Telecommunications & Network Security

Question 1

What are the 7 layers of the OSI Model

Answer 1

Physical
Data
Network
Transport
Session
Presentation
Application

Question 2

What is Data encapsulation?

Answer 2

In the OSI Model, Data encapsulation wraps protocol information from the layer immediately above in the data section of the layer immediately below.

Question 3

What are the 4 common network topologies in use today?

Answer 3

Star
Mesh
Ring
Bus

Question 4

Which is the most common network topology in use today? Ring, Bus, Star, Mesh

Answer 4

Star

Question 5

In which topology are all systems interconnected to provide multiple paths to all other resources.
Star, bus, mesh or ring

Answer 5

Mesh

Question 6

In which topology is each individual node connected to a switch, hub or concentrator?
Star, Mesh, Bus, Ring

Answer 6

Star

Question 7

Which network topology is commonly used for the most critical network components, ie routers, switches servers by using multiple NICs, server clustering, etc. to eliminate single points of failure?
Mesh, Bus, Ring, Star

Answer 7

Mesh

Question 8

In which network topology does traffic travel in a single direction?
Star, Bus, Ring, Mesh

Answer 8

Ring

Question 9

In which network topology are all devices connected via a single cable that’s terminated on both ends
Star, Bus, Mesh, Ring

Answer 9

Bus

Question 10

What are the 4 basic cable types used in networks?

Answer 10

coaxial, twin-axial, twisted pair and fibre optic

Question 11

Which type of cable is commonly used for cable or satellite television receivers?
twin-axial, coaxial, twisted pair, fibre optic

Answer 11

coaxial

Question 12

Which type of signal conveys information in a series or pulses through the presence or absence of electrical signals as opposed to wave frequencies?
Digital or Analog

Answer 12

Digital

Question 13

Which type of cable is used to achieve high transmission speeds over short distances (often used by SAN’s or switches connecting critical servers to a high speed core)
coaxial, fibre optic, twin-axial, twisted pair

Answer 13

Twin-Axial

Question 14

What is Bit Error Ratio?

Answer 14

It’s the ratio of incorrectly received bits to total received bits over a specified period of time

Question 15

Which cable is the most common cable used by LAN’s today?

Coaxial, Twisted pair, Fibre-optic, twin-axial

Answer 15

twisted pair

Question 16

Twisted pair cabling can be shielded or unshielded. What are the benefits of shielded with regards security?

Answer 16

Reduces electromagnetic emissions which can be intercepted by an attacker. Also protects it from EMI and RFI from other sources.

Question 17

Which term refers to the study of electromagnetic emissions from computers or related equipment?

Answer 17

TEMPEST

Question 18

Which type of CAT cables are available as Shielded Twisted pair only

Answer 18

CAT 7 and CAT 7a

Question 19

Which type of cable uses light signals as opposed to electrical signals?
twisted pair, coaxial, twin-axial, fibre optic

Answer 19

fibre optic

Question 20

Which cable has the advantage or high speed, long distance and best resistance to interference and interference?
twisted pair, coaxial, fibre optic, twin-axial

Answer 20

fibre optic

Question 21

At which layer of the OSI model are network topologies, cable/connector types and interfaces defined

Answer 21

Physical

Question 22

At which layer of the OSI model are NIC cards used?

Answer 22

Physical

Question 23

Which type of card is used to connect a computer to a network?

Answer 23

NIC card

Question 24

What is the term used for a device that amplifies a signal to compensate for attenuation (signal loss)?

Answer 24

Repeater

Question 25

What two devices connect LAN segments together such as servers and workstations?

Answer 25

Hub (concentrator) and Switch

Question 26

What are the two basic types of hubs?

Answer 26

Active and Passive

Question 27

What s the difference between a hub and switch?

Answer 27

A switch sends packets to destination devices as opposed to a hub which will send packets to all devices on the network.

Question 28

At which two layers of the OSI model can a switch operate?

Answer 28

Physical and Data

Question 29

Which layer ensures that messages are delivered to the proper device across a physical network link?

Answer 29

Data

Question 30

Which layer formats messages form layers above into frames for transmission, handles point to point synchronisation and error control and can perform link encryption

Answer 30

Data

Question 31

What are the two sub layers of the Data layer?

Answer 31

Logical Link Control and Media Access Control

Question 32

Which Data sub layer handles flow control and controls sequencing and acknowledgement of frames?

Answer 32

Logical Link Control (operates between the network layer above and sub MAC layer below)

Question 33

Which Data sub layer performs error control, identifies the hardware device and controls media access?

Answer 33

Media Access Control (operates between the LLC sub layer above and Physical layer below)

Question 34

How many bits are used in a MAC address?

Answer 34

48 bits

Question 35

A MAC address is split into two 24-bit portions? Which portion identifies the device?

Answer 35

Second portion

Question 36

What are the 3 basic types of media access?

Answer 36

Contention
Token Passing
Polling

Question 37

In which media access type must devices viefor control of the physical network medium? contention, token passing or polling?

Answer 37

Contention

Question 38

In which media access type must individual devices wait for a special frame before transmitting data across the physical network medium? contention, token passing or polling?

Answer 38

token passing

Question 39

In which media access type are devices checked to see whether they have any data to transmit? contention, token passing, polling?

Answer 39

Polling

Question 40

What are 3 common examples of a wide area network? (WAN)

Answer 40

• Internet
• Intranet
• Extranet

Question 41

What is the purpose of the OSI Model?

Answer 41

to facilitate interoperability between network devices independent on the manufacturer.

Question 42

What are 5 benefits of the OSI model?

Answer 42

• clarifies general functions of a communications process.
• reduces complex networking processes into simpler sub-layers and components.
• Promotes interoperability by defining standard interfaces
• Aids development by allowing vendors to change individual features at a single layer, instead of rebuilding the entire stack
• Facilitates easier troubleshooting

Question 43

Which type of network connects an individuals electronic devices together or to a larger network?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 43

Personal Area Network (PAN)

Question 44

Which type of network connects servers to a separate physical storage device?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 44

Storage Area Network (SAN)

Question 45

Which type of network is implemented on network switches in a LAN as a way of logically grouping users and resources together?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 45

Virtual Local Area Network (VLAN)

Question 46

Which type of network connects multiple buildings across a high performance backbone?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 46

Campus Area Network (CAN)

Question 47

Which type of network extends across a large area such as a small city?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 47

Metropolitan Area Network (MAN)

Question 48

Which type of network is a type of extranet?
Personal Area Network (PAN)
Storage Area Network (SAN)
Virtual Local Area Network (VLAN)
Wireless Local Area Network (WLAN)
Campus Area Network (CAN)
Metropolitan Area Network (MAN)
Value-added network (VAN)

Answer 48

Value-added network (VAN)

Question 49

Which type of network topology is commonly used in token-ring or FDDI networks?
Star
Mesh
Bus
Ring

Answer 49

Ring

Question 50

Which two types of network topology has a single point of failure?
Star
Mesh
Bus
Ring

Answer 50

Bus and Ring

Question 51

What are the characteristics of a coaxial cable?

Answer 51

• single solid copper wire sourrounded by a plastic or teflon insulator, braided metal shielding with a plastic wrap.
• durable and resistant to EMI and RFI.
• commonly used to connectcable /satellite tv

Question 52

What are the two types of coaxial cable?

Answer 52

Thick (RG8 or RG11) screw type

Thin (RG58) bayonet type

Question 53

What are the characteristics of twin-axial cable?

Answer 53

• similar to coax cable but consists of two solid copper wires
• used to achieve high data transmission speeds over very short distances at low cost
• typically used for SANs or top of rack switches that connect critical servers to a high sped core.
• also low transceiver latency, power consumption and Bit Error ratio (BER)
• durable and resistant to EMI and RFI.

Question 54

What are the characteristics of a twisted pair cable?

Answer 54

• most popular LAN cable in use today
• lightweight, flexible, inexpensive
• consists of 4 copper wire pairs twisted together to improve transmission and reduce crosstalk and attenuation.

Question 55

What is crosstalk in relation to cabling?

Answer 55

occurs when a signal transmitted over one channel or circuit negatively affects the signal transmitted over another.

Question 56

What is attenuation in relation to cabling?

Answer 56

gradual loss of intensity of a wave as it travels over a medium

Question 57

Which 4 twisted pair cables are defined as standards by TIA/EIA?

Answer 57

Cat 3, Cat 5e, Cat 6, Cat 6a

Question 58

Which 3 twisted pair cables are typically used in network today?

Answer 58

Cat 5, Cat 5e, Cat 6

Question 59

What are the characteristics of a fibre optic cable?

Answer 59

• most expensive most most reliable
• typically used in backbone and HA networks (FDDI)
• uses light signals rather than electrical signals
• high speed, long distance and best resistance to interference, inference

Question 60

Which type of cabling has the least resistance to EMI/RFI?

Fibre, twisted pair (UTP/STP), coax cable, twin-coax cable

Answer 60

Unshielded twisted pair, followed by shielded twisted pair

Question 61

What is the difference between a passive and active hub?

Answer 61

Passive: data enters one port and exits all others without any signal amplification or re-regeneration
Active: Combines the features of a passive hub and repeater. (Multi-port repeater)

Question 62

What is the process used by the MAC sub-layer for error checking?

Answer 62

1. uses a cyclic redundancy check (CRC): a simple mathematical calculation or checksum used to create a message profile.
2. CRC is re-calculated by the receiving device.
3. If calculated CRC does not match received CRC, then packet is dropped and request to re-send is transmitted.

