Telecommunications and Network Security

Question 1

The ____ _____ layer is the lowest layer at which meaning is assigned to the
bits that are transmitted over the network.

Answer 1

Data Link

Question 2

Data-link protocols address things, such as?

Answer 2

Size of each packet of data to be sent, a means of addressing each packet so that it’s delivered to the
intended recipient, and a way to ensure that two or more nodes don’t try to
transmit data on the network at the same time.

Question 3

What does the data link layer provide for the network layer?

Answer 3

The data
link layer provides transparent network services to the network layer so the
network layer can be ignorant about the underlying physical network topology

Question 4

What kind of devices operate of the Data Link layer?

Answer 4

Switches, bridges,

WAPs, and NICs

Question 5

The ______ ______ layer is concerned with the local delivery of frames
between devices on the same LAN.

Answer 5

Data Link

Question 6

What are the two sublayers of the Data link layer?

Answer 6

Logical Link Control

and Media Access Control

Question 7

What services does the Data link Media access control sublayer provide?

Answer 7

Multiple access protocols (CSMA/CD for Ethernet bus and hub networks or
CSMA/CA for wireless networks), MAC Addressing, LAN switching (packet
switching), Data packet queuing, Quality of Service control, and VLANs

Question 8

What layer handles the task of routing network messages from one computer to
another?

Answer 8

Network Layer

Question 9

What is a Logical Address?

Answer 9

Logical addresses are created and used by
Network Layer protocols, such as IP or IPX. The Network Layer protocol
translates logical addresses to MAC addresses

Question 10

What are the five steps of Data Encapsulation?

Answer 10

1) The application,
presentation, and session layer take user input and convert it into data
2)The transport layer adds a segment header converting the data into segments
3) The network layer adds a network header and converts the segments into
packets/datagrams
4) The data link layer adds a frame header converting the
packets/datagrams into frames 5) The MAC sublayer converts the frames into
bits, which the physical layer can put on the wire

Question 11

What are two important functions of the Network layer?

Answer 11

Logical addressing

and routing

Question 12

What type of threats are there to layer 1?

Answer 12

Theft, Unauthorized access, Vandalism, Sniffing, Interference, Data Emanation

Question 13

What are some ways to strengthen security at the Data Link Layer (Layer 2)?

Answer 13

Disable unused ports in order to prevent fraudulent connections which could
lead to eavesdropping, flooding attacks, or ARP spoofing. Using secure
protocols for communication (using WPA2 or WPA over WEP) and correctly
configuring VLANs

Question 14

What are the four general classes of Malware?

Answer 14

Virus, Worm, Trojan Horse,

Spyware

Question 15

What framework handles multiple connections at the same time, provides
secure authentication and encryption, and works at the network layer and
provides security on top of IP?

Answer 15

IPSec

Question 16

What does IPSec help protect against?

Answer 16

Network-based attacks from untrusted
computers, attacks that can result in the DOS of applications, services, or
the network, Data corruption, Data theft, User credential theft,
Administrative control of servers, other computers, and the network

Question 17

What service usually runs on port 25?

Answer 17

Simple Mail Transfer Protocol (SMTP)

Question 18

What service usually runs on port 21?

Answer 18

File Transfer Protocol (FTP)

Question 19

What service usually runs on port 23?

Answer 19

Telnet

Question 20

What service usually runs on port 53?

Answer 20

Domain Name Service (DNS)

Question 21

What is the range of the Well Known Ports?

Answer 21

0 through 1023

Question 22

Ports from 1024 through 49151 are called?

Answer 22

Registered Ports

Question 23

Ports from 49152 through 65535 are called?

Answer 23

Dynamic and/or Private Ports

Question 24

What is an example of a fast packet-switching network that can be used for
either data, voice or video, but packets are of a fixed size?

Answer 24

Asynchronous
Transfer Mode (ATM)

Question 25

What was developed to support TCP/IP networking over low-speed serial
interfaces?

Answer 25

Serial Line IP (SLIP)

Question 26

What is Wireless Transport Layer Security?

Answer 26

A communication protocol
that allows wireless devices to send and receive encrypted information over
the Internet.

Question 27

What is the Internet?

Answer 27

The Internet is a global network of public networks

and Internet Service Providers throughout the world.

Question 28

________ switching is a network switching technique in which data is routed
in its entirety from the source node to the destination node, one hop at a
time.

Answer 28

Message

Question 29

What is it called when messages are divided into packets before they are
sent and each packet can be transmitted individually and can follow
different routes to its destination?

Answer 29

Packet switching

Question 30

What is circuit switching?

Answer 30

Circuit switching is a methodology of
implementing a telecom network in which two network nodes establish a
dedicated comm channel (circuit) through the network before they communicate

Question 31

A _______ _______ protocol allows higher level protocols to avoid dealing
with the division of data into segments, packets, or frames

Answer 31

Virtual

Circuit

Question 32

IPSec provides confidentiality and integrity to information transferred over
IP networks through ________ layer encryption and authentication.

Answer 32

Network

Question 33

What is a communication channel that is divided into an arbitrary number of
variable bit-rate digital channels or data streams?

Answer 33

Statistical

multiplexing

Question 34

Information from each data channel is allocated bandwidth based on
pre-assigned time slots, regardless of whether there is data to transmit?

Answer 34

Time-division multiplexing (TDM)

Question 35

ATM uses ______ _______ ______ _______, and encodes data into small
fixed-sized packets called cells.

Answer 35

Asynchronous time-division

multiplexing

Question 36

What is a technique by which the total bandwidth available in a comm medium
is divided into a series of non-overlapping frequency sub-bands, each of
which is used to carry a separate signal?

Answer 36

Frequency Division

Multiplexing (FDM)

Question 37

What was designed to support multiple network types over the same serial
link?

Answer 37

Point-to-Point Protocol (PPP)

Question 38

What was designed to support multiple network types over the same LAN?

Answer 38

Ethernet

Question 39

This is used when a dest IP address is not located on the current LAN
segment. It consist of a list of station and network addresses and a
corresponding gateway IP address.

Answer 39

IP Routing Table

Question 40

Most modern Wide Area Network (WAN) protocols, including TCP/IP, X.25, and
Frame Relay, are based on what?

Answer 40

Packet switching technologies

Question 41

What is circuit switching best used for?

Answer 41

Real time data such as live

audio and video

Question 42

What is port knocking?

