lesson 6
What type of server infrastructure is IPAM designed to monitor?
IP address management (IPAM) is used to monitor and manage DHCP and DNS services (as well as domain controllers in a Windows network environment).
fingerprinting
Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.
recursive query
If a server in a name query is not authoritative, it takes on the task of referring to other name servers until an authoritative server is located and used to resolve the name.
zone transfer
In DNS, the replication process from the zone master (usually a primary zone) to a secondary zone.
forwarder
In DNS, the server that transmits a client query to another DNS server and routes the replies it gets back to the client.
socket
An identifier for an application process on a TCP/IP network.
third-party DNS
Another organization is responsible for hosting your DNS records.
domain controller
Any Windows-based server that provides domain authentication services (logon services) is referred to as a domain controller (DC). Domain controllers maintain a master copy of the database of network resources.
What is the function of a dig parameter such as +nostats?
Control what is shown by the tool. You can use these options to suppress certain kinds of output, such as sections of the response from the DNS server.
flow control
In TCP transmissions, the adjustment between nodes to let the other node know that the data stream needs to be slowed down so that the receiving node can be sure that all incoming data is received and is received undamaged.
segment
In TCP transmissions, the breaking up of the data stream into smaller increments.
What is the location of the HOSTS file?
In Windows, it is %SystemRoot%\system32\drivers\etc\, while in Linux, it is usually placed in the /etc directory.
handshake
In networking, the process used to verify the speed, connection, and authorization between nodes attempting to make a connection.
What types of DNS records have priority or preference values?
Typically, mail (MX) and service (SRV) records.
Which port is used by the Network Time Protocol (NTP)?
UDP port 123.
What characters are allowed in a DNS host name?
Up to 63 alphanumeric characters and the hyphen, although the hyphen cannot be used at the beginning or end of the name.
A record
Used to resolve a host name to an IPv4 address.
AAAA record
Used to resolve a host name to an IPv6 address.
netstat
Utility to show network information on a machine running TCP/IP, notably active connections and the routing table.
Nmap
Versatile port scanner used for topology, host, service, and OS discovery and enumeration.
Why would a developer choose to use unreliable delivery over reliable, connection-oriented delivery?
When speed is more important than reliability.
If you wanted to investigate connections on your machine, which built-in utility could you use?`
netstat
CNAME
(Canonical Name) A DNS record used to represent an alias for a host.
dig
(Domain Information Groper) Utility to query a DNS and return information about a particular domain name.
DNSSEC
(Domain Name System Security Extensions) A security protocol that provides authentication of DNS data and upholds DNS data integrity.
DNS
(Domain Name System) The service that maps names to IP addresses on most TCP/IP networks, including the Internet.
DKIM
(DomainKeys Identified Mail) An email authentication method that decides whether you should allow received email from a given source, preventing spam and mail spoofing.
FQDN
(Fully Qualified Domain Name) A name in DNS specifying a particular host within a subdomain within a top-level domain.
IPAM
(Internet Protocol address management) Software consolidating management of multiple DHCP and DNS services to provide oversight into IP address allocation across an enterprise network.
MX
(Mail Exchanger) A DNS record used to identify an email server for the domain.
NS record
(Name Server) A DNS record that identifies an authoritative DNS name server for the zone.
PTR record
(Pointer) A DNS record that creates an IP address to host name mapping that corresponds to the host (A) record stored in the forward lookup zone.
SPF
(Sender Policy Framework) A DNS record used to list the IP addresses or names of servers permitted to send email from a particular domain and is used to combat the sending of spam.
SRV record
(Service record) A DNS record used to identify a record that is providing a network service or protocol.
SOA
(Start of Authority) A DNS record that specifies authoritative information about a DNS zone.
TXT record
(Text) A DNS record used to store any freeform text that may be needed to support other network services, often used with SPF and DKIM.
CPE
(common platform enumeration) A naming standard used to identify an organization's hardware, software, and operating systems.
TLD
(top-level domain). The last portion of a domain name, such as .com, .gov, .net, or .org. Two-letter country specific codes are also used such as .us for United States of America or .jp for Japan.
What type of DNS record resolves IPv6 addresses?
AAAA.
Dynamic DNS
A DNS (domain name system) server that allows clients to update their records automatically when their IP addresses change.
primary zone
A DNS name server in which the zone can be edited.
secondary zone
A DNS name server which contains a readonly copy of the zone.
conditional forwarder
A DNS server that performs the forwarder function only for certain domains.
PowerShell
A Windows-based command interpreter designed as an administrative management and configuration environment, to create automated scripts and run cmdlets.
ephemeral ports
A client application or process that is dynamically assigned a port number greater than 1024 by the operating system when there is a request for service.
connection-oriented protocol
A data transmission method where a connection is established before any data can be sent, and where a stream of data is delivered in the same order as it was sent.
guaranteed delivery
A data transmission method where a connection is established before any data can be sent, and where a stream of data is delivered in the same order as it was sent. Also called connection-oriented protocol.