Question 63

LAN protocols are defined at the Data Link layer. What are 6 common types?

Answer 63

ARCnet
Ethernet
Token-Ring
Fiber Distributed Data Interface (FDDI)
Address Resolution Protocol (ARP)
Reverse Address Resolution Protocol (RARP)

Question 64

Which LAN protocol has the following characteristics?
- one of the earliest LAN technologies
- transports data to the physical LAN medium using the token passing media access method
implemented in star topology using coaxial cable
- provides slow but predictable network performance

Answer 64

ARCnet

Question 65

Which LAN protocol has the following characteristics?

• transports data to the physical LAN medium using CSMA/CD
• designed for networks characterised by sporadic, sometimes heavy traffic requirements
• most common LAN protocol
• most often implemented with twisted pair
• normally operates at speeds of 10, 100 or 1000Mbps

Answer 65

Ethernet

Question 66

Which LAN protocol has the following characteristics?

• transports data to the physical LAN medium using the token passing media access method
• all nodes are attached to a multi-station access unit (MSAU) in a logical ring topology
• one node is designated as the active monitor ensuring that no more than one token is one the network at any one given time
• operate at speed of 4 and 16 Mbps

Answer 66

Token-ring

Question 67

Which LAN protocol has the following characteristics?

• transports data to the physical LAN medium using the token passing media access method
• implemented as a dual counter rotating ring over fiber at speeds up to 100 Mbps
• All stations on network are connected to both rings
• in event of a fault the ring wraps back round to the nearest node on the secondary ring

Answer 67

Fiber Distributed Data Interface (FDDI)

Question 68

Which LAN protocol has the following characteristics?

- maps an IP to a MAC

Answer 68

Address Resolution Protocol (ARP)

Question 69

Which LAN protocol has the following characteristics?

• maps MAC to an IP
• necessary when a system such as a disk-less machine needs to discover its own IP

Answer 69

Reverse Address Resolution Protocol (RARP)

Question 70

LAN data transmission are classified into 3 categories. What are they?

Answer 70

Unitcast: packets sent from source to single destination
Broadcast: packets sent to every device on network using broadcast address.
Multi-cast: packets copied and sent from source to multiple destinations using special Multi-cast IP

Question 71

WLAN standards

Answer 71

Type, Speed, Description

• 802.11a, 54Mbps, Operates at 5GHz (less interference than 2.4GHz,
• 802.11b, 11Mbps, Operates at 2.4GHz (first used protocol)
• 802.11g, 54Mbps, Operates at 2.4GHz (backward compatible with 802.11b)
• 802.11n, 600Mbps, Operates at 5GHz or 2.4 GHz

Question 72

At which 3 layers do WAN technologies operate at?

Answer 72

Physical, Data (primary) and Network

Question 73

What are 5 types of WAN protocols?

Answer 73

• Point to Point Links
• Circuit switched networks
• Packet switched networks
• High level data link controls (HLDC)
• Synchronous Data Link Control (SDLC)

Question 74

What is a Point to Point Link?

Answer 74

a pre-established WAN comms path from customer network across a carrier network to a remote network

Question 75

Point to Point Links include which 5 protocols?

Answer 75

• Layer 2 Forwarding Protocol (L2F)
• layer 2 Tunnelling Protocol (L2TP)
• Point to Point Protocol (PPP)
• Point to Point tunnelling protocol (PPTP)
• Serial Line IP (SLIP)

Question 76

Which Point to Point Link protocol has the following characteristics?

• a tunnelling (data encapsulation) protocol used to implement VPN’s, specifically PPP traffic.
• doesn’t provide encryption or confidentiality

Answer 76

Layer 2 Forwarding Protocol (L2F)

Question 77

Which Point to Point Link protocol has the following characteristics?

• a tunnelling protocol used to implement VPN’s
• is derived from L2F and PPTP
• uses UDP port 1701 to create a tunnelling session
• commonly implemented with an encryption protocol such as IPSec.

Answer 77

layer 2 Tunnelling Protocol (L2TP)

Question 78

Which Point to Point Link protocol has the following characteristics?

• is a successor to SLIP
• provides router to router and host to network connections over synchronous and asynchronous circuits
• more robust than SLIP and provides additional in-built security mechanisms

Answer 78

• Point to Point Protocol (PPP)

Question 79

Which Point to Point Link protocol has the following characteristics?

• tunnelling protocol developed by Microsoft and commonly used to implement VPN’s, specifically PPP traffic
• doesn’t provide encryption or confidentiality, instead relying on other protocols such as CHAP, PAP, EAP, etc.

Answer 79

• Point to Point tunnelling protocol (PPTP)

Question 80

Which Point to Point Link protocol has the following characteristics?

• the predecessor of PPP
• originally developed for lines such as dial up modems using TCP/IP networking.

Answer 80

• Serial Line IP (SLIP)

Question 81

What is a circuit switched network?

Answer 81

• a dedicated, physical circuit path is established, maintained and terminated between the sender and receiver across a carrier network for each communications message (the call)
• used extensively in telephone company networks

Question 82

What are 3 examples of circuit switched networks?

Answer 82

• Digital Subscriber Line (xDSL)
• Data Over Cable Services Interface Specification (DOCSIS)
• Integrated Services Digital Network (ISDN)

Question 83

Circuit switched networks are ideally suited for which type of traffic?

Answer 83

Always on (constant)

Question 84

Which circuit switched network has the following characteristics?
- uses existing analog phone lines to deliver high bandwidth connectivity to remote customers

Answer 84

Digital Subscriber Line (xDSL)

Question 85

Which circuit switched network has the following characteristics?
- communications protocol for transmitting high speed data over an existing cable TV system

Answer 85

Data Over Cable Services Interface Specification (DOCSIS)

Question 86

Which circuit switched network has the following characteristics?
- communications protocol that operates over analog phone lines that have been converted to use digital signalling
- capable of transmitting both voice and data traffic
-

Answer 86

• Integrated Services Digital Network (ISDN)

Question 87

xDSL examples

Answer 87

• ADSL & ADSL 2: asymmetric digital subscriber line. delivers higher bandwidth downstream than upstream, ie from central office to customer site
• SDSL: single line digital subscriber line. designed to deliver high bandwidth both upstream and downstream using twisted copper pair.
• HDSL: High rate Digital Subscriber Line. High bandwidth both upstream and downstream using twisted copper pair. commonly used for T1.
• VDSL: Subscriber Line; designed to deliver extremely high bandwidth over a single copper twisted pair (VDSL2 provides simultaneous upstream/downstream)

Question 88

Which xDSL line has the highest operating range?

Answer 88

ADSL & ADSL 2

Question 89

Which xDSL line can deliver the highest downstream bandwidth?

Answer 89

VDSL

Question 90

Which xDSL line can deliver the highest upstream bandwidth?

Answer 90

ADSL & ADSL 2

Question 91

What are the two IDSN service levels?

Answer 91

Basic Rate Interference (BRI)

Primary rate Interference (PRI) (quicker)

Question 92

What are the characteristics of a packet switched network?

Answer 92

• devices share bandwidth on communications links to transport packets between a sender and receiver over a carrier network
• more resilient to error and congestion that circuit switched networks

Question 93

name 6 types of packet switched networks?

Answer 93

• Asynchronous Transfer Mode (ATM)
• Frame Relay
• Multi-Protocol Label Switching (MPLS)
• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)
• Switched Multi-megabit Data Service (SMDS)
• X.25

Question 94

Which type of packet switched network has the following characteristics?

• very high speed, low delay technology that uses switching and multi-plexing techniques to rapidly relay fixed length cells containing voice, video, data
• Cell processing occurs in hardware that reduces transit delays
• ideally suited for fiber-optic networks that handle bursty uneven traffic

Answer 94

Asynchronous Transfer Mode (ATM)

Question 95

Which type of packet switched network has the following characteristics?

• a packet switched standard protocol that handles multiple virtual circuits by using High Level Data Link Control (HDLC) encapsulation between connect devices.
• has no error connection or high speeds
• can be used on SVC’s (Switched Virtual Circuit) or PVC’s (Permanent Virtual Circuit)

Answer 95

• Frame Relay

Question 96

Which type of packet switched network has the following characteristics?

• a high speed, highly scalable, highly versatile technology used to create VPN’s
• can carry IP packets, as well as ATM, SONET or ethernet frames
• specified at both Layer 2 and Layer 3
• uses MPLS cloud to route packets using MPLS labels
• routing decisoin based solely on labels without examining payload.

Answer 96

• Multi-Protocol Label Switching (MPLS)

Question 97

Which type of packet switched network has the following characteristics?

• a high availability, high speed, multi-plexed, low latency technology used on fiber-optic networks
• SONET was originally designed for the public telephone network and widely used in the US and Canada
• SSH widely used by rest of the world. Came later

Answer 97

Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH)

Question 98

Which type of packet switched network has the following characteristics?

• a high-speed, connectionless oriented, datagram based technology available over public switched networks
• typically companies that exchange large amounts of data bursts with other remote networks use this

Answer 98

• Switched Multi-megabit Data Service (SMDS)

Question 99

Which type of packet switched network has the following characteristics?

• the first packet switching network
• more common outside the US but being superseded by Frame Relay
• defines how point to point connections between a DTE and DCE are established and maintained

Answer 99

• X.25

Question 100

What is the difference between a Switched Virtual Circuit (SVC) and a Permanent Virtual Circuit (PVC)?

