Chapter 11 Flashcards
(113 cards)
1
Q
This category of routing protocols maintain a list of destination networks along with metrics of direction and distance as measured in hops
A
Distance vector routing protocols
2
Q
this category of routing protocols gather routing characteristics, such as speed, latency, etc to make a next hop routing decision
A
Link State Routing protocols
3
Q
Examples of vector routing protocols
A
RIP, IGRP
4
Q
Examples of link state routing protocols
A
OSPF, IS-IS, EIGRP
5
Q
this category of routing protocols make next hop decisions based on the entire remaining path to the destination, and is a kind of exterior routing protocol
A
path vector
6
Q
what is an example of a path vector routing protocol?
A
BGP
7
Q
This is an insecure terminal emulation network application that supports remote connectivity for executing commands and running applications but does not support transfer of files.
A
Telnet, TCP/23
8
Q
This is an insecure network application that supports an exchange of files that requires anonymous or specific authentication.
A
FTP, TCP/20&21
9
Q
This is an insecure network application that supports an exchange of files that does not require authentication. Used to host network device configuration files and can support multicasting.
A
TFTP, UDP/69
10
Q
This is a protocol used to transmit email messages from a client to an email server and from one email server to another.
A
SMTP, TCP/25
11
Q
This is a protocol used to pull email messages from an inbox on an email server down to an email client (aka client archiving).
A
POP3, TCP/110
12
Q
This is a protocol used to pull email messages from an inbox on an email server down to an email client.
A
IMAP4, TCP/110
13
Q
This protocol provides for centralized control of TCP/IP configuration settings assigned to systems upon bootup.
A
DHCP, UDP/67,68
14
Q
This is the protocol used to transmit web page elements from a web server to web browsers in cleartext.
A
HTTP, TCP/80
15
Q
This is the TLS-encrypted version of HTTP.
A
HTTPS, TCP/443
16
Q
This is a network service that is used to spool print jobs and send print jobs to printers. Consider enclosing in a VPN for use.
A
LPD, TCP/515
17
Q
This is a GUI API for command-line operating systems. Consider enclosing in a VPN for use.
A
X Window, TCP/6000-6063
18
Q
This is a network service used to support file sharing between dissimilar systems. Consider enclosing in a VPN for use.
A
NFS, TCP/2049
19
Q
This is a network service used to collect network health and status information from a central monitoring station.
A
SNMP, UDP 161, 162
20
Q
combination of IP and port
A
socket
21
Q
ports that have one or more networking software products specifically registered with IANA
A
registered software ports
1024-49151
22
Q
ports used randomly and temporarily by clients as a source port
A
random, dynamic, ephemeral ports (49152-65535)
23
Q
3 steps of a TCP handshake
A
SYN
SYN/ACK
ACK
24
Q
this name server hosts the original editable zone file for the domain
A
primary authoritative name server
25
these name servers host read-only copies of the zone file
secondary authoritative name server
26
a security improvement to DNS; provides mutual certificate authentication and encrypted sessions between devices
DNSSEC
27
this system protects clients during DNS transactions by creating an encrypted session with a DNS server using HTTPS
DNS over HTTPS (DoH)
28
this system protects clients during DNS transactions by adding a DNS proxy between the client and the DNS resolver thus providing anonymity and privacy to DNS queries
Oblivious DoH (ODoH)
29
a malicious device that responds to DNS queries with false IP information
rogue DNS server
30
putting incorrect information into a DNS server's zone file or cache
DNS Cache Poisoning
31
malicious redirection of a valid website's URL to a fake website by modifying the local hosts file on a system
DNS Pharming
32
when a client has a false DNS server definition
corrupting the IP configuration through DHCP or a script
33
when an attacker sends back a DNS response with false information
DNS query spoofing
34
protecting against DNS poisoning methods
block inbound TCP 53
block outbound UDP 53
NIDS
use DNSSEC
use DoH or ODoH
regularly audit DNS and DHCP servers
use split DNS
35
deploying separate DNS servers for public and private use
split DNS
36
defensive use of DNS spoofing to prevent users from visiting malicious sites
DNS Sinkhole
37
malicious action of changing the registration of a domain name without the authorization of the valid owner
domain hijacking
38
displaying a link that looks like a well-known product that redirects the user to an alternate location
URL Hijacking
39
IPv6 new features
scoped addresses, autoconfiguration, QoS
40
since IPv6 does not support NAT, will this reduce security or privacy?
