OSI Model & TCP/IP

Question 1

Q1: What does the Physical Layer (Layer 1) of the OSI model do?

Answer 1

A: It is responsible for the transmission of raw bits over a physical medium (e.g., cables, Wi-Fi). This layer includes hardware like hubs, cables, and repeaters.

Question 2

Q2: Name three devices that operate at the Data Link Layer (Layer 2).

Answer 2

A: Switches, bridges, and network interface cards (NICs). They handle MAC addressing and frame transmission.

Question 3

Q3: What protocol is primarily used at the Network Layer (Layer 3)?

Answer 3

A: IP (Internet Protocol). It is responsible for routing packets between devices across different networks.

Question 4

Q4: What are the responsibilities of the Transport Layer (Layer 4)?

Answer 4

A: It ensures reliable data transfer, error detection, and flow control. Key protocols include TCP (connection-oriented) and UDP (connectionless).

Question 5

Q5: How does the Session Layer (Layer 5) differ from the Transport Layer (Layer 4)?

Answer 5

A: The Session Layer manages sessions between applications, such as starting, maintaining, and terminating communication, while the Transport Layer ensures reliable delivery of data.

Question 6

Q6: HTTP is an example of what Layer protocol?

Answer 6

A: Application Layer (Layer 7) protocol

Question 7

Q7: What is the purpose of Layer 6 (Presentation Layer)?

Answer 7

A: It translates data between the application and the network, ensuring data formats like encryption, compression, and encoding are handled.

Question 8

Q8: What layer would you troubleshoot if a file download is failing due to corrupted data?

Answer 8

A: Layer 4 (Transport Layer) because it is responsible for error detection and data reliability.

Question 9

Q9: What is encapsulation in the OSI model?

Answer 9

A: It is the process of adding headers and sometimes footers to data as it moves through the layers.

Question 10

Q10: Which layer of the OSI model is responsible for MAC addresses?

Answer 10

A: Data Link Layer (Layer 2).

Question 11

Q11: Which layer of the OSI model is responsible for routing packets between networks?

Answer 11

A: Network Layer (Layer 3). Routers operate at this layer.

Question 12

Q12: How does the Presentation Layer (Layer 6) support encryption?

Answer 12

A: It handles encryption and decryption to ensure secure communication between devices.

Question 13

Q13: What devices operate at the Physical Layer (Layer 1)?

Answer 13

A: Hubs, cables, and network interface cards (NICs).

Question 14

Q14: Why is the Application Layer (Layer 7) crucial for user interaction?

Answer 14

A: It provides network services directly to user applications, enabling communication such as email and web browsing.

Question 15

Q15: What is the primary purpose of Layer 2 switching?

Answer 15

A: Forwarding frames based on MAC addresses within a local network.

Question 16

Q16: How does the OSI model assist in troubleshooting?

Answer 16

A: By isolating issues to specific layers, such as checking physical connectivity at Layer 1 or routing at Layer 3.

Question 17

Q17: What does segmentation mean in the Transport Layer (Layer 4)?

Answer 17

A: It involves dividing data into smaller packets for transmission and reassembling them at the destination.

Question 18

Q18: How does the Network Layer (Layer 3) handle routing?

Answer 18

A: It uses routing protocols (e.g., OSPF, BGP) to determine the best path for packets between networks.

Question 19

Q19: What is the difference between broadcast and unicast at Layer 2?

Answer 19

A: Broadcast sends data to all devices in a network, while unicast sends data to a specific device.

Question 20

Q20: What type of address is used at Layer 2?

Answer 20

A: MAC addresses are used to identify devices within the same network segment.

Question 21

Q21: What are the layers of the TCP/IP model?

Answer 21

A: Application, Transport, Internet, and Network Access (or Link).

Question 22

Q22: How does the Application Layer in TCP/IP differ from the OSI model?

Answer 22

A: The TCP/IP Application Layer combines the functionality of the OSI Application, Presentation, and Session layers.

Question 23

Q23: What protocols operate at the Internet Layer of the TCP/IP model?

Answer 23

A: IP (Internet Protocol), ICMP (Internet Control Message Protocol), and ARP (Address Resolution Protocol).

Question 24

Q24: Compare TCP and UDP at the Transport Layer.

Answer 24

A: TCP provides reliable, connection-oriented communication (e.g., HTTP), while UDP is connectionless and faster but less reliable (e.g., DNS, video streaming).

Question 25

Q25: What is the role of the Network Access Layer in TCP/IP?

