1.5 Explain common ports and protocols, their application, and encrypted alternatives.
Which of the following is the default well-known port number for the Hypertext Transfer Protocol (HTTP) used for web client/server communications? a) 22 b) 20 c) 80 d) 443
C. Port 80 is the default well-known port for HTTP. Port 22 is for the Secure Shell (SSH) protocol, port 20 is for File Transfer Protocol (FTP), and port 443 is for secured HTTP.
Which of the following protocols generate messages that are carried directly within Internet Protocol (IPv4) datagrams, with no intervening transport layer protocol? (Choose all that apply.) a) ICMP b) IGMP c) SMTP d) SNMP
A, B. Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are unusual in that they generate messages that are encapsulated directly within IP datagrams. Nearly all of the other TCP/IP protocols, including Simple Mail Transfer Protocol (SMTP) and Simple Network Management Protocol (SNMP), are encapsulated within one of the transport layer protocols—User Datagram Protocol (UDP) or Transmission Control Protocol (TCP)—which is encapsulated in turn within an IP datagram.
Which of the following port values are used by the File Transfer Protocol (FTP)? (Choose all that apply.) a) 21 b) 23 c) 20 d) 53 e) 69
A, C. FTP uses two ports: one for control messages (port 21) and one for data transfers (port 20). Port 23 is used by Telnet. Port 53 is used by the Domain Name System (DNS). Port 69 is used by the Trivial File Transfer Protocol (TFTP).
Which of the following protocols is limited to use on the local subnet only? a) Address Resolution Protocol (ARP) b) Dynamic Host Configuration Protocol (DHCP) c) Domain Name System (DNS) d) Simple Mail Transfer Protocol (SMTP)
A. ARP relies on broadcast transmissions, which are not routable. It is therefore limited to use on the local subnet. DHCP also relies on broadcasts, but the ability to create DHCP relay agents makes it usable on an entire internetwork. DNS and SMTP do not rely on broadcasts and are therefore not limited to the local subnet.
hich of the following protocols does IPsec use to digitally encrypt packets before transmitting them over the network? a) ESP b) SSL c) AH d) MSCHAP
A. Encapsulating Security Protocol (ESP) is a protocol in the TCP/IP suite that is capable of providing encryption services for IPsec. Authentication Header (AH) provides digital integrity services for IPsec, in the form of a digital signature. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services.
Which of the following File Transfer Protocol (FTP) variants transmit authentication passwords over the network in clear text? a) FTP b) FTPS c) SFTP d) TFTP
A. FTP provides authentication capabilities, but it transmits passwords over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell (SSH) security. Both of these encrypt authentication passwords before transmitting them. Trivial File Transfer Protocol (TFTP) does not authenticate clients, so it does not transmit passwords at all.
Which of the following are the protocols that IPsec uses to secure network traffic? (Choose all that apply.) a) SSH b) AH c) ESP d) SSL
B, C. Authentication Header (AH) is an IPsec protocol that provides authentication and digital integrity services. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Shell (SSH) is a remote administration tool, and Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers.
Which of the following prefixes must you use in the URL you type into a web browser when the website you want to access has been secured with Transport Layer Security (TLS)? a) TLS:// b) HTTPS:// c) HTTP:// d) HTLS://
B. No matter what protocol is used to encrypt a website, you must use the HTTPS:// prefix to access it. HTTP:// is for unencrypted sites, and TLS:// and HTLS:// are nonexistent prefixes.
Which of the following port numbers is assigned to a Unix logging services program? a) 389 b) 514 c) 636 d) 993
B. Port number 514 is assigned to syslog, a Unix standard designed to facilitate the transmission of log entries generated by a device or process, such as the sendmail SMTP server, across an IP network to a message collector, called a syslog server. Port number 389 is assigned to the Lightweight Directory Access Protocol (LDAP). Port number 636 is assigned to LDAP over Secure Sockets Layer (SSL). Port number 993 is assigned to Internet Message Access Protocol (IMAP) over SSL.