Answer 100

SVC is a temporary connection that is dynamically created to transmit data, whereas a PVC are permanently established connections.

Question 101

What is the advantage and disadvantage of a Permanent Virtual Circuit over a Temporary Switched Circuit?

Answer 101

PVC requires less bandwidth due to the lack of circuit establishment and termination but is more expensive

Question 102

What is a disadvantage of using a MPLS packet switched network?

Answer 102

Customer loses visibility into the cloud, however so would an attacker

Question 103

What is a datagram?

Answer 103

A self contained unit of data that is capable of being routed between a source and destination. Similar to a packet that is used in IP, datagrams are commonly used in UDP and other protocols such as AppleTalk

Question 104

What are the key differences between a packet switched network and a circuit switched network?

Answer 104

Circuit switching is connection oriented, using fixed delays and is ideal for always on connections, constant traffic and voice communications.

Packet switching is connectionless oriented, using variable delays and is ideal for bursty traffic and data communications

Question 105

What are the characteristics of the WAN protocol, High Level Data Link Control (HDLC)?

Answer 105

• a bit oriented, synchronous protocol that was created by ISO to support point to point and multipoint configurations.
• specifies a data encapsulation method for synchronous serial links and is the default for serial links on Cisco routers.
• various vendors implementations of HDLC are incompatible with each other

Question 106

What are the characteristics of the WAN protocol, Synchronous Data Link Control (SDLC)?

Answer 106

• a bit-oriented full duplex serial protocol that was developed by IBM to facilitate communications between mainframes and remote offices
• defines and implements a polling method of media access.

Question 107

What is the difference between asynchronous and synchronous communications?

Answer 107

Asynchronous: data transmitted in a serial stream. devices must communicate at same speed of slowest party. parity bits used to reduce transmission errors as no internal clocking signal is used.

Synchronous: utilises an internal clocking signal to transmit large blocks of data, known as frames. characterised by very high speed transmission rates.

Question 108

What are the 5 types of telecommunications circuits used by WAN protocols?

Answer 108

DS0 - Slowest (used on T1) - Digital Signalling Level
DS1 (used on E1) - Digital Signalling Level
DS3 -Fastest (used on T3) - Digital Signalling Level
T1 - WAN carrier Facility
T3 - Fastest - WAN carrier Facility
E1 - Wide area digital transmission scheme (Europe)
E3 - Wide area digital transmission scheme (Europe)

Question 109

Which telecommunications circuit does SONET use?

Answer 109

OC

Question 110

What is a bridge?

Answer 110

a repeater used to connect two or more network segments. maintains an ARP cache that holds MAC addresses of devices connected on network segments. forwards data to all network segments if data isn’t on the local network segment

Question 111

A serious problem associated with a bridge is a broadcast storm. What is this?

Answer 111

broadcast traffic is automatically forwarded by a bridge, effectively flooding a network

Question 112

What is a switch?

Answer 112

• uses MAC addresses to route traffic
• unlike a hub, a switch transports data, only to the port connected to the destination MAC address
• used to create separate collision domains and thus increases transmission rates available on individual network segments.

Question 113

A switch is a layer 2 device, but can also operate at which other 2 layers due to newer technologies?

Answer 113

Layer 3 (Network) and 7 (Application)

Question 114

What is a DTE (Data terminal Equipment)?

Answer 114

term used to classify devices at the user end of a user to network interface, ie a workstation.

Question 115

What is a DCE (Data Communications Equipment)?

Answer 115

consists of devices at the network end of a user to network interface. provides the physical connection of the network, forwards network traffic, etc.

Question 116

What is an example of a DCE?

Answer 116

NIC, Modem, CSU (Channel Service Units), DSU (Data Service units)

Question 117

Routing Information Protocol (RIP), Open Shortest Path First (OSPF) and Border Gateway Protocol are all types of what?

Answer 117

Routing Protocols

Question 118

IP and IPX are two types of what?

Answer 118

Routed Protocols

Question 119

In what two ways are routing protocols classified as?

Answer 119

Static or Dynamic

Question 120

Which routing protocol class has the following characteristics?

• routes created and updated manually
• can’t re-route traffic to an alternate destination automatically
• only practical in small networks or where a destination is only available via a single router
• low bandwidth requirements
• built in security (users can only get to destinations specified in routing table

Answer 120

Static routing

Question 121

Which routing protocol class has the following characteristics?

• can discover routes
• determine best route to a destination
• routing table periodically updated with new routing information
• classified as link state, distance vector or path vector

Answer 121

Dynamic routing

Question 122

Which dynamic routing protocol algorithm has the following characteristics?

• makes routing decision based on distance (hop count or other metric) and vector (the egress router interface)
• periodically informs its peers of topology changes
• suffers from convergence
• RIP uses this dynamic class algorithm

Answer 122

distance vector

Question 123

What is convergence in relation to routing?

Answer 123

the time it takes for all routers in a network to update their routing tables. Without convergence some routers on a network may be unaware of topology changes, however during convergence the network slows down considerably.

Question 124

The number of router nodes that a packet must pass through to reach its destination is known as what?

Answer 124

Hop count

Question 125

Which dynamic routing algorithm has the following characteristics?
- requires every router to calculate and maintain a complete map or routing table of the entire network
- periodically transmit updates that contain information about adjacent connections (link states) to all other routers on the network
- computation intensive but can calculate best route to a destination.
convergence occurs rapidly
- OSPF uses this dynamic class

Answer 125

link state

Question 126

An arbitrary assigned weight or metric in routing is known as what?

Answer 126

Cost

Question 127

Which dynamic routing protocol algoruthm has the following characteristics?

• similar to a distance vector protocol but without the scalability issues associated with a limited hop count.
• the BGP protocol uses this dynamic class

Answer 127

path vector

Question 128

What is the Routing Information Protocol (RIP)?

Answer 128

A distance vector protocol that uses hop count as its routing metric.

Question 129

What is a routing loop?

Answer 129

packets getting stuck bouncing between various router nodes

Question 130

RIP employs three techniques to prevent routing loops. What are they?

Answer 130

Split horizon
Route poisoning
Holddown timers

Question 131

Which technique to prevent routing loops prevents a router from advertising a route back through the same interface from which the route was learned?
Split horizon
Route poisoning
Holddown timers

Answer 131

Split horizon

Question 132

Which technique to prevent routing loops sets the hop count on a bad route to 16, effectively advertising the route as unreachable if it takes for than 15 hops to reach.

Answer 132

Route poisoning

Question 133

Which technique to prevent routing loops cause a router to start a timer when the router first receives information that a destination is unreachable. subsequent updates about the destination will not be accepted until the timer expires.

Answer 133

Holddown timers

Question 134

Holddown timers in RIP can help prevent what?

Answer 134

Flapping: occurs when a router repeatedly changes state over a short period of time

Question 135

Which routing protocol uses UDP 520 and is connectionless?

Answer 135

RIP

Question 136

What are 2 disadvantages of RIP?

Answer 136

• slow convergence

- insufficient security (RIPv1 has no authentication and RIPv2 transfers passwords in clear text)

Question 137

What is the main advantage as to why RIP is still commonly used on many networks?

Answer 137

Its simplicity

Question 138

What is Open Shortest Path First (OSPF)?

Answer 138

A link state protocol widely used in large enterprise networks. considered an interior gateway protocol (IGP) because it performs routing with a single autonomous system (AS). OSPF is encapsulated directly into IP datagrams as opposed to using a Transport Layer Protocl such as TCP or UDP.

Question 139

A group of contiguous IP address ranges under the control of a single internet entity is known as what?

Answer 139

An autonomous system (AS) - uses AS Numbers to uniquely identify the network on the internet

Question 140

The following are characteristics of which Routing Protocol?

• is a link state routing protocol used to route datagrams through a packet switched network
• is an interior gateway protocol used for routing within an autonomous system.
• used in large service provider backbone networks

Answer 140

(IS-IS) Intermediate System to Intermediate System

Question 141

The following are characteristics of which Routing Protocol?

• is a path vector protocol used between autonomous systems
• is considered an exterior gateway protocol (EGP) as it is performs routing between separate autonomous systems (such as between ISP’s) and on very large private IP networks.

Answer 141

Border gateway Protocol (BGP)

Question 142

What is an internal Border Gateway Protocol (iBGP)?

Answer 142

When BGP runs within an AS such as a private IP network

Question 143

What is used to address packets with routing information, allowing those packets to be transported across networks using Routing protocols?

Answer 143

Routed Protocols such as IP (internet protocol) and IPX (internetwork packet exchange)

Question 144

What is the Internet Protocol (IP)?

Answer 144

Is part of the TCP/IP suite and contains addressing information that allows packets to be routed.

Question 145

What are the two primary responsibilities of IP?

Answer 145

• Connectionless, best effort (no guarantee) delivery of datagrams
• Fragmentation and reassembly of datagrams

Question 146

Which address range is used as a loopback address for testing and troubleshooting?

Answer 146

127.0.0.1 to 127.255.255.255

Question 147

The following address ranges are examples of what?

Answer 147

IP address ranges reserved for use on private networks and are not routable on the internet

Question 148

What is the purpose of NAT?

Answer 148

To conserve IP addresses

Question 149

How many bits is an IPv6 address?

Answer 149

128-bits

Question 150

What are 4 benefits of IPv6?

Answer 150

security
multi-media support
plug and play compatibility
backward compatibility with IPv4

Question 151

What is IPX (Internet Packet Exchange)?

