Other Questions Flashcards
What is ARP?
Address Resolution Protocol
Used to map IP network addresses to the MAC addresses used by a data link protocol
Given the following network address: 192.168.1.0/25, what is the last usable IP address in this subnet?
Also explain why?
192.168.1.126
/25 means 128 IP addresses
Minus 2 for the network address and the broadcast address
A network engineer needs to create subnets within a Class A network. The engineer decides to use a certain subnet mask. How many possible hosts are available per subnet if the subnet mask is 255.255.0.0?
Also explain why?
65534 possible hosts
Class A network with a subnet mask 255.255.0.0 means /16 subnet. This means there are 16 bits available for host addresses (32 total bits - 16 network bits = 16 host bits). The formula to calculate the number of hosts is 2^n - 2, where n is the number of host bits. In this case, 2^16 - 2 = 65536 - 2 = 65534 hosts. The ‘-2’ accounts for the network and broadcast addresses
What is traffic shaping?
AKA Packet Shaping
A congestion management method that controls bandwidth usage by network traffic. It can be used to prioritize, limit, or guarantee bandwidth to specific traffic types to prevent network congestion
delaying certain packet types—based on their content—to ensure that other packets have a higher priority. This can help to ensure that latency is reduced for critical applications.
Which topology provides the highest redundancy?
Mesh
Each network node is connected to every other node. If one connection fails, there are still multiple paths for data to take.
What is the ‘dig’ command?
Domain Information Grouper
Used in Linux to troubleshoot DNS related issues. It can be used to pull up a wealth of DNS record information, which can help determine where a problem might lie.
True or False:
The “ping” command uses the ICMP protocol to test network connectivity
True
The ping command does use the Internet Control Message Protocol (ICMP). It works by sending ICMP Echo Request packets to the target host and waiting for an Echo Reply, testing network connectivity and response time.
What is IPSec?
Internet Protocol Security
Provides security at the network layer, including data encryption and secure communication between hosts
What is CRC?
Cyclical Redundancy Check
These errors usually indicate a problem with the cabling or a faulty port, as they are generally related to physical layer issues
nslookup
Command-line tool is best used to diagnose DNS servers. It can help find DNS details, like IP addresses of a particular computer, or the domain name and IP address of the DNS server for a particular organization.
MPLS
Multiprotocol Label Switching
Uses label-switching routers and label-edge routers to forward packets.
MPLS is a protocol-agnostic routing technique designed to speed up and shape traffic flows across enterprise wide area and service provider networks
QoS
SLA
Service Level Agreement
Define the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved
APIPA
Automatic Private IP Addressing
-when a DHCP server can’t be contacted.
169.254.0.1 - 169.254.255.254
Troubleshooting Methodology
Identify the problem
Establish a theory of probable cause
Test the theory to determine the cause
Establish Plan of Action
Implement Solution
Verifying full system functionality Document findings
OSI Model Layers
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
What is the purpose of the Time-to-Live (TTL) field in an IP packet?
The TTL field in an IP packet is decremented by one each time the packet passes through a router. If the TTL field reaches zero, the packet is discarded, preventing it from looping indefinitely around the network.
What is the purpose of Spanning Tree Protocol (STP) in a local area network (LAN)?
Spanning Tree Protocol (STP) is a network protocol that prevents switching loops (also known as bridge loops), which can cause broadcast radiation, by creating a spanning tree within networks that have redundant paths.
Port 53
DNS
(query and zone transfers)
Port 443
HTTPS
What is a typical function of a load balancer?
Load balancers distribute network traffic across multiple servers to ensure no single server becomes overwhelmed with too much traffic.
OSPF
Open Shortest Path First
An interior gateway protocol used to exchange routing information within a single Autonomous System (AS).
BGP
Border Gateway Protocol
An exterior gateway protocol typically used to route traffic between different AS.
Port 25
SMTP
Simple Mail Transfer Protocol
Port 161
SNMP
System Network Management Protocol
Which routing protocol uses the DUAL algorithm to build and maintain routing tables?
Enhanced Interior Gateway Routing Protocol (EIGRP) uses the Diffusing Update Algorithm (DUAL) to create and manage routing tables and ensure there are no routing loops.
True or False:
A company implemented a VPN to secure remote access to its network. This solution alone will guarantee that data cannot be intercepted during transmission.
