BKS Recap Questions

Question 1

how do network standarts affect price and features?

Answer 1

Standards force interoparability which leads to more competition which forces companies to lower prices or better features in order to gain a good market possition.

Question 2

what three aspects does a message have?

Answer 2

message order
message semantics (meaning)
message syntax (organization - structure)

Question 3

Name an example for the importance of message order outside of networking

Answer 3

Cooking recipee

Question 4

distinguish between syntax and semantics

Answer 4

Syntax: How a message is organized (header, date field, trailer)
Semantics: meaning of the message (Pls give me, Here is the file…)

Question 5

Describe message ordering in HTTP

Answer 5

Http is a simple request, response cycle.

Question 6

in http can a server transmit if nothing has been requested?

Answer 6

No, the server can not transmit without the client making a request first.

Question 7

Describe the three step handshake in TCP connection openings

Answer 7

syn ->

ack

Question 8

what kind of message does the destination host send if it does not recieve a segment during a tcp connection?

Answer 8

Data=HTTP request error

Question 9

under what circumstance will the source host tcp process retransmit the segment?

Answer 9

If it did recieve a Data=http request error

Question 10

describe the four step closing handshake in tcp

Answer 10

fin ->

ack

Question 11

after a side initiates the close of a conection by sending a fin segment, will it send any more segments=

Answer 11

yes it can send one more segment, before the other side closes as well.

Question 12

what are the three general parts of a message?

Answer 12

header, data field, trailer

Question 13

what does the data field contain?

Answer 13

Its the heart of the message and contains the content being delivere by the message.
In http it contains the the file for the response message.

Question 14

Is there always a data field?

Answer 14

No, sometimes only a header is needed. For example when you only need the Ack flag.

Question 15

what is the definition of a trailer?

Answer 15

Everything that comes after the data field.

Question 16

Distinguish between Header and header fiels

Answer 16

the header contains the header fields which then contain different information f.e. destination header adress field which contains information for switches and routers.

Question 17

distinguish between octets and byte

Answer 17

It is just different terminology. Both octets and byte are 8 bits. In networking we mostly speak of octets, because it kind of makes more sence (oct - 8)

Question 18

which is the dominant network standard in wired lans?

Answer 18

Ethernet, which is more like a assembly of standards

Question 19

name the data link layer address used in Ethernet. What is the size?

Answer 19

Extended Unique Identifier - EUI48 address (former mac address)
It is 48 bit or 6 byte/octet in size

Question 20

waht is the role of frame check sequence field in ipv4 segments?

Answer 20

The host checks if the segment numbers are the same in order to verify they are at the same segment.

Question 21

can ethernet correct an erroneous frame?

Answer 21

No it cannot correct the frame, it can only detect erronouse frames.

Question 22

why was tcp designed to be complex?

Answer 22

The ipv4 was a best effort syntax. TCP needed to be more complex in order to be more userfriendly, reliable and easier to see through.

Question 23

why is it important for network professionals to understand TCP?

Answer 23

complex internetwork transmission tasks are handled by it. So in order to understand networking you need to understand TCP.

Question 24

What are TCP Messages called?

Answer 24

They are called TCP Segments

Question 25

what is the role of sequence numbers in segmentation and reassembly?

Answer 25

Without segment numbers it wouldnt be possible to reasseble the packages in the right order. (in the wrong order they would be useless)

Question 26

If a host wishes to acknowledge a connection request from another host which field will it use?

Answer 26

It will use the Flag fields in the Segment header. It will be set to 1 in the ACK bit.

Question 27

How does an ACK number make tcp a reliable protocol?

Answer 27

because the ack number makes every segment unique,

Errors can be discarded, resend and reassbeled.

Question 28

what type of port numbers do server use for common server programs?

Answer 28

SMTP->Port 25, HTTP-> port 80, FTP->20,21

Question 29

what type of port do clients use when they communicate with server programms

Answer 29

Clients generate a ephemeral port number (1024-4999) when talking to a server and are discarded after the connection.

Question 30

what si the range of port numbers for each type

Answer 30

0-1023 for server ports

1024-4999 for ephemeral ports

Question 31

Why are some ports called ephemeral

Answer 31

because they will be discarded after each use

Question 32

what is the syntax of a socket?

Answer 32

The IP Address, a colon (:) and the port number. Example: 128.0.0.1:25

Question 33

Do HTTP request messages have a header, data field and trailer?

