CISSP Review Course Domain 2: Telecommunications and Network Security This presentation includes a compendium of slides, both original and gathered from various public information sources and is not intended for use by any for-profit individuals or organizations September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 1 Domain Objective: Telecommunications and Network Security The objective of this domain is to understand: • data communications in terms of physical and logical networks, including local area, metropolitan area, wide area, remote access, Internet, intranet, extranet, their related technologies of firewalls, bridges, routers, and the TCP/IP and OSI models • communications and network security as it relates to voice, data, multimedia, and facsimile • communications security management techniques that prevent, detect, and correct errors We will cover most, but not all of these areas in this review September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 2 Domain Summary: Telecommunications and Network Security The telecommunications and network security domain is a very significant part of the CBK. The information for this domain typically represents 15% of the CISSP exam content and includes the structures, transmission methods, transport formats, and security measures used to provide and ensure the integrity, availability, authentication, and confidentiality of transmissions over private and public communications networks. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 3 Network and Data Link Structures: OSI Standards Development • ISO – International Standards Organization • ECMA – European Computer Manufacturers Association • CCITT – International Telegraph and Telephone Consultative Committee • IEEE – Institute of Electrical and Electronics Engineers • ANSI – American National Standards Institute • MAP/TOP – Manufacturing Automation Protocol/Technical Office Protocol • NIST – U.S. National Institute for Standards and Technology • NSA – U.S. National Security Agency September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 4 OSI Reference Model Open Systems Interconnection Reference Model Standard model for network communications Allows dissimilar networks to communicate Defines 7 protocol layers (a.k.a. protocol stack) Each layer on one workstation communicates with its respective layer on another workstation using protocols (i.e. agreed-upon communication formats) “Mapping” each protocol to the model is useful for comparing protocols. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 OSI Reference Model Data Flow CLIENT 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Then up the receiving stack 6 Presentation Data travels down the stack 7 Application SERVER 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Through the network As the data passes through each layer on the client information about that layer is added to the data.. This information is stripped off by the corresponding layer on the server. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: OSI v TCP/IP - Implementation September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 8 Network and Data Link Structures: OSI vs.TCP/IP - Mapping OSI • The Open System Interconnection [OSI] is a seven layer structure for the use in every type of network. 7 Application Layer • Defined by the ITU-T (Geneva) and modelled after the IBM System Network Architecture [SNA]. 5 • A very complex model; difficult to implement and hard to use. 3 • Not fully compliant with the TCP/IP protocol, which is more simple • TCP – Transmission Control Protocol 6 Presentation Layer TCP/IP Application Session Layer 4 Transport Layer Network Layer TCP UDP IP 2 Data Link Layer Network 1 Physical Layer • IP- Internet Protocol • UDP – User Datagram Protocol. RAISF & RIT CISSP Prep Domain 2 - 2002 9 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Application Layer (layer 7) - protocols and services are used by applications to communicate information to lower layers - layer where all information originates and applications run - best layer for encryption and access control services FTP (File Transfer Protocol) HTTP (HyperText Transfer Protocol) SMTP (Simple Mail Transfer Protocol) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 11 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Presentation layer (layer 6) - negotiates information exchange with applications and destination, functions include data transfer and structure - information syntax negotiation and transformation - adapts information for different representation when communicating to another system • For example, translates between differing text and data character representations such as EBCDIC and ASCII • Also includes data encryption • Layer 6 standards include JPEG, GIF, MPEG, MIDI September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 13 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Session layer (layer 5) – Establishes, manages and terminates sessions between applications – coordinates service requests and responses that occur when applications communicate between different hosts - most login functions are in this layer (ID and authentication) – Examples include: NFS, RPC, X Window System, AppleTalk Session Protocol, SPX September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 15 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Transport layer (layer 4) - end-to-end transfer, flow control, error recovery, congestion control - provides transparent data transfers between session processes, optimizes network services, uses protocol to regulate data transfer • TCP • UDP – Gateways operate at layer 4 to layer 7 September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 17 Internet Protocols and Security: Internet Protocols - layer 4 • User Datagram Protocol (UDP) - layer 4 transport – connectionless - Same level of service used by IP - It is easier to spoof UDP packets • Transport control protocol (TCP) - layer 4 transport - Provides reliable virtual circuits to user packets Damaged packets are retransmitted Incoming packets are sequenced Congestion Control September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 18 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Which path should traffic take through networks? • How do the packets know where to go? • What are protocols? • What is the difference between routed and routing protocols? September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network Layer • Only two devices which are directly connected by the same “wire” can exchange data directly • Devices not on the same network must communicate via intermediate system • Router is an intermediate system • The network layer determines the best way to transfer data. It manages device addressing and tracks the location of devices. • Routers operate at this layer. