Section 6: Understanding Secure and Insecure Protocols

Question 1

What is the authentication protocol that uses tickets and prevents replay attacks?

Answer 1

Kerberos authentication, during which a TGT session is established where a user obtains an encrypted service ticket. Kerberos uses USN and timestamps to prevent replay attacks.

Question 2

Describe how IPSec tunnel mode works.

Answer 2

Used with L2TP/IPSec VPN session where both the Authenticated Header (AH) and Encapsulating Security Payload (ESP) are encrypted.

Question 3

Describe how IPSec transport mode works.

Answer 3

Server-to-server on a LAN where only the Encapsulating Security Payload (ESP) is encrypted.

Question 4

If an IT administrator uses Telnet to run remote commands on a router, which secure protocol can it be replaced with?

Answer 4

SSH is a secure protocol replacement for Telnet.

Question 5

What is the purpose of a router?

Answer 5

Connects external networks and routes IP packets.

Question 6

What is the purpose of a switch?

Answer 6

Internal device connecting computers being used in the same location.

Question 7

What type of service is Spotify?

Answer 7

Subscription service where user pays a monthly fee. It is a pay-per-use model.

Question 8

Explain how port security works.

Answer 8

A port on a switch is disabled to prevent someone form using a particular wall jack.

Question 9

Describe how a managed switch with 802.1x works.

Answer 9

802.1x authenticates users and devices connecting to a switch.

Normally, the user or device has a certificate to authenticate them without the need to disable ports on the switch. An unauthorized user is prevented from using the port as they have no certificate.

Question 10

What are the three portions of a distinguished name and the order that they come in?

Answer 10

1. CN
2. OU
3. DC

Question 11

Which protocol can you use to prevent DNS poisoning?

Answer 11

DNSSEC, which produces RRSIG records and prevents DNS poisoning.

Question 12

What are the two reasons why a computer might not receive an IP address from a DHCP server?

Answer 12

1. Resource exhaustion
2. Network connectivity issues

Question 13

What type of server would both a SIEM server and a Microsoft domain controller benefit from having installed on their network?

Answer 13

NTP server, to keep the clock times on the hosts up to date since they use Kerberos authentication. Otherwise, the SIEM server cannot put events into chronological order, meaning Kerberos clients cannot login.

Question 14

If two companies rented offices on the same floor of a building, what could the building administrator implement to isolate them from each other?

Answer 14

VLANs in order to provide departmental isolation.

Question 15

What is the purpose of STP?

Answer 15

Spanning Tree Protocol (STP) prevents switches from looping, which slows the switch down.

Question 16

If a network administrator wanted to collect the statuses and reports of network devices, what secure protocol could they use?

Answer 16

SMTP v3.

Question 17

If a network administrator wants to set up a VPN, what is the most secure protocol that they can use?

Answer 17

AES is the strongest protocol for an L2TP/IPSec VPN, as it can use 256 bits.

Question 18

Which secure protocol can be used to prevent a pass-the-hash attack?

Answer 18

Kerberos, because it uses the Active Directory which stores the passwords in an encrypted database.

Pass-the-hash attacks are hash collision attacks against NTLM authentication.

Question 19

Which protocol protects data in transit?

Answer 19

Transport Layer Security (TLS) or Secure Sockets Layer (SSL).

Question 20

Which protocol can be used to digitally sign an email between two people?

Answer 20

Secure/Multipurpose Internet Mail Extensions (S/MIME).

Question 21

Which protocol can be used to secure video conferencing?

Answer 21

Secure Real-Time Transport Protocol (SRTP).

Question 22

Which protocol allows a user to put a Skype session on hold, speak to another person, and then come back to the first caller?

Answer 22

Session Initiation Protocol (SIP).

Question 23

A system administrator is managing a directory service using a protocol that uses TCP port 389. What protocol are they using and which protocol can be used to carry out the same task securely?

Answer 23

LDAP uses TCP port 389 and is used to manage directory services. It can be replaced by LDAPS TCP port 636, which is more secure.

Question 24

Say I use nbtstat -n command and the output shows me the following: IAN <00> IAN <20> What naming convention is used and what format is being show?

Answer 24

The format is NETBIOS, where the name is up to 15-characters long with a service identifier.

The host is called IAN.
<00> indicates the workstation service.
<20> indicates the server service.

Question 25

What protocol can be used to transfer large files remotely?

Answer 25

FTPS, over port 989/990.