Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
144 Cards in this Set
- Front
- Back
|
What are layer 1 endpoints for cables from wall jacks? |
Patch panels |
|
|
Which is more resistant to EMI, Coax or twisted pair? |
Coax |
|
|
UTP (Unshielded Twisted Pair) is more vulnerable to interference, crosstalk, and ______________. |
Eavesdropping |
|
|
What is the main TP (Twisted Pair) used today? |
Cat 5e. (Next Gen is Cat 6a) |
|
|
What are fire retardant cables called? |
Plenum (cost 2x as much) |
|
|
What is the Twisted Pair Cat 7 speed and how is it used? |
10 Gbps, backbone cabling |
|
|
What is the difference between broadband and baseband? |
Baseband: Binary (single channel) Broadband: Analog (multiple channels) |
|
|
What is the effective communication distance for copper communication cables? |
100m |
|
|
What is a loss of signal strength over distance? |
Attenuation |
|
|
What causes corruption in binary signals? |
Noise |
|
|
What happens when a signal spills from one cable to a nearby cable? |
Crosstalk |
|
|
Regarding fiber, what light source is used for single and multi-mode? |
single mode - Laser (kilometers) multi-mode - LEDs (within buildings) |
|
|
What is the difference between synchronous and asynchronous signals? |
Synchronous: No start stop, continuous signal Asynchronous: Bits sent sequentially |
|
|
What topology is good for several servers being linked in a high availability (HA) need situation? |
Mesh |
|
|
What is the normal topology we use? |
Star |
|
|
What are the layers of the OSI model? Bottom to top. |
1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application All People Seem To Need Data Processing |
|
|
What is it called when data is packaged to travel through the OSI model (up or down) and communicates with same layers at the the other end. |
Encapsulation
|
|
|
What is Layer 1 of the OSI model for? |
Physical - media - patch panels, fiber cable |
|
|
What is Layer 2 of the OSI model for? |
Network: Ethernet, switches |
|
|
What is Layer 3 of the OSI model for? |
Networking: Routers, IPV4, IPV6, OSPF, BGP |
|
|
What is Layer 4 of the OSI model for? |
Transport: TCP, UDP, SSL, TLS (port #s/sockets) |
|
|
What is Layer 5 of the OSI model for? |
Session: NetBIOS, NFS, SQL, RPC |
|
|
What is Layer 6 of the OSI model for? |
Presentation: ASCII, TIFF, GIF, JPEG, etc. |
|
|
What is Layer 7 of the OSI model for? |
Application: FTP, SSH, API, MIME, TELNET, HTTP |
|
|
At OSI Layer 1, how does communication happen? In the form of..... |
Bits |
|
|
Where does the MAC address get resolved in the OSI model? |
Layer 2
|
|
|
Where does IP addressing happen in the OSI model? |
Network Layer (3) |
|
|
Where is UDP and TCP used in the OSI model? |
Layer 4, Transport |
|
|
At what layer does segment size and sequence numbering happen? |
Layer 4, Transport |
|
|
What is the difference between TCP and UDP? |
TCP: Reliable (3 way handshake - connection oriented, sequential series of packets) UDP: Fast (Connectionless - best effort - used for VoIP and Streaming) |
|
|
What OSI Layer allows applications to organize and synchronize how they will transfer data? |
Layer 5, Session |
|
|
Which OSI Layer translates messages into standard presentations? (encryption and compression, as well as formatting - like jPEG) |
Layer 6, Presentation |
|
|
Which OSI Layer includes Application Programming Interfaces (API) Popular protocols: SMTP, HTTP, FTP, Telnet, TFTP) |
Application Layer, 7 |
|
|
At which layers are the following data frame types: Data Segment Packet Frame ( last frame element is Frame Check Sequence) |
Data: Presentation Segment: Transport Packet: Network Frame & FCS: Data Link / Physical |
|
|
What are the TCP/IP Layers? |
Application Transport (host to host) Internet Network Interface A TIN man |
|
|
How does the TCP/IP map to OSI? |
Application Presentation Application Session___________________________ Transport_______________Transport (host2host) Network________________ Internet Datalink Physical Network Interface |
|
|