False
While a VPN does encrypt data for secure transmission, it alone does not guarantee that data cannot be intercepted. There are still potential vulnerabilities like a man-in-the-middle attack or malware on a user’s computer. Other security measures should be in place to ensure comprehensive network security.
Port 20
FTP
Port 21
FTP Secure
Port 22
SSH
Port 23
Telnet
Port 67
DHCP Server
Port 68
DHCP Client
Port 69
Trivial File Transfer Protocol
Port 80
HTTP
Port 110
POP3
Port 123
NTP (Network Time Protocol)
Port 143
IMAP
Port 161
SNMP
Port 389
LDAP
Lightweight Directiroy Access Protocol
Port 445
SMB
Server Message Block
Port 514
Syslog
Port 587
SMTP TLS
Port 636
LDAPS
Port 993
IMAP SSL
Port 995
POP3 SSL
Port 1433
SQL
Port 1521
SQLNet
Port 3306
MySQL
Port 3389
RDP
Port 5060/5061
Session Initiation Protocol
802.11a
5GHz, 54Mbps
802.11b
2.4GHz, 11Mbps
Frequency issues
802.11g
2.4GHz, 54Mbps
Backwards compatible w/802.11b
Frequency issues
802.11n
2.4GHz or 5GHz
600Mbps
40MHz channel
MIMO
802.11ac
5GHz
160MHz
Eight MU-MIMO streams
7Gbps
802.11ax
2.4GHz or 5GHz
20, 40, 80, and 160 MHz
1,201 Mbps
OFDMA
What is ATM?
Asynchronous Transfer Mode
What are SFP, SFP+ and QSFP?
Types of transceivers
SFP (Small Form-factor Pluggable)- Eletrical to Optical
SFP+(Enhanced
True or False:
In modern Ethernet networks, a twisted-pair copper cable can have a TIA/EIA-568A standard on one end and TIA/EIA-568B standard on the opposite end forms
False
Shielded Twisted-Pair (STP) cabling reduces what kind of interference?
Crosstalk and EMI
What is the Three Way Handshake for TCP?
1- Client SYN
2- SYN/ACK
3- Client ACK
On-path attack
Formerly man-in-the-middle attacks
a specific type of spoofing attack where a threat actor
compromises the connection between two hosts and transparently intercepts and
relays all communications between them. The threat actor might also have the
opportunity to modify the traffic before relaying it.
DoS attack
Denial of Service
causes a service at a given host to fail or to
become unavailable to legitimate users. Resource exhaustion DoS attacks focus
on overloading a service by using up CPU, system RAM, disk space, or network
bandwidth. It is also possible for DoS attacks to exploit design failures or other
vulnerabilities in application software. A physical DoS attack might involve cutting
telephone lines or network cabling or switching off the power to a server.
802.1x
Port-based Network Access Control (NAC)
802.3ad
LACP / NIC Teaming
802.3ax
802.3af
PoE
802.1d
STP
NDA
Non Disclosure Agreement
- Confidentiality agreement between parties
– Information in the agreement should not be disclosed - Protects confidential information
– Trade secrets, business activities
SLA
Service Level Agreement (SLA)
– Minimum terms for services provided
– Uptime, response time agreement, etc.
– Commonly used between customers and service
providers
MOU
Memorandum of Understanding (MOU)
– Both sides agree on the contents of the memorandum
– Usually includes statements of confidentiality
– Informal letter of intent; not a signed contract
AUP
Acceptable use Policy
What is acceptable use of company assets?
– Detailed documentation
– May be documented in the Rules of Behavior
* Covers many topics
– Internet use, telephones, computers,
mobile devices, etc.
* Used by an organization to limit legal liability
– If someone is dismissed, these are the
well-documented reasons why
NAT
Network Address Translation
NAT is a service translating between
a private (or local) addressing scheme used by hosts on the LAN and a public (or
global) addressing scheme used by an Internet-facing device. NAT is configured
on a border device, such as a router, proxy server, or firewall. NAT is not a security
mechanism; security is provided by the router/firewallʼs ACL.
Stateful firewall
. A stateful firewall operates at Layer 5 (Session)
of the OSI model. When a packet arrives, the firewall checks it to confirm whether it
belongs to an existing connection. If it does not, it applies the ordinary packet filtering
rules to determine whether to allow it. Once the connection has been allowed, the
firewall allows traffic to pass unmonitored, in order to conserve processing effort.
