Secure Network Design
What does the "Inter" in Internet mean?
It means between. It was originally created to connect various single networks together. Single networks came before the Internet.
List the main elements in SNMP
Manager, managed devices, agents, MIB. Network visualization program is outside SNMP
What is amplitude?
The strength of the wave
______links connect switches to other switches
Trunk
Is NAT transparent to the operating systems of the two hosts involved?
Yes. Neither the internal host nor the external host knows when NAT is being used.
How many fields are there in an IPv6 address?
8.
What does a company need beyond obtaining a second-level domain name to have a website?
A company to host the domain on its DNS server. The website itself.
Distinguish between data links and routes.
A data link is the path a frame takes across a single network. A route is the path a packet takes across the Internet.
Convert the binary number 100100 to decimal.
36
Is the client always a browser?
No. It is important to distinguish between examples in the text and the general situation.
Are trailers common?
No. They are only found at the data link layer, and not always there.
What is ransomware?
Ransomware encrypts your hard drive. To get it unencrypted, you must pay ransom
What protocol do companies use to manage their Ethernet networks?
SNMP
Describe the third in UDP
It gives the length of the UDP datagram.
Why is iris recognition desirable?
It is very precise and difficult to deceive, but it is expensive, so it is best for higher-value targets.
List the three basic components of wide area networks.
Customer premises. LAN core with points of presence (POPs). Access lines from customer premises to POPs.
What three types of VPN does IPsec support?
Host-to-Host, Site-to-Site, and Remote Access to a site by a single host.
What Bluetooth profile would you use for a game joystick, based on information in the text?
Human Interface Device (HID)
What is a domain?
A group of resources under the control of an organization.
What type of attack does 802.1AE protect against?
A host sending management frames to switches.
What does the receiving internet process do if it finds an error in IP?
It simply discards the packet. No response is sent.
In 802.11 Wi-Fi networks, can simple installation rules usually reduce propagation effects to nonissues?
NO
Is HTTP a reliable protocol?
NO
Is spread spectrum transmission done for security reasons in commercial WLANs?
NO
The 802.11ac Wi-Fi standard uses 256 states. How many bits can it send per clock cycle?
a=2b a=256 256=2b b=8
I f you want to transmit five bits per clock cycle, how many states must the system have?
a=2b b=5 a=25 a=32
How does fiber usually transmit a 1?
Turning the light on for a clock cycle.
Do Ethernet switches have a row for each individual Ethernet address?
Yes
Is CSMA/CA+ACK reliable or unreliable?
ACK is used to make it reliable.
What is a cipher?
An encryption method for achieving confidentiality.
What is the IETF interior dynamic routing protocol?
OSPF.
To what does a standards layer provide services?
The layer immediately above it.
Who is the true party?
The party the supplicant claims to be.
What does a switch know?
Which port to send the frame out.
Which generation first brought decent Web access?
3G
What other type of segment is not acknowledged?
A pure ACK segment.
What is binary 1111 in hex?
F
What do we call TCP messages?
TCP segments.
Convert 001100 to decimal
12
Wi-Fi operates in the 2.4 GHz ______ and the 5 GHz ______.
(Unlicensed) Service Band
Express this mask in prefix notation.
/8.
What is binary 0000 in hex?
0
Convert 0 to binary.
0.
Is the first bit position on the right 0 or 1?
0.
What is 5 hex in binary?
0101.
Convert 00000001 00000010 00000000 11111111 to dotted decimal notation (spaces have been added). (Note: 00000001 is 1)
1.2.0.255
How long is the clock cycle if I transmit at 100 Mbps per second using signaling with four states?
1/100 Mbps. 0.00000001 seconds (7 0s after the decimal point). The number of states is irrelevant.
If you quadruple propagation distance, how much will signal intensity change at the receiver?
1/16.
You need to represent 1,026 different city names. How many bits will this take if you give each city a different binary number? Explain your answer.
10 bits will store 1,024 different city names. This is not enough. 11 bits will store 2,048 different city names. This is enough
What speeds can we expect from 5G?
100 Mbps.
ASCII has a 7-bit code. How many keyboard characters can it represent?
128
What is the minimum size for encryption keys to be considered strong in most encryption ciphers?
128 bits.
The IP version number field is 4 bits long. How many possible versions of IP can there be?
15 (16 if there can be a version 0).
Convert the binary number 100 to decimal.
4
If two hosts are connected by five networks, how many packets will there be when one host sends a packet to the other host? (Hint: Draw a picture.) How many routers?
4
If your firm has an 18-bit network part and you need at least 16 subnets, what must your subnet part size be?
4 bits gives 14 subnets. 5 bits gives 30 subnets. For 16 subnets, the subnet part has to be 5 bits long.
How many symbols are there in a field?
4 symbols per field.
Which generation is now bringing speeds of about 10 Mbps?
4G.
Convert 110100 to decimal.
52
How many data links?
A point-to-point network has both a single physical link and a single data link.
What should be done before an employee leaves the firm?
All access must be terminated before their leaving.
What do they surround in transport mode for IPv4?
All but part of the IPv4 header.
What kind of message does the destination host send if it receives an error-free segment?
ACK segment.
In the past, how has ADSL compared to cable modem service?
ADSL has traditionally been cheaper and slower.
Explain "persistent" in the context of APTs
APT attacks may proceed for weeks, months, or years. This allows the attacker to move through the system, hide its traces, and do other things that take time to accomplish. They can also steal data and do other damage for a long time
What two propagation problems become worse as frequency increases?
Absorptive attenuation and dead zones
Distinguish between leased lines and access lines.
Access lines run from the customer premises to the end office switch. Leased lines run between a pair of customer premises, across switches, access lines, and trunk lines.
How does centralized management provide for the detection of rogue access points?
Access points can send SNMP traps if they detect the signal of a nearby unauthorized access point. The SNMP manager can ask an access point for the EUI-48 addresses of nearby access points. It can see one if these is not authorized.
______links connect users to workgroup switches
Access.
If the ACK bit is set, what other field must have a value?
Acknowledgement Number field.
What kind of network is Zigbee used for
Ad hoc (mesh)
When someone says that an access point is a Wave 1 802.11ac device, what improvements do you expect to receive with a Wave 2 802.11ac device?
Almost always more speed. Often, you will receive additional capability, such as MU-MIMO.
If you know that a system has 16 states, how many bits can it send per clock cycle?
Answer: 4 a=2b a=16 16=2b b=4
What layer or layers govern(s) Application programs?
Application.
How can users eliminate vulnerabilities in their programs?
Apply patches promptly to remove these vulnerabilities.
What two protections do electronic signatures provide?
Authentication and message integrity
What if this information is learned by an attacker?
Authentication can be done falsely.
What two problems do they create?
Latency. Also packet loss if the momentary peak is too long.
You are considering a laptop computer that uses 802.11ay. (802.11ay is discussed in the next subsection.) Will your existing 802.11ac access point be able to communicate with the new device What principle does this communication exemplify?
Backward compatibility.
How were retailers damaged by the breach?
Badly. They sold the merchandise and received no payment or reimbursement.
What are the important things to consider when deciding between ADSL and cable modem service for your residence?
Basically, speed versus cost. (Also service quality and service availability)
How do Bluetooth LE beacons differ from basic advertisement messages?
Beacons include information such as directions and product advertising. (Note the two uses of "advertise.")
Is traffic shaping done before or after the traffic enters the network
Before traffic enters the network.
At what range of frequencies do most wireless systems operate?
Between about 500 megahertz (MHz) and 10 gigahertz (GHz)
Compare the relative benefits of the two types of Classic Bluetooth.
Bluetooth HS is faster. Bluetooth HDR drains the battery more.
What is the person who controls them called?
Bot master
What are credentials?
Credentials are proofs of identity (passwords, fingerprints, etc.).
What is CPE?
Customer premises equipment. This is equipment on the customer site that the carrier does not own.
Why is CA desirable?
CA is collision avoidance. The goal is to avoid collisions, which cause problems whenever it occurs.
Which is more efficient, RTS/CTS or CSMA/CA+ACK?
CSMA/CA+ACK.
What device must a customer have at its site to connect to a leased line?
CSU/DSU (Carrier Service Unit/Data Service Unit).
What must be done if this is not possible or not sufficient?
Capacity must be increased.
What does CS mean? (Do not just spell out the abbreviation.)
Carrier Sense. Sensing (listening to) the carrier (signal) and using this to implement media access control.
Why are future WAN prices difficult to predict?
Carriers do not price them based on cost alone. They change them as market conditions change regardless of cost changes. They can price them strategically, say to encourage buyers to switch from one service to another.
An FM radio station is called Moldy Oldies 101.1. Is this a channel or a service band?
Channel.
Describe the process by which access point locations are determined.
Circles are drawn on a blueprint with minimum overlap. Each is the diameter expected of a typical access point's reach. This identifies approximate positions of access points. These are modified by building characteristics, such as thick walls or banks of metal filing cabinets.
What class of switches are most end office switches?
Class 5 (the lowest level).
What type of host gets a dynamic IP address?
Clients get dynamic IP addresses. Servers get static IP addresses.
What type of host gets a static IP address?
Clients get dynamic IP addresses. Servers get static IP addresses.
How are fields separated?
Colons.
What is encoding?
Converting various types of information—text, numbers, voice, images, etc. into binary.
______switches connect switches to other switches
Core.
What are cyberterror and cyberwar attacks
Cyber attacks by terrorists and nation states
What type of adversary are most hackers today?
Cybercriminals who hack to make money.
At what layers are Ethernet standards defined?
Layers 1 and 2 (physical and data link)
What are the four steps in the four-way close?
FIN, ACK, (perhaps additional data segments and ACKS from the other side), FIN, and ACK.
Why do carriers offer low-speed "leased lines" that are really DSL lines?
DSL lines provided over 1-pair voice-grade UTP lines are less expensive than traditional T1 line, which needs to run over a special 2-pair data-grade UTP line to the customer premises.
Why are cyberwar attacks especially dangerous
Dangerous because they tend to be sophisticated (and well financed) Dangerous because they try to do widespread damage
In what field is the IP packet in carried Ethernet II frames?
Data field.
Is the path an Ethernet message takes from the source host to the destination host a physical link, a data link, or a route?
Data link
At what layer will you find standards for Switches?
Data link layer and physical layer.
At what layer will you find standards for Wireless access points?
Data link layer and physical layer.
At what layer will you find standards for Data Links?
Data link layer.
At what layer will you find standards for EUI-48 addresses?
Data link layer.
At what layer will you find standards for Frames?
Data link layer.
What are the characteristics of the Internet of Things?
Devices, usually small ones, that communicate directly with one another, without human involvement.
What are the three added fields when IPsec ESP is used?
ESP header and ESP trailer for confidentiality and other protections. Integrity check value for authentication.
Does Ethernet use EUI-48 addresses or IP addresses?
EUI-48 addresses
What kind of data link address do Ethernet networks use?
EUI-48 addresses, formerly known as MAC addresses.
Why is it undesirable to use reusable passwords for anything but the least sensitive assets?
Far too many passwords are easily guessable. (The Mirai botnet takeover method tried fewer than 70 username/password combinations but was extremely successful.)
What is multimode fiber?
Fiber that permits multiple modes to enter the core.
What is another term for "gateway?
Gateway is an old term for router.
When 802.1X is being used, what happens if an attacker plugs his or her host into a switch?
He or she must be authenticated and authorized before using the network
What are the three general parts of messages?
Header, data field, trailer.
Are simplified IPv6 addresses written with decimal or hexadecimal symbols?
Hexadecimal.
Are Ethernet EUI-48 addresses expressed in hex for humans, devices, or both?
Humans
Does a signal travel at a single frequency, or does it spread over a range of frequencies
It spreads over a range of frequencies.
What are the benefits of standards?
Lower cost by permitting competition Innovation beyond the standard to avoid commodity product prices
What benefit did the attackers seek to obtain from their actions?
Make money.
In Figure 9-23, what elements are standardized in the SAs?
Mode, encryption for confidentiality method, hashing method of message-by-message authentication.
What limits transmission distance in multimode fiber?
Model dispersion
Why may adding applications that cannot tolerate latency and jitter be expensive?
More expensive switches and routers may be necessary. If so, purchase and installation costs may be high
What is the most serious propagation problem in WLANs?
Multipath interference
Can a wireless access point and one of the wireless clients in its BSS transmit simultaneously?
NO
In what units are light wavelengths measured?
Nanometers (Wavelength).
What kind of message does the destination host send if it does not receive a segment during a TCP connection?
Nothing.
What kind of message does the destination host send if it receives a segment that has an error during a TCP connection?
Nothing.
What are QoS metrics? (Do not just spell out the acronym.)
Numerical measures for quality of service variables.
If the subnet ID is 16 bits long, how long is the routing prefix?
Routing prefix + subnet ID = 64 bits always. 64 16 = 48 bits long.
What field in an IPv6 global unicast address corresponds to the network part of an IPv4 address?
Routing prefix.
If both OM3 fiber and OM4 fiber can be used for a particular physical link, which should I choose? Why?
OM3 fiber because it will be cheaper.
Do wireless LAN standards governed by OSI or TCP/IP standards? Justify your answer.
OSI standards are dominant at Layers 1 and 2, so Ethernet standards are OSI standards. They are created by the IEEE and later ratified by ISO
What are payloads?
Payloads are pieces of code that malware executes to do damage
Which RFC is used to write IPv6 addresses in canonical form?
RFC 5952.
What propagation problem limits transmission distance in 4-pair UTP?
Radiative attenuation
What is the main benefit of application and network protocol acceleration?
Reduced latency by changing aspects of protocols that tend to increase latency.
What are the benefits of Software-Defined Networking?
Reducing configuration costs. Speeding configuration changes.
What two choices does traffic shaping present for forbidden or undesirable traffic submitted to the network?
Refuse all access. Limit access to a certain percentage of capacity.
What are IETF standards called? (Spell out the name and give the acronym.)
Requests for Comments (RFCs).
Is CSMA/CA+ACK required or optional?
Required.
For what use scenario was 802.11i PSK mode created?
Residences (also small business with single access point). (This is often called SOHO, small office or home.)
Does residential ISP service usually offer SLA guarantees? Why or why not?
Residential service rarely offers SLAs because the service would be too expensive
For what use scenario was 802.11i PSK mode created?
Residential use. Also for small businesses with a single access point.
Which form of authentication that we looked at depends on the supplicant proving that it knows something that only the true party should know?
