Exam 4 Review

What do the following options for tracert in Windows pcs do:

-d -do not resolve addresses to hostnames -h -maximum number of hops -w timeout - wait timeout -4 Force using IPv4 -6 Force using IPv6

What address would a Windows PC receive if it cannot contact the DHCP server?

169.254.x.x or APIPA

What port number does SMTP use?

25

What is a network baseline?

A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed.

Securing endpoint devices is one of the most challenging jobs of a network administrator, because it involves human nature. What must a company have to accomplish this task?

A company must have well-documented policies in place and employees must be aware of these rules.

TCP is a connection-oriented protocol. Explain what a connection-oriented protocol is.

A connection that negotiates and establishes a permanent connection (or session) between source and destination devices prior to forwarding any traffic.

What does the Microsoft command Tracert or the Cisco IOS command traceroute accomplish?

A trace returns a list of hops as a packet is routed through a network.

Viruses

A virus is malicious software that is attached to another program to execute a particular unwanted function on a workstation. b. Trojan horses - A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool.

What is the purpose of the Cisco IOS File System (IFS)?

Allows administrators to navigate to different directories and list the files in a directory and to create subdirectories.

At what layer of the OSI model is the Client and server processes are considered to be in?

Application layer

An email client does not communicate directly with another email client when sending email. Explain what happens.

Both clients rely on the mail server to transport messages. This is true even when both users are in the same domain.

How can redundancy can be accomplished in a network environment?

By installing duplicate equipment, but it can also be accomplished by supplying duplicate network links for critical areas

How does TCP ensure that its segments are reassembled into the proper order?

By numbering and sequencing the segments

Explain what happens when a Cisco device boots up and has CDP enabled.

CDP automatically discovers neighboring Cisco devices running CDP, regardless of which Layer 3 protocol or suites are running. CDP exchanges hardware and software device information with its directly connected CDP neighbors.

In the client-server model, the device requesting the information is called a ______ and the device responding to the request is called a _______.

Client Server

The key distinction between TCP and UDP is reliability. The reliability of TCP communication is obtained through the use of ________________ Sessions.

Connection-oriented

Where are IOS debug log messages sent by default?

Console line

At the transport layer, each particular set of data flowing between a source application and a destination application is known as a ______

Conversation

What is one solution to the management of critical security patches?

Create a central patch server that all systems must communicate with after a set period of time

What is the purpose of a Domain Name System (DNS)?

DNS uses a distributed set of servers to resolve the names associated with these numbered addresses.

What are the pieces of communication in UDP called?

Datagrams

What does the IOS debug allow administrators to do?

Display status messages in real-time for analysis.

What is the most effective way to mitigate a worm attack?

Download security updates from the operating system vendor and patch all vulnerable systems

What is the purpose of FTP?

FTP was developed to allow for data transfers between a client and a server.

Explain the purpose of flow control?

Flow control helps maintain the reliability of TCP transmission by adjusting the rate of data flow between source and destination for a given session

Explain the function of the session layer.

Functions at the session layer create and maintain dialogs between source and destination applications. The session layer handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time.

Computer operating systems have a utility called nslookup. What does this allow users to do?

It allows the user to manually query the name servers to resolve a given hostname.

Explain what is a Server Message Block (SMB)?

It is a client/server file sharing protocol to describe the structure of shared network resources, such as directories, files, printers, and serial ports. It is a request-response protocol.

What is a stateful protocol?

It is a protocol that keeps track of the state of the communication session.

What advantage do selective acknowledgements (SACKs) offer?

It is possible for the destination to acknowledge bytes in discontinuous segments and the host would only need to retransmit the missing data.

What is the purpose of the application layer?

It is the layer that provides the interface between the applications we use to communicate and the underlying network over which our messages are transmitted

On the Internet, domain names, such as http://www.cisco.com, are much easier for people to remember than 198.133.219.25, which is the numeric address for this server. Explain what happens if Cisco decides to change the numeric address of www.cisco.com.

It is transparent to the user, because the domain name remains the same. The new address is simply linked to the existing domain name and connectivity is maintained.

SMB file-sharing and print services have become the mainstay of _______________ networkings.

Microsoft

What command is used on an IOS to display debug log messages on VTY lines?

Monitor terminal

Is HTTP a secure protocol?

NO

What is the purpose of Network protocols?

Network protocols support the applications and services used by employees in a small network.

What command can you use to disable CDP on a specific Interface?

No cdp enable

Study OSI Model & TCP/IP Model comparison

Okay

Explain how VoIP works?