Privacy, because a systems local IP address will not be masked
41
having systems operate both IPv4 and IPv6
dual stack
42
systems operate a single stack of either IPv4 or IPv6 and use an encapsulation tunnel to access systems of the other protocol
tunneling
43
used to convert between IPv6 and IPv4 network segments similarly to how NAT converts between internal and external adresses
NAT-PT
44
this router protocol allows systems to support multicasting
IGMP - Internet Group Management Protocol
45
this protocol resolves IP addresses into MAC addresses
ARP
46
when an attacker sends false ARP replies to a switch
ARP cache poisoning
47
best defense against ARP attacks
port security on switches
48
this security measure can prohibit communications with unknown, unauthorized, rogue devices
switch port security
49
this secure protocol uses public key cryptography to provide encryption, access control, nonrepudiation and message authentication using IP protocols. Primarily used for VPNs
IPsec
50
this secure protocol offers a SSO solution and provides protection for logon credentials
Kerberos
51
this secure protocol is an end-to-end encryption technique that can encrypt plaintext utilities, often used to remotely access the CLI of a device
SSH
52
this is a cryptographic protocol that provides end-to-end encryption for voice communications, videoconferencing, and text messages
signal protocol
53
this is an authentication service for cross-network service communications and prevents unauthorized execution of code on remote systems
Secure Remote Procedure Call (S-RPC)
54
this is an encryption protocol that operates at OSI layer 4 by encrypting the payload of TCP communications
TLS
55
this protocol is primarily used in the electric and water utility management industries to support communications between data aquisition systems and the system control equipment. It is similar to TCP/IP for ICS
DNP3 (Distributed Network Protocol 3)
56
merging of specialty or proprietary protocols with standard protocols
converged protocols
57
a secondary network used to consolidate and manage various storage devices into a single consolidated network-accessible storage container
Storage Area Network (SAN)
58
used to encapsulate Fibre Channel communications over ethernet networks
Fiber Channel over Ethernet (FCoE)
59
high-throughput high-performance network technology that directs data across a network based on short path labels to save time over traditional IP based routing; designed to handle a wide range of protocols through encapsulation rather than just TCP/IP
MPLS (Multiprotocol label switching)
60
a networking storage standard based on IP used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet
Internet Small Computer System Interface (iSCSI)
61
a tunnelling mechanism that encapsulates audio, video, and other data into IP packets
VoIP
62
a new network design that is directly programmable from a central location, is flexible, vendor neutral, and open standards based.
