Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
79 Cards in this Set
- Front
- Back
|
What protocol does IPv6 use for hardware address resolution? A. ARP B. NDP C. RDP D. SNMP |
Correct Answer: B. IPv6 uses the Neighbor Discovery Protocol (NDP) to resolve IPv6 addresses to media access control (MAC) addresses (also called hardware addresses). IPv4 uses the Address Resolution Protocol (ARP) to resolve IPv4 addresses to MAC addresses. Remote Desktop Protocol (RDP) is used to connect to remote systems over port TCP 3389. Administrators use Simple Network Management Protocol (SNMP) to monitor and manage network devices. |
|
|
What is the default port for SSH? A. 22 B. 23 C. 25 D. 80 |
Correct Answer A. Secure Shell (SSH) uses Transmission Control Protocol (TCP) port 22 by default, and it is commonly used with other protocols, such as Secure Copy (SCP) and Secure File Transfer Protocol (SFTP), Telnet uses port 23. SMTP uses port 25. HTTP uses port 80. |
|
|
You are configuring a host-based firewall so that it will allow SFTP connections. Which of the following is required? A. Allow UDP 21 B. Allow TCP 21 C. Allow TCP 22 D. Allow UDP 22 |
Correct Answer C. You should create a rule to allow traffic using Transmission Control Protocol (TCP) port 22. Secure File Transfer Protocol (SFTP) uses Secure Shell (SSH) on TCP port 22. FTP uses TCP port 21. SSH does not use UDP. |
|
|
You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task? A. FTP B. SNMP C. SFTP D. SSH |
File Transfer Protocol (FTP) is the best choice to send large files, and Secure File Transfer Protocol (SFTP) is the best choice to send large files that need to be protected with encryption. SFTP encrypts data with Secure Shell (SSH) on port 22. FTP data is cleartext and is not suitable for proprietary data. Simple Network Management Protocol (SNMP) is used to manage network devices. Secure Shell (SSH) provides encryption for other protocols, but is not the best choice to send files without combing it with FTP (as SFTP). |
|
|
Your organization is planning to establish a secure link between one of your mail serves and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice? A. TLS B. SMTP C. HTTP D. SSH |
Correct Answer A. Transport Layer Security (TLS) is a good choice to create a secure connection between two systems over the Internet. Although the mails servers will likely exchange mail using Simple Mail Transfer Protocol (SMTP), SMTP by itself will not create a secure link. Similarly, Hypertext Transfer Protocol (HTTP) doesn't create a secure link. Although Secure Shell (SSH) creates a secure connection, it isn't used with SMTP. |
|
|
You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do? A. Disable the FTP and HTTP services on the router B. Disable the DNS and HTTPS services on the router. C. Disable the SSH and HTTP services on the router. D. Disable the Telnet and Kerberos services on the router. |
Correct Answer: C. You should disable the Secure Shell (SSH) and Hypertext Transfer Protocol (HTTP) services because they use TCP port 22 and 80 by default. File Transfer Protocol (FTP) uses ports 20 and 21. Domain Name System (DNS) uses port 53. Telnet uses port 23. Kerberos uses port 88. |
|
|
You need to prevent the use of TFTP through your firewall. Which port would you block? A. TCP 69 B. UDP 69 C. TCP 21 D. UDP 21 |
Correct Answer: B. You should block UDP port 69 to Block Trivial File Transfer Protocol (TFTP). TFTP does not use TCP. File Transfer (FTP) uses TCP port 21. |
|
|
You need to enable the use of NetBIOS through a firewall. Which ports should you open? A. 137 through 139 B. 20 and 21 C. 80 and 443 D. 22 and 3389 |
Correct Answer: A. Network Basic Input/Output System (NetBIOS) uses port 137 through 139. File Transfer Protocol (FTP) uses ports 20 and 21. Hypertext Transfer Protocol (HTTP) uses port 80 and HTTP Secure (HTTPS) uses port 443. You can connect to remote systems with Secure Shell (SSH) using port 22, and Remote Desktop Protocol (RDP) using port 3389. |
|
|
Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use? A. Telnet B. SSH C. SNMP D. DNS |
Correct Answer: C. Simple Network Management Protocol version 3 (SNMPv3) monitors and manages network devices. She can use Telnet to connect to the devices, but not monitor them. Secure Shell (SSH) is a more secure alternative than Telnet, but it cannot monitor the devices either. Domain Name System (DNS) provides name resolution services. |
|
|
You need to divide a single Class B IP address range into several ranges. What would you do? A. Subnet the Class B IP address range B. Create a virtual LAN C. Create a DMZ D. Implement STP |
Correct Answer: A. You can divide any classful IP address range by subnetting it. This breaks up a larger range of IP addresses into smaller network segments or blocks of IP addresses. A virtual local are network (VLAN) divides groups of computers logically, but doesn't use IP ranges. A demilitarized zone (DMZ) is a buffered zone between a protected network and a public network. Spanning Tree Protocol (STP) prevents looping problems caused by incorrect cabling.
