Network Security Foundations Flashcards
Is this TCP/IP or OSI?
Application Layer: This layer is responsible for the communication protocols between nodes. The protocols in this layer include hypertext transfer protocol (HTTP and HTTPS), Secure Shell (SSH), and network time protocol (NTP), among many others.
Transport Layer: This layer is responsible for the end-to-end transport of data. The protocols that live in this layer are transmission control protocol (TCP) and user datagram protocol (UDP).
Network Layer: This layer defines the logical transmission protocols for the whole network. The main protocols that live in this layer are internet protocol (IP), internet control message protocol (ICMP), and address resolution protocol (ARP).
Network Interface Layer: This layer establishes how data should be physically sent through the network.
TCP/IP
Application Layer.
Transport Layer.
Network Layer.
Network Interface Layer.
Which is this, OSI or TCP/IP?
TCP/IP
The ……. ? model is used for practical application when locating specific protocol.
TCP/IP
The #1……..? model was developed by the International Standards Organization (ISO) after the #2…….? model to provide greater granularity of networking assignments within the model.
1. OSI
OSI stands for what?
Open System Interconnection model.
Which computer/internet protocol uses seven layers?
OSI (Open System Interconnection)
The ……..? model consists of a seven-layer architecture that organizes the sending of data from hosts across a network.
OSI (Open System Interconnection)
The …… is widely used throughout networking documentation and discussions. Layers are often referred to by number, not name, so memorizing the numbers and having a good understanding of each layer’s uses are essential for success in the IT community.
OSI model
Example:
Receives the frames and data and sends them via the local media (copper wires, fiber-optic cables, etc.) to the switches, routers, etc., along the network path. All of this takes a matter of microseconds to achieve.
What model and what layer is the above example?
Layer 1
Layer 5
Layer 7
Layer 3
OSI
Layer 1
What number is the transport layer of OSI?
Layer 4
What number is the Session Layer of OSI?
Layer 5
Example:
This layer is responsible for the error-free delivery of data to the receiving device or node. This layer is implemented through the use of devices such as switches and bridge devices, as well as anything with a network interface, like wireless or wired network cards.
What OSI layer is this and what is its name?
Layer 2
Data Link Layer
Application Layer.
This layer is responsible for network applications (like HTTP or FTP) and their production of data to be transferred over the network.
What number is the Application Layer?
Layer 7
Receives the packets and adds physical addressing by adding sender and receiver MAC addresses to each data packet. This information forms a unit called a frame.
What OSI Layer is this? And what number?
Layer 2
Data Link Layer
This layer is responsible for translating data from the application layer into the format required to transmit the data over the network as well as encrypting the data for security if encryption is used.
What layer is this and what number?
Layer 6
OSI Presentation Layer
This layer is responsible for the transmission of data between hosts in different networks as well as routing of data packets. This layer is implemented through the use of devices such as routers and some switches.
What layer is this and what number?
Network Layer
Number 3
Layer 5 of the OSI model is?
Session Layer
Which layer of the OSI model establishes, manages, and terminates connections?
Session
Application
Presentation
Network
Session layer
Which layer of the OSI model does a bridge use to make decisions about forwarding data packets?
Network
Physical
Data Link
Transport
Data Link
Which transmission control protocol/internet protocol (TCP/IP) layer performs addressing and routing?
Application
Transport
Presentation
Network
Network layer
OSI model:
The …….. represents network communication at a MAC-address level and forwards packets on …….. devices, like a bridge.
Data Link layer (Layer 2)
Layer 2
Which device is used to connect host devices within a local area network?
Gateway
Repeater
Switch
Router
Switch
Which device operates at layer 2 of the OSI model?
Hub
Repeater
Switch
Router
Switch
A …….. is a layer 3 device that connects networks together
Hub
Repeater
Switch
Router
Router
……. is also used in Ethernet LANs and data centers. …… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.
Cat6 cables
…….. is used in Ethernet LANs containing two twisted pairs allowing for up to 100 Mbps up to 100 meters between the device and the switch, hub, or router. This has been practically replaced by the …. specification.
