Chapter 3 - Understanding Devices & Infrastructure Flashcards Preview

Security + > Chapter 3 - Understanding Devices & Infrastructure > Flashcards

Flashcards in Chapter 3 - Understanding Devices & Infrastructure Deck (52)
Loading flashcards...
1
Q

Any device connected to the network that runs a TCP/IP protocol suite is called a what?

3-74

A

host

2
Q

Tell me the 4 layers of the TCP/IP model, bottom up.

3-74

A

network access
internet
transport (host to host)
application

3
Q

Tell me the default ports for HTTP and HTTPS.

What does HTTPS use for encryption?

3-75

A

80 and 443

SSL (Secure Socket Layer)

4
Q
Tell me the ports used by File Transfer Protocol.
Simple Mail Transfer Protocol.
Telnet
Domain Name System
Remote Desktop protocol
Simple Network Management Protocol
Post Office Protocol

Which layer do all of these protocols operate at?
3-76

A
20, 21
25
23
53
3389
161, 162 (trap)
110

Application Layer

5
Q

True or False

Antiquated protocols are those that are no longer needed and should therefore be removed because they are leaving an opening for an attacker.

3-77

A

True

6
Q

Which layer does TCP and UDP operate at?

What’s the difference between them?

3-77

A

transport layer

tcp - connection oriented
udp - not connection oriented

7
Q

The Internet layer is responsible for routing, IP addressing, and packaging. Tell me 3 standard protocols of the Internet layer.

3-77,78

A

Internet Protocol
Address Resolution Protocol
Internet Control Message Protocol

(IP, ARP, ICMP)

8
Q

Network Access Layer. Tell me what it does.

3-78

A

Defines how you put data on the wire and defines what that wire is.

9
Q

IPv6. How many bits in an IPv6 address?

What security does it employ?

3-79

A

128

IPSec, is mandatory

10
Q

You have some data that needs to be sent from PC A to PC B. Your data is going to go through an encapsulation process. Tell me the headers that get attached, in sequence, and where they get attached.

3-79

A

A TCP header gets added to the front of your Application Data.
An IP header gets placed in front of the TCP header.
A Hardware header gets placed in front of the IP header.

11
Q

There are well-known TCP ports and UDP ports that we need to pay particular attention to. What are they?

3-81,82

A
21 - FTP
22 - SSH
25 - SMTP
53 - DNS
80 - HTTP
110 - POP3
139 - NetBIOS
143 - IMAP
443 - HTTPS
12
Q

Tell me the command you use to see which ports are active on your server.

3-83

A

netstat

13
Q

Tell me the TCP three way handshake connection process by using acronyms.

3-86

A
  1. PC A sends SYN to PC B
  2. PC B sends SYN-ACK to PC A
  3. PC A sends ACK to PC B
14
Q

What is the thing that allows a server or client to interface to the TCP/IP protocol suite?

3-86

A

Windows Sockets Application Programming Interface

also known as Winsock

15
Q

What is iSCSI?
What ports does it use?
What is it for?
What does it create?

3-87

A

Internet Small Computer Systems Interface
860 and 3260
data storage and data transfers
a SAN (storage area network)

16
Q

You are designing the security topology of your network, so what 3 things must you be concerned with?

3-87

A

access methods
security
technologies used

17
Q

Tell me a common protocol used by Fibre Channel and tell me what is bad about it.

3-87

A

FCoE (Fibre Channel over Ethernet)

The problem with FCoE is that it is not routable at the IP layer and so it won’t work on large networks.

18
Q

What do you use to establish a DMZ for your server?

3-87

A

firewall

19
Q

If a host exists outside the DMZ and is open to the public, what kind of host is that?

3-88

A

bastion host

20
Q

What do you use to subnet a network?

3-89

A

subnet mask

21
Q

What can you use to hide segments of your network and therefore control access?

3-89

A

VLANs

virtual local area networks

22
Q

What is the key benefit of a VLAN from a security standpoint?

