Basic Network Security Concepts

Question 1

How does TCP differ from UDP regarding delivery reliability?

Answer 1

TCP is connection-oriented and guarantees delivery, whereas UDP is connectionless and provides best-effort delivery.

Question 2

Which specific TCP vulnerability involves overwhelming a target by leaving connections in a half-open state?

Answer 2

SYN Flood attack.

Question 3

Why is UDP frequently used in reflection and amplification Denial of Service (DoS) attacks?

Answer 3

It is connectionless and lacks a handshake mechanism, making it easy to spoof source addresses.

Question 4

What is the primary security risk associated with using standard HTTP for web communication?

Answer 4

Data is sent in plaintext, making it susceptible to eavesdropping and Man-in-the-Middle (MITM) attacks.

Question 5

Which protocol is responsible for mapping a known IP address to an unknown MAC address on a local network?

Answer 5

Address Resolution Protocol (ARP).

Question 6

Explain the goal of an ARP Poisoning attack.

Answer 6

An attacker sends false ARP messages to associate their MAC address with the IP address of a legitimate network device.

Question 7

Why do security administrators often block ICMP messages at the network perimeter?

Answer 7

ICMP can be exploited for network reconnaissance to map internal topology or to launch DoS attacks.

Question 8

Which security feature is used to prevent unauthorized or rogue DHCP servers from assigning IP addresses?

Answer 8

DHCP Snooping.

Question 9

Define DNS Poisoning (also known as DNS Spoofing).

Answer 9

An attack where false IP address mappings are injected into a DNS resolver’s cache to redirect users to malicious sites.

Question 10

The technique of exfiltrating data by hiding it within DNS queries is known as _____.

Answer 10

DNS Tunneling

Question 11

What is the total bit length of an $IPv4$ address?

Answer 11

An $IPv4$ address is $32$ bits long.

Question 12

What is the total bit length of an $IPv6$ address?

Answer 12

An $IPv6$ address is $128$ bits long.

Question 13

Which security protocol is built-in and mandatory for the $IPv6$ standard?

Answer 13

$IPsec$.

Question 14

At which layer of the OSI model do MAC addresses operate?

Answer 14

Layer 2 (Data Link Layer).

Question 15

What is the primary security benefit of network segmentation using VLANs?

Answer 15

It contains threats by limiting an attacker’s ability to move laterally across the network.

Question 16

In CIDR notation (e.g., $/24$), what does the number following the slash represent?

Answer 16

The number of bits used for the network portion of the address.

Question 17

What is the primary function of Network Address Translation (NAT)?

Answer 17

It translates private internal IP addresses into a single public IP address for internet access.

Question 18

Why is NAT considered a ‘layer of obscurity’ rather than a true security control?

Answer 18

It hides internal network topology but does not actively filter or inspect traffic for threats.

Question 19

Which of the following is a reserved private $IPv4$ address range: $10.0.0.0/8$, $172.16.0.0/12$, or $192.168.0.0/16$?

Answer 19

All three are reserved private $IPv4$ address ranges.

Question 20

What distinguishes a Public IP address from a Private IP address regarding internet routing?

Answer 20

Public IPs are globally routable on the internet, while Private IPs are not.

Question 21

Concept: Network Security Architecture

Answer 21

Definition: The comprehensive plan for security device placement, configurations, and policies across the infrastructure.

Question 22

Where should an organization place public-facing servers, such as web or email servers, to isolate them from the trusted internal network?

Answer 22

In a Demilitarized Zone (DMZ).

Question 23

In a virtualized environment, what is the software layer that manages hardware resources and runs multiple Guest OSs?

Answer 23

The Hypervisor.

Question 24

What specific security risk occurs if an attacker compromises a virtual machine and gains access to the underlying Hypervisor?

Answer 24

VM Escape.

Question 25

According to the Cloud Shared Responsibility Model, what is the customer typically responsible for securing?

Answer 25

The customer is responsible for securing their own data and application access.

Question 26

What is the primary purpose of deploying a honeypot on a network?

Answer 26

To act as a decoy that attracts attackers, allowing security teams to gather intelligence on their methods.

Question 27

How does a Proxy server enhance security for internal clients?

Answer 27

It acts as an intermediary that can filter content, cache data, and mask the internal IP addresses of clients.

Question 28

What is the fundamental difference in action between an IDS and an IPS when a threat is detected?

Answer 28

An IDS only alerts the administrator, while an IPS can automatically stop or block the malicious traffic.

Question 29

Where must an Intrusion Prevention System (IPS) be placed in the network to actively block traffic?

Answer 29

It must be deployed in-line with the traffic flow.

Question 30

Which type of security control is an Intrusion Detection System (IDS) categorized as?

Answer 30

A detective control.

Question 31

Why is MAC address filtering considered a weak security control for wireless networks?

Answer 31

MAC addresses are easily spoofed by attackers using network sniffing tools.

Question 32

Which wireless encryption standard is currently considered the most secure for SOHO networks?

Answer 32

WPA3.

Question 33

What is the security implication of disabling SSID broadcast (hiding the network name)?

Answer 33

It provides minimal security because the SSID can still be captured by network sniffing tools during client discovery.

Question 34

What is an Access Control List (ACL)?

Answer 34

A set of rules on a router or firewall that permits or denies traffic based on criteria like source IP or destination port.

Question 35

Explain the 'Stateful Inspection' feature of modern firewalls.

Answer 35

The firewall tracks the state of active connections and only permits return traffic that belongs to an established session.

Question 36

What are the two primary security goals achieved by using a Virtual Private Network (VPN)?

