Domain 4 - Communications and Network Security

Question 1

SSL (Application – layer 7 )

Answer 1

Two layered: SSL record protocol and handshake protocol. Same as SSH it uses
symmetric encryption for private connections and asymmetric or public key cryptography for peer
authentication

Question 2

SMTP (Application – layer 7 )

Answer 2

Email queuing. Port 25

Question 3

Simple Networking Management Protocol (Application – layer 7 )

Answer 3

Collection of network information by polling the
devices from a management station. Sends out alerts – called traps - to an database called
Management Information Bases (MIBs)

Question 4

Presentation – layer 6

Answer 4

Compression/decompression and encryption/decryption. Uses acommon format to represent data, Standards like JPEG, TIFF, MID, ; Technology: Gateway

Question 5

Session - layer 5

Answer 5

Inter-host communication, logical persistent connection between peer hosts, a conversation, simplex,
half duplex, full duplex. Protocols as NSF, SQL, RADIUS, and RPC. Protocols: PAP, PPTP, RPC NFS SSL/TLS NETBIOS

Question 6

Transport

Answer 6

End-to-end data transfer services and reliability. Technology: Gateways. Segmentation, sequencing,
and error checking at this layer.
Protocols: TCP, UDP, SSL, SSH-2,

Question 7

Fragmentation

Answer 7

– IP will subdivide a packet if its size is greater than the maximum allowed on a local
network

Question 8

Simple Key Management for Internet Protocols

Answer 8

Provides high availability in encrypted

sessions to protect against crashes. Exchanges keys on a session by session basis.

Question 9

ARP, Address resolution protocol

Answer 9

Used to match an IP address to a hardware MAC address. ARP
sends out broadcast to a network node to reply with its hardware address. It stores the address in a
dynamic table for the duration of the session, so ARP requests are only sent the first time

Question 10

FRAMES

Answer 10

Translates data into bits and formats them into data frames with destination header and source
address. Error detection via checksums.

Question 11

Logical Link Control

Answer 11

Flow control and error notification

Question 12

Packet-filtering firewalls (layer 3/4)

Answer 12

Use rules based on a packet’s source, destination, port or other basic information to determine whether or not to allow it into the network

Question 13

Stateful packet filtering firewalls (layer 7)

Answer 13

Have access to information such as; conversation, look

at state table and context of packets; from which to make their decisions.

Question 14

Application Proxy firewalls (layer 7)(3-7 actually)

Answer 14

Which look at content and can involve

authentication and encryption, can be more flexible and secure but also tend to be far slower

Question 15

Circuit level proxy (layer 5)

Answer 15

Looks at header of packet only, protects wide range of protocols and
services than app-level proxy, but as detailed a level of control. Basically once the circuit is allowed all
info is tunneled between the parties. Although firewalls are difficult to configure correctly, they are a
critical component of network security

Question 16

IEEE 802.15

Answer 16

is the standard for Bluetooth

Question 17

IEEE 802.3

Answer 17

Defines Ethernet

Question 18

802.11

Answer 18

Defines wireless

networking

Question 19

802.20 d

Answer 19

Defines LTE

Question 20

Class A network

Answer 20

1 and end at 127

Question 21

Class B

Answer 21

128 and end at 191

Question 22

Class C network

Answer 22

192 and end at 223

Question 23

SSL session key length

Answer 23

40bit to 256 bit

Question 24

Ad hoc Mode

Answer 24

Directly connect two+ clients, no access point

Question 25

Infrastructure Mode

Answer 25

Connects endpoints to a central network, not directly to each other, need access point and wireless clients for IM mode wireless

Question 26

WEP

Answer 26

Predecessor to WPA and WPA2, confidentiality, uses RC4 for encryption,

Question 27

WPA

Answer 27

Uses TKIP for data encryption

Question 28

WPA2

Answer 28

Based on 802.11i, uses AES, key management, reply attack protection, and data integrity, most secure, CCMP included, WPA2 ENTERPRISE Mode - uses RADIUS account lockout if a passwordcracker is used

Question 29

LEAP

Answer 29

Cisco proprietary protocol to handle | problems with TKIP, security issues don’t use. Provides reauthentication but was designed for WEP

Question 30

Fiber Distributed Data Interface (FDDI)

Answer 30

Form of token ring that has second ring that activates on error

Question 31

Frame Relay WAN

Answer 31

Over a public switched network. High Fault tolerance by relaying fault segments to working.

