Untitled 17 Flashcards
__ topology e.g. Ethernet, ATM defines the rules of communication across the __ topology.
Logical topology (layer 2), Physical topology (layer 1)
__ applies labels to packets, is commonly used to privately control international networks and is much cheaper than dedicated lines.
MPLS (Multi Protocol Label Switching)
__ are asynchronous devices that provide dial-in and dial-out connections.
Access servers
__ are distributed series of caching web servers, designed to improve performance and availability by bring data closer to the end user.
CDN (Content Distribution Network)
__ are the signaling protocols and __ is the packetization of your voice.
SIP and H.323 (which is wrapped around SIP for security), RTP (Real-time protocol)
__ checks a system’s patches, antivirus and local firewall. If the client passes, access is granted, otherwise it is placed on an isolated VLAN where patches and antivirus updates may be provided.
NAC (Network Access Control). It builds on top of 802.1X.
__ communications is where data is just sent with no need for start and stop bits. It is more efficient since there is no overhead (start/stop bits) but trasmitting and receiving stations need to be synchronized.
Synchronous
__ communications is where data is sent by changes in levels of voltage or current in a sequential fashion. There are start and stop sequence bits.
Asynchronous
__ DSL has the same upload and download rates.
SDSL (symmetric)
__ DSL is higher download than upload. __ is much higher download than upload rates.
ADSL (Asymmetric), VDSL (very-high-data-rate)
__ DSL is used to provide the last mile of T1 service and uses two copper twisted pairs.
HDSL (high-rate)
__ extends Fibre channel to Ethernet networks.
FCoE (Fibre Channel over Ethernet) since FC was designed for high-performance directly attached storage.
__ integration is a common and phased approach for VoIP. The more long-term solution is __ integration.
PSTN PBX/VoIP integration: combines traditional and VoIP networks
IP PBX/PSTN integration:users must use VoIP phones, IP PBX is a soft-switch that routes calls
__ is a helpful network path troubleshooting tool that shows each of the nodes from a local machine to a destination.
traceroute, part of ICMP and built on ping
__ is a layer 2 error correction for serial connections.
HDLC (High-Level Data Link Control)
__ is a layer 2 polling method for serial connections
SDLC (Synchronous Data Link Control)
__ is a simple, weak authentication mechanism that sends the password in plaintext. This can be mitigated by sending a hash of the password but this is still vulnerable to a replay attack.
PAP (Password Authentication Protocol)
__ is a TCP-based logon system with robust AAA, which is why Diameter came out.
TACACS (Terminal Access Controller Access Control System)
__ is a UDP-based logon system mostly focused on authentication and doesn’t focus much on authorization and accounting.
RADIUS (Remote Authentication Dial In User Service)
__ is a vast improvement over WEP, requires NIC replacement and AP replacement or firmware upgrade (AES-CCMP).
WPA2
__ is an authentication mechanism that uses challenge/response authentication and is not vulnerable to a replay attack.
CHAP (Challenge-Handshake Authentication Protocol). It should be used instead of PAP wherever possible.
__ is an authentication mechanism, an extension to PPP and supports a variety of authentication protocols.
EAP (Extensible Authentication Protocol
__ is an IETF standard (RFC 2401) for establishing encrypted communication between users and devices. It offers sophisticated replay attack prevention and was issued as an open standard thus promoting multivendor interoperability.
IPsec VPN
__ is an improved version of RADIUS which focuses on all three areas of AAA.
Diameter
__ is an improvement over WEP (Wired Equivalent Privacy) and compatible with WEP hardware (TKIP).
WPA (Wi-Fi Protected Access)
__ is built on ping and used to plot the path a packet took through the network.
traceroute, part of ICMP and built on ping
__ is layer 2 network level authentication to authenticate a device, using MAC addresses (can be spoofed) and/or certificates.
802.1X. Using both would be ideal.
__ is used to find whether a given Internet host is reachable or not.
Ping, part of ICMP
__ layer convers bits into electrical signals or light impulses for transmission.
Physical Layer 1
__ of the OSI model connects the physical part of the network with the abstract part?
Data link layer 2
__ offers SCSI disk access via TCP/IP and is routed via IP.
iSCSI (Internet Small Computer System Interface)
__ or __ which are forms of __ should be used for wireless networks where we should have mutual authentication. Otherwise if just using CHAP, the server authenticates the client but the client does not authenticate the server.
LEAP (Lightweight Extensible Authentication Protocol or PEAP (Protected Extensible Authentication Protocol), forms of EAP
__ topology (layer 1) describes how systems are connected together e.g. bus ring, star.
Physical topology (layer 1)
__ VPN is also known as Transport Mode.
Client-to-site VPN: provide remote access from a remote client such as a traveling sales rep or telecommuting employee.
__ VPN is also known as Tunnel Mode.
Site-to-site VPN: provide connectivity to networks such as headquarters and a remote office. Gateway devices are located in front of both networks.
__, given a MAC address, will find out what the corresponding IP address is.
RARP (Reverse Address Resolution Protocol)
__, given an IP address, will find out what the corresponding MAC address is.
ARP (Address Resolution Protocol), so computer can determine the next hop
105.255.255.255 is a Class __ __ broadcast address.
Class A directed broadcast
150.5.255.255 is a Class __ __ broadcast address.
Class B directed broadcast
802.11 supports which frequencies and speeds?
BAGN: 11,54,54,144+Mbps. 2.4,5,2.4,2.4/5
802.11 supports which two physical layers?
