1.5 Implementing common protocols and services
Which of the following transport protocols and port numbers does Secure Shell use? Answer TCP (Transmission Control Protocol) port 22. UDP (User Datagram Protocol) port 19 TCP (Transmission Control Protocol) port 389 UDP (User Datagram Protocol) port 53
Secure Shell (SSH) uses port 22 and by default makes its connections via TCP. Port 19 is used by CHARGEN, port 389 is used by LDAP, and port 53 is used by DNS.
What kinds of attacks involve intercepting packets on the network and modifying them? Answer TCP/IP hijacking. Spoofing Null session DNS poisoning
TCP/IP hijacking is a method used to intercept network transmissions and modify packets that are captured
Which of the following is an example of a nonessential protocol? Answer TFTP DNS ARP TCP
TFTP (Trivial File Transfer Protocol) is a simpler version of FTP that uses a small amount of memory. It is generally considered to be a nonessential protocol. The Domain Name System service (or DNS service) is required for Internet access and on Microsoft domains.
Which port number does the Domain Name System use? Answer 53 80 110 88
The Domain Name System (DNS) uses port 53. Port 80 is used by HTTP; port 110 is used by POP3; and port 88 is used by Kerberos.
Which of the following would a DMZ typically contain? Answer FTP server SQL server Customer account database User workstations
A DMZ typically contains servers such as FTP servers and web servers. Basically it contains servers that users on the Internet would need to access. SQL servers are database servers normally stored on a company's internal network.
Which one of the following can monitor and protect a DNS server? Answer Check DNS records regularly. Ping the DNS server. Block port 53 on the firewall. Purge PTR records daily.
By checking a DNS server's records regularly, a security admin can monitor and protect it. Blocking port 53 on a firewall might protect it (it also might make it inaccessible depending on the network configuration) but won't enable you to monitor it.
Which of the following is the most secure protocol for transferring files? Answer FTPS FTP iSCSI Telnet
FTPS (FTP Secure) is the most secure protocol (listed) for transferring files. It uses SSL or TLS to secure FTP transmissions utilizing ports 989 and 990. FTP by itself is inherently insecure and uses port 21 by default.
What is the best way to utilize FTP sessions securely? Answer FTPS FTP passive FTP active TFTP
FTPS (FTP Secure) uses encryption in the form of SSL or TLS to secure file transfers. The other three options are basically variations on FTP; they do not use encryption, making them less secure.
John needs to install a web server that can offer SSL-based encryption. Which of the following ports is required to accept SSL connections from clients? Answer Port 443 inbound Port 80 inbound Port 80 outbound Port 443 outbound
For clients to connect to the server via SSL, the server must have inbound port 443 open. The outbound ports on the server are of little consequence for this concept, and inbound port 80 is used by HTTP.
Which of the following is used to transmit data between a web server and a web browser? Answer HTTP IMAP SSH FTP
HTTP (Hypertext Transfer Protocol) transmits data between a web server and a web browser. It uses addresses such as http://www.comptia.org. IMAP is the Internet Message Access Protocol. It is the second most used e-mail protocol for e-mail retrieval next to POP3.
Which of the following is a network addressing scheme that uses numbers and letters? Answer IPv6 IPv4 ICMP IGMP
IPv6 is a network addressing scheme that utilizes IP numbers that are 128-bit and are composed of numbers and letters, due to the fact that they are based on the hexadecimal numbering system. IPv4 uses numbers only. ICMP and IGMP are TCP/IP protocols
You have been tasked with securing a switch from physical access. Which of the following should you implement first? Answer Lock the switch in the server room. Set up access control lists. Check the baseline configuration. Disable unnecessary accounts.
If you need to physically secure a switch, you should first lock the switch in the server room so that a person who has gained unauthorized access to your server room or data center cannot plug a laptop into one of those ports and access the network.
Which ports are used for e-mail? Answer 110 and 143 3389 and 22 389 and 443
POP3 uses port 110; IMAP uses port 143. 3389 is used by the Remote Desktop Protocol. 22 is used by SSH. 389 is used by LDAP. 443 is used by HTTPS
Which protocol is based on SSH? Answer SFTP TFTP FTP FTPS
SFTP is the SSH File Transfer Protocol (also called Secure FTP). It is an extension of the SSH protocol, which uses port 22. Contrast this with FTPS, which is FTP Secure or FTP-SSL, which uses port 443.
Which TCP port does LDAP use? Answer 389 80 443 143
The Lightweight Directory Access Protocol (LDAP) uses port TCP 389. Port 80 is used by HTTP. Port 443 is used by HTTPS. Port 143 is used by IMAP.
Which of the following protocols allow for the secure transfer of files? Answer SFTP SNMP TFTP ICMP
The Secure FTP (SFTP) protocols provides for the secure transfer of files. The Simple Network Management Protocol (SNMP) is used to monitor various parts of the network. Trivial FTP (TFTP) is not secure by default.
A person attempts to perform a zone transfer to get access to a zone file. What type of server are they trying to manipulate? Answer DNS server Proxy server File server Web server
DNS servers are the only types of servers listed that do zone transfers. The purpose of accessing the zone file is to find out what hosts are on the network.
Which port number is used by SCP? 22 23 25 443
SCP (Secure Copy) uses SSH, which runs on port 22 by default. Port 23 is Telnet, port 25 is SMTP, and port 443 is HTTPS (SSL/TLS).
What is a secure option for remotely administering Linux systems? Answer SSH SCP SNMP FCIP
SSH (Secure SHell) is used to remotely administer Unix/Linux systems and network devices. SCP (Secure Copy) is a way of transferring files securely between two hosts—it utilizes SSH.