Answer 42

Port knocking is where the client will attempt to
connect to a predefined set of ports to identify him as an authorized
client. The port knocking sequence is used to identify the client as a
legitimate user.

Question 43

What’s a security benefit of using a full-duplex switch?

Answer 43

That is
ensures that most traffic is segregated between computer and switch and not
broadcast to all hosts

Question 44

Which OSI model layer manages communications in simplex, half-duplex, and
full-duplex modes?

Answer 44

Session

Question 45

______ ________ firewalls are able to grant a broader range of access for
authorized users and activities and actively watch for unauthorized users
and activities.

Answer 45

Stateful Inspection

Question 46

What is a TCP wrapper?

Answer 46

A TCP wrapper is an application that can serve as a basic firewall by
restricting access based on user IDs or system IDs.

Question 47

What can be described as a logical circuit that always exists and is waiting
for the customer to send data?

Answer 47

Permanent Virtual Circuit (PVC)

Question 48

What is an amendment to the 802.11 standard that defines a new
authentication and encryption technique that is similar to IPSec and no
real-world attack has compromised this wireless network?

Answer 48

802.11i(WPA-2)

Question 49

802.1q defines what?

Answer 49

VLAN tagging, it is used by switches and bridges to manage traffic within
and between VLANs.

Question 50

What is a form of wireless authentication protection that requires all
wireless clients to pass a gauntlet of RADIUS or TACACS services before
network access is granted?

Answer 50

802.1x

Question 51

What is 1000Base-T commonly called? 100Base-TX?

Answer 51

Giga-bit Ethernet, Fast Ethernet

Question 52

10Base2 is also called? 10Base5? 10Base-T?

Answer 52

Thinnet, Thicknet, Twisted-pair

Question 53

A peer-to-peer wireless network connection between two(or more) individual
systems without the need for a wireless base station?

Answer 53

Ad-hoc

Question 54

A subprotocol of the TCP/IP protocol suite that operates at the Data Link
Layer, normally used to discover the MAC address of systems by polling using
its IP address?

Answer 54

Address Resolution Protocol (ARP)

Question 55

Suite of protocols developed by Apple for networking of Macintosh Systems?

Answer 55

AppleTalk(No longer in use by Apple since 2009)

Question 56

What is a type of firewall that filters traffic based on the internet
service used to transmit or receive the data(Also known as second gen
firewalls)?

Answer 56

Application-level gateway firewall

Question 57

What kind of WAN tech is this? Uses cell-switching rather than
packet-switching and uses virtual circuits but guarantee’s throughput due to
the fixed size frames or cells, is also excellent for voice and
videoconferencing.

Answer 57

Asynchronous transfer mode(ATM)

Question 58

Attenuation is what?

Answer 58

The loss of signal strength and integrity on a cable because of the length
of the cable

Question 59

What is the IP address range used by Automatic Private IP addressing
(APIPA)?

Answer 59

169.254.0.0 - 169.254.255.255

Question 60

What is a feature/benefit provided by service providers that allows clients
to consume more bandwidth when needed and if the carrier network has the
capacity(such consumption is often charged at a higher rate)?

Answer 60

Bandwidth on demand

Question 61

What is baseband?

Answer 61

A communication medium that supports only a single communication signal at a
time

Question 62

What is Base Rate Interface (BRI)?

Answer 62

An ISDN service type

Question 63

What is a beacon frame?

Answer 63

A type of wireless network packet that broadcasts the presence of the
wireless network by announcing the network’s SSID or network name

Question 64

What is a device used to simulate 2600 Hz tones to interact directly with
telephone network trunk systems aka backbones?

Answer 64

Blue box

Question 65

What is an attack that grants hackers remote control over the features and
functions of a Bluetooth device?

Answer 65

Bluebugging

Question 66

Hijacking a Bluetooth connection to eavesdrop or extract information from
devices

Answer 66

Bluejacking

Question 67

What is an attack that allows hackers to connect with your Bluetooth devices
without your knowledge and extract information from them?

Answer 67

Bluesnarfing

Question 68

What is a wireless standard commonly used to pair accessories to mobile
phones or computers?

Answer 68

Bluetooth (802.15)

Question 69

What is a bridge?

Answer 69

A network device used to connect networks with different speeds, cable
types, or topologies that still use the same protocol(This is considered a
layer 2 device)

Question 70

A form of wireless access point deployment that is used to link two wired
networks together over a wireless bridged connection?

Answer 70

Bridge mode

Question 71

What is broadband?

Answer 71

A communication medium that supports multiple communication signals
simultaneously

Question 72

What is a communications transmission to multiple but unidentified
recipients?

Answer 72

Broadcast

Question 73

What is a Broadcast address?

Answer 73

The address that all devices within a given network grouping or container
receive data on

Question 74

A group of networked systems in which all other members receive a broadcast
signal when one of the members of the group transmits it?

Answer 74

Broadcast domain

Question 75

A communication system based on or dependent on broadcasts rather than
unicast signaling?

Answer 75

Broadcast technology

Question 76

What is a brouter?

Answer 76

A network device that first attempts to route and then defaults to bridging
if routing fails

Question 77

What is a network that spans a college, university, or multi building office
complex?

Answer 77

Campus area network (CAN)

Question 78

What is a captive portal?

Answer 78

An authentication technique that redirects a newly connected wireless web
client to a portal access control page, the page may require the user to
input payment information, provide logon creds, or input an access code

Question 79

What is the designed replacement for WEP and TKIP/WPA(Implements AES with a 128 bit key as a stream cipher)?

Answer 79

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol
(CCMP)

Question 80

What is an authentication protocol used over PPP links and it encrypts
usernames and passwords?

Answer 80

Challenge Handshake Authentication Protocol (CHAP)

Question 81

What is a channel service unit/data service unit (CSU/DSU)?

Answer 81

A border connection device that converts LAN signals into the format used by
the WAN carrier network, and vice versa

Question 82

What is a firewall used to manage communications sessions between trusted
partners and operates at the Session layer?

Answer 82

Circuit-level gateway firewall

Question 83

What is fairly EMI resistant, low cost, easy to install cable?

Answer 83

Coaxial Cable or coax

Question 84

What is a minimum guaranteed bandwidth allocation for a virtual circuit?

Answer 84

Committed information rate (CIR)

Question 85

What is common mode noise?

