Networking

Question 1

HTTP

Answer 1

Hypertext Transfer Protocol
Port 80
TCP
Application Layer

Question 2

HTTPS

Answer 2

Hypertext Transfer Protocol Secure
Port 443
TCP
Application Layer

Question 3

DNS

Answer 3

Domain Name System
Translate domain names to IP addresses
Port 53
UDP for queries
TCP for Zone Transfer
Application Layer

Question 4

DHCP

Answer 4

Dynamic Host Configuration Protocol
Automatically assigns IP addresses
Port 67/68
UDP
Application Layer

Question 5

OSI

Answer 5

Open System Interconnection
Networking framework to implement protocols in layers. It conceptually divides computer network architecture into a logical seven-layer progression.

When network traffic is generated, it is assembled (encapsulated) from the top layer to the bottom layer.
When received, traffic goes through the model in the reverse direction: from bottom to top (decapsulation).

Question 6

OSI Layers

Answer 6

Layer 7 Application
Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical
Encapsulated Layer 7-1 All People Seem To Need Data Processing
Decapsulated Layer 1-7 Please Do Not Throw Sausage Pizza Away

Question 7

Layer 7

Answer 7

Application

Users interact directly with applications that operate at Layer 7. Examples of Layer 7 applications include web browsers such as Google Chrome, Firefox, and Safari, and other applications, such as SSH and FTP.

Question 8

Layer 6

Answer 8

Presentation

Data formatting: encryption and decryption
Ensure data is in useable format

Question 9

Layer 5

Answer 9

Session

Inter-host communication
The session layer is responsible for creating a session between two devices. Controls ports and sessions

Question 10

Layer 4

Answer 10

Transport

Data transmission.
UDP and TCP

Question 11

Layer 3

Answer 11

Network

Decides what path the data will take
Layer 3.
Diagnostic tools, such as ping and tracert, operate in this layer.

Question 12

Layer 2

Answer 12

Data Link

Physical addressing/MAC
Decides format of data.
Switches operate in this layer.

Question 13

Layer 1

Answer 13

Physical

How data is physically sent through the network.
This layer determines how bits are electrically or optically transferred by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire.
Hubs operate in this layer.

Question 14

FTP

Answer 14

File Transfer Protocol

File Transfer protocol is used to transfer files over the network.
For example, the FTP service can be used to transfer files to another device over the
network.
Port 20 data transfer/ 21 authentication
TCP

Question 15

SSH

Answer 15

Secure SHell

Secure SHell is a secure command-line protocol that allows the user to run remote commands on a remote machine.
Any data that passes through SSH is encrypted.
Port 22
TCP

Question 16

TCP/IP

Answer 16

Transmission Control Protocol/Internet Protocol

The model describes how data is exchanged over the Internet, including how data should be divided into packets, addressed, transmitted, routed, and received by the destination.

Question 17

TCP/IP Layers

Answer 17

Layer 4 Application
Layer 3 Transport
Layer 2 Internet
Layer 1 Network Access

Question 18

ipconfig

Answer 18

Displays a computer’s IP configuration

Question 19

Private IP Space

Answer 19

Non-Routable
RFC1918
Class A 10.0.0.0/8
Class B 172.16.0.0/12
Class C 192.168.0.0/16

Question 20

ping

Answer 20

Used to check connectivity between computers over the network.
It also provides information, such as connection speed and reliability.
ICMP is its protocol

Question 21

nslookup

Answer 21

Sends a query to get the name of a computer by its IP address.
It can also do the opposite - query an IP address by the domain name.

Question 22

tracert

Answer 22

Displays all the stations (hops) along the route taken by the information to its
destination.
It can work with a domain name or an IP address

Question 23

netsh

Answer 23

It allows the configuration of the IP address, DNS, default gateway, and various network
functions.

Question 24

TCP 3 way handshake

Answer 24

1. The client sends a SYN
2. The server responds with a SYN-ACK
3. The client finalizes with ACK

Question 25

Segment

Answer 25

A broken piece of a packet with a TCP header in each of them.

Question 26

Frame

Answer 26

The protocol data unit at the data link layer.

Question 27

Packet

Answer 27

A data fraction transmitted over the network layer.

Question 28

UDP

Answer 28

User Datagram Protocol: connectionless protocol. Faster, less strict about data integrity. Doesn't rearrange data packets or check for errors.

Question 29

TCP

Answer 29

Transmission Control Protocol: connection-oriented protocol. High reliability, rearranges data packets in order, detects errors. 3 way handshake

Question 30

RDP

Answer 30

Remote Desktop Protocol TCP Port 3389

Question 31

SMTP

Answer 31

Simple Mail Transfer Protocol Used in sending and receiving email TCP Port 25

Question 32

SMB

Answer 32

Server Message Block A network file sharing protocol that allows applications on a computer to read and write to files TCP Port 445

Question 33

netstat

Answer 33

Provides statistics about all active connections so you can find out which computers or networks a PC is connected to.

