Secure Network Protocols

Question 1

A suite of security extensions for an Internet service that translates domain names into IP addresses is known as:
EDNS
DNSSEC
Split DNS
DDNS

Answer 1

DNSSEC (Domain Name System Security Extensions) is a suite of security extensions for the Domain Name System (DNS) protocol. It aims to add security features, such as data origin authentication and data integrity, to DNS responses. DNSSEC achieves this by adding digital signatures to DNS records, which allows DNS clients to verify the authenticity of DNS data received from authoritative DNS servers. This helps prevent various DNS-based attacks, such as DNS spoofing and DNS cache poisoning, by ensuring that DNS responses have not been tampered with in transit.

DNSSEC provides a mechanism for domain owners to cryptographically sign their DNS records, allowing DNS resolvers to validate the authenticity of DNS responses and ensure the integrity of DNS data. Overall, DNSSEC enhances the security of the DNS infrastructure and helps protect users from DNS-related attacks.

EDNS (Extension Mechanisms for DNS): EDNS is a protocol extension for DNS that allows DNS messages to carry larger payloads and additional information. While it can enhance DNS functionality, it is not specifically focused on security.

Split DNS: Split DNS is a configuration where different DNS servers are used for resolving domain names based on whether the request originates from inside or outside a private network. It is not primarily a security extension but rather a technique for network optimization and control.

DDNS (Dynamic DNS): DDNS is a method of automatically updating DNS records with new or changed IP addresses for devices with dynamic (changing) IP addresses. While it has implications for DNS management, it is not a suite of security extensions for DNS.

Question 2

Which of the following answers refers to a non-proprietary cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services?
RDP
Telnet
SSH
RAS

Answer 2

SSH (“secure shell”) is a cryptographic network protocol that is widely used for secure communication and remote command-line login. It provides strong encryption and authentication mechanisms to protect data transmitted over a network, making it suitable for secure access to remote systems and services. SSH uses public-key cryptography for authentication, allowing users to securely log in to remote servers without transmitting passwords over the network. It also supports encryption of data transmitted between client and server, ensuring confidentiality and integrity of the communication.

SSH is commonly used by system administrators, software developers, and network engineers to securely manage remote servers, transfer files, and execute commands on remote systems. It has become the de facto standard for secure remote access and is supported by most operating systems and network devices.

Here are brief definitions of the other options:

RDP (Remote Desktop Protocol): RDP is a proprietary protocol developed by Microsoft for remote desktop connections and graphical user interface (GUI) interaction with remote computers. It is primarily used for accessing and controlling Windows-based systems remotely.

Telnet: Telnet is a network protocol used for establishing remote terminal connections and executing commands on remote hosts. However, Telnet does not provide encryption or authentication, making it insecure for transmitting sensitive information over untrusted networks.

RAS (Remote Access Service): RAS is a feature in Microsoft Windows operating systems that provides remote access capabilities, such as dial-up networking and virtual private network (VPN) connections. While it enables remote access to network resources, it does not specifically provide encryption or secure communication protocols like SSH.

Question 3

T/F

Multipurpose Internet Mail Extensions (MIME) specification extends the email message format beyond simple text, enabling the transfer of graphics, audio, and video files over the Internet mail system. Secure MIME (S/MIME) is an enhanced version of the MIME protocol that enables email security features by providing encryption, authentication, message integrity, and other related services.

Answer 3

True.

The statement accurately describes Multipurpose Internet Mail Extensions (MIME) and Secure MIME (S/MIME). MIME is a specification that extends the email message format to support the transfer of multimedia content, such as graphics, audio, and video files, over the Internet mail system. S/MIME is an enhanced version of MIME that adds security features to email communication.

These features include encryption to protect the confidentiality of messages, authentication to verify the identity of the sender, and message integrity to ensure that the content has not been tampered with during transit. Therefore, the statement is true.

Question 4

Which protocol enables secure, real-time delivery of audio and video over an IP network?
S/MIME
RTP
SIP
SRTP

Answer 4

SRTP is correct.

