Section 4: Ports and Protocols

Question 1

What is the primary function of a network port?

Answer 1

To serve as a logical endpoint for communications, directing network traffic to the correct application or service on a computer.

Question 2

What are the three ranges of network ports and their corresponding numbers?

Answer 2

1. Well-Known Ports (0-1,023), 2. Registered Ports (1,024-49,151), and 3. Dynamic/Ephemeral Ports (49,152-65,535).

Question 3

Which organization is responsible for assigning and managing registered ports?

Answer 3

The Internet Assigned Numbers Authority (IANA).

Question 4

If a client computer connects to a web server, what type of port does the client use for its side of the communication?

Answer 4

A dynamic or ephemeral port (from the range 49,152-65,535).

Question 5

What is the total number of available network ports?

Answer 5

65,536 (from 0 to 65,535).

Question 6

What are the three defining characteristics of TCP?

Answer 6

It is connection-oriented, reliable, and provides flow control.

Question 7

What are the three steps of the TCP three-way handshake?

Answer 7

1. SYN (Synchronize), 2. SYN-ACK (Synchronize-Acknowledge), 3. ACK (Acknowledge).

Question 8

How does TCP ensure the reliable delivery of data packets?

Answer 8

By using sequence numbers to track packets and acknowledgments (ACKs) to confirm their receipt. It retransmits any unacknowledged packets.

Question 9

What mechanism does TCP use for flow control to avoid overwhelming a receiver?

Answer 9

Windowing.

Question 10

At which layer of the OSI model does TCP operate?

Answer 10

Layer 4, the Transport Layer.

Question 11

Why is UDP considered a ‘connectionless’ protocol?

Answer 11

Because it does not establish a formal connection (like a three-way handshake) before sending data.

Question 12

What are the main advantages of using UDP over TCP?

Answer 12

Speed and low overhead, as it does not have the reliability and ordering checks of TCP.

Question 13

What are some common applications that use UDP and why?

Answer 13

Streaming media, online gaming, and VoIP. These applications prioritize speed and can tolerate minor packet loss.

Question 14

What does it mean that UDP is a ‘stateless’ or ‘fire-and-forget’ protocol?

Answer 14

It does not track the state of the connection or whether packets have been successfully delivered.

Question 15

How does UDP’s header size compare to TCP’s header size?

Answer 15

UDP’s header is much smaller (8 bytes) than TCP’s header (20-60 bytes), contributing to its speed.

Question 16

At which layer of the OSI model does UDP operate?

Answer 16

Layer 4, the Transport Layer.

Question 17

What is the primary purpose of ICMP?

Answer 17

To send error messages and operational information about network conditions, primarily for diagnostics and control.

Question 18

What does ICMP stand for?

Answer 18

Internet Control Message Protocol.

Question 19

What are the two most common network utilities that use ICMP?

Answer 19

ping and traceroute (or tracert).

Question 20

Why might a network administrator choose to block ICMP traffic at the firewall?

Answer 20

To prevent network reconnaissance (like ping sweeps) and protect against ICMP-based denial-of-service attacks.

Question 21

What is an ICMP Flood Attack?

Answer 21

A denial-of-service attack where the target is overwhelmed with a large number of ICMP Echo Request (ping) packets.

Question 22

At which layer of the OSI model does ICMP operate?

Answer 22

Layer 3, the Network Layer.

Question 23

What port does HTTP use?

Answer 23

Port 80.

Question 24

Is HTTP secure?

Answer 24

No, all data is sent in unencrypted plain text.

Question 25

What port does HTTPS use?

Answer 25

Port 443.

Question 26

What protocol uses port 443?

Answer 26

HTTPS (Hypertext Transfer Protocol Secure).

Question 27

What technology does HTTPS use to secure communications?

Answer 27

Transport Layer Security (TLS), which superseded Secure Sockets Layer (SSL).

Question 28

Why should you avoid entering passwords or credit card numbers on a page that uses HTTP?

Answer 28

Because the data is unencrypted and can be easily intercepted and read by attackers.

Question 29

What visual cues in a web browser indicate that a connection is using HTTPS?

Answer 29

The URL starts with https:// and there is a padlock icon in the address bar.

Question 30

Which protocol is used exclusively for sending email?

Answer 30

SMTP (Simple Mail Transfer Protocol).

Question 31

What does SMTP stand for?

Answer 31

Simple Mail Transfer Protocol.

Question 32

What are the two primary protocols used for receiving email?

Answer 32

POP3 (Post Office Protocol v3) and IMAP (Internet Message Access Protocol).

Question 33

What is the main difference between how POP3 and IMAP handle emails on the server?

Answer 33

POP3 downloads emails to the local client and typically deletes them from the server. IMAP synchronizes emails with the server, keeping them in a central location.

Question 34

What port does secure SMTP (SMTPS) use?

Answer 34

Port 587 (or legacy port 465).

Question 35

What port does secure POP3 (POP3S) use?

Answer 35

Port 995.

Question 36

What port does secure IMAP (IMAPS) use?

Answer 36

Port 993.

Question 37

Why is IMAP generally preferred over POP3 in modern environments?

Answer 37

Because it synchronizes email state across multiple devices (phone, laptop, etc.), providing a consistent view of the inbox.

Question 38

Which two ports does FTP use and what is each port's function?

Answer 38

Port 21 is for control commands, and Port 20 is for the data transfer.

Question 39

What protocol uses ports 20 and 21?

Answer 39

FTP (File Transfer Protocol).

Question 40

What makes SFTP secure compared to FTP?