Answer 33

They have Header and a data fields but usualy no trailer.

Question 34

On what layer is the convertion from bits to ascii?

Answer 34

the application layer

Question 35

why is there a need for encoding

Answer 35

because on every layer under the application layer everything is sent in bits.

Question 36

what layers require ancoded messages?

Answer 36

the transport layer and lower (>=4)

Question 37

convert 4 to binary

Answer 37

00100

Question 38

convert 00100 to decimal

Answer 38

4

Question 39

convert 11011 to decimal

Answer 39

27

Question 40

how is voice encoding carried out?

Answer 40

the analog signal is translated to a digital one by measuring th loudness of voice thousand times a minute. A digital circuit (encoder) translates it.

Question 41

what is ecapsulation?

Answer 41

Encapsulation is the repacking of a segment/frame when going through another layer. a tcp segment has to be encapsulated in a ip packet to go through that layer.

Question 42

Why is encapsulation necessary for there to be

communication between processes operating at the same layer but on different hosts, routers, or switches?

Answer 42

because other layers wouldn’t be able to understand the packet/segment. So it needs to be encapsulated in order to be understandable for the standard protocol

Question 43

explain the target breach

Answer 43

an employee recieved a spear fishing email which infected the his machine. That machine did send codes to the attacker which they used for login on the server. . they uploaded POS (Point of sale) maleware. so it was downloaded to all POS terminals in all target stores.
They collected data of all credit cards which they could sell to counterfeit card manufacturers.

Question 44

Whose actions would you need to anticipate when managing network security?

Answer 44

Everyones. Every move of every user, hacker and goverment. There is no perfekt security solution.

Question 45

How would you define a threat environment?

Answer 45

threat environment is when users dont upgrade their systems fast enough so there are vulnerabilitys on the system, which can be used to inject malware.

Question 46

What is a vulnerability?

Answer 46

vulnerability is a flaw in a program that permits a specific attack or set of attacks against this program to succeed.

Question 47

How can users eliminate vulnerabilities in their programs?

Answer 47

They have to install patches immediately.

Question 48

What name do we give to attacks that occur before a patch is available?

Answer 48

Zero-day Attack

Question 49

How do viruses and worms differ?

Answer 49

A virus is attached to a program, worms are standalone products.

Question 50

What is a propagation vector?

Answer 50

the type/way a worm/virus uses to spread/propagate

Question 51

Under what circumstances are scripts likely to be

dangerous?

Answer 51

There are scripts (mobile code) which gets downloaded to your device if opened. The script can then run on your device.

Question 52

What is meant by payload

Answer 52

The tasks a malware has. F.E. deleting your harddisk.

Question 53

What is social engineering?

Answer 53

it aims at human failure. a user is asked to compromise personal or corporate security by offering him something. (a nice download for example)

Question 54

Distinguish between phishing and spear phishing.

Answer 54

spear fisihing aims at one particular person. the attacker learns a lot about that person and uses personal data to make the fishing more personal

Question 55

what si the def of hakcing?

Answer 55

intentionally using a computer resource without authorization or in excess authorization

Question 56

Describe the two stages that typically occur in an attack.

Answer 56

The exploit - the actual break in via tools

after break in - exploiting the ressource, gathering data and so on.

Question 57

What is the purpose of a denial-of-service attack?

Answer 57

the shutdown of the attacked server (the denial of any service)

Question 58

What programs directly

attack the victim in a distributed denial-of-service attack?

Answer 58

they use botnets or hundreds of bots which send spam packets to the attacked server

Question 59

Explain “advanced” in the term advanced persistent theft

Answer 59

Attacks that are really hard and expensive to be carried out. Can take years and needs extreme precision.

Question 60

What type of adversary are most hackers today? b) Why is this type of attacker
extremely dangerous?

Answer 60

career hackers, looking for maximum damage or biggest use for them.

Question 61

Is it generally illegal to write malware in the United States? b) What actions
regarding malware are illegal?

Answer 61

It is not illegal to write, but to sell or release.

Question 62

What is a cipher?

Answer 62

an encryption method to create an encrypted message

Question 63

In tvvoway dialogues, how many keys are used in symmetric key encryption?

Answer 63

Both users use the same key. So its one key in two places.

Question 64

What is the minimum size for a strong key?

Answer 64

At least 100 bitsor greater.