Answer 85

EMI noise generated by the difference in power between the hot and ground
wires of a power source or operating electrical equipment

Question 86

What is a content-distribution network(CDN) or content delivery network?

Answer 86

A collection of resource services deployed in numerous data centers across
the Internet in order to provide low latency, high performance, high
availability of the hosted content. CDNs provide the desired multimedia
performance quality demanded by customers through the concept of distributed
data hosts.

Question 87

What are converged protocols?

Answer 87

The merging of specialty or proprietary protocols with standard protocols,
such as those from the TCP/IP suite. Some common examples of converged
protocols include FCoE, MPLS, iSCSI, and VoIP.

Question 88

What is the deployment of FDDI using twisted-pair(copper) wires(susceptible
to interference)?

Answer 88

Copper Distributed Data Interface (CDDI)

Question 89

Similar to a hash total, a value that indicates whether a message has been
altered or damaged in transit?

Answer 89

Cyclic Redundancy Check (CRC)

Question 90

What is a Data Circuit-Terminating equipment (DCE)?

Answer 90

A networking device that performs the actual transmission of data over the
Frame Relay as well as establishing and maintaining the virtual circuit for
the customer.

Question 91

What is the combination of Transport Layer UDP header and payload?

Answer 91

Datagram

Question 92

What is a data stream?

Answer 92

Data from an application sent into a protocol stack. The data stream
becomes the initial payload of the top layer protocol

Question 93

What is a networking device that acts like a router or a switch and provides
the customers network access to the frame relay network?

Answer 93

Data terminal equipment (DTE)

Question 94

What is a dead zone?

Answer 94

A network segment using an alternative Network layer protocol instead of IP,
such as IPX or AppleTalk.

Question 95

What is deencapsulation?

Answer 95

The process of stripping a layer’s header and footer from a PDU as it
travels up the OSI model layers

Question 96

What is a wireless tech that employs all of the available frequencies
simultaneously in parallel?

Answer 96

Direct Sequence Spread Spectrum (DSSS)

Question 97

What is distance vector routing protocol?

Answer 97

A routing protocol that maintains a list of destination networks along with
metrics of direction and distance as measured in hops(in other words, the
number of routers to cross to reach the destination)

Question 98

What is a client/server model of networking where client may be local or
connected over WAN links, including VPNs and the Internet?

Answer 98

Distributed architecture

Question 99

What is Dynamic Host Configuration Protocol(DHCP)?

Answer 99

A protocol used to assign TCP/IP configuration settings to systems upon
bootup. DHCP uses UDP port 67 for server point-to-point response and port
68 for client request broadcast. DHCP supports centralized control and
management of network addressing.

Question 100

What is a dynamic packet-filtering firewall?

Answer 100

A firewall that enables real-time modification of the filtering rules based
on traffic content. Dynamic packet-filtering firewalls are known as fourth
generation firewalls

Question 101

What is a type of electrical noise that can do more than just cause problems
with how equipment functions; it can also interfere with the quality of
communications, transmissions, and playback?

Answer 101

Electromagnetic Interference (EMI)

Question 102

What is Encapsulating Security Payload (ESP)?

Answer 102

An element of IPSec that provides encryption to protect the confidentiality
of transmitted data but can also perform limited authentication

Question 103

What is encapsulation?

Answer 103

The process of adding a header and footer to a PDU as it travels down the
OSI model layers

Question 104

What is the use of multiple wireless access points to support a single
wireless network over a larger geographic area than could be supported by a
single wireless access point?

Answer 104

Enterprise extended mode

Question 105

What is Ethernet?

Answer 105

A common shared media LAN tech

Question 106

What is a extranet?

Answer 106

A cross between the internet and an intranet. An extranet is a section of
an organization’s network that has been sectioned off so that it acts as an
intranet for the private network but also serves information to a limited
number of specific outsiders. Often access into an extranet from the
internet requires a VPN connection. Extranets are often used in B2B
applications, between customers and suppliers.

Question 107

What is Fibre Channel over Ethernet (FCoE)?

Answer 107

A converged protocol used to encapsulate Fibre Channel communications over
Ethernet networks. It typically requires 10 Gbps Either in order to
support the Fibre Channel protocol

Question 108

What is a high speed token passing tech that employs two rings with traffic
flowing in opposite directions, offers transmission rates of 100 Mbps, and
is often used as a backbone to large enterprise networks?

Answer 108

Fiber Distributed Data Interface (FDDI)

Question 109

What is fiber optic cabling?

Answer 109

A cabling form that transmits light instead of electrical signals. Fiber
optic cable supports throughputs up to 2 Gbps and lengths of up to 2 km

Question 110

What is a set of rules or restrictions commonly found on security devices,
such as firewalls and proxies(also known as rules and ACLs)?

Answer 110

Filter(s)

Question 111

What is a firewall?

Answer 111

A network device used to filter traffic. A firewall is typically deployed
between a private network and a link to the internet, but it can be deployed
between departments within an organization. Firewalls filter traffic based
on a defined set of rules.

Question 112

What is a footer?

Answer 112

Information added by a protocol to the end of a payload received from a
higher layer protocol

Question 113

What is a fragment?

Answer 113

When a network receives a packet larger than its maximum allowable packet
size, it breaks it up into two or more fragments. These fragments are each
assigned a size(corresponding to the length fo the fragment) and an offset
(corresponding to the starting location of the fragment)

Question 114

What is the combination of data Link layer header, payload, and footer?

Answer 114

Frame

Question 115

What is a frame relay?

Answer 115

A shared connection medium that uses packet-switching tech to establish
virtual circuits for customers

Question 116

What is a measurement of the number of wave oscillations within a specific
time identified using the unit hertz (Hz), or oscillations per second?

Answer 116

Frequency

Question 117

What is Frequency Hopping Spread Spectrum (FHSS)?

Answer 117

An early implementation of the spread spectrum concept. This wireless
access tech transmits data in a series while constantly changing the
frequency in use.

Question 118

What is a gateway?

Answer 118

A networking device that connect networks that are using different network
protocols

Question 119

What is it when mobile devices with GPS support enable the embedding of
geographical location in the form of latitude and longitude as well as
date/time information on photos taken with these devices?

Answer 119

Geo-tagging

Question 120

What is a handshake?