IR: Infrared, requires line of sight
RF (Radio Frequency): FHSS (Frequency Hopping Spread Spectrum; police on CB radios used to hop to different frequencies every 10 seconds so that’s all you could hear), DSSS (Direct Sequence Spread Spectrum, if you have small channels break up data into pieces and transfer in lots of small chunks)
A __ broadcast goes to every system on the LAN
limited broadcast. Will not get routed to any other networks
A __ broadcast is where the entire address is set to all 1’s or 255.255.255.255.
limited broadcast
A __ broadcast is where the host portion is set to all 1’s
directed broadcast
A __ broadcast would be routed to every computer on the destination network.
directed broadcast
A __ determines the path a packet will take.
IP address
A __ firewall operates at layer 3.
packet filtering
A __ firewall operates at layer 4.
stateful filtering
A __ identifies a device by vendor code (first 3 bytes) and a unique identifier (last 3 bytes).
MAC address
A __ is a layer 3 device that connects two different networks together and moves packets between networks.
Router
A __ is a mapping of FCoE over the network.
vSAN
A __ is a path through intermediate devices and bridges where there are multiple physical connections but virtually makes a single connection.
VC (Virtual Circuit)
A __ is a physical topology that is not very scalable or fault tolerant since a single wire connects all of them together. If one goes down they all do.
bus. legacy Ethernet uses a bus
A __ is a router (inline device connecting two devices together) with a filtering capability (ruleset)
firewall
A __ is a single broadcast domain and defines LANs logically.
VLAN
A __ is always at layer 1 of the OSI model.
Bit
A __ is always at layer 2 of the OSI model.
Frame e.g. an Ethernet Frame
A __ is always at layer 4 of the OSI model.
Segment
A __ is information at layer 3 of the OSI model.
Packet
A __ is like a bus where you connect the two endpoints together
ring
A __ is often used to connect multiple bus networks.
tree
A __ is the most common physical topology. It is very fault tolerant since there are multiple paths, scalable since easy to add more connections without interrupting others and easy to troulbeshoot.
star
A __ is used to directly connect two similar devices (e.g. two computers, two switches, etc), otherwise there will be constant collisions.
crossover
A __ is used to get to the next hop.
MAC address
A __ is where two locations may be 20 miles apart which is good for a very local disaster (building fire). A __ is where two locations may be 200 miles apart which is best for large scale disasters.
MAN: Metropolitan Area Network, WAN: Wide Area network
A __ line is great because it is reserved for use however when not in use you’re paying for bandwidth no one is utilizing. A __ line means you don’t need to know bandwith.
Dedicated line, leased line
A __ NAT formally referred to as PAT.
Many to one NAT aka PAT (Port address translation)
A __ NAT is a set of public addresses that are mapped and is not as scalable today since computers have many connections.
pool NAT
A __ operates at layer 2 and can connect multiple LANs. It is useful in breaking up a large LAN into smaller LANs.
bridge
A __ provides block-level network file system access and is equivalent to directly attached storage (such as an IDE, SATA or SCSI drive) via a network.
SAN (Storage Area Network)
A __ provides file and directory access via Ethernet but there is no direct access to blocks or clusters.
NAS (Network Attached Storage)
A __ virtual circuit is better for small data transfers or infrequent transfers. A __ virtual circuit is better for large or frequent data transfers.
SVC (Switched Virtual Circuit), PVC (Permanent Virtual Circuit, permanently keeps connection up rather than constantly creating and tearing down connections like SVC)
A bridge is a layer __ device that breaks up an Ethernet domain into two different collission domains to increase performance.
Data link layer 2
A computer will only use DNS if a __ is not present
static host file. Every OS supports a static host file which is where the computer goes first to translate a domain to IP address.
A firewall without a ruleset, a firewall with an any-any ruleset, or a firewall with a default allow is a __.
Router
A hub operates at layer __.
Physical layer 1 since it is just re-transmitting raw data.
A layer __ switch can do load balancing because it is __ aware.
Layer 7, Application-aware
A MAC address operates at layer __.
layer 2
A modulator/demodulator that converts digital signals to analog signals, transmits over conventional telephone lines and then converts analog back to digital signals.
modem
A packet filtering firewall operates at layer __.
3
A proxy firewall or next gen firewall operates at layer __.
7
A stateful firewall operates at layer __.
4
A switch is a layer __ device that acts like a hub except that it probes each system and stores it’s MAC address so it can send communications directly from one computer to another which increases performance and security.
Layer 2
A type of network that could be used by an electrical company to read meters at multiple locations in a small area without going to each location.
NAN (Neighborhood Area Network) e.g. so don’t have to worry about dogs/guns when he reads the meter at a house.
All DSL requires a __ in the neighborhood.
POP (Point of Presence)
An __ is connecting from your organization to only another organization (e.g. via T1, MPLS, VPN). What can be a problem with this?
Extranet. Your security is only as good as the other organization’s security e.g. Target’s extranet with HVAC vendor is how the adversary go to their POS systems.
An example of a distance vector routing protocol where hop count is used as the metric is __
RIP (Routing Information Protocol)
An example of a link state routing protocol which is not subject to routing loops, is more efficient, uses multiple parameters to determine the best route and only sends an update if there’s a change is __
OSPF (Open Shortest Path First)
An IPv6 is __ bits or __ bytes.
128-bit or 16 bytes
An unmanaged switch has no __ capability while a managed switch does. Both are layer __.
VLAN, Layer 2
Any time you enter in a domain name you need to do a __ before you get to layer 3 in the protocol stack, otherwise you won’t get the IP so you won’t get routing.
forward lookup or gethostbyname
As you go down a stack you __ a header. As you go up the stack you __ a header.
