1. Home
  2. Flashcards
  3. Preview

CyberSecurity2_Module 9 & 10-My questions

  1. What is the role of the transport layer?
    • • identifying the proper application for each communication stream
    • • tracking the individual communication between applications on the source and destination hosts
    • • Segmenting data at the source and reassembling that data at the destination
  2. What two protocols does the transport layer include?
    • • Transmission Control Protocol (TCP)
    • • User Datagram Protocol (UDP)
  3. What information is not known to the transport layer?
    • The transport layer has no knowledge of the destination host type, the type of media over which the data must travel, the path taken by the data, the congestion on a link, or the size of the network.
  4. What is the transport layer's responsibilities?
    • • Tracking Individual Conversations
    • ○ tracking the individual communication between applications on the source and destination hosts
    • • Segmenting Data and Reassembling Segments
    • ○ Segmenting data at the source and reassembling that data at the destination
    • • Add Header Information
    • • Identifying the Applications
    • ○ identifying the proper application for each communication stream
    • • Conversation Multiplexing
  5. What is not important to IP/ Data link layer?
    • • IP is concerned only with the structure, addressing, and routing of packets.
    • • IP does not specify how the delivery or transportation of the packets takes place.
    • • IP is concerned only with the structure, addressing, and routing of packets, from original sender to final destination.
    • • IP is not responsible for guaranteeing delivery or determining whether a connection between the sender and receiver needs to be established.
  6. What oppressions does TCP use to provide reliability and flow control?
    • • Number and track data segments transmitted to a specific host from a specific application
    • • Acknowledge received data
    • • Retransmit any unacknowledged data after a certain amount of time
    • • Sequence data that might arrive in wrong order
    • • Send data at an efficient rate that is acceptable by the receiver
  7. What is TCP is known as a connection-oriented protocol?
    Because in order to maintain the state of a conversation and track the information, TCP must first establish a connection between the sender and the receiver.
  8. How many bytes/bits of overhead are added when an TCP segment encapsulates the application layer data?
    20 bytes/ 160 bits
  9. How many bytes/bits of overhead are added at the transport layer?
    20 bytes/160 bits
  10. List the fields are in a TCP header and what are their bits or bytes?
    • • Source Port
    • • Destination Port
    • • Sequence Number
    • • Acknowledgment Number
    • • Header Length
    • • Reserved
    • • Control bits
    • • Window size
    • • Checksum
    • • Urgent
  11. What fields are in a TCP header and what does each of them do?
    • Source Port - A 16-bit field used to identify the source application by port number.

    • Destination Port- A 16-bit field used to identify the destination application by port number.

    • Reserved- A 6-bit field that is reserved for future use.

    • Acknowledgment Number- A 32-bit field used to indicate that data has been received and the next byte expected from the source.

    • Sequence Number-A 32-bit field used for data reassembly purposes.

    • Header Length- A 4-bit field known as ʺdata offsetʺ that indicates the length of the TCP segment header.

    • Control bits- A 6-bit field that includes bit codes, or flags, which indicate the purpose and function of the TCP segment.

    • Window size-A 16-bit field used to indicate the number of bytes that can be accepted at one time.

    • Checksum- A 16-bit field used for error checking of the segment header and data.

    • Urgent- A 16-bit field used to indicate if the contained data is urgent.
  12. What applications use TCP?
    • • FTP
    • • HTTP
    • • SMTP
    • • SSH
  13. What is not provided by UDP?
    Dose not provide reliability and flow control, which means it requires fewer header fields.
  14. Which is faster UDP datagrams or TCP segments and why?
    UDP datagrams is faster than TCP segments b/c it requires less overhead and data checking than TCP and UDP does not have to manage reliability and flow control and UDP does not track information sent or received between the client and server like TCP does.
  15. IS UDP a connection-oriented protocol or an connectionless protocol? What about TCP?
    UDP is an connectionless protocol, and TCP is an connection-oriented protocol
  16. Why is UDP is also known as a best-effort delivery protocol?
    because there is no acknowledgment that the data is received at the destination.
  17. Reliability is required for a session between computer A and Computer B. Since UDP is not responsible for reliability how will reliability be provided in the session?
    Reliability must be handled by the application
  18. What features are include with UDP?
    • • Data is reconstructed in the order that it is received.
    • • Any segments that are lost are not resent.
    • • There is no session establishment.
    • • The sending is not informed about resource availability.
  19. List the fields that are in the UDP header and what is the size of the field?
    • • Source Port its an 16 bit field
    • • Destination Port its an 16 bit field
    • • Length its an 16 bit field
    • • Checksum its an 16 bit field
  20. What are the fields that are in the UDP header and what do they each do?
    • Source Port - A 16-bit field used to identify the source application by port number.

