Issuu on Google+

Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

ch02 True/False Indicate whether the statement is true or false. ____

1. One way attackers can gain access to your network is by determining the IP addresses of computers.

____

2. A firewall or packet filter must be able to determine, based on a packet’s message type, whether an ICMP packet should be allowed to pass.

____

3. A UDP packet depends on an actual connection being established from host to client.

____

4. IPv4 has a native encryption method called IPSec.

____

5. IPv6 uses three types of addresses: unicast, multicast, and anycast.

Multiple Choice Identify the choice that best completes the statement or answers the question. ____

____

____

____

____

____

____

____

____

6. The ____ model of network communications divides communications into seven separate layers. a. IPX c. OSI b. TCP/IP d. X.25 7. IP addresses currently in use on the Internet conform to ____. a. IPv2 c. IPv6 b. IPv4 d. IPv6.1 8. To hide the addresses of computers on your network, you can use ____. a. dotted decimal values c. subnet masks b. IPv6 d. NAT 9. An IP Class ____ address uses 8 bits for the network portion of the address and 24 bits for the host portion. a. A c. C b. B d. D 10. ____ allows VLSM and supernetting to work. a. IPv6 c. Subnetting b. Classless routing d. Subnet masks 11. In a(n) ____ transmission, one packet is sent from a server to each client that requests a file or application, such as a streaming video presentation. a. unicast c. overcast b. multicast d. broadcast 12. A(n) ____ transmission means the server can treat all clients as a group and send one transmission that reaches all clients. a. unicast c. overcast b. broadcast d. multicast 13. A(n) ____ transmission sends a communication to all points on a specific network. a. overcast c. broadcast b. unicast d. multicast 14. Some IP packets have another segmented section at the end called a ____ (or “trailer”) containing data that indicates it’s the end of the packet. a. footer c. rear b. CRC d. signature


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

____ 15. The data in an IP packet is the part that end users see, but the ____ is the part that computers use to communicate. a. trailer c. header b. CRC d. footer ____ 16. ____ is designed to assist TCP/IP networks with troubleshooting communication problems. a. FTP c. CIDR b. UDP d. ICMP ____ 17. ____ provides a datagram transport service for IP, but this protocol is considered unreliable because it is connectionless. a. ICMP c. VLSM b. UDP d. CIDR ____ 18. After a connection is established, TCP ____ control the flow and efficiency of communications. a. supernetting c. sliding windows b. VLSM d. subnetting ____ 19. ____ servers translate host names to IP addresses used to identify the host computer. a. ICMP c. SMTP b. DNS d. TCP ____ 20. ____ is the process of concealing information to render it unreadable to all but the intended recipients. a. Filtering c. Zone transfer b. Fragmentation d. Encryption ____ 21. ____, which has an address space of 128 bits, is under development to allow an almost endless supply of IP addresses. a. IPv6 c. IPX b. ICMP d. IPSec ____ 22. ____ is basically an improved version of DHCP, referred to as “stateful� because the DHCP client and server must keep their information updated to prevent addressing conflicts. a. Stateless autoconfiguration c. State-based autoconfiguration b. Stateful autoconfiguration d. DHCP autoconfiguration ____ 23. ____ allows the computer attempting to connect to determine its own IP address based on its Media Access Control (MAC) address. a. Stateless autoconfiguration c. State-aware autoconfiguration b. Stateful autoconfiguration d. DHCP autoconfiguration ____ 24. ____ enables IPv6 routers to discover multicast listeners on a directly connected link and decide which multicast addresses are of interest to those nodes. a. ICMPv6 c. ND b. IGMPv3 d. MLD ____ 25. An IPv6 ____ address is used for one-to-one communication, such as between a single host and a single receiver. a. broadcast c. unicast b. overcast d. multicast ____ 26. In IPv6, ____ addresses are not assigned a specific range; instead, they are created automatically when a unicast address is assigned to more than one interface. a. anycast c. multicast b. broadcast d. overcast Completion Complete each statement.