Add,Remove e.g. layer 1 processes layer 1 and then takes the header off and passes it up to layer 2
ATM is designed for high speed networks sending small amounts of information, using 48 byte box plus 5 byte header so it’s very optimized and minimal chance of collisions. It uses layers __ and __.
Layers 2 & 3
Autoconfiguration embeds the __ byte __ address into the __ portion of IPv6.
6 byte MAC address into the host portion of IPv6
Client-to-site VPN which provides access from a remote client such as a traveling sales rep or telecommuting employee is also known as __.
Transport Mode
Common __ solutions are iSCSI, Fibre Channel and FCoE.
SAN
Convert the nibble 1101 to decimal.
- Write each digit separate 1 1 0 1. Label number from right to left 0,1,2,3. Then put base (in this case 2) on bottom left of those numbers, multiply down, add across. ‘Binary,Hex to Decimal conversion - Drawing 4A’
CSMA with __ is a one way link and not typically used. CSMA with __ is typically used and is where the computer monitors the line to see if another computer is transmitting, if not the computer transmits.
CSMA/CA (collision avoidance), CSMA/CD (collision detection)
Draw the OSI and TCP/IP models
OSI vs TCP-IP - Domain 4 pg 15’ Also add hub/repeater, switch/bridge, router, firewall so I know the layers for those
Ethernet is a baseband or shared media where data is transmitted using __
CSMA/CD
Ethernet, ATM (Asynchronous Transfer Mode), HDLC (High-level data link control), ISDN (Integrated Services Digital Network) and X.25 and examples of __ which are the rules for sending signals to each other.
Logical topology
Even though networks are packet-based this OSI layer sets up a virtual session to make it look like we’re on a circuit-switched network.
Layer 5 Session
Every single piece of information must have a readable unencrypted __ which routers use to determine the path.
IP header. This is why the IP protocol is often called the workhorse of the internet
Examples of leased lines in the US are __ and in Europe are __.
T’s e.g. T1, T3 vs E’s in Europe e.g. E1, E3
Explain the 3 way handshake
A synchronizes with B (1), B acknowledges (2), B synchronizes with A (3), A acknowledges. Syn (1), Syn/Ack (2,3), Ack (4). So it’s a 4 step process but since Steps 2 & 3 are done over one packet it’s a three-way handshake. ‘3 way handshake - drawing 4C’
For IPsec VPN you would primarily want to use __ for confidentiality.
ESP (Encapsulating Security Payload): protects the payload only; provides confidentiality
For IPsec VPN you would primarily want to use __ for integrity and authentication.
AH (Authentication Header): protects entire packet including headers; provides authentication and integrity but no confidentiality. AH used for internal tunnels.
For LAN transmission methods, a __ is one-to-one, a __ is one-to-many but not all, a __ is one-to-all.
Unicast, Multicast (Multi=Many), Broadcast
For TCP every single packet has __ bytes more than UDP.
12 bytes. TCP header is 20 bytes, UDP has 8 bytes.
gethostbyaddr is also known as __.
reverse lookup
gethostbyname is also known as __.
forward lookup
How do we uniquely identify a connection?
Socket pair which consists of the source/destination IPs and ports.
How does the Network layer know which protocol at layer 4 to hand off to?
That’s the 9th byte (protocol field) in the IP header.
How many more bytes does IPv4 use for overhead than IPv6?
4 bytes since IPv6 header has 8 bytes overhead as opposed to 12 for IPv4. ‘IPv4 vs IPv6 header overhead - Drawing 4B’
Hubs and switches connect computers together to create a network. __ connect hubs and switches together to move packets between those networks.
Routers
ICMP is a layer __ protocol.
Layer 3 Network
If an attacker wants to bypass DNS completely, she can modify the __.
host table aka static host file
If an organization is using wireless and wants mutual authentication, which could be used?
LEAP (Lightweight Extensible Authentication Protocol or PEAP (Protected Extensible Authentication Protocol), EAP
If the sender compresses the data prior to transmission the __ layer on the receiving end would have to decompress it before the receiver could use it.
Presentation Layer 6
If you add security directly into the protocol stack, it would be the __ layer in OSI.
Presentation Layer 6
If you are running a sniffer in a switch, which traffic will you see, if any?
Anything coming from your computer, anything going to your computer and any broadcast traffic. It is INCORRECT to say that you will not see any traffic.
__ topology e.g. Ethernet, ATM defines the rules of communication across the __ topology.
Logical topology (layer 2), Physical topology (layer 1)
__ applies labels to packets, is commonly used to privately control international networks and is much cheaper than dedicated lines.
MPLS (Multi Protocol Label Switching)
__ are asynchronous devices that provide dial-in and dial-out connections.
Access servers
__ are distributed series of caching web servers, designed to improve performance and availability by bring data closer to the end user.
CDN (Content Distribution Network)
__ are the signaling protocols and __ is the packetization of your voice.
SIP and H.323 (which is wrapped around SIP for security), RTP (Real-time protocol)
__ checks a system’s patches, antivirus and local firewall. If the client passes, access is granted, otherwise it is placed on an isolated VLAN where patches and antivirus updates may be provided.
NAC (Network Access Control). It builds on top of 802.1X.
__ communications is where data is just sent with no need for start and stop bits. It is more efficient since there is no overhead (start/stop bits) but trasmitting and receiving stations need to be synchronized.
Synchronous
__ communications is where data is sent by changes in levels of voltage or current in a sequential fashion. There are start and stop sequence bits.
