Domain 4: Communication and Network Security

Question 1

Name the Layers of the TCP/IP Model

Answer 1

• Application
• Transport
• Internet
• Network Access

Question 2

Open standard primarily used within the energy sector for interoperability between various SCADA vendors’ and smart grid applications

Answer 2

Distributed Network Protocol (DNP3)

Question 3

Storage networking that leverages Fibre Channel but is transmitted across standard ethernet networks

Answer 3

Fibre Channel over Ethernet (FCoE)

Question 4

Storage network that leverages existing networking infrastructure and protocols to interface with storage

Answer 4

iSCSI

Question 5

• iSCSI technology

- Provides a way of addressing storage across the network

Answer 5

Logical Unit Numbers (LUNs)

Question 6

• Sends traffic over a radio band

- Uses a number of small frequency channels throughout the band and “hops” through them in pseudorandom order

Answer 6

Frequency-Hopping Spread Spectrum (FHSS)

Question 7

• Sends traffic over a radio band

- Uses the entire band at once, “spreading” the signal throughout the band

Answer 7

Direct-Sequence Spread Spectrum (DSSS)

Question 8

• Sends traffic over a radio band
• Allows simultaneous transmissions to use multiple independent wireless frequencies that do not interfere with each other

Answer 8

Orthogonal Frequency-Division Multiplexing (OFDM)

Question 9

• Wireless Standard
• Top Speed: 2 Mbps
• Frequency: 2.4 GHz

Answer 9

802.11

Question 10

• Wireless Standard
• Top Speed: 11 Mbps
• Frequency: 2.4 GHz

Answer 10

802.11b

Question 11

• Wireless Standard
• Top Speed: 54 Mbps
• Frequency: 2.4 GHz

Answer 11

802.11g

Question 12

• Wireless Standard
• Top Speed: 54 Mbps
• Frequency: 5 GHz

Answer 12

802.11a

Question 13

• Wireless Standard
• Top Speed: 72-600 Mbps
• Frequency: 2.4 GHz / 5 GHz

Answer 13

802.11n

Question 14

• Wireless Standard
• Top Speed: 422 Mbps - 1.3 Gbps
• Frequency: 5 GHz

Answer 14

802.11ac

Question 15

• Wireless security standard
• Early attempt to provide 802.11 wireless security
• Weak new attacks can break key in minutes

Answer 15

WEP

Question 16

• Wireless security standard

- Utilizes RSN which allows changes to cryptographic ciphers as new vulnerabilities are discovered

Answer 16

802.11i

Question 17

• Wireless security standard
• Uses AES encryption for confidentiality
• CCMP for integrity
• aka RSN

Answer 17

WPA2

Question 18

• Wireless security standard
• RC4 encryption for confidentiality
• TKIP for integrity
• Appropriate when AP lacks power to implement full standard

Answer 18

WPA

Question 19

• 802.15 PAN wireless technology
• Operates in 2.4 GHz frequency
• Uses Frequency-Hopping Spread Spectrum (FHSS)
• Sensitive devices should disable automatic discovery by other devices

Answer 19

Bluetooth

Question 20

How can a Bluetooth device be discovered?

Answer 20

• By guessing the MAC address
• First 24 bits are OUI easily guessed
• Last 24 bits can be determined via brute-force attack

Question 21

Technology used to create wirelessly readable tags for animals or objects

Answer 21

RFID

Question 22

What are the 3 types of RFID tags?

Answer 22

Active
Semi Passive
Passive

Question 23

• RFID tag
• Have a battery
• Broadcast a signal

Answer 23

Active RFID tags

Question 24

• RFID tag
• Have a battery
• Rely on RFID reader’s signal for power

Answer 24

Semi Passive RFID tags

Question 25

- RFID tag - Have no battery - Rely on RFID reader’s signal for power

Answer 25

Passive RFID tags

Question 26

Port-based network access control and includes extensible authentication protocol (EAP)

Answer 26

802.1X

Question 27

- Provides authentication at layer 2 before a node receives an IP address - Used both on wired and wireless networks - Client called supplicant

Answer 27

EAP

Question 28

- Type of EAP - Cisco-proprietary alternative to TKIP for WAP - Was developed to address deficiencies in TKIP before 802.11i/WPA2 was ratified as a standard - Significant security flaws should not be used

Answer 28

LEAP

Question 29

- Type of EAP - Uses PKI requiring both server-side and client-side certificates - Establishes a secure TLS tunnel used for authentication

Answer 29

EAP-TLS

Question 30

- Type of EAP - Drops the client-side certificate requirement allowing other authentication methods (i.e. passwords) for client-side authentication

Answer 30

EAP-TTLS

Question 31

- Type of EAP - Developed by Cisco, Microsoft and RSA - Encapsulates EAP methods within a TLS tunnel that provides authentication and potentially encryption - Does not require client-side certificates

Answer 31

PEAP

Question 32

- Prevents collisions on a 802.11 wireless network | - Devices cannot send and receive data simultaneously

Answer 32

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

Question 33

- Prevents collisions on a ethernet network | - Devices can send and receive data simultaneously

Answer 33

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

Question 34

- Enables two 802.11 wireless clients to communicate with one another directly without an AP - i.e. wireless printers, sharing files

Answer 34

Ad hoc mode

Question 35

Wireless clients can only communicate with an AP, not with other clients

Answer 35

Client mode aka Managed mode

Question 36

- Wireless clients use the AP to communicate with other clients - Most commonly used 802.11 wireless mode

Answer 36

Infrastructure mode aka Master mode

Question 37

- Encrypts only HTTP data, not the header allowing it to be sent over TCP port 80 - Uses DES or RC2 for encryption - Supports asymmetric keys, but can be used with only symmetric keys

Answer 37

S-HTTP