Test Ch. 9-12

Question 1

Connection-oriented Communication

Answer 1

A protocol that does not establishes a connection between two hosts before transmitting data and verifies receipt before closing the connection between the hosts. TCP is an example of a connection-oriented protocol.

Question 2

Connectionless Communication

Answer 2

A protocol that does not establish and verify a connection between the hosts before sending data; it just sends the data and hopes for the best. This is faster than connection-oriented protocols. UDP is an example of a connectionless protocol.

Question 3

Session

Answer 3

Any single communication between a computer and a another computer.

Question 4

TCP

Answer 4

Transmission Control Protocol - enables connection-oriented communication in networks that use the TCP/IP protocol suite.

Question 5

TCP Three-way handshake

Answer 5

.

Question 6

If the network is not visible on the Internet, the DNS naming convention does not require top-level domain names such as .com or .org

Answer 6

True

Question 7

As the Internet grew, HOSTS replaced DNS

Answer 7

False

Question 8

Which is the correct sequence according to the DNS naming convention?

Answer 8

Host.Domain.Root

Question 9

Symmetric-key encryption is what we call any encryption that uses the same key for both encryption and decryption.

Answer 9

True

Question 10

This is a mathematical function that creates a checksum, and which is used by most forms of nonrepudiation.

Answer 10

Hash

Question 11

This protocol offers a method for querying the state of certain network devices

Answer 11

SNMP

Question 12

Hubs, switches and routers all work at layer 1 of the OSI seven-layer model.

Answer 12

False

Question 13

Microsoft Exchange is an example of a dedicated e-mail client.

Answer 13

False

Question 14

This is one example of the many programs that use the BitTorrent file-sharing protocol in modern peer-to-peer implementations.

Answer 14

µTorrent

Question 15

VPNs use encryption.

Answer 15

True

Question 16

UDP

Answer 16

User Datagram Protocol - Part of the TCP/IP protocol suite, a connectionless protocol that is an alternative to TCP.

Question 17

DHCP

Answer 17

Dynamic Host Configuration Protocol - uses UDP - DHCP clients uses port 67 for sending data, DHCP servers use port 68 for sending data.

Question 18

NTP/SNTP

Answer 18

Network Time Protocol. Simple Network Time Protocol.

Question 19

TFTP

Answer 19

Trivial File Transfer Protocol enables you to transfer from one machine to another. Doesn’t have any protection. Uses port 69.

Question 20

ICMP

Answer 20

Internet Control Message Protocol

Question 21

IGMP

Answer 21

Internet Group Managment Protocol

Question 22

Well-known Port Numbers

Answer 22

Port numbers between 0 and 1023

Question 23

Ephemeral Port Numbers

Answer 23

1024-5000

Question 24

Dynamic or Private Port Numbers

Answer 24

49152-65535

Question 25

IANA

Answer 25

Internet Assigned Numbers Authority

Question 26

Registered Ports

Answer 26

1024-49151

Question 27

Socket or Endpoint

Answer 27

Terms for the connection data stored on a single computer

Question 28

Netstat

Answer 28

Show me the endpoint command utility

Question 29

FTP

Answer 29

File Transfer Protocol - used for large files.

Question 30

SMTP

Answer 30

Simple Mail Transfer Protocol - port 25, used by clients to send messages.

Question 31

POP3

Answer 31

Post Office Protocol version 3 - receive e-mail from SMTP servers. POP3 uses TCP port 110.

Question 32

IMAP4

Answer 32

Internet Message Access Protocol version 4. Retrieves e-mail from an e-mail server. IMAP4 enables you to search through messages on the mail server to find specific keywords and select the messages you to download onto your machine.

Question 33

Remote Login

Answer 33

rlogin - works over TCP port 513

Question 34

Remote Shell

Answer 34

RSH - runs over TCP port 514

Question 35

Remote Copy Protocol

Answer 35

RCP - TCP port 524

Question 36

Telnet

Answer 36

A program that enables users on the internet to log onto remote systems from their own host systems.

Question 37

Secure Socket Layer

Answer 37

SSL - A protocol developed by Netscape for transmitting private documents over the Internet

Question 38

What 3 things make a secure website?

Answer 38

1. Authentication
2. Encryption
3. Nonrepudiation

Question 39

HTTPS

Answer 39

Hypertext Transfer Protocol over SSL - uses port 443.

