Technologies And Tools

Question 1

Layers of the OSI Model

Answer 1

Physical
Data
Network
Transport
Session
Presentation
Application

Question 2

Define IP

Answer 2

Internet Protocol, delivers packets across layer 3

Question 3

Define TCP

Answer 3

Transmission Control Protocol

Question 4

TCP Flags

Answer 4

Syn opens connect
Fin terminates connect
Ack acknowledges request

Question 5

Define UDP

Answer 5

User Data Protocol

Question 6

Primary difference between UDP and TCP

Answer 6

UDP does not send acknowledge responses (one way comms)

TCP is connection oriented

Question 7

DNS Look Up Port Number

Answer 7

53 via UDP

Question 8

FTP Port Number

Answer 8

21

Question 9

SSH Port Number

Answer 9

22

Question 10

RDP Port Number

Answer 10

3389

Question 11

SMTP Port Number

Answer 11

25 Unencrypted

465 Encrypted

Question 12

POP Port Number

Answer 12

110 Unencryted

995 Encrypted

Question 13

IMAP Port Number

Answer 13

143 Unencrypted

993 Encrypted

Question 14

HTTP Port Number

Answer 14

80

Question 15

HTTPS Port Number

Answer 15

443 with SSL

Question 16

Purpose of a Switch

Answer 16

Create Networks on layers 2 and limited layer 3

Question 17

Purpose of Routers

Answer 17

Connect networks via ACL

Question 18

Purpose of Bridges

Answer 18

Connect only two nets over layer 2 between MAC addresses

Question 19

Purpose of a Media Gateway

Answer 19

Translate between network types (i.e. 3G, 4G, LTE, etc)

Question 20

Define a Stateful Firewall

Answer 20

Tracks outgoing communications to determine open connections

Question 21

Purpose of Explicit Deny Rule

Answer 21

To generate logs, implicit deny is not logged.

Question 22

Firewall Positioning

Answer 22

typically between router and internet

Question 23

Difference between a Forward Proxy and Reverse Proxy

Answer 23

Forward Proxy is on client’s side (i.e. a web browser)

Reverse Proxy is on a server’s side

Question 24

Purpose of a Transparent Proxy

Answer 24

Also called “In-line, intercepting, or forced” proxy

Intercepts connection between client and server without modifying requests and responses.

Question 25

Load Balancer Modes

Answer 25

Round-Robin Scheduling | Session Persistance

Question 26

VPN Types

Answer 26

Site-to-site | Remote Access

Question 27

VPN Endpoints

Answer 27

Firewalls Routers Servers VPN Concentrators (for high volume)

Question 28

VPN Modes

Answer 28

Full Tunnel | Split Tunnel

Question 29

IPsec Functions

Answer 29

``` Adds security to TCP/IP via: Internet Key Exchange (IKE) Encapsulating Sec Payload (ESP) for Confidentiality Authentication Header (AH) *Not compatible for dynamic NAT ```

Question 30

Define NIDS

Answer 30

Network Intrusion Detection System

Question 31

Define NIPS

Answer 31

Network Intrusion Prevention System

Question 32

Define HIPS

Answer 32

Host Intrusion Prevention System

Question 33

Define HIDS

Answer 33

Host Intrusion Detection System

Question 34

Detection Methods

Answer 34

Signature Based | Anomaly/Behavior/Heuristic Based

Question 35

Define OAuth

Answer 35

Federated SSO for web authorization

Question 36

Define Open ID Connect

Answer 36

Authentication protocol for OAuth

Question 37

Firewall Rule Configuration Errors

Answer 37

Shadowed Rules Promiscuous Rules Orphaned Rules

Question 38

Define a Shadow Rule

Answer 38

Rule never reached due to placement order

Question 39

Define a Promiscuous Rule

Answer 39

Overly broad permissions

Question 40

Define an Orphaned Rule

Answer 40

Rule built for decommissioned networks or systems

Question 41

Types of Flooding Attacks

Answer 41

SYN flood | MAC flood

Question 42

Define STP and Purpose

Answer 42

Spanning Tree Protocol, prever loops in IP/MAC addressing

Question 43

Network Monitoring Modes

Answer 43

Full Packet Capture | Net Flow Data

Question 44

Information in Net Flow Data

Answer 44

Source and Destination IP/Ports Time Amount of Data

Question 45

SNMP PDU Types

Answer 45