SRTP (Secure Real-time Transport Protocol) enhances RTP (Real-time Transport Protocol) by providing encryption, authentication, and replay protection for real-time audio and video communication over IP networks. It ensures the confidentiality, integrity, and authenticity of transmitted data, safeguarding against eavesdropping and tampering. SRTP is commonly used in VoIP systems and video conferencing applications to ensure secure communication.

S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a protocol used for securing email communication by providing encryption, authentication, and message integrity services. It is not specifically designed for real-time audio and video delivery over IP networks.

RTP (Real-time Transport Protocol): RTP is a protocol used for transmitting audio and video data in real time over IP networks. While RTP provides the mechanism for real-time delivery, it does not inherently provide security features such as encryption.

SIP (Session Initiation Protocol): SIP is a signaling protocol used for initiating, maintaining, and terminating communication sessions, such as voice and video calls, over IP networks. While SIP is used in conjunction with RTP for real-time communication, it does not provide security features on its own.

Question 5

LDAPS

Answer 5

LDAPS (Lightweight Directory Access Protocol over Secure Socket Layer) is a protocol used for secure communication with directory services, such as Active Directory. It operates similarly to LDAP but adds an extra layer of security by using SSL/TLS encryption to protect data transmission. LDAPS encrypts the communication channel between the LDAP client and server, ensuring that sensitive information, such as user credentials and directory data, remains confidential and secure from eavesdropping and tampering. It is commonly used in environments where data security and privacy are critical requirements, such as enterprise networks and identity management systems.

Question 6

Authentication protocol

Answer 6

Authentication protocol: An authentication protocol is a set of rules and procedures used to verify the identity of users or devices attempting to access a system or network. It typically involves exchanging credentials, such as usernames and passwords, certificates, or biometric data, to authenticate the identity of the entity seeking access.

Question 7

Secure directory access protocol

Answer 7

Secure directory access protocol: Secure directory access protocol refers to protocols used to securely access directory services, such as LDAP (Lightweight Directory Access Protocol) over SSL/TLS (LDAPS). These protocols ensure that directory data, including user and device information, is accessed securely and confidentially, typically through encryption and authentication mechanisms.

Question 8

Address resolution protocol

Answer 8

Address resolution protocol: Address Resolution Protocol (ARP) is a protocol used to map IP addresses to physical MAC addresses on a local network. It enables devices to discover the hardware address associated with a given IP address, allowing for the proper delivery of data packets within a local network segment.

Question 9

File exchange protocol

Answer 9

File exchange protocol: File exchange protocol refers to protocols designed for the transfer of files between computers over a network. Examples include FTP (File Transfer Protocol), SFTP (SSH File Transfer Protocol), and SCP (Secure Copy Protocol). These protocols provide mechanisms for secure and reliable file transfer, often including encryption, authentication, and data integrity checks.

Question 10

Which of the following protocols allow(s) for secure file transfer? (Select all that apply)
FTPS
TFTP
FTP
SFTP

Answer 10

The protocols that allow for secure file transfer are:

FTPS (File Transfer Protocol Secure): FTPS is an extension of FTP that adds support for SSL/TLS encryption for secure data transmission. It provides authentication and encryption mechanisms to protect file transfers from eavesdropping and tampering.

SFTP (SSH File Transfer Protocol): SFTP is a secure file transfer protocol that operates over SSH (Secure Shell) to provide secure file access, transfer, and management. It encrypts data during transmission and provides authentication mechanisms to ensure secure communication between client and server.

TFTP (Trivial File Transfer Protocol) and FTP (File Transfer Protocol) do not provide inherent security features for file transfer.

TFTP is a simple file transfer protocol that operates over UDP (User Datagram Protocol) and does not include built-in encryption or authentication mechanisms. As a result, data transmitted using TFTP is not secure and can be intercepted or modified by malicious actors.

FTP, while widely used for file transfer, also lacks inherent security features. It sends data in plaintext, making it susceptible to eavesdropping and unauthorized access. Although FTPS (File Transfer Protocol Secure) is a secure version of FTP that adds support for SSL/TLS encryption, the base FTP protocol itself does not provide security.

Question 11

T/F

Secure File Transfer Protocol (SFTP) is an extension to the FTP protocol that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.