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Network layer (layer 3) - provides message routing and relaying independent of transport protocol - can determine routing for performance – Provides routing and relaying • Routing: determining the path between two end systems • Relaying: moving data along that path – Addressing mechanism is required – Flow control may be required – Must handle specific features of subnetwork • Mapping between data link layer and network layer addresses September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 22 Internet Protocols and Security: Internet Protocols - layer 3 • IP packets - Bundles of data with a specific format Foundation for TCP/IP protocol 32-bit length Few hundred bytes longs Uses unreliable datagram service – no guarantees Can be fragmented when packet is too long September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 23 Internet Protocols and Security: Internet Protocols - layer 3 • Address resolution protocol (ARP) - layer 3 mapping - IP packets sent over Ethernet - Maps 32 bit IP address to 48 bit MAC address - • Internet Control Message Protocol (ICMP) - layer 3 - Mechanism used to influence behavior of TCP & UDP Provides best route information to network devices Reports trouble with routing to network devices Terminates problem connections Supports PING program September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 24 Internet Protocols and Security: Internet Protocol Security - layer 3 • Internet Protocol Security (IPSEC) - suite of authentication and encryption protocols for IP – – – – – – Proposed IETF interoperable security standard Standard to be implemented on all network devices Used to authenticate TCP/IP connections Adds confidentiality and integrity to TCP/IP packets Transparent to application and network infrastructure Supports VPN September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 25 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Data link layer (layer 2) - manages communication between adjacent or broadcast networks, independent of network access method - data link connection and flow control link - divides large volumes of data into smaller packets • Media Access Control (MAC) – refers downward to lower layer hardware functions • Logical Link Control (LLC) – refers upward to higher layer software functions September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 27 Network and Data Link Structures: Ethernet Frame Format Preamble (7-Bytes) Start Frame Delimiter (7-Bytes) Dest. MAC Address (6-Bytes) Source. Length/ MAC Type Address (2-Bytes) (6-Bytes) MAC Client Data (0 – n Bytes) <=1500 for standard =>1536 for other types Pad (0 – p Bytes) Frame Check Sequence (4 Bytes) Notes: - The pad field is used to extend small packets to the minimum 64 byte length - Ethernet types can be found at http://www.standards.ieee.org/regauth/ethertype/type-pub.html September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 28 Network and Data Link Structures: Ethernet Frame Type and Access Method IEEE 802.2 SNAP/LLC SubNetwork Attachment Point SNAP Logical Link Control LLC AA AA 03 00 00 00 3 Octet OUI Organizationally Unique Number 08 00 2 Octet TYPE Note: The SNAP/LLC are inserted in the first part of the data field Access Method - CSMA/CD (Carrier Sense, Multiple Access with Collision Detect) With the exception of the full-duplex variations of ethernet, all versions compete for access to the network using this protocol. Essentially, each node monitors the media for an active signal (carrier) and attempts to ‘talk’ only when the line is ‘quiet’, but monitors the line for collisions during the transmission. If a collision is detected, the protocol specifies how long the device must wait before attempting to transmit again. This differs from token protocols (such as token ring), which ‘pass’ a virtual token from node to node to control access to the media. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 29 Network and Data Link Structures: Ethernet Frame Informational Fields IP Header - Protocol Type Identifiers (used in SNAP frame) • • • • ICMP (1) – Internet Control Message Protocol IGMP (2) – Internet Group Management Protocol TCP (6) – Terminal Control Protocol UDP (17) – User Datagram Protocol TCP/UDP Port Identifiers • • • • • • • • FTP (20/21)- File Transfer Protocol, which is used for transferring files across the network. Telnet (23) - An application for remotely logging into a server across the network. SMTP (25) - Simple Mail Transfer Protocol, used for transferring email across the Internet. TFTP (69) - Trivial File Transfer Protocol, which is a low overhead fast transfer FTP protocol. HTTP (80) - HyperText Transport Protocol, which is used for transferring web pages. NNTP (119) - Network News Transfer Protocol, which is used for transferring news SNMP (161/162) -Simple Network Management Protocol, used for managing network devices. SSL (443) – Secure Socket Layer, used to provide security to web site communications September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 30 Network and Data Link Structures: OSI’s Seven Layers of Network Architecture 7 Application Provides specific services for applications such as file transfer 6 Presentation Provides data representation between systems 5 Session Establishes, maintains, manages sessions example - synchronization of data flow 4 Transport Provides end-to-end data transmission integrity 3 Network Switches and routes information units 2 Data Link Provides transfer of units of information to other end of physical link 1 Physical Transmits bit stream on physical medium