Asynchronous
__ DSL has the same upload and download rates.
SDSL (symmetric)
__ DSL is higher download than upload. __ is much higher download than upload rates.
ADSL (Asymmetric), VDSL (very-high-data-rate)
__ DSL is used to provide the last mile of T1 service and uses two copper twisted pairs.
HDSL (high-rate)
__ extends Fibre channel to Ethernet networks.
FCoE (Fibre Channel over Ethernet) since FC was designed for high-performance directly attached storage.
__ integration is a common and phased approach for VoIP. The more long-term solution is __ integration.
PSTN PBX/VoIP integration: combines traditional and VoIP networks
IP PBX/PSTN integration:users must use VoIP phones, IP PBX is a soft-switch that routes calls
__ is a helpful network path troubleshooting tool that shows each of the nodes from a local machine to a destination.
traceroute, part of ICMP and built on ping
__ is a layer 2 error correction for serial connections.
HDLC (High-Level Data Link Control)
__ is a layer 2 polling method for serial connections
SDLC (Synchronous Data Link Control)
__ is a simple, weak authentication mechanism that sends the password in plaintext. This can be mitigated by sending a hash of the password but this is still vulnerable to a replay attack.
PAP (Password Authentication Protocol)
__ is a TCP-based logon system with robust AAA, which is why Diameter came out.
TACACS (Terminal Access Controller Access Control System)
__ is a UDP-based logon system mostly focused on authentication and doesn’t focus much on authorization and accounting.
RADIUS (Remote Authentication Dial In User Service)
__ is a vast improvement over WEP, requires NIC replacement and AP replacement or firmware upgrade (AES-CCMP).
WPA2
__ is an authentication mechanism that uses challenge/response authentication and is not vulnerable to a replay attack.
CHAP (Challenge-Handshake Authentication Protocol). It should be used instead of PAP wherever possible.
__ is an authentication mechanism, an extension to PPP and supports a variety of authentication protocols.
EAP (Extensible Authentication Protocol
__ is an IETF standard (RFC 2401) for establishing encrypted communication between users and devices. It offers sophisticated replay attack prevention and was issued as an open standard thus promoting multivendor interoperability.
IPsec VPN
__ is an improved version of RADIUS which focuses on all three areas of AAA.
Diameter
__ is an improvement over WEP (Wired Equivalent Privacy) and compatible with WEP hardware (TKIP).
WPA (Wi-Fi Protected Access)
__ is built on ping and used to plot the path a packet took through the network.
traceroute, part of ICMP and built on ping
__ is layer 2 network level authentication to authenticate a device, using MAC addresses (can be spoofed) and/or certificates.
802.1X. Using both would be ideal.
__ is used to find whether a given Internet host is reachable or not.
Ping, part of ICMP
__ layer convers bits into electrical signals or light impulses for transmission.
Physical Layer 1
__ of the OSI model connects the physical part of the network with the abstract part?
Data link layer 2
__ offers SCSI disk access via TCP/IP and is routed via IP.
iSCSI (Internet Small Computer System Interface)
__ or __ which are forms of __ should be used for wireless networks where we should have mutual authentication. Otherwise if just using CHAP, the server authenticates the client but the client does not authenticate the server.
LEAP (Lightweight Extensible Authentication Protocol or PEAP (Protected Extensible Authentication Protocol), forms of EAP
__ topology (layer 1) describes how systems are connected together e.g. bus ring, star.
Physical topology (layer 1)
__ VPN is also known as Transport Mode.
Client-to-site VPN: provide remote access from a remote client such as a traveling sales rep or telecommuting employee.
__ VPN is also known as Tunnel Mode.
Site-to-site VPN: provide connectivity to networks such as headquarters and a remote office. Gateway devices are located in front of both networks.
__, given a MAC address, will find out what the corresponding IP address is.
RARP (Reverse Address Resolution Protocol)
__, given an IP address, will find out what the corresponding MAC address is.
ARP (Address Resolution Protocol), so computer can determine the next hop
105.255.255.255 is a Class __ __ broadcast address.
Class A directed broadcast
150.5.255.255 is a Class __ __ broadcast address.
Class B directed broadcast
802.11 supports which frequencies and speeds?
BAGN: 11,54,54,144+Mbps. 2.4,5,2.4,2.4/5
802.11 supports which two physical layers?
IR: Infrared, requires line of sight
RF (Radio Frequency): FHSS (Frequency Hopping Spread Spectrum; police on CB radios used to hop to different frequencies every 10 seconds so that’s all you could hear), DSSS (Direct Sequence Spread Spectrum, if you have small channels break up data into pieces and transfer in lots of small chunks)
A __ broadcast goes to every system on the LAN
limited broadcast. Will not get routed to any other networks
A __ broadcast is where the entire address is set to all 1’s or 255.255.255.255.
limited broadcast
A __ broadcast is where the host portion is set to all 1’s
directed broadcast
A __ broadcast would be routed to every computer on the destination network.
directed broadcast
A __ determines the path a packet will take.
IP address
A __ firewall operates at layer 3.
packet filtering
A __ firewall operates at layer 4.
stateful filtering
A __ identifies a device by vendor code (first 3 bytes) and a unique identifier (last 3 bytes).
MAC address
A __ is a layer 3 device that connects two different networks together and moves packets between networks.
Router
A __ is a mapping of FCoE over the network.
vSAN
A __ is a path through intermediate devices and bridges where there are multiple physical connections but virtually makes a single connection.
VC (Virtual Circuit)
A __ is a physical topology that is not very scalable or fault tolerant since a single wire connects all of them together. If one goes down they all do.
bus. legacy Ethernet uses a bus
A __ is a router (inline device connecting two devices together) with a filtering capability (ruleset)
firewall
A __ is a single broadcast domain and defines LANs logically.