What are the common network devices on layers 1, 2, and 3? What device is multi-layer? |
1 - Hub 2 - Switch 3 - Router Multi-layer: Gateway |
|
|
What is 802.3? |
Standard for Ethernet (3 is like a backwards E) |
|
|
Switches work at Layer _____ using a standard called _______. |
2, Ethernet |
|
|
What device is subject to MAC flooding and Spoofing attacks? |
Layer 2 switch (Data Link) |
|
|
Where is a NIC used? |
Layer 2 - with switches |
|
|
What routing protocol simply used hops to decide routes? |
RIP (Routing Information Protocol) - 15 hop limit (TTL - Time to Live) |
|
|
What routing protocol keeps a topology map and determines shortest path/ |
OSPF (Open Shortest Path First) |
|
|
What is the exterior routing protocol and is used by ISPs? |
BGP (Border Gateway Protocol) |
|
|
What acts as a translator (between media or protocols) and works at several layers of the OSI model? |
Gateway |
|
|
What is the primary protocol suite used on the Internet today? |
TCP/IP (TCP - Layer 4, IP - Layer 3) |
|
|
What are the ports for FTP, SMTP, SNMP, HTTP, Telnet, and SSH? |
FTP - 20, 21 SMTP - 25 SNMP - 161 HTTP - 80 Telnet - 23 SSH - 22 (Secure Telnet Replacement) |
|
|
Source port numbers are dynamic, or __________ and used to track communications sessions. |
Ephemeral |
|
|
What defines the network and host portions of an IP address? |
Subnet Mask |
|
|
In 192.168.0.1:23, what does the 23 represent? |
The port number |
|
|
In 192.168.0.1/24, what does the 24 represent? |
Subnet Mask |
|
|
What are the ranges for IP addresses for Classes A - E?
|
A - 0-127 (First byte defines network) - Note: 127 is reserved for loopback testing B - 128-192 (First 2 bytes define network) C - 193-224 (First 3 bytes define network) D - 225-240 (multicast) E - Invalid Experimental |
|
|
What is an IPv6 address? |
Unique 128 bit address scheme - 8 blocks of four hexadecimal units |
|
|
How is an IPv6 unicast network and host split up? |
equal 64 bits of each |
|
|
How can you shorten the IPv6 address? |
By eliminating leading zeros and adjacent blocks of zeros with :: e.g. ...2f29:0:0:0:3d... becomes: 2f29::3d... |
|
|
For global addressing of IPv6, what is the global routing prefix and subnet ID? |
Global routing = first 48 bits Subnet ID = next 16 bits |
|
|
In IPv6, what does Link Local Addressing always begin with? |
fe80:: (understood as fe80:0:0:0 |
|
|
T/F IPv6 Tunnels may be misused by attackers. |
True |
|
|
What protocol does DHCP use? |
UDP |
|
|
What defines the DHCP sequence of actions? DORA |
DORA: - Discover message - Offer message - Request proper network info - Acknowledge |
|
|
What is a major man in the middle attack threat that redirects IP addressing? |
Rogue DHCP Server |
|
|
What is a High Availability (HA) practice for DHCP and DNS to ensure redundancy? |
Split DNS or Split DHCP (shares the load) |
|
|
Routers can be a _______________ for DHCP services, rebroadcasting across subnets. |
Relay Agent |
|
|
Split DNS (or split-Brain DNS) is a best practice, allowing....? |
One Internal DNS server (locates domain resources) One Exernal DNS server (locates Internet resources) |
|
|
T/F - DNSSEC encrypts. |
False, it uses digital signatures for authentication |
|
|
What is the directory service database (standard for storing details about the network) and in what standard does it store? |
Lightweight Directory Access Protocol (LDAP), X.500 |
|
|
Difference between x.500 and x.509? |
x.509 = Public Key (digital certificates) x.500 = LDAP naming standards (Leafs) |
|
|
In LDAP, what is a subject called? |
A leaf |
|
|
What is the protocol that resolves MAC addresses from a known IP address? |
Address Resolution Protocol (ARP) |
|
|
What is it called when someone puts bad information into an ARP table to misdirect users? |
ARP Poisoning (man in the middle) |
|
|
ICMP can be misused through which utility? |
Ping (Packet Internet Network Grope) |
|
|
Which version of SNMP is most secure? |
v3 (SNMP v4 works with IPv6) |
|
|
ATM works at which layer of the OSI model?