Which of the following values could a web client use as an ephemeral port number when communicating with a web server? a) 1 b) 23 c) 80 d) 1024 e) 1999 f) 50134
F. An ephemeral port number is a temporary port supplied by a client to a server, for use during a single session or transaction. The allowed ephemeral port number values range from 49152 to 65535. The port values below 1024 are reserved for use as well-known ports, and the values from 1024 to 49151 are reserved for ports registered by specific manufacturers for their applications. Of these answers, 50134 is the only value that the client can use as an ephemeral port.
What is the difference when you specify the HTTPS:// prefix in a Uniform Resource Locator (URL) instead of HTTP://? (Choose all that apply.) a) The connection between the web browser and the server is encrypted. b) The browser uses a different port number to connect to the server. c) The connection uses SSL or TLS instead of HTTP. d) The browser uses a different IP address to connect to the server.
A, B. Using the prefix HTTPS:// causes a web browser to use a different port number to establish a secure connection to the web server. Security is provided by encrypting all data using Secure Sockets Layer (SSL) or Transport Layer Security (TLS). However, SSL and TLS do not replace HTTP; they just augment it. The HTTPS:// prefix does not affect the IP address used to connect to the server.
Which of the following statements about the User Datagram Protocol (UDP) are true? (Choose all that apply.) a) UDP does not use packet sequencing and acknowledgments. b) UDP uses packet sequencing and acknowledgments. c) UDP is a connection-oriented protocol. d) UDP is a connectionless protocol. e) UDP has an 8-byte header. f) UDP has a 20-byte header.
A, D, E. UDP is a connectionless transport layer protocol. It has a small, 8-byte header and does not use packet sequencing or acknowledgments.
What is the term for the combination of an IPv4 address and a port number, as in the following example: 192.168.1.3:23? a) Socket b) OUI c) Well-known port d) Network address e) Domain
A. The term for an IPv4 address and port number in combination is _socket_. An Organizationally Unique Identifier (OUI) identifies a manufacturer of networking hardware. A well-known port is a port number assigned to a specific application. A network address is the network identifier part of an IP address. A domain is a group of computers and other resources.
Which of the following is the best definition of a subinterface? a) A logical network interface created from a physical network interface b) One of the ports on a physical network interface adapter with multiple ports c) A physical network interface connected to a subnet d) One of the IP addresses associated with a network interface that has multiple IP addresses
A. A subinterface is a logical (or virtual) network interface associated with a specific physical network interface. Devices (such as routers) can use multiple subinterfaces to connect to different subnets using a single physical network interface adapter. A subinterface is a logical device, so it is not one port on a physical network interface adapter or a physical adapter connected to a subnet. A subinterface is a complete logical interface, not just an IP address.
What is the primary shortcoming of the File Transfer Protocol (FTP) that is addressed by FTPS and SFTP? a) Lack of security b) Slow file transfers c) File size limitations d) Lack of authentication
A. FTP does provide authentication capabilities, but passwords are transmitted over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell (SSH) security. File transfer speed and size limitations are not an issue.
Which of the following is the primary application layer protocol used by web browsers to communicate with web servers? a) HTTP b) HTML c) SMTP d) FTP
A. Hypertext Transfer Protocol (HTTP) is the primary protocol used for web client/server communications. Hypertext Markup Language (HTML) is a coding language used to create web content. Simple Mail Transfer Protocol (SMTP) and File Transfer Protocol (FTP) can both be used in web communications, but neither is the primary protocol.
Which of the following security protocols used to protect traffic exchanged by web browsers and servers was created first? a) SSL b) TLS c) SSH d) DTLS
A. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of Transport Layer Security (TLS). Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as TLS, but for User Datagram Protocol (UDP) traffic. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server or browser security.
What field in the Transmission Control Protocol (TCP) Option subheader specifies the size of the largest segment a system can receive? a) MSS b) Window c) MMS d) WinMS
A. The Maximum Segment Size (MSS) field in the TCP Options subheader specifies the size (in bytes) of the largest segment a system can receive. The Window field indicates the amount of data (in bytes) that the receiver can accept. There are no MMS or WinMS fields in a TCP header.