Answer 151

connectionless protocol used primarily in older Novell Netware networks for routing packets across the network. part of the IPX/SPX suite which is analogous to the TCP/IP suite

Question 152

Other than IP and IPX, name two other common types of protocols defined at the network layer?

Answer 152

Internet Control Message Protocol (ICMP)

Simple Key Management for Internet Protocols (SKIP)

Question 153

What is ICMP used for?

Answer 153

error reporting regarding processing of packets

Question 154

The Packet Internet Groper (PING) uses which network layer protocol?

Answer 154

ICMP

Question 155

What is Simple Key Management for Internet Protocols (SKIP) used for?

Answer 155

to share encryption keys

Question 156

What is an advantage and disadvantage of SKIP?

Answer 156

doesn’t require a prior communication session to be established before it sends encrypted keys or packet, however it is bandwidth intensive because of additional header size due to encryption.

Question 157

What are the two primary pieces of networking equipment defined at the Network layer?

Answer 157

Routers and gateways

Question 158

What Network Layer device would you use to link dissimilar programs and protocols such as an Exchange Server to a Lotus Notes server?

Answer 158

A Gateway

Question 159

What is the Transport Layer (Layer 4) used for?

Answer 159

transparent, reliable, data transport and end to end transmission control.

Question 160

What are 4 important functions of the Transport Layer?

Answer 160

• Flow Control
• Multi-plexing (Enables data from multiple applications to be transmitted over a single physical link)
• Virtual Circuit Management (Establishes, maintains and terminates virtual circuits)
• Error checking and recovery (detects transmission errors)

Question 161

Name 4 common Transport Layer Protocols?

Answer 161

• TCP
• UDP
• SPX
• SSL/TLS

Question 162

The following are characteristics of which Transport Layer Protocol?

• capable of simultaneous transmission and reception (full-duplex)
• connection-oriented
• slow
• reliable

Answer 162

TCP

Question 163

What is a three way handshake?

Answer 163

SYN - SYN-ACK - ACK

Question 164

The following are characteristics of which Transport Layer Protocol?

• connection-less protocol
• fast
• unreliable
• doesn’t perform re-sequencing, error checking or recovery

Answer 164

UDP

Question 165

Which protocol is used by the following applications?
Domain name System (DNS)
Simple Network Management Protocol (SNMP)
Streaming audio / video

Answer 165

UDP

Question 166

Which protocol was used to guarantee delivery in old Novell Netware IPX/SPX networks?

Answer 166

Sequenced Packet Exchange (SPX) - connection-oriented protocol

Question 167

Connection-oriented and Connectionless-oriented protocol examples:

Answer 167

TCP (Layer 4) connection-oriented
UDP (Layer 4) connectionless-oriented
IP (Layer 3) connectionless-oriented
IPX (Layer 3) connectionless-oriented
SPX (Layer 4) connection-oriented

Question 168

What is SSL/TLS?

Answer 168

Provides session based encryption and authentication for secure communication between clients and servers on the internet.

Question 169

Which layer is responsible for establishing, co-ordinating and terminating communication sessions between networked systems?

Answer 169

Session Layer

Question 170

What are the 3 phases at the session layer?

Answer 170

Connection establishment
Data transfer
Connection release

Question 171

What are the 3 modes of operation in Connection establishment at the session layer?

Answer 171

Simplex Mode (one way) -radio
Half-duplex mode (two way but one at a time) - walkie talkie
Full-duplex mode (two way simultaneously) - phone

Question 172

Name 5 examples of Session layer protocols?

Answer 172

• Net-BIOS - Microsoft Protocol that allows apps to communicate over a LAN
• Network File System (NFS) - transparent user access to remote resources on a UNIX TCP/IP network
• Remote Procedure Call (RPC) - client server re-direciton tool
• Secure Shell (SSH and SSH2) - establishes an encrypted tunnel between client and server
  Session Initiation Protocol (SIP) - signalling protocol for real-time comms such as voice, video, text over IP based networks

Question 173

Which layer is responsible for coding and conversion functions being applied to data at the application layer?

Answer 173

Presentation Layer (ensures compatibility)

Question 174

What 4 tasks are associated with the presentation layer?

Answer 174

• Data representation (image, sound, video formats)
• Character conversion (common character conversion schemes)
• Data compression
• Data encryption

Question 175

Name 5 presentation layer protocols?

Answer 175

• American Standard Code for Information Interchange (ASCII) (character encoding scheme ie alphabet)
• Extended Binary Code Decimal Interchange Code (EBCDIC)
• GIF
• JPEG
• MPEG

Question 176

Which layer is responsible for identifying and establishing availability of communicating partners, determining resource availability and synchronisation?

Answer 176

Application Layer

Question 177

HTTPS, FTP, HTTP, IMAP, POP3, PEM, SET, S-HTTP, S/MIME, S-RPC, SMTP, SNMP, Telnet, TFTP are all what?

Answer 177

Application layer protocols

Question 178

What is the Intenet Message Access Protocol (IMAP)?

Answer 178

a store and forward electronic mail protocol that allows and email client to access, manage and synchronise email on a remote mail server.

Question 179

How can an email client using IMAP be secured?

Answer 179

using SSL/TLS

Question 180

In what way does IMAP provide more functionality than POP3?

Answer 180

requires users to explicitly delete e-mails from the server

Question 181

What is POP3?

Answer 181

An email retrieval protocol that allows an email client to retrieve email from a remote mail server. allows users to authenticate over internet using plain-text passwords. can be secured using TLS/SSL

Question 182

What is the Secure Remote Procedure Call Protocol (S-RPC)?

Answer 182

a secure client-server protocol. using public and private keys with diffie-hellman

Question 183

What is the Simple Mail Transfer Protocol (SMTP)?

Answer 183

Used to send and receive email across the internet.operates on TCP/UDP port 25. has well known vulnerabilities that make it inherently insecure.

Question 184

What is the Simple Network Management Protocol (SNMP)?

Answer 184

Used to collect network information by polling stations or sending traps

Question 185

What is a well known vulnerability of SNMP?

Answer 185

uses default cleartext community strings (passwords)

Question 186

What is telnet?

Answer 186

Terminal emulation for remote access to system resources

Question 187

What is a weakness of telnet?

Answer 187

Passwords sent in cleartext

Question 188

What is the Trivial File Transfer Protocol (TFTP)?

Answer 188

A lean version of FTP without directory browsing or authentication. Less secure than FTP

Question 189

Which model was created by the US Department of Defence and preceded the OSI model?

Answer 189

The TCP/IP model

Question 190

What are the 4 layers of the TCP/IP model?

Answer 190

• Application Layer (loosely corresponds to the Application, Presentation and Session layer)
• Transport Layer (corresponds to the OSI Transport Layer)
• Internet Layer (corresponds to the OSI Network Layer)
• Network Access (or Link) Layer (corresponds to the Data and Physical Layer of the OSI model)

Question 191

What is an IDPS?

Answer 191

An intrusion Detection and Prevention System

Question 192

What is the purpose of a firewall?

Answer 192

To control traffic between a trusted network (LAN) and an untrusted network (WAN).

Question 193

What are the 3 basic types of firewalls?

Answer 193

• Packet filtering
• Circuit level gateway
• Application level gateway

Question 194

The following are characteristics of which type of firewall?
- suitable for a low risk environment
- permits or denies traffic based solely on TCP, UDP, ICMP and IP headers in packets
- it examines traffic direction, source/destination IP addresses and source/destination port numbers
- information then compared in a pre-defined Access Control List (ACL) to permit or deny traffic
- typical operates at network or transport layer
- is inexpensive, fast and transparent to users
- access decisions based purely on address, port information
- has no protection from IP or DNS spoofing
- doesn’t support strong user authentication
ACL lists difficult to maintain

Answer 194

Packet filtering firewall

Question 195

What is an advanced variation of a packet filtering firewall?

Answer 195

A dynamic packet filtering firewall (allows the creation of dynamic access list rules for individual sessions)

Question 196

The following are characteristics of which type of firewall?

• maintains state information about established connections
• tunnels used for sessions between two hosts, without the need for further inspection of individual packets
• advantages include speed, support for many protocols and easy maintenance
• disadvantages include dependence on trustworthiness of connecting user/host and limited logging about individual packets after initial connection

Answer 196

• Circuit level gateway

Question 197

Which type of circuit level gateway captures packets at the network layer, then queues and analyses them at the upper layers of the OSI model?

Answer 197

Stateful inspection firewall

Question 198

The following are characteristics of which type of firewall?

• operates at application layer of the OSI model
• considered most secure and commonly implemented as a proxy server (no direct communication between each host is permitted)
• proxy intercepts data packets, analyses contents and if permitted by the firewall rules, sends a copy of the original packet to the intended host.
• can be used to implement strong user authentication
• resource intensive and must be tailored to specific applications.

Answer 198

Application level gateway

Question 199

Firewalls can be implemented using which 4 firewall architectures?

Answer 199

• screening router
• dual homed gateway
• screened host gateway
• screened subnet

Question 200

The following are the characteristics of which firewall architecture?

• most basic type
• external router placed between trusted and untrusted networks with a security policy implemented using ACL’s
• advantage is transparency, simple to use and inexpensive
• disadvantages include difficulty in handling certain traffic, limited or no logging, no user authentication, makes masking the internal network structure difficult and is a single point of failure

Answer 200

• screening router

Question 201

The following are the characteristics of which firewall architecture?

