1
Q
Involves the process of collecting, analyzing, and preserving digital evidence from network devices to investigate security incidents and potential breaches.
A
Network Forensic
2
Q
was designed to provide wireless networks with a level of security comparable to wired networks. Uses RC4 for authentication and encryption. Uses static key to encrypt all communications. Very easy to crack.
A
Wired Equivalent Privacy (WEP)
3
Q
Intended as an interim solution. Implements the Lightweight Extensible Authentication Protocol (LEAP) and Temporal Key Intergrity Protocol (TKIP) which supports a per-packet key that dynamically generates a new 128 bit key for each packet.
A
Wi-Fi Protected Access (WPA)
4
Q
Implements AES for encryption and Counter Mode CBC Mac Protocol (CCMP) for integrity. 2 authentication options preshared key or enterprise. Is backwards compatiable with WAP
A
Wi-Fi Protected Access (WPA2)
5
Q
Uses 192 bit encryption and individualized encryption for each user. Uses Simultaneous Authentication of Equals (SAE) for authentication
A
Wi-Fi Protected Access 3
6
Q
a zero-knowledge proof protocol
where both parties prove they know a shared password without revealing it
(never sending it on the network). It uses elliptic curve cryptography to
generate a shared key that neither party can predetermine.
A
Simultaneous Authentication of Equals (SAE)
7
Q
Speed 2 Mbps
Frequency 2.4 GHz
A
802.11 Wifi Version
8
Q
Speed 54 Mbps
Frequency 5 GHz
A
802.11a Wifi Version
9
Q
Speed 11 Mbps
Frequency 2.4 GHz
A
802.11b Wifi Version
10
Q
Speed 54 Mbps
Frequency 2.4 GHz
A
802.11g Wifi Version
11
Q
Speed 200+ Mbps
Frequency 2.4 GHz
A
802.11n Wifi Version
12
Q
Speed 1 Gbps
Frequency 5 GHz
A
802.11ac
13
Q
Transmits raw bit streams over the physical medium, defining electrical and
physical specifications while handling bit-level transmission.
A
Physical Layer
14
Q
Provides node-to-node data transfer, detects and corrects errors in the
physical layer, and defines protocols for flow control between adjacent network nodes.
A
Data Link Layer
15
Q
Routes data packets between different networks, performs logical addressing
and path determination, and handles traffic control and packet sequencing.
A
Network Layer
16
Q
Provides end-to-end communication control, ensures complete data transfer,
and handles segmentation, flow control, and error control.
A
Transport Layer
17
Q
Establishes, manages, and terminates sessions between applications, while
also handling dialog control and synchronization between devices.
A
Session Layer
18
Q
Translates data between networking and application formats, handling
data compression, encryption, and format conversion.
A
Presentation Layer
19
Q
Provides network services directly to end-users, supports application and
end-user processes, and includes protocols for various services such as HTTP (web), FTP (file transfer), and SMTP (email).
A
Application Layer
20
Q
SSH,HTTP, FTP, LPD, SMTP, Telnet, TFTP, EDI, POP3, IMAP, SNMP, NNTP, S RPC, and SET
A
Application Layer Protocols
21
Q
Encryption protocols and format types, such as ASCII, EBCDICM, TIFF, JPEG, MPEG, MIDI
A
Presentation Layer Protocols
22
Q
SMB, RPC, NFS, and SQL
A
Session Layer Protocols
23
Q
SPX, SSL, TLS, TCP, and UDP
A
Transport Layer Protocols
24
Q
ICMP, RIP, OSPF, BGP, IGMP, IP,
IPSec , IPX, NAT, and SKIP
A
Network Layer Protocols
25
ARP, SLIP, PPP, L2F, L2TP, PPTP, FDDI, ISDN
Data Link Protocols
26
EIA/TIA 232, EIA/TIA 449, X.21, HSSI, SONET,
V.24, V.35, Bluetooth, 802.11 Wifi, and Ethernet
Physical Layer Protocols
27
Port 20/21
File Transfer Protocol (FTP)
28
Port 22
Secure Shell (SSH)
29
Port 23
Telenet Protocol
30
Port 25
Simple Mail Transfer Protocol (SMTP)
31
Port 53
Domain Name System (DNS)
32
Port 80
Hypertext Transfer Protocol (HTTP)
33
Port 110
Post Office Protocol Version 3 (POP3)
34
Port 123
Network Time Protocol (NTP)
35
Ports 135, 137-139, 445
Windows File Sharing
36
Port 443
Hypertext Transfer Protocol Secure (HTTPS)
37
Port 515
Line Printer Remote/Line Printer Daemon (LPR/LPD)
38
Port 1433/1434
Microsoft SQL Server
39
Port 1521
Oracle
40
Port 1720
H.323 Multimedia Communications
41
Port 1723
Point to Point Tunneling Protocol (PPTP)
42
Port 3389
Remote Desktop Protocol (RDP)
43
uses a single channel and reduces
latency
Baseband Cable
44
supports multiple channels, offering higher bandwidth but
potentially increasing latency.
