts, as per the text?
A) Achieving a specific goal
B) Ensuring continuous protection
C) Eliminating all risks
D) Minimizing costs
B - Ensuring continuous protection
How does the text suggest security should be viewed?
A) As an occasional concern
B) As a one-time effort
C) As a continuous process
D) As an unattainable goal
C - As a continuous process
How is the relationship between security and convenience described?
A) Directly proportional
B) Inversely proportional
C) Unrelated
D) Random
B - Inversely proportional
Why is the automated alarm system considered more secure but less convenient?
A) It requires more maintenance
B) It slows down entry into the house
C) It needs frequent battery changes
D) It alerts neighbors
B - It slows down entry into the house
According to the text, what does information security encompass?
A) Only protecting personal computers
B) Only securing storage devices
C) Only transmitting data over the Internet
D) Securing digital information in various forms
D - Securing digital information in various forms
Which term is used to describe securing digital information across different IT environments?
A) Computer security
B) IT security
C) Cybersecurity
D) Information assurance
D - Information assurance
According to the text, what can information security not guarantee?
A) Complete prevention of all attacks
B) Total security of all systems
C) Absolute safety from all threats
D) Continuous monitoring of all networks
A - Complete prevention of all attacks
What is the main focus of information security efforts, despite its limitations?
D - Mitigating risks and minimizing harm
What is an important aspect of information security efforts, according to the text?
B) Adapting to new threats
What is the primary goal of information security, according to the text?
A) Preventing all attacks
B) Achieving total system collapse
C) Recovering from attacks quickly
D) ensuring protective measures
D) ensuring protective measures
According to the text, what does information security aim to prevent when an attack occurs?
A) Total recovery of the system
B) Collapse of protective measures
C) Total collapse of the system
D) Warding off attacks completely
C - Total collapse of the system
What is described as the first priority of information security efforts?
A) Recovering from attacks
B) Implementing protective measures
C) Preventing all attacks
D) Achieving total system collapse
B - Implementing protective measures
What does information security strive to ensure happens quickly after an attack?
A) Complete prevention
B) Total system recovery
C) Immediate collapse
D) Continuous monitoring
B - Total system recovery
What is the main purpose of information security, according to the text?
A) Preventing all cyberattacks
B) Protecting valuable information
C) Ensuring complete safety
D) Recovering quickly from attacks
B - Protecting valuable information
Why is confidentiality important for protecting sensitive information?
A) It ensures data accuracy
B) It prevents all cyberattacks
C) It keeps information secure from unauthorized access
D) It guarantees information availability
C - It keeps information secure from unauthorized access
What does confidentiality aim to achieve for sensitive information?
A) Making it accessible to unauthorized entities
B) Keeping it secure and unavailable to unapproved individuals
C) Sharing it with all customers
D) Storing it in public databases
B - Keeping it secure and unavailable to unapproved individuals
What does confidentiality ensure in information security?
A) Complete prevention of cyberattacks
B) Only authorized parties can view information
C) Availability of all data at all times
D) Unlimited access to sensitive information
B - Only authorized parties can view information
What is the primary goal of integrity in information security?
A) Keeping information confidential
B) Ensuring information is correct and unaltered
C) Preventing all cyberattacks
D) Providing unlimited access to data
B - Ensuring information is correct and unaltered
Why is integrity important in information security?
A) It allows unrestricted access to data
B) It prevents all cyberattacks
C) It ensures data accuracy and reliability
D) It guarantees data confidentiality
C - It ensures data accuracy and reliability
What is the primary goal of availability in information security?
A) Making information publicly accessible
B) Ensuring authorized parties can access information
C) Encrypting all data
D) Preventing all cyberattacks
B - Ensuring authorized parties can access information
According to the text, what does availability ensure about information?
A) It is always confidential
B) It is accessible to authorized parties
C) It is encrypted for security
D) It is publicly shared
B - It is accessible to authorized parties
How does availability protect information, as mentioned in the text?
A) By limiting access to authorized parties
B) By ensuring data is always confidential
C) By making data accessible to authorized parties
D) By encrypting sensitive information
C - By making data accessible to authorized parties
What does availability aim to achieve for information, as described in the text?