Question 40

DNS

Answer 40

Domain Name System - name resolution protocol

Question 41

WINS

Answer 41

Windows Internet Name Service

Question 42

HOSTS File

Answer 42

The predecessor to DNS, a static text file that resides on a computer and is used to resolve DNS host names to IP addresses. The HOSTS file is checked before the machine sends a name resolution request to a DNS name server. The HOSTS file has no extension.

Question 43

TLD

Answer 43

Top-level Domain

Question 44

FQDN

Answer 44

Fully Qualified Domain Name - A complete DNS name, including the host name and all of its domains (in order).

Question 45

Name Servers

Answer 45

A computer whose job is to know the name of every other computer.

1. DNS server
2. Zone
3. Record

Question 46

CNAME

Answer 46

Canonical name - Less common type of DNS record that acts as a computer’s alias.

Question 47

PKI

Answer 47

Public-key Infrastructure - The system for creating and distributing digital certificates using sites like Verisign, Thawte or GoDaddy.

Question 48

Authentication

Answer 48

A process that proves good data traffic truly came from where it says it originated by verifying the sending and receiving users and computers.

Question 49

Authorization

Answer 49

A step in the AAA philosophy during which a client’s permissions are decided upon.

Question 50

Nonrepudiation

Answer 50

The process that guarantees the data is as originally sent and that it came from the source you think it should have come from.

Question 51

Hash

Answer 51

A mathematical function that you run on a string of binary digits of any length that results in a value of some fixed length (often called a checksum or a digest.)

Question 52

SHA

Answer 52

Secure Hash Algorithm

Question 53

MD5

Answer 53

Message-Digest Algorithm version 5, hashing function.

Question 54

Encryption

Answer 54

A method of securing messages by scrambling and encoding each packet as it is sent across an unsecured medium, such as the Internet. Each encryption level provides multiple standards and options.

Question 55

DNS Server

Answer 55

A DNS server is a computer running DNS server software.

Question 56

Zone

Answer 56

A zone is a container for a single domain that gets filled with records.

Question 57

Record

Answer 57

A record is a line in the zone data that maps an FQDN to an IP address.

Question 58

Authoritative DNS server

Answer 58

Also called Start of Authority or SOA, A DNS server that has a single zone that lists all the host names on the domain and their corresponding IP addresses.

Question 59

Cached lookups

Answer 59

The list kept by a DNS server of IP addresses it has already resolved, so it won’t have to re-resolve it an FQDN it has already checked.

Question 60

Forward lookup zones

Answer 60

The storage area in a DNS server to store the IP addresses and names of systems for a particular domain or domains.

Question 61

NS Records

Answer 61

Records that list the DNS servers for a Web site.

Question 62

A Records

Answer 62

A list of the IP addresses and names of all the systems on a DNS server domain.

Question 63

MX Records

Answer 63

Mail Exchange

Question 64

Reverse Lookup Zones

Answer 64

A DNS setting that resolves IP addresses to FQDNs. In other words, it does exactly the reverse of what DNS normally accomplishes using forward lookup zones.

Question 65

PTR

Answer 65

Pointer Record - points to canonical names.

Question 66

NetBIOS/NetBEUI

Answer 66

NetBIOS-A protocol that operates at the Session layer of the OSI model. Creates and manages connections based on the names of the computers involved.
NetBEUI-Microsoft’s first networking protocol, designed to work with NetBIOS. Did not support routing.

Question 67

CIFS

Answer 67

Common Internet System

Question 68

Windows Domain

Answer 68

A group of computers controlled by a computer running Windows Server, which is configured as a domain controller.

Question 69

Workgroup

Answer 69

A convenient method of organizing computers under Network/My Network Places in Windows operating systems.

Question 70

Active Directory

Answer 70

An organization of related computers that shares one or more Windows domains.

Question 71

DDNS

Answer 71

Dynamic DNS - updates of IP addresses

Question 72

DNSSEC

Answer 72

DNS Security Extensions - a set of authentication and authorization specifications designed to prevent bad guys from impersonating legitimate DNS servers.

Question 73

EDNS

Answer 73

Extension Mechanisms for DNS - A specification that expands several parameter sizes, but maintains backward compatibility with DNS servers that don’t use it.

