A Protocol Layer Survey of Network Security

Question 1

_____ is the lowest layer in the TCP/IP hierarchy.

Answer 1

link layer

Question 2

_____ is the term applied to the basic unit of data that passes through the link layer.

Answer 2

frames

Question 3

_____ is the second lowest layer in the TCP/IP hierarchy.

Answer 3

network layer

Question 4

(T/F) TCP is a connectionless protocol

Answer 4

false

Question 5

(T/F) IP is a connection-oriented protocol.

Answer 5

true

Question 6

_____ is the transport layer protocol within TCP/IP.

Answer 6

TCP

Question 7

_____ enables the receiving TCP/IP stack to reconstruct the data stream at the destination in the correct order.

Answer 7

the sequence number

Question 8

_____ and _____ are two transport layer protocols within TCP/IP.

Answer 8

hypertext transport protocol (HTTP) and (FTP)

Question 9

_____ is the top layer of the TCP/IP stack.

Answer 9

application layer

Question 10

List three physical layer protocols.

Answer 10

ethernet, token ring, and DSL

Question 11

If a network interface is placed in _____ mode, it will receive all network traffic irrespective of source or destination.

Answer 11

promiscuous

Question 12

_____ and _____ are the two address types that correspond to a networked computer.

Answer 12

Media Access Control (MAC) and Internet Protocol (IP)

Question 13

_____ is the protocol that resolves IP addresses into MAC ID’s.

Answer 13

Address Resolution Protocol (ARP)

Question 14

Explain how the following Teardrop attack works.

hacker. net 22 > target.org 33: UDP (frag 123:64@0++)
hacker. net > target.org(frag 123:20@24)

Answer 14

Two UDP packets are sent where the second overwrites bytes 21-45 in the original packet to camouflage the packet signatures.

Question 15

_____ is the goal of a Teardrop attack.

Answer 15

avoid static firewalls and older intrusion detection systems

Question 16

In a Smurf attack, which of the two IP addresses are spoofed?

(a) source
(b) destination

Answer 16

(a) source

Question 17

What is the procedure used to establish a TCP/IP connection between two hosts?

Answer 17

Server waits for connection request from client. Client sends TCP segment specifying information. Server responds with a segment specifying information. Client sends final segment with ACK flag set.

Question 18

_____ spoofing occurs when the attacker’s computer is on the same subnet as the victim.

Answer 18

non-blind (TCP)

Question 19

_____ spoofing occurs when the attacker has to guess how the victim TCP layer generates sequence numbers.

Answer 19

blind (TCP)

Question 20

_____ attacks employ spoofing in order to intercept network traffic and/or take over the network session.

Answer 20

Man in the Middle (MITM)

Question 21

_____ compromise an operating systems kernel.

Answer 21

kernel-mode rootkits

Question 22

If we describe the complexity of a password as R**L, where R is the radix of the symbol set and L is the length of the password string, in most practical situations increasing _____ adds more security than increasing _____.

Answer 22

L, R

Question 23

The fact that HTTP is _____ requires the storage of transaction information in order to create online shopping carts.

Answer 23

state dependent

Question 24

_____ is an HTML image tag occurring within a web page that may result in malicious activity.

Answer 24

A web bug

Question 25

List three types of information that may be harvested by means of web bugs

Answer 25

date and time page was viewed, browser type and monitor resolution, and IP address of the computer the victim used to view the document

Question 26

List three types of social engineering that are used to mislead or defraud computer and network users

Answer 26

Email spoofing, IP spoofing, and ARP spoofing

Question 27

List four types of viruses that infect computer systems

Answer 27

Boot virus, file virus, macro virus, and script virus

Question 28

_____ are two types of malware that create a mechanism by means of which an attacker can remotely access and control the victim’s computer

Answer 28

Trojans and backdoors

Question 29

_____ is a type of encryption where the encryption and decryption keys are either the same or algorithmically related

Answer 29

Symmetric-key encryption

Question 30

_____ is the type of encryption where the encryption and decryption keys are different: one is published and the other is secret

Answer 30

Public-key encryption

Question 31

_____ is an information system resource whose value lies in unauthorized or illicit use of that resource

Answer 31

A honeypot