Which of the following protocols provides connection-oriented service with guaranteed delivery at the transport layer of the OSI model? a) TCP b) HTTP c) UDP d) IP
A. The Transmission Control Protocol (TCP) provides connection-oriented service at the transport layer, with guaranteed delivery. The User Datagram Protocol (UDP) provides connectionless service at the transport layer. Hypertext Transfer Protocol (HTTP) operates at the application layer, and Internet Protocol (IP) is a connectionless network layer protocol.
Which of the following pairs of well-known ports are the default values you would use to configure a POP3 email client? a) 110 and 25 b) 143 and 25 c) 110 and 143 d) 80 and 110 e) 25 and 80
A. The default port for the Post Office Protocol (POP3) is 110. The default port for the Simple Mail Transfer Protocol (SMTP), the other protocol used by email clients, is 25. Port 143 is the default for the Internet Message Access Protocol (IMAP), a different email mailbox protocol that clients never use with POP3. Port 80 is the default for the Hypertext Transfer Protocol (HTTP), which is not used by POP3 email clients.
When analyzing captured TCP/IP packets, which of the following control bits must you look for in the Transmission Control Protocol (TCP) header to determine whether the receiving host has successfully received the sending host's data? a) ACK b) FIN c) PSH d) SYN e) URG
A. The receiving host uses the ACK bit to notify the sending host that it has successfully received data. The other control bits are not used to acknowledge receipt of information
Ralph is a network administrator who has just installed a new open-source email server for the users at his company. The server is configured to send and receive Internet email and create a mailbox for each user that will permanently store the user's mail on the server. Ralph next uses a protocol analyzer to examine the network traffic resulting from the new server installation. Which of the following new protocols should Ralph expect to see in his network traffic analysis? (Choose all that apply.) a) SNMP b) SMTP c) POP3 d) IMAP e) RIP
B, D. Ralph's traffic analysis should show the addition of the Simple Mail Transfer Protocol (SMTP), which handles incoming and outgoing Internet mail, and Internet Message Access Protocol (IMAP), which provides mailboxes for users that store their mail permanently on the server. POP3 is a mailbox protocol that enables users to download their messages and should therefore not be present on the network. SNMP is a network management protocol, and RIP is a routing protocol; neither of these carries email traffic.
Which of the following protocols use(s) the term _datagram_ to describe the data transfer unit it creates? (Choose all that apply.) a) Ethernet b) IP c) TCP d) UDP
B, D. The term _datagram_ is typically used by protocols offering connectionless delivery service. The two main connectionless protocols in the TCP/IP suite are the Internet Protocol (IP) and the User Datagram Protocol (UDP), both of which use the term _datagram_. Ethernet uses the term _frame_, and Transmission Control Protocol (TCP) uses _segment_.
Which of the following security protocols for web servers or browsers was deprecated in 2015 in favor of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)? a) SSH b) SSL c) RDP d) IPsec
B. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. It was deprecated in 2015. Secure Shell (SSH) is a character-based tool that enables users to execute commands on remote computers. It does not provide web server or browser security like TLS and DTLS. IPsec is a set of security protocols that provide digital signing, encryption, and other services for network transmissions. It is not specifically designed for web security. Remote Desktop Protocol (RDP) is a component of Remote Desktop Services, a Windows mechanism that enables a client program to connect to a server and control it remotely. RDP is not a web security protocol.
Which of the following explanations best describes the function of a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number? a) The port number indicates to the receiver that the sender can activate a specific port only. b) The port number is used by both the sender and the receiver to identify the application that generated the information in the datagram. c) The port number is used only by the receiver, to indicate the application process running on the sender. d) The port number is used by both the sender and the receiver to negotiate a well-known server port for the communicating processes.
B. TCP ports and UDP ports identify the application protocol or process that generated the information in a datagram. Client ports are chosen randomly from the range 1024 through 65,534. Server ports are well-known and are chosen from the range 1 through 1023.
Which of the following organizations is responsible for assigning the well-known port numbers used in transport layer protocol headers? a) Institute for Electronic and Electrical Engineers (IEEE) b) Internet Assigned Numbers Authority (IANA) c) Internet Engineering Task Force (IETF) d) International Organization for Standardization (ISO)
B. The IANA assigns values for well-known port numbers. The IEEE publishes Ethernet standards, among many others. The IETF develops standards for Internet technologies. The ISO developed the Open Systems Interconnection (OSI) model.