Answer 120

A three way process utilized by the TCP/IP protocol stack to set up
connections between two hosts

Question 121

What is a header?

Answer 121

Information added by a protocol to the front of a payload received from a
higher layer protocol

Question 122

What is High Level Data Link Control (HDLC)?

Answer 122

A layer 2 protocol used to transmit data over synchronous communication
lines. HDLC is an ISO standard based on IBM’s SDLC. HDLC supports full
duplex communications, support both point to point and multipoint
connections, offers flow control, and includes error detection and
correction.

Question 123

What is a layer 1 protocol used to connect routers and multiplexers to ATM
or Frame Relay connection devices?

Answer 123

High Speed Serial Interface (HSSI)

Question 124

What is a network device used to connect multiple systems together in a star
topology and that repeats inbound traffic over all outbound ports?

Answer 124

Hub

Question 125

What is the Hypertext Transfer Protocol?

Answer 125

The protocol used to transmit web page elements from a web server to web
browsers(over the well known service TCP/UDP port address 80)

Question 126

What is Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)?

Answer 126

A standard that uses port 443 to negotiate encrypted communications sessions
between web servers and browser clients

Question 127

What is a wireless network configuration that uses a wireless base station
to connect all wireless devices to the network and potentially to each
other?

Answer 127

Infrastructure mode

Question 128

What is a Integrated Services Digital Network (ISDN)?

Answer 128

A digital end to end communications mechanism. ISDN was developed by
telephone companies to support high speed digital communications over the
same equipment and infrastructure that is used to carry voice communications

Question 129

What is a protocol used to transfer email messages from an email server to
an email client(Works at the application layer)?

Answer 129

Internet Message Access Protocol (IMAP)

Question 130

What is the collection of devices that can communicate over the internet
with each other or with a control console in order to affect and monitor the
real world

Answer 130

Internet of Things

Question 131

What is a Internet Key Exchange (IKE)?

Answer 131

A protocol that provides for the secure exchange of cryptographic keys
between IPSec participants

Question 132

What is Internet Security Association and Key Management Protocol (ISAKMP)?

Answer 132

A protocol that provides background security support services for IPSec.

Question 133

What is Internet Small Computer System Interface (iSCSI)?

Answer 133

A networking storage standard based on IP. This tech can be used to enable
location independent file storage, transmission, and retrieval over LAN,
WAN, or public internet connections. iSCSI is often viewed as a low cost
alternative to fibre channel

Question 134

With IPX/SPX which one worked at the network layer?

Answer 134

IPX

Question 135

What is an intranet?

Answer 135

A private network that is designed to host the same information services
found on the internet.

Question 136

What is a IP header protocol field value?

Answer 136

An element in an IP packet header that identifies the protocol used in the
IP packet payload (usually this will be 6 for TCP, 17 for UDP, or 1 for
ICMP, or any of a number of other valid routing protocol numbers).

Question 137

What is a IP Payload Compression (IPComp) protocol?

Answer 137

A protocol that allows IPSec users to achieve enhanced performance by
compression packets prior to the encryption operation

Question 138

What is a standards based mechanism for providing encryption for point to
point TCP/IP traffic?

Answer 138

IP security (IPSec)

Question 139

What is a Kernel Proxy Firewall?

Answer 139

A firewall that is integrated into an operating system’s core to provide
multiple levels of session and packet evaluation. Kernel proxy firewalls
are known as fifth generation firewalls.

Question 140

What kind of Fiber optics is used for short distances?

Answer 140

Multi-mode

Question 141

What kind of Fiber optics is used for long distances?

Answer 141

Single mode

Question 142

What are some Media Access Technologies?

Answer 142

Token Passing, CSMA/CD, CSMA/CA

Question 143

What is a security impact of collision domains?

Answer 143

Sniffing and DoS

Question 144

What is the most common form of LAN networking?

Answer 144

Ethernet

Question 145

What are some characteristics of Ethernet?

Answer 145

Shares media, Broadcast and collision domains, CSMA/CD, supports full duplex with a switch, defined by IEEE 802.3

Question 146

What are some characteristics of switches?

Answer 146

Can be called a ‘multi-port bridge’, usually have 24 or more ports, computers can send data AND receive data at the same time(full duplex), each port is it’s own collision domain, switches do not alter broadcast domains

Question 147

What does Layer 4 provide?

Answer 147

Transport Layer provides end-to-end data transport services and establishes a logical connection between 2 computers systems

Question 148

What are the protocols used at Layer 4?

Answer 148

SSL/TLS, TCP, UDP, SPX

Question 149

What are the advantages and disadvantages of TCP?

Answer 149

Advantages: Easier to program with, truly implements a session, adds security
Disadvantages: More overhead/slower, SYN floods

Question 150

What is this protocol?

Answer 150

Connectionless, Unreliable, No handshaking, useful for when real time transfer is essential

Question 151

What is the session layer responsible for?

Answer 151

Establishing a connection between two applications(either on the same computer or two different computers)

Question 152

What are some characteristics of layer 6?

Answer 152

The presentation layer does NOT have any protocol, and is concerned with encryption, compression, and formatting.

Question 153

This layer defines a protocol(way of sending data) that two different programs or applications understand?

Answer 153

Layer 7, Application

Question 154

What are some examples of protocols that work at the Application layer?

Answer 154

Protocol: HTTP, HTTPS, FTP, TFTP, SMTP, SNMP, SSH, IMAP, POP3, EDI, S-RPC, SET, NNTP, LPD
Application proxies,
Non-repudiation, certificates, integration with directory services, time awareness

Question 155

In the TCP/IP model what does the Application layer map to in the OSI model?

Answer 155

Application, Presentation, Session

Question 156

In the TCP/IP model what does the Host to host or transport layer map to in the OSI model?

Answer 156

Transport

Question 157

In the TCP/IP model what does the Internetwork layer map to in the OSI model?

Answer 157

Network

Question 158

In the TCP/IP model what does the Network Access/Interface layer map to in the OSI model?

Answer 158

Data link and Physical

Question 159

What are some examples of protocols that work at the Session layer?

Answer 159

NFS, SQL, RPC

Question 160

What are some examples of protocols that work at the Network layer?

Answer 160

ICMP, RIP, OSPF, BGP, IGMP, IP, IPsec, IPX, NAT, SKIP

Question 161

What are some examples of protocols that work at the Data link layer?

