Networking

Question 1

What is the OSI model used for?

Answer 1

To standardize network communication across seven layers, from physical to application.

Question 2

Name the 7 layers of the OSI model.

Answer 2

Physical, Data Link, Network, Transport, Session, Presentation, Application.

Question 3

What protocol is used for assigning IP addresses dynamically?

Answer 3

DHCP (Dynamic Host Configuration Protocol).

Question 4

What is the function of ARP?

Answer 4

ARP maps IP addresses to MAC addresses on a local network.

Question 5

What does DNS do in a network?

Answer 5

Resolves domain names (like google.com) into IP addresses.

Question 5

What is a subnet mask?

Answer 5

A value that defines the network and host portions of an IP address.

Question 6

What is the difference between a public and private IP address?

Answer 6

Public IPs are routable on the internet; private IPs are used internally and are non-routable.

Question 7

What is a default gateway?

Answer 7

A device (usually a router) that connects local devices to external networks.

Question 8

What is NAT (Network Address Translation)?

Answer 8

A method of remapping private IP addresses to a public IP address for internet access.

Question 9

What command is used to view IP address configuration on Windows?

Answer 9

ipconfig

Question 9

What is the difference between TCP and UDP?

Answer 9

TCP is connection-oriented and reliable; UDP is faster but connectionless and less reliable.

Question 10

What port does HTTP use?

Answer 10

Port 80 (TCP).

Question 10

What port does HTTPS use?

Answer 10

Port 443 (TCP).

Question 11

What port does DNS typically use?

Answer 11

Port 53 (UDP, sometimes TCP for zone transfers).

Question 12

What is the role of port 22?

Answer 12

Used by SSH (Secure Shell) for secure remote access.

Question 13

What does a network packet contain?

Answer 13

Header (source, destination, protocol info) and payload (data).

Question 14

What is lateral movement in network security?

Answer 14

Movement from one host to another within a network after initial access.

Question 15

What is packet sniffing?

Answer 15

Capturing network packets to analyze traffic (e.g., with Wireshark or tcpdump).

Question 16

What is beaconing behavior in network traffic?

Answer 16

Repeated outbound communication attempts to an external server (often for C2).

Question 17

What is a SYN flood attack?

Answer 17

A DoS attack where a target is overwhelmed with TCP connection requests.

Question 18

What is the primary purpose of a firewall?

Answer 18

To allow or block traffic based on predefined security rules.

Question 19

What is the function of a proxy server?

Answer 19

Acts as an intermediary between client and server, often used for filtering and caching.

Question 20

What is a DMZ in networking?

Answer 20

A demilitarized zone that separates internal networks from untrusted external networks.

Question 21

What is VLAN segmentation?

Answer 21

Logical separation of networks at the switch level for better security and management.

Question 22

What is the difference between ingress and egress traffic?

Answer 22

Ingress is inbound to a network; egress is outbound from a network.

Question 23

What is abnormal traffic on port 445 usually indicative of?

Answer 23

Possible SMB-based attacks, like EternalBlue (used in WannaCry).

Question 24

What is a reverse shell in network terms?

Answer 24

A connection initiated from the victim to the attacker’s server, providing remote access.

Question 25

What can excessive DNS queries from one host indicate?

Answer 25

Possible data exfiltration or malware beaconing.

Question 26

What is ICMP used for?

Answer 26

Sending diagnostic information like ping and traceroute.

Question 27

How do SOC analysts use netflow or PCAP data?

Answer 27

To analyze traffic patterns, detect anomalies, and investigate security incidents.

Question 28

What is the primary function of a Web Server?

Answer 28

To host and deliver web content over HTTP or HTTPS.

Question 28

What does a DNS Server do?

Answer 28

Resolves domain names into IP addresses.

Question 29

What is an SMTP Server used for?

Answer 29

Sending outgoing emails.

Question 30

What is the role of a POP3/IMAP Server?

