Network and Security Flashcards

Question

Fiber-Optic Cable

Answer 1

Cables that use light guided through thin glass tubes instead of electrical signals to transmit data. It is very fast, but also expensive.

Answer 2

Has several thin glass strands (in rare cases, plastic) covered protective insulation. Single-mode cables have thin 10-micron strands and support a narrow range of wavelengths and higher bandwidth, making them ideal for submarine cabling across continents.

Answer 3

Much cheaper than single mode across shorter distances. The fiber in these cables is thicker, from 50to 100 microns, Because of their thickness, they can run a wider frequency of light over shorter distances, from a couple of thousand meters to a couples of miles.

Answer 4

A single copper wire surrounded by layers of plastic insulation and sheathing is used mainly in cable internet service.

Answer 5

-Tools for testing connectivity to other hosts -Sends internet control message protocol (ICMP) to a host and listens for the reply -Replies displays tie it took and time to live (TTL)

Answer 6

-Trace the route an IP packet takes to its destination -Displays each hop (next route) with its IP address and the time it takes to receive the packet -Traceroute is Linux command (can only be used by super user) -Traceroute is windows command

Answer 7

-Similar to traceroute/tracert -Display the path taken by packet to its destination -Used in Linux (any user can use)

Answer 8

-Provides the user with the IP, subnet mask, and default gateway for each network adapter -With/all can display MAC address, DHCP status and lease information -Used in windows

Answer 9

-Similar to IpConfig -Used to configure the network interface -Used in Linux

Answer 10

-Address Resolution Protocol -Displays the MAC address mapping for the hosts that have been discovered in the ARP cache

Answer 11

-Displays information about active ports and their state -Useful for troubleshooting

Answer 12

-Displays information for display DNS information -used for troubleshooting DNS problems -Displays names to ip address mappings -Primarily used in windows

Answer 13

-Used to query the DNS name servers -Helpful in troubleshooting DNS problems -Replaced nslookup in Linux OS

Answer 14

-Used to lookup who owns a domain or block of IP address -Included: name, email address and physical address -Can purchase privacy to hide this information -Primarily used on Linux

Answer 15

-Used to display the current route tables on a hot -Can be used to add or remove routes

Answer 16

-Secure Copy Protection -Used to copy files between servers -Uses SSH for authentication and encryption

Answer 17

-File Transfer Protocol -Copies files from one host to another host -Data is unencrypted; for encryption, use FTPS, which utilizes SSL/TLS) -Uses TCP for reliability -Used often on WAN's and the internet

Answer 18

-Transfers a file from a client to a server or from server to a client -Uses UDP -Used on reliable (Local) network

Answer 19

-Displays information about a user or users on a remote system -Includes last log-in and username -Primarily used in Linux

Answer 20

-Scans networks for hosts and open ports -Used to determine what is deployed on a network -Not native to either Linux or Windows

Answer 21

-Displays TCP/IP packets and other network packets that are being transmitted over the network -Used a packet sniffer -Displays in readable format for troubleshooting -Not native to either Linux or Windows

Answer 22

-Both used to manage accounts and devices remotely -SSH is encrypted -Telnet is unencrypted

Answer 23

-A network that is created to center around a person and their devices -Communication over connections such as bluetooth or USB

Answer 24

-Consists of computers connected within a limited area, such as a house, lab, or office building -LAN's use Ethernet, Wi-Fi, or a combination of both.

Answer 25

-A LAN with all devices connected wirelessly -Users ad devices can be placed anywhere and moved anywhere in the coverage area -Easy and inexpensive to install

Answer 26

-Provides networking of multiple LAN's across a limited area -Each single building would typically have its own LAN -Typically, connects LANs owned by a single company university, government, agency, etc.

Answer 27

-Provides networking across a larger area, such as a whole city -Made up as many organizations within a city

Answer 28

-Covers a large geographical area within its network -WAN networks can span cities, countries, or the entire globe -The internet is an example of WAN

Answer 29

-A network that allows access to storage devices instead of general network purposes -SANs are dedicated to storage devices and the servers that need access to them -Allows servers to access tape libraries and disk array like they are locally attacked devices

Answer 30

-All the devices are connected to a shared single cable -Bus topologies are uncommon today -Computers in a bus topology physically tap into the network cable using special adapters -The ends of the cables have terminators -In a bus topology only one computer can communicate at a time -All traffic transmitted is received by everyone

Answer 31

-The computers are connected to form a closed loop -The computers are connected in a single line -Each computer on the ring has an input port and an output port -More reliable than a bus topology but communication still falls if the ring is broken -A dual-ring topology provides high availability

Answer 32

-Also known as a hub-and-spoke network -Composed of a central network device, such as a switch or hub -Each device is individually connected to the central network device -Star topologies are the most common type found in LANs

Answer 33

-Full mesh: Every mode of connection to all other nodes -Partial mesh: Each node connects to a few other nodes -Typically used for requirements of high availability and redundancy -The most expensive and most complex topology

Answer 34

-Acts as both a star and bus topology -The network is divided into multiple levels or layers -The top device is known as a root node -A parent-child hierarchy between nodes

Answer 35

-A combination of different topologies -Inherits the advantages and disadvantages of each combined topology -Offers the benefits of flexibility -Very effective and sealable but can be costly

Answer 36

Users logged on to machines called dumb terminals to perform their task. They were so named because the terminal had no intelligence or sophistication.