Answer 11

This statement is not accurate. Secure File Transfer Protocol (SFTP) is actually a completely different protocol from FTP and does not rely on TLS or SSL for security.

SFTP (SSH File Transfer Protocol) operates over SSH (Secure Shell) and uses SSH’s secure communication channels to encrypt data during transmission. It provides secure file transfer, remote file management, and access to remote file systems. SFTP is often preferred over FTP for its enhanced security features, including encryption and authentication mechanisms provided by SSH.

In contrast, FTPS (File Transfer Protocol Secure) is the extension of FTP that adds support for TLS (Transport Layer Security) and SSL (Secure Sockets Layer) cryptographic protocols. FTPS secures the communication channel between the client and server using SSL/TLS encryption, providing similar security features to SFTP but within the context of the FTP protocol.

Question 12

T/F

FTPS is an extension to the Secure Shell (SSH) protocol and runs by default on port number 22.

Answer 12

This statement is incorrect. FTPS (File Transfer Protocol Secure) is not an extension to the Secure Shell (SSH) protocol. Instead, FTPS is an extension of the FTP (File Transfer Protocol) that adds support for SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for secure data transmission.

FTPS typically runs over TCP (Transmission Control Protocol) ports 989 for FTPS control connections and 990 for FTPS data connections when using explicit FTPS (FTP over SSL/TLS). However, it can also use other port numbers depending on the configuration.

Question 13

Which version(s) of the SNMP protocol offer(s) authentication based on community strings sent in an unencrypted form? (Select all that apply)
SNMPv1
SNMPv2
SNMPv3
SNMPv4

Answer 13

SNMP stands for Simple Network Management Protocol. It is a protocol used for managing and monitoring network devices and systems, such as routers, switches, servers, printers, and other network-attached devices. SNMP allows network administrators to remotely monitor device performance, collect statistical data, and manage configurations.

SNMPv1 and SNMPv2 offer authentication based on community strings sent in an unencrypted form.

Question 14

T/F

Of the three existing versions of the Simple Network Management Protocol (SNMP), versions 1 and 2 (SNMPv1 and SNMPv2) offer authentication based on community strings sent in an unencrypted form (in cleartext). SNMPv3 provides packet encryption, authentication, and hashing mechanisms that allow for checking whether data has changed in transit (i.e. validation of data integrity).

Answer 14

SNMPv3 represents a significant leap forward in network management security, offering robust encryption, authentication, authorization, and data integrity mechanisms to protect sensitive information exchanged between SNMP managers and agents. With packet encryption ensuring confidentiality, authentication mechanisms verifying the identities of users and devices, authorization controls defining access privileges, and data integrity validation ensuring message integrity, SNMPv3 provides a comprehensive security framework to safeguard against eavesdropping, tampering, and unauthorized access. This enhanced security posture makes SNMPv3 an indispensable tool for organizations seeking to maintain the confidentiality, integrity, and availability of their network management data in today’s threat landscape.

Question 15

What is the name of a network protocol that secures web traffic via SSL/TLS encryption?
SFTP
HTTPS
FTPS
SNMP

Answer 15

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, the protocol used for transmitting data between a web browser and a website. It employs SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption to ensure the confidentiality and integrity of data exchanged between the client (web browser) and the server (website).

When a user accesses a website via HTTPS, the communication is encrypted, preventing eavesdropping and tampering by malicious actors. This encryption is particularly crucial for sensitive transactions such as online banking, e-commerce purchases, and transmitting personal information, as it protects users’ sensitive data from interception and unauthorized access. Additionally, HTTPS provides authentication mechanisms to verify the identity of the website, enhancing trust and security for users browsing the web.

Question 16

Which of the protocols listed below enables remote access to another computer on the network via web browser?
RDP
HTTPS
SSH
VNC

Answer 16

The protocol that enables remote access to another computer on the network via a web browser is HTTPS (Hypertext Transfer Protocol Secure). HTTPS allows users to securely access remote computers, servers, or network devices using a web browser by establishing an encrypted connection over the Internet. This protocol is commonly used for remote administration, web-based applications, and accessing web-based management interfaces of network devices.