Question 65

Distinguish between private networks and virtual private networks.

Answer 65

private network is on data link not connected to the internet and probably is an ethernet.
virtual private networks work through the internet but act like a private network.

Question 66

for what is ssl / tsl most widely used?

Answer 66

browser - webserver connections

Question 67

What does a firewall do when a provable attack packet arrives?

Answer 67

discard it and write content to log file

Question 68

Does a firewall

drop a packet if it probably is an attack packet?

Answer 68

no, only if proven attack

Question 69

c) Why is it important to read firewall

logs daily?

Answer 69

to understand the attacks which are incomming

Question 70

Distinguish between ingress and egress filtering.

Answer 70

ingress is incomming and

egress is outgoing

Question 71

describe the Plan, Protect, Respond Cycle

Answer 71

Planing the security with risk analysis, minimum permission, in depth defense.
Most budged spend on: Protect- access control, firewall cryptography.
Respond - to attacks and breaches and minimize damage

Question 72

Name the four Quality of Service metrics

Answer 72

Speed (Speed of transmission), Errors (Amount of bad packets, Availability (%time network is ava.) Latency (time delay)

Question 73

distinguish between rated speed and throughput

Answer 73

rated speed is what the technology is capable of

throughput is what the user really gets

Question 74

what is SNMT

Answer 74

SimpleNetworkManagementTools

Question 75

what does UTP mean?

Answer 75

unshielded twisted pair (of copper cable)

Question 76

what is the distance of UTP and Optical Fibre?

Answer 76

UTP 100m, Fibre: 200-500

Question 77

Name the 4 UTP ethernet standards incl speed, quality and max length

Answer 77

100base tx - 100mbps -5e or higher - 100m
1000base t - 1000mbps - 5e or higher - 100m
10000base t - 10000mbps - 6 or higher - 55m
10000base t - 10000mbps - 6a or higher - 100m

Question 78

name the 2 optical fibre quality standards

Answer 78

OM 3 length 550m@1gbps, 300@10, 100@100

OM4 lenght 1000@1, 440@10, 150@100

Question 79

What is Modulation?

Answer 79

Modulation is the process in which a digital computer singlan converts into a form that can travel down an ordinary analog telephone line

Question 80

What is Amplitude Modulation and how does it work?

Answer 80

It is the change of power in the wave (aplitude graph) which can be low and high. A low amplitude = “0” (Bit) and a high amplitude = “1”

Question 81

Which messurement are amplitude waves using?

Answer 81

They use Hertz (Hz), which is the amount of cycles in one second

Question 82

what is phase modulation (PM)?

Answer 82

the phase gets inverted. (statt erst hoch, erst tief..)

inverted = 0 , normal = 1

Question 83

What is spread spectrum transmission?

Answer 83

uses wider bandwidth in order to send three parts of the same frame, if one gets lost the date is still transmitted

Question 84

whats the most used wifi standard?

Answer 84

802.11(i)

Question 85

what does SSID mean? whats ESS?

Answer 85

Service Set ID

extended service set - with more access points

Question 86

What is CSMA /CA+ACK

Answer 86

1 Carrier sense multiple access - the sender listens for traffic and sends when when no one else does.
2Collision Avoidance - whaits random amount of time to avoid collision (in case it would send asap)
and 3 Acknowledgment sends a send request which has to be acknowledged

Question 87

is CSMA/CA+ACK efficient?

Answer 87

No because it has to wait and request and then wait for ack again and then send.

Question 88

What is RTS-CTS?

Answer 88

Request to send, Clear to send
host sends CTS message
accesspoint sends CTS when rdy

Question 89

name the 802.11 WiFi Standards

Answer 89

802. 11g - 54mbps (2,4ghz)
803. 11a - 54mbps (5ghz)
804. 11n - 100-600 (150-300 common) (most used) (2,5 and 5ghz)
805. 11ac - 433-6930 (433-1300 common) (most soled today) (5ghz)

Question 90

what is a spatial stream?

Answer 90

Access point sending two signals in the same channel one from antenna a and one from antenna b

Question 91

Explain PSK

Answer 91

PSK means pre shared key. Everyone with the key can access the network.

Question 92

Explain USK

Answer 92

Host has PSK but also needs the Unshared session key from the access point. Which is encrypted and only shared with one client (each unique).

Question 93

802.11i security is not enough, what threads are there?