Question 34

TFTP

Answer 34

Trivial File Transfer Protocol (TFTP) is a simple lockstep File Transfer Protocol which allows a client to get a file from or put a file onto a remote host. UDP Port 69

Question 35

NTP

Answer 35

Network Time Protocol (NTP) Synchronizes computer clocks UDP Port 123

Question 36

Switch

Answer 36

Designed to forward frames from source to destination according to specific MAC addresses in the Frame. Layer 2 device

Question 37

MAC Address Table

Answer 37

A way to map each and every port to a MAC address. Dynamic- Automatic configured MAC address Static- Manually configured MAC address

Question 38

Store-and-Forward Switch

Answer 38

Buffers the entire frame upon receipt. Checks for errors. Slow

Question 39

Cut-Through Switching

Answer 39

Faster. Only the first 6 bytes of the incoming frame is buffered (MAC address). Forwards immediately. No error checking.

Question 40

Fragment-Free Switching

Answer 40

Buffers the first 64 bytes including MAC address data and the frames payload. Provides partial error checking.

Question 41

Auto-Negotiation

Answer 41

Tells connected devices to announce their capabilities. Bases on the settings, chooses the optimal speed and duplex mode.

Question 42

Cisco IOS

Answer 42

Internetwork Operating System User mode Exec (enable) mode Config term interfaces

Question 43

ARP

Answer 43

Address Resolution Protocol (ARP) Procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN)

Question 44

Telnet

Answer 44

Manage devices from anywhere. Not encrypted TCP Port 23

Question 45

Hexadecimal

Answer 45

0-9 A-F

Question 46

Router

Answer 46

Forwards packets Layer 3 device

Question 47

NAT

Answer 47

Network Address Translation Changes your IP address to a new IP address before sending it to a different network

Question 48

Default Gateway

Answer 48

Routes traffic to and from other networks Used when you want to find an IP that is not on your network

Question 49

Routing Process

Answer 49

Examination Decapsulation Decision-Making Encapsulation Forwarding

Question 50

IPv4

Answer 50

32 bits 4 octets-each 8 bits separated by a .

Question 51

Broadcast

Answer 51

Sent to all devices on network 255.255.255.255 or FF:FF:FF:FF:FF:FF Routers block

Question 52

APIPA

Answer 52

Automatic Private IP Addressing 169.254.0.0/16

Question 53

Loopback Address

Answer 53

127.0.0.0/8 Allow for a device to send and receive its own data packets

Question 54

show ip interface brief

Answer 54

Shows up/down status of your IP interfaces. Displays critical info about a lot of interfaces on one easy to read page

Question 55

show interface

Answer 55

Detailed output of each interface

Question 56

show version

Answer 56

Shows info about your software and hardware

Question 57

show ip route

Answer 57

Shows your routing table

Question 58

show running-config

Answer 58

Tells you how the box is configured right now. Also, "show startup-config" will tell you how the router will be configured after the next reboot

Question 59

show port

Answer 59

Gives you the status of ports on a switch.

Question 60

Static Routing

Answer 60

User enters every network manually Used for Stub Networks & Small Networks

Question 61

Stub Network

Answer 61

Uses 1 router that sends and receives non-local traffic by a single path

Question 62

Class A IP Addresses

Answer 62

1-127 Default Subnet Mask 255.0.0.0

Question 62

Class B IP Addresses

Answer 62

128-191 Default Subnet Mask 255.255.0.0

Question 63

Class C IP Addresses

Answer 63

192-223 Default Subnet Mask 255.255.255.0

Question 64

RIP

Answer 64

Routing Information Protocol Administrative Distance 120 15 max hops Changes the routing table every time In CLI (command line) shown as R

Question 65

OSPF

Answer 65

Open Shortest Path First AD 110 Keeps track of changes in topology Bases metric calculation on the bandwidth of the links along the path to the destination In CLI show as O

Question 66

EIGRP

Answer 66

Enhanced Interior Gateway Routing Protocol AD 90 In CLI it is shown as D

Question 67

Slash Notation /24 /25 /26 /27 /28 /29 /30 /31 /32

Answer 67

/24= 256 255.255.255 /25= 128 255.255.255.128 /26= 64 255.255.255.192 /27= 32 255.255.255.224 /28 16 255.255.255.240 /29= 8 255.255.255.248 /30= 4 255.255.255.252 /31= 2 255.255.255.254 /32= 1 255.255.255.255

Question 68

Static Route

Answer 68

AD 1

Question 69

VLAN Switchport Mode Access

Answer 69

Access ports carry traffic only on the VLAN they belong to.

Question 70

VLAN Switchport Mode Trunk

Answer 70

Carry traffic for different VLANs and devices. Adds a tag so it gets where it needs to go.