• has two NICs and sits in-between the trusted and untrusted network
• connected to the untrusted network via an external screening router and a proxy server with the trusted network often requiring authentication
• offers a more fail-safe operation than a screening router because data isn’t forwarded across the two interfaces
• internal network structure is masked.
• disadvantages includes inconvenience to users due to authentication with a proxy server, added latency and proxies may not be available for some services.

Answer 201

A dual homed gateway (or bastion host)

Question 202

What is a bastion hosts?

Answer 202

a general term used to refer to proxies, firewalls, gateways or any server that provides applications or services directly to an untrusted network

Question 203

The following are the characteristics of which firewall architecture?

• employs an external screening router and internal bastion host
• screening router is configured so that the bastion host is the only host accessible from the untrusted network
• bastion host provides required web services to the untrusted network as permitted by the security policy
• connections to the internet from the proxy are routed via a application proxy
• advantages include transparent outbound access, restricted inbound access and distributed security between two devices
• disadvantages include difficulty in masking internal network structure, can have multiple single points of failure (on screening router or bastion host) and considered less secure because the screening router can bypass the bastion hosts to access trusted services.

Answer 203

• screened host gateway

Question 204

The following are the characteristics of which firewall architecture?

• most secure
• employs an external screening route, a dual homed host and a second internal screening router
• implements concept of DMZ
• publicly available services are placed on bastion host within DMZ
• advantages include transparency to end users, flexibility, internal network structure can be masked, provides defence in depth.
• disadvantages include more expensive, difficult to configure and maintain, more difficult to troubleshoot

Answer 204

• screened subnet

Question 205

What is the reason for placing public services in a DMZ?

Answer 205

To separate them from private services on your network

Question 206

What are the 3 ways in which Intrusion Detection Systems can be categorised?

Answer 206

Active and Passive
Network based and Host based
knowledge based and behaviour based

Question 207

What is the difference between an active and passive IDS?

Answer 207

Active is known as an IPS which blocks attacks, whereas passive is an IDS that only detects attacks?

Question 208

How can an IPS perform a DoS attack on its own network?

Answer 208

By flooding the network with alarms that cause it no block connections until no connection or bandwidth is available

Question 209

What is the difference between a network based and host based IDS?

Answer 209

network based sniffs all traffic on the network whereas host based is an agent monitoring a single host

Question 210

What is the difference between a knowledge based and behaviour based IDS?

Answer 210

Knowledge based uses signatures whereas behaviour based detects anomalies.

Question 211

What kind of devices use remote access?

Answer 211

Cable Modems, Wireless Devices and protocols such as asynchronous dial-up, ISDN, xDSL

Question 212

What are the 3 common remote access methods?

Answer 212

• Restricted Access: restricts access based on allowed IP
• Caller ID: restricts access based on allowed phone No.s
• Callback: restricts access by requiring a remote user to authenticate with a remote access server (RAS). RAS then disconnects and calls the user back at a pre-configured phone number.

Question 213

In what way is CallerID and Callback more secure method of node authentication than Restricted Access?

Answer 213

phone numbers are more difficult to spoof than IP’s

Question 214

What is a way of defeating Callback?

Answer 214

Call forwarding

Question 215

PPP incorporates which 3 authentication protocols?

Answer 215

EAP, PAP and CHAP

Question 216

Which PPP authentication protocol has the following characteristics?

• uses a two way handshake to authenticate a peer to a server when a link is initially established
• transfers passwords in clear text (no protection form replay or brute force attacks)

Answer 216

PAP (Password Authentication Protocol)

Question 217

Which PPP authentication protocol has the following characteristics?

• uses a three way handshake
• requires both peer and server to be pre-configured with s shared secret stored in cleartext
• peer uses the secret to calculate the response to a server challenge by using an MD5 one way hash function

Answer 217

CHAP (Challenge Handshake Authentication Protocol)

Question 218

What is MS-CHAP?

Answer 218

A Microsoft enhancement to CHAP that allows the shared secret to be stored in a encrypted form.

Question 219

Which PPP authentication protocol has the following characteristics?

• adds flexibility to the PPP protocol by implementing various authentication mechanisms such as MD5-challenge, S-Key, generic token card, digital certificates, etc.
• implemented on many wireless networks

Answer 219

EAP (The Extensible Authentication Protocol)

Question 220

name 4 remote access security technologies?

Answer 220

RAS
RADIUS
TACACS
Diameter

Question 221

Which authentication technologies can a RAS server commonly use?

Answer 221

PPP, RADIUS, TACACS

Question 222

What are the characteristics of the RADIUS protocol?

Answer 222

• open source, UDP, client-server protocol
• provides authentication and accountability
• user provides username/password information to a RADIUS client using PAP or CHAP.
• RADIUS client encrypts the password and sends the user-name and encrypted password to the RADIUS server for authentication

Question 223

Note regarding Radius:

Answer 223

Passwords exchanged between the RADIUS client and RADIUS server are encrypted, however password exchanged between PC client and RADIUS client aren’t if PAP is used. If PC client happens to be RADIUS client all password exchanges are encrypted.

Also the same for TACACS+

Question 224

What is the next generation RADIUS protocol otherwise known as?

Answer 224

Diameter

Question 225

What are the advantages of using Diameter over RADIUS?

Answer 225

• uses TCP rather than UDP
• supports IPSec over TLS
• has a larger address space

Question 226

What are the characteristics of the authentication protocol, TACACS Terminal Access Controller Access Control System)?

Answer 226

• UDP based which provides authentication, authorisation and accountability (AAA)

Question 227

What is the most common implementation of TACACS?

Answer 227

TACACS+ (TCP based and supports practically any authentication mechanism, ie PAP, CHAP, MS-CHAP, EAP, token cards, Kerberos, etc.)

Question 228

What are the 2 advantages of TACACS+?

Answer 228

• wide support for various authentication mechanisms

- granular control of authorisation parameters

Question 229

What is a VPN?

Answer 229

Creates a secure tunnel over the internet

Question 230

What can a VPN do to data as it’s transmitted across the internet?

Answer 230

Encrypt or encapsulate it

Question 231

The two ends of a VPN are commonly implemented using one of which 4 methods?

Answer 231

• Client to VPN concentrator (or device)
• Client to Firewall
• Firewall to Firewall
• Router to Router

Question 232

What are 5 common VPN protocol standards?

Answer 232

PPTP (Point to Point Tunnelling Protocol)
(L2F) (Layer 2 Forwarding Protocol)
L2TP (Layer 2 Tunnelling Protocol)
IPSec
SSL

Question 233

Which VPN protocol standard has the following characteristics?

• developed by microsoft
• enables PPP to be tunnelled through a public network
• uses native PPP authentication and encryption such as PAP, CHAP and EAP.
• commonly used for secure dial-up connections
• operates at layer 2 and is designed for individual client server connections

Answer 233

PPTP (Point to Point Tunnelling Protocol)

Question 234

Which VPN protocol standard has the following characteristics?

• developed by cisco and provides similar functionality to PPTP.
• operates at layer 2 and permits tunnelling of layer 2 WAN protocol such as HDLC and SLIP.

Answer 234

(L2F) (Layer 2 Forwarding Protocol)

Question 235

Which VPN protocol standard has the following characteristics?

• is an IETF standard that combines microsoft, cisco and other vendor protocols.
• operates an layer 2 to create secure VPN connections for individual client server connections

Answer 235

L2TP (Layer 2 Tunnelling Protocol)

Question 236

Which VPN tunnelling protocol addresses the following end user requirements?

• Transparency: requires no additional software
• Robust authentication: Supports PPP authentication protocols, RADIUS, TACACS, smart cards and one time passwords.
• Local Addressing: The VPN entities rather than the ISP assign IP addresses.
• Authorisation: managed by the VPN server side, similar to direct dial-up connections.
• Accounting: Both the ISP and user perform AAA accounting

Answer 236

L2TP (Layer 2 Tunnelling Protocol)

Question 237

What does IPSec ensure by providing Layer 3 encryption and authentication to provide an end to end solution?

Answer 237

Confidentiality, Integrity and Authenticity

Question 238

Which type of VPN provides a secure connection to web based applications?

Answer 238

SSL VPN

Question 239

What is an advantage, but also a disadvantage of an SSL VPN over other protocols?

Answer 239

granularity - can grant a user access to a specific application rather than an entire network, however not all applications work over SSL VPN and may lack functions such as File Sharing, printing, etc.

Question 240

What are the 3 basic components of a WLAN?

Answer 240

client devices, wireless network cards and wireless access points

Question 241

What is a WNIC in relation to wireless?

Answer 241

Wireless network interface card

Question 242

In what type of mode does a wireless access point operate in?
Simplex
Half-duplex
Full-duplex

Answer 242

half-duplex

Question 243

What are the 4 basic types of wireless antennas?

Answer 243

• Omni-directional: most common type, short poles that transmit and receive signals with equal strength in all directions around a horizontal axis.
• Parabolic: dish antennas made of meshed wired grid or solid metal. used to extend wireless signals over great distances
• Sectorised: similar in shape to omni-directional antennas, but have reflectors that transmit signals in a particular direction to provide greater distance and less interference.
• Yagi: similar in appearance to a small tv aerial antenna. used for long distances in point to point or point to multipoint wireless applications.

Question 244

Access points and the wireless cards that connect to them must use the same WLAN 802.11 standard. True or False?

Answer 244

true

Question 245

What 3 modes can an access point operate in?