Answer 161

SLIP, PPP, ARP, RARP, L2F, L2TP, PPTP, FDDI, ISDN

Question 162

What are some examples of protocols that work at the Physical layer?

Answer 162

EIA/TIA-232, EIA/TIA-449, X.21, HSSI, SONET, V.24, V.35

Question 163

What is a LAN extender?

Answer 163

A remote access, multilayer switch used to connect distant networks over
WAN links. This is a strange beast of a device in that it creates WANs, but marketers of
this device steer clear of the term WAN and use only the terms LAN and extended LAN.
The idea behind this device was to make the terminology easier to understand and thus
make the device easier to sell than a more conventional WAN device grounded in complex
concepts and terms.

Question 164

Layer 2 Forwarding (L2F)

Answer 164

A protocol developed by Cisco as a mutual authentication

tunneling mechanism. L2F does not offer encryption.

Question 165

Layer 2 Tunneling Protocol (L2TP)

Answer 165

A point‐to‐point tunnel protocol developed by
combining elements from PPTP and L2F. L2TP lacks a built‐in encryption scheme but
typically relies on IPSec as its security mechanism.

Question 166

An encryption technique that protects entire communications circuits
by creating a secure tunnel between two points. This is done by using either a hardware or
software solution that encrypts all traffic entering one end of the tunnel and decrypts all
traffic exiting the other end of the tunnel.

Answer 166

link encryption

Question 167

link state routing protocol

Answer 167

A routing protocol that maintains a topography map of all

connected networks and uses this map to determine the shortest path to the destination.

Question 168

A network that is geographically limited, such as within a

single office, building, or city block.

Answer 168

local area network (LAN)

Question 169

The logical operation of a network. It defines the arrangement and
organization of devices as well as the means used to communicate to and with each other.
Also known as signal topology.

Answer 169

logical topology

Question 170

loopback address

Answer 170

The IP address used to create a software interface that connects to
itself via TCP/IP. The loopback address is handled by software alone. It permits testing of
the TCP/IP protocol stack even if network interfaces or their device drivers are missing or
damaged.

Question 171

A 6‐byte address written in hexadecimal. The
first 3 bytes of the address indicate the vendor or manufacturer of the physical network
interface. The last 3 bytes make up a unique number assigned to that interface by the
manufacturer. No two devices on the same network can have the same of this?

Answer 171

Media Access Control (MAC) address

Question 172

modem

Answer 172

A traditional land‐line modem (modulator‐demodulator) is a communications
device that covers or modulates between an analog carrier signal and digital information in order to support computer communications of PSTN (public switched telephone network)
lines.

Question 173

A protocol suite or collection that operates across multiple layers of
the OSI model, typically using encapsulation. A common example is TCP/IP.

Answer 173

multilayer protocols

Question 174

A high‐throughput, high‐performance network
technology that directs data across a network based on short path labels rather than longer
network addresses.

Answer 174

multiprotocol label switching (MPLS)

Question 175

NetBEUI

Answer 175

NetBEUI (NetBIOS Extended User Interface, aka NetBIOS Frame protocol
or NBF) is most widely known as a Microsoft protocol developed in 1985 to support file and printer sharing. Microsoft has enabled support of NetBEUI on modern networks by
devising NBT (NetBIOS over TCP/IP). This in turn supports the Windows sharing protocol
of SMB (Server Message Block), which is also known as CIFS (Common Internet File
System). NetBEUI is no longer supported as a lower‐layer protocol; only its SMB and CIFS
variants are still in use.

Question 176

A mechanism for converting the internal private
IP addresses found in packet headers into public IP addresses for transmission over the
Internet.

Answer 176

Network Address Translation (NAT)

Question 177

network topology (aka physical topology)

Answer 177

The physical layout and organization of

computers and networking devices.

Question 178

non‐IP protocols

Answer 178

Non‐IP protocols are protocols that serve as an alternative to IP at the
OSI Network layer (3). In the past, non‐IP protocols were widely used. However, with the
dominance and success of TCP/IP, non‐IP protocols have become the purview of special purpose
networks. The three most recognized non‐IP protocols are IPX, AppleTalk, and
NetBEUI.

Question 179

OAuth

Answer 179

An open SSO standard designed to work with HTTP and it allows users to log on
with one account across multiple sites/locations.

Question 180

An open SSO standard maintained by the OpenID Foundation that can be used
in conjunction with OAuth or on its own.

Answer 180

OpenID

Question 181

open relay agent

Answer 181

An SMTP server that is configured to accept email messages from any
source and will forward them on to their destination. Open relay agents are commonly
hijacked by spammers.

Question 182

open system authentication (OSA)

Answer 182

A connection scheme for wireless networks where
no real authentication is required; as long as a radio signal can be transmitted between the
client and WAP, communications are allowed.

Question 183

A standard model developed to establish a

common communication structure or standard for all computer systems.

Answer 183

Open Systems Interconnection (OSI) model

Question 184

Orthogonal Frequency‐Division Multiplexing (OFDM)

Answer 184

A wireless technology that
employs a digital multicarrier modulation scheme that allows for a more tightly compacted
transmission.

Question 185

A portion of a message that contains data and the destination address; also called
a datagram. Typically located at the Network layer.

Answer 185

packet

Question 186

Password Authentication Protocol (PAP)

Answer 186

A standardized authentication protocol
for PPP. PAP transmits usernames and passwords in the clear. PAP offers no form of
encryption; it simply provides a means to transport the logon credentials from the client to
the authentication server.

Question 187

Networking and distributed application solutions that share tasks and
workloads among peers.

Answer 187

peer to peer (P2P)

Question 188

peer‐to‐peer network

Answer 188

A network structure between individual devices without the need
or use of a primary controlling entity or device.

Question 189

A predefined virtual circuit that is always available for a

Frame Relay customer.

Answer 189

permanent virtual circuit (PVC)

Question 190

A full‐duplex protocol used for the transmission of TCP/
IP packets over various non‐LAN connections, such as modems, ISDN, VPNs, Frame
Relay, and so on.

Answer 190

Point‐to‐Point Protocol (PPP) PPP is widely supported and is the transport protocol of choice for dial‐up
Internet connections.

Question 191

Point‐to‐Point Tunneling Protocol (PPTP)

Answer 191

An enhancement of PPP that creates encrypted
tunnels between communication endpoints. PPTP is used on VPNs but is often replaced by
L2TP.