Question 74

nslookup

Answer 74

name server lookup - command enables DNS server queries.

Question 75

Dig

Answer 75

Domain information groper -

Question 76

LMHOSTS

Answer 76

A static text file that resides on a computer and is used to resolve NetBIOS names to IP addresses. The LMHOSTS file is checked before the machine sends a name resolution request to a WINS name server. The LMHOSTS file has no extension.

Question 77

WINS Proxy Agent

Answer 77

A WINS relay agent that forwards WINS broadcasts to a WINS server on the other side of a router to keep older systems from broadcasting in place of registering with the server.

Question 78

nbstat

Answer 78

A command-line utility used to check the current NetBios name cache on a particular machine. The utility compares NetBIos names to their corresponding IP addresses.

Question 79

Plaintext

Answer 79

Data is in an easily read or viewed idustry-wide standard format. Cleartext.

Question 80

Cipher

Answer 80

A series of complex and hard-to-reverse mathematics-called an algorithm-you run on a string of ones and zeroes to make a new set of seemingly meaningless ones and zeroes.

Question 81

Complete Algorithm

Answer 81

Is both the cipher and the implementation of that cipher.

Question 82

Ciphertext

Answer 82

The output when cleartext is run through a cipher algorithm using a key.

Question 83

Symmetric-Key Algorithm

Answer 83

Any encryption that uses the same key for both encryption and decryption.

Question 84

Asymmetric-Key Algorithm

Answer 84

Any encryption that uses different keys for encryption and decryption.

Question 85

Block Ciphers

Answer 85

They encrypt data in single chunks of a certain length at a time.

Question 86

Stream Cipher

Answer 86

Takes a single bit at a time and encrypts on-the-fly.

Question 87

DES

Answer 87

Data Encryption Standard - Granddaddy of TCP/IP symmetric-key algorithm. Used a 64-bit block and 56-bit key.

Question 88

Rivest Cipher 4

Answer 88

Stream Cipher

Question 89

AES

Answer 89

Advanced Encryption Standard - a block cipher, uses 128-bit block size and 128-, 192-, or 256- bit key size.

Question 90

Public Key Cryptography

Answer 90

A method for exchanging digital keys securely.

Question 91

RSA

Answer 91

Rivest Shamir Adelman - Enabled secure digital signatures

Question 92

SHA

Answer 92

Secure Hash Algorithm

Question 93

Digital Signature

Answer 93

A string of ones and zeroes that can only be generated by the sender.

Question 94

Certificate

Answer 94

A standardized type of digital signature that includes the digital signature of a third party, a person or a company that guarantees that who is passing out this certificate is truly who they say they are.

Question 95

ACL

Answer 95

Access Control List - A clearly defined list of permissions that specify what an authenticated user may perform on a shared resource.

Question 96

MAC

Answer 96

Mandatory Access Control - Every resource is assigned a label that defines its security level.

Question 97

DAC

Answer 97

Discretionary Access Control - The idea that a resource has an owner who may at his discretion assign access to that resource. More flexible.

Question 98

RBAC

Answer 98

Role-based Access Control - Defines a user’s access to a resource based on the roles the user plays in the network environment.

Question 99

PPP

Answer 99

Point-to-point - enables two point-to-point devices to connect, authenticate with a user name and password, and negotiate the network protocol the two devices will use.

Question 100

Link Dead

Answer 100

There isn’t a link yet. This phase is when all PPP conversations begin. The main player at this is the Link Control Protocol (LCP). The LCP’s job is to get the connection going.

Question 101

Link Establishment

Answer 101

The LCP communicates with the LCP on the other side of the PPP link, determining a good link.

Question 102

Termination

Answer 102

When done nicely, the two ends of the PPP connection send each other a few termination packets and the link is closed.

Question 103

PAP

Answer 103

Password Authentication Protocol - Transmits the user name and password over the connection in plaintext.

Question 104

CHAP

Answer 104

Challenge Handshake Authentication Protocol - Relies on hashes based on a shared secret.

Question 105

AAA

Answer 105

Authentication, Authorization, and Accounting - designed for the idea of port authentication -the concept of allowing remote users authentication to a particular point-of-entry (a port) to another network.

Question 106

RADIUS

Answer 106

Remote Authentication Dial-In User Service - AAA Standard,

Question 107

NASs

Answer 107

Network Access Servers - control the modems, and a group of systems that dial into the network.