Answer 37

An approach that puts the computer power in the user's devices rather than a data center

Answer 38

This approach offloads some of the computing requirements from the data center's servers, but more importantly, the client-server model allows application designers to implement advanced user interfaces that would not otherwise be possible in a web-based or terminal-based application.

Answer 39

In this network, client computers act as both servers and workstations because they share files and printers while allowing a user to log on and use the client computer for normal tasks.

Answer 40

-Creates multiple "virtual" machines on a single computing device -Virtual devices operate similarly to their physical counterparts -Benefits: Deploy new virtual device quickly, it is easier to move virtual devices within data center or between data centers, and can increase or decrease resources allocated based on its utilization rising and falling

Answer 41

Software that creates and manages virtual machines on a server or on a local computer. Also called a virtual machine manager (VMM)

Answer 42

-Also referred to as a bare-metal hypervisor, bare-metal systems are ones that do not have an operating system already installed -Accessing details and managing your virtual machines is done through a remote system -Examples: VMware exsi, Microsoft hyper-v

Answer 43

-Sometimes referred to as a hosted hypervisor -Installed as an application on a personal computer and laptop -Virtual machine shares the hardware resources with the hosted system -Examples: VMware Workstation, Virtual box

Answer 44

Consider the meaning and business implications of some of the more well-known and accepted characteristics of cloud-computing: on-demand, self-service, resource pooling, elastic, accessible, and measurable.

Answer 45

Infrastructure refers to the physical layers (servers), storage, and networking that are required to exist before you can create any virtual servers or install any application

Answer 46

The cloud provider is responsible for the virtual servers and, in some cases, the services that run on top of them, such as database engines, and provides you with a platform on which you can run your code or store your data.

Answer 47

Allows consumers to store and potentially publish information without the need to manage the underlying application or infrastructure.

Answer 48

A cloud that is owned and operated by an organization for its own benefit

Answer 49

There are many public cloud providers, but some providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), are more well-known because of their marketing and experience in the industry

Answer 50

These clouds are data centers that are jointly owned and operated by the tenants

Answer 51

For hybrid cloud computing, the customer will require a dedicated connection between their on-premises data center and the public cloud provider. This connection may be a virtual private network (VPN) established over the internet or a dedicated wide area network (WAN) connection maintained by a telecommunications provider.

Answer 52

A cloud deployment model where the cloud consumer uses multiple public cloud services.

Answer 53

A password that is short in length (less than 15 characters), uses a common word (princess), a predictable sequence of characters (abc123), or personal information (Braden).

Answer 54

Passwords on system administration, user, or service accounts predefined in a system, application, or device; usually associated with the default account. Default accounts and passwords are published, well known, and therefore easily guessed.

Answer 55

Can allow traffic that should be blocked and reduce the overall security of the network. It is a good policy to regularly review your firewall configuration identify what each rule does, remove only rules that are no longer needed, and regularly change the password.

Answer 56

Many businesses are adopting a mobile computing strategy that often includes a concept known as bring your own device, (BYOD), which encourages users to bring their personal computers, tablets, or phones to work to use on the network

Answer 57

A network attack in which an intruder gains access to a network and stays there undetected with the intention of stealing data over a long period of time.

Answer 58

The term zero-day alludes to the fact that the exploit or vulnerability is not yet known by the public, meaning there is no patch available to mitigate this vulnerability.

Answer 59

The red team attempts to compromise the securityB

Answer 60

The blue team defends

Answer 61

Observes the festivities and may even serve as referee

Answer 62

Responsible for scanning servers and network devices for known vulnerabilities

Answer 63

A mode of penetration testing where red and blue teams share information and collaborate throughout the engagement

Answer 64

Non-malicious hackers who attempt to break into a company's systems at their request

Answer 65

May or may or be IT professionals but possess the knowledge and will to breach system for profit.

Answer 66

A cross between black and white. They will often illegally break into systems merely to flaunt their expertise to the administrator of the system they penetrated or to attempt to sell their services in repairing security breaches.

Answer 67

Some of the most potent threats come from people within your organization. Because they have legitimate access to systems, they are in a position to hack from inside of the network, often undetected.

