Part 2

Question 1

What are networking devices that forward, filter, and flood packets between networks?

Answer 1

Routers

Question 2

What is the feasibility of a path?

Answer 2

Cost

Question 3

What is the first line of defense for the network?

Answer 3

Routers

Question 4

What measures the distance based on number of networks a packet transverses?

Answer 4

Hop

Question 5

What measures amount of bits per second capacity of each link in packet’s path?

Answer 5

Bandwidth

Question 6

What measures amount of microseconds that the routers within the path take to process, queue, and transmit packets?

Answer 6

Delay

Question 7

What measures the amount of attached links, link failures, errors, and lost packets, within the path?

Answer 7

Reliability

Question 8

What exchange routing information from WAN to WAN?

Answer 8

Exterior Gateway Protocols

Question 9

What is a link state routing protocol that calculates the shortest path to all destinations by lowest cost?

Answer 9

OSPF

Question 10

What determines the path by using a combination of distance, or cost of reaching a destination, and the vector (interface that the traffic from which it will be forwarded) distance uses hop count as metric variable work by having each node share routing table information with its neighbors

Answer 10

Distance Vector Protocols

Question 11

What is the original distance vector routing protocol used on smaller networks 15 hops or less?

Answer 11

Routing Information Protocol (RIP)

Question 12

What is an upgraded version of the original distance vector protocol that includes additional information carried in RIP messages and the addition of security measures?

Answer 12

RIP version 2

Question 13

What is the most commkn hybrid protocol?

Answer 13

EIGRP - Enhanced Intererior Gateway Protocol

Question 14

What is a Exterior Gateway Protcol that provides interdomian routing between autonomous systems (ASs)?

Answer 14

Border Gateway Protocol (BGP)

Question 15

What is an EXEC command used to display information about open Telnet or rlogin connections?

Answer 15

Show sessions

Question 16

What are three modes for Port Security?

Answer 16

Protect mode
Restrict mode
Shutdown mode

Question 17

What is propriety protocol that can only be used with other cisco routers and switches?

Answer 17

Cisco Discovery Protocol CDP

Question 18

What allows ping and is vulnerable to DDOS attacks?

Answer 18

ICMP

Question 19

What allows router to inform hosts of subnet mask information for a particular network segment?

Answer 19

ICMP Mask Reply

Most cisco routers are set by default to not send ICMP mask replies but explicitly using this setting in the config file alleviates doubt and makes auditing the router easier

No ip mask-reply

Question 20

What are 4 default TCP and UDP services enabled (Small servers)?

Answer 20

Echo
Chargen
Discard
Daytime

No service tcp-small-services
No service udp-small-services

Question 21

What ensures timely detection of connection failures by monitoring TCP sessions and helps prevent DOS attacks that are aimed at maxing out available VTP lines with fraudlent sessions?

Answer 21

Keep alives

Service tcp-keepalives -in

Enables this service

Question 22

Where can I find router config help commands

Answer 22

Share drive routeracl.txt

Question 23

What kind of ACLs are used in the fleet?

Answer 23

Extended

Question 24

What are a group of statrments that define the handling of network packets?

Answer 24

ACLs

Question 25

What do ACLs consist of?

Answer 25

Entering the inbound router
Being relayed through the router
Exiting the outbound router interface

Question 26

What provides packet filtering for routers and firewalls to protect internal networks from internet and unprotected networks?

Answer 26

ACLs

Question 27

What are parsed in sequential or logical form in order from top to bottom?

Answer 27

ACLs

Question 28

What mode is an ACL created in?

Answer 28

Global Configuration Mode

Question 29

What type of ACL is placed closest to the source of traffic?

Answer 29

Extended

Question 30

What type of ACL is placed closest to the target?

Answer 30

Standard

Question 31

What range is a Standard ACL?

Answer 31

1-99

1300-1999

Question 32

What range is an extended ACL?