Stateless firewall
Netflow analyzer
Gather traffic statistics from all traffic flows
– Shared communication between devices
* NetFlow
– Standard collection method - Many products and options
Spectrum analyzer
View the frequency spectrum
* Identify frequency conflicts
Wi-Fi
Segmentation
Physical segmentation
* Separate devices
– Multiple units, separate infrastructure
Logical segmentation with VLANs
* Virtual Local Area Networks (VLANs)
– Separated logically instead of physically
– Cannot communicate between VLANs without
a Layer 3 device / router
ICMP
Internet Control Message Protocol
– “Text messaging” for your network devices
* Another protocol carried by IP - Not used for data transfer
* Devices can request and reply to administrative requests
– Hey, are you there? / Yes, I’m right here.
* Devices can send messages when things don’t go well
– That network you’re trying to reach
is not reachable from here
– Your time-to-live expired, just letting you know
Severity levels
0 - Emergency - The system is unusable
(kernel panic)
1 - Alert - A fault requiring immediate
remediation has occurred
2 - Critical - A fault that will require
immediate remediation is
likely to develop
3 - Error - A nonurgent fault has
developed
4 - Warning - A nonurgent fault is likely to
develop
5 - Notice - A state that could potentially
lead to an error condition
has developed
6 - Informational - A normal but reportable
event has occurred
7 - Debug - Verbose status conditions
used during development
and testing
OTDR
Fiber
If a break
is identified in an installed cable, the location of the break can be found using an
optical time domain reflectometer (OTDR). This sends light pulses down the
cable and times how long it takes for any reflections to bounce back from the break.
A broken cable will need to be repaired (sp
Out-of-band management
The console port is a physically out-of-band
management method; the link is limited to the attached device. When you are using
a browser-based management interface or a virtual terminal, the link can be made
out-of-band by connecting the port used for management access to physically
separate network infrastructure. Obviously, this is costly to implement, but out-ofband management is more secure and means that access to the device is preserved
when there are problems affecting the production network.
in-band management
An in-band management link is one that shares traffic with other communications on the “production” network.
With an in-band connection, better security can be implemented by using a VLAN
to isolate management traffic.
LACP
(Link Aggregation Control Protocol)
BPDU
Bridge Protocol Data Unit
STP info is packaged as BPDU multicast frames
Port 3306
MySQL
Straight-through cable
Patch cables - the most common Ethernet cable
* Connect workstations to network devices
– Workstation to switch
– Router to switch
Crossover Cable
Connect MDI to MDI
* Connect MDI-X to MDI-X
* Auto-MDI-X is on most modern Ethernet devices
– Automatically decides to cross-over
* This is obviously not 568A on one side and 568B on the other
– 568A and 568B are cabling standards
– The TIA-568 standard does not define Ethernet (or other)
crossover cables
-Switch to switch
-Router to router
-Workstation to workstation
-Workstation to router
Evil twin
Looks legitimate, but actually malicious
– The wireless version of phishing
* Configure an access point to look like an
existing network
– Same (or similar) SSID and security
settings/captive portal
* Overpower the existing access points
– May not require the same physical location
* WiFi hotspots (and users) are easy to fool
– And they’re wide open
* You encrypt your communication, right?
– Use HTTPS and a VPNPublic access to
public resources
ARP
Address Resolution Protocol
Determine a MAC address based on an IP address
OSPF
OSPF (Open Shortest Path First)
– Large, scalable routing protocol
It is a Link-state routing protocol
* Information passed between routers is related
to the current connectivity
RIPv1
Routing Information Protocol
v1 - a classful protocol and uses inefficient broadcasts to communicate
updates over UDP port 520.