Which of the following protocols is used to exchange directory service information? a) RDP b) LDAP c) SNMP d) SMB
B. The Lightweight Directory Access Protocol (LDAP) is an application layer protocol used for managing and accessing information stored in directory services. Remote Desktop Protocol (RDP) is used to establish a graphical remote control session with another computer. Simple Network Management Protocol (SNMP) is used to carry information gathered by management agents distributed around a network to a central management server. Server Message Block (SMB) is the primary file sharing protocol used by Windows systems.
Which of the following components does the port number in a transport layer protocol header identify? a) A transport layer protocol b) An application c) A gateway d) A proxy server
B. The port numbers specified in a transport layer protocol header identify the application that generated the data in the packet or the application that will receive the data. Port numbers do not identify transport layer protocols, gateways, or proxy servers.
Alice has been instructed to install 100 Windows workstations, and she is working on automating the process by configuring the workstations to use PXE boots. Each workstation therefore must obtain an IP address from a DHCP server and download a boot image file from a TFTP server. Which of the following well-known ports must Alice open on the firewall separating the workstations from the servers? (Choose all that apply.) a) 65 b) 66 c) 67 d) 68 e) 69
C, D, E. Dynamic Host Configuration Protocol (DHCP) servers use port numbers 67 and 68. The Trivial File Transfer Protocol (TFTP) uses port number 69. Neither protocol uses port 65 or 66.
Ralph is configuring a new email client on a workstation to use the Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP3) email protocols. He wants both protocols to use encryption when communicating with the email server. Which of the following port numbers should Ralph use to secure the SMTP connection with Transport Layer Security (TLS) and the POP3 connection with Secure Sockets Layer (SSL) encryption? (Choose all that apply.) a) 110 b) 25 c) 587 d) 993 e) 995
C, E. SMTP with TLS uses port number 587. POP3 over SSL uses port number 995. Port numbers 25 and 110 are used for SMTP and POP3 without encryption. Port number 995 is used for Internet Message Access Protocol (IMAP) over SSL.
Which of the following protocols does IPsec use to digitally sign packets before transmitting them over the network? a) ESP b) SSL c) AH d) MSCHAP
C. Authentication Header (AH) is a protocol in the TCP/IP suite that provides digital integrity services, in the form of a digital signature, which ensures that an incoming packet actually originated from its stated source. Encapsulating Security Protocol (ESP) provides encryption services for IPsec. Secure Sockets Layer (SSL) is a security protocol that provides encrypted communications between web browsers and servers. MSCHAP is an authentication protocol used by remote access services.
What is the valid range of numbers for the ephemeral client ports used by the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? a) 1023 through 65534 b) 1 through 1024 c) 49152 through 65535 d) 1024 to 49151
C. Ephemeral client ports are in the range of 49152 through 65535. Well-known TCP and UDP server ports are in the range of 1 through 1023. Registered port numbers are in the range of 1024 to 49151.
Which of the following protocols does the Ping utility use to exchange messages with another system? a) UDP b) TCP c) ICMP d) IGMP
C. Ping uses the Internet Control Message Protocol (ICMP) to exchange messages with other systems. ICMP is also used to return error messages to sending systems. The User Datagram Protocol (UDP) and the Transmission Control Protocol (TCP) are both transport layer protocols that carry application layer data; Ping does not use either one. The Internet Group Management Protocol (IGMP) is used to create multicast groups; Ping does not use it.
Which of the following protocols appears on the network as a service that client computers use to resolve names into IP addresses? a) DHCP b) BOOTP c) DNS d) SNMP
C. The Domain Name System (DNS) is a protocol that computers on a TCP/IP use to resolve host and domain names into the IP addresses they need to communicate. Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) are both IP address allocation protocols, and Simple Network Management Protocol (SNMP) carries information gathered by agents to a central management console.