Answer 93

except from human failure or internal setup:
rogue access point
evil twin access point

Question 94

What is “rogue access point”

Answer 94

a rogue access point is one that is unsecure (e.g. set up by an employee). A hacker can access it.

Question 95

What is an Evil Twin AP (Access Point) operation?

Answer 95

An attacker computer impersonates an access point. Opens connection to client and access point separately. Acts as Man in the middle.
Uses Decryption (Key1) to read message and reencrypts (Key2) A after sending trough.

Question 96

Explain the hierachi of IPv4

Answer 96

123.456.789.012
Network Part (Maybe not only 8 bits e.g. 123.456)
Subnet Part (maybe not only 8 bits)
Host Part (maybe not only 8 bits)

Question 97

What is the job of a border router?

Answer 97

It connects the Internet on one side to the corporate network on the other side.

Question 98

Why are Subnetmasks needed?

Answer 98

You cannot tell where an IPv4 Package has to go on its own, so we need subnetmaks.

Question 99

how do subnetmasks work?

Answer 99

Masks are applied to the IPv4 address.
if the mask bit is “0” the result is 0.
if the mask bit is “1” the result is the IP address bit in that position.

Question 100

What does a Subnetmask look like?

Answer 100

A mask is a series of initial ones followed by a series of final zeros, for a total of 32 bits.
11111111 11111111 00000000 00000000
255.255.0.0
/16 (because 16 of the 32 bits are “1”)

Question 101

explain the difference between ethernet switching and ip routing

Answer 101

Ethernet switches are organized in a hierarchy. There is only one possible port to send a frame out and so only one row per address.
Routers are arrenged in meshes with multiple alternative routes. A router may send a packet out to more than one interface (port) and still get the packet to its destination.

Question 102

explain routing ranges

Answer 102

A router has a routing table (with IP ranges) which it uses to make routing decisions. 
There may be more than one option:
- chooses closest one
if similar
- chooses better metric cost (less hops)

Question 103

Whats the Problem with ip packet routing

Answer 103

The Router knows the nexthoprouter ip but not teh data link layer (EUI48) adress.
To solve this it uses the address resolution protocol (ARP).

Question 104

What is in the first row of an IPv4 packet?

Answer 104

Its the header which contains:

• version = the version of IP packet used.
• header lenght = tells the size of header
• ECN Explicit congestion notification = Reduces speed in case of congestion
• total lenth = tells size of the whole packet

Question 105

What is in the second row of an IPv4 Packet?

Answer 105

The second row is used for reassebling, but IP fragmentation is extremely rare.

Question 106

what is in the third row of an IPv4 package?

Answer 106

• TTL (time to live
• Protocol which is used (1=ICMP, 6=TCP. 17=UDP)
• Header checksum, to find errors and maybe discard packet. No retransmission. Internetlayer is not reliable.

Question 107

What is in and after the 4th layer of an IPv4 Packer?

Answer 107

The source address
the destination address
options (not common, may indicate malicious packet

Question 108

Why do we need IPv6 addresses?

Answer 108

Because IPv4 contains only 4b addresses which, considering that ranges are given to corporations, is not enough. So from now on we need to give out IPv6.

Question 109

explain the properties of IPv6

Answer 109

• 128 bits long

- hexadezimal (2001:0027:fe56:0000:0000:0000:cd3f:0fca)

Question 110

Explain how to shorten IPv6 addresses

Answer 110

segments which start with zeros can be shortened
2001:0027:fe56:0000:0000:0000:cd3f:0fca
2001:27:fe56::::cd3f:fca
only outer colons are keept
2001:27:fe56::cd3f:fca
if there is more then one full 0 segment, only shorten the LONGEST one (other one keeps all colons.
if they have the same lenght, shorten first one.

Question 111

does an IPv6 Packet have a header checksum?

Answer 111

No, the transport layer already takes care of that.

Question 112

what is the “next header” in an IPv6 Packer?

Answer 112

always leads to the next header

Question 113

explain the difference between TCP and UDP

Answer 113

UDP doenst use acknowledgments which makes it way faster but also less reliable.
Used for applications which need speed over reliability (voice chat, video calls)

Question 114

Whats the Three Step Opening of TCP Sessions?

Answer 114

syn->

Question 115

normal 4 step tcp close

Answer 115

fin->

Question 116

whats the abrupt tcp close?

