CIS 420 Final Exam - Spring 2023
IoT
(Internet of Things) refers to a network of physical objects of things that are embedded with electronics, sensors, software, and network creativity. These physical objects can exchange data with each other.
The following statements are true regarding ACL's.
-ACL's determine which packets may be sent and received -one ACL per interface, per protocol, per direction -an interface may have several ACL's but not for the same direction or protocol
OSPF routers form adjacencies by
-Exchanging Hello packets -Agreeing upon dead interval -Agreeing upon network type
Which of the following technologies does WPA3 employ?
-GCMP -perfect forward security
The following is true regarding OSPF.
-OSPF routers send LSAs using IP packets -OSPF LSAs are sent multicast using 224.0.0.5 or 224.0.0.6
IoT Applications
-Smart Homes Monitor and control home systems -Factories Control and monitoring of equipment -Supply chain/transportation logistics RFID chips -Medical field Monitoring devices and implants -Agriculture Monitor crop and soil conditions -Military Battlefield bots - many AI devices working in tandem such as swarm bots
Given the following routing table entry from a router configured with OSPF, which of the following statements are true? O 192.168.10.0/24 [110/65] via 172.16.10.1 00:00:03 Serial0/1
-The administrative distance is 110 -The total OSPF cost of this route is 65 -This network is reachable via another router
Which of the following statements is try regarding the advantages of named ACL's?
-The order of ACL statements can be edited. -individual statements can be removed from the ACL. -Packets can be filtered by protocol.
ACL's can do which of the following?
-VPN traffic types -NAT configuration -OoS management
Network Function Virtualization (NFV)
-Variation of SDN, but more towards virtualization - both use network abstraction -Network devices become partially or completely virtual machines •Devices work as software instead of hardware •vRouters -May incorporate AI and machine learning to monitor, optimize and secure - Cisco DNA is an example
•Older encryption standards
-WEP -WPA
Which of the following statements are true regarding ACL's?
-configured ACL's have implicit deny statements. -ACL statements are read from top to bottom. -ACL's will execute the first matching statement and ignore the rest.
Which of the following are characteristics of a secure wireless network?
-privacy -integrity -authentication
The wild card mask for a 255.255.255.248 network is:
0.0.0.7
LSU Sub-types
1 - Router LSA 2 - Network LSA 3 or 4 - Summary LSA 5 - Autonomous System External LSA's 6 - Multi-cast OSPF LSA's 7 - Defined for not-so-stubby areas 8 - External Attributes LSA for Border Gateway Protocol (BGP) 9, 10, 11 - Opaque LSA's
The cost reference for the OSPF metric is
10^8
In a broadcast multi-access network, how many adjacencies will be formed if I have 9 routers?
36 The DR will have adjacencies with the BDR and the remaining 7 routers: 1 (BDR) + 7 = 8 adjacencies. The BDR will have adjacencies with the DR and the remaining 7 routers: 1 (DR) + 7 = 8 adjacencies. Each of the remaining 7 routers will have adjacencies with the DR and BDR, so: 7 routers * 2 adjacencies = 14 adjacencies.
DHCP Operation
A DHCP server can provide three types of IP address assignments •Manual allocation - the network administrator assigns a preallocated IP address to a client host and this IP address is communicated via the DHCP server. •Automatic allocation - DHCP automatically assigns a static IP address permanently to a device, selecting it from a pool of available addresses. The assignment is permanent with no lease period for the IP address. •Dynamic allocation - DHCP automatically and dynamically assigns an IP address from an available pool of addresses for a period of time (lease) or until the host no longer needs the IP address (it is turned off or disconnected from the network)
A single wireless LAN is called a
BSS
The WAP identifier for a BSS is the
BSSID
Which network type features more than one router connected to a switch?