Answer 32

100-199

2000-2699

Question 33

What are the classes of networks?

Answer 33

A - 1-126
B - 128-191
C - 192-223
D - 224-239
E - 240-255

Question 34

What is the inverse of a subnet mask?

Answer 34

Wild card which indicates what part of the network is available.

Question 35

How many TNOSCs are there?

Answer 35

3
Yokosuka
Naples
Bahrain

Question 36

How many Local Network Service Centers (LNSCs)?

Answer 36

11

Asia and Europe

Question 37

What services does the FLTNOC provide?

Answer 37

Email
Web Cache
Domain Name Service
File Transfer Protocol
Back Up and Restore
Noc to Noc N2N fail over
DISN Defense Information Security Network

Question 38

Severity code 1 for securing virtualization means what?

Answer 38

Someone or something has immediate access to the machine

Question 39

Severity code 2 for securing vitualization means what?

Answer 39

There is a high potential of allowing access to an intruder

Question 40

Severity code 3 for securing virtual infrastructure means what?

Answer 40

Information has been found that there is a potential leading to a comprimise

Question 41

Where is NCDOC based?

Answer 41

Suffolk

Question 42

What is the Navy’s Cyber Security Service Provider?

Answer 42

NCDOC

Question 43

What manages the roll up of sensory data throughout the fleet including ships, submarimes, and other shore activities?

Answer 43

NCDOC

Question 44

What provides CND for secure DISN connectivity?

Answer 44

NCDOC

Question 45

What partitions the server’s physical resources?

Answer 45

VMKernel Resource Manager

Question 46

What is refered to as a hypervisor?

Answer 46

Virtual Machine Monitor

Question 47

What is the core vSphere OS?

Answer 47

VMKernel

Question 48

What is INFOCON 1?

Answer 48

Security baseline must be re established every 15 days and off line drills conducted every 15 days

Question 49

What is INFOCON 2?

Answer 49

Security baseline must be re established every 30 days and off line drills conducted every 15 days

Question 50

What is INFOCON 3?

Answer 50

Security baseline must be re established every 60 days and off line drills conducted every 30 days

Question 51

What is INFOCON 4?

Answer 51

Security baseline must be re established every 90 days and off line drills conducted every 60 days

Question 52

What is INFOCON 5?

Answer 52

Normal operations

Question 53

What does RADIUS protocol stand for?

Answer 53

Remote
Access
Dial 
In
User
Service 

protocols sent to AAA server for log generation

Question 54

What are Audit trials used for?

Answer 54

Evidence and non repudiation

Question 55

What checks the source address of routed IP packets and compares it against the statement defining the ACL?

Answer 55

Standard ACL

Question 56

What gives permit or deny access for entire protocol suite (e.g. IP) based on network(s), subnet, or host addresses?

Answer 56

Standard ACL

Question 57

What is aethod used to reduce the number of entries in an ACL and can create ACL and apply to all 16 IP subnets but must be in sequential order?

Answer 57

ACL summarizarion

Question 58

What is used to handle synchronization of time and ensures captured logs are accurate?

Answer 58

Network Time Protocol - NTP

Question 59

What are three types of logs on Cisco routers?

Answer 59

AAA
SNMP
System

Question 60

What are the severuty codes for Cisco Logs?

Answer 60

0- emergency
1-alerts
2-critical
3-errors 
4-warnings
5-notifications 
6-informational 
7-debugging

Question 61

What are the 5 different ways you can view logs?

Answer 61

Console logging
Terminal line logging
Buffered logging
Syslog logging 
SNMP Trap Logging

Question 62

Cisco routers timestamp must be explicitly turned on

Answer 62

service timestamp log date msec local show time-zone

/etc/syslog.conf
1 set
Set host

Question 63

What is a routers first line of defense?

Answer 63

Physical security
Remote access should be limited to authenticated logins or disabled. If you have disabled remote logins, the connection should be refused.