|
|
|
You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to reboot? A. Unix server B. Apache server C. BIND server D. Web server |
Correct Answer: C. Berkeley Internet Name Domain (BIND) is a type of Domain Name System (DNS) software commonly used on the internet and in some internal networks, so a BIND server is a DNS server. BIND runs on Unix servers, but not all Unix servers are BIND servers. Apache is a type of web server software that runs on Unix and Linux systems. |
|
|
Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST options? A. Implement subnetting B. Implement secure zone transfers C. Block outgoing traffic on UDP port 53 D. Add a WAF |
Correct Answer: B. By implementing secure zone transfers on internal Domain Name System (DNS) servers, it prevents attackers from downloading zone data and mapping out IP addresses and devices. Subnetting divides classful IP address ranges into smaller subnets, but it doesn't prevent attacks. DNS names resolution queries use UDP port 53, so blocking outgoing traffic on UDP port 53 would prevent internal users from using DNS on the Internet. A web application firewall (WAF) protects a web server. |
|
|
A network technician incorrectly wired switch connections in your organizations network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future? A. Install an DNS B. Only use Layer 2 switches C. Install SNMP on the switches D. Implement STP or RSTP |
Correct Answer: D. Spanning Tree Protocol (STP) or Rapid STP (RSTP) will prevent switching loop problems. It's rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Administrators use Simple Network Management Protocol (SNMP) to manage and monitor devices, but it doesn't prevent switching loops. |
|
|
Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need? A. PAT and NAT B. DMZ and VPN C. VLANS and 802.1x D. Routers and Layer 3 switches. |
Correct Answer C. An 802.1x server provides port-based authentication and can authenticate clients. Clients that cannot authenticate (the guests in this scenario) can be redirected to a virtual local area network (VLAN) that grants them internet access, but not access to the internal network. None of the other solutions provides port security or adequate network separation. Port Address Translation (PAT) and Network Address Translation (NAT) each translate private IP addresses to public IP addresses. A demilitarized zone (DMZ) provides a buffer zone between a public network and a private network for public-facing servers. A virtual private network (VPN) provides access to a private network via a public network. Routers work on Layer 3, and Layer 3 switches mimic some of the functionality of routers. |
|
|
Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end: PERMIT TCP ANY ANY 443 PERMIT TCP ANY ANY 80 You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select 2) A. Add the following rule to the firewall: DENY TCP ALL ALL 53 B. Add the following rule to the firewall: DENY UDP ALL ALL 53 C. Adding the following rule to the firewall: DENY TCP ALL ALL 25 D. Add the following rule to the firewall: DENY IP ALL ALL 53 E. Change the implicit allow rule to implicit deny. |
Correct Answer: D, E. The easiest way is to change the implicit allow rule to implicit dency and that is preferred because it will protect the server from unwanted traffic. You can also deny all IP traffic using port 53 with DENY IP ALL ALL 53. DNS requests use UDP port 53, and zone transfers use TCP port 53 so both UDP 53 and TCP port 53 need to be blocked. You can achieve that goal with DENY IP ALL ALL 53. |
|
|
Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will meet this need? A. Content inspection B. Malware inspection C. URL filter D. Web application firewall. |
Correct Answer: C. A URL filter blocks access to specific web sites based on their URLs. Proxy servers and unified threat management (UTM) devices include URL filters. UTM devices include content inspection to identify and filter out different types of files and traffic, and malware inspection to identify and block malware. A web application firewall (WAF) protects a web server from incoming attacks. |