Phone itself converts voice-to-IP

Which command is an effective way to test connectivity?

Ping

Packet filtering

Prevents or allows access based on IP or MAC addresses. b. Application filtering - Prevents or allows access by specific application types based on port numbers.

Application filtering

Prevents or allows access by specific application types based on port numbers.

URL filtering

Prevents or allows access to websites based on specific URLs or keywords. d. Stateful packet inspection (SPI) - Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted specifically. SPI can also include the capability to recognize and filter out specific types of attacks such as denial of service (DoS).

What enables a network professional to quickly compile statistical information about traffic flows on a network?

Protocol analyzers

Explain how congestion avoidance works.

Reduce the # of bytes sent before receiving device acknowledges.

HTTP is a________/________- protocol.

Request/Response

Telnet is an unsecure method of accessing a Cisco device "in band". What is a better method?

SSH

HTTPS uses the same client request-server response process as HTTP. How the data-stream is encrypted before being transported across the network?

Secure Socket Layer (SSL)

What information is assigned to each header to ensure that it is reassembled in the correct order?

Sequence numbers

The transport layer divides the data into segments. What fields are in the TCP header, that are not in the UDP header, make it a reliable protocol?

Sequence numbers Acknowledgement numbers Window Control bits

When backing up to a USB port, it is a good idea to issue the ____________ command to verify that the USB drive is there and confirm the name

Show file system

Since Duplex-mismatch occurs at Layer1 and Layer2, what show command would be used to view this information?

Show interfaces

What is the purpose of SMTP?

Simple Mail Transfer Protocol (SMTP) transfers mail reliably and efficiently.

Email is a _____________ method of sending, storing, and retrieving electronic messages across a network

Store-and-Forward

Explain how TCP and UDP differ from each other.

TCP is considered a reliable, full-featured transport layer protocol, which ensures that all of the data arrives at the destination. UDP is a very simple transport layer protocol that does not provide for any reliability.

In addition to understanding changing traffic trends, a network administrator must also be aware of how network use is changing. What is one method of doing this?

Taking snapshots of employee application utilization

What is the purpose of the arp command?

The arp command enables the creation, editing, and display of mappings of physical addresses to known IPv4 addresses.

What do network threats include?

The people interested and qualified in taking advantage of each security weakness.

Explain the purpose of the transport layer.

The transport layer is responsible for establishing a temporary communication session between two applications and delivering data between them

What are the sequence (SEQ) number and acknowledgement (ACK) numbers used together for?

To confirm receipt of the bytes of data contained in the transmitted segments.

The combination of the source and destination IP addresses and the source and destination port numbers is known as a socket. What is a socket used for?

To identify the server and service being requested by the client.

Why does a client place a destination port number in a segment?

To tell the destination server what service is being requested.

With UDP, there are no ______ layer processes that inform the sender if successful delivery has occurred.

Transport

Worms

Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again.

What is network vulnerability?

Vulnerability is the degree of weakness which is inherent in every network and device.

Label the following port number ranges.

Well-Known Ports 0 to 1023 Registered Ports 1024 to 49151 Private and/or Dynamic Ports 49152 to 65535

Explain how is IMAP different from POP?

With POP, email messages are downloaded to the client and removed from the server. With IMAP, copies of the messages are downloaded and originals are kept on the server until manually deleted

A ping issued from the IOS will yield one of several indications for each ICMP echo that was sent. List and explain the most common indicators.

a. ! - indicates receipt of an ICMP echo reply message b. . - indicates a time expired while waiting for an ICMP echo reply message c. U - an ICMP unreachable message was received

Firewall products come packaged in various forms. List each.

a. Appliance-based firewalls b. Server-based firewalls c. Integrated firewalls d. Personal firewalls

The TCP/IP model Application layer is equal to which three OSI model layers?

a. Application b. Presentation c. Session

There are three types of applications that are best suited for UDP. Explain each.

a. Applications that can tolerate some data loss, but require little or no delay b. Applications with simple request and reply transactions c. Unidirectional communications where reliability is not required or can be handled by the application

AAA, or "triple A" network security services provide the primary framework to set up access control on a network device. List and explain what the AAA represents?

a. Authentication - who is permitted to access a network b. authorization - what they can do while they are there c. accounting - to watch the actions they perform while accessing the network

To determine traffic flow patterns, it is important to:

a. Capture traffic during peak utilization times to get a good representation of the different traffic types. b. Perform the capture on different network segments, because some traffic will be local to a particular segment.