Overview of incorrect answers:

RDP (Remote Desktop Protocol): RDP enables users to remotely access and control another computer’s desktop and applications. However, it typically requires dedicated client software and does not operate within a web browser environment.

SSH (Secure Shell): SSH is a network protocol that provides secure access to a remote computer or server’s command-line interface. It is commonly used for remote administration and file transfer, but it also does not operate within a web browser environment.

VNC (Virtual Network Computing): VNC is a protocol used for remote desktop access and control similar to RDP. It allows users to view and interact with the desktop of a remote computer, but like RDP, it requires dedicated client software and does not operate within a web browser environment.

Question 17

Which part of the IPsec protocol suite provides authentication and integrity?
CRC
AH
SIEM
AES

Answer 17

AH (Authentication Header) is a protocol within the IPsec suite that provides authentication and integrity. It ensures that the data hasn’t been tampered with during transmission by using cryptographic techniques to create a hash-based message authentication code (HMAC). This HMAC is then verified by the receiving party to ensure the data’s integrity and authenticity.

Wrong answers:

CRC (Cyclic Redundancy Check) is a simple error-detecting code used in network communications, but it’s not designed for authentication or integrity within IPsec.

SIEM (Security Information and Event Management) is a system for collecting and analyzing security event data, such as logs, for threat detection and response. While SIEM systems play a crucial role in network security, they are not part of the IPsec protocol suite.

AES (Advanced Encryption Standard) is a symmetric encryption algorithm used for encrypting data to ensure confidentiality. While encryption is a component of IPsec, AES specifically addresses confidentiality rather than authentication or integrity.

Question 18

Which part of IPsec provides authentication, integrity, and confidentiality?
AES
SHA
AH
ESP

Answer 18

Encapsulating Security Payload (ESP).

ESP encrypts the entire IP packet, providing confidentiality, and includes mechanisms for authentication and integrity protection. It achieves this by using encryption algorithms to keep the data confidential, and cryptographic techniques like HMAC (Hash-based Message Authentication Code) to ensure both authenticity and integrity.

Wrong answers:

AH (Authentication Header) provides authentication and integrity but does not encrypt the entire IP packet, so it does not offer confidentiality.

CRC (Cyclic Redundancy Check) is a basic error-detection technique, not a part of IPsec providing authentication, integrity, and confidentiality.

SIEM (Security Information and Event Management) is a system for managing security events and logs, not a part of IPsec.

Question 19

IPSec

Answer 19

IPsec stands for Internet Protocol Security. It’s a suite of protocols used to secure internet protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec ensures that data transmitted over a network is protected from unauthorized access, manipulation, or eavesdropping. It’s commonly used in VPNs (Virtual Private Networks) to create secure tunnels over the internet, allowing remote users to securely access private networks.

Question 20

Which of the IPsec modes provides entire packet encryption?
Tunnel
Payload
Transport
Default

Answer 20

In Tunnel mode, the entire original IP packet is encapsulated within a new IP packet, and the entire inner packet, including the original IP header, is encrypted. This mode is often used in VPN scenarios where entire packets need to be protected as they traverse untrusted networks.

Wrong answers:

Payload mode doesn’t exist in the context of IPsec.

Transport mode encrypts only the payload (data) of the IP packet, leaving the original IP header untouched.

Default mode doesn’t specifically refer to an IPsec mode.

Question 21

POP3

Answer 21

POP3, or Post Office Protocol version 3, is a protocol used by email clients to retrieve messages from a mail server.

It allows users to connect to their mailbox on the server, authenticate themselves with a username and password, and download their emails to a local device.

POP3 is known for its simplicity and efficiency but lacks features like message synchronization across multiple devices, which makes it less ideal for users who need to access their emails from various devices.

Question 22

Which of the following answers refer to IMAP? (Select 2 answers)
Offers improved functionality in comparison to POP3
Serves the same function as POP3
Enables sending email messages from client devices
Offers less functions than POP3
Enables email exchange between mail servers

Answer 22

The two answers that refer to IMAP (Internet Message Access Protocol) are:

Offers improved functionality in comparison to POP3: IMAP provides more advanced features compared to POP3, such as the ability to access and manage emails directly on the server, support for multiple folders, and message synchronization across devices.