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

27. __________________________________________________ is actually a suite of many protocols for transmitting information from point to point on a network. 28. A(n) ____________________ tells another computer which part of the IP address is the network address and which part is the host address. 29. ___________________________________ involves applying masks of varying sizes to the same network. 30. ___________________________________ is an address notation scheme that specifies the number of masked bits in an IP address/subnet mask combination. 31. TCP/IP is transmitted along networks as discrete chunks called packets or ____________________. Matching Match each item with a statement below: a. IPv4 b. Network address c. Host address d. Subnet mask e. Supernetting

f. g. h. i.

Classless routing Multicasts TTL Wireshark

____ 32. can be used to reduce network traffic when transmitting bandwidth-intensive applications or files to multiple hosts ____ 33. the part of an IP address shared among computers in a network ____ 34. eight-bit value that identifies the maximum time the IP packet can remain in the system before it’s dropped ____ 35. identifies what portion of the IP address contains the network ID and what portion contains the host ID ____ 36. unique to a computer in its subnet ____ 37. used to summarize multiple routing table entries into one entry ____ 38. open-source network analysis utility that tracks packets and supplies detailed information on them ____ 39. calls for addresses with 32 bits of data ____ 40. used to exchange subnet mask information between routers in routing updates Short Answer 41. What are some purposes of subnet masking? 42. Briefly explain variable length subnet masking. 43. Describe the two types of broadcasts in network communications. 44. What are the six control flags in a TCP header? 45. What are Requests for Comments (RFCs)? 46. Briefly describe the main characteristics of User Datagram Protocol (UDP). 47. What are some of the security problems created by fragmentation of IP packets? 48. How can DNS be exploited? 49. What are the five different types of ICMP messages defined by the Neighbor Discovery (ND) protocol?


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

50. Describe the Ipv6.exe tool.

ch02 Answer Section TRUE/FALSE 1. 2. 3. 4. 5.

ANS: ANS: ANS: ANS: ANS:

T T F F T

PTS: PTS: PTS: PTS: PTS:

1 1 1 1 1

REF: REF: REF: REF: REF:

39 49 51 61 70

PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS:

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF:

38 39 39 40 45 45 45 46 46 46 49 51 58 59 59 61 61 61 67 70 71

MULTIPLE CHOICE 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26.

ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS:

C B D A B A D C A C D B C B D A B A D C A

COMPLETION 27. ANS: Transmission Control Protocol/Internet Protocol (TCP/IP) Transmission Control Protocol/Internet Protocol TCP/IP PTS: 1 28. ANS: subnet mask

REF: 38


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

PTS: 1 REF: 39 29. ANS: Variable length subnet masking (VLSM) Variable length subnet masking VLSM PTS: 1 REF: 44 30. ANS: Classless Interdomain Routing (CIDR) Classless Interdomain Routing CIDR PTS: 1 31. ANS: datagrams PTS: 1

REF: 45 REF: 46

MATCHING 32. 33. 34. 35. 36. 37. 38. 39. 40.

ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS:

G B H D C E I A F

PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS:

1 1 1 1 1 1 1 1 1

REF: REF: REF: REF: REF: REF: REF: REF: REF:

45 39 48 41 39 45 48 39 45

SHORT ANSWER 41. ANS: Subnet masking is used to logically segment internal networks. It can also be used for the following purposes: * Mirror the organization’s physical layout. * Mirror the organization’s administrative structure. * Plan for future growth. * Reduce and control network traffic. PTS: 1 REF: 41 42. ANS: Networks that don’t have a large number of available IP addresses can use variable length subnet masking (VLSM), which involves applying masks of varying sizes to the same network.VLSM can help an organization with a limited number of IP addresses and subnets of varying lengths use address space more efficiently.VLSM is a means of allocating IP addressing according to the network’s needs. This allocation method creates subnets within subnets and multiple divisions of an IP network.VLSM is often used to secure stub networks or serial lines, making those subnets only as large as needed. PTS: 1