Reusable password and Digital certificate authentication. If an access card must be supplemented by a PIN, knowing the pin would qualify.
Why may ex-employees attack?
Revenge or theft.
What are rights of way?
Rights of way are permissions to lay wire and transmit radio signals beyond the organization's premises.
What do northbound APIs connect?
SDN applications to the SDN controller.
What type of firewall do most corporations use for their main border firewalls?
SPI firewalls
Why is SSL/TLS attractive for VPNs to connect browsers to webservers?
SSL/TLS is built into every browser and webserver, so it can simply be turned on with no other cost.
Which level of domain name do corporations most wish to have?
Second-level domain.
Do public hot spots protect your transmissions?
Some do, but certainly not all
Why is it important to have and enforce policies for what cryptographic methods and options may be used in an organization?
Some options in IPsec standards (and other security protocols) are too weak for contemporary use. They must be avoided.
When a sales clerk accepts a credit card payment, he or she should type the last four digits of the credit card into the terminal in order for the terminal to verify that the last four digits on the card are the same as on the magnetic stripe. Why should the sales clerk not ask the customer what the last four digits are?
The whole point is that the embossed number on the card is not likely to be the number on the card's magnetic stripe because carders produce many copies of the physical card with the same card number embossed on them. Only the information on the magnetic stripe is different for each card. If you ask a card fraudster for the number on the card he or she is using to make a purchase, the fraudster can tell you the address on the stripe instead of the number embossed on the card.
Why are applications necessary for SDN to be successful?
To reduce the work of the network administrators as much as possible
What is the purpose of the DSLAM?
To separate transmissions from the residence to the Internet and the main PSTN. To mix transmissions from the Internet and the main PSDN to the customer premises over the 1-pair voice-grade UTP access line.
What is the general purpose of the Diffserv subfield?
To specify quality of service.
What types of amplifiers are needed for cable data service?
Two-way amplifiers.
If both UTP and optical fiber can be used for a particular physical link, which should I choose? Why?
UTP because it will be cheaper.
What security threat is 802.1X designed to protect against?
Unauthorized use of the network. A supplicant has to be authenticated and authorized to have access to a switch port.
How does traffic shaping reduce traffic?
Undesired traffic is identified and either prohibited from entering the network or is subject to limitations on the total amount of this type of traffic allowed into the network.
Do WLANs today use licensed or unlicensed service bands?
Unlicensed service bands.
Come up with three examples of things that should be encoded with 3 bits.
Up to 8 alternatives Eight cardinal directions for a compass. Six departments in a division. Seven wonders of the world
How can some redundant backup links be installed without creating loops?
Using the Rapid Spanning Tree Protocol (RSTP).
What three operational security threats must PSK users consider?
Using too short a passphrase for the Preshared Key. Someone giving out the PSK thinking it is not secret. If used in a small business, if someone leaves, the PSK may not be changed because it has to be done manually on all devices.
What kind of physical device is an evil twin access point?
Usually a laptop computer.
Do employees who set up rogue access points have malicious motives?
Usually they do not. They tend to view doing so as minor security violations if they consider security at all.
What is jitter?
Variation in latency in arrival times among packets.
List the internal Target servers the attackers compromised.
Vendor server POS download/update server POS machines Holding server Extrusion server
Describe the state of cryptographic security for new transmission standards
Very mixed. Sometimes very good, sometimes almost nonexistent. Changing rapidly. (The Mirai botnet described in Lesson 1 used IoT devices to send attack messages because so many of them have default passwords, which is the most basic of security failures.)
How do viruses and worms differ?
Viruses add themselves to programs. Worms are stand-alone programs.
If you see a username and password on a sticky note on a monitor, is it hacking if you use this information to log in? Explain in terms of the definition.
Yes it is. You have no authorization to use it.
Can SAs be different in the two directions?
Yes.
Does residential DSL offer simultaneous voice and data service?
Yes.
Convert 5.6.0.255 to a 32-bit IP address (add spaces between groups of 8 bits). (Note: 5 is 0000101, not 101)
00000101 00000110 00000000 11111111 Note: 101 110 0 11111111. IP Packets
Convert 100 to binary.
1100100
Convert the binary number 1111 to decimal.
15.
Does media access control apply to wireless hosts, access points, or both?
Both.
If the ACK bit is set, what other field must have a value?
The Acknowledgement Number Field.
If two hosts are connected by five networks, how many packets will there be when one host sends a packet to the other host? (Hint: Draw a picture.) How may frames
5
If two hosts are connected by five networks, how many packets will there be when one host sends a packet to the other host? (Hint: Draw a picture.) If every host and router connects with a point-to-point connection, how many physical links will there be?
5
If you need to represent 18 alternatives in a field, how many bits long must the field be?
5.
Which initial authentication mode or modes of 802.11i authentication use(s) a central authentication server?
802.1X
Distinguish between 802.3 standards and 802.11 standards.
802.3 standards are Ethernet standards. 802.11 standards are Wi-Fi standards
What are the three wavelength windows used in fiber transmission?
850 nm, 1,310, and 1,550 nm
For LAN fiber, what is the dominant signal wavelength?
850 nm.
How many flag fields do TCP headers have?
9.
IPv6 addresses are 128 bits long. How many IPv6 addresses are there? Just represent the formula for calculating the value.
=2^128
What type of port numbers do clients use when they communicate with server programs?
Ephemeral port numbers.
List the strengths of IPsec compared to SSL/TLS.
IPsec offers much stronger protection. It protects all applications and does so transparently.
What is the main version of the Internet Protocol in use today?
IPv4.
What is the standards agency for TCP/IP? (Give both the name and the abbreviation.)
Internet Engineering Task Force (IETF).
What standard is used in the first stage in IPSEC?
Internet Key Exchange (IKE).
At what layer will you find standards for Routes
Internet Layer
Compare Internet core routers with home access routers in terms of functionality.
Internet core routers are pure routers. Home access routers also do DHCP and have at least a simple firewall, have consumer-grade Wi-Fi access points, and have a multiport Ethernet switch.
Compare them in terms of routing complexity. (Internet core routers with home access routers)
Internet core routers have multiple input and output ports and can do sophisticated routing. Access routers have one port from the Internet and one port to the internal network. Packets coming in one way automatically go out the other way, so routing is trivial.
At what layer will you find standards for IP Addresses?
Internet layer.
At what layer will you find standards for Packets ?
Internet layer.
At what layer will you find standards for routers?
Internet.
Contrast inverse square law attenuation and absorptive attenuation.
Inverse square law attenuation reduces signal power based on its spreading over a wider surface. In absorptive attenuation, the signal's strength is absorbed by water molecules
Why is the 60 GHz unlicensed band attractive?
It has enormous total bandwidth, allowing ultrahigh propagation speeds.
Why can UDP not handle long application messages?
It has no mechanism for segmentation, and packets have maximum sizes
If you see an IPv4 address, what do you know for certain?
That the total length is 32 bits.
Where does it tell the victim to send such frames after the attack of ARP Cache Poisoning?
To the man-in-the middle attacker's EUI-48 address.
Before the attack, where does the ARP cache tell the victim to send a frame carrying a packet to the router?
To the router's EUI-48 address.
What is the goal of social engineering?
To trick the victim into taking actions against security policy.
What problems does 60 GHz unlicensed band pose for Wi-Fi?
Transmission distance is short, and the ability to pass through obstacles as thin as walls reduces how it may be used in a home or organization
How is 802.11ay likely to be better than 802.11ad?
Transmission distance is short, and the ability to pass through obstacles as thin as walls reduces how it may be used in a home or organization.
Your home is connected to the Internet. You get to create SLAs that the ISP must follow. Being reasonable, write SLAs you would like to have for the following things: Write an SLA for speed. Write an SLA for availability. Write an SLA for latency. Do not just say what each SLA should include. Actually write the SLAs as the ISP would write them in the form of specific guarantees. Failure to do this will result in a substantial grading penalty.
Transmission speed will be no lower than 90 Mbps less than 1% of the time or penalty X will be imposed. Availability will be no lower than 99.99% or penalty X will be imposed. Latency will be above 35 ms less than 2% of the time or penalty X will be imposed
What layer or layers govern(s) Application message fragmentation?
Transport.
What kind of message can agents initiate?
Traps (alarms).
What does the Wi-Fi Alliance call 802.11i?
WPA2.
What is the range of port numbers for each type of port?
Well-Known: 0-1,023 Ephemeral: 1024-4999
What type of port numbers do servers use for common server programs?
Well-known port numbers.
If you triple channel bandwidth, what happens to the number of channels in a service band?
You only get a third of the channels
How does caching reduce traffic?
f a specific file is transmitted multiple times, it does not have to be retransmitted each time. The copy cached on the other end of the transmission line is delivered instead.
What are the three parts of an IP packet?
he IP header, the TCP or UDP header, and the application message or fragment.
Is the supplicant the true party or an impostor?
he supplicant could be either. Determining which the supplicant is the whole point of authentication.
Are WANs single networks or internets?
hey can be either. The Internet is an internet, but carrier WAN services can be based on Layer 1, Layer 2, or Layer 3. For instance, carrier Ethernet, which the lesson describes, operates at Layers 1 and 2 and so is not an internet.
How many routes?
There will be ten data links.
Are access links wired or wireless?
They can be either.
Think of at least two specific examples of how application information can be used to increase security
t can identify if an application is port spoofing and deny it. It may be able to identify the application as a particular malware program and stop it. This can also alert the company that a particular malware program is present. In both cases, the specific host sending offending application messages is identified.
How does IPsec provide a great deal of protection?
t protects everything inside the data field as well as some or all of the packet header. (Protection to upper-layer data is transparent.)
If the lowest frequency in a channel is 1.22 MHz and the highest frequency is 1.25 MHz, what is the channel bandwidth?
0.03 MHz (30 kHz)
What is 6D hex in binary?
01101101.
Every time you double the number of states, how many more bits can you transmit? (The answer is not in the text.)
1
How many routes will there be?
1
If two hosts are connected by five networks, how many packets will there be when one host sends a packet to the other host? (Hint: Draw a picture.)
1
How many alternatives can you represent with a 10-bit field? (With 8 bits, you can represent 256 alternatives.)
1,024.
This time using Excel or a decimal to binary converter, convert 128 to binary
10000000.
What is 9 hex in binary?
1001.
What is A hex in binary?
1010.
What is A6 in binary?
10100110.
Convert 47 to binary.
101111
Convert 6 to binary.
110
Convert the decimal number 6 to binary without using a computer.
110.
Convert 15 to binary.
1111.
Convert 62 to binary.
111110
Also using Excel or a decimal to binary converter, convert 255 to binary.
1111111.
Explain how many bytes it will take to transmit "Hello World!" without the quotation marks
12
How many alternatives can you represent with a 4-bit field?
16.
How many bits are there in a field?
16.
When was commercial activity on the Internet first allowed?
1995
How many values can a flag field represent?
2 (0 and 1)
In what two service bands does 802.11 operate?
2.4 GHz and 5 GHz unlicensed service bands.
How long must passphrases be to generate strong pre-shared keys?
20 characters
Convert the binary number 10110 to decimal.
22
A mask has eight 1s, followed by 0s. Express this mask in dotted decimal notation.
255.0.0.0.
In prefix notation, a mask is /16. Express this mask in dotted decimal notation.
255.255.0.0.
Express the mask /18 in dotted decimal notation. (You will need a calculator for this.)
255.255.192.0.
In IP, the Time to Live Field is 8 bits in size. How many values can it represent?
256
If a subnet part is X bits long, how many subnets can you have?
2X−2.
If your network part is 16 bits long, how many hosts can you have per subnet?
2^16−2 = 65,536−2 = 65,534.
If the University of Hawai`i had chosen a 6-bit subnet size, how many subnets could it have had?
2^6−2 = 62 subnets.
If you have a subnet part of 6 bits, how many subnets can you have?
2^6−2 = 64−2 = 62.
If you have a subnet part of 9 bits, how many subnets can you have?
2^9−2 = 512−2 = 510.
Your firm has a 22-bit network part. What subnet part would you select to give at least 10 subnets?
3 bits gives 6 subnets. 4 bits gives 14 subnets. For 10 subnets, the subnet part has to be 4 bits long.
How many 20 MHz nonoverlapping channels does the 2.4 GHz band support?
3.
What is binary 0011 in hex?
3.
How long are sequence and acknowledgment numbers?
32 bits.
How many bits are there in an IPv4 mask?
32 bits.
How many bits long are IPv4 addresses?
32 bits.
What is the total length of an IPv4 address?
32 bits.
If your routing prefix is 16 bits, how long is your subnet ID?
64−16=48 bits.
If your routing prefix is 32 bits, how long is your subnet ID?
64−32=32 bits.
The port number fields in TCP and UDP are 16 bits long. How many port numbers can they represent?
65,535
In TCP, port number fields are 16 bits long. How many possible port numbers are there?
65,535.
What is the maximum application message size when UDP is used at the transport layer?
65,536 bytes. (However, allowed packet sizes are usually much smaller.
UDP length fields are 16 bits long. This field gives the number of bytes in the data field. How many bytes long may a UDP data field be?
65,536.
Explain how many bytes it will take to transmit "Go team" without the quotation marks.
7
Your firm has an 8-bit network part. If you need at least 250 subnets, what must your subnet part size be? (Check figure: 8 bits)
7 bits give 126 subnets. 8 bits gives 254 subnets. 8 bits is sufficient for 250 subnets.
If you want to transmit seven times as fast, how much wider must the channel be?
7 times as wide
How many wires are there in Ethernet cable?
8
If you need to represent 129 alternatives in a field, how many bits long must the field be?
8.
What Work Group of the 802 LAN/MAN Standards Committee developed the 802.1X and 802.1AE standards? This working group, by the way, creates security and management standards for use in all other Working Groups.
802.1 (not 802.3)
Why was 802.11 made reliable?
802.11 was made reliable because there are so many errors in wireless transmissions. (Furthermore, the receiver can detect and fix small errors, reducing retransmissions of incorrect frames. The only other reliable protocol we have seen is TCP.)
If you need an access point providing 3 Gbps service, what choice do you have?
802.11ac.
You are considering a laptop computer that uses 802.11ay. (802.11ay is discussed in the next subsection.) Will your existing 802.11ac access point be able to communicate with the new device? What standard will they use in the communication if communication is possible?
802.11ax, which they both can use
When offered the choice when you are configuring a wireless access point, which WLAN security standard should you choose?