A) Making it publicly available
B) Ensuring it is always confidential
C) Making it accessible to authorized parties
D) Storing information without protection
C - Making it accessible to authorized parties
What does availability ensure in information security?
A) Complete prevention of cyberattacks
B) Data is accessible only to authorized users
C) Unlimited access to sensitive information
D) Public sharing of all data
B - Data is accessible only to authorized users
According to the text, what does information security protect?
A) Only integrity of information
B) Only confidentiality of information
C) Integrity, confidentiality, and availability of information
D) Only availability of information
C - Integrity, confidentiality, and availability of information
How is information security implemented, as mentioned in the text?
A) Through software only
B) Through people only
C) Through products, people, and procedures
D) Through devices only
C - Through products, people, and procedures
What devices are mentioned in the text that require protection in information security?
A) Only computers
B) Only mobile phones
C) Devices that store, manipulate, and transmit information
D) Devices that are always offline
C - Devices that store, manipulate, and transmit information
Why are products, people, and procedures mentioned in information security efforts?
A) To prevent all cyberattacks
B) To ensure continuous monitoring
C) To protect against unauthorized access, alteration, and loss
D) To guarantee complete system availability
C - To protect against unauthorized access, alteration, and loss
What is a threat actor in cybersecurity responsible for?
A) Protecting technology equipment
B) Managing cybersecurity policies
C) Cyber incidents against technology equipment
D) Ensuring data availability
C - Cyber incidents against technology equipment
What is the main focus of threat actors in cybersecurity efforts, as described in the text?
A) Enhancing cybersecurity policies
B) Protecting technology equipment
C) Launching cyber incidents
D) Preventing data breaches
C - Launching cyber incidents
Financial cybercrime is often divided into three categories based on its targets
Individual users
Enterprises
Governments
Who are black hat hackers, according to the text?
A) Cyber defenders
B) Threat actors who violate computer security
C) Cyber technicians
D) Individuals who prevent cyber incidents
B - Threat actors who violate computer security
What is the primary motivation for black hat hackers, as mentioned in the text?
A) To enhance cybersecurity policies
B) To steal credit card numbers and gain personal profit
C) To provide technical support
D) To prevent all cyber incidents
B - To steal credit card numbers and gain personal profit
What malicious actions do black hat hackers engage in, according to the text?
A) Providing cybersecurity services
B) Enforcing cybersecurity laws
C) Inflicting damage like corrupting a hard drive
D) Preventing unauthorized access
C - Inflicting damage like corrupting a hard drive
What distinguishes black hat hackers from other threat actors, as described in the text?
A) Their role as cyber defenders
B) Their motivation for attacks
C) Their ability to prevent cyber incidents
D) Their impact on cybersecurity policies
B - Their motivation for attacks
Who are white hat hackers, according to the text?
A) Threat actors who violate computer security
B) Individuals who prevent cyber incidents
C) Cyber technicians
D) Hackers who probe systems with permission
D - Hackers who probe systems with permission
What is the primary goal of white hat hackers, as described in the text?
A) To steal credit card numbers
B) To corrupt a hard drive
C) To prevent all cyber incidents
D) To identify and report system vulnerabilities
D - To identify and report system vulnerabilities
Who are gray hat attackers, according to the text?
A) Threat actors who violate computer security
B) Individuals who prevent cyber incidents
C) Hackers who publicly disclose attacks
D) Cyber technicians
C - Hackers who publicly disclose attacks
What is the primary motivation for gray hat attackers, as described in the text?
A) To gain personal profit
B) To enforce cybersecurity policies
C) To publicly shame organizations into action
D) To steal sensitive information
C - To publicly shame organizations into action
Who are hacktivists, according to the text?
A) Individuals who prevent cyber incidents
B) Threat actors who violate computer security
C) Hackers motivated by ideology for activism
D) Cyber technicians
C) Hackers motivated by ideology for activism
What do hacktivists aim to achieve through their actions?
A) To promote their beliefs or principles
B) To prevent all cyber incidents
C) To gain personal advantage
D) To enforce strict cybersecurity policies
To promote their beliefs or principles
Who are state actors, according to the text?
A) Individuals motivated by ideology
B) Threat actors with minimal skills and no resources
C) Hacktivists promoting cybersecurity laws
D) Government-backed threat actors
D - Government-backed threat actors
What resources do state actors typically possess, according to the text?