List the features used to describe UDP.

a. Connectionless b. Unreliable Delivery c. No Ordered Data Reconstruction d. No Flow Control

What are the factors to consider when planning a small network?

a. Cost b. Speed and types of port/interfaces c. Expandability d. Operating system features and services

In regards to securing devices, what are some simple steps that should be taken that apply to most operating systems?

a. Default usernames and passwords should be changed immediately. b. Access to system resources should be restricted to only the individuals that are authorized to use those resources. c. Any unnecessary services and applications should be turned off and uninstalled, when possible.

List what information CDP provides about each CDP neighbor device.

a. Device identifiers b. Address list c. Port d. Capabilities e. Platform

Explain the four messages used during DHCP operation.

a. Discover b. Offer c. Request d. Acknowledge

Application layer protocols that use UDP include:

a. Domain Name System (DNS) b. Simple Network Management Protocol (SNMP) c. Dynamic Host Configuration Protocol (DHCP) d. Routing Information Protocol (RIP) e. Trivial File Transfer Protocol (TFTP) f. IP telephony or Voice over IP (VOIP) g. IPTV

List the protocols that fall under the TCP/IP model Application layer.

a. Domain Name System (DNS) b. Telnet c. Simple Mail Transfer Protocol (SMTP) d. Dynamic Host Configuration Protocol (DHCP) e. Hypertext Transfer Protocol (HTTP) f. File Transfer Protocol (FTP) g. Trivial File Transfer Protocol (TFTP) h. Bootstrap Protocol (BOOTP) i. Post Office Protocol (POP) j. Internet Message Access Protocol (IMAP)

Planning and documenting the IP addressing scheme helps the administrator to track device types. Explain two reasons why this is important.

a. Easy to identify server traffic by IP address. This can be very useful when troubleshooting network traffic issues using a protocol analyzer. b. Control access to resources on the network based on IP address when a deterministic IP addressing scheme is used.

In addition to supporting the basic functions of data segmentation and reassembly, TCP also provides:

a. Establishing a connection b. Reliable delivery c. Same order delivery (Ordered data reconstruction) d. Flow control

To end each one-way TCP session, a two-way handshake is used. What two control flags are used?

a. FIN b. ACK

The presentation layer has three primary functions. These are:

a. Formats, or presents, data from the source device into a compatible form for receipt by the destination device. b. Compression of the data in a way that can be decompressed by the destination device. c. Encryption of the data for transmission and the decryption of data upon receipt by the destination.

List and explain the three common message types used by HTTP.

a. GET - a client request for data b. POST - POST and PUT are used to upload data files to the web server c. PUT - PUT uploads resources or content to the web server

Characteristics of TCP

a. Guaranteed Delivery b. Ordered Delivery c. Sequenced Message Segments d. Flow Control e. Session Establishment

List and explain the four classes of physical threats.

a. Hardware threats - physical damage to servers, routers, switches, cabling plant, and workstations b. Environmental threats - temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry) c. Electrical threats - voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss d. Maintenance threats - poor handling of key electrical components (electrostatic discharge), lack of critical spare parts, poor cabling, and poor labeling

Which applications use TCP?

a. Hypertext Transfer Protocol (HTTP) b. File Transfer Protocol (FTP) c. Simple Mail Transfer Protocol (SMTP) d. Telnet

List the common protocols that fall under the application Layer.

a. Hypertext Transfer Protocol (HTTP) b. File Transfer Protocol (FTP) c. Trivial File Transfer Protocol (TFTP) d. Internet Message Access Protocol (IMAP) e. Domain Name System (DNS) protocol

What information does the ipconfig command give you?

a. IP address b. Subnet Mask c. Default gateway

After the hacker gains access to the network, four types of threats may arise. These are:

a. Information theft b. Identity theft c. Data loss/manipulation d. Disruption of service

Characteristics of UDP

a. Less Overhead b. Fast Transmission Requirements c. No Acknowledgment of Receipt d. Connectionless e. No ordered Delivery

List the applications where UDP is the preferred transfer protocol?

a. Live video/Audio b. Voice over IP (VoIP).

There are two forms of software programs or processes that provide access to the network. List and explain both.

a. Network applications - Applications are the software programs used to communicate over the network. b. Application layer services - Other programs may need the assistance of application layer services to use network resources, like file transfer or network print spooling. Though transparent to an employee, these services are the programs that interface with the network and prepare the data for transfer.