    • Destination Port- A 16-bit field used to identify the destination application by port number.

    • Length- A 16-bit field that indicates the length of the UDP datagram header.

    • Checksum- A 16-bit field used
  21. What applications use UDP?
    • • DHCP
    • • DNS
    • • SNMP
    • • TFTP
    • • VolP
    • • Video Conferencing
  22. What is the difference between UDP and TCP?
  23. List some common well-known port numbers and their associated applications.
    • Port Number Protocol Application
    • 20 TCP File Transfer Protocol (FTP) – Data
    • 21 TCP File Transfer Protocol (FTP) – Control
    • 22 TCP Secure Shell (SSH)
    • 23 TCP Telnet
    • 25 TCP Simple Mail Transfer Protocol (SMTP)
    • 53 UDP, TCP Domain Name Service (DNS)
    • 67 UDP Dynamic Host Configuration Protocol (DHCP) – Server
    • 68 UDP Dynamic Host Configuration Protocol – Client
    • 69 UDP Trivial File Transfer Protocol (TFTP)
    • 80 TCP Hypertext Transfer Protocol (HTTP)
    • 110 TCP Post Office Protocol version 3 (POP3)
    • 143 TCP Internet Message Access Protocol (IMAP)
    • 161 UDP Simple Network Management Protocol (SNMP)
    • 443 TCP Hypertext Transfer Protocol Secure (HTTPS)
  24. What is a socket?
    • • The combination of the source IP address and source port number, or the destination IP address and destination port number
    • • Example: 192.168.1.5:1099 or 192.168.1.7:80
  25. What do you call it when you combine two sockets?
    An sockets pair
  26. TCP Server Processes
    • What is a 3-way handshake?
    • • It establishes an connection between two hosts.
    • • the three-way handshake validates that the destination host is available to communicate.
  27. What are the steps in a 3-way handshake? Descibe them.
    • Step 1. SYN - The initiating client requests a client-to-server communication session with the server.

    • Step 2. ACK and SYN - The server acknowledges the client-to-server communication session and requests a server-to-client communication session.

    • Step 3. ACK - The initiating client acknowledges the server-to-client communication session.
  28. To close a connection, what must be set in the segment header?
    The Finish (FIN) control flag must be set
  29. What are the steps to termination an session? Descibe them.
    • Step 1. FIN -When the client has no more data to send in the stream, it sends a segment with the FIN flag set.

    • Step 2. ACK -The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to server.

    • Step 3. FIN -The server sends a FIN to the client to terminate the server-to-client session.