802.11i (WPA2).
Compare the market status of 802.11n and 802.11ac
802.11n dominates the installed base. 802.11ac dominates sales.
Compare the rated speeds of 802.11n and 802.11ac.
802.11n: 100 Mbps to 600 Mbps. 802.11ac: 433 Mbps to 6.9 Gbps.
Distinguish between a BSS, and ESS, and an SSID.
A basic service set consists of an access point and the wireless devices it serves. An extended service set consists of multiple BSSs connected by a distribution system. The SSID is the name of the access point. You must know this to connect to it.
What device do customers need for cable modem service?
A cable modem in the home.
What is a transceiver?
A device that both transmits and receives. A radio, in the case of 801.11
How does MIMO use spatial streams to increase transmission speed?
A different message can be sent in each spatial stream within a single channel. Thanks to differences in propagation time between the multiple antennas on the sender and receiver, the receiver can separate the messages in the different spatial stream and read them both.
What is a DDoS attack?
A distributed denial-of-service attack tries to reduce or eliminate a resource's ability to serve its users. The attacker overwhelms the resource by sending a flood of messages from many compromised computers
What four pieces of configuration information does a DHCP server typically provide?
A dynamic IP address for the host to use as its own (IPv4, IPv6, or both). The IP address of a default route. IP addresses of local DNS servers (Most firms have several for reliability.) The subnet mask for the host's subnet.
When two devices communicate using NFC, how close must they be?
A few inches. (Touching is best)
What is a vulnerability?
A flaw in a program that allows a certain attack to succeed.
How long do momentary traffic peaks last?
A fraction of a second to a few seconds.
What is a hertz?
A frequency of one cycle per second.
Describe NAT operation.
A host sends a packet with a destination IP address and port number. The network address translation firewall changes these to a made-up IP address and port number. When a packet arrives to the fake IP address and port number, the NAT firewall sends these to the correct IP address and port number. It passes this corrected packet to the host that originated the dialogue.
What do we call any device connected to the Internet?
A host.
In cellular technology, what is a cell?
A limited geographical region.
What is a local area network (LAN)?
A network that runs on the customer premises
In a point-to-point single network, how many physical links will there be when a packet is transmitted?
A point-to-point network has both a single physical link and a single data link.
In a routing table, what does a row represent?
A route for a range of IP addresses
What equipment does the customer need in his or her home?
A splitter at telephone jacks and an ADSL modem.
Which letters may appear in a hex EUI-48 address?
A through F.
What is an integer?
A whole number (as opposed to a decimal number).
Describe RTS/CTS.
A wireless client sends a Request to Send message. If the access point accepts the RTC, it broadcasts a Clear to Send (CTS) message. This tells the requestor that it is free to transmit for a certain period of time without the delays of CSMA/CA. CTS also tells other stations not to transmit during this time period.
What name do we give to attacks that occur before a patch is available?
A zero-day attack.
Why must an access point remove an arriving packet from the frame and place the packet in a different frame when it sends the packet back out?
An 802.11 frame could not be passed to an 802.3 network because their frames are incompatible.
Why is the approach of using optional extension headers desirable?
All extension headers have the same mechanism for pointing to the next extension header or data field (higher-layer content). They can also be put in order by whether routers or the destination host needs to read them, so that routers along the way can ignore most headers.
For what four reasons are employees especially dangerous?
Already have access Know the systems Know how to avoid detection Are trusted
Which subnet is the IPv4 address 10.100.11.11 on if the subnet mask is 255.255.255.0? A The 100th subnet B The 10th subnet C The 11th subnet D It is not any subnet.
Answers C is correct. The third octet dictates the subnet with this subnet mask.
A business has an Internet access line with a maximum speed of 100 Mbps. What two things are wrong with this SLA?
An SLA should promise a minimum speed, and there should be a minimum allowable time at a lower speed.
How does NAT enhance security?
An eavesdropper on the Internet will only learn false IP addresses and port numbers, not the real IP addresses and port numbers of internal hosts. (If the attacker acts immediately, it can send packets to the fake IP address and port number, and NAT will send them to the internal host. However, this is rarely possible.)
Distinguish between omnidirectional and dish antennas in terms of operation.
An omnidirectional antenna transmits in all directions equally. It also receives from all directions equally. A dish antenna focuses its transmission in a narrow direction. It also receives better in a narrow direction.
Caitlyn works as the IT admin and the cybersecurity officer for her small company. She likes having DHCP but knows there is a security benefit to having static IP addresses. What is the security benefit of static IP addressing? A Uses mapping software to map the network B Prevents outside users from gaining access to the network C Limits how many IP addresses can be given out to network devices D Gives the ability to assign whatever IP address scheme is wanted
Answer B is correct. If a DHCP server is not available, users cannot simply plug into the network and pull an IP address. With static IP addressing, the IP information must be entered into the host device manually in order for that device to access any resources on the network.
Which layer in the IETF standards governs User Datagram Protocol (UDP)? A Application B Transport C Internet D Data link E Physical
Answer B is correct. Only Layer 4, Transport, governs User Datagram Protocol (UDP).
Cisco is planning to update his company's internal network to accommodate a new branch office. He needs at least 50 private IP addresses with room to expand up to 200 hosts. Which IP address scheme will work for him? A 100.10.1.1/24 B 172.1.0.1/24 C 10.100.1.1/24 D 192.168.0.1/25
Answer C is correct. The 10.100.1.1/24 address scheme will provide 254 addresses in a private scheme. The 192.168.0.1/25 address scheme will only provide 126 addresses. The other options are real-world IP ranges, not private address ranges.
Question : What is the main issue with IPv4? A New equipment is making IPv4 obsolete. B Cellular data technology can not use IPv4. C There are no more available IPv4 addresses. D It limits subnet masks on internal networks.
Answer C is correct. There are currently no more IPv4 addresses to distribute.
Company XYZ is considering adding the use of biometrics to create a multi-factor authentication process. What factor is not an example of biometric authentication? A Fingerprint recognition B Facial recognition C Iris recognition D Blood type recognition
Answer D is correct. Although there are other types of biometric authentication, including voice recognition and palm scanning, blood type is not considered biometric authentication.
If you wish to transmit three bits per clock cycle, how many states must the system have?
Answer: 8
There are thousands of internet-connected companies with even more types of software that all use the internet. All of this software is written in different code and performs different functions. Having standards creates an environment of interoperability. What are some of the benefits of having standards? (Choose all that apply.) This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Decreases bandwidth B Increases competition C Increases security D Creates innovation E Drives prices down
Answers B, D, and E are correct. Having standards increases competition by preventing monopolies, drives prices down by creating competition, and encourages new innovation in technology.
What other types of system do we call broadband?
Any fast system, even if does not use radio channels.
The Snake in the Internet Garden
Anything, Anytime, Anywhere Works for Attackers As Well As Legitimate Users Security Underlies Everything That Network Professionals Do
Why are they called ephemeral?
At the end of the conversation, they are discarded
At which layers of this architecture are IETF standards dominant?
At the internet and transport layers.
At which layers are ISO and ITU-T standards dominant?
At the physical and data link layers.
Why is a short transmission range not a protection against eavesdroppers?
Attackers can use highly directional antennas to read signals at a longer distance than regular users can. (A Pringles can is especially good for this.
What factors in the Internet's informal development process lead to rapid standards development and low-cost products?
Beginning with simple standards. Rough consensus and running code avoid many delays
What factors affect what throughput an individual user will receive in cellular data speeds?
Being far from a cellsite. When there are many simultaneous customers. Driving into a crowded cellsite. The number of customers using a cellsite simultaneously in general. Transmission through buildings tends to reduce signal strength, leading to lower throughput.
Why must authentication be appropriate for risks to an asset?
Better authentication methods are more expensive. (They also tend to be more inconvenient to use.) Authentication should be strong enough to counter risks to the asset, but it should not be far stronger. If the risks are high, however, using strong authentication is required
Why do MANs have higher typical speeds than broader-scope WANs?
Bits are not transmitted as far in MANs than in WANs. By the reasoning above, MANs should cost less per bit than WANs. Therefore carriers will offer lower prices per bit transmitted in MANs. Companies will purchase more bits per second of capacity at lower prices.
Is transmission speed usually measured in bits per second or bytes per second?
Bits per second (bps)
In general, how do Bluetooth LE profiles differ from Classic Bluetooth profiles? (You will have to think about this one a little.)
Bluetooth LE profiles focus on IoT devices.
What is the almost-universal exterior dynamic routing protocol?
Border Gateway Protocol (BGP).
Connecting different networks is the main job of what type of router?
Border routers
What is a collection of compromised computers called?
Botnet.
Which programs directly attack the victim in a distributed denial-of-service attack?
Bots
What do we call a system whose channels are wide?
Broadband.
Why does cellular telephony use cells?
Cells allow mobile devices with limited power to communicate over short distances. This means that there can be channel reuse, in which the same channel can be used in different cells simultaneously.
What can retailers do to defend themselves against counterfeit credit cards?
Check the last four digits of the card number printed on the card with the last four digits on the card number and the strike
What transmission media do cable television companies use?
Coaxial cable.
What has been holding back the adoption of IPv6?
Companies did not want to do the work of adopting it until they were forced to do so before IPv4 addresses were nearly exhausted.
What are carriers
Companies that have been give rights of way in wired and wireless transmission
List the four mechanisms we discussed for optimizing transmission over a transmission link.
Compression. Caching. Traffic shaping. Application and network protocol acceleration (Tuning)
What protection does confidentiality provide
Confidentiality ensures that any eavesdropper who intercepts your messages cannot read them.
What three protections are typically given to each packet?
Confidentiality, authentication, and message integrity.
For what use scenario was 802.11i's 802.1X mode created?
Corporations with multiple access points.
Distinguish between dedicated and multiplexed transmission links.
Dedicated links are unshared. Multiplexing transmits the traffic of multiple conversations over a shared trunk link.
What specific security weakness did the Mirai malware use to propagate from machine to machine?
Default passwords on devices that were not or could not be changed. These default passwords are common knowledge, so logging into a device with an unchanged default password is easy. Since the book was written, the Mirai botnet creators were identified and pled guilty. At the time of their guilty pleas, which came about a year after their main attack, they were 20 and 21 years old. Most of the compromised devices, by the way, had equipment produced by Hangzhou Xiongmai. It had a default password that was not required to be changed.
In digital certificate authentication, what does the supplicant do?
Encrypts the plaintext challenge message with his, her, or its (the supplicant's) private key
What does the Wi-Fi Alliance call this 802.11i initial authentication mode?
Enterprise mode.
Why do we focus on ESP and not on AH?
ESP offers the full spectrum of protections: confidentiality, authentication, and message integrity, among others. It is rare to only want authentication with AH. (AH was created for situations in which governments forbade encryption for confidentiality in transmissions through their countries. This is uncommon today.)
What kind of data link address do Wi-Fi networks use?
EUI-48 as well.
Why is two-factor authentication desirable?
Each form of authentication faces threats. For two-factor authentication to fail, two threats must succeed. This is less likely in most cases.
What two benefits should this new recommendation bring for password from NIST?
Easier to remember. Also better security because the rule is less likely to be circumvented by users.
What two ICMP message types are used in ping?
Echo request. Echo reply.
Distinguish between ICMP error advisement and control messages.
Error advisement messages let the device know that there has been a particular type of error. Control messages tell the device to change the way it operates.
What are the implications of the fact that bots can be updated?
Errors in their operation can be fixed after these flaws are discovered. The software is no longer unfixable after release. Code can be added to repurpose bots for things like transmitting spam. The botnet or a portion of it can then be rented to spammers
What three types of attacks may come from your firm's business competitors?
Espionage to steal trade secrets Denial-of-service attacks Attack your reputation via social media
What are the two names for connectors and jacks for ethernet cables?
Ethernet and RJ-45.
What do TCP/IP supervisory protocols govern?
Everything except the transmission of packets and their contents across the Internet: the Domain Name System, protocols for routers exchanging routing table information, error messages, etc
What is the definition of a trailer?
Everything that comes after the data field
What is the definition of a header?
Everything that comes before the data field.
Distinguish between evil twin access points and rogue access points.
Evil twins are created by a hacker who wishes to eavesdrop and send packets into the network. Rogue access points are set up by nonmalicious insiders. They allow the hacker to gain access to the network to transmit attack packets.
Single-mode fiber is more expensive to purchase and install than multimode fiber. A True B False
Explanation: Answer A is correct. Single-mode fiber is more expensive to purchase and install; however, single-mode fiber allows for a much longer signal run than multimode fiber.
As a digital network security professional you can see the expanding network and bandwidth consumption of the Internet of Things (IoT). Which characteristic does not describe IoT devices? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Experiencing explosive growth B Strong security C Used in internet connected homes D Small and compact
Explanation: Answer B is correct. Most IoT devices come with a login ID paired with a common password. When end users fail to change the default password, IoT devices are left vulnerable to online attacks.
As the system administrator for your company, one of your jobs is to negotiate the service-level agreement (SLA) for the new fiber circuit into your building. You have asked for 100% uptime. Is this reasonable? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Yes. That is standard in all SLAs. B No. That would be far too costly for the provider. C No. There are too many weather-related issues that affect fiber. D Yes. It is a fiber circuit.
Explanation: Answer B is correct. SLAs are usually written on a percentage base. As the guaranteed uptime increases, so do the engineering and maintenance costs associated with that reliability.
Network design always begins with a traffic analysis. What is not a consideration when performing a traffic analysis? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Leased-line transmission speeds B Employee count C Site count D QoS
Explanation: Answer B is correct. Site count, QoS, and leased-line transmission speeds all affect traffic requirements and throughput and should be considered when determining internet speeds. Employee count would not be a factor, but something like device count might be taken into consideration.
Governance is one of the most complex tasks involving internet data and access. Very little of the internet is controlled or governed by anyone. However, one agency controls internet addresses. What is the agency that controls this one aspect of the internet? A IETF B IANA C IEEE D NIST
Explanation: Answer B is correct. The Internet Assigned Numbers Authority (IANA) controls and documents who owns what IP addresses, since every single connected device outside of private networks needs a unique address. The IANA prevents address duplication and ensures that devices can access the World Wide Web.