Question 32

SASL

Answer 32

Provides secure LDAP authentication

Question 33

OpenLDAP

Answer 33

default, stores user PW in the clear

Question 34

Client SSL Certificates

Answer 34

Used to identify clients to servers via SSL (client authentication)

Question 35

S/MIME Certificates

Answer 35

Used for signed and encrypted emails, can form sign, and use as part of a SSO solution

Question 36

MOSS

Answer 36

MIME Object Security Services, provides authentication, confidentiality, integrity, and nonrepudiation

Question 37

OAuth

Answer 37

Ability to access resources from another service

Question 38

OpenID

Answer 38

Paired with OAuth is a RESTful, JSON-based authentication protocol can provide identity verification and basic profile information, phishing attack possible by sending fake data

Question 39

Broadband Technologies

Answer 39

ISDN, cable modems, DSL, and T1/T3 lines that can support multiple simultaneous signals. They are analog and not broadcast technologies.

Question 40

CHAP

Answer 40

Challenge-Handshake Authentication Protocol, used by PPP servers to authenticate remote clients. Encrypts username and PW and performs periodic re authentication while connected using techniques to prevent replay attacks

Question 41

CIR – (committed Information Rate)

Answer 41

Minimum bandwidth guarantee provided by service provider to customers

Question 42

Data Streams

Answer 42

Occur at Application, Presentation, and Session layers

Question 43

EAP, Extensible Authentication Protocol

Answer 43

An authentication framework. Effectively, EAP allows for new authentication technologies to be compatible with existing wireless or point-to-point connection technologies, extensible was used for PPP connections

Question 44

FCoE

Answer 44

Fiber Channel Over Ethernet, allows existing high-speed networks to be used to carry storage traffic

Question 45

iSCI

Answer 45

Internet Small Computer Interface, Converged protocol that allows location-independent file services over traditional network technologies. Cost less than Fiber. Standard for linking data storage sites

Question 46

ISDN

Answer 46

PRI (Primary Rate Interface) bandwidth of 1.544 Mbps, faster than BRI’s 144 Kbps

Question 47

MPLS

Answer 47

Multiprotocol Label Switching, high performance networking, uses path labels instead of network addresses, wide area networking protocol, label switching, finds final destination and then labels route for others to follow

Question 48

PAP

Answer 48

Password Authentication Protocol, sends PW unencrypted

Question 49

PEAP

Answer 49

Provides encryption for EAP methods and can provide authentication, does not implement CCMP, encapsulates EAS in a TLS tunnel

Question 50

PPP

Answer 50

Point-to-Point Protocol, most common, used for dial up connections, replaced SLIP

Question 51

RST flag

Answer 51

Used to reset or disconnect a session, resumed by restarting the connection via a new threeway handshake

Question 52

SONET

Answer 52

Protocol for sending multiple optical streams over fiber

Question 53

SYN FLOOD

Answer 53

TCP packets requesting a connection (SYN bit set) are sent to the target network with a spoofed source address. The target responds with a SYN-ACK packet, but the spoofed source never replies. This can quickly overwhelm a system’s resources while waiting for the half-open connections to time out. This causes the system to crash or otherwise become unusable. Counter: sync cookies/proxies, where connections are created later

Question 54

Teardrop

Answer 54

The length and fragmentation offset fields of sequential IP packets are modified, causing the target system to become confused and crash. Uses fragmented packets to target a TCP flaw in how the TCP stack reassembles them.