Broadband Cable
45
A type of electrical cable with an inner conductor surrounded by insulating layer and metallic shield. Reduces interference and noise, provides moderate bandwidth,
but is susceptible to jitter.
Coaxial Cable
46
that use metal conductors, typically
copper, to transmit electrical signals. Susceptible to interference and noise, offers moderate bandwidth and latency;
Copper Cable
47
transmit data using pulses of light through thin strands of glass
or plastic. Eliminates electromagnetic interference, provides extremely high bandwidth, reduces latency and jitter, and is nearly impervious to tapping.
Fiber Optic Cable
48
Consists of pairs of insulated copper wires twisted together to reduce electromagnetic interference.
Twisted Pair Cable
49
designed for low trust and unknown users to access specific system such as public accessing a web server. Can be implemented with 2 or one multihomed (has multiple interfaces) firewall
Screened Subnet (DMZ)
50
a cybersecurity technique used to control the number of requests or connections allowed from a single source within a specific timeframe.
Ratelimiting
51
a security system designed to protect wireless networks from unauthorized access and malicious attacks. It works by constantly monitoring the radio frequency (RF) spectrum, detecting rogue access points, unauthorized devices, and other potential threats, and then taking action to block or mitigate these threats.
Wireless Intrusion Prevention System
52
single purpose or focused purpose digital computers. Typically deployed for the management or automation of various industrial electromechanical operations such as giant display system in a stadimn
Programmable logic controllers (PLC)
53
provide a centralized
interface for monitoring and controlling multiple remote sites and equipment,
commonly used in industries like utilities, oil and gas, and water treatment to manage geographically dispersed assets.
Supervisory Control and Data Acquisition (SCADA)
54
A network security technique that verifies the legitimacy of the source IP address in network packets. It helps prevents IP spoofing attacks.
Source Address Validation (SAV)
55
Requirements for establishing, implementing, maintaining and continually improving an information security management system
ISO 27001
56
provides riskbased
cybersecurity guidance across various functions like identify, protect, detect, respond, and recover.
NIST 800-53
57
Magnetism that can disrupt data availability and intergrity
Electromagnetic Interference
58
is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table.
ARP Poisoning
59
is a denial
of service (DoS) attack that involves sending fragmented packets
to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
Teardrop Attack
60
is a denial of service (DoS) attack that involves sending a large amount of spoofed
UDP traffic to a router's broadcast address within a network.
Fraggle Attack
61
which uses spoofed ICMP traffic using a 3rd party network rather than UDP traffic to achieve to overwhelm the network.
Smurf Attack
62
is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack
Land Attack
63
is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server
resources to make the system unresponsive to legitimate traffic.
SYN Flood
64
Employs an oversized ping packet. Max allowed ping packet size is 65,536 bytes.
Ping of Death
65
high throughput high performance network technology that directs data across a network based on short path labels rather than longer network processes.
Multiprotocol Label Switching (MPLS)
66
is an approach to network management that uses software to control and manage
network resources, rather than relying on traditional hardware-based methods. It centralizes network control by separating the control plane from the data plane.
Software Defined Networking
67
The network switches and routers located at this plane. Data forwarding happens here
Data Plane (Infrastructure Layer)
68
The intelligence in devices that work in true intermediary fashion, determining how traffic should flow based on the status of the data plane and the requirements specified by the application layer
Control Plane
69
Applications and services that use services from the control and/or
management plane form the application plane. Firewall and load balancing functions reside here.