``` GetRequest SetRequest GetNextRequest GetBulkRequest Response Trap InformRequest ```

Question 46

Storage Network Types

Answer 46

Network Attached Storage (NAS), file servers | Storage Area Network (SAN), raw disks

Question 47

802.11 Network speed and frequency

Answer 47

2 Mbps on 2.4 GHz

Question 48

802.11b Network speed and frequency

Answer 48

11 Mbps on 2.4 GHz

Question 49

802.11g Network speed and frequency

Answer 49

22 Mbps on 2.4 GHz

Question 50

802.11n Network speed and frequency

Answer 50

600 Mbps on 2.4/5 GHz

Question 51

802.11ac Network Speeds

Answer 51

1 Gbps

Question 52

Wireless Authentication Methods

Answer 52

Pre-shared Keys | Enterprise Authentication

Question 53

Pre-Shared Key Types

Answer 53

Hexadecimal String | Passwords

Question 54

Enterprise Authentication Types

Answer 54

LEAP EAP PEAP

Question 55

LEAP Algorithm Types

Answer 55

MS-CHAP (insecure)

Question 56

EAP Algorithm Types

Answer 56

TLS TTLS MD5 (Insecure) FAST

Question 57

Define PEAP

Answer 57

EAP tunneled in encrypted TLS

Question 58

Wireless Antennae Types

Answer 58

Omni-Directional Directional Beam forming (Virtual Directional)

Question 59

WAP HW Types

Answer 59

Fat; contain hardware and software | Thin; contain hardware only, configured via wireless controller

Question 60

Define WORM

Answer 60

Write Once Read Many, permanent logs sent to SIEMs

Question 61

Define NTP

Answer 61

Network Time Protocol, sync devices to centralized time server

Question 62

DLP Environments

Answer 62

Host Network Cloud

Question 63

DLP Methods

Answer 63

Pattern matching | Watermarking

Question 64

802.1x Protocol Components

Answer 64

Supplicant Switch/Authenticator Server

Question 65

NAC/NAP Postures

Answer 65

Persistent Agent Dissolvable Agentless

Question 66

Purpose of Protocol Analyzers

Answer 66

Packet sniffing; monitor network traffic and sort by protocol

Question 67

Purpose of Network Scanners

Answer 67

Detect active systems | OS Fingerprinting

Question 68

Common Command Line Networking Prompts

Answer 68

``` Ping Traceroute/tracert Ifconfig/ipconfig Arp Netstat/ss Nc Dig/nslookup ```

Question 69

Ping Command Function

Answer 69

Check remote system accessibility over ICMP

Question 70

Traceroute/tracert Command Function

Answer 70

Determine network path to destination | Devices listed as *** do not self-identify

Question 71

Ifconfig/ipconfig Command Function

Answer 71

View or change configuration

Question 72

Arp Command Function

Answer 72

View ARP cache on local network

Question 73

Netstat/ss Command Function

Answer 73

View all active network connections; - a (listening and non-listening sockets) - l (listening sockets) - s (statistics for each protocol) - i (table of network interfaces)

Question 74

Nc Command Function

Answer 74

Send and receive raw code over network | Not available on windows

Question 75

Dig/nslookup Command Function

Answer 75

Correlate IP addresses and domain names over DNS

Question 76

Telnet Secure Alternative

Answer 76

SSH

Question 77

FTP Secure Alternative

Answer 77

SFTP

Question 78

HTTP Secure Alternative

Answer 78

HTTPS using SSL

Question 79

Network Level Additional Protection Measures

Answer 79

VPN | SSH Tunneling

Question 80

Types of Certificate Errors

Answer 80

Expired Mismatched Names Untrusted CA Revoked

Question 81

Request for Change (RFC) Components

Answer 81

``` Description Impact Risks Mitigation Users Schedule Affected Systems ```

Question 82

Difference between Configuration and Change Management

Answer 82

Configuration Management is for specific products | Change Management is for systems and processes