HOSTS file
A file, now primarily used for troubleshooting, that maps network addresses to names.
three-way handshake
A method of establishing a TCP connection between nodes through the exchange of SYN and ACK packets prior to sending data.
sliding window
A method used in TCP connections in which a single acknowledgement can be used to indicate multiple packets were successfully received.
iterative query
A name server responds to a query with whatever information it has, passing the address of an authoritative name server to the requester.
port
A network port is the value assigned in a Transport layer header to identify a communication stream. Server ports often use well-known port numbers, while client ports are assigned dynamically. Port can also refer to a hardware interface on a NIC or switch.
What use is a PTR DNS record?
A pointer maps an IP address to a host name, enabling a reverse lookup. Reverse lookups are used (for example) in spam filtering to confirm that a host name is associated with a given IP address.
protocol analyzer
A type of diagnostic software that can examine and display data packets that are being transmitted over a network. Also called a network analyzer.
Wireshark
A widely used packet analyzer.
What is CPE?
Common platform enumeration (CPE) is a standard naming system for OS and applications software. A fingerprinting tool such as nmap will try to match the software running on a host to a CPE identifier by analyzing responses to network probes.
internal DNS zones
Domains used on the private network only.
What type of DNS enables clients to report a change of IP address to a DNS server?
Dynamic DNS.
Why would the following HOSTS file entry not affect name resolution? #198.134.5.6 www.comptia.org
Everything after the # character on the same line is treated as a comment.
What is a generic top-level domain?
FQDNs are arranged in a hierarchy from the root. Top-level domains are those farthest to the right. Generic TLDs are those maintained by ICANN (.com, .org, .net, .info, .biz), while the other main sets of TLDs are country codes and sponsored.
True or False? User Datagram Protocol (UDP), like TCP, uses flow control in the sending of data packets.
False.
A function of TCP is to handle flow control. What is the purpose of the flow control function?
Flow control makes sure the sender does not inundate the receiver with data packets.
What is the purpose of the window field in a TCP segment?
It is used for flow control. The window indicates the amount of data that the host can receive before sending another acknowledgement.
spam
Junk messages sent over email (or instant messaging, which is called spim).
You need to audit services made publicly available on a web server. What command-line tool could you use?
Nmap is an ideal tool for scanning remote hosts to discover which ports they have open and the applications or services running them.
If the client is in the TIME-WAIT state, is the connection with the server still open?
Not normally—The server closes the connection when it receives the ACK from the client; if this packet is lost, the server connection may still be open.
private port number
Port numbers in the 49,152 through 65,535 range that are available for use by any program to communicate with any other program communicating through TCP or UDP.
dynamic port number
Port numbers in the 49,152 through 65,535 range that are available for use by any program to communicate with any other program. Another name for private port number.
external DNS zones
Records that Internet clients must be able to access.
What type of DNS record is used to prove the valid origin of email?
Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records can be used to validate the origin of email and reject spam. These are configured in DNS as text (TXT) records.
When you configure name server addresses as part of a host's IP settings, do you need to specify servers perform iterative queries only or ones that accept recursive queries?
Recursive queries. These DNS servers are designed to assist clients with queries and are usually separate to the DNS server infrastructure designed to host authoritative name records.
reverse lookup zones
Resolve IP addresses to host names using PTR records.
non-authoritative answer
Result from a DNS server that derives from a cached record rather than directly from the zone records.
packet analyzer
Software that decodes a network traffic capture (obtained via a packet sniffer) and displays the captured packets for analysis, allowing inspection of the packet headers and payload unless the communications are encrypted.
port scanner
Software that enumerates the status of TCP and UDP ports on a target system. Port scanning can be blocked by some firewalls and IDS.
nslookup
Software tool for querying DNS server records.
forward lookup zones
Store resource records that contain information needed to resolve host names to IP addresses including A records and SOA records.
What are the sizes of TCP and UDP headers?
TCP is 20 bytes (or more) while UDP is 8 bytes.
connection
The data link between network addresses or nodes.
integrity
The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.
name resolution
The process for resolving a host name or FQDN to an IP address using either the HOSTS file or DNS.
resource records
The records that allow the DNS server to resolve queries for names and services hosted in the domain into IP addresses.
Active Directory
The standards-based directory service from Microsoft that runs on Microsoft Windows servers.
domain suffix
The top level domain used as the last portion of a domain name. See TLD.
host name
The unique name given to a network node on a TCP/IP network.
You need to analyze the information saved in a .pcap file. What type of command-line tool or other utility is best suited to this task?
This type of file will contain a network packet capture. You could use a command-line tool such as tcpdump to display the contents, but a graphical tool such as Wireshark will make analysis easier.
What is the function of the command nslookup - 8.8.8.8?
To start nslookup in interactive mode with the DNS server set to 8.8.8.8 (Google's public DNS server).