Which of the following protocols provides connectionless delivery service at the transport layer of the Open Systems Interconnection (OSI) model? a) TCP b) HTTP c) UDP d) ARP
C. The User Datagram Protocol (UDP) provides connectionless service at the transport layer. Transmission Control Protocol (TCP) provides connection-oriented service at the transport layer. Hypertext Transfer Protocol (HTTP) is an application layer protocol, and Address Resolution Protocol (ARP) is a data link layer protocol.
You are a consultant installing a web server application for a client called Adatum. The domain name [Adatum.com](http://adatum.com/) has been registered in the DNS, and the server has one public IP address, so the new website will be accessible to users on the Internet. You want to be able to access the web server application's administrative site from your remote office, so you configure that site to be encrypted and to use the port number 12354 instead of the default. Which of the following URLs will you have to use to access the administrative website? a) `[http://www.adatum.com](http://www.adatum.com/)` b) `[http://www.adatum.com:12354](http://www.adatum.com:12354/)` c) `[https://www.adatum.com:80](https://www.adatum.com:80/)` d) `[https://www.adatum.com:12354](https://www.adatum.com:12354/)`
D. Because the administrative site is encrypted, you must use the HTTPS:// prefix to access it. Because the administrative site uses the nondefault port number 12354, you must append that number to the server name with a colon.
Which of the following server applications use two well-known port numbers during a typical transaction? a) NTP b) SNMP c) HTTP d) FTP
D. The File Transfer Protocol (FTP) uses two port numbers. It uses the first, port 21, for a control connection that remains open during the entire client/server session. The second port, 20, is for a data connection that opens only when the protocol is actually transferring a file between the client and the server. Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), and Hypertext Transfer Protocol (HTTP) all use a single port on the server.
What is the native file sharing protocol used on all Microsoft Windows operating systems? a) Hypertext Transfer Protocol (HTTP) b) Network File System (NFS) c) File Transfer Protocol (FTP) d) Server Message Block (SMB) e) Lightweight Directory Access Protocol (LDAP)
D. The default file sharing protocol used on all Windows operating systems is SMB. HTTP is the native protocol used by web clients and servers. NFS is the native file sharing protocol used on Unix/Linux networks. FTP is a protocol used for transferring files from one system to another. LDAP is a protocol for transmitting directory service information.
Which of the following is not a port number used for Structured Query Language (SQL) communications? a) 1433 b) 1521 c) 3306 d) 3389
D. The port number 3389 is used by the Remote Desktop Protocol (RDP) and is not involved in SQL communication. Port 1433 is used by SQL Server; 1521 is used by SQLnet; 3306 is used by MySQL.
The secured version of the Hypertext Transfer Protocol (HTTPS) uses a different well-known port from the unsecured version. Which of the following ports is used by HTTPS by default? a) 25 b) 80 c) 110 d) 443
D. The well-known port for HTTPS is 443. Port 25 is for the Simple Mail Transfer Protocol (SMTP), port 80 is for unsecured HTTP, and port 110 is for the Post Office Protocol (POP3).
Which of the following File Transfer Protocol (FTP) variants is typically used to download boot image files during Preboot Execution Environment (PXE) startup sequences? a) FTP b) FTPS c) SFTP d) TFTP
D. Trivial File Transfer Protocol (TFTP) is a simplified version of FTP that does not authenticate clients, so systems booting with PXE can download boot images invisibly after being directed to a TFTP server by the Dynamic Host Configuration Protocol (DHCP). FTP, FTPS, and SFTP all require authentication and other interaction, which would be impractical for use with PXE.
Which of the following terms describes the Transmission Control Protocol (TCP) exchange that establishes a connection prior to the transmission of any data? a) Synchronization b) Initialization exchange c) Connection establishment d) Three-way handshake
D. Two systems establishing a TCP connection exchange three messages before they begin transmitting data. The exchange of these synchronization messages is referred to as a three-way handshake. The other terms listed are not formally used to describe this exchange.
What is the valid range of numbers for the well-known Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports used by servers? a) 1024 through 49151 b) 1 through 49151 c) 49152 through 65534 d) 1 through 1023
D. Well-known TCP and UDP server ports are in the range of 1 through 1023. Registered port numbers are in the range of 1024 to 49151. Ephemeral client ports are in the range of 49152 through 65535.