Question 71

DTP

Answer 71

Dynamic Truck Protocol Cisco protocol to automate the creation of trunk links. Dynamic Auto- Default, does not negotiate Dynamic Desirable- Actively attempts to change the mode

Question 72

Default VLAN Reserved

Answer 72

VLAN 1 1002-1005

Question 73

Data VLAN

Answer 73

2-1001

Question 74

Syslog

Answer 74

System Logs Standard for logging messages Severity Levels 0 (emergency) 7 (debugging)

Question 75

ACL

Answer 75

Access Control List Configure basic traffic filtering Improve network performance and secure the network 1-99 and 1300-1999

Question 76

Failover Cluster

Answer 76

Method used to back up a network in case of a failure. Acts like a single system Cluster software becomes a single point of failure

Question 77

Load Balancer

Answer 77

Device that distributes traffic across multiple devices.

Question 78

IDS

Answer 78

Intrusion Detection System

Question 79

IPS

Answer 79

Intrusion Prevention System

Question 80

AAA

Answer 80

Authentication, Authorization, Accounting Verify user identity, enforce user permissions, track user activity

Question 81

RADIUS

Answer 81

Remote Authentication Dial-In User Service AAA protocol

Question 82

TACACS+

Answer 82

Terminal Access Controller Access Control System Plus AAA protocol

Question 83

802.1X

Answer 83

Security protocol (port-based network access control) Supplicant: Receives credentials from user and submits to the authenticator Authenticator: Relays credentials received to the authentication server Authentication Server: Validates credentials. Determines level of access

Question 84

EAP

Answer 84

Authentication framework that provides transport for the requests and response parameters

Question 85

CAM Table

Answer 85

Stores MAC addresses on a switch Limited space CAM table flooding makes the switch act like a hub

Question 86

Port Security

Answer 86

Not enabled on switches by default Restricts input to an interface Limits the number of MAC addresses that can access a specific physical port

Question 87

Port Security Violation Modes

Answer 87

Shutdown (default mode) port shuts down automatically-notification sent Restrict - drops frames with unfamiliar source MAC address-notification sent Protect - frames with unknown MAC addresses are dropped-no notification sent

Question 88

Switch Spoofing

Answer 88

VLAN Hopping Manipulates DTP (Dynamic Trunking Protocol) DTP negotiation is enabled by default, even if it runs in access mode

Question 89

Double Tagging

Answer 89

VLAN Hopping Takes advantage of 802.1q tagging process Switch removes the first tag Next switch in line will process the second tag

Question 90

Encoding

Answer 90

Convert to coded form Base64 ends in = or == (padding)

Question 91

Hashing

Answer 91

Consists of character and numbers MD5: 128 big length unique key

Question 92

Salt/Salting

Answer 92

Adding unique characters after a password, before hashing to create a different hash value

Question 93

Pepper/Peppering

Answer 93

Adds unique characters like salting but it is not stored alongside a password hash

Question 94

Rainbow Table

Answer 94

Used for hash cracking Predefined list of hashes Saves time in Brute-Force attacks

Question 95

Symmetric Cipher

Answer 95

Uses the same key to encrypt and decrypt the text

Question 96

Asymmetric Cipher

Answer 96

Uses 2 keys, 1 for encryption and another for decryption

Question 97

Diffie-Hellman

Answer 97

First key-sharing protocol designed to solve the problem of key distribution

Question 98

PKI

Answer 98

Public Key Infrastructure System for creating, storing, and distributing digital certificates

Question 99

Firewall

Answer 99

Monitors and filters network traffic Can be software, hardware, or cloud service

Question 100

Firewall Actions

Answer 100

Accept: Allow traffic to pass through Drop: Blocks packet without notification Reject: Blocks a packet with an error notification

Question 101

Stateless Filtering

Answer 101

Permits or denies packets based on their source or destination IP address and ports

Question 102

Stateful Filtering

Answer 102

Requires the server to store connection states and session information

Question 103

Fail-Open

Answer 103

Allows access even if the device is in a failed state. Availability is more important than security.

Question 104

Fail-Close

Answer 104

Blocks access if the device is in a failed state. Security is more important than availability.

Question 105

SNMP

Answer 105

Simple Network Management Protocol Application layer protocol that allows devices on a network to share info

Question 106

NetFlow

Answer 106

Network monitoring protocol used to collect IP traffic. Eye on performance and resource allocation

Question 107

Nagios

Answer 107

Open-source network monitoring software

Question 108

Packet Inspection Levels

Answer 108

Shallow: Inspects only packet headers Medium: Compares data with a list of specific packet and data format types Deep: Inspects all traffic from a designated IP address

Question 109

Analyst Workflow

Answer 109

1. Review alert and associated rules 2. Gather additional info from the system related to the incident 3. Investigate the alert and its cause 4. Summarize conclusions about alert and recommend the next step

Question 110

AES

Answer 110

Advanced Encryption Standard

Question 111

VPN Protocols

Answer 111

IPsec PPTP L2TP/IPsec

Question 112

CDP

Answer 112

Cisco Discovery Protocol

Question 113

LLDP

Answer 113

Link Layer Discovery Protocol