    • Step 4. ACK -The client responds with an ACK to acknowledge the FIN from the server.
  30. What are the functions of the three-way handshake?
    • • It establishes that the destination device is present on the network.
    • • It verifies that the destination device has an active service and is accepting requests on the destination port number that the initiating client intends to use.
    • • It informs the destination device that the source client intends to establish a communication session on that port number.
  31. List and descibe the six control bits flags.
    • • URG - Urgent pointer field significant
    • • ACK - Acknowledgment flag used in connection establishment and session termination
    • • PSH - Push function
    • • RST - Reset the connection when an error or timeout occurs
    • • SYN - Synchronize sequence numbers used in connection establishment
    • • FIN - No more data from sender and used in session termination
  32. What is expectational acknowledgement?
    is the number of the next expected byte
  33. What dose the window size determine?
    the number of bytes that can be sent before expecting an acknowledgment.
  34. What is the window size?
    is the number of bytes that the destination device of a TCP session can accept and process at one time.
  35. When do hosts agree on what window size to use?
    The initial window size is agreed upon when the TCP session is established during the three-way handshake.
  36. What is the sliding windows protocol?
  37. What does acronym MSS stand for?
    Maximum Segment Size
  38. What is the Maximum Segment Size (MSS)?
    The MSS is part of the options field in the TCP header that specifies the largest amount of data, in bytes, that a device can receive in a single TCP segment.
  39. Is the Maximum Segment Size (MSS) included in the TCP header?
    No
  40. How does a host determine the value of its Maximum Segment Size (MSS) field?
    • • by subtracting the IP and TCP headers from the Ethernet maximum transmission unit (MTU).
    • • MSS =MTU - IP -TCP
  41. What TCP field help with flow control?
    Window size
  42. How does flow control helps maintain the reliability of TCP transmission?
    by adjusting the rate of data flow between source and destination for a given session.
  43. How does TCP flow control help with network congestion?
  44. TCP Reliability - Guaranteed and Ordered Delivery
    • TCP Reliability – Sequence Numbers and Acknowledgements
    • TCP Reliability - Data Loss and Retransmission
    • TCP Flow Control - Window Size and Acknowledgments:
  45. What does DHCP stand for? What about DHCPv4 and DHCPv6?
    • • Dynamic Host Configuration Protocol
    • • Dynamic Host Configuration Protocol for IPv4.
    • • Dynamic Host Configuration Protocol for IPv6
  46. What does the DHCPv4 automate?
    It automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters.
  47. What type of devices are DHCP used for?
    general purpose hosts, such as end user devices.
  48. What is an address pool?
    Is a range of available addresses that the DHCP server can chooses from.
  49. What is a lease period?
    It’s the amount of time that an IP address is assigned/leased to a host.
  50. What happens when the lease period expires?
    When the lease period expires or the DHCP server gets a DHCPRELEASE message the address is returned to the DHCP pool for reuse.
  51. Where is the DHCP server usually located at in a medium-to-large network?
    Its usually located on a local, dedicated PC-based server.
  52. Where is the DHCP server usually located at in a home network?
    the DHCP server is usually located on the local router that connects the home network to the ISP.
  53. What type of devices is static addressing used for?
    Static addressing is used for network devices, such as gateway routers, switches, servers, and printers.
  54. What does DHCPv6 not provide compared to its counterpart DHCPv4?
    • • DHCPv6 does not proved gateway address.
    • • This can only be obtained dynamically from the Router Advertisement message of the router.
  55. What are the steps for a computer to get an IP address from the DHCP server?
    • Step 1: the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network.

    • Step 2: A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client.

    • Step 3: the host sends a DHCP request (DHCPREQUEST) message back to the server that identifies the explicit server and lease offer that the client is accepting.

    • Step 4: the DHPC server returns a DHCP acknowledgment (DHCPACK) message the host that acknowledges to the client that the lease has been finalized
  56. What is contained within an DHCP offer (DHCPOFFER) message?
    • The offer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway, and the duration time of the lease.
  57. Why would a host receive multiple DHCPOFFER messages?
    The client may receive multiple DHCPOFFER messages if there is more than one DHCP server on the local network.
  58. What are the DHCPv4 messages and the DHCPv6 messages?
    • DHCPv4: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK, DHCPNAK.

    • DHCPv6: SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.