Amber's job requires her to monitor 15 servers, 28 switches, 8 wireless access points, 2 hardware firewalls, and 200 workstations. She has decided SNMP is the tool to use. What role does the SNMP manager perform? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Displays results in a graphical format B Communicates with a large number of devices C Gives instructions to the monitored devices D Dictates what information is gathered
Explanation: Answer B is correct. The manager communicates with a large number of managed devices. The SNMP manager is a separate program or agent usually running on its own server. It queries agents that are configured to connect to it and receives answers about the system state of the queried device.
Members of the accounting department suddenly lost access to the company's document server. As you troubleshoot the issue, you find that the management office can still access the document server. You also notice the accounting office cannot reach the internet. Among the options listed, what is the most likely cause of this issue? A The domain controller crashed and will not authenticate workstations to company resources. B The power supply on the managed network switch for the accounting department failed. C A hacker has taken control of the system with the use of a remote access trojan. D An accountant opened an infected email on his workstation and the Unified Threat Management shut down the department access.
Explanation: Answer B is correct. The most probable scenario is that the power supply for the network switch to the accounting department has failed. Once the switch was powered off, network traffic could no longer be routed to anywhere else on the network.
According to the bit formula N = 2b - 2, what is not a usable IP address? A 192.168.0.201 B 192.168.0.256 C 10.1.254.1 D 10.1.1.254
Explanation: Answer B is correct. There are only 254 valid IP addresses, not 256.
Brian is installing a point-to-point wireless backhaul. He needs the most bandwidth possible. Which wireless standard should he employ? T A 802.11n B 802.11ac C 802.11p
Explanation: Answer B is correct. Using 802.11ac could achieve a bandwidth of 160 MHz. Using 802.11n would only allow for a bandwidth of 40 MHz. 802.11p is not applicable.
om is the IT admin for his company. When he travels, he can use his smartphone to remotely access his work computer. This requires that his phone use the internet protocol (IP). What generation of cellular signal first made this possible? A 2G B 3G C 4G D 1G
Explanation: Answer C is correct. 4G was the first carrier generation that provided enough speed and IP transmission to allow high-bandwidth applications such as remote access programs to be used.
John is the IT administrator for his company. He has set up the internal wireless network using WPA2, a hidden SSID, and MAC address authentication. He has also set up an access point in his office without that security so he can personally connect any of his wireless devices to the network without authentication. What critical vulnerability has John created? A secure corporate access point B An evil twin access point C A rogue access point D A Bash Bunny
Explanation: Answer C is correct. A rogue access point is an unauthorized access point typically configured with poor security or no security at all. An evil twin is a man-in-the-middle attack in which traffic between a host and a legitimate access point is intercepted. A Bash Bunny is a USB hacking tool.
Robin is sitting in a local coffee shop using the free wireless. She wants to connect to her bank. Which standard will provide end-to-end protection for her as she does her online banking? T A WPA2 B WEP C VPN D WPA
Explanation: Answer C is correct. A virtual private network (VPN) creates an encrypted link over a less secure connection. This is the only option listed that offers end-to-end protection. WEP, WPA, and WPA2 provide link protection between the access point and the host but do not offer end-to-end security.
Elliot is the sysadmin for a bank that has several branches. A branch president calls and informs Elliot that her printer is not working. When Elliot gets to the president's office, the branch president is not there. Elliot discovers a list of passwords sitting in plain view on the desktop. For which activity would Elliot be justified in using the branch president's passwords? This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9. A Testing her login ID and password against other systems. B Logging into her email to see if it had been hacked. C There is no activity for which this would be justified. D As a training example to demonstrate weak passwords. E Using her login credentials to verify that her VPN access is secure.
Explanation: Answer C is correct. Any unauthorized use of a computer resource or information is considered illegal. This would clearly be beyond Elliot's level of authorization. He should immediately inform the branch president that he saw her passwords and recommend the passwords be changed immediately. He should then advise her of the value in protecting password confidentiality.
Nik is running UTP CAT6 cabling through a shielded metal conduit to an adjacent building. The run is 325 feet. If she wants to achieve a transmission rate of 750 Mbps, what is the minimum ethernet signaling standard that will be required? A 10GBASE-T B 100BASE-TX C 1000BASE-T D 5GBASE-T
Explanation: Answer C is correct. CAT6 has a rated transmission speed of 1 Gbps over 100 meters, which converts to roughly 328 feet. Using a 1000BASE-T signaling standard, 750 Mbps would be achieved.
CAT5e is comprised of four twisted pairs that provide data transmission between connected devices and the internet or intranet. However, eight pieces of twisted wire are not required to provide a data connection. How many conductors can data can be transmitted and received over? A One solid conductor B One mesh conductor C Two conductors D Four separate conductors
Explanation: Answer C is correct. The correct answer is two conductors, one to transmit signal and one to receive signal. A cable modem is an example of this.
Lucas has noticed a substantial decrease in available bandwidth and an increased latency on his company network. He ran a URL capture in Wireshark and discovered that multiple users are streaming video and audio on their workstations. What can Lucas do to mitigate this? A Block popular video and audio streaming sites at the firewall B Use traffic shaping to regulate non-business applications C Remove the sound cards from user's workstations D Buy 10Gb service from the local internet service provider
Explanation: Answers A and B are correct. Both traffic shaping and URL blocking are feasible options.
If an attacker cannot find a vulnerability to exploit an internal corporate network, what type of an attack might the attacker try next? (Choose all that apply.) A A phishing attack B A USB attack C A Code Red worm D A remote access Trojan
Explanation: Answers A and B are correct. If there are no vulnerabilities to exploit to gain internal access to a system, a hacker may resort to human error. Tricking an employee into opening an infected email or inserting an infected USB stick into a network computer can provide the means to deliver an infected payload to the system.
Which layers in the OSI model are listed in the Ethernet (802.3 standards)? (Choose all that apply.) A Physical B Internet C Transport D Data Link E Application
Explanation: Answers A and D are correct. The Physical layer and the Data Link layer are listed in the Ethernet 802.3 standards.
The ABC company is budgeting for a new wireless mesh network inside their building. Some members of the design team suggest bypassing the initial planning and access point (AP) location placement survey. What are some issues they may experience after equipment implementation if they bypass the AP placement survey? (Choose all that apply.) Having a rogue access point B Overloading access points C Office areas with dead spots D Experiencing interference between access points
Explanation: Answers B, C, and D are correct. Possible consequences of skipping the site evaluation include overloading access points, having office areas with dead spots, and experiencing interference between access points.
There are total channels in the 2.4 GHz band. Of these, only are non-overlapping.
Explanation: There are 11 total channels in the 2.4 GHz band. Of these, only 3 are non-overlapping, and these are channel numbers 1, 6, and 11.
How is the syntax of Ethernet II frames depicted?
Fields are shown one below the other, not 32 bits on a line. They are shown by their field size in octets.
Distinguish between what firewalls look at and what antivirus programs look at.
Firewalls examine packets; antivirus programs examine files.
You are using an access point with a rated speed of 4 Gbps. Why will you experience much less speed?
First, the throughput is always less than the rated speed. (Problems include propagation difficulties and overhead and delays in the standard that makes the number of packet bits delivered less than the number of frame bits carrying the packet.) Second, the throughput is shared by all simultaneous users, so your individual throughput will be lower.
What are 1-bit fields called in TCP?
Flag fields.
How do the Version Number Fields in IPv4 and IPv6 differ?
For IPv4, it is 0110 (Binary for 4). For IPv6, it is 0110 (Binary for 6).
Why will 5G also bring energy-efficient low speeds?
For IoT devices.
Which is more harmful to the victim? Why?
For credit card theft, quick reporting of unauthorized purchases will delete these transactions without paying for them. In identity theft, there can be large reimbursed losses, and even discovering these may take as long period of time
If any row other than the default row matches an IPv4 address, why will the router never choose the default row?
For the default row, the length of match will be zero; any other matching row will have a longer length of match and so will be chosen instead of the default row.
Why is asymmetric speed acceptable in residential ADSL service?
For the main residential application on the Internet, namely webservice, it reflects the reality of traffic flows in the two directions. It is also fine for music and video streaming. It is less desirable for e-mail, videoconferencing, and other applications, but upload speeds are generally high enough for symmetric residential applications.
Distinguish between four-way closes and abrupt resets.
Four-way closes are orderly endings in which both sides agree to the termination and in which remaining segments that need to be sent by one side are sent before the termination. In abrupt resets, one side sends an RST segment and there are no more segments from either side.
What do data link layer standards govern?
Frames organization and the operation of frame forwarding devices (switches and access points) in processing frames.
Are Ethernet messages packets or frames?
Frames.
Is wireless radio transmission usually described in terms of wavelength or frequency?
Frequency.
What does "G" stand for in cellular telephony?
Generation.
What is malware?
Generic name for evil software used in attacks
What are the two types of top-level domains?
Generic top-level domains and country top-level domains.
Distinguish between SNMP Get and SNMP Set commands
Get commands ask for information. Set commands tell the agent to change the way its device operates.
What is the promise of newer authentication systems?
Get rid of reusable passwords
What services do Internet service providers provide?
Giving access to the Internet and carrying traffic in the Internet.
What should a router do if it receives several packets going to the same destination IPv4 address?
Go through the entire 3 steps for each.
What continuing changes in the Internet are contributing to its ability to support new applications constantly?
Growing speed, growing ubiquity, and growing reliability
What is the definition of hacking?
Hacking is intentionally using a computer resource without authorization or in excess of authorization
How many channels are there in the FM band?
Highest Service Band Frequency 108 MHz Lowest Service Band Frequency 87.5 MHz Width of Service Band 20.5 MHz Channel Bandwidth in kHz 200 kHz Channel Bandwidth in MHz 0.2 MHz Channels (Width of service band / Channel bandwidth) 102.5
Would an SLA guarantee specify a highest jitter or a lowest jitter?
Highest jitter.
Would an SLA specify highest latency or lowest latency?
Highest latency
Compare corporate access points and Internet access routers with wireless access point capabilities.
Home access routers have rudimentary access points. Corporate access points can be remotely managed, have adjustable power, and usually can be remotely manageable.
What is often the only extension header that routers must consider?
Hop-by-hop options (0).
If you see 0 in the Next Header Field of a header, what will follow this header?
Hop-by-hop options designed for routers to read.
What is the actual difference between 802.11 and Wi-Fi?
IEEE standards are 802.3 standards. The Wi-Fi Alliance creates compatibility profiles based on subsets of 802.11 standards. Products that pass may display "Wi-Fi" on the box.
What nonhost device is a terminating point in site-to-site VPNs and host-to-site (remote access) VPNs?
IPsec gateway.
Which standards agency(ies) is(are) especially important For Internet supervisory processes?
IETF.
Which standards agency(ies) is(are) especially important For transport processes?
IETF.
What is the syntax of a socket?
IP address, colon, port number.
Is IP a connectionless or connection-oriented protocol?
IP is connectionless. There are no openings, closings, or sequence numbers
Why does the Internet need supervisory protocols?
IP, TCP, and UDP deliver packets. However, there are many other Internet standards. Most deal with the management of the Internet beyond packet delivery. These beyond-routing standards are called supervisory protocols.
List one object in each of the following areas: the system, IP, TCP, UDP, ICMP, and an interface. Explain how it might be used in network management.
IP: Number of discards because of resource limitations, etc. This suggests that there the router is discarding packets because it has insufficient memory or processing power. TCP: Errors in incoming segments, etc. A Large number of errors can be symptoms of several problems. UDP: Errors: no application on requested port. If there are many, someone has been trying to hack the server by trying many well-known port numbers to see if their applications are responsive. ICMP: Number of errors of various types. Each type of error may indicate a specific problem in the network. Interface: Type (e.g., 71 is 802.11) Different types of errors have specific problems.
In which stage is the SA used to provide protection?
IPsec Protection Stage.
What are the standards agencies for OSI? Just give the abbreviations.
ISO and ITU-T.
Which standards agency(ies) is(are) especially important For data link processes?
ISO and the ITU-T.
Which standards agency(ies) is(are) especially important For physical transmission processes?
ISO and the ITU-T.
Distinguish between ISO and OSI.
ISO is a standards agency. OSI is an architecture.
Who are the most dangerous employees?
IT employees and security employees.
Why are firms often reluctant to use Set commands?
If Set is turned on, a successful hacker can reconfigure routers, switches, and other devices to do what he or she wishes to do.
How can a drive-by hacker defeat a site's border firewall?
If a drive-by-hacker can connect to a corporate access point, this adversary then has access to corporate resources without going through the border firewall.
What reliability problem does Ethernet have?
If a single trunk line or switch fails, the network is cut in half.
Under what conditions will a source host TCP process retransmit a segment?
If it does not receive and acknowledgment quickly.
If someone says that a flag field is set, what does this mean?
If it is sent, it has the value 1. If it is not set, it has the value 0
What are the implications for digital certificate authentication if the true party's private key is stolen?
If someone steals the true party's private key, they can defeat digital certificate authentication.
If carrier speed falls below its guaranteed speed in an SLA, under what circumstances will the carrier not have to pay a penalty to the customers?
If the length of failure time is less than allowed in the SLA
Why is decision caching dangerous?
If the router stops being valid after the first, following packets will be routed incorrectly.
How were consumers damaged by the breach?
If they notified their card company of fraudulent transactions, they would have been reimbursed. They had to go through the hassle of canceling their credit cards and getting new ones.
What are router ports called?
Interfaces.
If you click on a link expecting to go to a legitimate website but are directed to a website that contains information you are not authorized to see, is that hacking? Explain in terms of the definition.
If you do not look around after going there, then there is no intentionality, so accessing it without authorization is not hacking. (However, the government can still prosecute you, claiming intentionality. Calling law enforcement immediately is a good idea.)
How can good security be an enabler with SNMP?
If you have good security, you can use SNMP Set commands. This will reduce network labor and make network management.
When might you use EIGRP as your interior dynamic routing protocol?
If you need to route packets from architectures other than TCP/IP.
What happens when a host cannot reach a Domain Name System server?
If your device cannot reach a DNS server, knowing a site's host name will not allow you to learn its IP address so that you can send it packets.
Does a frame's receiver transmit an ACK immediately or after a random delay?
Immediately.
How is carrier sensing used in multiple access?
In CSMA/CD+ACK, when a wireless NIC wishes to transmit, it listens for traffic. If there is traffic, it waits. When the traffic stops, may transmit immediately if there has been no traffic for a certain time. When the traffic stops shortly after traffic has been sent, it waits a random amount of time and implements CSMA /CD again
Why are routing tables more complex than Ethernet switching tables? Give a detailed answer.