Answer 245

• Root mode: default config for most AP’s. directly connected to the wired network. also known as infrastructure mode
• Repeater mode: doesn’t connect directly to the wired network, but instead provides an upstream link to another AP. extends the range of the WLAN. also known as stand alone mode
  Bridge mode: rare config that isn’t supported in most AP’s. used to connect two separate wired network segments using an AP.

Question 246

What type of wireless architecture does not have any AP’s where the wireless devices communicate directly with each other in a peer to peer network?

Answer 246

Ad-hoc

Question 247

What are 3 common security techniques and protocols used by WLAN?

Answer 247

WEP
SSID
WPA

Question 248

Which WLAN security technique has the following characteristics?

• used to uniquely identify a wireless network
• wireless client must know it before connecting to the network

Answer 248

Service Set Identifier (SSID)

Question 249

Which WLAN protocol has the following characteristics?

• originally developed to provide the same confidentiality as on a wired network
• uses an RC4 stream cipher for confidentiality and a CRC-32 checksum for integrity
• uses a 40bit or 104 bit key with a 24bit initialisation vector(IV) to form a 64bit or 128bit key.
• WEP can easily be cracked due to the short initialisation vector used and other flaws

Answer 249

Wired Equivalent Privacy (WEP)

Question 250

Which two methods of authentication does WEP support?

Answer 250

Open System Authentication: require no credentials, but encrypts data after client has associated with AP
Shared Key Authentication: uses a 4 way handshake to authenticate with the AP and encrypts data thereafter

Question 251

What two tunnelling protocols can be used to enhance WEP security?

Answer 251

IPSec and SSH

Question 252

Which WLAN protocol has the following characteristics?

• provides significant security enhancements over WEP
• uses the Temporal Key Integrity Protocol (TKIP) to address some of the encryption problems in WEP.
• implements a sequence counter to prevent replay attacks and a 64-bit message integrity check
• supports various EAP extensions including EAP-TLS, EAP-TTLS and PEAP.

Answer 252

WiFi Protected Access (WPA)

Question 253

Which WLAN protocol has the following characteristics?

• supports various EAP extensions including EAP-TLS, EAP-TTLS and PEAP.
• is an enhancement to WPA
• uses the AES based algorithm Counter Mode with Cipher Block Chaining Message Authentication Protocol (CCMP) which replaces TKIP and WEP to produce a fully secure WLAN protocol

Answer 253

WiFi Protected Access 2 (WPA2)

Question 254

In relation to the WPA protocol, what is TKIP?

Answer 254

combines a secret root key with the initialisation vector by using a key mixing function

Question 255

Spam accounts for roughly what percentage of all email traffic?

Answer 255

85%

Question 256

What is a risk in using SMTP?

Answer 256

most SMTP servers are configured by default to forward or relay all mail regardless of whether the sender or recipient address is valid

Question 257

What is a Realtime Blackhole List (RBL) use for?

Answer 257

a blacklist of domain or IP addresses that are known to send spam

Question 258

What 3 risks can be associated with spam email?

Answer 258

• Missing or deleting important emails
• Viruses and other malicious code
• Phishing and Pharming scams

Question 259

How can clients and server be protected against the risks posed by email?

Answer 259

• placing mail servers within a DMZ
• unnecessary or unused services should be disabled (change the default relay setting)
• most other servers and client PC’s should have port 25 disabled
• implement a spam filter/secure mail gateway

Question 260

What is SPIM?

Answer 260

Spam over instant messaging

Question 261

What is SPIT?

Answer 261

Spam over Internet Telephony

Question 262

What are the two principal protocols that make up the World Wide Web?

Answer 262

HTTP (Hypertext Transfer Protocol)

HTML (Hypertext Mark-up Language)

Question 263

What is the difference between HTTP and HTML?

Answer 263

HTTP is the command and response language used by web browsers to communicate with web servers and HTML is the display language that the defines the appearance of web pages.

Question 264

name 3 common attacks on these protocols?

Answer 264

• Script injection: Hacker injects scripting language commads into forms on web pages in an attempt to fool the web server into sending the contents of a back end database
• Buffer overflow: Hackers try to send machine language instructions as part of queries to web servers in an attempt to run those instructions
  Denial of Service (DOS): an attacker can send specifically crafter queries to a web server to make it malfunctions or huge volumes of queries to make it stop working.

Question 265

Facsimile Security: 4 general administrative and technical controls?

Answer 265

• Using cover pages that include appropriate routing and classification markings
• Place fax machines in secure areas
• using secure phone lines
• Encrypting fax data

Question 266

What are 3 types of corporate telecommunications infrastructure?

Answer 266

PBX (Private Branch Exchange)
POTS (Plain Old Telephone Systems)
VoIP (Voice over IP)

Question 267

How can an organisation protect against fraud and abuse of telecommunications systems?

Answer 267

User security policy
regular auditing of calls
strong passwords and patching of systems

Question 268

What 5 methods can be used to forge Caller ID’s to perpetrate fraud or abuse?

Answer 268

• Using a calling card: using a long distance calling card often masks the origin of the call
• Using callerID services: commercial services are available that can generate any desired callerID
• Blocking callerID: some wireline or wireless telephone services block callerID
• Re-configure your telephone switch: a telephone switch connected via a trunk to a telephone network can send callerID data.
• VoIP: Simple IP smartphone or PC software can be used to generate false callerID data from VoIP phones

Question 269

name 8 common types of network attacks?

Answer 269

Bluejacking and Bluesnarfing
Fraggle
ICMP Flood
Session Hijacking (Spoofing)
Smurf
SYN Flood
Teardrop
UDP Flood

Question 270

Which type of network attack has the following characteristics?
- sending anonymous, unsolicited messages to Bluetooth enabled devices

Answer 270

Bluejacking

Question 271

Which type of network attack has the following characteristics?
- stealing personal data from Bluetooth enabled phones

Answer 271

Bluesnarfing

Question 272

Which type of network attack has the following characteristics?
- a variant of the SMURF attack that uses UDP packets instead ICMP packets

Answer 272

Fraggle

Question 273

Which type of network attack has the following characteristics?
- large number of ICMP packets (usually echo requests) sent to a target network to consume bandwidth or resources

Answer 273

ICMP flood

Question 274

Which type of network attack has the following characteristics?
- involves altering a TCP packet so that is appears to come from a known, trusted source

Answer 274

Session Hijacking (spoofing)

Question 275

Which type of network attack has the following characteristics?

• a variation of the ICMP flood attack
• ICMP echo request packets are sent to the broadcast address of the target network by using a spoofed address on the target network
• each echo request is then sent to every host on the network in which all hosts respond with an echo reply overwhelming available bandwidth or system resources

Answer 275

Smurf

Question 276

Which type of network attack has the following characteristics?
- TCP packets with a spoofed source address requests a connection (SYN). target responds with a (SYN-ACK) packet but source never responds. Half open connections are incomplete communications sessions which can overwhelm a systems resources whilst the system waits for the connection to timeout.

Answer 276

SYN flood

Question 277

Which type of network attack has the following characteristics?
- the length and fragmentation offset fields of sequential IP packets are modified causing the target system to become confused and crash.

Answer 277

Teardrop

Question 278

Which type of network attack has the following characteristics?
- large number of UDP packets are sent to the target network to consume bandwidth and resources

Answer 278

UDP Flood

Question 279

How can a Fraggle attack be countered?

Answer 279

Cisco routers can be used to disable TCP and UDP services.

Question 280

How can an ICMP Flood attack be countered?

Answer 280

Because ICMP isn’t required for normal network operations, the easiest defence is to drop ICMP packets at the router or filter them at the firewall

Question 281

how can a Smurf attack be countered?

Answer 281

Dropping ICMP packets at the router

Question 282

How can SYN Flood attacks be countered?

Answer 282

Can be countered on Cisco routers using two methods:

• TCP intercept which proxies for half-open connections
• Committed Access Rate: limits bandwidth available to certain types of traffic

Other defences include changing the default maximum number of TCP half-open connections and reducing the timeout period on networked systems

Question 283

How can UDP Flood attacks be countered?

Answer 283

drop unnecessary UDP packets at the router

Question 284

What is fragmentation at the Network layer?

Answer 284

IP will sub-divide a packet if its size is greater than the maximum size allowed on the local network.

Question 285

What advantages does RIPv2 provide over RIPv1?

Answer 285

• Carries a subnet mask
• Supports password authentication security
• specifies the next hop address
• does not require that routes be aggregated on the network boundary

Question 286

What is an advantage to using OSPF?

Answer 286

results in smaller, more frequent updates everywhere. they converge quickly so can prevent routing loops and Count-to-Infinity (when router continually increment the hop count)

Question 287

What is a disadvantage to using OSPF?

Answer 287

require large amounts of CPU and memory

Question 288

Which Routing protocol uses a hierarchical structure and supports classless IP address ranges?

Answer 288

OSPF

Question 289

What is the latest version of RIP, OSPF and BGP respectively?

Answer 289

RIPv2
OSPFv2
BGPv4

Question 290

Which routing protocol allowed the internet to become a de-centralised system?
RIP, OSPF or BGP?

Answer 290

BGP

Question 291

Hosts using which routing protocol communicate using TCP and send updated router table information when one host has detected a change? (only the affected part of the routing table is sent)
RIP, OSPF, BGP

Answer 291

BGP

Question 292

What are the two message categories in ICMP?

Answer 292

Error Messages

Query Messages

Question 293

What are the 4 main functions of ICMP?