software defined networking SDN
63
3 benefits of segmentation
boosting performance
reducing communication problems
increasing security
64
creates a separate and distinct network structure for traffic that would otherwise interfere with the production network by creating secondary network paths to support data storage traffic
an out-of-band pathway
65
diving an internal network into numerous subzones with filtering mechanisms between all of them
microsegmentation
66
an encapsulation protocol that enables VLANs to be stretched across subnets and geographic distances
Virtual eXtensible LAN (VXLAN)
67
IEEE standard for wireless network communications
802.11
68
Wi-Fi deployment model where any two wireless networking devices can communicate without a centralized control authority
ad hoc mode
69
Wi-Fi deployment model where a WAP is required and restrictions for wireless network access are enforced
Infrastructure
70
a wireless deployment where there is a WAP connecting wireless clients to one another but not to any wired resources
standalone mode
71
a wireless deployment where the WAP acts as a connection point to link the wireless clients to the wired network
wired extension
72
a wireless deployment where multiple WAPs are used to connect a large physical area to the same network
enterprise extended mode
73
a wireless deployment where a wireless connection links two different wired networks
bridge mode
74
the SSID used by WiFi direct or ad hoc mode
ISSID - Independent service set identifier
75
a formal assessment of wireless signal strength, quality, and interference using an RF signal detector
site survey
76
a mapping of signal strength measurements over a building's blueprint
heat map
77
wireless authentication method that does not require authentication and sends data in the clear
OSA - open system authentication
78
wireless authentication method that requires authentication before communications can occur
shared key authentication (SKA)
79
a SKA protocol that uses a predefined shared RC4 secret key; extremely weak
WEP
80
a SKA protocol that replaced WEP and negotiates a unique key set with each host. Uses RC4 nd TKIP or LEAP
WPA
81
a SKA protocol that implements AES-CCMP encryption
WPA2
82
a SKA protocol that uses 192-bit AES CCMP encryption and replaces preshared key authentication with Simultaneous Authentication of Equals (SAE)
WPA3
83
a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place
802.1X/EAP
84
encapsulates EAP methods within a TLS tunnel that provides authentication
Protected Extensible Authentication Protocol (PEAP)
85
security standard that operates by auto-connecting and automatically authenticating the first new wireless client to initiate a connection to the network at the push of a button or remote PIN
WPS
86
is WPS secure?
No, an attacker could brute force the PIN that could allow access to the network
87
a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to unauthorized devices
Wireless MAC filter
88
an authentication technique that redirects a newly connected client to a web-based portal access control page
captive portal
89
4 radio frequency spectrum-use techniques
spread spectrum
FHSS - Frequency Hopping Spread Spectrum
DSSS - Direct Sequence Spread Spectrum
OFDM - Orthogonal Frequency-Division Multiplexing
90
blue-tooth focused network packet capture
Bluesniffing
91
a DoS attack against a Bluetooth device
Bluesmacking
92
sending unsolicited messages to Bluetooth-capable devices
Bluejacking
93
the unauthorized access of data via a Bluetooth connection
Bluesnarfing
94
an attacker gains remote control over the hardware and software over a Bluetooth connection
Bluebugging
95
wireless used by SCADA systems
Narrow-band wireless
96
IoT wireless
Zibgee
97
a collection of resource services deployed in numerous data centers to provide low latency, high performance, and high availability of hosted content.
content delivery network CDN
98
a section of the organization's network that has been sectioned off so that it acts as an intranet for the private network but also serves information to outsiders
extranet
99
a special-purpose extranet that is designed specifically for low-trust and unknown users to access public facing services
DMZ, screened subnet
100
network devices that operate at OSI layer 1 to strengthen the communication signal over a cable segment
RCAs - Repeaters, Concentrators, and Amplifiers
101
network devices that operate at OSI layer 1 to connect multiple systems - create a single collision and broadcast domain
Hub
102
a device that covers or modulates between an analog carrier signal and a ditial information
modem
most modern modems are actually routers
103
a network device that connects two networks together; operate at OSI layer 2
bridge
104
network devices that operate at OSI layer to to manage the transmission of frames via MAC addresses and can separate broadcast domains with the creation of VLANs
Switch
105
network devices that operate at OSI layer 3 to control traffic flow based on IP addressing; connect networks together
Routers
106
a network device that is a remote access, multilayer switch used to connect distant networks over WAN links
LAN extenders, WAN switch, WAN router
107
a network device that is a remote access system deployed to make accessing other devices more secure
jumpbox
108
a network device that collects information and transits it back to a central system for storage and analysis
Sensor
109
a network device that gathers data into a log or record file; waits for specific activity, event, or traffic and then records it into a record file
Collector
110
a device that takes numerous inputs and integrates them into a single data stream and can multiplex
aggregator
111
the concept of controlling access to the environment through strict adherence to and enforcement of security policy
NAC Network Access Control
112
what level of the OSI model do circuit-level firewalls operate on?
Layer 5
113
a firewall deployed between internal network segments to prevent the further spread of malicious code
Internal Segmentation Firewall (ISFW)