Answer 25

A: It handles physical hardware and protocols required to transmit data over a network.

Question 26

Q26: Which protocol is used for routing packets in the TCP/IP Internet Layer?

Answer 26

A: IP (Internet Protocol). It routes packets based on IP addresses.

Question 27

Q27: What is the purpose of DNS in the Application Layer?

Answer 27

A: It resolves human-readable domain names (e.g., www.google.com) into IP addresses.

Question 28

Q28: How does the Transport Layer ensure data reliability?

Answer 28

A: By using mechanisms like acknowledgments, retransmissions, and flow control.

Question 29

Q29: What is the function of ARP in the TCP/IP model?

Answer 29

A: Address Resolution Protocol maps IP addresses to MAC addresses for local network communication.

Question 30

Q30: What is SMTP and what layer is the proctocol in TCP/IP model?

Answer 30

A: SMTP (Simple Mail Transfer Protocol) is an example of an Application Layer protocol used for email

Question 31

Q31: Why is the Internet Layer essential in the TCP/IP model?

Answer 31

A: It ensures packets are routed across multiple networks to reach their destination.

Question 32

Q32: What is the primary difference between IPv4 and IPv6?

Answer 32

A: IPv4 uses 32-bit addressing, while IPv6 uses 128-bit addressing to support more devices.

Question 33

Q33: Which protocol uses port 443?

Answer 33

A: HTTPS (Hypertext Transfer Protocol Secure).

Question 34

Q34: What is the three-way handshake in TCP?

Answer 34

A: It is a process to establish a reliable connection between two devices using SYN, SYN-ACK, and ACK packets.

Question 35

Q35: What is ICMP used for in the Internet Layer?

Answer 35

A: ICMP is used for diagnostic and error-reporting purposes, such as in ping requests.

Question 36

Q36: What is the difference between a subnet mask and an IP address?

Answer 36

A: An IP address identifies a device on a network, while a subnet mask defines the network’s size and range.

Question 37

Q37: What is the role of DHCP in the Application Layer?

Answer 37

A: DHCP assigns IP addresses dynamically to devices on a network.

Question 38

Q38: How does NAT work in the Internet Layer?

Answer 38

A: NAT translates private IP addresses to a public IP address, allowing devices on a private network to access the internet.

Question 39

Q39: What is a common use of port 22?

Answer 39

A: Port 22 is used by SSH (Secure Shell) for secure remote login.

Question 40

Q40: How does a firewall inspect traffic at the Transport Layer?

Answer 40

A: It examines TCP/UDP ports to allow or block specific types of traffic.

Question 41

Q41: Which OSI layer is most relevant for analyzing network traffic with Wireshark?

Answer 41

A: Layers 2-4 (Data Link, Network, and Transport Layers). These layers show MAC addresses, IPs, and ports, respectively.

Question 42

Q42: What is the importance of ports in the TCP/IP model?

Answer 42

A: Ports identify specific processes or services (e.g., HTTPS on port 443, DNS on port 53) for data communication.

Question 43

Q43: How would you identify a DDoS attack using the OSI model?

Answer 43

A: Look for excessive traffic or anomalies at Layers 3 and 4, focusing on IP addresses (Network Layer) and ports (Transport Layer).

Question 44

Q44: Why is it important to know the difference between TCP and UDP for a SOC analyst?

Answer 44

A: To understand the type of communication a protocol uses and identify anomalies (e.g., excessive UDP traffic could signal a DDoS attack).

Question 45

Q45: What layer of the OSI model would you investigate for VLAN hopping attacks?

Answer 45

A: Layer 2 (Data Link Layer), since VLANs are defined and managed here.

Question 46

Q46: How does SSL/TLS operate in the OSI model?

Answer 46

A: It operates at Layer 6 (Presentation Layer) to encrypt data.

Question 47

Q47: What tool can you use to monitor TCP/UDP connections on a system?

Answer 47

A: Netstat or Wireshark.

Question 48

Q48: Which TCP/IP layer is responsible for ensuring packets arrive in order?

Answer 48

A: Transport Layer, specifically with TCP.

Question 49

Q49: How do firewalls relate to the OSI model?

Answer 49

A: Firewalls typically operate at Layers 3 (Network Layer) and 4 (Transport Layer) to filter traffic.

Question 50

Q50: Why are logs from Layer 4 useful for a SOC analyst?

Answer 50

A: They provide information about port usage and help detect unauthorized services or anomalous traffic.