VLAN
A __ is always at layer 1 of the OSI model.
Bit
A __ is always at layer 2 of the OSI model.
Frame e.g. an Ethernet Frame
A __ is always at layer 4 of the OSI model.
Segment
A __ is information at layer 3 of the OSI model.
Packet
A __ is like a bus where you connect the two endpoints together
ring
A __ is often used to connect multiple bus networks.
tree
A __ is the most common physical topology. It is very fault tolerant since there are multiple paths, scalable since easy to add more connections without interrupting others and easy to troulbeshoot.
star
A __ is used to directly connect two similar devices (e.g. two computers, two switches, etc), otherwise there will be constant collisions.
crossover
A __ is used to get to the next hop.
MAC address
A __ is where two locations may be 20 miles apart which is good for a very local disaster (building fire). A __ is where two locations may be 200 miles apart which is best for large scale disasters.
MAN: Metropolitan Area Network, WAN: Wide Area network
A __ line is great because it is reserved for use however when not in use you’re paying for bandwidth no one is utilizing. A __ line means you don’t need to know bandwith.
Dedicated line, leased line
A __ NAT formally referred to as PAT.
Many to one NAT aka PAT (Port address translation)
A __ NAT is a set of public addresses that are mapped and is not as scalable today since computers have many connections.
pool NAT
A __ operates at layer 2 and can connect multiple LANs. It is useful in breaking up a large LAN into smaller LANs.
bridge
A __ provides block-level network file system access and is equivalent to directly attached storage (such as an IDE, SATA or SCSI drive) via a network.
SAN (Storage Area Network)
A __ provides file and directory access via Ethernet but there is no direct access to blocks or clusters.
NAS (Network Attached Storage)
A __ virtual circuit is better for small data transfers or infrequent transfers. A __ virtual circuit is better for large or frequent data transfers.
SVC (Switched Virtual Circuit), PVC (Permanent Virtual Circuit, permanently keeps connection up rather than constantly creating and tearing down connections like SVC)
A bridge is a layer __ device that breaks up an Ethernet domain into two different collission domains to increase performance.
Data link layer 2
A computer will only use DNS if a __ is not present
static host file. Every OS supports a static host file which is where the computer goes first to translate a domain to IP address.
A firewall without a ruleset, a firewall with an any-any ruleset, or a firewall with a default allow is a __.
Router
A hub operates at layer __.
Physical layer 1 since it is just re-transmitting raw data.
A layer __ switch can do load balancing because it is __ aware.
Layer 7, Application-aware
A MAC address operates at layer __.
layer 2
A modulator/demodulator that converts digital signals to analog signals, transmits over conventional telephone lines and then converts analog back to digital signals.
modem
A packet filtering firewall operates at layer __.
3
A proxy firewall or next gen firewall operates at layer __.
7
A stateful firewall operates at layer __.
4
A switch is a layer __ device that acts like a hub except that it probes each system and stores it’s MAC address so it can send communications directly from one computer to another which increases performance and security.
Layer 2
A type of network that could be used by an electrical company to read meters at multiple locations in a small area without going to each location.
NAN (Neighborhood Area Network) e.g. so don’t have to worry about dogs/guns when he reads the meter at a house.
All DSL requires a __ in the neighborhood.
POP (Point of Presence)
An __ is connecting from your organization to only another organization (e.g. via T1, MPLS, VPN). What can be a problem with this?
Extranet. Your security is only as good as the other organization’s security e.g. Target’s extranet with HVAC vendor is how the adversary go to their POS systems.
An example of a distance vector routing protocol where hop count is used as the metric is __
RIP (Routing Information Protocol)
An example of a link state routing protocol which is not subject to routing loops, is more efficient, uses multiple parameters to determine the best route and only sends an update if there’s a change is __
OSPF (Open Shortest Path First)
An IPv6 is __ bits or __ bytes.
128-bit or 16 bytes
An unmanaged switch has no __ capability while a managed switch does. Both are layer __.
VLAN, Layer 2
Any time you enter in a domain name you need to do a __ before you get to layer 3 in the protocol stack, otherwise you won’t get the IP so you won’t get routing.
forward lookup or gethostbyname
As you go down a stack you __ a header. As you go up the stack you __ a header.
Add,Remove e.g. layer 1 processes layer 1 and then takes the header off and passes it up to layer 2
ATM is designed for high speed networks sending small amounts of information, using 48 byte box plus 5 byte header so it’s very optimized and minimal chance of collisions. It uses layers __ and __.
Layers 2 & 3
Autoconfiguration embeds the __ byte __ address into the __ portion of IPv6.
6 byte MAC address into the host portion of IPv6
Client-to-site VPN which provides access from a remote client such as a traveling sales rep or telecommuting employee is also known as __.
Transport Mode
Common __ solutions are iSCSI, Fibre Channel and FCoE.
SAN
Convert the nibble 1101 to decimal.
- Write each digit separate 1 1 0 1. Label number from right to left 0,1,2,3. Then put base (in this case 2) on bottom left of those numbers, multiply down, add across. ‘Binary,Hex to Decimal conversion - Drawing 4A’
CSMA with __ is a one way link and not typically used. CSMA with __ is typically used and is where the computer monitors the line to see if another computer is transmitting, if not the computer transmits.