Cat5
Cat5e
……… is an improvement of the Cat6 standard, supporting the same standards and lengths (with the ability to run 10 Gbps over 100 meters maximum), but using a higher quality cable that is more resistant to interference. This is most commonly used in wired networks today.
Cat6a
There are several different connectors that can be connected to the end of these UTP cables; the two most common are:
RJ11
&
RJ45
UTP cables.
UTP stands for?
Unshielded twisted pair cables.
…… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.
Cat6
……. are analog cables made of copper but specifically engineered with a metal shield intended to block signal interference. This cable was patented in 1880 by Oliver Heaviside and was used as an improvement over the bare copper cables widely used in that day.
Coaxial Cables
Copper cables:
There are several types of ….. cables, but since they are not widely used in networking today, they are not discussed further.
coaxial
……….use glass or plastic threads within cables to transfer the data using light (lasers or LEDs) as opposed to traditional metal cables using electricity.
Fiber optic cables (Fiber cables)
……….. cables are useful for high bandwidth needs, meaning they can carry more data at one time.
Fiber optic cables
…….. cables are lighter and thinner to install but are much more expensive.
Fiber optic cables
There are two types of fiber cables:
These are?
single-mode
multimode.
………. fibers are highly effective over medium distances (500 meters or less at higher speeds) and are generally used within a LAN.
Multimode
The benefit of a ……. fiber cable is the ability to carry higher bandwidth for 50 times the distance of a multimode cable.
single (fiber optic cable mode)
…….. cables are more protected from outdoor weather than traditional copper cables.
Fiber optic cables
Connectors:
…………? : This stands for ……… This is a smaller version of the standard connector (SC). This supports more ports to be used in the same space. This is probably the most common type used in corporate data centers today and is usually used with SFP (small form-factor pluggable) transceivers.
LC
lucent connector
………? : This stands for a ………. This was the most commonly used connector with multimode fiber until the mid-2000s. It was used on campuses, corporate networks, and for military purposes. Today, LC connectors are usually used instead, as they are denser and more convenient at almost the same cost.
ST
Straight tip connector
……..cables are used to connect two computing devices of the same type directly to each other. In computers, this is accomplished via their network interface controllers (NIC) or switches.
Crossover cable
……….. are used to connect a device to a wall outlet, for example. The wall outlet is wired to another patch panel in the networking closet, and that networking panel is wired into a switch. These cables can also be used to wire servers in a rack to the top-of-rack (ToR) switch.
Patch cables
……. is an association of professional electronic and electrical engineers responsible for many of the standards created in networking today. Founded in 1963.
IEEK
BCGF
KBIE
IEEEC
IEEE
The Institute of Electrical and Electronics Engineers (IEEE)
….. is one of the most basic tools for testing connectivity to other hosts.
Ping
……….. are used to trace the route an IP packet takes to a destination.
Traceroute and tracert
Ipconfig stands for?
Internet Protocol Configuration
…….. is similar to traceroute or tracert in that it displays the path taken by a packet from its source to its destination.
Tracepath
……… provides the user with the IP, subnet mask, and default gateway for each network adapter by default with the /all option information, such as MAC address, DHCP status, and lease information.
Ipconfig (internet protocol configuration)
Similar to ipconfig, …….. is used to configure the kernel network interfaces. It is implemented at the time of booting to configure the necessary interfaces. Once the interfaces are configured, it is used for debugging or tuning the system. It is primarily used in Linux.
ifconfig
Network Commands:
ARP stands for?
Address Resolution Protocol
……… displays the IP to physical (MAC) address mappings for hosts that have been discovered in the …….
ARP (Address Resolution Protocol)
ARP cache
telnet/ssh
tcpdump
nmap
finger
These are examples of what?
Network Commands
……. displays information about active ports and their state and can be useful in troubleshooting and capacity management. The command netstat -r displays routing information for network adapters. It is available in Windows, MacOS, and Linux.
Netstat (network statistics)
…….. displays information for displaying DNS information and troubleshooting DNS problems. It is useful in displaying names to IP address mappings.
