Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP ISC2 2023 > Chapter 11 - Secure Network Architecture and Securing Network Components > Flashcards

Chapter 11 - Secure Network Architecture and Securing Network Components Flashcards

1
Q

Which OSI model layer manages communications in simplex, half-duplex, and full-duplex modes?

A

Session Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cable is the least resistant to EMI

A

10Base-T UTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which networking technology is based on the IEEE 802.3 standard?

A

Ethernet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following statement correctly describes one way SSL authentication between a client (e.g browser) and a server (e.g. webserver)?

A

In one way authentication only server needs to be authenticated where as in mutual authentication both the client and the server needs to be authenticated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Familiar with first bit of the IP address of different class of network

A

Each Class A network address has a 8-bit network prefix, with the first bit of the ipaddress set to zero. See the diagram below for more details.

The first bit of the IP address would be set to one and the second bit set to zero would be a Class B network address.

The first two bits of the IP address would be set to one, and the third bit set to zero, would be a Class C network address.
Class D & E have the first three bits set to 1.
Class D the 4th bit is 0 and for
Class E the 4th bit to 1.

See diagram below from the 3COM tutorial on everything you ever wanted to know about IP addressing:
https://www.freepracticetests.org/images/classful_IP_address_format.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

At which layer of the OSI model do sniffers operate?

A

Layer 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WPA2 features

A

WPA2 implements IEEE 802.11i standards, uses AES encryption and is currently comes in two versions:

WPA2 Personal: AKA PSK Pre-shared key (Password)

WPA2 Enterprise: Requires a RADIUS Authentication Server and supports multiple accounts for each user

Static keys was an unfortunate feature of WEP which was partly to blame for its relatively short lifespan and quick replacement by WPA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SRTP

A

SRTP - Secure Real-time Transport Protocol provides protection against sniffing and replay attacks but also provides message authentication and integrity. (VoIP)

SRTP uses AES - Advanced Encryption Standard as the default cipher.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Be familiar with IP protocol field number

A

The protocol field of the IP packet dictates what protocol the IP packet is using.
TCP=6, ICMP=1, UDP=17, IGMP=2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Popular protocol number for ssh, Kerberos,netbooks, leap, http s, secure ldap

A 
SSH - 22
Kerberos - 88
NetBIOS - 137
LDAP - 389
HTTPS - 443
Secure LDAP - 636
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

functionality of the CHAP protocol

A

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user’s password).
After the completion of the link establishment phase, the authenticator sends a “challenge” message to the peer.
The peer responds with a value calculated using a one-way hash function on the challenge and the secret combined.
The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

functionality of the CHAP protocol

A

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user’s password).
After the completion of the link establishment phase, the authenticator sends a “challenge” message to the peer.
The peer responds with a value calculated using a one-way hash function on the challenge and the secret combined.
The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

the only two parts of a packet which changes between sending host and the receiving host while in transit?

A

TTL - Time to Live. It’s that part of the IP Header that prevents packets from wandering around the internet forever looking for the destination. When a packet crosses a layer 3 routing device its TTL field (Byte Offset 8) is decremented by one and once that value reaches 0 a “TTL Expired in Transit” ICMP error message is sent back to the originator alerting it that the packet could not find its destination.

  1. MAC - Media Access Control Address: MAC Addresses are local only to the network you are on. The moment it hits the first router or switch the Source and Destination MAC Addresses change to the next hop in the path. This happens at each device it crosses. (See more about Ethernet.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How many bits are in the TTL Field of an IP Header?

A

In an IP Header in Byte Offset 8 there are 8 bits yielding 255 possible maximum hops before any packet expires.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the IPv6 equivalent of ARP?

A

With IPV6, ARP is known as Neighbor Discovery Protocol and is also a layer 2 protocol responsible for auto-configuration of nodes on a link and how they find and communication with one another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identify the OSI layer from the following description:

a. Responsible for Establishing the connection between applications
b. Maintain the connection during transfer of data
c. Control the release of connection

A

Session Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following layer of an OSI model ensures that messages are delivered error-free, in sequence, and with no losses or duplications?