Question 83

OS Security Issues

Answer 83

Baseline Settings Patch Management System Hardening

Question 84

Application Control Methods

Answer 84

White Listing | Black Listing

Question 85

Mobile Networking Methods

Answer 85

``` Cellular WiFi SAT Comms NFC Bluetooth ANT Infrared USB ```

Question 86

MDM Solutions/Uses

Answer 86

Configuration Management Prevent user modifications Revoke access/remote wipe Application Control

Question 87

Define Containerization

Answer 87

Separate memory allocation for secure/unsecured or business/personal

Question 88

Define geolocation

Answer 88

Track location information

Question 89

Purpose of Geofencing

Answer 89

Alert when leaving area | Limit access to specific area

Question 90

MDM Solutions Circumvention

Answer 90

Side loading | Jailbreaking

Question 91

Mobile Deployment Methods

Answer 91

BYOD CYOD COPE COBO

Question 92

SNMPv1 and 2 Vulnerability

Answer 92

Plain Text Authentication

Question 93

WPS Brute Force Protection

Answer 93

Disable WPS | Update firmware

Question 94

WEP Encryption

Answer 94

RC4

Question 95

WPA Encryption

Answer 95

TKIP

Question 96

WPA2 Encryption

Answer 96

AES: CBC-MAC for integrity CCMP for key rotation

Question 97

IV Role

Answer 97

Build decryption table | Compute RC4 key stream

Question 98

Define EFS

Answer 98

Encryption File System, allows for encryption of individual files or folders

Question 99

Define ANT

Answer 99

Adaptive Network Topology | Proprietary tech used primarily for sports and health

Question 100

Private IP Address Ranges

Answer 100

10. 0.0.1-10.255.255.255 172. 16.0.1-172.31.255.255 192. 168.0.1-192.168.255.255

Question 101

Benefits of Immutable Systems

Answer 101

Lower IT Complexity | Easy to Troubleshoot

Question 102

Purpose of Collectors

Answer 102

Receive sensory input

Question 103

DNSSEC Key Distribution Steps between Servers

Answer 103

Sign a zone Share DNS folder Import DNSSEC key

Question 104

APT Threat Prevention

Answer 104

Restrict administrative privileges Application whitelisting Patch updates for applications, OS, firmware for systems and network devices

Question 105

Define a Null Ciphers

Answer 105

Simple form of steganography hiding a message in a larger message or mass of characters requiring a cipher to decrypt (also called a concealment cipher)

Question 106

Define a Visual Semagram

Answer 106

Form of steganography hiding a message in an image (real or digital)

Question 107

Define a Text Semagram

Answer 107

Form of steganography hiding a message in a text based on text characteristics

Question 108

LDAP Protocol Methods

Answer 108

SSL (layer 5) | TLS (layer 4-7?)

Question 109

Common Banner Grabbing Tools

Answer 109

``` Telnet Wget cURL NMAP Nc DMitry ```

Question 110

Define a Credentialed Scan

Answer 110

Scan conducted from an account on the network

Question 111

WYOD Protections

Answer 111

EMM Remote wipe | Ability to disable bluetooth connectivity

Question 112

Access Point Setup Features

Answer 112

``` MAC Filtering Encryption Algorithm Key length Default Passwords Maximum users ```

Question 113

Meaning of DEP Value of 0

Answer 113

Always off

Question 114

Meaning of DEP Value of 1

Answer 114

Always on

Question 115

Meaning of DEP Value of 2

Answer 115

On for windows binary files

Question 116

Meaning of DEP Value of 3

Answer 116

On for all programs and services

Question 117

Define DEP

Answer 117

Data Execution Prevention

Question 118

802.11a speed and frequency

Answer 118

5 Mbps on 2.4 GHz

Question 119

Types of Vulnerability Scanner Tools

Answer 119

Nessus Retina Vulnerability Assessment Scanner Microsoft Baseline Security Analyzer (MBSA)

Question 120

MBSA Scan Features

Answer 120

``` Open Ports Active IP Addresses Running applications/services Missing critical patches Default user account which have not been disabled Default, blank, or common passwords ```

Question 121

Define OVAL

Answer 121

Open Vulnerability and Assessment Language; international standard for testing, analyzing, and reporting the security vulnerabilities of a system

Question 122

MDM Location Tracking Accuracy (Most to least)