Nslookup (name server lookup)
………….is a command used to query the DNS name servers. It is helpful in troubleshooting DNS problems. It is also used for lookups and will display answers from the query. It is a replacement for nslookup.
dig
nslookup
ARP
ipconfig
dig
Dig stands for?
domain information groper
……..is a tool most often used to look up who owns a domain or block of IP addresses on the internet, including name, email address, and physical address. However, there are many privacy options that hide this information from being returned. It is primarily used in Linux.
Whois
……. can be used to display the current route tables on a host.
Route
The ……… command is used to securely copy files between servers, leveraging SSH (secure shell) for authentication and encryption.
SCP (Secure Copy Protocol)
………. copies the file from one host to another host.
telnet/ssh
FTP
Netstat
Dig
FTP (file transfer protocol)
Network commands:
SSH stand for?
Secure shell
………. transfers a file from either a client to a server or from a server to a client using UDP (user datagram protocol) instead of TCP, and so it is usually used on reliable (local) networks.
ARP
dig
tftp
ftp
TFTP (trivial file transfer protocol)
………. displays information about a user or users on a remote system, including things such as last log-in time and username. It is primarily used in Linux.
dig
ftp
ifconfig
Finger
Finger
……….. scans networks to see what it can find in terms of hosts and open ports (including well-known ones for many applications). It is commonly used to determine what is deployed on a network for vulnerability analysis, security scans, and related activities.
Nmap (Network Mapper)
…….. and …….. are not native to either Linux or Windows but can be downloaded for free and used with both.
dig
finger
tcpdump
nslookup
Nmap
tcpdump
Nmap
……….. displays TCP/IP packets and other network packets that are being transmitted over the network system.
Tcpdump
…………: It is a form of protocol analyzer (sometimes called a sniffer) and is designed to show the contents of network packets in human-readable form for troubleshooting, security analysis, etc.
Tcpdump
…….. allows a user to manage accounts and devices remotely but unencrypted.
Telnet
………….allows a user to manage accounts and devices remotely but it is encrypted.
SSH Secure Shell
An organization needs to perform an analysis to identify vulnerabilities such as open firewall ports, unauthorized operating systems or device types, and weak passwords. Which tool is recommended?
nslookup
nmap
tracepath
finger
nmap
The ………. utility is the correct answer and can perform many types of vulnerability scans by sending specially crafted data packets and learning about the target(s) based on the responses of the target(s).
Network Mapper (nmap)
A server administrator is tasked to harden the database servers, and one of the requirements is to document any firewall ports that are open and closed. Which native Windows command line utility should the administrator use?
finger
tcpdump
dig
netstat
netstat
The …… is used in Linux to limits the number of pings within a single session. In this example, the ping command attempts transmission eight times and is the correct answer.
-c switch
Which protocol provides remote access over encrypted connections?
File transfer protocol (FTP)
Secure shell (SSH)
Domain Name System (DNS)
Internet control method protocol (ICMP)
Secure shell (SSH)
What does the address resolution protocol (ARP) cache map?
IP addresses to network destinations
IP addresses to MAC addresses
MAC addresses to interfaces
MAC addresses to ICMP
IP addresses to MAC addresses
Bluetooth ear pods connected to a phone or laptop would be an example of what kind of network?
LAN
WAN
PAN
WLAN
PAN
Personal Area Network
Networks:
SAN stand for?
Storage Area Network
WAN stands for?
WLAN stands for?
Wide Area Network (WAN)
Wireless Local Area Network (WLAN)
Examples of ….. are a home, lab, or office building. Most often, ….. use Ethernet, Wi-Fi, or both to connect the network devices.
LANs
Many private homes use …. in the form of Wi-Fi, as it allows for multiple users to be connected to the network (and usually the broader internet), but not be tied down to a specific location in the home.
WLAN
………… allow servers to access devices such as tape libraries and disk arrays while presenting them to the operating system like any other locally attached device.
SANs
………. may also use other protocols, such as Fibre Channels that do not usually operate on traditional network equipment.
SANs
….. there is no individually designated server or client. Each machine on the network can act as both server and client, sometimes requesting data from other nodes and sometimes answering requests from others. Bitcoin and Tor are examples of ……. networks.
Peer to Peer (P2P)
The server is the system that stores data and information. The client is the machine that needs access to that data. This is the traditional model of networking since the 1990s.