|
|
Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal? A. SSO B. UTM C. VPN D. VLAN |
Correct Answer: B. A unified threat management (UTM) device combines multiple security controls into a single device. Single sign-on allows users to sign on once and access multiple resources without signing on again. Users can access a private network over a public network via a virtual private network (VPN). You can configure a virtual local area network (VLAN) on a switch to group computers together logically. |
|
|
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution? A. VLAN B. Firewall C. DMZ D. WAF |
Correct Answer: C. A demilitarized zone (DMZ) is a buffered zone between a private network and the internet and it will separate the web server's web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other administrative need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn't necessarily separate the web-facing traffic from the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not necessarily separate internet and internal network traffic. |
|
|
Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use? A. IPv4 B. IPv6 C. SSH D. SFTP |
Correct Answer: B. IPv6 includes the use of Internet Protocol security (IPsec), so it is the best choice and it operates on Layer 3 of the Open Systems Interconnection (OSI) reference model. IPv4 doesn't support IPsec natively. Although you can use Secure Shell (SSH) instead of Telnet, they both operate on Layer 7 of the OSI model. IPv6 operates on Layer 3. Secure File Transfer Protocol (SFTP) is useful for encrypting large files in transit, but it doesn't encrypt Telnet traffic. |
|
|
Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks? A. IDS B. Router C. WAF D. Stateless firewall |
Correct Answer: C. A web application firewall (WAF) operates on multiple layers up to Layer 7 of the OSI model and blocks attacks against a web server. An intrusion detection system (IDS) also operates on multiple layers up to Layer 7 of the OSI model; however, it is more effective at detecting attacks than blocking them. A router operates on Layer 3 of the OSI model and it can perform packet filtering. A stateless firewall only performs packet filtering and isn't effective against Application layer attacks. |
|
|
What is TCP? |
Transmission Control Protocol provides connection-oriented traffic (guaranteed delivery). TCP uses a three-way handshake. To start a TCP session, the client sends a SYN (synchronize) packet. The server responds with a SYN/ACL (synchronize/acknowledge) packet, and the client completes the third part of the handshake with an ACK packet to establish the connection. |
|
|
T/F TCP/IP is a single protocol. |
False. It isn't a single protocol, but a full suite of protocols. |
|
|
What do networking protocols provide? |
They provide the rules needed for computers to communicate with each other on a network. |
|
|
What is UDP? |
User Datagram Protocol (UDP) provides connectionless sessions (without a three-way handshake). ICMP traffic, such as audio and video streaming, uses UDP. Many network-based denial-of-service (DoS) attacks use UDP. TCP/IP traffic is either connection oriented TCP traffic or connectionless UDP. |
|
|
What is an IP? |
The Internet Protocol (IP) identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses. |
|
|
IPv4 uses _____-bit addresses? |
IPv4 uses 32-bit addresses represented in dotted decimal format, such as 192.168.1.100. |
|
|
IPv6 uses _____-bit addresses. |
IPv6 uses 128-bit addresses using hexadecimal code, such as FE80:0000:0000:0000:20D4:3FF7:0037:DE62 |
|
|
What is ICMP? |
Internet Control Message Protocol (ICMP) is used for testing basic connectivity and includes tools such as ping, pathping, and tracert. Ping can check for basic connectivity between two system. Many DoS attacks use ICMP. Because of how often ICMP is used in attacks, it has become common to block ICMP at firewalls and routers, which disables a ping response. Blocking ICMP prevents attackers from discovering devices in a network with a host enumeration sweep. |
|
|
What is ARP? |