In Ethernet, there is only one possible data link path between endpoints. Therefore, there is only one port in each switching table for a destination EUI-48 address. This means that there is only one matching row. Finding this match is very fast. In routers, mesh organization means that there are multiple routes between hosts. Therefore, a destination IP address may match several rows. Finding all of these rows takes a great deal of processing cycles
What type of router connects different subnets?
Internal routers.
How does the verifier get the true party's public key?
In a digital certificate from a certificate authority (CA)
How are switches in an Ethernet LAN organized?
In a hierarchy.
Distinguish between individual and aggregate throughput.
In a shared system, the aggregate throughput is the throughput available to all users. Individual throughput is the speed an individual receives; it is lower than the aggregate throughput. The individual throughput is the aggregate throughput divided by the number of active users at the moment.
Distinguish between physical links and data links
In a single network, physical links are connections between adjacent devices, such as hosts, switches, and access points. The data link is the path that a packet takes across one or more (usually more) physical links in a single network.
Distinguish between binary and digital signaling.
In binary signaling, there are two possible states. I n digital signaling, there are a few possible states
Distinguish between client and server hosts.
In client/server processing, there are two hosts. The one that provides service is the server host. The one that receives service is the client host.
Distinguish between credit card number theft and identity theft.
In credit card theft, the cybercriminals steal your credit card number and perhaps related information. They use this to commit credit card fraud by buying things with your credit card. In identity theft, the cybercriminal steals enough personally identifiable information about you to impersonate you in large transactions such as purchasing a car. This includes your birth date, social security number, and other information that should be difficult to obtain (but often is not).
Do IDSs stop packets?
In general principle, they do not. (However, some IDSs can be configured to stop packets if they have high confidence (but less than full certainty) that a packet is an attack packet. DDoS attacks are the most often treated this way. This does increase the risk of deleting legitimate packets.)
Where are WAN optimization devices found?
In long-distance lines.
How does near field communication differ from normal radio communication?
In normal radio communication, power is sent. In NFC, power surges out but most of it comes back. (Kind of like the tide but on a far smaller and faster scale.)
Can you think of a way to allow a client on one virtual LAN to communicate with a server on another VLAN? Hint: Switches typically have no way of doing it. Hint 2: It involves an access control list or some other type of device. The ACL permits specific client-server host pairs to communicate.
In practice, they do so through a router. A router can treat each VLAN as a simple subnet and pass packets between VLANs the way it passes packets between subnets. The router can have an ACL that determines witch packets can pass between subnets. It might let a certain host IP address on VLAN 33 send a packet to VLAN 1021. Or, it might let all hosts on VLAN 47 send packets to all hosts on VLAN 3
Why is signature detection not enough?
In signature detection, the antivirus program looks for signatures (patterns in the code) that characterize a particular piece of malware. Unfortunately, many malware programs change their code constantly, making signature detection unlikely to succeed
Distinguish between signature detection and behavioral pattern detection.
In signature detection, the antivirus program looks for signatures (patterns in the code) that characterize a particular piece of malware. Unfortunately, many malware programs change their code constantly, making signature detection unlikely to succeed. Behavior pattern detection looks at what malware does. In a simple case, if it sees that a piece of code is attempting to reformat the hard drive, it will not accept it.
In which header are source and destination IP addresses found?
In the IP header of the packet.
Where does the SNMP manager store the information it receives from Get commands?
In the Management Information Base (MIB).
Where is control function placed in SDN?
In the SDN controller.
In which header are source and destination data link addresses found?
In the header fields of frames.
Where was the control function placed traditionally?
In the individual switches and routers
Do we use the two terms interchangeably?
In this book, we will.
Distinguish between standards and protocols
In this course, we will use these terms as equivalent.
Explain traffic shaping.
In traffic shaping, traffic is not always allowed into the network.
Where is the ESP header placed in IPv6?
In tunnel mode, after some extension headers and the main header in the outer packet. In transport mode, after the main protected packet header and some extension headers.
If the signal strength from an omnidirectional radio source is 20 mW at 10 meters, how strong will it be at 70 meters, ignoring absorptive attenuation? Show your work
Initial Distance 10 m Final Distance 70 m Distance Ratio 0.1429 DR^2 0.0204 Initial Power 20 mw Final Power 0.4082 mw
If the signal strength from an omnidirectional radio source is 8 mW at 30 meters, how strong will it be at 150 meters, ignoring absorptive attenuation? Show your work
Initial Distance 30 m Final Distance 150 m Distance Ratio 0.2 DR^2 0.04 Initial Power 8 mw Final Power 0.32 mw
What are the two stages in IPsec protection?
Initial Handshaking (Negotiation). IPsec Protection Phase (Providing Protection after Negotiation).
In which stage is the SA negotiated?
Initial handshaking/negotiation via IKE.
Describe the three-step opening in TCP.
Initiator sends SYN segment Other side sends SYN/ACK segment. Initiator sends an ACK segment.
How do NGFWs address this problem of SPI firewalls?
Instead of using the port number as a proxy for the application's identity, it actually identifies the application by analyzing the messages it sends and receives.
What field in a global unicast IP address corresponds to the host part of an IPv4 address?
Interface ID.
What do we mean by the "Internet of Things?"
IoT devices are usually small devices such as surveillance cameras that communicate directly with one another without human involvement. There will soon be more IoT device using the Internet than humans surfing the Web, sending e-mail, sending Excel and Word files, and doing other "humanish" things.
What does ip do if it does not find an error?
It accepts the packet. No response is sent.
What does the transport process add to the application message or fragment?
It adds a transport layer header—either a TCP or UDP header.
Why is the Internet's ability to give broad access a good thing?
It allows individuals to get broad access to resources on the Internet, regardless of their location.
What is the purpose of dynamic routing protocols?
It allows routers to exchange routing table information. This is how routing tables are built.
What danger does it bring?
It also allows criminals to gain wide access to resources and customers in order to exploit them.
Why can TCP handle long application messages?
It breaks them into smaller pieces and sends each in a separate TCP segment.
Why is face recognition controversial?
It can be used surreptitiously, without the person's knowledge.
Why is FTTH attractive?
It can carry traffic to residences far faster than coaxial cable or copper wire.
What initial authentication mode does 802.11i use?
It can use either PSK or 802.1X for initial authentication.
In the IPv4 address, 10.11.13.13, what is the network part?
It cannot be determined from the information given.
Critique (positively or negatively) the fact that Target knew that fraud was already occurring with the stolen card data but did not reveal this when it announced the breach.
It caused potential harm to its customers. It permitted time for investigation without notifying the attackers. Target probably should have told the customers immediately to maintain its relationship with them
Describe the fourth in UDP
It checks for errors in the entire UDP datagram. If there is an error, the UDP datagram is discarded.
What does the internet process on the destination host do when a packet arrives for it?
It checks for errors. Then it removes the IP header and passes the TCP segment or UDP datagram up to the transport process.
How does a company or individual obtain a second-level domain name?
It contacts a domain registrar like GoDaddy.com or Domains.com.
How does the last extension header before a UDP datagram indicate that the UDP datagram comes next?
It contains the value 17.
Why are typical WAN speeds slower than typical LAN speeds? Give a clear and complete argument.
It costs more to transmit bits over longer distances. Therefore WANs cost more to transmit per bit than LANs. When prices rise, organizations buy fewer of things. Corporations specifically buy fewer bits per minute for WAN services than LAN services. This dynamic underlies everything in WAN transmission.
What does a firewall do when an arriving packet is definitely an attack packet?
It drops it and logs it.
What will happen to your speed as you move away from the access point?
It drops. (Errors increase as the signal gets weaker and becomes more difficult to detect well. So the access point and wireless client switch to a modulation scheme that has longer clock cycle to make reading the signal more likely. A longer clock cycle reduces the number of bits sent per second.)
Why is this important? (Internet)
It emphasizes that the Internet was created to network many smaller single networks together.
What does the transport process on the destination host do with multiple TCP segments from a single application message? (This answer is not short.)
It first checks the TCP segment for errors. If it finds an error, it silently discards the packet. If the packet is free of error, the transport process on the destination host collects all the TCP segments for an application layer message. Using the TCP sequence number field, it puts the application message fragments back in order. It combines them into the original application message. Finally, it passes the application message up to the application process
Why is direct propagation especially dangerous?
It happens without victim action. There is no indication that it is occurring. It happens very, very rapidly.
All wireless hosts and the access point that serves them transmit on the same channel How does media access control (MAC) address this problem of Only one device, including the access point, may transmit at a moment.?
It implements rules to ensure that only one device transmits at a time.
Comment on the cost of central access point management.
It increases hardware costs. It reduces management labor cost. The latter usually is much greater than the former.
What is the structure of the PSTN core?
It is a modified hierarchy. It is mainly a hierarchy, but there are cut-through connects between switches at the same level that pass a lot of traffic to one another.
Why may fingerprint recognition be acceptable for user authentication to a laptop?
It is a weak form of authentication, but low-value laptops
Why is the Internet not about sending messages between hosts?
It is about sending messages between applications. Applications are the only things that users care about.
Why does OFDM divide the channel into subcarriers?
It is easier to control transmission quality in a narrow channel.
Why does multimode fiber dominate LAN installations?
It is less expensive and carries signals far enough for LAN trunk lines
What is the attraction of SSL/TLS compared to IPsec?
It is less expensive. All browsers and webservers support SSL/TLS, allowing simple reconfiguration to turn it on. Many browsers do not implement IPsec. Using IP sec would lose customers who cannot or probably will not use IP sec.
How is this protection limited(802.11I)?
It is limited to communication between the wireless client and the access point.
If you Ping a host and it does not respond, what can you conclude?
It is not reachable. Possibilities for this: It may not be functioning. There may be no network path to it. There may be a network failure A firewall may be blocking the ping. (This is common.)
Why is handling options the way that IPv4 does undesirable?
It is not systematic. They are not in any particular order, and they do not have the same general syntax. This increases code and processing time.
How is the access point used in Wi-Fi Direct?
It is not. Two wireless devices communicate directly with Wi-Fi instead of going through an access point.
Which state needs the most security protection in SPI firewalls? Why?
It is the connection-opening state, because this is when you authenticate the other party. Also, you exchange secrets that will be used during the connection.
Why does this wavelength dominate?
It is the least expensive and sends signals far enough for LANs.
Is IP reliable or unreliable? Explain
It is unreliable. It does error checking and discarding if it finds an error.
why is is a problem in having 3 nonoverlapping channels in the 2.4 GHz band
It is very difficult to avoid interference between nearby access points
How does the receiving data link layer process know what is in the data field of an Ethernet II frame?
It looks at the EtherType field.
How was Target damaged by the breach?
It lost customers and experienced a serious sales slowdown. It had to pay out money in lawsuits and fines. Top executives were fired
What is the advantage of the answer to the previous subparts of this question?
It means that there are many fewer rows in routers than switches for a network with a certain number of hosts.
What happens if a carrier does not meet its SLA guarantee?
It must pay a penalty unless the length of failure time is greater than allowed in the SLA.
Does a firewall drop a packet if it probably is an attack packet?
It passes the packet and does not log it.
What does a router do when an IP packet arrives?
It passes the packet on to the next-hop router or, in the final router, to the destination host.
What is its other benefit?
It permits signals to be read at greater distances without switching to slower modulation schemes
Why can good security save money in network management?
It permits the company to use Set commands for doing remote diagnosis and management.
What does the internet process do with each TCP segment?
It places it in the data field of an IP packet.
What are the two benefits of NAT?
It provides some security against eavesdropping. It allows there to be many more internal hosts than external IP addresses.
What does the evil twin do after initial association when the victim client transmits?
It receives the frame, reads the packet, and transmits the packet in a new frame addressed to the wireless access point.
Why is low speed and short distance good in the Internet of Things?
It reduces battery energy consumption
Why is the automation of network management tasks important?
It reduces management work and therefore costs.
What does a router do if it receives a packet with a TTL value of 2?
It reduces the TTL value to 1 before sending it back out.
How does compression reduce traffic?
It removes redundancy in the traffic stream.
What is the benefit of Bluetooth Low Energy?
It saves battery power.
What type of battery do very small Bluetooth LE devices require, and why is this important?
It saves battery power.
What is the security benefit of Ethernet VLANs?
It segments the network so that hosts that are not permitted by policy to communicate cannot communicate.
What does the transport process do to the application message if it is short enough to fit in a single packet? If the application message is too long?
It simply puts the application message in its data field. There is no fragmentation of the application message.
How does Ethernet use parallel transmission?
It transmits over all four pairs in both directions simultaneously. (The sender listens to what it hears, subtracts what it is sending, and gets what the other side is sending.)
Why is the need to manage the leased line network an issue?
It uses a lot of expensive labor.
If you increase propagation distance by a factor of 100, how much will signal intensity change at the receiver?
It will have 1/10,000 the intensity
Why would you not want to use high-speed Bluetooth all the time?
It would drain the battery rapidly.
Why would it be nice if Wi-Fi offered a basic printing profile?
It would make it easier to print from Wi-Fi-enabled devices.
Why aren't all protocols reliable?
It would require extreme total processing power. (Just making TCP reliable catches errors at lower layers.)
Why is coaxial cable called "coaxial?"
Its two transmission strands are a central wire and an external cylinder running along the same axis. (Signals are trapped inside the cylinder and do not attenuate as rapidly as signals sent through wire pairs in the PSTN.)
If someone in your firm gives you his or her password and you log into that person's account, is this hacking? Justify your answer in terms of the definition of hacking.
Just because someone gives you his or her password, this does not mean that you are authorized to use it. If the firm does not authorize password sharing, then that person cannot authorize you to use the password even if he or she gives it to you. Yes, intentionality is there.
If 100 conversations averaging 50 Mbps are multiplexed on a transmission line, will the required transmission line capacity be less than 5 Gbps, equal to 5 Gbps, or more than 5 Gbps?
Less than 5 Gbps. (Individual conversations have bursts and silences; only traffic during the bursts is normally carried.
There are six routers between the source and destination host. How many transport processes will be involved? Explain.
Just two—the ones on the source and destination hosts. Routers do not need transport processes to route packets.
What is the difference between the two types of spyware mentioned in the text?
Keystroke loggers record your keystrokes. Data miners search your computer for specific information, such as bank accounts, social security numbers, and passwords.
Compare the diversity of technologies in LANs and WANs.
LAN technologies usually offer more choices than carrier WAN services. (This is again a carrier business decision.)