Question 55

TCP sequence number attack

Answer 55

Intruder tricks target to believe it is connected to a trusted host and then hijacks the session by predicting the targets choice of an initial TCP sequence number.

Question 56

X25

Answer 56

``` Defines point-to-point communication between Data terminal Equipment (DTE) and Data Circuit Terminating Equipment (DCE) ```

Question 57

Frame Relay

Answer 57

High performance WAN protocol designed for use across ISDN interfaces. Is fast but has no error correction, supports multiple PVCs, unlike

Question 58

Synchronous Data Link Control

Answer 58

Works with dedicated leased lines permanent up. Data | link layer of OSI model

Question 59

High-level Data Link Control

Answer 59

extension to SDLC also for mainframes. Uses data | encapsulation on synchronous serial links using frame characters and checksums. Also data link layer

Question 60

High Speed Serial Interface

Answer 60

Defines electrical and physical interfaces to use for DTE/DCE communications. Physical layer of OSI

Question 61

Baseband

Answer 61

only one single channel

Question 62

Broadband

Answer 62

Multiple signal types like data, video, audio

Question 63

Packet filtering routers

Answer 63

Sits between trusted and un-trusted network, sometimes used as boundary router. Uses ACL’s. Protects against standard generic external attacks. Has no user authentication, has minimal auditing

Question 64

Screened-Host firewall system

Answer 64

``` Has both a packet-filter router and a bastion host. Provides both network layer (package filtering) as application layer (proxy) server. ```

Question 65

Dual homed host firewall

Answer 65

Consists of a host with 2 NIC’s. One connected to trusted, one to untrusted. Can thus be used as translator between 2 network types like Ethernet/token ring. Internal routing capabilities must not be enabled to make it impossible to circumvent inspection of data.

Question 66

Screened-subnet firewalls

Answer 66

Has also defined a De-Militarized Zone (DMZ) : a small networkbetween trusted an untrusted.

Question 67

Socks firewall

Answer 67

Every workstation gets some Socks software to reduce overhead

Question 68

TACACS+

Answer 68

Enhanced version with use of two factor authentication, ability to change user password, ability of security tokens to be resynchronized and better audit trails and session accounting

Question 69

Remote | Authentication Dial-In User Service RADIUS

Answer 69

Client/server protocol, often leads to TACACS+. Clients sends their authentication request to a central radius server that contains all of the user authentication and network ACL’s RADIUS does not provide two way authentication, therefore it’s not used for router-to-router authentication. Port 1812. Contains dynamic password and network service access information (Network ACLs) NOT a SSO solution

Question 70

DIAMETER

Answer 70

Remote connectivity using phone wireless etc, more secure than radius, cordless phone signal is rarely encrypted and easily monitored

Question 71

Thinnet

Answer 71

10base2 with coax cables up to 185 meters

Question 72

Thicknet

Answer 72

10Base5, coax up to 500 meters

Question 73

Carrier Sense Multiple Access CSMA

Answer 73

for Ethernet. Workstations send out packet. If it doesn’t get an acknowledgement, it resends

Question 74

CSMA with Collision Detection

Answer 74

Only one host can send at the time, using jamming signals for the rest.

Question 75

PPTP, Point to Point tunneling protocol

Answer 75

* Works at data link layer of OSI * Only one single point-to-point connection per session * Point To Point protocol (PPP) for authentication and tunneling * Dial-up network use * Does not support EAP * Sends initial packets in plaintext

Question 76

L2F, Layer 2 Forwarding

Answer 76

• Cisco developed its own VPN protocol called which is a mutual authentication tunneling mechanism. • L2F does not offer encryption. L2F was not widely deployed and was soon replaced by L2TP. • both operate at layer 2. Both can encapsulate any protoco

Question 77

L2TP, Layer 2 tunneling protocol

Answer 77

* Also in data-link layer of OSI * Single point-to-point connection per session * Dial-up network use * Port 115 * Uses IPsec