Answer 40

SFTP encrypts both the commands and the data by tunneling the session through SSH (Secure Shell).

Question 41

What does SFTP stand for?

Answer 41

SSH File Transfer Protocol.

Question 42

What port does SFTP use?

Answer 42

Port 22, because it uses SSH.

Question 43

In what scenarios is the simple, insecure TFTP protocol typically used?

Answer 43

For simple, automated transfers where security is not a concern, like booting diskless workstations or downloading configurations to network devices.

Question 44

What does TFTP stand for?

Answer 44

Trivial File Transfer Protocol.

Question 45

What port does TFTP use?

Answer 45

Port 69.

Question 46

What is the primary use case for the Server Message Block (SMB) protocol?

Answer 46

For providing shared access to files, printers, and other resources on a local area network, primarily in Windows environments.

Question 47

What does SMB stand for?

Answer 47

Server Message Block.

Question 48

What port does SMB use?

Answer 48

Port 445.

Question 49

Which file transfer protocol uses UDP instead of TCP?

Answer 49

TFTP (Trivial File Transfer Protocol).

Question 50

What is the primary security difference between SSH and Telnet?

Answer 50

SSH encrypts the entire communication session, while Telnet sends all data, including usernames and passwords, in unencrypted plain text.

Question 51

Which remote access protocol provides a full graphical user interface (GUI)?

Answer 51

RDP (Remote Desktop Protocol).

Question 52

What does RDP stand for?

Answer 52

Remote Desktop Protocol.

Question 53

What is the default port for SSH?

Answer 53

Port 22.

Question 54

What protocol uses Port 22?

Answer 54

SSH (Secure Shell). It is also used by SFTP.

Question 55

What is the default port for Telnet?

Answer 55

Port 23.

Question 56

What protocol uses Port 23?

Answer 56

Telnet.

Question 57

What is the default port for RDP?

Answer 57

Port 3389.

Question 58

What protocol uses Port 3389?

Answer 58

RDP (Remote Desktop Protocol).

Question 59

Why is Telnet considered a legacy protocol that should no longer be used?

Answer 59

Because it completely lacks encryption, making it a major security vulnerability.

Question 60

What is the function of DNS and what port does it use?

Answer 60

It translates domain names into IP addresses and primarily uses Port 53.

Question 61

What does DNS stand for?

Answer 61

Domain Name System.

Question 62

What protocol uses Port 53?

Answer 62

DNS (Domain Name System).

Question 63

What is the function of DHCP, and what two ports does it operate on?

Answer 63

It automatically assigns IP configuration to hosts. It uses UDP port 67 for the server and UDP port 68 for the client.

Question 64

What does DHCP stand for?

Answer 64

Dynamic Host Configuration Protocol.

Question 65

What is the primary purpose of NTP and what port does it use?

Answer 65

To synchronize the clocks of computers and network devices. It uses UDP port 123.

Question 66

What does NTP stand for?

Answer 66

Network Time Protocol.

Question 67

What might be the problem if a Windows computer receives an IP address in the 169.254.0.0/16 range?

Answer 67

The computer could not reach the DHCP server to obtain an IP address, so it assigned itself an APIPA address.

Question 68

What is the difference between LDAP and LDAPS in terms of security and port number?

Answer 68

LDAP is unencrypted and uses port 389. LDAPS is secured with SSL/TLS and uses port 636.

Question 69

What does LDAP stand for?

Answer 69

Lightweight Directory Access Protocol.

Question 70

What port does insecure LDAP use?

Answer 70

Port 389.

Question 71

What port does secure LDAP (LDAPS) use?

Answer 71

Port 636.

Question 72

What are the two primary ports used by SNMP and what is the direction of communication for each?

Answer 72

Port 161 (UDP) for manager-to-agent queries, and Port 162 (UDP) for agent-to-manager traps (alerts).

Question 73

What does SNMP stand for?

Answer 73

Simple Network Management Protocol.

Question 74

What is the purpose of a Syslog server?

Answer 74

To act as a central repository for collecting and storing log messages from various network devices.

Question 75

What port does Syslog use?

Answer 75

Port 514 over UDP.

Question 76

What are the default ports for Microsoft SQL Server and MySQL?

Answer 76

Microsoft SQL Server uses TCP port 1433. MySQL uses TCP port 3306.

Question 77

Which version of SNMP should be used to ensure authentication and encryption?

Answer 77

SNMPv3.

Question 78

What is the primary function of the Session Initiation Protocol (SIP)?

Answer 78

To initiate, maintain, modify, and terminate real-time sessions like VoIP calls and video conferences.

Question 79

What does SIP stand for?

Answer 79

Session Initiation Protocol.

Question 80

What are the default ports for unencrypted and encrypted SIP traffic?

Answer 80

Port 5060 is for unencrypted SIP, and Port 5061 is for secure SIP over TLS.

Question 81

SIP is responsible for signaling. What protocol typically carries the actual voice/video media in a VoIP call?

Answer 81

RTP (Real-time Transport Protocol).

Question 82

What are the four primary functions of Nmap?

Answer 82

1. Host Discovery, 2. Port Scanning, 3. Version Detection, and 4. OS Detection.

Question 83

What is the name of the graphical user interface for Nmap?

Answer 83

Zenmap.

Question 84

In an Nmap scan, what is the difference between a port state of 'closed' and 'filtered'?

Answer 84

A 'closed' port is accessible but has no application listening on it. A 'filtered' port means a firewall or other device is preventing Nmap from determining if the port is open or closed.

Question 85

What is a common Nmap command switch used to detect the operating system of a target?

Answer 85

-O