Address Resolution Protocol (ARP) resolves IPv4 addresses to media access control (MAC) addresses. MACS are also called physical addresses, or hardware addresses. TCP/IP uses the IP address to get a packet to a destination network, but once it arrives on the destination network, it uses the MAC addresses to get it to the correct host. In other words, ARP is required once the packet reaches the destination subnet. ARP poisoning uses ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic. |
|
|
What is NDP? |
Neighbor Discovery Protocol (NDP) performs several functions on IPv6. For example, it performs functions similar to IPv4's ARP. It also performs autoconfiguration of device IPv6 addresses and discovers other devices on the network such as the IPv6 address of the default gateway. |
|
|
ARP resolves ______ addresses to IPv4 addresses. NDP performs similar functions on _____. |
MAC, IPv6 |
|
|
What does SSH do? |
Secure Shell (SSH) encrypts a wide variety of traffic, such as Secure Copy (SCP) and Secure File Transfer Protocol (SFTP). Unix and Linux administrators often use SSH when remotely administering systems instead of Telnet. SSH can also encrypt TCP Wrappers, a type of access control list used on Linux and Unix systems to filter traffic. |
|
|
When SSH encrypts traffic, what port does it use? |
TCP Port 22 |
|
|
What is SCP? |
Secure Copy (SCP) is based on SSH and is used to copy encrypted files over a network. SCP uses TCP port 22. |
|
|
What is SSL? |
The Secure Sockets Layer (SSL) protocol secures HTTP traffic as Hypertext Transfer Protocol Secure (HTTPS) with the use of certificates. SSL can also encrypt other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP). |
|
|
What port does SSL use when encrypting HTTP?
|
TCP port 443 |
|
|
What port does SSL use when encrypting SMTP? |
TCP port 465 |
|
|
What port does SSL use when encrypting LDAP? |
TCP port 636 |
|
|
What is TLS? |
The Transport Layer Security (TLS) protocol is the designated replacement for SSL. At this point, you can use TLS instead of SSL in just about any application with the same ports. |
|
|
What is IPsec? |
Internet Protocol security (IPsec) is used to encrypt IP traffic. It is native to IPv6 but also works with IPv4. IPsec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic. It uses the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN. |
|
|
IPsec includes two main components. What are they? |
1. Authentication Header (AH) identified by protocol ID number 51 2. Encapsulating Security Payload (ESP) identified by protocol ID number 50. |
|
|
T/F IPsec creates secure tunnels for VPNs. |
True. |
|
|
What is HTTP? |
Hypertext Transfer Protocol (HTTP) transmits web traffic on the internet and in intranets. Web servers you HTTP to transmit web pages to client's browsers. Hypertext Markup Language (HTML) is the common language used to display the web pages. |
|
|
What port does HTTP use? |
TCP port 80 |
|
|
What is HTTPS? |
Hypertext Transfer Protocol Secure (HTTPS) encrypts web traffic to ensure it is secure while in transit. Web browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and by including HTTPS in the Uniform Resource Locator (URL) field. |
|
|
What is HTTPS encrypted with? |
SSL or TLS |
|
|
What port does HTTPS use? |
TCP port 443. |
|
|
What is FTP? |
File Transfer Protocol (FTP) uploads and downloads large files to and from an FTP server. By default, FTP transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a sniffer or protocol analyzer. |
|
|
FTP active mode uses which ports for control signals and data? |
FTP active mode uses TCP port 21 for control signals and TCP port 20 for data. |
|
|
FTP passive mode uses which ports for control signals and data? |
FTP passive mode also uses port 21 for control signals, but it uses a random TCP port for data. |
|
|
What is SFTP? |
Secure File Transfer Protocol is a secure implementation of FTP. It is an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. |
|
|
SFTP uses which port when transmitting data? |
TCP port 22 |
|
|
What is FTPS? |