Answer 68

The process of gathering corporate information illegally or unethically.

Answer 69

Have substantially larger budgets to hire hackers then the average criminal enterprise.

Answer 70

An attacker with little expertise or sophistication. Script kiddies use existing scripts to launch attacks.

Answer 71

The process of clipping the taps to the telephone wire became known colloquially as "wiretapping." Today, it refers to any process that allows an attacker to electronically eavesdrop on a conversation, whether between two humans or two computers.

Answer 72

An application called a "port scanner" can systematically check each of these ports by sending thousands of TCP/IP packets to the victim's computer, each packet on a different TCP port. The victim's computer will discard requests made to a port that is not assigned to a running application or service.

Answer 73

A particularly well-known attack that allows an attacker to take control of a database server by inserting special commands into input boxes instead of entering basic text.

Answer 74

The attacker purposefully entered test that was too large to fit within a region of memory called a "Buffer"

Answer 75

To gain access to the information, the hacker needs to get into the middle of the conversation; however, to do so, the attacker must impersonate the sender and receiver of the traffic.

Answer 76

An attacker wants to intercept the communication between a client computer and the server. The attacker will likely use two network interfaces, one that is spoofed to look like the server and another to look like the client.

Answer 77

Is a methos attackers use to cause an Ethernet switch to flood all traffic to every port on the switch, including the attacker computer.

Answer 78

They deny someone the access to a serv ice, usually by overwhelming the victim with enormous amounts of useless traffic

Answer 79

A trick whereby the attacker would send the victim a malformed ICMP packet that would cause the victim's computer to crash or stop functioning on the network.

Answer 80

Overwhelms a victim's computer with an immense volume of ICMP echo-request packets, all containing a forged, randomized source address.

Answer 81

A distributed denial-of-service attack, which means that instead of one computer spending forged packets on a victim, in the Smurf attack, potentially thousands of computers will bombard the victim

Answer 82

Causes the victim's computer to consume excessive CPU time as it constantly set up and tears down thousands of SSL encryption sessions over and over

Answer 83

The art of manipulating human trust to gain access to information

Answer 84

An attacker that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Answer 85

Is a server or device that is configured to look very authentic, potentially containing data that appears to be legitimate user data or configuration files that seem authentic

Answer 86

This principle helps limit access to information, which by definition can contradict some of the recommendations found in the availability principle. The goal of copying or transmitting the information.

Answer 87

Helps identify the trustworthiness of the information. it is possible to identify where the information came from and if the data has changed since it was originally sent.

Answer 88

Goal is to ensure the data is always accessible by its authorized user.

Answer 89

Is a barrier that intercepts and inspects traffic moving from one area of the network to another.

Answer 90

Inspects incoming and outgoing traffic and compare the following attributes to a database of packet filter rules that determine if the firewall will forward or drop the traffic.

Answer 91

Is a device that operates as a middleman between two or more systems to help conceal the true identity of the client and serve

Answer 92

To reduce the number of firewall rules needed to support TCP communication, firewall vendor implemented a feature known as stateful inspection.

Answer 93

To combat this potential weakness in security, network administrators began using proxy servers that could act as a middleman, reading and parsing the traffic payload and then forwarding it on to the intended destination if the payload was safe

Answer 94

Intercepts potentially hostile activity prior to its being processed

Answer 95

Monitor the network to detect threats

Answer 96

An authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Answer 97

Includes verifying the correct access control settings on data files, providing a forensic trail after a security breach to determine how the attacker got in (to harden defenses for the future) and what they accessed (for damage control and potential changes to permissions in the future)

Answer 98

This system steps in to determine what the user may access. For example, can the user access resource in a particular subnet? Does the user have access to a particular server or file? If data access is in question, can the user write to or delete the data or is the access read-only? The list of questions (and potential restrictions) goes on almost endlessly.

Answer 99

Is the process of confirming a person's identity. A system can confirm your identity via usernames and passwords or with certificates, as is the case with public key infrastructure (PKI)

Answer 100

In this attack type, an attacker sets up an illegitimate wireless network using their own WAP and may even share their own cellular data to create an internet hotspot. The attacker usually opens this network without any security or authentication so as to entice people in a hurry to connect to the attacker's rogue WAP.

Answer 101

Is a denial-of-service (DoS) attack where the attacker can force any client (or even every client) off of the network. Worse yet, the attacker does not even need to be on the network they are attacking. That is right, the attacker can kick anyone off the network without even joining that wireless network. But what is the point? Users can simply reconnect.

Answer 102

In almost all cases, a WAP or wireless router is used to connect wireless devices to the network. The WAP acts like an Ethernet switch in wired networking and often has a physical cable that connects it to the rest of the network. A wireless router is a WAP, and a router combined into a single device and is most often used in home and small business environments to connect to the internet while also providing wireless connectivity for nearby devices.