    • NOTE: that DHCPACK stans for DHCP acknowledged, and DHCPNAC stand for DHCP Not acknowledged
  59. The DHCPv4 is encapsulated within an ____ at the ____.
    within the UDP transport protocol.
  60. What is the DHCPv4 message field Operation (OP) Code? What does 1 and 2 indicate in the message?
    Specifies the general type of message. A value of 1 indicates a request message; a value of 2 is a reply message.
  61. What is the DHCPv4 message field Hardware Address Length?
    Identifies the type of hardware used in the network. For example, 1 is Ethernet, 15 is Frame Relay, and 20 is a serial line. These are the same codes used in ARP messages.
  62. What is the DHCPv4 message field Hops?
    Controls the forwarding of messages. Set to 0 by a client before transmitting a request.
  63. What is the DHCPv4 message field Transaction Identifier?
    Used by the client to match the request with replies received from DHCPv4 servers.
  64. What is the DHCPv4 message field Seconds?
    Identifies the number of seconds elapsed since a client began attempting to acquire or renew a lease. Used by DHCPv4 servers to prioritize replies when multiple client requests are outstanding.
  65. What is the DHCPv4 message field Flags?
    Used by a client that does not know its IPv4 address when it sends a request. Only one of the 16 bits is used, which is the broadcast flag. A value of 1 in this field tells the DHCPv4 server or relay agent receiving the request that the reply should be sent as a broadcast.
  66. What is the DHCPv4 message field Client IP Address?
    Used by a client during lease renewal when the address of the client is valid and usable, not during the process of acquiring an address. The client puts its own IPv4 address in this field if and only if it has a valid IPv4 address while in the bound state; otherwise, it sets the field to 0.
  67. What is the DHCPv4 message field Your IP Address?
    Used by the server to assign an IPv4 address to the client.
  68. What is the DHCPv4 message field Server IP Address ?
    Used by the server to identify the address of the server that the client should use for the next step in the bootstrap process, which may or may not be the server sending this reply. The sending server always includes its own IPv4 address in a special field called the Server Identifier DHCPv4 option.
  69. What is the DHCPv4 message field Gateway IP Address ?
    Routes DHCPv4 messages when DHCPv4 relay agents are involved. The gateway address facilitates communications of DHCPv4 requests and replies between the client and a server that are on different subnets or networks.
  70. What is the DHCPv4 message field Client Hardware Address?
    Specifies the physical layer of the client.
  71. What is the DHCPv4 message field Server Name?
    Used by the server sending a DHCPOFFER or DHCPACK message. The server may optionally put its name in this field. This can be a simple text nickname or a DNS domain name, such as dhcpserver.netacad.net.
  72. What is the DHCPv4 message field Boot Filename?
    Optionally used by a client to request a particular type of boot file in a DHCPDISCOVER message. Used by a server in a DHCPOFFER to fully specify a boot file directory and filename.
  73. What is the DHCPv4 message field DHCP Options?
    Holds DHCP options, including several parameters required for basic DHCP operation. This field is variable in length. Both client and server may use this field.
  74. What does DNS stand for?
    Domain Name System
  75. What is a Resolver in the terms of a DNS?
    A DNS client that sends DNS messages to obtain information about the requested domain name space.
  76. What is a Recursion in the terms of a DNS?
    The action taken when a DNS server is asked to query on behalf of a DNS resolver.
  77. What is a Authoritative Server in the terms of a DNS?
    A DNS server that responds to query messages with information stored in Resource Records (RRs) for a domain name space stored on the server.
  78. What is a Recursive Resolver in the terms of a DNS?
    A DNS server that recursively queries for the information asked in the DNS query.
  79. What is a FQDN in the terms of a DNS?
    A Fully Qualified Domain Name is the absolute name of a device within the distributed DNS database.
  80. What is a RR in the terms of a DNS?
    A Resource Record is a format used in DNS messages that is composed of the following fields: NAME, TYPE, CLASS, TTL, RDLENGTH, and RDATA.
  81. What is a Zone in the terms of a DNS?
    A database that contains information about the domain name space stored on an authoritative server.
  82. What are steps in the DNS resolution process?
    • Step 1: The user types an FQDN into a browser application Address field.
    • Step 2: A DNS query is sent to the designated DNS server for the client computer.
    • Step 3: The DNS server matches the FQDN with its IP address.
    • Step 4: The DNS query response is sent back to the client with the IP address for the FQDN.
    • Step 5: The client computer uses the IP address to make requests of the server.
  83. DNS uses what UDP port number for DNS queries and responses.
    53
  84. List some of the Resource Record (RRs) that are stored in an DNS server resolve names.
    • • A - An end device IPv4 address
    • • NS - An authoritative name server
    • • AAAA - An end device IPv6 address (pronounced quad-A)
    • • MX - A mail exchange record
  85. What command displays all of the cached DNS entries?
    ipconfig /displaydns
  86. DNS Uses the Same Message for what?
    • • All types of client queries and server responses
    • • Error messages
    • • The transfer of resource records between servers
  87. In the DNS message what is the section called Question?