A) Limited government resources
B) Enough government resources to breach almost any security defense
C) Only technical skills
D) Cybersecurity laws enforcement
B - Enough government resources to breach almost any security defense
Why are state actors considered highly skilled, as described in the text?
A) They promote their beliefs or principles
B) They enforce strict cybersecurity policies
C) They have specific targets and persist until successful
D) They prevent all cyber incidents effectively
C - They have specific targets and persist until successful
What are state actors often involved in, according to the text?
A) Short-term cybersecurity incidents
B) Multiyear intrusion campaigns
C) Hacktivist activities
D) Cyber incidents with minimal impact
B - Multiyear intrusion campaigns
What types of information do state actors typically target in their campaigns, as mentioned in the text?
A) Personal social media accounts
B) Highly sensitive economic, proprietary, or national security information
C) Non-sensitive public information
D) Technical cybersecurity details
B - Highly sensitive economic, proprietary, or national security information
What term describes the new class of attacks involving innovative tools and persistent data extraction?
A) Persistent cyber threats
B) Advanced malware attacks
C) Advanced persistent threats (APTs)
D) Cyber espionage campaigns
C) Advanced persistent threats (APTs)
How are APTs characterized in terms of their tools and data extraction, as mentioned in the text?
A) They use basic tools and extract data quickly
B) They use advanced tools and extract data silently over an extended period
C) They use common tools and target public information
D) They use government tools and enforce cybersecurity laws
B - They use advanced tools and extract data silently over an extended period
Why are APTs considered challenging to detect and mitigate, according to the text?
A) They enforce strict cybersecurity policies
B) They target personal information
C) They use basic tools that are hard to trace
D) They operate silently and persistently over time
D - They operate silently and persistently over time
What term is used for attacks that silently extract data over an extended period using advanced tools, as mentioned in the text?
A) Cyber defenders
B) Advanced persistent threats (APTs)
C) State actors
D) Cyber technicians
B - Advanced persistent threats (APTs)
Who are insiders in the context of cybersecurity, according to the text?
A) External threat actors
B) Government-backed threat actors
C) Hacktivists promoting cybersecurity laws
D) Employees, contractors, and business partners
Employees, contractors, and business partners
What term describes the threat posed by insiders manipulating data from their trusted positions?
A) External intrusion
B) Internal breach
C) Cyber espionage
D) Insider threat
Insider threat
Why are insider threats considered challenging to detect and prevent, according to the text?
A) They operate within trusted roles and access levels
B) They have limited access to sensitive information
C) They enforce strict cybersecurity policies
D) They use basic cybersecurity tools
They operate within trusted roles and access levels
What term describes criminal groups transitioning to more rewarding and less risky online attacks, as mentioned in the statement?
A) Cyber attackers
B) Criminal syndicates
C) Hackers for hire
D) Government-backed threat actors
B - Criminal syndicates
What is Shadow IT, according to the statement?
A) Approved IT equipment and resources
B) Company-sanctioned IT projects
C) Purchased technology outside of company policies
D) Government-backed IT initiatives
Purchased technology outside of company policies
Why do employees engage in Shadow IT, as mentioned in the statement?
A) To comply with company policies
B) To reduce cybersecurity risks
C) To prevent the use of technology
D) To increase the efficiency of IT acquisition
To increase the efficiency of IT acquisition
What term describes employees purchasing and installing their own technology in violation of company policies, as mentioned in the statement?
A) IT management
B) Shadow IT
C) IT governance
D) IT collaboration
B - Shadow IT
How can cybersecurity vulnerabilities be categorized, according to the statement?
A) By company size
B) By geographic location
C) By financial impact
D) By platforms, configurations, third parties, patches, and zero-day vulnerabilities
D - Platforms, configurations, third parties, patches, and zero-day vulnerabilities
What category of vulnerability involves the setup and arrangement of technology systems?
A) Platforms
B) Configurations
C) Third parties
D) Patches
B - Configurations
Which type of vulnerability refers to weaknesses in software or hardware that have not yet been discovered by the vendor?
A) Platforms
B) Configurations
C) Third parties
D) Zero-day vulnerabilities
D - Zero-day vulnerabilities
What category of vulnerability involves weaknesses in updates or fixes for software?