REF: 44


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

43. ANS: There are two types of broadcasts: Flooded * Broadcasts for any subnet * Routers don’t forward because they are considered local * Uses the address 255.255.255.255 Directed * For a specific subnet * Routers forward directed broadcasts * Uses the broadcast address for the intended subnet PTS: 1 REF: 46 44. ANS: RFC 793 includes specifications for these six control flags in a TCP header: * URG (urgent) * ACK (acknowledgment) * PSH (push function, which forces TCP to forward and deliver data) * RST (reset the connection) * SYN (synchronize sequence numbers) * FIN (no more data from sender) PTS: 1 REF: 50 45. ANS: Technology standards are explained in Requests for Comments (RFCs), which you can look up www.rfceditor.org. Often an RFC is updated to add new information, so you should make a habit of checking to see what the current standards are and what has been added. For example, RFC 3168 defines the addition of Explicit Congestion Notification (ECN) to TCP and IP and adds two flags to the TCP header: ECN-Echo and CWR. Bits 8 and 9 of the reserved field in the TCP header are used for these two new flags. You can learn more about this update at www.faqs.org/rfcs/rfc3168.html. PTS: 1 REF: 50 46. ANS: User Datagram Protocol (UDP) provides a datagram transport service for IP, but this protocol is considered unreliable because it’s connectionless. In other words, a UDP packet doesn’t depend on an actual connection being established from host to client. UDP is much faster than TCP and is appropriate when delivery doesn’t need to be guaranteed. TCP establishes a connection and checks on delivery with acknowledgements, but UDP simply ships the packets and relies on other protocols to ensure delivery, perform error checking, and so on. It’s especially useful for real-time applications,multimedia, or anything that requires speed over reliability. PTS: 1 REF: 51 47. ANS: Fragmentation creates a number of security problems, however. Because the TCP or UDP port number is supplied only at the beginning of a packet, it appears only in fragment number 0. Fragments numbered 1 or higher pass through the filter without being scrutinized because they don’t contain any port information. An attacker simply has to modify the IP header to make all fragment numbers start at 1 or higher. All fragments then go through the filter and can access internal resources. PTS: 1 48. ANS:

REF: 56


Full file at http://testbank360.eu/test-bank-guide-to-tactical-perimeter-defense-1st-edition-randy-weave

DNS can be exploited in many ways. Attackers often attempt buffer overflow, zone transfer, or cache poisoning attacks. In a DNS buffer overflow attack, an overly long DNS name is sent to the server.When the server is unable to process or interpret the DNS name, it can’t process other requests. A DNS cache poisoning attack exploits the fact that every DNS packet contains a “Question” section and an “Answer” section. An older, more vulnerable server has stored answers sent in response to requests to connect to DNS addresses. Attackers can break into the cache to discover the DNS addresses of computers on the network. Most (but not all) DNS servers, however, have been patched to eliminate this vulnerability. PTS: 1 REF: 59 49. ANS: ND defines five different types of ICMP messages: * Router Solicitation messages are sent by hosts when an interface is enabled. A Router Solicitation message requests that routers send a Router Advertisement message immediately rather than at the next scheduled time. * Router Advertisement messages inform hosts about router presence and additional parameters about the link or services, such as address configuration or suggested hop limits. A Router Advertisement message is sent at defined intervals or in response to a Router Solicitation message. * Neighbor Solicitation messages are sent by a node to determine the linklayer address of a neighbor or to verify that a neighbor is still reachable. Neighbor Solicitation messages are also used for duplicate address detection. * Neighbor Advertisements are sent in response to a Neighbor Solicitation message or to update neighbors of a link-layer address change. * Redirect messages are sent by routers to tell hosts about better first-hop addresses to reach a destination. PTS: 1 REF: 68 50. ANS: The Ipv6.exe tool is for all Microsoft IPv6 configurations and is used to view the state of interfaces, neighbor caches, the binding cache, the destination cache (called the route cache in Microsoft), and the route table. It’s also used to manually configure interfaces, addresses, and route tables. This is the general syntax for the Ipv6.exe command: ipv6 if if# This command displays information about interfaces. (For example, if# indicates the interface number.) If an interface number is specified, only information about that interface is shown.The output of this command displays the link-layer address, the list of IPv6 addresses assigned to that interface, and the current and supported MTUs. A number of subcommands can be used for a wide range of tasks. PTS: 1

REF: 72


Test bank guide to tactical perimeter defense 1st edition randy weaver