A

Transport Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Message Switching

A

Message switching is a network switching technique in which data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network’s resources are engaged or the network becomes blocked, the message-switched network stores and delays the message until ample resources become available for effective transmission of the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. X.25 is a packet switching technology which uses carrier switch to provide connectivity for many different networks.

A

X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. X.25 is a packet switching technology which uses carrier switch to provide connectivity for many different networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ATM

A

Asynchronous Transfer Mode (ATM)
Uses Cell switching method
High speed network technology used for LAN, MAN and WAN
Like a frame relay it is connection oriented technology which creates and uses fixed channel
Data are segmented into fixed size cell of 53 bytes
Some companies have replaces FDDI back-end with ATM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Messaging Server

A

A messaging server is a middleware program that handles messages that are sent for use by other programs using a messaging application program interface (API). A messaging server can usually queue and prioritize messages as needed and saves each of the client programs from having to perform these services.

22
Q

Best effort delivery network protocol

A

The Internet Protocol (IP) is a connectionless protocol used for communicating data across a packet-switched internetwork. IP provides an unreliable service (i.e., best effort delivery). This means that the network makes no guarantees about the packet.
Low-level connectionless protocols such as DDP (under Appletalk) and IP usually provide best-effort delivery of data.

23
Q

Differences between tunnel mode and transport mode

A

In tunnel mode, the entire packet is encrypted and encased into an IPSec packet.

In transport mode, only the datagram (payload) is encrypted, leaving the IP address visible within the IP header.

24
Q

ATM

A

ATM is an example of a fast packet-switching network that can be used for either data, voice or video, but packets are of fixed size.

25
Q

How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

A

The MAC address is 48 bits long, 24 of which identify the vendor, as provided by the IEEE. The other 24 bits are provided by the vendor.

26
Q

How many MAC address fields exist in an 802.11 Wireless Frame?

A

4

27
Q

Data Execution Prevention and Address Space Layout Randomization

A

DEP, which can be enabled within hardware and/or software, attempts to ensure that memory locations not pre-defined to contain executable content will not have the ability to have code executed. For example, an adversary exploits a buffer overflow condition in code that allows for adversary provided shellcode to end up in general data storage location within memory. With DEP, if that location had not been marked as expecting executable content, then successful exploitation might have been mitigated.

Another protection mechanism, ASLR, seeks to decrease the likelihood of successful exploitation by making memory addresses employed by the system less predictable. When developing exploits and building post-exploitation capabilities, the exploit code will leverage existing code loaded on a running system. If these components are consistently found at the same memory addresses, then the difficulty of exploitation is decreased. By randomizing the memory addresses used, the adversary is presented with a more difficult to exploit target. For an example of ASLR success, imagine an adversary developing a successful working exploit on their own test machine. When their code, which relies on particular operating system libraries and code being found at predictable memory addresses, is ported to a machine with ASLR enabled the exploit could be caused to fail.

28
Q

SMTP

A

SMTP acts as a transferring agent from a user’s computer to an email-server and from server to server.
SMTP uses TCP as its transport protocol.

29
Q

Main security issue with cable modem

A

Neighbors use the same coaxial network and can monitor each other’s traffic.

30
Q

UDDI

A

Universal Description, Discovery, and Integration is an XML based registry that lists available services. It provides a method for services to be registered by service providers and located by service consumers.

31
Q

CSMA/CD vs CSMA/CA

A

CSMA/CA sends out a message indicating to all other systems that it is going to put data on the line, and CSMA/CD will listen to the wire to try and figure out when would’ve the best time to put data on the line.

32
Q

Converged Infrastructure

A

The combining of server, storage, and network capabilities into a single framework.

33
Q

In the TCP/IP model, where does the SPX protocol reside?

A

The host-to-host layer in the TCP/IP architecture model would be equivalent to transport layer in the OSI model. This is where SPX protocol resides.

34
Q

How are FDDI and FDDI-2 different?

A

FDDI-2 allows for fixed bandwidth to be assigned.

35
Q

Which polling protocol is used mainly to communicate with IBM Mainframe systems?

A

SDLC is the original IBM proprietary protocol which enables secondary devices to communicate with the primary stations or mainframe in an IBM architecture.