A) Platforms
B) Configurations
C) Patches
D) Zero-day vulnerabilities
C - Patches
Which type of vulnerability involves weaknesses introduced by external vendors or service providers?
A) Platforms
B) Configurations
C) Third parties
D) Patches
C - Third parties
What components comprise a computer platform, according to the statement?
A) Hardware device and software
B) Operating system (OS) and hardware
C) Applications and programs
D) Processes and hardware
B - Operating system (OS) and hardware
What role does the operating system (OS) play in a computer platform, as mentioned in the statement?
A) Running programs, applications and processes
B) Managing hardware resources
C) Transferring resources
D) Storing data
Running programs, applications and processes
Which type of platform is well known for its vulnerabilities?
A) Modern platform
B) Legacy platform
C) Virtual platform
D) Cloud platform
Legacy platform
Why is a legacy platform no longer in widespread use?
A) Because it is too expensive to maintain
B) Because it lacks sufficient features
C) Because it has been replaced by an updated version of the earlier technology
D) Because it is difficult to install
Because it has been replaced by an updated version of the earlier technology
Where do vulnerabilities more often result from in legacy systems, according to the statement?
A) Legacy hardware
B) Updated software
C) Legacy software, such as an OS or program
D) External devices
Legacy software, such as an OS or program
Where is on-premises (“on-prem”) software and technology typically located, according to the statement?
A) In a remote data center
B) In the cloud
C) Within the physical confines of an enterprise
D) On external servers
Within the physical confines of an enterprise
Why did organizations find the on-premises platform model to be inadequate, according to the statement?
A) Due to the high cost of maintaining on-premises servers
B) Because it lacked sufficient network resources
C) Because it required too much support for remote access
D) Because it faced challenges in securing an increasingly diverse and interconnected IT environment
D) Because it faced challenges in securing an increasingly diverse and interconnected IT environment
Why did some enterprises transition away from the on-premises model, according to the statement?
A) To reduce the need for additional hardware purchases
B) To decrease reliance on software licensing
C) To control spiraling costs associated with technology expansion
D) To increase the number of personnel managing the technology
A) To reduce the need for additional hardware purchases
How are servers, storage, and supporting networking infrastructure typically managed in a hosted services environment, according to the statement?
A) Individually owned by each enterprise
B) Shared among multiple enterprises
D) Provided through a virtual private network
Shared among multiple enterprises
What defines the cloud platform model, as described in the statement?
A) Customers pay a fixed monthly fee for unlimited computing resources
B) Customers pay only for the online computing resources they use
C) Customers receive free computing resources for a limited time
D) Customers lease computing resources for a one-time payment
Customers pay only for the online computing resources they use
How do cloud computing resources typically adapt to changes in computing needs, as described in the statement?
A) By maintaining a fixed capacity regardless of demand
B) By automatically adjusting to the organization’s budget
C) By scaling up or scaling back according to computing needs
D) By relying on external servers for additional resources
By scaling up or scaling back according to computing needs
What is a primary cause of vulnerabilities in cloud platforms, according to the statement?
A) Lack of encryption protocols
B) External hacking attempts
C) Misconfigurations by company personnel
D) Insufficient server capacity
Misconfigurations by company personnel responsible for securing the cloud platform
Why are cloud computing platforms frequently targeted by threat actors, according to the statement?
A) Because they are accessible from virtually anywhere
B) Because of their limited scalability
C) Due to their high operational costs
D) Because they have outdated software
Because they are accessible from virtually anywhere
What is necessary to repel attacks on modern hardware and software platforms, as described in the statement?
A) Regular updates and patches
B) Proper configuration of features and security settings
C) Advanced intrusion detection systems
D) Use of strong encryption protocols
Proper configuration of features and security settings
What is a common outcome when configuration settings are not properly implemented, as mentioned in the statement?
A) Increased network speed
B) Improved system performance
C) Weak configurations
D) Enhanced user experience
C) Weak configurations
Why are default settings not secure?
A) To enhance product security
B) To ensure compatibility with older systems
C) To minimize operational costs
D) They are settings predetermined by vendors for usability and ease of use
They are settings predetermined by vendors for usability and ease of use
Why are open ports and services considered weak configuration?