|
Multiple layers |
|
|
ATM has which 2 circuit methods? |
Switched Virtual Circuit (SVC) - created on demand Permanent Virtual Circuit (PVC) - programmed in advance |
|
|
What is an L2/L3 (or just L3) Switch? |
It is a layer 3 switch (VLAN capable) that performs routing functions. (multilayer device) |
|
|
A proxy server does NAT (Network Address Translation) and deep packet inspection at ______layers? |
Multi-layers |
|
|
What is it called when two separate standards come together to do something better, such as with protocols? |
convergence or converged protocols |
|
|
Evolving from specialized Fibre channel storage, this convergence allowed Ethernet to communicate with Fibre SANs? |
FCoE (Fibre Channel over Ethernet) |
|
|
What was the convergence of SCSI and IP? |
iSCSI |
|
|
What is MPLS? |
Multiprotocol Label Switching - used by ISPs to create private WANs across their backbone (forwards with labels instead of IP addresses) - Isolates traffic, as in a VLAN - More secure than normal IP routing - Good for VoIP (meaning good for QoS) |
|
|
What device hides internal addresses by centralizing them on one router and forwarding only the source address of that router? |
Network Address Translation (NAT) |
|
|
VoIP requires _________ to provide lag-free communication |
Quality of Service, or Traffic Shaping |
|
|
What is the initiation protocol that is used to setup and tear down VoIP sessions?
|
SIP (Session Initiation Protocol) RTP (Real-time Transfer Protocol) |
|
|
What IEEE standard defines Wi-Fi standards for security? |
802.11i |
|
|
What WPA function keeps you from eavesdropping? |
TKIP (Temporal Key Integrity Protocol) |
|
|
WPA also replaced CRC error checking in WEP with better ____________________ (MIC) |
Message Integrity Check |
|
|
WPA2 enhances security. Replaces RC4 with ____________ (AES.....?) |
AES-CCMP |
|
|
TKIP (Temporal Key Integrity Protocol) is a ___________ encryption key. It is a single use session key. Also uses strong/long keys. |
Symmetric
|
|
|
What is a network protocol that provides client/server authentication and authorization, and audits remote users. It also provides enterprise authentication? |
RADIUS (Remote Authentication Dial-In User Service) |
|
|
What is the difference between bluejacking and bluesnarfing? How can you eliminate the threat? |
Bluejacking: Send anonymous spam Bluesnarfing: stealing info from bluetooth device - Eliminate by disabling discovery |
|
|
What is the best protection for "bring your own device" mobile devices? |
MDM (mobile device management) infrastructure |
|
|
What are some good MDM choices to implement? |
Sophos and Airwatch |
|
|
What is "footprinting"? |
Discovery - gathering data about a target (security profile) before attacking. |
|
|
Firewalls have moved from static postures to... |
Dynamic Stateful firewalls. Keeps track of "state" or dialog process of a communication stream between internal and external hosts |
|
|
What is an application layer firewall that inspects 100% of the packet (deep packet inspection) called? |
Application firewall |
|
|
Proxy Firewalls are better than hardware firewalls at ___________ information. |
logging |
|
|
What is a proxy that hides the real sender's info? |
Anonymizer proxy |
|
|
TOR (TOR Onion Networks) is free software that does what? |
enables anonymous communication over the Internet.