Serves the same function as POP3: Both IMAP and POP3 serve the function of retrieving emails from a mail server, though IMAP offers more advanced features and functionality compared to POP3.

Wrong answers:

Enables email exchange between mail servers: IMAP is primarily used for accessing and managing emails on a mail server from client devices. It doesn’t directly facilitate email exchange between mail servers.

Enables sending email messages from client devices: Both IMAP and POP3 are protocols used for receiving emails from a mail server, not for sending emails. Sending email messages typically involves SMTP (Simple Mail Transfer Protocol), not IMAP or POP3.

Offers less functions than POP3: This statement is incorrect. IMAP offers more functions and features compared to POP3, as it allows users to manage their emails directly on the server, access multiple folders, and synchronize messages across devices.

Question 23

IMAP

Answer 23

IMAP, or Internet Message Access Protocol, is an email protocol that allows users to access and manage their email messages stored on a remote server.

Unlike POP3, it keeps emails on the server, enabling users to access them from multiple devices while maintaining synchronization.

IMAP supports folder management and ensures changes made to emails on one device are reflected across all devices accessing the same mailbox. Overall, IMAP offers greater flexibility and functionality compared to POP3, making it suitable for users who need to access their emails from multiple devices.

Question 24

Which of the answers listed below refers to a deprecated TLS-based method for securing SMTP?
IMAPS
STARTTLS
POP3S
SMTPS

Answer 24

The answer that refers to a deprecated TLS-based method for securing SMTP is “SMTPS.”

SMTPS, or SMTP Secure, was a method of securing SMTP connections using SSL or TLS encryption. However, SMTPS has been deprecated in favor of the more modern and flexible approach called “STARTTLS.”

Wrong answers:

IMAPS: IMAPS is used for securing IMAP connections with SSL or TLS encryption, not SMTP.
STARTTLS: STARTTLS is the preferred method for securing SMTP connections with SSL or TLS encryption. It’s not deprecated; in fact, it’s widely used and recommended.
POP3S: POP3S is used for securing POP3 connections with SSL or TLS encryption, not SMTP.

Question 25

STARTTLS

Answer 25

STARTTLS is a method used to upgrade an existing insecure connection to a secure one using SSL/TLS encryption. In the context of email protocols like SMTP, IMAP, and POP3, STARTTLS allows servers and clients to negotiate a secure connection after the initial connection is established.

This negotiation involves the server sending a response indicating its capability to support STARTTLS, and if both the server and client support it, they proceed to encrypt the communication using SSL/TLS. STARTTLS helps enhance security by protecting sensitive data, such as email content and login credentials, from interception or tampering during transmission over the network.

Question 26

Which of the following answers refer(s) to POP3S encrypted communication? (Select all that apply)
TCP port 993
Secure Sockets Layer (SSL)
TCP port 995
Transport Layer Security (TLS)
TCP port 110

Answer 26

TCP port 995: POP3S typically uses this port for encrypted communication. When POP3 is secured with SSL/TLS encryption, it’s referred to as POP3S.

Secure Sockets Layer (SSL): SSL is a cryptographic protocol used to secure communications over a computer network, including POP3S. It provides encryption and security for POP3 communication.

Transport Layer Security (TLS): TLS is the successor to SSL and is used for securing various network communications, including POP3S. It provides encryption and security similar to SSL.

Wrong Answers:

TCP port 993: This port is commonly used for IMAPS (IMAP over SSL/TLS), not POP3S.

TCP port 110: This port is typically used for non-encrypted POP3 communication, not POP3S.

Question 27

What are the characteristic features of the secure version of IMAP? (Select all that apply)
TCP port 143
Secure Sockets Layer (SSL)
TCP port 993
Transport Layer Security (TLS)
TCP port 995

Answer 27

The characteristic features of the secure version of IMAP are:

Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
TCP port 993

Explanation:

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols used to secure communication. They are commonly used to encrypt IMAP connections, providing confidentiality and integrity.

TCP port 993 is the standard port used for secure IMAP (IMAPS) connections.
Wrong answers:

TCP port 143 is the default port for non-encrypted IMAP connections.
TCP port 995 is typically used for encrypted POP3 (POP3S) connections, not IMAPS.