Question 192

A connection address within a protocol.

Answer 192

port

Question 193

Port Address Translation (PAT)

Answer 193

A mechanism for converting the internal private
IP addresses found in packet headers into public IP addresses and port numbers for
transmission over the Internet. PAT supports a many‐to‐one mapping of internal to external
IP addresses by using ports.

Question 194

port isolation or private ports

Answer 194

Private VLANs that are configured to use a dedicated
or reserved uplink port. The members of a private VLAN or a port isolated VLAN can
interact only with each other and over the predetermined exit port or uplink port. A
common implementation of port isolation occurs in hotels.

Question 195

Post Office Protocol (POP)

Answer 195

A protocol used to transfer email messages from an email

server to an email client.

Question 196

An ISDN service type that provides up to 23 B channels and
one D channel. Thus, a full PRI ISDN connection offers 1.544 Mbps throughput, the same
as a T1 line.

Answer 196

Primary Rate Interface (PRI)

Question 197

A sophisticated telephone system often used by
organizations to provide inbound call support, extension‐to‐extension calling, conference
calling, and voicemail. This can be implemented as a stand‐alone phone system network or
integrated with the IT infrastructure.

Answer 197

private branch exchange (PBX)

Question 198

protocol

Answer 198

A set of rules and restrictions that define how data is transmitted over a network
medium (for example, twisted‐pair cable, wireless transmission, and so on). Protocols make
computer‐to‐computer communications possible.

Question 199

A device or software that can translate between protocols. Typically
able to move payloads between IP and IPX. Also known as a gateway.

Answer 199

protocol translator

Question 200

proxy

Answer 200

A mechanism that copies packets from one network into another. The copy process
also changes the source and destination address to protect the identity of the internal or
private network.

Question 201

A type of noise that is generated by a wide number of
common electrical appliances, including fluorescent lights, electrical cables, electric space
heaters, computers, elevators, motors, electric magnets, and so on. RFI can affect many of
the same systems EMI affects.

Answer 201

radio frequency interference (RFI)

Question 202

Devices used to simulate tones of coins being deposited into a pay phone.

Answer 202

red boxes

Question 203

A service used to centralize the

authentication of remote dial‐up connections.

Answer 203

Remote Authentication Dial‐In User Service (RADIUS)

Question 204

A sub protocol of the TCP/IP protocol
suite that operates at the Data Link layer (layer 2). Used to discover the IP address
of a system by polling using its MAC address.

Answer 204

Reverse Address Resolution Protocol (RARP)

Question 205

RFC 1918

Answer 205

The public standard that defines public and private IP addresses.

Question 206

A network device used to control traffic flow on networks. These are often used
to connect similar networks together and control traffic flow between them. They can
function using statically defined routing tables or employ a dynamic routing system.

Answer 206

router

Question 207

screen scraper or screen scraping

Answer 207

1) Remote control, remote access, or remote desktop–
like services. 2) A technology that can allow an automated tool to interact with a human
interface in order to parse the results to extract just the relevant information.

Question 208

secure communication protocol

Answer 208

A protocol that uses encryption to provide security for

the data transmitted by it.

Question 209

Secure Electronic Transaction (SET)

Answer 209

A security protocol for the transmission of
transactions over the Internet. SET is based on RSA encryption and DES. SET had the
support of major credit card companies, such as Visa and MasterCard. However, it has
mostly been abandoned in light of newer and more secure alternatives.

Question 210

The second major protocol used to provide security on the World
Wide Web.

Answer 210

Secure HTTP (S‐HTTP)

Question 211

A protocol used to secure the

transmission of email and attachments.

Answer 211

Secure Multipurpose Internet Mail Extensions (S/MIME)

Question 212

Secure Remote Procedure Call (S‐RPC)

Answer 212

An authentication service. S‐RPC is simply a

means to prevent unauthorized execution of code on remote systems.

Question 213

Secure Shell (SSH)

Answer 213

An end‐to‐end encryption technique. This suite of programs provides
encrypted alternatives to common Internet applications such as FTP, Telnet, and rlogin.
There are two versions of SSH. SSH1 supports the DES, 3DES, IDEA, and Blowfish
algorithms. SSH2 drops support for DES and IDEA but adds support for several other
algorithms.

Question 214

Secure Sockets Layer (SSL)

Answer 214

An encryption protocol developed by Netscape to protect

the communications between a web server and a web browser.

Question 215

Security Assertion Markup Language (SAML)

Answer 215

An XML‐based convention for
communication authentication and authorization details between security domains, often
over web protocols. SAML is often used to provide a web‐based SSO solution.

Question 216

In an IPSec session, the representation of the communication
session and process of recording any configuration and status information about the
connection.

Answer 216

security association (SA)

Question 217

security boundary

Answer 217

The line of intersection between any two areas, subnets, or

environments that have different security requirements or needs.

Question 218

The combination of Transport layer TCP header and payload.

Answer 218

segment

Question 219

segmentation

Answer 219

The act of subdividing a network into numerous smaller units. These
smaller units, groupings, segments, or subnetworks (i.e., subnets) can be used to improve
various aspects of the network. Segmentation can boost performance, reduce congestion,
compartmentalize communication problems (such as broadcast storms), and provide
security improvements through traffic isolation. Segments can be created by using switchbased
VLANs, routers, or firewalls (as well as combinations of all of these).

Question 220

The Transport layer protocol of the IPX/SPX

protocol suite from Novell.

Answer 220

Sequenced Packet Exchange (SPX)

Question 221

Serial Line Internet Protocol (SLIP)

Answer 221

An older technology developed to support TCP/IP

communications over asynchronous serial connections, such as serial cables or modem dialup.

Question 222

Service Provisioning Markup Language (SPML)

Answer 222

A markup language used with federated
identity management systems to exchange user information for federated identity single
sign‐on purposes. It is derived from the Standard Generalized Markup Language (SGML),
the Extensible Markup Language (XML), and the Generalized Markup Language (GML).

Question 223

A ticket‐based authentication mechanism similar to Kerberos.

Answer 223

SESAME

Question 224

A connection scheme for wireless networks that
requires that some form of authentication must take place before network communications
can occur.

Answer 224

shared key authentication (SKA) The 802.11 standard defines one optional technique for SKA known as
WEP.