CSMA/CA (collision avoidance), CSMA/CD (collision detection)
Draw the OSI and TCP/IP models
OSI vs TCP-IP - Domain 4 pg 15’ Also add hub/repeater, switch/bridge, router, firewall so I know the layers for those
Ethernet is a baseband or shared media where data is transmitted using __
CSMA/CD
Ethernet, ATM (Asynchronous Transfer Mode), HDLC (High-level data link control), ISDN (Integrated Services Digital Network) and X.25 and examples of __ which are the rules for sending signals to each other.
Logical topology
Even though networks are packet-based this OSI layer sets up a virtual session to make it look like we’re on a circuit-switched network.
Layer 5 Session
Every single piece of information must have a readable unencrypted __ which routers use to determine the path.
IP header. This is why the IP protocol is often called the workhorse of the internet
Examples of leased lines in the US are __ and in Europe are __.
T’s e.g. T1, T3 vs E’s in Europe e.g. E1, E3
Explain the 3 way handshake
A synchronizes with B (1), B acknowledges (2), B synchronizes with A (3), A acknowledges. Syn (1), Syn/Ack (2,3), Ack (4). So it’s a 4 step process but since Steps 2 & 3 are done over one packet it’s a three-way handshake. ‘3 way handshake - drawing 4C’
For IPsec VPN you would primarily want to use __ for confidentiality.
ESP (Encapsulating Security Payload): protects the payload only; provides confidentiality
For IPsec VPN you would primarily want to use __ for integrity and authentication.
AH (Authentication Header): protects entire packet including headers; provides authentication and integrity but no confidentiality. AH used for internal tunnels.
For LAN transmission methods, a __ is one-to-one, a __ is one-to-many but not all, a __ is one-to-all.
Unicast, Multicast (Multi=Many), Broadcast
For TCP every single packet has __ bytes more than UDP.
12 bytes. TCP header is 20 bytes, UDP has 8 bytes.
gethostbyaddr is also known as __.
reverse lookup
gethostbyname is also known as __.
forward lookup
How do we uniquely identify a connection?
Socket pair which consists of the source/destination IPs and ports.
How does the Network layer know which protocol at layer 4 to hand off to?
That’s the 9th byte (protocol field) in the IP header.
How many more bytes does IPv4 use for overhead than IPv6?
4 bytes since IPv6 header has 8 bytes overhead as opposed to 12 for IPv4. ‘IPv4 vs IPv6 header overhead - Drawing 4B’
Hubs and switches connect computers together to create a network. __ connect hubs and switches together to move packets between those networks.
Routers
ICMP is a layer __ protocol.
Layer 3 Network
If an attacker wants to bypass DNS completely, she can modify the __.
host table aka static host file
If an organization is using wireless and wants mutual authentication, which could be used?
LEAP (Lightweight Extensible Authentication Protocol or PEAP (Protected Extensible Authentication Protocol), EAP
If the sender compresses the data prior to transmission the __ layer on the receiving end would have to decompress it before the receiver could use it.
Presentation Layer 6
If you add security directly into the protocol stack, it would be the __ layer in OSI.
Presentation Layer 6
If you are running a sniffer in a switch, which traffic will you see, if any?
Anything coming from your computer, anything going to your computer and any broadcast traffic. It is INCORRECT to say that you will not see any traffic.
__ topology e.g. Ethernet, ATM defines the rules of communication across the __ topology.
Logical topology (layer 2), Physical topology (layer 1)
__ applies labels to packets, is commonly used to privately control international networks and is much cheaper than dedicated lines.
MPLS (Multi Protocol Label Switching)
__ are asynchronous devices that provide dial-in and dial-out connections.
Access servers
__ are distributed series of caching web servers, designed to improve performance and availability by bring data closer to the end user.
CDN (Content Distribution Network)
__ are the signaling protocols and __ is the packetization of your voice.
SIP and H.323 (which is wrapped around SIP for security), RTP (Real-time protocol)
__ checks a system’s patches, antivirus and local firewall. If the client passes, access is granted, otherwise it is placed on an isolated VLAN where patches and antivirus updates may be provided.
NAC (Network Access Control). It builds on top of 802.1X.
__ communications is where data is just sent with no need for start and stop bits. It is more efficient since there is no overhead (start/stop bits) but trasmitting and receiving stations need to be synchronized.
Synchronous
__ communications is where data is sent by changes in levels of voltage or current in a sequential fashion. There are start and stop sequence bits.
Asynchronous
__ DSL has the same upload and download rates.
SDSL (symmetric)
__ DSL is higher download than upload. __ is much higher download than upload rates.
ADSL (Asymmetric), VDSL (very-high-data-rate)
__ DSL is used to provide the last mile of T1 service and uses two copper twisted pairs.
HDSL (high-rate)
__ extends Fibre channel to Ethernet networks.
FCoE (Fibre Channel over Ethernet) since FC was designed for high-performance directly attached storage.
__ integration is a common and phased approach for VoIP. The more long-term solution is __ integration.
PSTN PBX/VoIP integration: combines traditional and VoIP networks
IP PBX/PSTN integration:users must use VoIP phones, IP PBX is a soft-switch that routes calls
__ is a helpful network path troubleshooting tool that shows each of the nodes from a local machine to a destination.
traceroute, part of ICMP and built on ping
__ is a layer 2 error correction for serial connections.
HDLC (High-Level Data Link Control)
__ is a layer 2 polling method for serial connections
SDLC (Synchronous Data Link Control)
__ is a simple, weak authentication mechanism that sends the password in plaintext. This can be mitigated by sending a hash of the password but this is still vulnerable to a replay attack.