Broadcast multiaccess
SDN (Software Defined Networking)
Creating virtual network configurations from physical networks •Separate data plan from control plane - routing and switching control done by server cluster connected to physical routers and switches. •Versatility in network configuration for rapidly changing needs. •Cisco DNA is an example of a vendor SDN solution. OpenFlow architecture
In a Point-to-Point link between two routers, which router sets the clock rate?
DCE
Router ID
Determined in order of priority: ◦IP address configured with the router-id command ◦Highest IP address of any loopback interfaces ◦Highest active IP address of an interface Loopback method is most common since it supports legacy routers and ISO's
Which authentication protocol requires both the WAP (AS) and the client to present digital certificates?
EAP-TLS
A DHCP server can only be a stand-alone device.
False
A WAP can only handle one BSS.
False
OSPF Packet Types
Hello DBD - database synchronization info LSR, Link State Request - requests specific link-state records from router to router LSU, Link State Updates - Sends specifically requested link state records (LSA, link state advertisements - 11 subtypes) LSAck, Link State Acknowledgements - acknowledgement sent for other packet types
Hello Packets
Hello packets are sent out every 10 seconds by default to inform neighboring routers that the router is still active (30 seconds on NBMA networks).
Problems with Multiple Adjacencies
LSAs will be flooded from each router causing an overwhelming amount of traffic that will choke the network. The solution is to elect one router per area to coordinate the distribution of update LSAs. This router is the Designated Router or DR. A second router is selected as the Backup Designated Router or BDR. The DR and BDR are elected by the routers in the area. Careful management must be exercised to configure the desired routers as DR and BDR.
IoT Issues
Lack of uniform standards Safety questions regarding large number of devices, especially for devices the monitor and direct vehicles and machinery Legal Frameworks lag technology
Which authentication protocol requires only the WAP (AS) to present a digital certificate?
PEAP
Which of the following authentication methods are used in home or small business networks?
PSK
Which of the following describes the operation of an inbound ACL?
Packets are compared to the ACL's statements to determine if they can be sent to the outbound interface.
ACL Operations
Routers use ACL's to control packet traffic by: •Classification: Identifying traffic location and type •Filtering: controlling flow of traffic based upon classification ACL's tell routers 'if' packets can pass through them based upon a set of predetermined rules whereas routing tables tell routers 'where' to send packets. ACL's are bound to a router interface and filter traffic coming in or going out of that interface. One ACL per interface, per protocol, per direction •But.... One interface can have multiple ACLS but not for the same direction or protocol One ACL can be assigned to multiple interfaces. •ACL's are read top to bottom with the first statement to match being the one executed. The ACL decision process is terminated at that point. •When an ACL is created and one entry placed into it, it will also create an implicit 'deny all' rule; in most Cisco IOS's, an empty ACL 'permits all' traffic. •All ACL's must have at least one permit statement or all traffic will be blocked. •ACL statements should be specific to general.
A wireless LAN is identified by a
SSID
OSPF Packets
Send information between OSPF routers using IP packets Use IPv4 Multicast 224.0.0.5 and 224.0.0.6 IP packet protocol field is set to 89 to indicate OSPF packet. If Ethernet frame is used, frame is set to multicast address 01-00-5E-00-00-05 or 01-00-5E-00-00-06.
Standard ACL's filter packets based upon:
Source IP addresses
The inside global address refers to which IP address in our network?
The public IP address on our gateway router's ISP interface
A BSS can deploy on more than one WAP.
True
point to multipoint
WAN links
Outside Global address
a public, reachable external host IP address such as a remote Web server.