Application Plane
70
Responsible for monitoring, configuring, and maintaining network
devices (e.g., making decisions regarding the state of a network device). Provides
network administrators with essential tools and interfaces to manage the network’s
resources, behavior, and overall state.
Management plane
71
is a technology that allows
you to extend the reach of a VLAN across multiple physical networks. It can be used to create isolated segments within a larger network for improved security and performance. It encapsulates VLAN traffic in a new header, allowing it to traverse networks that don’t normally understand VLANs.
VXLANs
72
are a technique used to defend against TCP SYN flood attacks, a type of denial-of-service attack. Instead of immediately allocating resources for a new connection when a SYN packet is received, the server encodes connection information into the SYN-ACK response and waits for the client's acknowledgment (ACK) before fully establishing the connection.
Syn Cookies
73
maintains a list of destination networks along with metrics of direction and distance as measured in hops.
Distance Vector Routing Protocols
74
gather router characteristics such as speed, latency, error rates, and actual monetary cost for use which is tabulated to make the next hop routing decision
Link State Routing Protocols
75
a distance vector routing protocol that uses the count of hops that a signal makes along the network path. Allow a maximum of 15 hops and at hop number 16 the distance is considered infinate and the destination unreachable.
Routing Information Protocol (RIP)
76
is when a set of routers have the same routing information about the network thye are in. This happens when routers have all available routes from eahc other via routeing protocols, all routers agree on what the network topology looks like
Convergence
77
a link state protocol common in large enterprise networks that detects changes in the topology, such as link failures and converges on a new loop free routing tables within seconds.
Open Shortest Path First (OSPF)
78
path vector routing protocol used between separate autonomous system. Is the routing protocol of the global internet and private networks of service providers. It chooses the shortest path through the internet by navigating the least number of autonomous systems.
Border Gateway Protcol (BGP)
79
Provides encryption and authentication for TCP/IP connections at the transport layer, commonly used for secure web browsing (HTTPS).
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
80
1. Client Hello- client initiates the handshake
2. Server Hello - server response
3. Certificate Exchange - server sends its digital certificate
4. Certificate Verification- client verifies the server's certiicate
5. Key Exchange - client & server exchange a pre-master secret
6. Session Key Creation - client & server compute same session key
7. Finished Message - both client and server send "Finished" messages.
SSL/TLS Handshake Steps
81
Typically operates at layer 3, it inspects each packet and if a packet breaks the established rules, the packet is dropped and/ or logged.
Packet Filtering Firewall
82
typically operates on layer 3 and 4, it monitors the state of network connections. The state is kept track of and other connection attributes are saved temporarily in memory.
Stateful Inspection Firewall
83
acts as an intermediary between a user's computer and the internet, intercepting requests and forwarding them to the destination server. It then receives the response and relays it back to the user, effectively hiding the user's actual IP address and providing an extra layer of security and privacy.
Proxy Server
84
Typically operates on layer 7, it examines packets and network traffic with more scrutiny than packet filtering firewalls. It seeks to identify what kind of application traffic wants to cross the boundary. It does deep inspection.
Application Level Firewall
85
opertates on layer 5, it only task is to ensure that the TCP handshaking is complete
Circuit Level Firewall
86
combines traditional features with advanced features of other network based security devices such as IDS or IPS. It operates at multiple levels
Next Generatation Firewall
87
is an approach to cybersecurity where security controls and policies are implemented, managed, and automated through code
Software Defined Security
88
the process of observing and analyzing data leaving a network to detect and prevent unauthorized data transfer
Egress Monitoring
89
the process of observing and analyzing data traffic that enters a network or system from an external source
Ingress Monitoring
90
a error control method used in data transmission where the receiver detects errors in a received packet and requests the sender to retransmit it. Essentially, if a receiver doesn't receive a packet correctly, it sends a "negative acknowledgement" (NACK) to the sender, prompting a retransmission.
Automatic Repeat Request (ARQ)
91
repeats traffic only out of the port on which the destination is known to exist.
Switch (layer 2 or 3)
92
used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two.
Routers (layer 3)
93
connects networks that are using different network protocols. Also known as protocol translators.