Question 64

What are the two types of Firewall policies?

Answer 64

Hardware

Software

Question 65

What is the most common and effective way to implemement a security domain (protected domain)?

Answer 65

Place a firewall at the boundary

Question 66

What type of firewalls are layer 2 and function at the Network Access layers and monitor Network layer traffic also called “bridging” because it acts as a filtering bridge between data link and network layers?

Answer 66

Transparent firewalls

Question 67

What type of firewalls operate on the Application layer of the TCP/IP model session layer on the osi model where traffic flows from the internal host to the circuit level firewall before it is permitted or denied?

Answer 67

Circuit Layer Firewall

Question 68

What type of firewall is based on packet header at the Network and Transport layer?

Answer 68

Stateless firewall

Question 69

What type of firewall keeps track of individual connections by maintaining a state table for each connection?

Answer 69

Stateful firewall

Question 70

What allows all traffic to pass through except if its explicitly blocked?

Answer 70

Permissive

Question 71

What restricts all traffic unless its explicitly allowed?

Answer 71

Restrictive

Question 72

What is a networks first line of defense to protect against external threats for an organizations network, that filters and forwards traffic?

Answer 72

Firewalls

Question 73

What filters information based on network, transport, and application layers and can monitor and filter application data based on a list of accessed websites and can provide detailed logging including “when”, “what”, and “who” data

Answer 73

Application Layer Gateway (Proxy Servers)

Question 74

What is the Juniper OS called?

Answer 74

Junos

Powers most Juniper Network routing and switching appliances similar to unix and linux

Question 75

What are permission sets referred to as?

Answer 75

User Login Classes

Question 76

What are 4 predefined classes and their permission bit sets?

Answer 76

Operator -clear, network, reset, trace, view
Read only - view
Super-user and superuser -all
Unauthorized - none

Question 77

What mode allows the administrator to view and edit configuation changes?

Answer 77

Configuration mode

Question 78

Root>edit system
Root@# set host-name vella
Root@#commit
Vella@#

Answer 78

Changing router name juniper

Question 79

What is an older network protocol that ensures loop free topology for any bridged ethernet local area network

Answer 79

Spanning tree protocol
Rstp
Vstp

Question 80

How often does NCDOC release IP block lists and dns black hole lists

Answer 80

Quarterly

Question 81

What commands do you use to troubleshoot router connectivity problems network layer

Answer 81

Nslook up

Dig

Question 82

Where are the routers startup config file stored?

Answer 82

Onboard nvram

Question 83

What are 3 critera for each request?

Answer 83

1. Source and destination burb
2. Source and destination network object
3. Type of connection agent

Question 84

What is a juniper firewall product that provides deep inspection of traffic at network and application layers

Answer 84

Netscreen

Question 85

What system offers self defense fot computer networks by implementing security to allow, deny, and filter network traffic?

Answer 85

Macafee Firewall Enterprise

Question 86

What are two types of policies

Answer 86

Intra zone traffic traverse

Inter zone traffic ttaverse between different zones

Question 87

What is a highly scalable ranging the low range model through content filtering

Answer 87

Pix 500 series firewall

Question 88

Once macAfee is installed it is a component of HIPS
Host based security scan
Hbss

Answer 88

Yes.

Question 89

Ship networks have ISA server zone to act as proxy server functions as a immediary between interior and exterior networks

Answer 89

Proxy Servers

Question 90

Firewalls rules:
Allow by default
Deny by default

Answer 90

Permits all services unless explicitly denied

Denies all services unless permitted

Question 91

When explicit internal or external ip addresses / ports or entire protocols are to be blocked a denial exception rule is created and not relying on deny by default rule

Answer 91

Yes

Question 92

What contains specific information including IPs, DOAs, protocols?

Answer 92

ISA firewall policies

*System created rules cannot be disabled *

Question 93

What are initially implemented during installation and configuration of the isa server?