Question 108

IAS

Answer 108

Internet Authentication Service - Microsoft

Question 109

FreeRadius

Answer 109

UNIX/Linux

Question 110

TACACS+

Answer 110

Terminal Access Controller Access Control Sustem Plus - A proprietary protocol developed by Cisco to support AAA in a network with many routers and switches. Similar to RADIUS but uses TCP port 49.

Question 111

Kerberos

Answer 111

An authentication protocol that has no connection to PPP. Authentication protocol for TCP/IP networks with many clients all connected to a single authenticating server.

Question 112

KDC

Answer 112

Key Distribution Center - has two processes, AS and TGS.

Question 113

AS

Answer 113

Authentication Server

Question 114

TGS

Answer 114

Ticket-Granting Service

Question 115

TGT

Answer 115

Ticket-Granting Ticket or token or access token

Question 116

EAP

Answer 116

Extensible Authentication Protocol - used in wireless networks

Question 117

EAP-PSK

Answer 117

Personal shared key

Question 118

EAP-TLS

Answer 118

Transport Layer Security

Question 119

EAP-TTLS

Answer 119

Tunneled TLS

Question 120

EAP-MS-CHAPv2 or PEAP

Answer 120

Protected Extensible Authentication Protocol - password function based on MS-CHAPv2 with the addition on an encrypted TLS tunnel.

Question 121

EAP-MD5

Answer 121

Uses MD5 hases for transfer of authentication credentials. Weak.

Question 122

LEAP

Answer 122

Lightweight Extensible Authentication Protocol -

Question 123

802.1

Answer 123

Port-authentication network access control mechanism for networks.

Question 124

SSH

Answer 124

Secure Shell

Question 125

Tunnel

Answer 125

An encrypted link between two programs on two separate computers.

Question 126

SSL

Answer 126

Secure Socket Layer - requires a server with a certificate. Limited to HTML, FTP, SMTP,

Question 127

TLS

Answer 127

Transport Layer Security - Designed as an upgrade to SSL. No restrictions.

Question 128

IPsec

Answer 128

Internet Protocol Security - Authentication and encryption protocol suite that works at the Internet/Network layer. Transport mode and Tunnel mode.

Question 129

AH

Answer 129

Authentication Header - for authentication

Question 130

ESP

Answer 130

Encapsulating Security Payload - for implementing authentication and encryption.

Question 131

ISAKMP

Answer 131

Internet Security Association and key Management Protocol - for establishing security associations (SAs) that define things like the protocol used for exchanging keys.

Question 132

IKE and IKEv2

Answer 132

Internet Key Exchange and Kerberized Internet Negotiation of Keys (KINK), two widely used key exchanging protocols.

Question 133

SCP

Answer 133

Secure Copy Protocol

Question 134

SFTP

Answer 134

Secure FTP

Question 135

OpenSSH

Answer 135

A series of secure programs developed by the OpenBSD organization to fix SSH’s limitation of only being able to handle one session per tunnel.

Question 136

SNMP

Answer 136

Simple Network Management Protocol - method for querying the state of SNMP-capable devices.

Question 137

MIB

Answer 137

Management Information Base

Question 138

LDAP

Answer 138

Lightweight Directory Access Protocol - tool that programs use to query and change a database used by the network.

Question 139

NTP

Answer 139

Network Time Protocol - uses port 123

Question 140

P2P

Answer 140

Peer-to-peer - any system can act as a server, client, or both.

Question 141

VPN

Answer 141

Virtual Private Network

Question 142

PPTP

Answer 142

Point-to-point tunneling protocol

Question 143

RRAS

Answer 143

Routing and Remote Access Service

Question 144

L2TP

Answer 144

Layer 2 Tunneling Protocol

Question 145

VPN Concentrator

Answer 145

A VPN-capable router

Question 146

SSL VPNs

Answer 146

Work at the application layer.

Question 147

Trunking

Answer 147

The process of transferring VLAN between two or more switches.

Question 148

Trunk Port

Answer 148

A port on a switch configured to carry all traffic, regardless of VLAN number, between all switches in a LAN.

Question 149

VLAN

Answer 149

Virtual Local Area Network - A single physical broadcast domain and chop it up into multiple virtual broadcast domains.