Answer 36

Confidentiality and integrity of data through encryption.

Question 37

What does a Network Access Control (NAC) system verify before granting a device access to the network?

Answer 37

It verifies that the device meets security policy requirements, such as having updated antivirus and the latest patches.

Question 38

Which protocol should be used as a secure replacement for Telnet for remote device management?

Answer 38

Secure Shell (SSH).

Question 39

Identify the attack where an unauthorized person installs their own Access Point on a corporate network to capture credentials.

Answer 39

Rogue Access Point attack.

Question 40

In the context of the TCP three-way handshake, what is the second packet sent?

Answer 40

SYN-ACK.

Question 41

Which network utility is used to display active network connections and listening ports on a host?

Answer 41

netstat.

Question 42

Which IPv6 address shortening rule allows replacing a single contiguous sequence of all-zero segments?

Answer 42

The Double Colon (::) rule.

Question 43

How many times can the double colon (::) be used in a single IPv6 address?

Answer 43

Only once.

Question 44

What is the standard port number for the Domain Name System (DNS)?

Answer 44

Port $53$.

Question 45

What is the standard port number for secure web traffic (HTTPS)?

Answer 45

Port $443$.

Question 46

What is the function of the ARP Cache?

Answer 46

It stores IP-to-MAC address mappings to avoid repeated ARP requests for the same destination.

Question 47

Which network device uses a MAC Address Table to forward data only to the intended destination segment?

Answer 47

A Switch.

Question 48

What is the primary difference between a 'Standard' ACL and an 'Extended' ACL?

Answer 48

Standard ACLs filter based only on source IP, while Extended ACLs can filter by source/destination IP, protocol, and port.

Question 49

Which wireless discover mode involves the Access Point periodically sending beacon frames containing the SSID?

Answer 49

Passive discover mode.

Question 50

In a DHCP Starvation attack, what is the attacker's ultimate goal?

Answer 50

To exhaust the DHCP server's pool of IP addresses so that legitimate clients cannot lease an address.

Question 51

What is a 'Wireless Probe Request' used for?

Answer 51

It is sent by a client device to actively discover available wireless networks.

Question 52

Which type of firewall operates at the highest layer of the OSI model and performs Deep Packet Inspection?

Answer 52

Application-Level Gateway (Proxy Firewall).

Question 53

Identify the attack that involves sending many Telnet requests to a router to prevent valid administrators from accessing it.

Answer 53

Denial of Service (DoS) attack.

Question 54

Which protocol provides error reporting and diagnostic feedback between a destination host and a source host?

Answer 54

ICMP.

Question 55

What does a 'Header Checksum' in an $IPv4$ packet do?

Answer 55

It is used to detect corruption in the $IPv4$ header.

Question 56

In an $IPv4$ address, what divides the network portion from the host portion?

Answer 56

The Subnet Mask.

Question 57

What field in an $IPv4$ header is decremented by each router to prevent packets from looping endlessly?

Answer 57

Time-to-Live (TTL).

Question 58

What is the $IPv6$ equivalent of the $IPv4$ 'Time-to-Live' field?

Answer 58

Hop Limit.

Question 59

Which TCP attack aims to overwhelm a host by leaving connection slots occupied by uncompleted handshakes?

Answer 59

SYN flood attack.

Question 60

What is the primary purpose of a 'Default Gateway'?

Answer 60

It is the router's IP address that serves as the exit point for traffic leaving the local network for other networks.

Question 61

Explain the 'Least Privilege' principle in network defense.

Answer 61

Users and systems should be granted only the minimum level of access necessary to perform their functions.

Question 62

Which protocol is used for centralized Authentication, Authorization, and Accounting (AAA) in VPN and wireless environments?

Answer 62

RADIUS.

Question 63

A logical division of a physical switch into multiple separate networks is called a _____.

Answer 63

VLAN (Virtual Local Area Network)

Question 64

What is the 'principle of defense-in-depth'?

Answer 64

A layered security strategy where multiple independent controls are used so that if one fails, others remain.

Question 65

Which field in an $IPv6$ header is used to identify a sequence of packets that require special handling by routers?

Answer 65

Flow Label.

Question 66

In a wireless SOHO network, what does 'WPS' stand for and why is it often disabled?

Answer 66

Wi-Fi Protected Setup; it is often disabled because it is vulnerable to brute-force attacks.

Question 67

How does 'Rate Limiting' help mitigate DoS attacks?

Answer 67

It restricts the amount of traffic allowed from a specific source or for a specific protocol over a period of time.

Question 68

Which component of the CIA triad is primarily supported by the use of hashing?

Answer 68

Integrity.

Question 69

Which layer of the TCP/IP model is responsible for logical addressing and path selection?

Answer 69

The Internet layer.

Question 70

What is a 'Broadcast Domain'?

Answer 70

A logical network segment where all nodes can receive broadcast traffic from one another.

Question 71

Identify the protocol used for automatically assigning IP configuration parameters to hosts.

Answer 71

Dynamic Host Configuration Protocol (DHCP).

Question 72

What is 'Port Security' on a switch?

Answer 72

A feature that restricts the specific MAC addresses allowed to connect to an individual switch port.

Question 73

Which type of reconnaissance attack involves scanning a range of IP addresses to see which ones respond to ICMP requests?

Answer 73

Ping Sweep.

Question 74

What does a SIEM system do with log data from various network devices?

Answer 74

It collects, correlates, and analyzes logs to provide centralized visibility and threat detection.

Question 75

How do 'IPS Signatures' work to identify threats?

Answer 75

They are a set of rules used to detect typical patterns of intrusive or malicious activity.