Gateways (layer 3)
94
used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol
Repeaters, Concentrators, and Amplifiers (layer 1)
95
used to connect two networks (event networks of different topologies, cablings types and speeds) in order to connect network segments that use the same protocol
Bridges (layer 2)
96
used to connect multiple systems and connect network segments that use the same protocol.
Hubs (layer 1)
97
is a technology that allows voice communication over the internet. It converts analog voice signals into digital data packets, which are then transmitted over an IP network.
Voice Over Internet Protocol (VoIP)
98
A signaling protocol used for establishing, managing, and terminating multimedia sessions, including voice and video calls. It handles call setup, user location, and call control.
Session Initiation Protocol (SIP)
99
Used for transmitting real-time audio and video data streams over IP networks. It ensures the timely delivery of multimedia packets during a call
Real-time Transport Protocol (RTP)
100
A secure version of real time transport protocol (RTP) that encrypts and authenticates the media stream.
Secure Real Time Transport Protocol (SRTP)
101
is a secure protocol that is part of IPSec suite and used to establish a secure authenticated communications channel between two entities. Typically uses X.509 PKI certificates for authentication and Diffe Hellman-Merkle key exchange protocol to estaablish a shared session secret
Internet Key Exchange (IKE)
102
is a communcation channel between two entities across an intermediary untrusted network.
Virtual Private Network (VPN)
103
is the network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol
Tunneling
104
is a suite of protocols designed to authenticate and encrypt IP packets in a communication
session. It can be used either as a standalone VPN solution or in combination with other
protocols like L2TP.
Internet Protocol Security (IPsec)
105
is a legacy tunneling protocol that doesn’t provide encryption on its own. It’s often used
in conjunction with IPsec (L2TP/IPsec) to create a more secure VPN solution. it can ensure confidentiality, integrity, and authentication of data packets transmitted through the
tunnel.
Layer 2 Tunneling Protocol (L2TP)
106
A component of IPsec that calculates a cryptographic hash over the entire packet to provide integrity and authentication without encrypting the data. It
ensures that the packet hasn’t been tampered with during transmission.
Authentication Header (AH)
107
A component of IPsec that encrypts the payload of the IP packet,
providing confidentiality, integrity, and limited authentication. It’s generally used in conjunction with AH for enhanced security, ensuring both the privacy and authenticity of
the transmitted data.
Encapsulating Security Payload (ESP)
108
IPsec mode that encrypts only the payload of the IP packet, leaving the original IP header intact. It is often used for client-to-site VPNs, where individual devices connect to a remote network.
Transport Mode
109
IPsec mode that encapsulates the entire IP packet and adds a new
IP header.It is typically used for site-to-site VPNs, where entire networks communicate securely over an untrusted network (like the internet).
Tunnel Mode
110
can support only a single communication channel. It uses a direct current applied to the cable. Is a form of digital signal. Ethernet is an example.
Baseband
111
can support multiple simultaneous signals. Uses frequency modulation to support numerous channels each supporting a distinct communication session. Is a form or analog signal. Cable TV and modems, DSL, T1 and T3 are examples
Broadband
112
a dedicated physical pathway is created between the two communicating parties. Once a call is established, the links between the two parties remain the same throughout the conversation.
Circuit Switching
113
occurs when the message or communication is broken up into small segments and sent across the intermediary networks to the destination.
Packet Switching
Domain 4
flashcards
Decks in class (30)
# Cards
-
Test Questions40
-
OSI and TCP/IP Models50
-
Internet Protocol (IP)18
-
Secure Protocols14
-
Implications of Multilayer Protocols4
-
Converged Protocols7
-
Transport Architecture5
-
Performance Metrics5
-
Traffic Flows7
-
Physical Segmentation3
-
Logical Segmentation4
-
Micro-segmentation4
-
Edge Networks6
-
Wireless Networks13
-
Cellular/Mobile Networks5
-
Content Distribution Networks (CDN)4
-
Software Defined Networks (SDN)6
-
Trasmission Media20
-
Virtual Private Cloud (VPC)4
-
Monitoring and Management4
-
Operation of Infrastructure26
-
Network Access Control (NAC) system6
-
Endpoint Security2
-
Voice, Video, and Collaboration8
-
Remote Access11
-
Data Communication5
-
Third Party Connectivity2
-
CF Domain 4 Flash Cards81
-
Domain 4 Test Notes113
-
Domain 4 NTK16