VRRP
Virtual Router Redundancy Protocol
The default router isn’t real
– Devices use a virtual IP for the default gateway
– If a router disappears, another one takes its place
– Data continues to flow
MIB
Management Information Base
holds statistics relating to the activity
of the device
OID
Object Identifier
can be referenced by name or
number
– .iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).
snmp(11).snmpOutT
TACACS+
Terminal Access Controller Access-Control System
– Remote authentication protocol
– Created to control access to dial-up lines to ARPANET
- TACACS+
– The latest version of TACACS, not backwards compatible
– More authentication requests and response codes
Kerberos
Network authentication protocol
Authenticate once; SSO
Protect against on-path or replay attacks
route command
Command to view device’s routing table
-Find out where packets will go
route print
nslookup
Command to troubleshoot DNS name resolution
(d)nslookup
Dig is a similar command
unicast
One station sending information to another station
1:1
only two systems
multicast
Delivery of information to interested systems
broadcast
Sending information to everyone at once
Not used in IPv6
anycast
Single destination IP address has
multiple paths to two or more endpoints
– One-to-one-of-many
– Looks like any other unicast address
* Packets sent to an anycast address are delivered to the closest interface
DNS Poisoning
Attack that compromises the name resolution process
Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker’s choosing.
Attacker will replace the valid IP address vor a trusted website with the attackers IP address. The attacker can then intercept all the packets directed to that IP address and bounce them to a real site, leaving the victim unaware of what is happening
DMZ
Demilitarized Zone AKA Screened Subnet
Use of two firewalls placed on either side of the permieter network zone
NAC
Network Access Control
802.1X
Port-based Network Access Control
No access until you authenticate
-Physical interfaces [connecting to the switch]
-EAP/RADIUS
-Enabling/disabling ports
Throughput
Average data transfer rate achieved over a period of time
Bandwidth
Frequency range measured in cycles per second or Hz
Also used to describe the amount of data that can be transferred, measured in bps
RIPv2
Routing Information Protocol
v2 - supports classless addressing and uses more efficient multicast
transmissions over UDP port 520. It also supports authentication.
Physical segmentation
Separate devices; separate infrastructures
Screened subnet
Previously DMZ
Don’t want the internet to have direct access to your internal network
The screened subnet holds all necessary information for the internet
Separation of duties
Split knowledge
-No one person has all of the details [One person has half of a safe combination]
Dual Control
-Two people must be present to perform the business function [two keys to open a safe]
Honeypot
Attract attackers
Create a virtual world and once they’re connected, log all of their attempts to get around the security to gain more info about what the attackers are doing on your network
RADIUS
Remote Authentication Dial-in User Service
Centralize authentication for users
– Routers, switches, firewalls
– Server authentication
– Remote VPN access, 802.1X network access
EAP
Extensible Authentication Protocol (EAP) – An authentication framework
* Many different ways to authenticate based on
RFC standards
– Manufacturers can build their own EAP methods
* EAP integrates with 802.1X
– Prevents access to the network until the
authentication succeeds
Posture assessment
Device related
Before connecting to the network, perform a health check – Is it a trusted device?
– Is it running anti-virus? Which one? Is it updated?
– Are the corporate applications installed?
– Is it a mobile device? Is the disk encrypted?
– The type of device doesn’t matter - Windows, Mac,
Linux, iOS, Android
SIEM
Security Information and Event Management
– Logging of security events and information
* Security alerts
– Real-time information
* Log aggregation and long-term storage
– Usually includes advanced reporting features
* Data correlation
– Link diverse data types
* Forensic analysis
– Gather details after an event
VLAN hopping
“Hop” to another VLAN - this shouldn’t happen
Switch spoofing
* Some switches support automatic configuration – Is the switch port for a device, or is it a trunk?
* There’s no authentication required – Pretend to be a switch
– Send trunk negotiation
* Now you’ve got a trunk link to a switch
– Send and receive from any configured VLAN
* Switch administrators should disable trunk negotiation – Administratively configure trunk interfaces and
device/access interfaces
Double tagging
* Craft a packet that includes two VLAN tags
– Takes advantage of the “native” VLAN configuration
* The first native VLAN tag is removed by the first switch
– The second “fake” tag is now visible to the second switch – Packet is forwarded to the target
* This is a one-way trip
– Responses don’t have a way back to the source host
* Don’t put any devices on the native VLAN – Change the native VLAN ID
– Force tagging of the native VLAN
Ephmeral port
temporary port numbers
– Ports 1,024 through 65,535
– Determined in real-time by the clients
Non-ephemeral ports
permanent port numbers
– Ports 0 through 1,023
– Usually on a server or service
Netstat
allows you to check the
state of ports on the local host
Nmap
Network mapper - find network devices
* Port scan - Find devices and identify open ports
* Operating system scan
– Discover the OS without logging in to a device
* Service scan
Scope
Range of addresses and options configured for a single subnet
Default gateway
IP address of router
DHCP Reservation
mapping of a MAC address or interface ID to a specific IP address within the DHCP server’s address pool
AKA Static or fixed address assignment
DHCP Relay
Configuration of a router
to forward DHCP traffic where the client
and server are in different subnets.