Answer 93

ISA firewall rules

*Any changes must be put forth by a FAM or SPAWAR *

Question 94

What exist at outer boundaries of the network and are therefore vulnerable to attack?

Answer 94

Firewalls

Question 95

What blocks, deflects, and mitigates attacks before they make it to the LAN?

Answer 95

Firewalls

Question 96

What do we call people who use readily available tools from the internet?

Answer 96

Script kiddies

Question 97

What are 3 ways to find unnecessary running programs or services?

Answer 97

Netstat -a
TCP utility program that is used to display network port connection status

Nessus - approved navy scanning tool which can perform an external port scan to identify active or listening ports

Isof-ia
A public domian program which lists all open files and their resource usage

Question 98

System admins conduct pen testing to ensure there are no holes in the firewall by

Answer 98

Ensuring rules and rule sets adhere to Navy security policy and they are in proper sequence

Conduct a port scan to verify that all unnnecessary ports and services are disabled

Question 99

What provides evidence, problem diagnosis, security information, intrustion detection, audits and response to critical events and troubleshooting?

Answer 99

Logging

Question 100

What contains basic information such as:
Service/ application
Port 
Protocol - the protocol used for the communication
Destination and source IP

Answer 100

Log files

Question 101

What operates based on a set of configuarable rules most general rules most specific at top “allow”
Top down

Answer 101

HIPS

Question 102

What are 3 types of iSA server logs?

Answer 102

Packet filtering log- dropped packets
Firewall log- traffic handled, ip, ports, protocols
Web Proxy Log- primary log used, web usage pull trend

Question 103

What provides administrators a log of configuration changes made to the isa server?

When reviewing alerts you must perform log anaysis to determine if an actual event has occured

Answer 103

ISA Server Change Tracking

Question 104

What is useful for determining what is communicating over the internet and how it is being accessed?

Answer 104

Application Usage Log

Question 105

What provides an overall picture of traffic flowing through the ISA server?

Answer 105

Traffic and utilization reports

Question 106

What draws from all service logs, packet filter, web proxy, and firewall service?

Answer 106

Security Reports

Question 107

What could indicate unauthorized traffic is being passed and host might be infected?

Answer 107

If a user shows up high on dropped packets often

Question 108

AAA framework provides access to assets in a controlled manner by 3 ways:

Answer 108

Authentication
Authroization
Accounting

Question 109

What is typically a human but can be an application or service?

Answer 109

User

Question 110

How does AAA assign accountability

Answer 110

GUID SSID assigned user serialized security identifier to track an account

Question 111

What are framework services that provide for distribution control tracking and destruction of pki?

Answer 111

NCVI

Question 112

Navy

Answer 112

NCVI, Cisco ACS, Microsoft IAS

Question 113

What is a public key or digital signature electronic document that contains a users identity, a public key, a validity period and issuing security authority in the Navys case a DOD Certificate Authority

Answer 113

What is a credential / certificate

Question 114

What is the process of determining whether an already identified and authenicated user is allowed to access information resources in a specific way

Answer 114

CA

Raduis

Question 115

Microsoft IAS server

Answer 115

Provides the RADIUS solution required to authenicate users on both the cisco routers and alcatel switch infrastructure

IAS will leverage the COMPOSE Domain Active Directory database for user validation

Impersonation- run as administrator

Question 116

What is when a user is who they claim to be?

Answer 116

Authentication

Question 117

What is evidence given by a user attempting to verify an identity?

Answer 117

Credential

Question 118

What is the process of providing an entity’s user identification to the security system?

Answer 118

Identification

Question 119

What is a CA

Answer 119

Party in authentication process that stores the user credentials and provides the mechansizm

Question 120

In defualt state also sends conplete username and password in clear txt

Answer 120

Pop3

Question 121

3 types of proof

Answer 121

Knowledge
Possession
Inheritance

Question 122

Whats also called a security database?