Distinguish between LANs and WANs
LANs operate on the customer premises. WANs operate among customer premises.
What is latency?
Latency is delay in transmission.
Which two layers standardize Ethernet and Wi-Fi operation?
Layers 1 and 2 (Physical and Data Link).
At what layers do wireless LANs operate?
Layers 1 and 2 (physical and data link).
Which two layers standardize most of the Internet's operation?
Layers 3 and 4 (Internet and Transport)
What are the characteristics of leased lines?
Leased lines provide always-on high-speed transmission between a pair of sites. They are leased for certain periods of time, so the lessee is locked in for that time.
Convert A1-B2-C3-44-5D-3C to binary. Leave a space between each octet. As a check, there must be 48 bits.
Letter ASCII A 01000001 1 00110001 B 01000010 2 00110010 C 01000011 3 00110011 4 00110100 4 00110100 5 00110101 D 00110101 3 00110011 C 01000011
What is a mode?
Light entering an optical fiber core at a particular angle
Why are contractor firms more dangerous than other outside firms?
Like employees, they have access, know the systems, know how to avoid detection, and are trusted.
How is the Hop Limit Field used?
Like the Time-to-Live field in IPv4. Each router along the way decrements it by one, and if the decrementation takes it to 0, the router discards it.
What is alphanumeric information?
Limited view: digits (0-9) and letters. Typical: all keyboard characters.
Distinguish between link security and end-to-end security.
Link-security provides security over part of the path from the client to the server; 802.11i does this on the data link from the wireless client and the Wi-Fi access point. End-to-end security provides security all the way between the client and the server. A host-to-host VPN does this.
What is the business benefit of multiplexing?
Lower transmission cost.
Are simplified IPv6 addresses written in uppercase or lowercase letters?
Lowercase
Would an SLA specify a highest availability or a lowest availability?
Lowest availability.
Would an SLA specify a highest speed or a lowest speed?
Lowest speed.
Distinguish between MIMO and multiuser MIMO (MU-MIMO).
MIMO directs energy at a particular device. MU-MIMO divides its energy and sensitivity between two or more devices, assigning some of its power and sensitivity to each. This spatially divides signals so that they do not interfere, allowing simultaneous transmissions between the access point and targeted devices.
What was the traditional recommendation for passwords?
Make them long (8 to 12 bits, usually) and make them complex, with a combination of uppercase letters, lowercase letters, digits, and keyboard special characters (#^?, etc.). Change them frequently.
What is the U.S. National Institute of Standards and Technology's new recommendation?
Make them very long (passphrases instead of passwords), make them un-guessable, and don't worry about complexity. Do not change them frequently.
What are the most frequent types of attacks on companies?
Malware attacks
List the criminal groups, besides the main attackers, who were involved in the overall process.
Malware writer Crimeware shop Main attackers Card shops Card counterfeiters and mules
Explain the difference between managed devices and objects.
Managed devices are physical devices such as switches, routers, firewalls, client hosts, and server hosts. Objects are specific pieces of information in an object-oriented database (the MIB) about a managed device (whether a router is forwarding packets, etc.).
What four things do physical layer standards govern?
Media Connectors Plugs Signaling
What do physical layer standards govern?
Media, signaling, connectors, plugs.
What cryptographic protections does 802.11i provide?
Message-by-message confidentiality, authentication, and message integrity. )Also, initial authentication, followed by secure setup.)
Distinguish between cryptographic methods and options.
Methods are entire protocols, such as IPsec. Options are choices in the protocol's implementation, such as encryption method and key length.
In what units is latency measured?
Milliseconds.
Distinguish between chronic lack of capacity and momentary traffic peaks.
Momentary traffic briefs are very brief. Their effects can be reduced by good management. Chronic lack of capacity means that traffic exceeds capacity most of the time. Their effects cannot be reduced by good management. The only thing to do is add sufficient capacity most of the time.
In general, when a source host sends a packet to a destination host, will there probably be more data links or routes along the way? Explain.
More data links normally. This is because the packet will usually travel across multiple single networks to get to the destination host. There is never more than one route
What is the benefit of spread spectrum transmission for business communication?
More reliable communication (through reduced multichannel interference).
Why is the PSTN important in WAN data transmission?
Most carriers buy many or all of their transmission lines from telephone company carriers
When the side that initiates the close sends its FIN segment, does it stop transmitting more TCP segments? Explain.
No. It still sends ACKs.
What type of devices are most servers?
Most servers are rack servers.
What is a roaming in 802.11?
Moving from one access point to another without losing the Wi-Fi connection.
How do IDS offer a broader picture of the threat environment than NGFWs?
NGFWs only log the packets they drop as if they are identified as definite attack packets. Only IDSs report packets that are highly suspicious; these may also be attacks.
Do switches know the entire data link between the source and destination host?
NO
Does spread spectrum transmission increase transmission speed thanks to its wider channels?
NO
Does the choice of initial authentication mode change how other phases of 802.11i work?
NO
Which initial authentication mode is used for message-by-message encryption, authentication, and message integrity?
Neither. Message by-message encryption, authentication, and message integrity is done after initial authentication.
Compared to e-mail and VoIP, what priority would you give to network control messages sent to switches and routers? Explain your reasoning.
Network control messages should get highest priority because they are crucial for network operation, and latency or loss can be very harmful to network performance.
What is a network standard?
Network standards are rules of operation that specify how two hardware or software processes work together by exchanging messages.
How does security thinking differ from network thinking?
Network thinking is worried about equipment failures and management errors. In security, adversaries are intelligent humans who respond to new countermeasures, making these countermeasures less effective or ineffective.
What are the three parts of an IPv4 address?
Network, subnet, and host parts
What are networked applications?
Networked applications are those that require a network to communicate with one another. Early computer programs ran on stand-alone devices and did not interact with other programs on other machines.
Why are QoS metrics important?
Networks must not just work. They must work well. Without QoS metrics, companies could not assess how well they worked.
If you change a standard at one layer, do standards at other layers need to be changed?
No
Is there a single dominant IoT communication standard?
No
Does a DNS server have one record for a particular domain (including a host), or does it have more than one?
No it has several records for a single domain.
Does a DHCP server give a host the same IP address each time?
No they do not. Although they may try, there is no guarantee.
Are all Ethernet switches manageable?
No.
Is 45.7 an integer?
No.
Is this easy to do?
No.
May a company select the routing protocol its border router uses to communicate with the outside world?
No.
When carriers use the terms 4G and 5G, do they use it consistently with the formal standards for 4G and 5G?
No.
UDP does error detection and discarding but does not do the retransmission of damaged or lost datagrams. Is UDP reliable? Explain.
No. Both error checking and error correction are needed for reliabilit
Are all data link addresses EUI-48 addresses?
No. EUI-48 is the most common type of data link address but not the only type
Do routers have a row for each individual IPv4 address?
No. Each row is for a range of IP addresses.
Does the client know that his or her local DNS server contacted another DNS server to obtain an IP address? (This requires some thought and an answer beyond a simple yes or no.)
No. It always receives the DNS response message from its local DNS server regardless of what DNS server provided the information to the local DNS server.
Does the SNMP manager communicate directly with the managed device? Explain.
No. It communicates with the network management agents, not the individual managed devices.
Is the server always a webserver?
No. It is important to distinguish between examples in the text and the general situation.
Is the Domain Name System only used to send back IP addresses for given host names? Explain.
No. More broadly, it is a general naming system for the Internet.
Does the originating host need to contact the DNS host each time it sends a packet to the target host? Explain
No. Once it contacts the DNS server, it stores the host name-IP address data pair in a DNS cache. If the host name is used again, its IP address will be read from the DNS cache entry for that particular host name
Is every TCP segment acknowledged?
No. Only if it is correctly received. Pure SYNs are not acknowledged.
Do all worms spread by direct propagation?
No. Only some.
In a Wi-Fi LAN, do two wireless hosts usually send frames directly to one another? Explain
No. The sender transmits the frame to the access point, which sends it on to the receiving host.
Does IPv6 have a header checksum field?
No. There is no error checking, even for the header.
Who is in charge of the Internet?
Nobody is really in charge of the Internet. The ISPs simply work with one another.
Who owns the Internet?
Nobody owns the entire Internet. Different companies own different ISPs, which carry one another's packets between the source and destination hosts.
What is the consequence of this?
Not doing error checking reduces router processing time and cost per packet handled.
Were banks and credit card bureaus damaged by the breach?
Not heavily. They recovered their relevant costs to Target.
What type of antenna normally is used in WLANs? Why?
Omnidirectional antenna, because the other device is always near but its direction is rarely known
What is a FIN segment?
One in which the FIN bit is set
Because of this organization, how many possible paths can there be between any two hosts?
One.
How many packets?
One. Always.
What protocols that we saw in this lesson are reliable?
Only TCP.
Should you use canonical text representation to reduce the modified EUI-64 interface ID by itself, or should you do it only for the entire IPv6 address?
Only do it for the complete IPv6 address.
Do SYN segments have data fields?
Only headers.
All wireless hosts and the access point that serves them transmit on the same channel. What problem does this cause?
Only one device, including the access point, may transmit at a moment. (Multiuser MIMO, if implemented, gets around this. It is not mentioned in the text, but MIMO does not increase transmission bandwidth. The bandwidth is shared among all the devices that are communicating.)
In what radio band or bands does Z-Wave operate?
Only the 800/900 MHz band. (The 800 MHz band is used in the United States, the 900 MHz band in Europe. Zigbee also operates in the 2.4 GHz band.)
f there is a chronic lack of capacity, which of the mechanisms described in these sections can help?
Only traffic shaping.
Is RTS/CTS required or optional?
Optional.
Who mounts APTs today?
Originally, only nation states. Today, cybercriminals are also addling APT
What spread spectrum transmission method dominates today?
Orthogonal Frequency Division Multiplexing (OFDM )
What three choices do you have for reducing the impact of delays on latency-intollerant traffic?
Overprovisioning (adding more capacity than will be needed nearly all the time). Prioritizing latency-intolerant traffic. Giving QoS guarantees to certain types of traffic.
What is the advantage of each compared to the others?
Overprovisioning wastes capacity but adds no management costs. Priority adds no capacity costs but requires management costs. QoS guarantees are fine for guaranteed traffic but by reserving capacity, QoS makes things worse for other traffic.
Keys and passwords must be long. Yet most personal identification numbers (PINs) that you type when you use a debit card are only four or six characters long. Yet this is safe. Why?
PINS are entered manually, preventing millions of tries in a second or two. Trying all possible combinations manually is usually too slow. (In addition, the device with the PIN may be in a public location. If it is, trying a lot of combinations is suspicious.) (Ideally, the device being subjected to a manual PIN attack will call for help or lock itself completely if too many attempts are made.
Contrast the use scenarios for initial authentication in PSK mode and 802.1X mode.
PSK: Residences and small businesses with single access points. 802.1X: Corporations with many access points.
Are packets carried inside frames, or are frames carried inside packets?
Packets are carried in the data fields of frames.
What form of authentication would you recommend for relatively unimportant resources? Justify your answer.
Passwords may be sufficient, but fingerprint recognition and face recognition are easier to use and do not get into the problem of forgetting passwords. (However, fingerprint and face recognition often fail to authenticate the true party, so passwords are commonly used as fallback methods.)
What are your choices if you are hit by ransomware? Which would you recommend
Pay the ransom or lose the data. This is a tough one. If the cost of the lost data is far larger than the ransom, paying the ransom is difficult to refuse. On the other hand, it encourages more ransom attacks
In IPv6, how can the receiver tell the length of packet?
Payload length field. (Adding the main header length to the payload length gives the packet length. For once, the IRTF did something simple.)
What is a PAN?
Personal Area Network: the devices around a person or the person's desk.
Distinguish between phishing and spear phishing attacks
Phishing attacks pretend to be communication from legitimate companies and websites; they are sent against many potential victims. It is like throwing a fishing net into the sea at a particular location. Spear phishing attacks are targeted against an individual or small group of individuals. They are more convincing than general phishing attacks because they include personal and situational details that make them seem legitimate.
What causes dead zones?
Physical objects that signals cannot pass through.
What layer or layers govern(s) transmission media?
Physical.
What types of latency do Ping and Traceroute give you?
Ping gives round-trip latency to the pinged host. Traceroute also gives round-trip latency to each router along the route, as well as to the pinged host.
Distinguish between Ping and Traceroute.
Ping only pings a host. Traceroute also pings all routers along the route.
What are interfaces?
Ports (plugs) in a router.
You have been using your phone and your school's Wi-Fi network to access hosts on the Internet. Suddenly, you cannot reach Internet hosts. Create a two-column table. In the first column, create a list of possible causes. In the second column, describe how you would test each one. (You may not be able to test them all.)
Potential Problem How to explore the problem. Your mobile phone may be on airplane mode Check your airplane mode setting. Your Wi-Fi may be turned off in settings. Check in settings whether Wi-Fi is on. The access point may not be accepting your connection. Check in your Wi-Fi settings if you are connected. The access point may not be functioning. Does it show up in your list of available access points? If so, it is probably working. If not, it is likely not to be working.
In digital certificate authentication, the supplicant could impersonate the true party by doing the calculation with the true party's private key. What prevents impostors from doing this?
Presumably, only the true party knows the true party's public key.
What harm does the ARP cache poising do?
Primarily, it can intercept frames, read their contents, and (usually) pass them on
Distinguish between private networks and virtual private networks
Private networks are for the exclusive use of an organization. Virtual private networks use physical networks that mix the traffic of many organizations but provide protection to individual conversations so that users appear to have private networks as far as security goes
What might be holding back SDN in many firms?
Probably a belief that a particular company does not need it now. Concerns about the maturity and cost of SDN Concern about being locked into a single vendor.
What individual victim or group of individual victims suffered the most harm?
Probably retailers, with Target coming in second.
How did the attackers exfiltrate the card data?
Probably via FTP from an internal extrusion server to an external landing server.
What are Trojan horses?
Programs that disguise themselves by taking the name a legitimate program, usually a system program
Why does the access point connect to the corporate Ethernet LAN?
So that clients using Wi-Fi can access servers on the main corporate LAN and on the Internet.
In a coffee shop, there are 10 people sharing an access point with a rated speed of 2 Gbps. The throughput is half the rated speed. Several people are downloading. Each is getting an average of 100 Mbps. How many people are using the Internet at that moment?