File Transfer Protocol Secure is an extension of FTP and uses SSL or TLS to encrypt FTP traffic. Same implementations of FTPS use TCP ports 989 and 990. Notice that the difference between SFTP and FTPS is that SFTP uses SSH and FTPS uses SSL or TLS. |
|
|
What is the diffrence between SFTP and FTPS? |
The difference between SFTP and FTPS is that SFTP uses SSH and FTPS uses SSL or TLS. |
|
|
What is TFTP? |
Trivial File Transfer Protocol (TFTP) uses UDP and is used to transfer smaller amounts of data, such as when communicating with network devices. Many attacks have used TFTP, but it is not an essential protocol on most networks. Because of this, administrators commonly disable it. |
|
|
What port does TFTP use? |
UDP port 69 |
|
|
What is telnet? |
Telnet is a legacy protocol used to connect to remote systems or network devices over a network. Telnet has a command-line interface, and some administrators use Telnet to connect to routers and make configuration changes. |
|
|
How does Telnet transmit data? |
Telnet transmits data in cleartext, making it vulnerable to sniffing attacks. |
|
|
What is SNMP? |
Simple Network Management Protocol (SNMP) monitors and manages network devices, such as routers or switches. This includes using SNMP to modify the configuration of the devices or have network devices report status back to a central network management system. |
|
|
What is NetBIOS? |
Network Basic Input/Output System is a name resolution service for NetBIOS names on internal networks. NetBIOS also includes session services for both TCP and UDP communication. |
|
|
What ports does NetBIOS use? |
NetBIOS uses UDP ports 137 and 138, and TCP port 139. It can use TCP port 137, but rarely does. |
|
|
What is LDAP? |
Lightweight Directory Access Protocol is the language used to communicate with directories such as Microsoft Active Directory or Novell Netware Directory Services (NDS). LDAP provides a single location for object management and it uses TCP port 389. LDAP can be encrypted with either TLS or SSL and uses port 636 when encrypted. |
|
|
What is Kerberos? |
Kerberos is the authentication protocol used in Windows domains and some Unix environments. It uses a Key Distribution Center (KBC) to issue timestamped tickets. |
|
|
What port does Kerberos use? |
UDP port 88. |
|
|
What is MS SQL server? |
SQL Server is a server application that hosts databases accessible from web servers and a wide array of applications. |
|
|
What port does SQL Server use? |
SQL Server uses port 1433 by default. |
|
|
What is RDP? |
Administrators and clients use Remote Desktop Protocol (RDP) to connect to other systems from remote locations. Microsoft uses RDP in different services such as Remote desktop services and remote assistance. |
|
|
What port does RDP use? |
Either port TCP 3389 or UDP 3389 |
|
|
T/F Telnet is a more secure alternative than SSH. |
False. SSH is more secure. |
|
|
What is SMTP? |
Simple Mail Transfer Protocol transfers email between clients and SMTP servers. |
|
|
What port does SMTP use? |
SMTP uses TCP port 25. SMTP with SSL or TLS uses TCP port 465. |
|
|
What is POP3? |
Post Office Protocol v3 transfers emails from servers down to clients. |
|
|
What port does POP3 use? |
TCP port 110. POP3 with SSL or TLS uses TCP port 995. |
|
|
What is IMAP4? |
Internet Message Access Protocol version 4 is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders on the server. |
|
|
What port does IMAP4 use? |
TCP port 143. IMAP4 with SSL or TLS uses TCP port 993. |
|
|
T/F All Internet IP addresses are public IP addresses, and internal networks use private IP addresses. |
True. |
|
|
What is subnetting? |
Subnetting divides a single range of classful IP addresses into two or more smaller ranges of IP addresses. Administrators do this to isolate traffic and increase efficiency. |
|
|
What are the 3 primary IP classes? |
a. Class A: 0.0.0.0 through 127.255.255.255 b. Class B: 128.0.0.0 through 191.255.255.255 c. Class C: 192.0.0.0 through 223.255.255.255 |
|
|
What is CIDR? |
Classless Interdomain Routing (CIDR) notation. CIDR notation uses a forward slash (/) followed by a number identifying of 1s in the subnet mask. |