Question 225

shielded twisted‐pair (STP)

Answer 225

A twisted‐pair wire that includes a metal foil wrapper inside
the outer sheath to provide additional protection from EMI.

Question 226

Simple Key Management for IP (SKIP)

Answer 226

An encryption tool used to protect sessionless

datagram protocols.

Question 227

Simple Mail Transfer Protocol (SMTP)

Answer 227

The primary protocol used to move email

messages from clients to servers and from server to server.

Question 228

single sign‐on (SSO)

Answer 228

A mechanism that allows subjects to authenticate themselves only
once to a system. With SSO, once subjects are authenticated, they can freely roam the
network and access resources and services without being rechallenged for authentication.

Question 229

The ability of TCP to dynamically alter its transmission window size
based on link reliability.

Answer 229

sliding windows

Question 230

socket

Answer 230

Another name for a port.

Question 231

software‐defined networks (SDN)

Answer 231

A unique approach to network operation,
design, and management. The concept is based on the theory that the complexities of a
traditional network with on‐device configuration (i.e., routers and switches) often force
an organization to stick with a single device vendor, such as Cisco, and limit the flexibility
of the network to changing physical and business conditions. SDN aims at separating the
infrastructure layer (i.e., hardware and hardware‐based settings) from the control layer (i.e.,
network services of data transmission management).

Question 232

software IP encryption (swiPe)

Answer 232

A layer 3 security protocol for IP. It provides

authentication, integrity, and confidentiality using an encapsulation protocol.

Question 233

spread spectrum

Answer 233

A means or method of communication that occurs over multiple

frequencies at the same time.

Question 234

A wireless network that uses a wireless access point to connect
wireless clients together, but does not offer any access to a wired network.

Answer 234

stand‐alone mode

Question 235

stateful inspection firewall

Answer 235

A firewall that evaluates the state or the context of network
traffic. By examining source and destination address, application usage, source of origin,
and relationship between current packets with the previous packets of the same session,
stateful inspection firewalls are able to grant a broader range of access for authorized users
and activities and actively watch for and block unauthorized users and activities. Stateful
inspection firewalls are known as third‐generation firewalls.

Question 236

stateful NAT

Answer 236

The ability or means by which NAT maintains information about
the communication sessions between clients and external systems. NAT operates by
maintaining a mapping between requests made by internal clients, a client’s internal IP
address, and the IP address of the Internet service contacted.

Question 237

static packet‐filtering firewall

Answer 237

A firewall that filters traffic by examining data from
a message header. Usually the rules are concerned with source, destination, and port
addresses. Static packet‐filtering firewalls as known as first‐generation firewalls.

Question 238

The name of a wireless network that each wireless client

must know in order to communicate with the host access point.

Answer 238

station set identifier (SSID)

Question 239

A networking device that uses a memory buffer to store

packets until they can be forwarded onto a slower network segment.

Answer 239

store‐and‐forward device

Question 240

streaming audio

Answer 240

An audio transmission that is being presented to the end user as it is
received based on an ongoing transmission from the provider/server. Streaming media is
commonly served over the Internet either in real time (i.e., live) or on demand.

Question 241

streaming video

Answer 241

A video transmission that is being presented to the end user as it is
received based on an ongoing transmission from the provider/server. Streaming media is
commonly served over the Internet either in real time (i.e., live) or on demand.

Question 242

supervisory control and data acquisition (SCADA)

Answer 242

An ICS unit that can operate as a
stand‐alone device, be networked together with other SCADA systems, or be networked
with traditional IT systems. Most SCADA systems are designed with minimal human
interfaces. Often, they use mechanical buttons and knobs or simple LCD screen interfaces
(similar to what you might have on a business printer or a GPS navigation device). However,
networked SCADA devices may have more complex remote‐control software interfaces.

Question 243

switch

Answer 243

A network device that is an intelligent hub because it knows the addresses of the
systems connected on each outbound port. Instead of repeating traffic on every outbound
port, a switch repeats only traffic out of the port on which the destination is known to
exist. Switches offer greater efficiency for traffic delivery, create separate broadcast and
collision domains, and improve the overall throughput of data.

Question 244

Switched Multimegabit Data Service (SMDS)

Answer 244

A connectionless network communication
service. SMDS provides bandwidth on demand. SMDS is a preferred connection mechanism
for linking remote LANs that communicate infrequently.

Question 245

switched virtual circuit (SVC)

Answer 245

A virtual circuit that must be rebuilt each time it is used;

similar to a dial‐up connection.

Question 246

Synchronous Data Link Control (SDLC)

Answer 246

A layer 2 protocol employed by networks with
dedicated or leased lines. SDLC was developed by IBM for remote communications with
SNA systems. SDLC is a bit‐oriented synchronous protocol.

Question 247

TCP model

Answer 247

A network protocol conceptual model that was derived from TCP/IP. Also
known as the DARPA model and the DoD model. The TCP model has four layers as
opposed to the OSI model’s seven. Those four layers from the bottom up are Link, Internet,
Host‐to‐Host, and Process.

Question 248

TCP wrapper

Answer 248

An application that can serve as a basic firewall by restricting access based
on user IDs or system IDs.

Question 249

telephony

Answer 249

The collection of methods by which telephone services are provided to an
organization or the mechanisms by which an organization uses telephone services for
either voice and/or data communications. Traditionally, telephony included POTS or PSTN
services combined with modems. However, this has expanded to include PBX, VoIP, and
VPN.

Question 250

TEMPEST

Answer 250

The study and control of electronic signals produced by various types of
electronic hardware, such as computers, televisions, phones, and so on. Its primary goal is
to prevent EM and RF radiation from leaving a strictly defined area so as to eliminate the
possibility of external radiation monitoring, eavesdropping, and signal sniffing.

Question 251

Terminal Access Controller Access Control System (TACACS)

Answer 251

An alternative to
RADIUS. TACACS is available in three versions: original TACACS, XTACACS (extended
TACACS), and TACACS+. TACACS integrates the authentication and authorization
processes. XTACACS keeps the authentication, authorization, and accounting processes
separate. TACACS+ improves XTACACS by adding two‐factor authentication.

Question 252

throughput rate

Answer 252

The rate at which a biometric device can scan and authenticate subjects.
A rate of about six seconds or faster is required for general acceptance of a specific
biometric control.

Question 253

An electronic authentication factor used by the Kerberos authentication system.