PAP (Password Authentication Protocol)
__ is a TCP-based logon system with robust AAA, which is why Diameter came out.
TACACS (Terminal Access Controller Access Control System)
__ is a UDP-based logon system mostly focused on authentication and doesn’t focus much on authorization and accounting.
RADIUS (Remote Authentication Dial In User Service)
__ is a vast improvement over WEP, requires NIC replacement and AP replacement or firmware upgrade (AES-CCMP).
WPA2
__ is an authentication mechanism that uses challenge/response authentication and is not vulnerable to a replay attack.
CHAP (Challenge-Handshake Authentication Protocol). It should be used instead of PAP wherever possible.
__ is an authentication mechanism, an extension to PPP and supports a variety of authentication protocols.
EAP (Extensible Authentication Protocol
__ is an IETF standard (RFC 2401) for establishing encrypted communication between users and devices. It offers sophisticated replay attack prevention and was issued as an open standard thus promoting multivendor interoperability.
IPsec VPN
__ is an improved version of RADIUS which focuses on all three areas of AAA.
Diameter
__ is an improvement over WEP (Wired Equivalent Privacy) and compatible with WEP hardware (TKIP).
WPA (Wi-Fi Protected Access)
__ is built on ping and used to plot the path a packet took through the network.
traceroute, part of ICMP and built on ping
__ is layer 2 network level authentication to authenticate a device, using MAC addresses (can be spoofed) and/or certificates.
802.1X. Using both would be ideal.
__ is used to find whether a given Internet host is reachable or not.
Ping, part of ICMP
__ layer convers bits into electrical signals or light impulses for transmission.
Physical Layer 1
__ of the OSI model connects the physical part of the network with the abstract part?
Data link layer 2
__ offers SCSI disk access via TCP/IP and is routed via IP.
iSCSI (Internet Small Computer System Interface)
__ or __ which are forms of __ should be used for wireless networks where we should have mutual authentication. Otherwise if just using CHAP, the server authenticates the client but the client does not authenticate the server.
LEAP (Lightweight Extensible Authentication Protocol or PEAP (Protected Extensible Authentication Protocol), forms of EAP
__ topology (layer 1) describes how systems are connected together e.g. bus ring, star.
Physical topology (layer 1)
__ VPN is also known as Transport Mode.
Client-to-site VPN: provide remote access from a remote client such as a traveling sales rep or telecommuting employee.
__ VPN is also known as Tunnel Mode.
Site-to-site VPN: provide connectivity to networks such as headquarters and a remote office. Gateway devices are located in front of both networks.
__, given a MAC address, will find out what the corresponding IP address is.
RARP (Reverse Address Resolution Protocol)
__, given an IP address, will find out what the corresponding MAC address is.
ARP (Address Resolution Protocol), so computer can determine the next hop
105.255.255.255 is a Class __ __ broadcast address.
Class A directed broadcast
150.5.255.255 is a Class __ __ broadcast address.
Class B directed broadcast
802.11 supports which frequencies and speeds?
BAGN: 11,54,54,144+Mbps. 2.4,5,2.4,2.4/5
802.11 supports which two physical layers?
IR: Infrared, requires line of sight
RF (Radio Frequency): FHSS (Frequency Hopping Spread Spectrum; police on CB radios used to hop to different frequencies every 10 seconds so that’s all you could hear), DSSS (Direct Sequence Spread Spectrum, if you have small channels break up data into pieces and transfer in lots of small chunks)
A __ broadcast goes to every system on the LAN
limited broadcast. Will not get routed to any other networks
A __ broadcast is where the entire address is set to all 1’s or 255.255.255.255.
limited broadcast
A __ broadcast is where the host portion is set to all 1’s
directed broadcast
A __ broadcast would be routed to every computer on the destination network.
directed broadcast
A __ determines the path a packet will take.
IP address
A __ firewall operates at layer 3.
packet filtering
A __ firewall operates at layer 4.
stateful filtering
A __ identifies a device by vendor code (first 3 bytes) and a unique identifier (last 3 bytes).
MAC address
A __ is a layer 3 device that connects two different networks together and moves packets between networks.
Router
A __ is a mapping of FCoE over the network.
vSAN
A __ is a path through intermediate devices and bridges where there are multiple physical connections but virtually makes a single connection.
VC (Virtual Circuit)
A __ is a physical topology that is not very scalable or fault tolerant since a single wire connects all of them together. If one goes down they all do.
bus. legacy Ethernet uses a bus
A __ is a router (inline device connecting two devices together) with a filtering capability (ruleset)
firewall
A __ is a single broadcast domain and defines LANs logically.
VLAN
A __ is always at layer 1 of the OSI model.
Bit
A __ is always at layer 2 of the OSI model.
Frame e.g. an Ethernet Frame
A __ is always at layer 4 of the OSI model.
Segment
A __ is information at layer 3 of the OSI model.
Packet
A __ is like a bus where you connect the two endpoints together
ring
A __ is often used to connect multiple bus networks.
tree
A __ is the most common physical topology. It is very fault tolerant since there are multiple paths, scalable since easy to add more connections without interrupting others and easy to troulbeshoot.
star
A __ is used to directly connect two similar devices (e.g. two computers, two switches, etc), otherwise there will be constant collisions.
crossover
A __ is used to get to the next hop.
MAC address
A __ is where two locations may be 20 miles apart which is good for a very local disaster (building fire). A __ is where two locations may be 200 miles apart which is best for large scale disasters.
MAN: Metropolitan Area Network, WAN: Wide Area network
A __ line is great because it is reserved for use however when not in use you’re paying for bandwidth no one is utilizing. A __ line means you don’t need to know bandwith.