Answer 122

Security Authority

Question 123

What is an electronic document that uses a digital signature to bind a public key with an identity?

Answer 123

Certificate

Question 124

What is an organization or system that creates, distributes, stores, and validates digitally created signatures and identity information about machines, individuals, and services?

Answer 124

CA

Question 125

Downfalls of 3 factor identification?

Answer 125

Cost, reducing accountability

Question 126

What is the process by which both requestor and target entity must fully identify themselves before communication or access is allowed?

Answer 126

Mutual Authentication

Online banking

Question 127

3 types of role based security modern access control

Answer 127

MAC
RBAC
DAC

Question 128

What is a group that a user is assigned

Answer 128

Role

Question 129

If what fills up, and the system is unable to record the monitoring info for unauthorized activities it should not continue operating but should default to safe/secure posture pending proper retrieval / storage / archive of audit data

Answer 129

Audit log

Question 130

What should be reviewed weekly at a minimum per secnav m 52101.1 chapter 2

Answer 130

Audit trail logs or summary reports

Question 131

Why do we need two Intel Security Firewall Enterprise units

Answer 131

Load balancing

High availability

Question 132

How can you access FECC

Answer 132

Only from authorized SOC workstations

Question 133

System Audit logging must be enabled where?

Answer 133

In the devices global configuration and in each virtual domain

Question 134

What is an enterprise class management tool for creating and applying security policies across multiple firewalls?

Answer 134

Intel Security FECC

Question 135

A VPN protocol that allows for both authentication and encryption of IP packets

Answer 135

IP Sec Policy

Question 136

What can create host to host and site to site VPNs, allowing for secure communications over an encrypted medium?

Answer 136

IP Sec Policy

Question 137

What is a robust encryption that uses policy to determine “interesting” traffic

Answer 137

IP Sec Policy

Question 138

What traffic does not traverse IPSEC Tunnels

Answer 138

Broadcast

Question 139

What is hosted on a seperate physical DELL server running RHEL 6

Answer 139

LRS

Log retention server

Question 140

What cannot easily provide Quality of Service for video and voice communications or multi gigabit speeds due to processing requirements?

Answer 140

VPNs

Question 141

What is a solution for secure network connectivity between NCDOC, ONE NET, and IT21 using Internet Protocol Secure Virtual Private Network?

Answer 141

Global Out of Bound OMG

Question 142

What is used to copy logs and changes to log files from the LogLogic applicance to the LRS?

Answer 142

RSYNC
RSYNC is an open protocol widely supported across many platforms. The protocol only copies changes which greatly minimizes the amount of data travelling over the network.

Question 143

What wireless IEEE authentication framework was originally for wired networks and provides port based network access?

Answer 143

802.11x series

Question 144

What functions in 2 layers
Base layer TKIP
Countermode CBC MAC (CCMP) and allows data privacy integrity and authentication?

Answer 144

WPA2
802.11i
Surpasses previously mentioned wpa standards and utilizes Authentication Encryption Standard (AES)

Question 145

What is an encryption and authentication standard utilizing dynamic encryption by key generation?

Answer 145

WPA

Question 146

What does not provide an authentication method or mechanism?

Answer 146

WEP

Question 147

What has these two benifits:
Only the trusted systems can resolve all internal system names
External users can resolve only information that external sites require for specific reasons

Answer 147

Split DNS

Question 148

What allows the service to run as a dedicated user instead of the root or super user account?

Answer 148

Chuser

Question 149

What associates to access points by SSID not by IP or MAC Address of the access point?

Answer 149

Wireless Devices

Question 150

What have multiple advantages such as ease of installation, configuration, flexibility, scalability and mobility?

Answer 150

WLANs

Question 151

What type of attack uses a MAC of an unauthorized device is changed to the MAC of a legitimate wireless device allowing it to bypass MAC filtering?

Answer 151

Impersonation Attack