Answer 253

ticket

Question 254

ticket‐granting service (TGS)

Answer 254

An element of the Kerberos authentication system. The
TGS manages the assignment and expiration of tickets. Tickets are used by subjects to gain
access to objects.

Question 255

A token‐passing LAN technology.

Answer 255

token ring

Question 256

topology

Answer 256

The physical layout of network devices and connective cabling. The common
network topologies are ring, bus, star, and mesh.

Question 257

A form of monitoring in which the flow of packets rather than the actual
content of packets is examined. Also referred to as trend analysis.

Answer 257

traffic analysis

Question 258

A short duration of line noise disturbance.

Answer 258

transient

Question 259

Transmission Control Protocol (TCP)

Answer 259

A connection‐oriented protocol located at layer 4

of the OSI model.

Question 260

A capability built into connection‐ or session‐oriented
protocols and services. If it is determined that a message, in whole or in part, was corrupted,
altered, or lost, a request can be made for the source to resend all or part of the message.

Answer 260

transmission error correction

Question 261

A form of auditing focused on communications. Transmission
logging records the details about source, destination, time stamps, identification codes,
transmission status, number of packets, size of message, and so on.

Answer 261

transmission logging

Question 262

transmission window

Answer 262

The number of packets transmitted before an acknowledge packet
is sent.

Question 263

Transport Layer Security (TLS)

Answer 263

Based on SSL technology, TLS incorporated many
security enhancements and was eventually adopted as a replacement for SSL in most
applications. Early versions of TLS supported downgrading communications to SSL v3.0
when both parties did not support TLS. However, in 2011 TLS v1.2 dropped this backward
compatibility. As with SSL, TLS uses TCP port 443.

Question 264

transport mode

Answer 264

A mode of IPSec when used in a VPN. In transport mode, the IP packet
data is encrypted but the header of the packet is not.

Question 265

traverse mode noise

Answer 265

EMI noise generated by the difference in power between the hot and
neutral wires of a power source or operating electrical equipment.

Question 266

tunnel mode

Answer 266

A mode of IPSec when used in a VPN. In tunnel mode, the entire IP packet is
encrypted and a new header is added to the packet to govern transmission through the tunnel.

Question 267

tunneling

Answer 267

A network communications process that protects the contents of protocol
packets by encapsulating them in packets of another protocol.

Question 268

unicast

Answer 268

A communications transmission to a single identified recipient.

Question 269

unified threat management (UTM)

Answer 269

A security device that includes traditional functions
of a firewall such as packet filtering and stateful inspection. It is able to perform packet
inspection techniques, allowing it to identify and block malicious traffic. It can filter
malware using definition files and/or whitelists and blacklists. It also includes intrusion detection
and/or intrusion‐prevention capabilities. Aka next‐generation firewall.

Question 270

unshielded twisted‐pair (UTP)

Answer 270

A twisted‐pair wire that does not include additional EMI

protection. Most twisted‐pair wiring is UTP.

Question 271

User Datagram Protocol (UDP)

Answer 271

A connectionless protocol located at layer 4 of the OSI

model.

Question 272

virtual private network (VPN)

Answer 272

A network connection established between two systems
over an existing private or public network. A VPN provides confidentiality and integrity for
network traffic through the use of encryption.

Question 273

virtual private network (VPN) protocol

Answer 273

The protocols, such as PPTP, L2TP, and IPSec,

that are used to create VPNs.

Question 274

VLAN

Answer 274

A logical network segmentation implemented on switches and bridges to manage
traffic. Multiple VLANs can be hosted on the same switch but are isolated as if they are
separate physical networks. Only through a routing function, often provided by a multilayer
switch, can cross‐VLAN communications occur. VLANs function like physical network
segments.

Question 275

VLAN hopping

Answer 275

The ability to make network traffic jump between VLANs through an
abuse of IEEE 802.1Q VLAN tagging known as double encapsulation.

Question 276

Voice over IP (VoIP)

Answer 276

A network service that provides voice communication services by
transporting the voice traffic as network packets over an IP network.

Question 277

web application firewall

Answer 277

An Application layer firewall configured specifically to protect
against web‐based attacks and exploitations.

Question 278

webcasting

Answer 278

A form of media distribution occurring over the Internet (in contrast to more
traditional means such as over‐the‐air or cable TV broadcasts and radio stations). Can
also include and is related to video casting, audio casting, podcasting, net casting, Internet
television, and IP TV.

Question 279

well‐known ports

Answer 279

The first 1,024 ports of TCP and UDP. They are usually assigned to
commonly used services and applications.

Question 280

white box

Answer 280

Device used to control the phone system. A white box is a dual‐tone
multifrequency (DTMF) generator (that is, a keypad).

Question 281

wide area network (WAN)

Answer 281

A network or a network of LANs that is geographically diverse.
Often dedicated leased lines are used to establish connections between distant components.

Question 282

Wi‐Fi Protected Access (WPA)

Answer 282

An early alternative to WEP based on a secret passphrase
and employing the LEAP and TKIP crypto systems. It is attackable through passphrase
guessing.

Question 283

A wireless standard that defines citywide wireless access technologies.
This standard has yet to be widely deployed.

Answer 283

WiMax (802.16)

Question 284

Wired Equivalent Privacy (WEP)

Answer 284

A form of encrypted authentication that employs
RC4. WEP supports only one‐way authentication from client to WAP. WEP is considered
insufficient for security because of several deficiencies in its design and implementation.

Question 285

wired extension mode

Answer 285

A wireless network configuration where the wireless access point
acts as a connection point to link the wireless clients to the wired network.

Question 286

Wireless Application Protocol (WAP)

Answer 286

A functioning industry‐driven protocol stack that
allows users through their WAP‐capable devices, such as mobile phones, to communicate
over a carrier’s network with the Internet.

Question 287

wireless networking (802.11)

Answer 287

A form of networking that uses radio waves as the

connection medium following the 802.11 standard. Often called Wi‐Fi.

Question 288

wiring closet

Answer 288

The room where the networking cables for a whole building or just a
floor are connected to other essential equipment, such as patch panels, switches, routers,
LAN extenders, backbone channels, and so on. A more technical name for wiring closet is
premises wire distribution room.

Question 289

An older WAN protocol that uses carrier switching to provide end‐to‐end
connections over a shared network medium.

Answer 289

X.25