Dedicated line, leased line
A __ NAT formally referred to as PAT.
Many to one NAT aka PAT (Port address translation)
A __ NAT is a set of public addresses that are mapped and is not as scalable today since computers have many connections.
pool NAT
A __ operates at layer 2 and can connect multiple LANs. It is useful in breaking up a large LAN into smaller LANs.
bridge
A __ provides block-level network file system access and is equivalent to directly attached storage (such as an IDE, SATA or SCSI drive) via a network.
SAN (Storage Area Network)
A __ provides file and directory access via Ethernet but there is no direct access to blocks or clusters.
NAS (Network Attached Storage)
A __ virtual circuit is better for small data transfers or infrequent transfers. A __ virtual circuit is better for large or frequent data transfers.
SVC (Switched Virtual Circuit), PVC (Permanent Virtual Circuit, permanently keeps connection up rather than constantly creating and tearing down connections like SVC)
A bridge is a layer __ device that breaks up an Ethernet domain into two different collission domains to increase performance.
Data link layer 2
A computer will only use DNS if a __ is not present
static host file. Every OS supports a static host file which is where the computer goes first to translate a domain to IP address.
A firewall without a ruleset, a firewall with an any-any ruleset, or a firewall with a default allow is a __.
Router
A hub operates at layer __.
Physical layer 1 since it is just re-transmitting raw data.
A layer __ switch can do load balancing because it is __ aware.
Layer 7, Application-aware
A MAC address operates at layer __.
layer 2
A modulator/demodulator that converts digital signals to analog signals, transmits over conventional telephone lines and then converts analog back to digital signals.
modem
A packet filtering firewall operates at layer __.
3
A proxy firewall or next gen firewall operates at layer __.
7
A stateful firewall operates at layer __.
4
A switch is a layer __ device that acts like a hub except that it probes each system and stores it’s MAC address so it can send communications directly from one computer to another which increases performance and security.
Layer 2
A type of network that could be used by an electrical company to read meters at multiple locations in a small area without going to each location.
NAN (Neighborhood Area Network) e.g. so don’t have to worry about dogs/guns when he reads the meter at a house.
All DSL requires a __ in the neighborhood.
POP (Point of Presence)
An __ is connecting from your organization to only another organization (e.g. via T1, MPLS, VPN). What can be a problem with this?
Extranet. Your security is only as good as the other organization’s security e.g. Target’s extranet with HVAC vendor is how the adversary go to their POS systems.
An example of a distance vector routing protocol where hop count is used as the metric is __
RIP (Routing Information Protocol)
An example of a link state routing protocol which is not subject to routing loops, is more efficient, uses multiple parameters to determine the best route and only sends an update if there’s a change is __
OSPF (Open Shortest Path First)
An IPv6 is __ bits or __ bytes.
128-bit or 16 bytes
An unmanaged switch has no __ capability while a managed switch does. Both are layer __.
VLAN, Layer 2
Any time you enter in a domain name you need to do a __ before you get to layer 3 in the protocol stack, otherwise you won’t get the IP so you won’t get routing.
forward lookup or gethostbyname
As you go down a stack you __ a header. As you go up the stack you __ a header.
Add,Remove e.g. layer 1 processes layer 1 and then takes the header off and passes it up to layer 2
ATM is designed for high speed networks sending small amounts of information, using 48 byte box plus 5 byte header so it’s very optimized and minimal chance of collisions. It uses layers __ and __.
Layers 2 & 3
Autoconfiguration embeds the __ byte __ address into the __ portion of IPv6.
6 byte MAC address into the host portion of IPv6
Client-to-site VPN which provides access from a remote client such as a traveling sales rep or telecommuting employee is also known as __.
Transport Mode
Common __ solutions are iSCSI, Fibre Channel and FCoE.
SAN
Convert the nibble 1101 to decimal.
- Write each digit separate 1 1 0 1. Label number from right to left 0,1,2,3. Then put base (in this case 2) on bottom left of those numbers, multiply down, add across. ‘Binary,Hex to Decimal conversion - Drawing 4A’
CSMA with __ is a one way link and not typically used. CSMA with __ is typically used and is where the computer monitors the line to see if another computer is transmitting, if not the computer transmits.
CSMA/CA (collision avoidance), CSMA/CD (collision detection)
Draw the OSI and TCP/IP models
OSI vs TCP-IP - Domain 4 pg 15’ Also add hub/repeater, switch/bridge, router, firewall so I know the layers for those
Ethernet is a baseband or shared media where data is transmitted using __
CSMA/CD
Ethernet, ATM (Asynchronous Transfer Mode), HDLC (High-level data link control), ISDN (Integrated Services Digital Network) and X.25 and examples of __ which are the rules for sending signals to each other.
Logical topology
Even though networks are packet-based this OSI layer sets up a virtual session to make it look like we’re on a circuit-switched network.
Layer 5 Session
Every single piece of information must have a readable unencrypted __ which routers use to determine the path.
IP header. This is why the IP protocol is often called the workhorse of the internet
Examples of leased lines in the US are __ and in Europe are __.
T’s e.g. T1, T3 vs E’s in Europe e.g. E1, E3
Explain the 3 way handshake
A synchronizes with B (1), B acknowledges (2), B synchronizes with A (3), A acknowledges. Syn (1), Syn/Ack (2,3), Ack (4). So it’s a 4 step process but since Steps 2 & 3 are done over one packet it’s a three-way handshake. ‘3 way handshake - drawing 4C’
For IPsec VPN you would primarily want to use __ for confidentiality.
ESP (Encapsulating Security Payload): protects the payload only; provides confidentiality