When will a DHCP server send the Acknowledgement message to a DHCP client?
after a DHCP Request is sent by the client
OSPF Routers
check to see if any directly connected routers are also OSPF routers -This is done by exchanging Hello packets with one another that include the Router ID. If a router detects an OSPF neighbor, it will form an adjacency with that router. -Routers must agree upon hello interval, dead interval and network type
The default-information originate command will do what to the routers in an OSPF area?
distribute the default route to area routers
I have a gateway router with an inside global address of 200.100.20.10. My internal IP address space is 192.168.10.0 0.0.0.255. I enter the following commands: Router(config)#access-list 1 permit 192.168.10.0 0.0.0.255 Router(config)#ip nat inside source list 1 interface serial0/0/0 overload Complete the following commands: Router(config)#interface ________ Router(config-if)#ip nat inside Router(config-if)#interface _______ Router(config-if)#ip nat outside
fa0/0, serial0/0/0
nonbroadcast multiaccess
frame relay, ATM WAN links
Which of the following DHCP commands would exclude the static IP address of 192.168.10.252 from a DHCP pool of 192.168.10.0 255.255.255.0?
ip dhcp excluded-address 192.168.10.252
Select the commands to configure a dhcp server on Router A. Router A is connected via its Fa0/0 interface to the Main Office LAN switch. The IP address of Fa0/0 is 192.168.10.1. There is a file/DNS server on the Main Office LAN with a static IP address of 192.168.10.252. (Commands may not be presented in order of proper entry into router CLI)
ip dhcp excluded-address 192.168.10.252 ip dhcp pool MOLAN ip dhcp excluded-address 192.168.10.1 dns-server 192.168.10.252 default-router 192.168.10.1 network 192.168.10.0 255.255.255.0
Router A is serving as a DHCP server for our office's network. We have two additional routers, Router B and Router C on our network. Router B's g0/1 interface is connected to a switch for the HR office and has an IP address of 192.168.20.1. Router A's serial interface IP address that connects Router A to the other routers is 10.10.20.3. What command is necessary on Router B's g0/1 interface to connect workstations on the HR office LAN to the DHCP server on Router A?
ip helper-address 192.168.20.1
Suppose that we had 6 public IP addresses to use for PAT on our gateway router. We want to link one of these, 206.125.23.4, to our internal Web server with a private IP address of 192.168.10.252. Which of the following commands would we use to static bind the two IP addresses?
ip nat inside source static 192.168.10.252 206.125.23.4
When modifying OSPF link costs on interfaces of OSPF routers in a multi-vendor environment, which is the best command to use?
ip ospf cost cost
Which command can be used to influence DR and BDR elections between OSPF routers?
ip ospf priority
Broadcast multiaccess
more than one router connected to a switch(s)
Point to Point
one link between two routers
Static mapping
one-to-one mapping of local and global addresses that remain constant. Used for internal hosts that perform specialized communications such as Web servers.
Which command keyword is used to enable PAT for a single inside global IP address on a gateway router?
overload
NAT
permits the use of a limited number of public IPv4 addresses or private IPv4 addresses to extend the number of physical hosts within a network.
Authentication
proving the user's identity and access privileges
Dead Intervals
set at 4 times the value of the Hello packet or 40 seconds in the default case. This is the time that a router waits after NOT receiving a Hello packet from a neighboring router before declaring it down.
Routers that enable PAT use these addresses to keep track of which internal hosts are using the public IP address.
sockets
Extended ACL's should be placed near the ___________ network.
source
Virtual Links
special link that can be used in multi-area OSPF
The most common way to configure a router ID in OSPF is:
use loopback addresses on the routers
Outside Local address
usually the same as the outside global address, but could be a private internal IP address for the remote host.
•WPA3 is newest standard
•256-bit Galois/Counter Mode Protocol (GCMP-256) - key authentication •384-bit Hashed Message Authentication Mode (HMAC) - 192 bits of security - Key authentication •256-bit Broadcast/Multicast Integrity Protocol (BIP-GMAC-256) - frame encryption •Perfect Forward Security - new private key on each communication. •Offline password guesses limited to one - protects against brute force attacks.
EAP-TLS or Extensible Authentication Protocol using Transport Layer Security
•Both WAP (AS) and client must provide certificates for authentication •Public/private key pair usually used due to ease of facilitating a large number of clients
NAT: Disadvantages
•Degraded router performance •End-to-End functionality degraded or disrupted •Tunneling more difficult (Ipsec) •End-to-End IP traceability is lost.