Answer 122

GPS Wi-Fi Triangulation Cell phone tower triangulation IP Address resolution

Question 123

Define MEM and purpose

Answer 123

Mobile Endpoint Managment; automate asset tracking and inventory control process

Question 124

Define a Trunk port

Answer 124

A member of all VLANs defined on a switch for carrying traffic between switches

Question 125

Define Windows Intune

Answer 125

Windows RT tablet management solution

Question 126

Windows Intune Features

Answer 126

Admin Portal: Remote wipe and password changes Account Portal: Manage subscriptions, users, groups and domains Company Portal: End user manager their own accounts and enroll devices

Question 127

Difference between Application Aware Firewall, IDS/IPS, and Proxy

Answer 127

Firewall: enforce security rules IDS/IPS: analyze network packets Proxy: Improve performance and content filtering

Question 128

IPsec NAP Enforcement Method

Answer 128

Issued certificates prior to network connection

Question 129

Switch and WAP Access Control Method

Answer 129

MAC address filtering

Question 130

Least Secure Location for Omni-Directional Antennae

Answer 130

Against a perimeter wall/window

Question 131

DTP Vulnerability

Answer 131

potential for unauthorized devices to modify configuration information

Question 132

Define DTP

Answer 132

Data Trunking Protocol; automatically detects ports that are trunk ports and negotiate the trunking protocol between devices

Question 133

VLAN Creation Hardware

Answer 133

A Switch, switch port is used to identify which VLAN a device belongs to

Question 134

Define a NIC

Answer 134

Network Interface Controller, by default only accepts frames addressed to that specific NIC

Question 135

Purpose of a Network Hub

Answer 135

Sends packets to all device ports

Question 136

Define Network Bonding

Answer 136

Logically groups two or more network adapters for a single network connection

Question 137

Explain Network Communication Security Setting Configuration

Answer 137

Managed by a GPO computer policy

Question 138

Define User Rights

Answer 138

Special category of computer policies that identify maintenance tasks and the users/groups who can perform said actions

Question 139

NAC/NAP Components

Answer 139

Health validation, 802.1x authentication, IPsec enforcement

Question 140

GPO Application Order

Answer 140

Local Group Policy, GPO's linked to the site, GPO's linked to the user/computer domain, GPO's linked to the organizational unit (OU) from highest to lowest

Question 141

DLP Monitoring States

Answer 141

Data in use on endpoints, Data in motion transmitted over a network, Data at rest on a storage medium, Data transmitted to/from cloud-based systems

Question 142

Key Exchange Protocols

Answer 142

TLS: DH or RSA SSL: KEA or RSA IPsec: IKE

Question 143

Define IDEA

Answer 143

International Data Encryption Algorithm, symmetric-key block cipher

Question 144

SSH Algorithms

Answer 144

IDEA (default) Blowfish DES

Question 145

Explain the purpose of Firewall Logs

Answer 145

Identify traffic allowed or denied through the firewall (servers running specific services, device communicating via specific ports, etc.)

Question 146

Explain the purpose of Systems Logs

Answer 146

Record OS, system, and HW events (logons, logon attempts, user rights, etc.)

Question 147

Explain the purpose of Application Logs

Answer 147

Record actions performed by applications

Question 148

Explain the purpose of Performance Logs

Answer 148

Record information about system resources (network connections, processors, memory, disks, and network utilization)

Question 149

Archived Logs Primary Considerations

Answer 149

Disk space required Backup requirements on the server Time stamping Integrity of the logs

Question 150

Application Level Audit Components

Answer 150

Logon/Logon Attempts User Name Start/End Time of access Activities performed

Question 151

Purpose of Promiscuous Mode (p-mode)

Answer 151

Visibility for packet sniffers viewing captured frames sent to a NIC

Question 152

Purpose of a Throughput Tester

Answer 152

Measure the amount of data that can be transferred through a network (aka bandwidth)

Question 153

Linux TCP Port Scan Command

Answer 153

nmap -sT

Question 154

Linux UDP Port Scan Command

Answer 154

nmap -sU

Question 155

Purpose of TPM

Answer 155

Generate and store cryptographic keys | Generate hash values of system components

Question 156

Linux server Installed Software RPM Package List Command

Answer 156

yum list installed