Question 78

IPSEC

Answer 78

Operates at Network Layer of OSI • Enables multiple and simultaneous tunnels • Encrypt and authenticate • Built into IPv6 • Network-to-network use • Creates a private, encrypted network via a public network • Encryption for confidentiality and integrity

Question 79

IPSEC tunneled vs transport

Answer 79

* transport: data is encrypted header is not | * tunneled: new uses rc6; IP header is added, old IP header and data is encrypted

Question 80

TLS – Transport Layer Security

Answer 80

• Encrypt and protect transactions to prevent sniffing while data is in transit along with VPN and IPsec • most effective control against session hijacking • ephemeral session key is used to encrypt the actual content of communications between a web server and client • TLS - MOST CURRENT not SSL!!

Question 81

PVC

Answer 81

Permanent virtual circuits, is like a dedicated leased line; the logical circuit always exists and is waiting for the customer to send data. Like a walkie-talkie

Question 82

SVC

Answer 82

Switched virtual circuit, is more like a shortwave or ham radio. You must tune the transmitter and receiver to a new frequency every time you want to communicate with someone

Question 83

IP-sec compatible | • Encryption via Tunnel mode

Answer 83

Entire data package encrypted)

Question 84

IP-sec compatible - Transport mode

Answer 84

Only datagram encrypted

Question 85

Socks-based proxy servers

Answer 85

Used to reach the internal network from the outside. Also contains strong encryption and authentication methods

Question 86

.ESP Header

Answer 86

contains information showing which security association to use and the packet sequence number. Like the AH, the ESP sequences every packet to thwart replay attacks

Question 87

ESP Payload

Answer 87

Payload

Question 88

FHSS

Answer 88

Frequency Hopping Spread Spectrum, The entire range of available frequencies is employed, but only one frequency at a time is used.

Question 89

DSSS

Answer 89

Direct Sequence Spread Spectrum, employs all the available frequencies simultaneously in parallel. This provides a higher rate of data throughput than FHSS. DSSS also uses a special encoding mechanism known as chipping code to allow a receiver to reconstruct data even if parts of the signal were distorted because of interference.

Question 90

OFDM

Answer 90

Orthogonal Frequency-Division Multiplexing, employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. The modulated signals are perpendicular and thus do not cause interference with each other.

Question 91

T1

Answer 91

1,5 Mbps through telephone line

Question 92

T3

Answer 92

44,7 Mbps through telephone line

Question 93

E1

Answer 93

European 2048 Mbps digital transmission

Question 94

• Serial Line IP (SLIP)

Answer 94

TCP/IP over slow interfaces to communicate with external hosts (Berkley UNIX, windows NT RAS), no authentication, supports only half-duplex communications, no error detection, manual link establishment and teardown

Question 95

Point to Point protocol (PPP)

Answer 95

Improvement on slip, adds login, password and error (by CHAP and PAP) and error correction. Data link.

Question 96

Integrated Services Digital Network

Answer 96

Combination of digital telephony and data transports. | Overtaken by xDSL, not all useable due to “D Channel” used for call management not data

Question 97

xDSL Digital subscriber Line

Answer 97

- uses telephone to transport high bandwidth data to remote subscribers

Question 98

ADSL

Answer 98

Asymmetric. More downstream bandwidth up to 18,000 feet over single copper cable pair

Question 99

SDSL

Answer 99

Symmetric up to 10,000 feet over single copper cable pair

Question 100

HDSL

Answer 100

High Rate T1 speed over two copper cable pairs up to 12,000 feet

Question 101

VDSL

Answer 101

Very High speed 13-52MBps down, 1,5-2,3 Mbps upstream over a single copper pair over 1,000 to 4,500 feet

Question 102

Circuit-switched networks

Answer 102

There must be a dedicated physical circuit path exist during transmission. The right choice for networks that have to communicate constantly. Typically for a telephone company network Voice oriented. Sensitive to loss of connection

Question 103

Packet-switched networks

Answer 103

More cost effective than | circuit switching because it creates virtual circuits only when they are needed.