36
Q

Compare CSMA/CD to CSMA/CA

A

CSMA/CD is used for systems that can send and receive simultaneously, such as wired Ethernet. CSMA/CA (Collision Avoidance) is used for systems such as 802.11 wireless that cannot send and receive simultaneously. CSMA/CA relies on receiving an acknowledgement from the receiving station: if no acknowledgement is received, there must have been a collision, and the node will wait and retransmit. CSMA/CD is superior to CSMA/CA because collision detection detects a collision almost immediately.

37
Q

RSN

A

RSN is commonly referred to as WPA2 (Wi-Fi Protected Access 2), a full implementation of 802.11i. By default, WPA2 uses AES encryption to provide confidentiality, and CCMP (Counter Mode CBC MAC Protocol) to create a Message Integrity Check (MIC), which provides integrity. The less secure WPA (without the “2”) was designed for access points that lack the power to implement the full
802.11i standard, providing a better security alternative to WEP. WPA uses RC4 for confidentiality and TKIP for integrity. Usage of WPA2 is recommended over WPA.

38
Q

Which transmission mode is supported by both HDLC and SDLC?

A

Normal Response Mode (NRM)

39
Q

Which one is more secure EAP-TLS or EAP-TTLS?

A

EAP-TLS (EAP-Transport Layer Security) uses PKI, requiring both server-side and client-side certificates. EAP- TLS establishes a secure TLS tunnel used for authentication. EAP-TLS is very secure due to the use of PKI, but is complex and costly for the same reason. The other major versions of EAP attempt to create the same TLS tunnel without requiring a client-side certificate.
• EAP-TTLS (EAP Tunneled Transport Layer Security), developed by Funk Software and Certicom, simplifies EAP-TLS by dropping the client-side certificate requirement, allowing other authentication methods (such as password) for client-side authentication. EAP-TTLS is thus easier to deploy than EAP-TLS, but less secure when omitting the client-side certificate.

40
Q

What WAN Protocol has no error recovery, relying on higher-level protocols to provide reliability?

A

Frame Relay is a packet-switched Layer 2 WAN protocol that provides no error recovery and focuses on speed. Higher layer protocols carried by Frame Relay, such as TCP/IP can be used to provide reliability.

41
Q

Disadvantage of PPTP

A

PPTP only works over IP networks. PPTP can encapsulate data other than IP, but it can move data only over networks that use the IP protocol.

L2TP is used when a PPP connection needs to be extended through a non-IP network.

42
Q

Sender Policy Framework (SPF)

A

SPF is an email validation system designed to prevent email spam by detecting email spoofing, by verifying the sender IP address. SPF allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific SPF record in DNS. Mail exchanges use DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

43
Q

Circuit based proxy firewall

A

Circuit based proxy firewall looks at header information to make decisions on whether a packet is deemed acceptable for access. This is a different approach than application based firewalls, which looks at the information within the payload of the packet.

44
Q

Circuit based proxy firewall

A

Circuit based proxy firewall looks at header information to make decisions on whether a packet is deemed acceptable for access. This is a different approach than application based firewalls, which looks at the information within the payload of the packet.

45
Q

ISDN

A

B channel is used for sending data and D channel is used to send control information.

46
Q

IPX works at network layer.

A

Good way to remember is ip

47
Q

Baseband vs broadband

A

Baseband uses the entire communication channel (one signal)for its transmission, where broadband technology divides the communication channel into individual and independent channels (multi signals) so different types of data can be transmitted simultaneously.

48
Q

Beacon functionality in a toke passing technology

A

If a computer detects a problem within the network, it sends a beacon frame. This frame generates a failure domain, which is between computer that issued the beacon and its neighbor downstream, the computer and devices within this failure domain will attempt to reconfigure certain settings to try and work around the detected fault.

49
Q

Dispersion

A

Dispersion is the spreading out of light pulses, which overlap the preceding or upcoming pulses. This is most prevalent in fiber optical cabling.

50
Q

Isochronous process

A

Isochronous process must deliver data within set time constraints. Applications are typically video related where audio and video must match perfectly. VoIP is another example.

51
Q

IP Protocol

A

The IP protocol is connectionless and works at the network layer.

CISSP ISC2 2023 (90 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions