Network Design

Question 1

OSI Model

Answer 1

Application
Presentation
Session
Transport
Network
Data Link
Physical

Question 2

Physical Layer

Answer 2

§ Represents the actual network cables and radio waves used to carry data over a network
§ Bits

Question 3

Data Link Layer

Answer 3

§ Describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC addresses)
§ Frames

Question 4

Network Layer

Answer 4

§ Uses logical address to route or switch information between hosts, the network, and the internetworks
§ Packets

Question 5

Transport Layer

Answer 5

§ Manages and ensures transmission of the packets occurs from a host to a destination using either TCP or UDP
§ Segments (TCP) or Datagrams (UDP)

Question 6

Session Layer

Answer 6

Manages the establishment, termination, and synchronization of a session over the network

Question 7

Presentation Layer

Answer 7

Translates the information into a format that the sender and receiver both understand

Question 8

Application Layer

Answer 8

§ Layer from which the message is created, formed, and originated
§ Consists of high-level protocols like HTTP, SMTP, and FTP

Question 9

MAC Flooding

Answer 9

§ Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port
§ Switches can fail-open when flooded and begin to act like a hub

Question 10

MAC Flooding

Answer 10

§ Attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port
§ Switches can fail-open when flooded and begin to act like a hub

Question 11

MAC Spoofing

Answer 11

Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device
MAC Spoofing is often combined with an ARP spoofing attack

Question 12

MAC Spoofing - Protection

Answer 12

§ Limit static MAC addresses accepted
§ Limit duration of time for ARP entry on hosts
§ Conduct ARP inspection

Question 13

Routers operate at OSI Layer

Answer 13

Routers operate at OSI Layer 3 (Network)

Question 14

Routers rely on a _______ to determine the proper

destination

Answer 14

Routers rely on a packet’s IP Addresses to determine the proper
destination

Question 15

De-Militarized Zone

Answer 15

A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports

Focused on providing controlled access to publicly available servers that are hosted within your organizational network

Question 16

Extranet

Answer 16

Specialized type of DMZ that is created for your partner organizations to access over a wide area network

Question 17

Bastion Hosts

Answer 17

§ Hosts or servers in the DMZ which are not configured with any services that run on the local network
§ To configure devices in the DMZ, a jumpbox is utilized

Question 18

Jumpbox

Answer 18

§ A hardened server that provides access to other hosts within the DMZ § An administrator connects to the jumpbox and the jumpbox
connects to hosts in the DMZ

Question 19

Network Access Control

Answer 19

§ Security technique in which devices are scanned to determine its current state prior to being allowed access onto a given network
§ If a device fails the inspection, it is placed into digital quarantine

Question 20

Persistent Agents

Network Access Control

Answer 20

A piece of software that is installed on the device requesting access to the network

Question 21

Non-Persistent Agents

Network Access Control

Answer 21

Uses a piece of software that scans the device remotely or is installed and subsequently removed after the scan

Question 22

_________ standard is used in port-based NAC

Answer 22

IEEE 802.1x standard is used in port-based NAC

Question 23

Switch Spoofing

Answer 23

Attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN

Question 24

Double Tagging

Answer 24

§ Attacker adds an additional VLAN tag to create an outer and inner tag
§ Prevent double tagging by moving all ports out of the default VLAN group

Question 25

Subnetting

Answer 25

§ Act of creating subnetworks logically through the manipulation of IP addresses
§ Efficient use of IP addresses
§ Reduced broadcast traffic
§ Reduced collisions
§ Compartmentalized

Question 26

VLANs Benefits

Answer 26

o Segment the network
o Reduce collisions
o Organize the network
o Boost performance
o Increase security

Question 27

Network Address Translation

Answer 27

§ Process of changing an IP address while it transits across a router
§ Using NAT can help us hide our network IPs

Question 28

Port Address Translation

Answer 28

Router keeps track of requests from internal hosts by assigning them random high number ports for each request

Question 29

Class A IP Range

Answer 29

10.0.0.0 to 10.255.255.255

Question 30

Class B IP Range

Answer 30

172.16.0.0 to 172.31.255.255

Question 31

Class C IP Range

Answer 31

192.168.0.0 to 192.168.255.255