3-90

A

users with similar data sensitivity levels can be grouped together, and this helps to increase security

23
Q

What is the weakness of PPTP?

3-91

A

The negotiation of the connection is not encrypted.

24
Q
Layer 2 Forwarding.  
What does it provide? 
What does it not provide?  
Where should you NOT use it?
What port does it use?
What transport protocol does it use?

3-91

A
authentication
encryption
WAN
1701
TCP
25
Q

Layer 2 Tunneling Protocol.
Does it provide encryption?
What’s its port?
What’s its transport protocol?

3-91

A

no
1701, same as L2F
UDP

26
Q

SSH.
What port does it use?
What’s its transport protocol?

3-91

A

22

TCP

27
Q

PPTP, L2F, L2TP, SSH, and IPSec. Which one doesn’t belong and why?

3-91

A

IPSec, because unlike the others, it is NOT a tunneling protocol.

28
Q

It is true that NAT can save IP addresses, but what else can it do?

3-93

A

act as a firewall, because its a proxy between your LAN and the hostile Internet

29
Q

Tell me the 3 ranges of private IP addresses.

3-93

A
  1. 0.0.0 - 10.255.255.255
  2. 16.0.0 - 172.31.255.255
  3. 168.0.0 - 192.168.255.255
30
Q

What’s the difference between NAT and PAT?

3-94

A

NAT - more than one public IP address

PAT - only one public IP address

31
Q

What is NAC?

3-95

A

Network Access Control

32
Q

What is the first line of defense in your network?

What are its functions?

3-96

A

firewall

packet filter
proxy firewall
statefull packet inspection firewall

33
Q

How does a packet filter work?

3-97

A

filters traffic bases on the application type

34
Q

You have a proxy firewall. It has 2 NICs in it. This kind of firewall is called what?

3-99

A

dual-homed firewall

35
Q

Tell me the difference between an application level proxy and a circuit level proxy.

3-99

A

circuit level proxy does not deal with the contents of the packet. the application level proxy DOES.

36
Q

What’s the difference between stateless and stateful?

3-100

A

stateful is concerned with where packets came from. stateless does not care about the source.

37
Q

What is the primary device used for connecting two networks together?

3-100

A

router

38
Q

The router that ties your LAN to a WAN is a what?

3-100

A

border router

39
Q

Will network segmentation increase or decrease traffic?

3-101

A

decrease it

40
Q

Will you use switches internally, externally, or both?

3-102

A

internally only

41
Q

In four words, tell me what a load balancer does.

3-103

A

It splits the traffic.

42
Q

What can you use to connect LANs together across the Internet?

3-103

A

a virtual private network

43
Q

What is the encryption system used in VPNs?

3-104

A

IPSec

44
Q

What does a VPN concentrator do?

3-105

A

Creates remote access VPNs

45
Q

Intrusion Detection Systems act a lot like what?

What can it do in the event that the firewall gets compromised?

3-105

A

burglar alarms

disable systems
end sessions
shut down the whole network

46
Q

The process by which the IDS manager makes the operator aware of an alert is what?

3-108

A

notification

47
Q

Tell me 4 different kinds of IDS.

3-109

A

behavior based
signature based
anomaly detection
heuristic

48
Q

Tell me 3 passive response strategies.

3-113

A

logging
notification
shunning

49
Q

Tell me 3 active response strategies.

3-113,114

A

terminating processes or sessions
network configuration changes
deception (send them to the honeypot)

50
Q

You have a host-based IDS. What 3 things will it monitor and what will it not monitor?

3-116

A

machine logs
system events
applications interactions

incoming traffic to the host

51
Q

Tell me 2 problems with HIDS. Tell me 2 benefits.

3-117

A

possibly compromise the system
must be deployed on each system that needs it

keeps checksums on file
can read memory

52
Q

Tell me 4 log files on Linux you should check for indications of an intrusion.

3-117

A

faillog
lastlog
messages
wtmp