This is an example of what networking model?
Client Server
Unlike other topologies such as bus, ring, or star, …….? topologies are not necessarily constructed using physical network cables. The nodes may connect using Wi-Fi or radio signals or by virtual links such as virtual private networks (VPNs).
What topology is this?
Mesh topology
…….. networks are typically used where communication within a network must be highly available and redundancy is needed.
Which topology is this?
Star
Bus (Linear)
Mesh
Ring
Mesh
Architecturally speaking, there are two extremes in networking and computing architecture:
Which are?
centralization
&
decentralization
In the early days of mainframe computers, nearly all computing and network power was …… in a large data center.
centralized
The performance is also much more constant and reliable.
While security is a great benefit of …….?
The above is an example of what type of network architecture.
Centralized?
Or…
Decentralized?
Centralized
Another advantage of ……….. is the lack of a single point of failure, or, perhaps more accurately, each computer is its own single point of failure because the computers do not rely on each other.
decentralization
What is the principle advantage of wireless networks?
Redundancy
Stability
Security
Portability
Portability
Which network model is characterized by client computers that act as both servers and workstations?
Client/server
Wired
Wireless
Peer-to-peer
Peer-to-peer
Virtualization relies on a special type of software, known as a …….., which creates the virtual hardware for devices.
hypervisor
Regardless, all …….. have something in common: they use software to create the illusion of physical hardware.
hypervisors
…… is essentially programming instructions baked into copper and silicon chips.
Hardware
Each instance of virtual hardware is called a ……, or VM.
virtual machine
NOT A FLASHCARD.
The operating system (OS) installed within the VM is often referred to as a guest OS to differentiate it from the operating system of the underlying physical computer, which is called the host OS.
The ……. serves as a resource traffic cop in that it manages how each VM (virtual machine) accesses and consumes the physical hardware resources, such as CPU, RAM, networking, and storage.
hypervisor
…….. hypervisors typically requires dedicated hardware and are installed as that machine’s operating system, making them more commonly found in data centers than in home networks.
Type 1
Type 2
Which?
Type 1
Bare metal hypervisor is….
Type 1
Or…
Type 2
Type 1 hypervisor is bare metal
Hypervisor that is hosted is….
Type 1
Or…
Type 2
Type 2 hypervisor is hosted (Installed as an application in the device’s operating system.
VMware Workstation or Microsoft Hyper-V…
Are examples of what type of hypervisor?
Type 1
Or…
Type 2
Type 2
…… hypervisor for MacOS, such as VMware Fusion or Parallels Desktop, which would allow you to create and run a Linux VM on your laptop.
Which type of hypervisor?
Type 2
Or…
Type 1.
Type 2
……….hypervisor is competing for hardware resources with all the other running applications on your computer; and second, the hypervisor does not have direct and unrestricted access to the physical hardware but instead must send all your VM’s hardware requests through your computer’s operating system.
This is what type of hypervisor?
Type 1
Or…
Type 2
Type 2
What kind of software will the IT team need to install on a Mac to enable it to run this Windows environment?
Keyboard video mouse (KVM) switch
Type 2 hypervisor
Virtual machine (VM)
Type 1 hypervisor
Type 2 hypervisor
What is a hypervisor?
A hardware tool used to host virtual systems
A virtual application developer
A software tool used to host virtual systems
A virtual system administrator
A software tool used to host virtual systems
……. are like a layer of system software between computer hardware and virtualized systems.
Hypervisors
Which cloud service model requires the customer to be responsible for operating systems?
PaaS
IaaS
SaaS
IaaS
Infrastructure as a Service
PaaS stand for?
Platform as a Service
SaaS stands for?
Software as a Service.
However, the industry also includes the catch-all term …. as a service, where …. could be nearly anything from security, accounting, hardware, etc.
XaaS
X as a Service
Salesforce
Gmail
Outlook
Are examples of?
IaaS
SaaS
PaaS
DaaS
SaaS
Software as a Service
Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)….
These are examples of Public Cloud providers or Private Cloud providers?
Public Cloud providers.
Which type of cloud between Public Cloud or Private Cloud providers is more likely to be secure?
Public Cloud providers.