Question 28

TCP Ports 143, 993, and 995 are used for…

Answer 28

TCP Ports 143, 993, and 995 are used for email-related protocols:

TCP port 143: This port is used for the Internet Message Access Protocol (IMAP) without encryption. It’s the default port for non-encrypted IMAP connections.

TCP port 993: This port is used for IMAP over SSL (IMAPS), which encrypts the IMAP communication using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). It provides a secure way to access email messages stored on a server.

TCP port 995: This port is used for the Post Office Protocol version 3 (POP3) over SSL (POP3S). Similar to IMAPS, POP3S encrypts the communication between the email client and the server using SSL or TLS, ensuring the confidentiality and integrity of the transmitted data.

Question 29

Which of the following is a secure implementation of a protocol used for synchronizing clocks over a computer network?
NTPsec
SRTP
SNMPv3
SNTP

Answer 29

NTPsec (Network Time Protocol Secure) is a secure implementation of the Network Time Protocol (NTP), designed to provide accurate time synchronization over networks while addressing security concerns and vulnerabilities present in older versions of NTP.

SNTP (Simple Network Time Protocol) is a simplified version of NTP that lacks some of the security features found in NTPsec.

SNTP (Simple Network Time Protocol) is a secure implementation of the Network Time Protocol (NTP) designed for time synchronization over networks. It’s a simplified version of NTP that provides accurate timekeeping without the need for complex features.

SRTP (Secure Real-time Transport Protocol): SRTP is used for securing real-time communications such as VoIP and video conferencing, not for time synchronization.

SNMPv3 (Simple Network Management Protocol version 3): SNMPv3 provides secure management and monitoring of network devices, but it’s not used for time synchronization.

Question 30

A security feature of a network switch that provides countermeasures against rogue DHCP servers is called:
DHCP scope
DHCP reservation
DHCP snooping
DHCP relay agent

Answer 30

The security feature of a network switch that provides countermeasures against rogue DHCP (Dynamic Host Configuration Protocol) servers is called “DHCP snooping.”

Explanation:

DHCP snooping is a security feature implemented on network switches to mitigate the risk posed by rogue DHCP servers. It works by monitoring DHCP traffic on the network and building a binding table of legitimate DHCP servers and their associated IP addresses with connected clients. If a DHCP server not listed in the binding table is detected, DHCP snooping can block or drop DHCP messages from unauthorized sources, preventing clients from receiving incorrect IP configurations from rogue servers.

Wrong answers:

DHCP scope: DHCP scope defines a range of IP addresses available for lease to clients by a DHCP server. It’s not a security feature specifically aimed at countering rogue DHCP servers.
DHCP reservation: DHCP reservation is a feature of DHCP servers that allows specific IP addresses to be assigned to particular clients based on their MAC addresses. It’s not a security feature designed to prevent rogue DHCP servers.
DHCP relay agent: DHCP relay agent is used to forward DHCP messages between DHCP clients and servers across different network segments. While it plays a role in DHCP communication, it’s not specifically focused on mitigating the threat of rogue DHCP servers.

Question 31

DHCP Server

Answer 31

A DHCP (Dynamic Host Configuration Protocol) server is a network server that automatically assigns IP addresses and network configuration information to devices (such as computers, smartphones, or printers) on a network. Here’s a brief overview:

IP Address Assignment: The DHCP server dynamically assigns IP addresses from a predefined pool of addresses to devices that request them. This eliminates the need for manual configuration of IP addresses, making network management more efficient.

Network Configuration: In addition to IP addresses, the DHCP server can also provide other network configuration parameters to devices, such as subnet mask, default gateway, DNS server addresses, and domain name.

Lease Management: The DHCP server leases IP addresses to devices for a specific period, known as the lease duration. After the lease period expires, the device must renew its lease with the DHCP server to continue using the same IP address.

Centralized Management: DHCP servers centralize the management of IP address allocation and configuration, making it easier to maintain and update network settings across multiple devices.

Overall, DHCP servers play a crucial role in simplifying the process of network configuration and management by automating the assignment of IP addresses and related parameters to devices on a network.