Answer 30

Receiving and storing emails for client access.

Question 31

What is an FTP Server used for?

Answer 31

Transferring files between systems over the network.

Question 32

What does a DHCP Server provide?

Answer 32

Dynamically assigns IP addresses to devices on a network.

Question 33

What is the role of a Database Server?

Answer 33

Stores, manages, and serves data to other systems or apps.

Question 34

What is a Proxy Server used for?

Answer 34

Intermediates between client and internet to cache/filter requests.

Question 35

What is a File Server?

Answer 35

Provides centralized storage and access to files for users and systems.

Question 36

What does a Domain Controller do?

Answer 36

Authenticates and authorizes users in a Windows Active Directory environment.

Question 37

What is an Application Server?

Answer 37

Hosts and runs specific applications for client use.

Question 38

What does a RADIUS Server do?

Answer 38

Provides centralized Authentication, Authorization, and Accounting (AAA) services.

Question 39

What is the role of an NTP Server?

Answer 39

Synchronizes the clocks of systems over the network.

Question 40

What is a Mail Relay Server?

Answer 40

Forwards email between mail servers or domains.

Question 41

What is a SIEM Server?

Answer 41

Collects, correlates, and analyzes logs from various sources for security monitoring.

Question 42

What port does SSH use?

Answer 42

Port 22 (TCP)

Question 43

Which port is used by FTP (data transfer)?

Answer 43

Port 20 (TCP)

Question 44

What port does FTP (control command) use?

Answer 44

Port 21 (TCP)

Question 45

Which port is used for SMTP?

Answer 45

Port 25 (TCP)

Question 46

What port is used for DNS?

Answer 46

Port 53 (UDP/TCP)

Question 47

Which port is used for HTTP?

Answer 47

Port 80 (TCP)

Question 48

What port is used for HTTPS?

Answer 48

Port 443 (TCP)

Question 49

What port is used for POP3?

Answer 49

Port 110 (TCP)

Question 50

What port is used for IMAP?

Answer 50

Port 143 (TCP)

Question 51

What port does SMB use?

Answer 51

Port 445 (TCP)

Question 52

What port is commonly used for RDP?

Answer 52

Port 3389 (TCP)

Question 53

What is a Man-in-the-Middle (MitM) Attack?

Answer 53

An attacker intercepts and possibly alters communication between two parties.

Question 54

What is a DDoS Attack?

Answer 54

A Distributed Denial of Service attack overwhelms a server or service with traffic from multiple sources.

Question 54

What port is used by LDAP?

Answer 54

Port 389 (TCP/UDP)

Question 55

What is ARP Spoofing?

Answer 55

A technique where an attacker sends fake ARP messages to associate their MAC address with another device’s IP.

Question 56

What is a DNS Poisoning Attack?

Answer 56

Corrupting the DNS cache to redirect traffic to malicious sites.

Question 57

What is IP Spoofing?

Answer 57

Sending packets with a forged source IP to masquerade as a trusted system.

Question 58

What is a Ping of Death?

Answer 58

Sending malformed or oversized packets to crash or disrupt a target system.

Question 59

What is a TCP SYN Flood Attack?

Answer 59

An attacker sends many TCP SYN packets to exhaust server resources.

Question 60

What is Port Scanning?

Answer 60

A technique to discover open ports and services on a system.

Question 61

What is a Replay Attack?

Answer 61

An attacker captures legitimate data and resends it to trick the recipient.

Question 62

What is Packet Sniffing?

Answer 62

Capturing and analyzing network traffic, often used in MitM attacks.

Question 63

What is DNS Tunneling?

Answer 63

A method of data exfiltration or command/control using DNS protocol.

Question 64

What is a Zero-Day Attack?

Answer 64

An attack that exploits a vulnerability before the vendor has patched it.

Question 65

What is Lateral Movement in a network attack?

Answer 65

The technique used by attackers to move from one compromised host to others within a network.