Answer 293

• Announce network errors
• Announce network congestion
• Assist troubleshooting
• Announce timeouts

Question 294

IPv4, ICMP, OSPF, IPSec, IPX are all associated with which OSI layer?

Answer 294

Network layer

Question 295

What are the 6 control bits used by TCP during data transmission?

Answer 295

URG: Urgent Pointer Field Significant
ACK: Acknowledgement Field Significant
PSH: Push Function
RST: Reset the connection
SYN: Sync sequence numbers
FIN: No more data from sender

Question 296

In a 3 way handshake what assurance does the acknowledgement number provide to the client that requested the connection?

Answer 296

proof to the client that the ACK is specific to the SYN the client initiated.

Question 297

TCP, UDP, SPX, RDP are examples of protocols at which OSI layer?

Answer 297

Transport

Question 298

What is the H.245 protocol and which layer is it used at?

Answer 298

Call control protocol for multimedia communication used at Session layer.

Question 299

L2TP, NetBIOS, PAP, PPTP, RPC are used at which OSI layer?

Answer 299

Session

Question 300

What are the two sub-layers of the Presentation layer?

Answer 300

CASE (Common Application Service Element) - provides services for the application layer and request services from the session layer
SASE (Specific Application Service Element) - provides application specific services

Question 301

FTP, MIME, Telnet are common protocol at which OSI layer?

Answer 301

Presentation

Question 302

FTP, SMTP, HTTP, LDAP, DNS, DHCP are protocols at which OSI layer?

Answer 302

Application

Question 303

The following classes of firewall operate at which OSI layers respectively?
Application Proxy
Circuit gateway
Packet switched

Answer 303

Application Proxy - Application
Circuit gateway - Session
Packet Filter (SPF) - Network

Question 304

IP classes explained:

Answer 304

Class, Range of first octet, No. of octets for Network No., No. of hosts in network.

A 1-127,         1,                 16,777,216
B 128-191,     2,                65,536
C 192-223,   3,                256
D 224-239,  Multicast
E 240-255,   Reserved

Question 305

What Classless Interdomain Routing? (CIDR)

Answer 305

does not require that a new address be allocated based on the number of hosts in a network class. used to address shortage of IP’s

Question 306

Ports are broken into 3 ranges. What are they?

Answer 306

Well known Ports: 0 to 1023
Registered Ports: 1024 to 49151
Dynamic or Private Ports: 49152 to 65535

Question 307

What can be the reason for choosing a registered port than a well known port?

Answer 307

On most systems, the user may not have the privileges to run an application on a well known port.

Question 308

Which protocol is more susceptible to spoofing? TCP or UDP?

Answer 308

UDP

Question 309

What is the difference between an extranet and a DMZ?

Answer 309

Extranet offers controlled access to authenticated connections, whereas a public facing server in a DMZ must normally support unauthenticated connections.

Question 310

What is RFC 3118 in relation to DHCP?

Answer 310

specifies how to implement authentication for DHCP messages so that messages are rejected from invalid sources, ie a protects against an attacker pluggin his machine into a port.

Question 311

In what 4 ways can Ping/tracert (ICMP) maliciously be used?

Answer 311

• Ping of Death: (ICMP echo greater than legal packet limit 65,536 bytes)
• ICMP re-direct attacks: tells a host to use an attackers machine as default route
• Ping scanning: basic technique that helps narrow the scope of an attack.
• Traceroute exploitation: map a victim network to learn about its routing

Question 312

What type of tool is Firewalk?

Answer 312

similar to traceroute but instead enumerates a firewall rulset.

Question 313

What is the Internet Group management Protocol (IGMP)?

Answer 313

used to manage multi-casting groups, which are a set of hosts anywhere on a network that are interested in a particular multi-cast.

Question 314

What are the 3 versions of IGMP?

Answer 314

Ver1: periodically sends queries to a host on its network to update its database of multicast groups membership. Hosts stagger their replies to prevent a storm of traffic. when replies no longer come, agents will stop forwarding multicasts to that group.
Ver2: extends functionality of ver1. does 2 queries, general query and group specific query.
Ver3: allows hosts to specify from which sources they want to receive multicasts.

Question 315

Which Routing Protocol supports automatic failover of routers?

Answer 315

Virtual Router Redundancy Protocol (VRRP)

Question 316

What is RPC (Remote Procedure Call)?

Answer 316

provides a brokering service between client and application, ie authentication.

Question 317

Why is RPC not used over the open internet?

Answer 317

weak authentication mechanism which can be leveraged for privilege escalation by an attacker.

Question 318

CORBA and DCOM are examples of what protocol?

Answer 318

RPC

Question 319

What is DNSSEC?

Answer 319

DNS authentication

Question 320

What are 3 ways of enhancing DNS security?

Answer 320

DNSSEC
Multicasting
Service Directory

Question 321

What port does DNS use?

Answer 321

53

Question 322

Can LDAP security be subverted by breaking DNS?

Answer 322

Yes

Question 323

What ports are used by NetBIOS for TCP and UDP respectively?

Answer 323

TCP: 137 and 138
UDP: 135 (used for remote procedure calls) and 139

Question 324

NIS is a directory service commonly used by which environment?

Answer 324

Unix

Question 325

What is a weakness of NIS?

Answer 325

Uses RPC

Question 326

What is NIS+?

Answer 326

enhancement to NIS that uses Secure RPC.

Question 327

What is CIFS/SMB?

Answer 327

A file sharing protocol on Windows. (freeSAMBA is UNIX alternative) designed to run on top of NetBIOS on TCP port 445. authentication can be performed via challenge response.

Question 328

What is the main weakness of CIFS/SMB? (Common Internet File System/Server Message Block)

Answer 328

passwords delivered in clear text.

Question 329

What is NFS (Network File Sharing) system?

Answer 329

Used by Unix, but can also exist on Linux, Windows, etc.

Question 330

What are the 4 versions of NFS?

Answer 330

2, UDP, uses RDP, stateless protocols
3 TCP, uses RDP, stateless protocols
4 TCP, stateful, uses encryption based on kerberos.

Question 331

What are 3 ways of securing NFS?

Answer 331

Secure NFS (DES encryption)
Using NFS version 4
tunnel NFS through SSH

Question 332

What port does SMTP use?

Answer 332

25

Question 333

What are the two main weaknesses of SMTP?

Answer 333

lack of authentication and encryption

Question 334

What is the enhancement to SMTP which allows authentication?

Answer 334

ESMTP

Question 335

What 2 ports does FTP use?

Answer 335

20 Data stream

21 Control stream

Question 336

What are 3 ways of securing FTP?

Answer 336

• Secure FTP with TLS: uses AUTH TLS to request that FTP session be encrypted
• SFTP (SSH File Transfer Protocol): not an SFTP protocol so clients cannot be used to talk to an SFTP server, however encrypts both commands and data unlike standard FTP.
• FTP over SSH: refers to the practice of tunnelling a normal FTP session over SSH. protects only the channel.

Question 337

What are the two transfer modes of FTP?

Answer 337

Active (server initiates connection) not common and should be blocked by firewall.
Passive (client initiates connection)

Question 338

What is anonymous FTP

Answer 338

guest authentication

Question 339

What is Trivial File Transfer Protocol (TFTP)?

Answer 339

used when authentication is not need. simplified version of FTP. operates on UDP 69

Question 340

When is TFTP most commonly used?

Answer 340

In LAN’s for pulling packages, ie in booting up a diskles client or deploying images to a client environment

Question 341

What are 3 types of HTTP proxies?

Answer 341

• Anonymising Proxies: allows the anonymisation of HTTP requests. JAP is an example
• Open proxy Servers: allows unrestricted access to GET commands from the internet, potentially to be used to launch an attack.
• Content Filtering

Question 342

What is the best way of separating application gateways from the proxy for web browsing?

Answer 342

A reverse proxy.

Question 343

Why should a reverse proxy be used?

Answer 343

allows direct access from he internet

Question 344

What is HTTP Tunnelling?

Answer 344

Allows tunnelling of applications through firewall

Question 345

What is the main concern when using mult-layer protocols?

Answer 345

Outdated components

Question 346

What two terms are most commonly associated with Multi-layer protocols?

Answer 346

SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control System)

Question 347

What are 6 vulnerabilities associated with SCADA?

Answer 347

• Network Perimeter Vulnerabilities
• Protocol Vulnerabilities through stack
• Database Insecurities
• Session Hijacking MIM attacks
• OS and server weaknesses
• Device and vendor Backdoors

Question 348

What are two standard industrial communication protocols?

Answer 348

MODBUS and FIELDBUS

Question 349

What are weaknesses of the MODBUS and FIELDBUS industrial communication protocols?

Answer 349

• focus in on uptime not security
• send information in cleartext
• little or no authentication

Question 350

What is the best way of protecting SCADA systems?

Answer 350

physical controls

Question 351

What is a key security function of a boundary router?

Answer 351

To prevent IP spoofing

Question 352

What are 3 types of IP spoofing attacks?

Answer 352

Non-blind spoofing: attacker on same subnet as victim
Blind spoofing: packets sent to victim to determine sequence numbers
Man in the Middle attack: interception of a legitimate communication (both blind and non-blind spoofing are types of MitM attacks)

Question 353

How does an OS protect against blind spoofing?

Answer 353

uses random sequence number generation

Question 354

Network partitioning often includes 3 common security zones. What are they?

Answer 354

• DMZ, Application Zone, Internal Zone.

Question 355

Which network zone would you place proxy servers, SMTP or DNS?