    The question for the server. It contains the domain name to be resolved, the class of domain, and the query type.
  88. In the DNS message what is the section called Answer?
    The DNS resource record, or Resource Record RR, for the query including the resolved IP address depending on the RR type.
  89. In the DNS message what is the section called Authority?
    Contains the Resource Record RRs for the domain authority.
  90. In the DNS message what is the section called Additional?
    Relevant to query responses only. Consists of Resource Record RRs that hold additional information that will make query resolution more efficient
  91. What is WHOIS?
    WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system.
  92. What does NAT do?
    NAT provides the translation of private addresses to public addresses, it also conserve public IPv4 addresses.
  93. What is a NAT pool?
  94. Where do NAT routers typically operates at?
    A NAT router typically operates at the border of a stub network.
  95. What is a stub network?
    It is one or more networks with a single connection to its neighboring network, one way in and one way out of the network.
  96. What does PAT stand for?
    Port Address Translation (PAT)
  97. What is Port Address Translation (PAT)? What in another term for PAT?
    PAT maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. PAT is also known as NAT overload
  98. What is FTP?
    allow for data transfers between a client and a server.
  99. Why is two connections between the client and the server needed to successfully transfer data, over FTP?
    one connection for commands and replies, the other for the actual file transfer
  100. What is the more secure version of FTP?
    SSH FTP
  101. What does the acronym TFTP stand for?
    • Trivial File Transfer Protocol (TFTP)
  102. What does TFTP used?
    • TFTP is a simplified file transfer protocol that uses well-known UDP port number 69.
    • is popular for non-critical file transfer applications.
  103. What does the acronym SMB stand for?
    Server Message Block (SMB)
  104. What is Server Message Block (SMB) ?
    • • It is a client/server file sharing protocol that describes the structure of shared network resources such as directories, files, printers, and serial ports.
    • • Or SMB is a client/server, request-response protocol. Servers can make their own resources available to clients on the network.
  105. Email supports what three protocols for operation:
    Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and IMAP.
  106. How is an email sent to from one Email client (C1) to another Email client (C2)?
    • The Email client C1 creates an email and presses send. The email get sent to C1's mail server(A), mail server (A) sends the email to C2's mail server(B). Email client (C2) retrieves email using one of the two application layer protocols: POP or IMAP.
    • HINT: An email client does not communicate directly with another email client when sending email. Instead, both clients rely on the mail server to transport messages.
  107. What is SMTP?
    • What is POP3?
    • POP3 is used by an application to retrieve mail from a mail server.
    • With POP3, mail is downloaded from the server to the client and then deleted on the server,
  108. What is IMAP?
    • IMAP is another protocol that is used by an application to retrieve mail from a mail server.
    • Unlike POP3, when the user connects to an IMAP-capable server, copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. Users view copies of the messages in their email client software.
  109. IMAP vs POP3?
  110. When a client, sends a request to a web server, it will use one of six methods that are specified by the HTTP protocol. List and descibe them.
    • • GET - A client request for data. A client (web browser) sends the GET message to the web server to request HTML pages, as shown in the figure.
    • • POST - Submits data to be processed by a resource.
    • • PUT - Uploads resources or content to the web server such as an image.
    • • DELETE - Deletes the resource specified.
    • • OPTIONS - Returns the HTTP methods that the server supports.
    • • CONNECT - Requests that an HTTP proxy server forwards the HTTP TCP session to the desired destination.
  111. What does HTTP Status Codes do?
    inform the host application of the outcome of client requests to the server.
  112. List the HTTP statues codes groups?
    • • 1xx - Informational
    • • 2xx - Success
    • • 3xx - Redirection
    • • 4xx - Client Error
    • • 5xx - Server Error
  113. What does HTTP statues code 100 stand for and what is its meaning?
    • Continue
    • The client should continue with the request. The Server has verified that the request can be fulfilled.
    • What does HTTP statues code 200 stand for and what is its meaning?
    • OK
    • The request completed successfully.
  114. What does HTTP statues code 202 stand for and what is its meaning?
    • Accepted
    • The request has been accepted for processing, but processing is not completed.
  115. What does HTTP statues code 403 stand for and what is its meaning?
    • Forbidden
    • The request is understood by the server, but the resource will not be fulfilled. This is possibly because the requester is not authorized to view the resource.
  116. What does HTTP statues code 404 stand for and what is its meaning?
    • Not Found
    • The server could not find the requested resource. This can be caused by an out-of-date or incorrect URL.
  117. What port does DHCP use?
    67
Author
dior
ID
357972
Card Set
CyberSecurity2_Module 9 & 10-My questions
Description
These are questions i created for myself form the material to help me study
Updated

  1. Home
  2. Flashcards
  3. Preview