Answer 116

closes the connection immediatly by sending
RST ->
no ack from other side

Question 117

in IP Subnetting, how do you calculate how many hosts and subnets a firm can have?

Answer 117

They apply and get assigned a certain network part. Lets say 16 bit is pre assigned. 16 bits remain for firm to assign. could be 8/8 or 6/10 and so on.
number of hosts OR subnets is 2^numberHere -2 (example 2^8-2=254)

Question 118

what is NAT and how does it work?

Answer 118

Network Address Translation. Is a firewall which translates the internal IP to an external IP and saves it into a translation table.
NAT makes it possible to hide the real internal IP address in the internet.

Question 119

What is a Domain?

Answer 119

Any group of resources (routers, single networks, hosts, etc) under the control of an organization.

Question 120

how does DNS work?

Answer 120

Client asks local dns server for IP.
local dns server asks the authoritive dns server for that name.
authoritive dns server send the IP address of given name.
local dns sends dns response message with ip address

Question 121

how many dns root servers do exist?

Answer 121

13

Question 122

what are the two types of top level domains?

Answer 122

Country top level domains (.de, .nl)

generic top level domains (.com, .edu….)

Question 123

What is a VPN

Answer 123

Virtual Private Network.

Really, its just encrypted communication through an untrusted network

Question 124

what are the two types of VPNs?

Answer 124

Remote Access VPNs:
connect a remote user to a corporate site.

Site-to-Site VPNs:
Euch site has a key to encrypt outgoing traffic and a key for dycrypting incomming traffic.

Question 125

what are the two ways IPsec can operate in? What are the pros and cons

Answer 125

Transport Mode
host to host, with digital authentication
better security, higher cost
Tunnel Mode
only through internet, unportected at site.
less secure, cheaper

Question 126

Characterisctics of IPsec VS SSL/TSL

Answer 126

IPsec is on layer 3
SSL on layer 4

IPsec not build into browsers and co
SSL build in

IPsec can protect any application
SSL cant protect any app.

IPsec excellent security
SSL good security

Question 127

why is IPsec not enough?

Answer 127

application cannot tell if its being protected so apps often require SSL/TSL.

Question 128

How do you calculate the 64 Bit unicast interface ID?

Answer 128

• Display EUI-48 address
• remove dashes
• convert to lower case
• devide in half
• insert fffe in the middle
• in the second nibble, invert the second last bit. (e. g. 1101 -> 1111)

Question 129

how is the DNS record for IPv6 called?

Answer 129

DNS AAAA Record

Question 130

How do routers get there routing tables?

Answer 130

They constantly exchange information

several dynamic routing protocols

Question 131

name the routing protocols

Answer 131

OSPF - Open shortest path first
EIGRP Enhanced interior gateway routing protocol
BGP Border gateway protocol

Question 132

explain what ICMP is/does

Answer 132

ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets. ICMP creates and sends messages to the source IP address indicating that a gateway to the Internet that a router, service or host cannot be reached for packet delivery. Any IP network device has the capability to send, receive or process ICMP messages.

Question 133

differentiate between LAN,MAN, WAN

Answer 133

Local access network, Metropolitan Area Network, Wide Area Network
Lan is cheap, Man medium and WAN expensive.
LAN fast, MAN medium, WAN slow
Diversity of tech LAN low, MAN medium and WAN high

Question 134

basic concept of a wan network?

Answer 134

Sites are connnected to the WAN core which is then connected to the ISP

Question 135

what is the PSTN?

Answer 135

Public Switched Telephone Network

Question 136

What is ADSL?

Answer 136

Asynchronous Digital Subscriber Line.

Uses adnvanced technology to delive date over telephone UTP lines. is inexpensive.

Question 137

What is Cabel Modem Service

Answer 137

Coaxial cable that brought tv where there was no reception. Now also Internet Data.

Question 138

Explain cellular technology

Answer 138

Antenna towers creating cellsites, broken into cells with each reusing multiple channels to serve enough users.
Traveling through cells will hand you off to next one. Antennas are connected to PSTN.

Question 139

Leased Linie data network

PSDN Public switched data network

Answer 139

remeber the names brah.

Question 140

nenne drei definierende eigenschaften von single switched networks

Answer 140

1 - nur eine übertragungstechnilogie
2 - kontrollierter addressraum
3 - nachrichten sind frames, nicht pakete