A) To restrict access for security purposes
B) To ensure compatibility with all devices
C) To minimize network bandwidth
D) They are initially configured to allow maximum access for usability
They are initially configured to allow maximum access for usability
Why are unsecured root accounts considered weak configuration?
A) Increased network speed
B) Unfettered access to all resources
C) Enhanced system performance
D) Improved user experience
Unfettered access to all resources
Why are open permissions considered weak configuration?
A) Restricted access for users
B) Access granted based on user roles
C) Access that should be restricted but isn’t
D) Automatic access granted to administrators
Access that should be restricted but isn’t
Why are unsecure protocols considered weak configuration?
A) Protocols that enhance data encryption
B) Protocols that lack adequate protections
C) Protocols used for internal communications
D) Protocols designed for high-speed data transfer
B) Protocols that lack adequate protections
What does outsourced code development involve, as described in the statement?
A) Hiring additional in-house developers
B) Contracting with third parties for software development
C) Sharing code with competitors
D) Purchasing pre-written software
B) Contracting with third parties for software development
What does data storage typically involve, as described in the statement?
A) Using on-premises servers for data backup
B) Renting office space for storing physical files
C) Employing dedicated personnel for data management
D) Utilizing third-party facilities for storing important data
D) Utilizing third-party facilities for storing important data
What is vendor management primarily concerned with, as described in the statement?
- A) Managing internal processes
- B) Monitoring interactions with external third parties
- C) Developing in-house software solutions
- D) Securing physical office spaces
B) Monitoring interactions with external third parties
What does system integration primarily involve, as described in the statement?
A) Enhancing internal communication within an organization
B) Establishing connectivity between an organization’s systems and third parties
C) Securing network infrastructure from external threats
D) Developing software solutions for data analysis
Establishing connectivity between an organization’s systems and third parties
What challenge arises when an organization’s systems are not compatible with third-party systems, as described in the statement?
A) Increased productivity
B) Enhanced system performance
C) Vulnerabilities due to “workarounds”
D) Improved data analysis
Vulnerabilities due to “workarounds”
What is a significant risk associated with third-party system integration, according to the statement?
A) The principle of system redundancy
B) The principle of maximum efficiency
C) The principle of the weakest link
D) The principle of system scalability
The principle of the weakest link
What does the principle of the weakest link entail, as described in the statement?
- A) The reliance on outdated security measures
- B) The vulnerability posed by third-party security weaknesses
- C) The effectiveness of network redundancy
- D) The implementation of robust data encryption
B) The vulnerability posed by third-party security weaknesses
What unintended consequence arose as operating systems (OSs) became more complex, according to the statement?
A) Increased ease of use
B) Enhanced system performance
C) Unintentional vulnerabilities exploitable by attackers
D) Improved graphical user interfaces
Unintentional vulnerabilities exploitable by attackers
What action do software developers typically take to address vulnerabilities in operating systems after they have been released, as described in the statement?
A) Implement new features
B) Deploy a software “fix”
C) Redesign the entire software architecture
D) Conduct extensive user training
B) Deploy a software “fix”
What is the purpose of a security patch, as described in the statement?
A) To enhance user interfaces
B) To introduce new features
C) To optimize system performance
D) o repair software vulnerabilities
To repair software vulnerabilities
What role does firmware primarily serve, as described in the statement?
A) Managing high-level software applications
B) Providing low-level controls and instructions for hardware
C) Securing network infrastructure
D) Enhancing user interfaces
B) Providing low-level controls and instructions for hardware
What challenges are associated with updating firmware to address vulnerabilities, as described in the statement?
A) It requires significant financial investment
B) It necessitates reconfiguring network infrastructure
C) It involves specialized steps and can be difficult and some firmware cannot be patched
D) It involves replacing hardware components
C) It involves specialized steps and can be difficult and some firmware cannot be patched
What challenges are associated with patching applications, as described in the statement?
A) Automated processes for identifying installed applications
B) Lack of user alerts for available patches
C) Difficulty in distributing patches
D) Uncommon occurrence of application patches
A) Automated processes for identifying installed applications
What potential issue can arise from patches, as described in the statement?
A) Prevention of custom application functionality
B) Enhanced system performance
C) Increased network speed
D) Improved user experience
Prevention of custom application functionality