Answer 355

DMZ

Question 356

Which network zone would you place web servers, DB, AV, etc?

Answer 356

Application Zone

Question 357

A terminal server is a type of which host? Dual-homed or Bastion?

Answer 357

Bastion

Question 358

Why are modems discouraged on networks?

Answer 358

allow remote users to access a network from almost any analog phone line. allows a backdoor into the network.

Question 359

What is a modem?

Answer 359

a modem connected to a user’s computer converts digital signal to analog to be transmitted over a phone line

Question 360

What is a way of combating legacy equipment such as modems on a network?

Answer 360

Telephony firewalls

Question 361

What is a Concentrator?

Answer 361

multiplex connected devices into one signal , ie FDDI

Question 362

What is GSM?

Answer 362

Global Service for Mobile Communications

Question 363

Should Wireless Access Point placement focus on security or strong signal?

Answer 363

Strong signal

Question 364

WPA supports which type of authentication?

Answer 364

IEEE 802.1x based on the EAP framework

Question 365

What are the 3 EAP authentication models?

Answer 365

EAP-TLS: client server authentication with certificates. more secure but more overhead with managing certificates
EAP-TTLS: less secure as only server presents certificate to client, however less overhead to administer
EAP-PEAP: similar to EAP-TLS. server authenticates to client with cert and client employs non-digital cert mechanism to authenticate with server. easier to administer, but still a lack of client side cert

Question 366

What enhancements does WPA2 provide to WEP and WPA?

Answer 366

• uses 802.1x access control to start an EAP authentication method
• uses Counter Mode/CBC-MAC protocol (CCMP for encryption

Question 367

In relation to Bluetooth what is a Blue Bug attack?

Answer 367

an attacker can use the AT commands on a victims phone to initiate calls, send messages

Question 368

What is the IEEE 802.16 standard?

Answer 368

WiMAX. Fixed mobile wireless solution meaning that the client devices are highly portable but whilst not in use. 802.16a deals with issues such as improved access. useful for access to MAN network. allow wireless access from long distances

Question 369

What does WiMax use to protect confidentiality of data?

Answer 369

AES and authentication options including EAP.

Question 370

What is alternative technology to running fiber cables through a building?

Answer 370

Wireless Optics: uses infra-red light or lasers to transmit data between two receivers. have advantages over microwave as they are more difficult to intercept, however they are un-reliable due to weather

Question 371

Light emitting Diodes (LEDs) and Diode Lasers are two types of what?

Answer 371

Fiber Optics

Question 372

Why would you use Diode Lasers over LED’s n fiber optics?

Answer 372

more bandwidth and distance

Question 373

What is the difference between single mode and multi-mode fiber?

Answer 373

in single mode, light is transmitted in a direct path down cable. single mode allows for greater bandwidth, longer cables and is suitable for carrier networks

Question 374

Where should firewalls be installed?

Answer 374

Between Domain Trusts

Question 375

What are two important conditions used to determine if a packet should be filtered by a firewall?

Answer 375

Address: source/destination address
Service: ie port number TCP UDP

Question 376

An extension to NAT that translates all addresses into one routable IP address if using multiple ports is known as what?

Answer 376

Port Address Translation (PAT)

Question 377

What is HAIPE (High Assurance Internet Protocol Encryptor)?

Answer 377

based on IPSec, possesses additional restrictions and enhancements. has the ability to encrypt multi-cast data using high assurance hardware encryption which requires that the same key be loaded on all communicating devices. Often used in military.

Question 378

What is SOCKS?

Answer 378

a circuit proxy server where users employ a SOCKS client to access a remote server.the client initiates a connection to the SOCKS proxy server which accesses the remote server on behalf of the client.

Question 379

What is a key advantage of SOCKS over other VPN’?

Answer 379

The ability to use proxy servers

Question 380

What is a PSTN (Modems and Public Switched Telephone Networks)?

Answer 380

designed for analog communications, but today used for data connections over WAN’s.

Question 381

What is the Extensible Messaging and Presence Protocol (XMAPP) and Jabber?

Answer 381

• open instant messaging protocol
• server based app designed to interact with other instant messaging apps.
• anyone can offer a Jabber server making the network untrusted.
• traffic can be encrypted using TLS, though it does not stop eavesdropping on server.
• offers both cleartext and challenge response authentication though credentials are cached on jabber server.

Question 382

What is Internet relay Chat? (IRC)

Answer 382

• chat system that typically operates through terminal or telnet connections which leave no log related to file transfers.
• client/server based and unencrypted
• common platform for social engineering attacks

Question 383

What 4 things does security of instant messaging rely on?

Answer 383

• strength of the protocol
• quality of the implementation
• trustworthiness of the operator
• behaviour of the user

Question 384

What ports does RADIUS typically operate across?

Answer 384

1812 and 1813, both TCP and UDP

Question 385

What ports does SNMP operate accross?

Answer 385

161 and 162 for both TCP and UDP

Question 386

What port does Telnet operate on?

Answer 386

TCP 23

Question 387

What is rlogin, rsh and rcp?

Answer 387

rlogin: protocol for granting remote access to a machine, normally a Unix server.
rsh: grants direct remote command execution
rcp: copies data from or to a remote machine

Question 388

What are the weaknesses or rlogin?

Answer 388

unencrypted
authentication is host/IP based. although it will take a user ID, the ID is not verified as rlogin relies on trustworthiness of the host.

Question 389

What is a secure alternative to rlogin, crp, rsh?

Answer 389

SSH

Question 390

What ports do virtual network terminal services typically operate across?

Answer 390

80TCP or 443UDP

Question 391

What is the main method of protecting terminal services?

Answer 391

Patching

Question 392

What is a teleworker?

Answer 392

A mobile worker

Question 393

What is the Tree Network Topology?

Answer 393

similar to a bus, except devices connect to a branching cable.

Question 394

What is CSMA (Carrie Sense Multiple Access)?

Answer 394

• only one device can transmit a time
• devices compete for available bandwidth
• referred as a contention-based protocol.

Question 395

What two types of CSMA exist?

Answer 395

CSMA/CA(collision avoidance): uses jamming signals so other devices don’t transmit. used in the 802.11 wireless standard
CSMA/CD(collision detection): listens for carrier before transmitting data. used as part of the IEEE 802.3 (ethernet) standard

Question 396

What IEEE standard does token ring use?

Answer 396

IEEE 802.5

Question 397

What attack allows an attacker to move across VLAN’s?

Answer 397

VLAN hopping

Question 398

What is port scanning?

Answer 398

The act of probing tcp services on a machine

Question 399

FIN, NULL and XMAS scanning explained:

Answer 399

request to close a connection sent to a target machine. works with UNIX, not Windows. if a response is received it provides recognition that port is open.

Question 400

How to protect against a FIN attack?

Answer 400

Firewall Stealth Mode

Question 401

What is a network tap?

Answer 401

a device with the ability to copy all data flowing through a network in real time for analysis and storage. can also be deployed for purposes of compliance with legal requirements related to retention of records/transactions for fraud.

Question 402

What are the 4 common steps in the methodology of a network attack?

Answer 402

-Target Acquisition: intelligence gathering through network scanning. split network security zone, NAT, etc can protect against this.
target Analysis: target analysed for security weaknesses/vulnerabilities
Target Access: social engineering, unauthorised access via vulnerability.
Target Appropriation: escalate privileges

Question 403

What are two types of scanning tools?

Answer 403

Nessus: vulnerability scanner
NMap: discovery scanner

Question 404

What is the difference between a vulnerability scan and a penetration scan?

Answer 404

Vulnerability scan uncovers vulnerabilities, whereas penetration scanning exploits them

Question 405

What is an Overlapping fragment attack?

Answer 405

used to subvert packet filters that only check the first fragment of a fragmented packet. other packets follow that overwrite the first fragment with malicious data. solution is for TCP/IP stacks not to allow fragments to overwrite each other.

Question 406

What is source routing exploitation and how would you protect against it?

Answer 406

where an attacker can specify the path to take to a destination. source routing can be disabled on routers

Question 407

What is the main weakness of Network News Transport Protocol (NNTP)?

Answer 407

Authentication. confidentiality is less of a concern as the message is supposed to be published, rather proper identification and authentication of the sender is the issue.

Question 408

What is the Finger User Information Protocol?

Answer 408

An identification service that allows a user to obtain information about the last login time of a user and whether he or she s currently logged in. implemented as a UNIX daemon.

Question 409

Why is the Finger User information protocol no longer widely used?

Answer 409

• has been subject to a number of security exploits
• raises privacy and security concerns. can be abused for social engineering
• the users self-actuation

Question 410

What ports does NTP (Network Time Protocol) use?

Answer 410

TCP and UDP 123

Question 411

How to protect NTP?

Answer 411

• restrict access based on IP
• NTP3 uses symmetric encryption for authentication
• NTP4 uses asymmetric encryption for authentication

Question 412

What is the main countermeasure to DNS spoofing?

Answer 412

establish DNS servers dedicated to their domain and vigorously monitor them. an internal DNS server which only accepts queries from the internal network/users.

Question 413

To avoid Information Disclosure in DNS, what should a business do?

Answer 413

Use split-DNS zones and refrain from using telling name conventions for servers.

Question 414

What are split naming zones?

Answer 414

names of hosts that are only accessible on the intranet that are available on the internet

Question 415

What is TCP SYN scanning?

Answer 415

no complete connection is opened. instead only the initial steps of the handshake are performed. makes the scans harder to detect but can’t be stopped by firewalls.