IP Helper
Command set in a router
OS to support DHCP relay and other
broadcast forwarding functionality.
SLAAC
Stateless Address Autoconfiguration
IPv6
Automatically configure an IP address
without a DHCP server
FQDN
Unique label specified in a DNS
hierarchy to identify a particular host
within a subdomain within a top-level
domain.
Iterative lookup
When a name server responds to a query with either the requested record or the address of a name server at a lower level in the hierarchy that is authoritative
DNS query type whereby a server responds with
information from its own data store only
Recursive lookup
DNS query type whereby a server submits additional
queries to other servers to obtain the requested information.
SOA
Start of Authority Records
Identifies the primary authoritative name server that maintains complete resource records for the zone
NS
Name Server Records
List the name servers for a domain - NS records point to the name of the server
A vs AAAA
Address records
IPv4 host name vs IPv6 host name
CNAME
Canonical Name Record
Alias for an existing address record
MX
Mail Exchange Record
Used to identify an email server for the domain
SRV
Service Record
contains the service name and port on which a particular application is hosted
- Find a specific service
– Where is the Windows Domain Controller? Where is the instant messaging server? Where is the VoIP controller?
TXT
Text Record
Used to store any free-form text that may be needed to support other network services
Used as part of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)
SPF
– Prevent mail spoofing
– Mail servers check that incoming mail
really did come from an authorized host
DKIM
– Digitally sign your outgoing mail
– Validated by the mail server,
not usually seen by the end user
– Put your public key in the DKIM TXT record
PTR
Pointer Record
The reverse of an A or AAAA record – Added to a reverse map zone file
Forward lookup vs reverse lookup
Forward lookup:
– Provide the DNS server with an FQDN
– DNS server provides an IP address
Reverse Lookup
– Provide the DNS server with an IP address
– The DNS server provides an FQDN
Zone transfer
Mechanism by which a secondary name server obtains a read-only copy of zone records from the
primary server.
Internal DNS
managed on internal servers
– Configured and maintained by the local team
– Contains DNS information about internal devices – DNS service on Windows Server
External DNS
Records that Internet clients must be able to access
– Often Managed by a third-party
– Does not have internal device information – Google DNS, Quad9
SMB
Server Message Block protocol
Allows a host to share its directories/files and printers to make them available for other machines to use
SMBv3 supports message encryption
SIP
Session Initiation Protocol
Ports 5060 and 5061
Syslog severity levels
0 - Emergency - The system is unusable (kernel panic)
1 - Alert - A fault requiring immediate remediation has occurred
2 - Critical - A fault that will require
immediate remediation is likely to develop
3 - Error - A nonurgent fault has developed
4 - Warning - A nonurgent fault is likely to develop
5 - Notice - A state that could potentially lead to an error condition has developed
6 - Informational - A normal but reportable event has occurred
7 - Debug Verbose status conditions used during development and testing
Latency
the time it takes for a transmission to reach the recipient,
measured in milliseconds (ms)
Jitter
a variation in the delay (latency)
the time between frames
Posture Assessment
Process for
verifying compliance with a health policy
by using host health checks
Zero-day
A vulnerability that is exploited before the developer
knows about it or can release a patch
Vulnerability Assessment
an evaluation of a system’s security and ability to
meet compliance requirements based on the configuration state of the system
determines if the current configuration
matches the ideal configuration (the baseline)
CVE
Common Vulnerabilities and Exposures
dictionary of vulnerabilities in
published operating systems and applications software
SIEM
Security Information and Event Management (SIEM)
Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications
penetration testing
uses authorized hacking
techniques to discover exploitable weaknesses in the target’s security systems
Least privilege
a user is granted sufficient rights to perform his or
her job and no more
Role-based access
Administrators provide access based on the role
of the user
Zero trust
Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed
Everything must be verified
– Nothing is trusted
– Multifactor authentication, encryption, system
permissions, additional firewalls, monitoring and
analytics, etc.
ACL
IAM
Authentication factors
Something you know
something you have
something you are
something you do
somewhere you are
EAP
LDAP