Answer 103

All wireless communication is performed in a peer-to-peer fashion and does not require or involve a WAP. Are rarely used in homes or offices, but they can be helpful in setting up a new device, such as a printer by connecting them directly, much as one would do with a physical cable. Are occasionally used to transfer files between devices, such as between a camera and a laptop.

Answer 104

All physical vulnerabilities and threats are layer 1 risks. For instance, check the security of the locks on the doors to the data center, equipment racks, and wiring closets throughout your building.

Answer 105

Wired networks are just as susceptible to attack at layer 2. Consider the Ethernet-based attack known as ARP poisoning, which allows an attacker to eavesdrop on all network traffic sent through an Ethernet switch. The attacker sends special Ethernet frames on the network to quickly poison or overwhelm the switch's internal traffic, and so it begins flooding all its ports with every frame it receives.

Answer 106

IT allows computers on different networks to exchange data. This is where you will find the IP and ICMP protocols, which belong to the TCP/IP protocol suite.

Answer 107

When a service is run on a computer, that service will open specific ports at the transport layer to allow the service to receive incoming connections from other computers. For example, the DNS service opens TCP port 53 to allow computers to perform name-to-address resolution. An attacker wishing to know which services are running on a victim's computer could run a tool called a port scanner that, as the name implies, allows the attacker to scan the victim's computer for open ports that they could layer attack. A packet-filtering firewall is an appropriate defense against port scanners.

Answer 108

This would be similar to you keeping track of different conversations that you are having with the same person. You might talk about one topic for a while, then switch topics back and forth as you chat. In networking, remote procedure call (RPC) is an example protocol at Layer 5 and is used by computers to execute functions and procedures on other computers, such as a central server launching a program or print job. RPC has often been the target of many attacks over the years, but with regular operating system and application patching, you can mitigate most of these attacks.

Answer 109

Both SSL and TLS have been subject to a number of attacks that target weaknesses in the protocol itself. The goal of many of these attacks is to create a man-in-the-middle attack where the attacker inserts themselves between the victim and an encrypted target, such as the website of a bank. The attacker then impersonates the bank's web security by exploiting a vulnerability in the encryption or by fooling the victim into accepting a false security certificate. The attacker completes the attack by encrypting the traffic between themselves and the target (the bank in this case). The attack is named after the fact that the attacker becomes the man-in-the-middle of the conversation, able to see everything the victim does without encryption. Many of these attacks can be mitigated using an application-layer proxy or an IPS, through training the users about fake security certificates are equally important.

Answer 110

Defines how users connect with the application services through protocols such as HTTP. IT is the final layer of the OSI model, and like the first layer, it is host to as many different attacks as there are applications. An example of this layer is an application programming interface (API) endpoint for web services and websites, both of which leverage the HTTP and HTTPS protocols. Prime targets are web servers, especially web servers that host APIs.

Answer 111

Also known as the private key encryption, uses the same key to encrypt the data as it does to decrypt the data, meaning that when used for data transmissions symmetric key encryption requires that both the sender and the receiver possess the same cipher key.

Answer 112

Rely on two different keys to encrypt and decrypt the traffic. This is particularly useful on the internet where the encryption of the data being sent to and from e-commerce and banking websites is needed. The customers have no reliable and secure means to exchange a secret key prior to the data transfer, so public key infrastructure (PKI) is relied upon.

Answer 113

Creates a secure channel over the Internet between a client computer and a server by exchanging a public key in the form of a certificate

Answer 114

Provides an authentication and encryption solution that secures IP network traffic at Layer 3 of the OSI model

Answer 115

Data classification, access control, data protection, and encryption all play a role in protecting data and collectively affect an organization's decision to adopt a particular cloud deployment model.

Answer 116

System of organizing data according to its sensitivity. Common classification include public, highly confidential, and top secret.

Answer 117

Are scalable, single-tenant clusters of computing, storage, and networking resources owned and maintained by a single company, typically (but not always) located within a data center belonging to that company. The owner of the equipment typically holds the final responsibility for all the hardware and most, if not all, of the physical data center security concerns.

Answer 118

Are hosted by companies, such as Amazon Web Services (AWS), Microsoft Azure, and Google cloud Platform (GCP), and tend to offer highly scalable, multi-tenant solutions in data centers placed around the world. Public cloud providers generally are responsible for the physical data center security and most of the physical hardware security concerns.

Answer 119

Is the combination of services running in both public and private clouds. The security concerns typically fall along the lines of the owners of the equipment, much like in private and public clouds, with the addition of the data link between the public and private cloud networks, which may be maintained and secured by a third party.