Rated speed: 2 Gbps Throughput: 1 Gbps (half of the rated speed) Individual throughput: 100 Mbps Simultaneous users: 10
Why is the signal held constant over each clock cycle?
So that it does not have to be read exactly in the middle of the cycle
What kind of attack may succeed against a system with no technological vulnerabilities?
Social engineering attack.
Which of these addresses will routers use to deliver the IP packet?
Routers use IP addresses to deliver IP packets.
What is router forwarding called?
Routing.
What is the advantage of simplifying IPv6 addresses according to strict rules?
Searching in text documents and databases can find a simplified IP address because everyone will simplify IPv6 addresses in the same way, giving an unambiguous text string to search for.
What is an SA?
Security Association. A negotiated agreement on how two parties will communicate via IP sec.
Are the set of frequencies used for police communication in a city channels or a service band? Explain
Service band.
What are service level agreements?
Service level agreements (SLAs) are contracts that guarantee minimum levels of performance for various QoS metrics such as speed and availability.
If you are a large company, do you want a long routing prefix or a short routing prefix? Explain.
Short routing prefix. The shorter the routing prefix, the longer the subnet ID and therefore the more subnets you can have.
Compare relative cost and maximum propagation distance for multimode and single-mode fiber.
Single-mode fiber carries signals farther but is more expensive.
Who creates a rogue access point?
Someone inside the firm, usually an employee or department.
What form of authentication would you recommend for your most sensitive resources?
Something with high precision and difficulty of spoofing. Iris recognition and digital certificate authentication are good.
Is the supplicant the true party or is the supplicant an impostor?
Sometimes it is the True Party, sometimes an impostor. The whole purpose of authentication is to determine which it is
What are the four fields in a UDP header?
Source port number Destination port number. UDP length UDP checksum
What do southbound APIs connect?
Southbound APIs.
What is the benefit of parallel transmission?
Speed (sends more bits per clock cycle).
You can transmit 1.54 Gbps in a channel you use frequently. You want to transmit at 4.32 Gbps. How much wider must your channel be than its current bandwidth?
Speed increase: 4.32 / 1.54 = 2.81 Channels must be three times as wide.
What benefits can it bring?
Speed. Signals can be sent and received at greater distances without switching to a slower modulation scheme.
What is a typical speed, distance, and power consumption for Bluetooth LE slaves?
Speed: Usually 125 to 250 kbps, but up to 2 Mbps. (Figure 7-10) Distance: A few meters (Figure 7-18) Power: Usually 0.01 W to 0.5 W compared to 1 W for classic Bluetooth
How is multipath interference controlled?
Spread spectrum transmission
In the 2.4 GHz and 5 GHz service bands, what type of transmission method is required by regulators?
Spread spectrum transmission
What is spyware?
Spyware steals information from your computer and send it to attackers.
Why is a static IP address needed for this type of host?
Static IP addresses allow a client to address packets to servers easily. If server IP addresses changed constantly, there would be no way for clients to address packets to them because the clients would have to find some way to learn the target host's current dynamic IP address. DNS servers only store static IP addresses associated with host names, although there are extensions for dynamic IP addresses. However, Dynamic DNS is not the norm.
What two things does Ping tell you about a host that replies?
That it is reachable and the round-trip latency to reach it.
Distinguish between Step 1 and Step 2 in the routing process
Step 1 is finding all matching rows. Step 2 is selecting the best-match row.
Distinguish between Step 2 and Step 3 in routing.
Step 2 is finding the best-match row. Step 3 is sending it out the interface in the best-match row to the particular IP address in the best-match row.
What field in an IPv6 global unicast address corresponds to the subnet part of an IPv4 address?
Subnet ID.
Why has Ethernet become the dominant LAN technology?
Sufficient performance at low cost.
Are Ethernet forwarding devices switches or routers?
Switches
What is the benefit of having a single possible path through an Ethernet network?
Switches make simple decisions and so cost less per frame they forward.
What are manageable switches?
Switches that have the electronics to be managed remotely via SNMP.
Explain the network adage "Switch where you can; route where you must."
Switching is less expensive than routing
What is noteworthy about control segments?
TCP control segments only have headers.
For what general class of messages at what layer is ICMP used?
TCP/IP supervisory protocols.
Transmission through the Internet?
TCP/IP.
What information do the two tag fields give in an Ethernet II Frame?
Tag Protocol ID: That the frame is tagged. Tag control information: priority and VLANs.
Both DNS servers and DHCP servers send your client PC an IP address. What is different about these two addresses?
The DHCP server sends the requesting host an IP address for the requesting host to use. The DNS server sends the requesting host the IP address of a target host with which the requesting host wishes to communicate.
What standards architecture do most organizations actually use in practice?
The Hybrid TCP/ IP-OSI Standards Architecture
Which standards agency(ies) is(are) especially important for internet processes?
The IETF.
What are the three parts of an IP packet?
The IP header, the TCP header, and the application message or message fragment.
In which part of an IP packet will you find the source and destination IP addresses?
The IP header.
What other two standards agencies work together to create network standards? (IETF is not one of them for this answer)
The International Organization for Standardization (ISO) and the International Telecommunications Union-Telecommunications Standards Sector (ITU-T)
What standards agency creates Internet standards?
The Internet Engineering Task Force (IETF)
What is the role of the IETF?
The Internet Engineering Task Force creates technical standards for the Internet.
Why does this version of the course deal with Ethernet II frames?
The Internet Protocol calls for IP packets to be carried inside Ethernet II frames.
Distinguish between the Internet and carrier WANs.
The Internet connects nearly all organizations worldwide but does not offer QoS guarantees. Carrier WANs offer QoS (and therefore higher prices) to connect corporate sites to carry traffic with strong QoS needs.
In what two ways was the KrebsOnSecurity DDoS attack unusual?
The Krebs on security attack was unusual for its very high attack traffic volume and the fact that the compromised devices were Internet of Things devices instead of the usual suspects: laptops, mobile phones, desktops, or server computers.
Why is the Internet often depicted as a cloud?
The cloud symbolism emphasizes that devices and people who use the Internet do not have to understand how it works. It simply accepts and delivers their packets.
Does the verifier decrypt with the true party's public key or the supplicant's public key? Why is this important?
The True Party's public key. If it used the Supplicant's public key, it would always decrypt the response message correctly whether the supplicant is the True Party or an impostor.
If the ISP had chosen a 10-bit subnet size, how many subnets could it have had?
The UH has a 16-bit network part. 10 bits would give 1,022 possible subnets.
What is the main promise of 802.11ax over 802.11ac?
The ability of an access point to serve more users. (Higher user density)
What is interoperability?
The ability to work together.
At what layer is the encoding of application messages done?
The application layer. In OSI, it is done at the presentation layer
Explain "advanced" in the term advanced persistent threat.
The attack uses sophisticated techniques beyond those of most hacking and other cybercrimes
In ARP cache poisoning, the attacker poisons the victim's ARP cache. This allows the attacker to read frames that the victim sends to the router. How can it read the frames that the victim receives from the router?
The attacker must poison the router's ARP cache so that the victim's IP address associates with the attacker's EUI address. When the router receives a packet from the outside for the victim's IP address, it will send this packet in a frame addressed to the attacker.
In 802.1X operation, what device acts as the authenticator in Wi-Fi?
The authenticator is the wireless access point.
What server will your local DNS server contact if it does not know the IP address of a host?
The authoritative DNS server for the host name's domain.
When a network mask is applied to any IPv4 address on the network, what is the result?
The bits of the network part when there are 1s in the network mask and 0s in the following places.
In HTTP, which application program initiates an interaction?
The browser.
How are VPNs able to defeat evil twin attacks? Explain in detail.
The client encrypts twice—first with the V P N key, and then for the key it unknowingly shares with the evil twin. The evil twin can decrypt with the second key, but it does not know the VPN key, so the message is unreadable to the evil twin.
How are ephemeral port numbers generated?
The client generates an ephemeral port number randomly for each conversation
To what computer does the attacker send messages directly?
The command and control server.
Why is it useful to configure a client every time it boots up?
The configuration information is always current at the time of boot up. Manual configuration information would not change automatically if conditions changed on the network.
What are the two states in connections for SPI firewalls?
The connection-opening state and the ongoing communication state.
What does the data field contain?
The content being delivered
Distinguish between the control function and the forwarding function for networks
The control function configures the device's forwarding rules. The forwarding function forwards frames and packets according to the forwarding rules.
When a customer uses a leased line to connect to its ISP, what two points does the leased line connect?
The customer site and the ISP's point of presence (POP).
To what device will the final router send a frame?
The destination host.
Why is device theft or loss a serious risk?
The device may contain information of value to the firm or to an enemy.
Why must the forwarding function remain on the network device? (The answer is not in the text.)
The device physically does the forwarding. This is the forwarding function.
Why can they defeat 802.11i security?
The drive-by-hacker can try secured access point until he finds an unsecured or poorly secured rogue access point.
What is a cellsite?
The electronics needed to provide cellular service and the facility around it.
What is the resulting message called?
The encapsulated application message or fragment plus the TCP or UDP header form a TCP segment or a UDP datagram.
What do they surround in tunnel mode for IPv4?
The entire original packet.
Describes the steps that occur when the server transmits a packet back to the wireless client.
The frame travels over the Ethernet network to the access point. The access point removes the packet from the Ethernet frame, places it in an 802.11 frame, and sends this frame to the wireless client
Distinguish among the frequency spectrum, service bands, and channels.
The frequency spectrum consists of all possible frequencies. It is divided into contiguous frequency ranges called service bands. Each service band is assigned to a specific service or set of services. Signals in a service band are sent in individual channels. (At least traditionally.)
Distinguish between headers and header fields.
The header is everything that comes before the data field. The header is subdivided into header fields, for example source and destination address fields.
How do you think TCP would handle the problem if an acknowledgment were lost, so that the sender retransmitted the unacknowledged TCP segment, therefore causing the receiving transport process to receive the same segment twice?
The initial and retransmitted segment would have the same sequence number.
What two processes does the network stack provide?
The internet and transport processes.
Describe how the internet process checks an arriving packet for errors.
The internet process checks arriving packets for errors by doing a check on the header only
In encryption for confidentiality, what must be kept secret?
The key (not the cipher itself)
What is the maximum size of an IP packet?
The maximum size of an IP packet is 65,536 bytes. Not discussed in the book is the fact that many frames cannot carry that much data. In 802.3 Ethernet (excluding Jumbo Frames), the data field is limited to 1,500 bytes. For 802.11 Wi-Fi it is 2,304 bytes. The source data link process therefore needs to fragment packets across multiple frames, and the destination data link process has to put them back together. Nice to know, but with so much else to go over, including this in the text would have been a matter of serious overload, confusing them with the transport process's fragmentation of application messages, which is more important to understand.
What do the 1s in an IPv4 subnet mask correspond to in IPv4 addresses? Think carefully!
The network AND subnet parts
What do the 1s in an IPv4 network mask correspond to in IPv4 addresses?
The network part.
What is the relationship between the network visualization program and the SNMP manager?
The network visualization program draws its data from the manager and the MIB and sends commands to the manager.
In what ways is the pairwise session key the user receives after authentication different from the PSK?
The pairwise session key is only known by access point and a single wireless client.
Why are the terms payload and data field not synonymous?
The payload includes both the data field (upper-layer content) and extension headers.
What is availability?
The percentage of time a resource is available for use.
What characteristic of the true party is used in access card authentication, iris authentication, and digital certificate authentication?
The physical access card and usually a memorized PIN. The supplicant's iris pattern in his or her eye. Knowing the True Party's private key.
What must a user know to authenticate his or her device to the access point?
The pre-shared key (PSK).
Distinguish between rated speed and throughput.
The rated speed is the speed the standard or the carrier specifies. Throughput is the speed you actually receive.
Passive RFID chips have no batteries. How can they transmit when queried?
The reading device's near field surge zone provides power to the passive RFID chip via an antenna around the chip.
How would decision caching speed the routing decision for packets after the first one?
The router would simply repeat the decision instead of going through all three steps each time
What characteristics do all access points in a corporate network share?
The same SSID
What is the advantage of using unlicensed service bands?
There is no need to get a license for each Wi-Fi device or to have the license revised every time it is moved.
Why is a reset segment not acknowledged?
The sender is not listening, so why try to acknowledge it?
What is the local loop?
The set of access lines connecting customer premises to the PSTN core.
Distinguish between the supplicant and the verifier.
The supplicant is the party attempting to prove its identity, usually as a particular True Party. The verifier appraises the supplicant's credentials. If it is satisfied that the supplicant is who he, she, or it claims to be, the supplicant is verified.
What do IP, TCP, and UDP govern?
The transmission of packets and their contents over the Internet from the source host to the destination host.
How is each pair organized in an ethernet cable?
The two wires in each pair are twisted around each other. Pairs are not twisted around other pairs. The 8 wires are not twisted around one another.
Why may it be advantageous to change a standard if the standard at the layer below it is upgraded?
The upgrade might provide useful functionality that can only be exploited with an upgrade at the layer receiving services.
What is biometrics?
The use of biological measurements to authenticate you
What does the verifier do?
The verifier decrypts the response message with the True Party's public key. If this recreates the challenge message, then the supplicant must know the True Party's private key and therefore is the True Party because only the True Party should know it
Does an SLA measure the best case or the worst case?
The worst case. If you are guaranteed an eight-ounce steak, it means that you will not get less. If it was the best case, you would get no more than 8 ounces, which would actually be nice.
How long is each part of an IPv4 address?
Their total is 32 bits. Individual part lengths vary.
Distinguish between the DNS root and top-level domains.
There are 13 DNS root servers that can always be used to begin a name search. Only other DNS servers contact them. Top level domains are domains for broad categories of domains, such as .com or .edu.
When must firms do site surveys to give users good service?
There are always complicating factors, so coverage cannot be fully determined ahead of time. Access points have to be positioned, coverage checked with a site survey, and positions and/or power levels adjusted until adequate coverage is achieved
Why are companies moving rapidly into the 5 GHz band?
There are more channels and therefore fewer devices harmed by co-channel interference.
What is the main problem with IPv4 that IPv6 was created to solve?
There could only be about 4 billion IPv4 addresses, and these have been handed out in a wasteful way. We are now effectively out of IPv4 addresses, so new devices must have IPv6 addresses.
A host sends a packet to another host. There are ten single networks along the way. How many hosts will there be?
There is always a single route because this is the name we give to the path a packet takes across an internet
Why is Ethernet unreliable despite having a Frame Check Sequence Field that is used to check for errors?