List and explain the elements required to scale a network.

a. Network documentation - physical and logical topology b. Device inventory - list of devices that use or comprise the network c. Budget - itemized IT budget, including fiscal year equipment purchasing budget d. Traffic analysis - protocols, applications, and services and their respective traffic requirements should be documented

The P2P network model involves two parts, these are:

a. P2P networks b. P2P applications.

Clients only use two application layer protocols to retrieve email. These are:

a. POP b. IMAP

List samples of Access attacks.

a. Password attack b. Trust attack c. Port Redirection d. Man-in-the-Middle

List the common protocols that work in the presentation layer.

a. QuickTime b. Motion Picture Experts Group (MPEG) Graphic Image Formats: a. Graphics Interchange Format (GIF) b. Joint Photographic Experts Group (JPEG) c. Portable Network Graphics (PNG)

To transport streaming media effectively, the network must be able to support applications that require delay-sensitive delivery. List two protocols that support this requirement.

a. Real-Time Transport Protocol (RTP) b. Real-Time Transport Control Protocol (RTCP)

List the three steps in TCP connection establishment.

a. SYN - The initiating client requests a client-to-server communication session with the server. b. SYN/ACK - The server acknowledges the client-to-server communication session and requests a server-to-client communication session. c. ACK - The initiating client acknowledges the server-to-client communication session.

Email supports three separate protocols for operation. These are:

a. Simple Mail Transfer Protocol (SMTP) b. Post Office Protocol (POP) c. Internet Message Access Protocol (IMAP)

SMB messages can:

a. Start, authenticate, and terminate sessions b. Control file and printer access c. Allow an application to send or receive messages to or from another device

There are three primary vulnerabilities or weaknesses. These are:

a. Technological b. Configuration c. Security policy

What are the primary responsibilities of transport layer protocols?

a. Tracking the individual communication between applications on the source and destination hosts b. Segmenting data for manageability and reassembling segmented data into streams of application data at the destination c. Identifying the proper application for each communication stream

TCP/IP provides two transport layer protocols. These are:

a. Transmission Control Protocol (TCP) b. User Datagram Protocol (UDP)

To protect network devices, it is important to use strong passwords. What are standard guidelines for creating strong passwords?

a. Use a password length of at least 8 characters, preferably 10 or more characters. A longer password is a better password. b. Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed. c. Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information. d. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty. e. Change passwords often. If a password is unknowingly compromised, the window of opportunity for the attacker to use the password is limited. f. Do not write passwords down and leave them in obvious places such as on the desk or monitor.

Network technicians use show commands extensively for:

a. Viewing configuration files b. Checking the status of device interfaces and processes c. Verifying the device operational status

Application developers must choose which transport protocol type is appropriate based on the requirements of the applications. What are two examples of where a TCP is more appropriate.

a. When segments must arrive in a very specific sequence to be processed successfully. b. When all data must be fully received before any of it is considered useful.

TCP's reliability functions provide more robust communication between applications. What are two possible issues that can be incurred by this reliability?

a. additional overhead b. possible delays

For IPv4, DHCP automates the assignment of which four items?

a. assignment of IP addresses b. subnet masks c. gateway d. other IP networking parameters

How does a browser interpret the three parts of the URL http://www.cisco.com/index.html?

a. http - the protocol or scheme b. www.cisco.com - the server name c. index.html - the specific filename requested

Where can backup configuration files can be stored?

a. on a Trivial File Transfer Protocol (TFTP) server b. a USB drive

List some of the most popular Cisco IOS show commands.

a. show running-config b. show interfaces c. show arp d. show ip route e. show protocols f. show version

Information gathered by the protocol analyzer is analyzed based on what?

a. the source and destination of the traffic b. the type of traffic being sent

What command do you use to copy the configuration file to the USB flash drive?

copy run usbflash0:/

Which Microsoft DOS command displays all of the cached DNS entries on a Windows computer system?

ipconfig /displaydns

What DOS command can be used to see which active TCP connections are open and running on a networked host?

netstat

What command can you use to disable CDP globally?

no cdp run

Which Cisco IOS command ensures that all configured passwords are a minimum of a specified length?

security passwords min-length

Which Cisco IOS command prevents unauthorized individuals from viewing passwords in plaintext in the configuration file?

service password-encryption

Which command can be used to view the file systems on a Catalyst switch or Cisco router?

show file systems

What does the show CPD neighbors detail command reveal about a neighboring device?

the IP address

Denial of service

the disabling or corruption of networks, systems, or services

Reconnaissance attacks

the unauthorized discovery and mapping of systems, services, or vulnerabilities

Access attacks

the unauthorized manipulation of data, system access, or user privileges