……. is the concept of leveraging the services of multiple public cloud providers, such as hosting your website at AWS and GCP and balancing the users between these providers. This concept, in practice, can add redundancy and flexibility.
Which cloud is the above an example of?
Public cloud.
Private cloud.
Community cloud.
Multi-cloud.
Multi-cloud
For …… cloud computing, the customer will require a dedicated connection between their on-premises data center and the public cloud provider.
This is an example of?
Hybrid cloud
Public cloud
Private cloud
Community cloud
Multi-cloud
Hybrid cloud
Why would a business likely choose a hybrid cloud solution?
They want a cloud provider to take responsibility for all hardware aspects of their systems.
They want to maintain total control of all hardware their software runs on.
They want to jointly own and control the hardware their software runs on.
They want to use their own systems but add the ability to scale up for burst demand.
They want to use their own systems but add the ability to scale up for burst demand.
The ….. is a reference model that takes into account confidentiality, integrity, and availability.
CIA triad
…….: The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of attacks.
SecOps
……. : A weakness in software, hardware, facilities, or humans that can be exploited by a threat.
Vulnerability
……. : The potential of a threat to exploit a vulnerability via an attack.
Risk: The potential of a threat to exploit a vulnerability via an attack.
……: Something or someone that can exploit a vulnerability to attack an asset.
Threat
…….: An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset.
Attack
………: A person, device, location, or information that SecOps aims to protect from attack.
Asset: A person, device, location, or information that SecOps aims to protect from attack.
To gain access to the information, the attacker needs to get into the middle of the conversation; however, to do so, the attacker must impersonate the sender and receiver of the traffic. This act is known as “……? its identity.”
This is an example of?
Spoofing
Taking control
SQL Attack
Buffer overflow
Spoofing
An application called a “……..” can systematically check each of these ports by sending thousands of TCP/IP packets to the victim’s computer, each packet on a different TCP port.
port scanner
An attacker just needs to send traffic to each and every port to learn which services are running. Unfortunately for the attacker, there are tens of thousands of ports, numbered from 0 to 65,535.
This type of attack is called?
Port Scanning
The …… attack overwhelms a victim’s computer with an immense volume of ICMP echo-request packets, all containing a forged, randomized source address.
Ping flood attack
Threats known as ……. attacks do just that: they deny someone access to a service, usually by overwhelming the victim with enormous amounts of useless traffic.
denial-of-service (DoS)
Two common social engineering attacks are:
Impersonation
Phishing
Denial of Service
Spoofing
Wiretapping
Poor physical security measures
Impersonation
&
Phishing
A ….. attack creates half-open connections.
SYN
Wiretapping
Spoofing
Smurf attack
SYN attack
How does a Smurf attack operate?
It causes hosts to reboot repeatedly.
It creates multiple VPN connections with hosts.
It creates half-open connections.
It spoofs the source address for all ICMP packets.
It spoofs the source address for all ICMP packets.
This is a Denial-Of-Service attack.
Another example involves ARP poisoning, which is a method attackers use to cause an Ethernet switch to flood all traffic to every port on the switch, including the attacker’s computer.
What kind of attack is the above?
Spoofing
Wiretapping
Denial of Service
Spoofing
The Smurf Attack is what kind of attack?
(It spoofs the source address for all ICMP packets)
Spoofing
Wiretapping
Phishing
Denial-of Service.
Denial-of-Service.
A …… attempts to spoof the source address of ICMP packets and broadcast to the network in an attempt to flood it.
Smurf attack
……..software protects against malware, identifies it, quarantines it, and removes it.
Antivirus
…….. may prevent unwanted connections to a system.
Which is the correct answer?
Antivirus
Personal Firewalls
Content Filter
Personal firewalls
……. prevent malicious or inappropriate network traffic.
Which is the correct answer?
Antivirus
Encryption
Content Filter
Content filters
……. makes content unreadable unless a private key is used.
Content Filter
Firewall
Encryption
Encryption
Which software protection provides malware identification?
Antivirus
Content Filter
Encryption
Antivirus
Which device provides web content filtering and URL scanning?
Web proxy
Stateful firewall
Router
Intrusion detection
Web proxy