There is error detection and discarding. There is no retransmission, which is needed to fix errors
In 802.1X, which is the verifier?
There is no single verifier. The verification function is split across authenticator and the authenticator server. The authentication server does most of the verification work but not all.
Why is this risk probably acceptable for the PSK use scenario?
There is probably not a strong risk of sophisticated attackers.
What security concern do ICMP error advisement messages and echo response messages bring?
They allow a hacker to ping many devices to identify IP addresses they can attack farther. (And the structure of your network's routers and subnets.)
What do network visibility tools allow a manager to do?
They allow management to understand what is happening throughout a network.
What are Bluetooth LE advertising messages?
They announce the presence of the device so that users can connect to them.
Why are Ethernet standards formally called 802.3 standards?
They are created by the IEEE 802.3 LAN/MAN Standards Committee
How are carriers attempting to reduce the cost of installing FTTH?
They are installing fiber to neighborhoods then using neighborhood splitters to reach homes. This minimizes longer distance transmission lines to neighborhoods. In addition, upgrading access lines to residences in neighborhoods all at once is cheaper than doing it when individual homes want higher-speed service.
How are private IP address ranges used?
They are only used inside a firm, not on the Internet.
Why are stateful packet inspection (SPI) firewalls attractive?
They are relatively inexpensive and provide quite strong protection
What is the state of NFC standards?
They are still in flux. (There is no mesh networking, but for the applications in which NFC is used, this may not be a concern.)
Why are carrier WANs not often used to link multiple firms together?
They are unlikely both to be connected to the same carrier WANs.
Are LANs single networks or internets?
They can be either. (Large ones, such as those on college campuses and industrial parks, are usually internets with many LANs connected with routers into an internet. (not The Internet.)
Why does it usually not matter what standards agency creates an application layer standard?
They can nearly all run over TCP.
What resources can they purchase and sell over the Internet?
They can purchase attack software and the time of expert attackers. They can use crime shops to sell what they have stolen.
How do Trojan horses propagate to computers?
They cannot travel by themselves. They do not mail themselves or propagate directly. They must be placed there by a hacker, another piece of malware, or the users themselves succumbing to social engineering.
Why do small IoT devices only implement Bluetooth LE?
They do not have the power to implement Classic Bluetooth
Why is this type of attacker extremely dangerous?
They have the resources to procure good attack software and the income to sustain prolonged attacks
Why are NGFWs more expensive than SPI firewalls?
They must capture many packets, reassemble the application messages they contain, and analyze the messages to identify the application. This is a lot of work. An SPI firewall merely looks at port numbers in individual packets.
Over what transmission system do access points communicate with each other to accomplish roaming?
They must communicate via the distribution system, which is normally an Ethernet wired LAN.
How do business DSL lines differ from residential DSL lines?
They offer symmetrical speed. They have a QoS guarantee.
Why are SPI firewalls limited in their ability to detect attack packets?
They only check port numbers. Well-known port numbers are usually good proxies for applications, but attackers can run another application using a well-known port number. This is port number spoofing. A good example is running an attack program on Port 80, which many SPI firewalls are programmed to pass.
Why are sequence numbers good?
They permit segments to be put in order if they arrive out of order. Unique sequence numbers create unique Acknowledgement Numbers.
How did the attackers gain access to Target's network?
They probably phished an employee at Alakai Mechanical to learn his login credentials to the Target vendor server.
Why are SPI firewalls economical?
They provide strong protection for the critical opening phase. They do not use much processing power per packet during the ongoing communication phase, which is when nearly all packets are sent.
Why are standard configurations desirable?
They save configuration time and reduce configuration errors. Their configuration can then be modified as needed for that particular router's role.
Do they cost more money than they save? Explain.
They save more money than they cost.
Why are IPv6 addresses simplified?
They take a long time for humans to read and write (128 1s and 0s are daunting for humans to handle.) Simplification using hexadecimal notation eases reading and writing time. However, unlike IPv4 dotted decimal addresses, even simplified IPv6 addresses are rarely memorized, even by nerds and budding nerds. Routers and hosts sneer at these pathetic human limitations and work with 128-bit addresses directly.
Why are IDS painful to use?
They tend to generate many false positives, identifying packets as suspicious when they are legitimate. This leads to considerable work investigating "attacks" that actually are legitimate traffic. This is very time consuming and tends to have the same impact as "the boy who cried wolf."
How do fiber cords typically provide full-duplex transmission?
They transmit on a different stand in each direction
How do viruses and worms propagate using social engineering?
They trick the user into opening an attachment or take some other action that installs them on the system.
What is a gateway?
This is an old term for router. It is used in many standard names.
Why do standards architectures have multiple layers?
This permits division of labor in standards development, with each layer's standards developed by experts at that layer.
Why must simplification rules be followed precisely?
This results in a standardized abbreviation, allowing string searching for them in text documents and databases.
Why may employees attack?
To steal money and trade secrets they can sell. To take revenge on their employer or ex-employers.
What is beneficial about transmitting data over 1-pair voice-grade UTP?
This wiring is already installed to residences, so there is no need to lay new wire.
How do adversaries often enter the system and then expand to other parts of it?
Though an employee or other insider, such as a contractor. A phishing attack is common
You are working at an access point with 20 other people. Three are doing a download at the same time you are. The rest are looking at their screens or sipping coffee. The access point you share has a rated speed of 150 Mbps and provides a throughput of 100 Mbps. How much speed can you expect on average for a download?
Throughput = 100 Mbps Users (including you): 4 Individual throughput: 25 Mbps.
How might a security administrator use SNMP Get commands to access points?
To ask for information about it, such as status, errors, failed connections, etc.
What are the two common business uses for carrier WANs?
To connect corporate sites together. To connect corporate sites to the Internet.
What are the two functions of the MTSO?
To control all of the cellsites. To connect the cellular system's customers with regular wireline customers and the customers of other wireless systems.
What is the specific goal of authentication?
To determine if the supplicant is the true party or an impostor.
Why are other forms of authentication being created?
To end the use of reusable passwords
Why is it important to read firewall logs daily
To find out the types of attacks and volume of attacks you are facing
Some companies are now installing OM4 even when OM3 can do the job. Why do you think they do that?
To future-proof the network by making it easier to increase speed in the future.
What is the purpose of the A record for DNS records?
To give the IPv4 address associated with a domain name.
What is the purpose of the AAAA record for DNS records?
To give the IPv6 address associated with the domain name.
Why might a company decided to use 80 MHz channels in 802.11ac instead of 160 MHz channels?
To have about twice as many channels, thus reducing interference among access points.
What is the purpose of the Acknowledgment Number Field?
To indicate which segments is being acknowledged.
What is the purpose of a denial-of-service attack?
To make the resource unavailable to legitimate users
Of the Flow Label Field?
To mark a packet as part of a series of packets that are to be processed in the same way for QoS.
To what device will the first host send a frame?
To the first router.
Which protects more of the original IP packet, transport mode or tunnel mode? Explain how much more protection tunnel mode provides.
Tunnel mode protects the entire original packet. Transport mode protects only part of the original packet header.
What is tunneling?
Tunneling is a general term for transmitting a layer's message in the data field of another message. In IP sec tunnel mode, the original packet is tunneled inside a new packet. This protects the entire original packet. (Tunneling does NOT mean that protected packets travel inside a virtual tunnel through the Internet as some sources state.)
For each bit you add to an alternatives field, how many additional alternatives can you represent?
Twice as many.
What does it mean that Bluetooth uses one-to-one operation?
Two Bluetooth devices talk to each other in a dedicated connection.
What is beamforming?
Using phase differences on multiple antennas to focus the signal power and sensitivity toward a particular device.
Why does the Wi-Fi Alliance release compatibility testing profiles in waves instead of combining the entire standard's features initially?
When a standard first appears, some parts may be too expensive to introduce initially. The first profile wave will not include those parts. The second profile wave will introduce more, etc. Even at the end, not all parts of a standard will be implemented. Some will remain too expensive, or manufacturers may move up to the first profile wave of the next standard. Some are just not considered desirable to implement by manufacturers, so the Wi-Fi Alliance never includes them in any profile wave.
Distinguish between the originating host, the DNS server, and the target host.
When an originating host wishes to send packets to another host (the target host), it needs to know the target host's IP address. If it knows the target host's host name, it can get the target host's IP address from a DNS server. Afterward, the originating host may send packets freely to the target host's IP address
When does it make sense to use RTS/CTS?
When not all the wireless clients can hear one another. CSMA/CA may cause two wireless clients to transmit simultaneously and cause a collision. For example, there may be metal equipment between two of the clients. They can both reach the access point, but they cannot hear each other.
What is the benefit of channel reuse?
With a limited number of channels, channel reuse allows more customers to use each channel (one in each cell). This means that the cellular system can support many more customers.
When is the PAD Field added in an Ethernet II Frame?
When the frame would be too short without it.
Under what circumstances would you use a dish antenna?
When the other device is far away and you know its direction relative to you
Under what circumstances would you use an omnidirectional antenna?
When the other device is near and if you do not know its direction from you
Why do hosts need two addresses?
Why do hosts need two addresses?
How does IPv6 solve this problem?
With 128-bit addresses, IPv6 has an enormous number of possible addresses
Why do you have more flexibility with LAN service than with WAN service?
With a LAN, you can build anything you want and manage it as you like. With WAN carrier services, you can only use what available carriers offer and have no say over how it is managed beyond your contract.
______switches connect users to the network
Workgroup
If you log into a server at your bank to test their security, is this hacking? Justify using the definition
YES, you are not authorized by the firm to do so, and it is obviously intentional.
If you think someone in your office is sending slanderous e-mail about you, is it hacking if you break into that person's e-mail account to see if this is true? Justify using the definition
YES. Still not authorized, and intentional. (You should notify the e-mail sender, their employer, or their e-mail system manager.)
Can a Bluetooth device be both a master and a slave simultaneously?
Yes
Can a Bluetooth master have multiple slaves?
Yes
Can a Bluetooth slave have two masters?
Yes
Can a single TCP segment both send information and provide an acknowledgment?
Yes
s it still important not to use the same password at multiple sites?
Yes
Are AV programs used to detect more than viruses? Explain
Yes, they go beyond viruses to check for many types of malware. The name "antivirus program" was coined when viruses were nearly the only type of malware. It endures, but it is a little misleading
For its own network, can an organization choose its interior dynamic routing protocol?
Yes.
In 802.3 Ethernet networks, can simple installation rules usually reduce propagation effects to nonissues?
Yes.
Is 4,307 an integer?
Yes.
Is HTTP a connectionless protocol?
Yes.
Is the Internet a WAN?
Yes.
When you use a laptop to connect to the Internet, is it a host? Explain in terms of the definition of host.
Yes. It is a device, and it is connected to the Internet.
When you use the Internet, are you a host? Explain in terms of the definition.
Yes. It is a device, and it is connected to the Internet.
Does the Payload Length Field include the lengths of any extension headers in the packet?
Yes. It is everything beyond the main header, so it includes extension headers and the data field.
Is this still true if a master communicates with four slaves simultaneously?
Yes. It sets up four one-to-one connections to them.
You are considering a laptop computer that uses 802.11ay. (802.11ay is discussed in the next subsection.) Will your existing 802.11ac access point be able to communicate with the new device?
Yes. Thanks to backward compatibility, the 802.11ay device can still speak 802.11ax.
If a router causes problems, how can you diagnose this with Ping?
You can ping all hosts, then look at a map of which fail to respond. You may see that they are all behind a router. That router may be down
Why is large channel bandwidth desirable?
You can send signals faster
What is the main benefit of MIMO?
You can transmit information faster by sending two or more frames simultaneously.
How can you tell if your client computer has succumbed to an evil twin attack?
You can't. The takeover is transparent to both the victim client and the legitimate access point
What is the downside of using unlicensed service bands?
You cannot prevent interference from other organizations (or residences)
If you triple channel bandwidth in a service band, what happens to the number of channels in a service band?
You get only about one third of the channels. (Sometimes less because there are pieces in the 5GHz spectrum that are reserved. If this occurs in the middle of what should be a channel, the channel will not be used.)
You connect two switches in a large Ethernet switch with 113 switches. You are using 4-pair UTP. Immediately after you make the connection, the network stops transmitting traffic. What do you think might have happened?
You may have created an accidental loop. That would have this effect. If the switches chose RSTP, the network would only have stopped momentarily, but you would have changed the switches' positions in the hierarchy.
In radio, how can you send multiple signals without the signals interfering with one another?
You send them in different channels. We will see later in MIMO that two signals can be sent in the same channel under certain circumstances.
When should you measure error rates? Why?
You should measure error rates when traffic is high because this is when errors are highest.
How do you authenticate yourself with an access card?
You swipe it.
You discover that you can get into other e-mail accounts after you have logged in under your account. You spend just a few minutes looking at another user's mail. Is that hacking? Explain in terms of the definition
You used the resource in excess of your authorization. By looking around, even briefly, you added intentionality. It is hacking
Why do you think authentication is sometimes required before accepting a connection for SPI firewalls?
You want to be sure who is requesting a connection. You want to limit access to permitted individuals, not everybody
What other ad hoc networking protocol is widely used?
Z-Wave
Compare the roles of Zigbee controllers, Zigbee end devices, and Zigbee routers. In what radio bands does Zigbee operate?
Zigbee end devices are useful devices such as lights and light switches. Zigbee controllers control the ad hoc network and connect it to the Internet. Zigbee routers direct Zigbee frames among the end devices. (In the usual terminology, they would be called switches because they forward frames.) Zigbee operates in both the 800/900 MHz band and the 2.4 GHz band.
How does NAT allow a firm to deal with a shortage of IP addresses given to it by its ISP?
ach IP address can give up to 4,000 IP address-port number combinations. Most hosts will only use a few port numbers at any time, so hundreds or thousands of hosts can share a single IP address, using different port numbers.
Convert the following EUI-48 address to a modified EUI-64 address: AA-00-00-FF-FF-00.
ae00:00ff:feff:fff0
What is authentication?
n authentication, a supplicant attempts to prove its identity to a verifier by sending credentials. The verifier's mission is to determine if the supplicant is who he, she, or it claims to be (usually a particular True Party.) If the verifier does not, the verifier is treated as an in impostor.
Is there always a data field in a message?
no
What is the purpose of a DNS lookup?
o determine the IP address of a host with a particular host name