Some other types of ACL's
•Dynamic: used to restrict access to a network/router. Combined with authentication using username and password via Telnet to permit access to a network/router on a limited time basis - more secure, but cumbersome. •Reflexive: based upon upper-layer session information such as TCP port numbers and are used to restrict traffic from the outside to requests from the inside. (extended named ACL's only) •Time-based: control defined access policies for periods of time
Inbound ACL
•Incoming packets are processed before they are routed to an outbound interface. More efficient since packets are verified in the ACL before routing table lookup.
Outbound ACL
•Incoming packets are routed to the exit interface after routing table lookup and then verified by the ACL.
Low Frequency
•Low bandwidth •Reflects off of atmosphere (day and night are different)
Higher Frequency
•More bandwidth •Line-of-site
Dynamic Mapping
•NAT uses a pool of addresses and assigns them on a FCFS basis. Addresses can be public or private.
NAT (Network Address Translation)
•Permits the use of public IP address sharing and the use of internal private IP addresses •Extends the IPv4 Address space. •Facilitates consistent internal IP address schemes, especially using private IP addresses •Enhances security.
NAT Overload or PAT
•Port Address Translation or PAT facilitates the assignment of many inside local addresses to one or few inside global addresses. •PAT uses dynamic port assignments from inside hosts or modifies them as needed to keep track of inside local-to-inside global address assignments.
Standard and Extended lists can be identified by numbers or names.
•Standard list: 1-99, 1300-1999 •Extended list: 100-199, 2000-2699
Using names for ACL's adds two benefits
•The order of ACL statements can be edited (when adding or reordering current statements) •You can remove individual statements from the ACL
PEAP or Protected Extensible Authentication Protocol
•WAP(AS) must provide a digital certificate to prove identity •Client does not have to have a digital certificate, only user credentials
DHCP Process
•When a network host boots up, it has no IP address (unless preconfigured statically). •It will broadcast a DHCPDISCOVER packet carrying a UDP datagram •A DHCP server will respond with a DHCPOFFER datagram. •If the host accepts the offer, it replies with a DHCPREQUEST datagram. •The DHCP server will respond with and DHCPACK confirming the assignment of the IP address
Inside Global address
•a valid public IP address(s) that is assigned to the autonomous system and is used by the gateway router to address outbound packets from internal hosts.
Inside Local address
•addresses of internal network hosts, usually a private IP address
Integrity
•assuring that wireless traffic has not been altered or corrupted
Privacy
•encrypting wireless traffic so that a third party cannot eavesdrop •WPA2 and WPA3 standards
Standard ACL Type
•filters by source IP address of packets only. Best to place near the destination network if possible
Extended ACL Type
•filters by source/destination IP address of packets as well as by specific protocols, port numbers and other parameters. Best to place near the source network if possible.
SSID
•human given name to a BSS such as 'guest wireless'.
DHCP (Dynamic Host Configuration Protocol)
•permits dynamic assignment of published (public) and unpublished (private) IPv4 addresses to conserve address space and to provide flexibility in adding and removing network end hosts. •A host within a network is assigned an IP address from an available pool of public and/or private IP addresses. •A dedicated server or a Cisco router (in smaller networks) can be used to provide DHCP services within a network.
Basic Service Set (BSS)
•the WiFi network associated with a wireless access point or several access points (Extended Service Set)
BSSID
•wireless transceiver MAC address of a wireless access point •Since a BSS can be extended across more than one WAP (ESS), There will be a common SSID for the ESS, but each WAP will have a unique BSSID
Federal Trade Commission Recommended Guidelines for IoT companies
◦Data security practices including Defense in Depth ◦Data consent for users ◦Minimal data collection limited to functional needs only and maintained for a limited time only.