|
|
|
Open ________________ are used to mask SPAM senders |
mail relays |
|
|
What is a Bastion Host? |
Extremely hardened system. Locked down due to being Internet accessible. |
|
|
What two methods hide and extend your IP address scheme for your internal network? |
NAT and PAT (Port Address Translation) |
|
|
What is our IT "network burglar alarm" system? |
IDS |
|
|
Does an IDS block intrusion? |
No! |
|
|
What does block an intrusion? |
Network Intrusion Prevention System (NIPS) |
|
|
When alerted by an IDS/IPS, what is the responding administrator called? |
First responder |
|
|
What advantage does an application-based proxy firewall have over packet-filtering firewalls? |
Better Security |
|
|
What are the two intrusion detection techniques: Anomaly Detection and Signature Based? |
Anomaly Detection: comparing current systems to baseline activities. Signature Based: comparing LAN traffic to a variety of attack signatures |
|
|
Host HIDS/HIPS can examine encrypted traffic after it is decrypted. T/F? |
True |
|
|
PPTP, L2TP/IPsec, SSL/TLS, and SSTP are modern _________ Protocols |
VPN Tunneling |
|
|
What is CHAP |
Challenge Handshake Authentication Protocol, authentication protocol that validates user through handshake instead of sending password. |
|
|
ISDN has two connection types. What are they and what are their speeds? |
- BRI (Basic Rate Interface) 2 b channels and 1 d channel - PRI (Primary Rate Interface) 23 b channels and 1 d channel b channels: 64 KBps (data) d channels: 64 KBps (control) |
|
|
What are the Internet, X.25, and Frame Relay examples of? |
Packet switching? |
|
|
What is an early fast WAN packet-switched technology that uses PVCs and SVCs? |
Frame Relay (Early WAN) |
|
|
What connection-oriented technology uses 53-byte packets in the form of fixed cells? |
ATM |
|
|
What is an encryption protocol that is a hybrid of Cisco L2F and PPTP? |
L2TP (Layer 2 Tunneling Protocol) and IPSec. |
|
|
In L2TP, what does the encryption at Layer 3? |
ESP in IPSec. |
|
|
The IPSec protocol that performs only integrity checking (doesn't encrypt) is __________ |
AH (Authentication Header) Protocol |
|
|
The IPSec protocol that performs encryption (most used) is ____________ |
ESP (Encapsulating Security Payload) in tunneling mode with encapsulation |
|
|
With the ESP protocol, what is the difference between transport and tunnel mode? |
Transport mode: Only data is secured Tunnel mode: Entire packet encapsulated |
|
|
Browser based VPN solutions (utilizing SSL and TLS) are harder to implement. T/F |
False. They are easier to implement. |
|
|
What is an IP address combined with a Port Number called? |
A Socket |
|
|
Regarding VLANs, what is 802.1q? |
The header in the frame has an extra piece of information (VLAN Tag) that will allow it to forward or reject traffic. |
|
|
In the TCP/IP model, where does the PPP protocol reside? |
Network access |
|
|
What is a Loki attack? |
A backdoor ICMP attack |
|
|
What does CDN (Content Distribution Network) provide? |
Improves the delivery or performance of streaming or large file application. Stores data closer to where user needs it. |
|
|
In virtualization, it doesn't require an overarching OS. What runs the functions (multiple instances of OS) instead? |
Hypervisor |
|
|
What is a Virtual Desktop Infrastructure (VDI)? |
A client/server solution that utilizes virtualization and centralized servers to run a desktop operating system across a LAN or WAN connection to a host system (thin client) |
|
|
What are the three primary categories of cloud computing? (Hint: Hosted - I, P, S) |
- Hosted Infrastructure (Iaas): virtualized servers and disk storage - Hosted Platforms (PaaS): Rent virtual servers with the OS installed - Hosted (applications) Software (Saas): Leasing the use of a service providers configured software (Netflix) aaS = as a Service |
|
|
What are these cloud models: Public, Private, Community, Hybrid |
Public: Internet Public Clouds Private: provisioned or single organization Community: specific community of organizations, like federal gov. Hybrid: Any combination of the above |
|
|
What was a solution that incorporated the physical separation (decoupling) of the network control plane of packets from the data plane (hardware)? (single large virtualization that removes hardware from the equation) |
Software Defined Networking |
|
|
What are two multi-layer protocols? |
ATM and DNP3 |
|
|
What is providing conversion at the perimeter of most networks? |
Router (normally Cisco) |
|
|
Can a router be a firewall? |
Yes |
|
|
In WiFi what does the key exchange? |
TKIP |
|
|
SSL VPN uses what for access? |
web browser |
|
|
What two primary concerns with VoIP technology? |
Lag - QoS (Quality of Service) Sniffing |
|
|
What is a screenscraper? |
Data mining....??? |
|
|
What is a guest operating system? |
An operating system running under a hypervisor |
|
|
What is port isolation? |
A management VLAN. E.g. Only one port can be used to program a router or switch. |
|
|
What does a stateful firewall look at that a normal one doesn't? |
Ephemeral port. (session states) |
|
|
How is a proxy firewall different from a normal one? |
Deep packet inspection. |
|
|
What is an anonymizer proxy used for? |
Hides the sender's information. (e.g. TOR) |
|
|
What device: - Does MPLS translation - uses BGP - Stateful Firewall - ATM mode - VPN concentrator for IPSec |
Edge Router |
|
|
WiFi encrypts what portion of the communication? |
Antenna to Antenna (radiated signal) |