OSI Model (Mnemonic: All People Seem To Need Data Processing) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Network and Data Link Structures: ISO/OSI Layers & Characteristics • Physical layer (layer 1) - provides physical connection for transmission between data link processes - bitstream transmission over physical media • Specifies the electrical, mechanical, procedural, and functional requirements for activating, maintaining, and deactivating the physical link between end systems • Examples of physical link characteristics include voltage levels, data rates, maximum transmission distances, and physical connectors September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 32 Network Devices and Communications: Glossary - Data Network Devices • Hub/Repeater/Concentrator – provides physical interconnection of multiple nodes to a network; very common for UTP LANs • Bridge – a device that connects segments of the same LAN; operates in network layer 2 • Brouter - a router that can bridge, merging both capabilities into a • • • single box. Routes selected protocols and bridges all other traffic. Router – a device that are similar to bridges but contain network management protocols that enhance network functionality. A router operates in the network layer 3. Gateway - used to connect LANs to other LANs or hosts; can act as a translator between networks using incompatible protocols. A gateway operates in any layer from 4 to 7. Backbone - is the major transmission part of the network that connects all the data network devices but does not connect directly to the user September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 33 Network Devices and Communications: Glossary - Data Transmission Methods • • • • • Leased line networks – dedicated private facilities Dedicated line – a private or leased line Common carriers – a common carrier voice line Digital communications – passes data encoded in on-off pulses Analog communications – a continuous signal varied by modulation • Synchronous communications – high speed, data synchronized by electronic clock signals • Asynchronous communications – transfer data by sending bits sequentially September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 34 System and Security Management: Local Area Network • • • • Primarily a data communications network Devices are within a limited area - 4 to 100 MBS Supports a specific user group and topology Usually not connected through a public switched network • Typical network services - file, mail, print, communications, terminal services • Typical connection of LANs - Campus Area Network (CAN) - Metropolitan Area Network (MAN) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 35 LAN Topologies • Star • Bus • Tree • Ring September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Star Topology • Telephone wiring is one common example – Center of star is the wire closet • Star Topology easily maintainable September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Bus Topology • Basically a cable that attaches many devices • Can be a “daisy chain” configuration • Computer I/O bus is example September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Tree Topology • Can be extension of bus and star topologies • Tree has no closed loops September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Ring Topology • Continuous closed path between devices • A logical ring is usually a physical star • Don’t confuse logical and physical topology MAU September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 System and Security Management: LAN Topologies • Ring - interconnects systems to each other to form a ring – All data packets pass through each workstation on ring – If a workstation fails all communications fails • Star - uses a central hub connecting workstations and servers – Optimal for a large number of devices – Short cable runs for devices; helps with troubleshooting • Bus - uses a single cable through entire network with workstations and servers as drop-off points – Easy to expand number of devices due to one cable run – More susceptible to problems; cable is single point of failure September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 41 LAN Access Methods • Carrier Sense Multiple Access with Collision Detection (CSMA/CD) – Talk when no one else is talking • Token – Talk when you have the token • Slotted – Similar to token, talk in free “slots” September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 LAN Signaling Types • Baseband – Digital signal, serial bit stream • Broadband – Analog signal – Cable TV technology September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 LAN Types • • • • Ethernet Token Ring FDDI Wireless September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Ethernet • • • • • • • Bus topology - distance limitations 10 - 100 - 1000 MBS CSMA/CD Baseband Most common network type IEEE 802.3 Broadcast technology - transmission stops at terminators September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Token Ring • IEEE 802.5 • Flow is unidirectional • Each node regenerates signal (acts as repeater) • Control passed from interface to interface by “token” • Only one node at a time can have token • 4 or 16 Mbps September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Fiber Distributed Data Interface (FDDI) • Dual counter rotating rings – Devices can attach to one or both rings – Single attachment station (SAS), dual (DAS) • Uses token passing • Logically and physically a ring • ANSI governed September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 Wireless Networks • IEEE 802.11b • Rapidly Emerging • Security Vulnerabilities – Eavesdropping, snooping – Theft of Services September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 System and Security Management: LAN Physical Media Characteristics • Twisted pair (UTP) – phone wire, cheapest to install, limited in distance and bandwidth, used within a building. Comes in unshielded (UTP) and shielded (STP)twisted pair versions • Coaxial cable – solid copper wire core with insulation, expensive to install, resistant to interference • Fiber optic – glass fibers surrounded by insulation, higher transmission speed, longest distance for signal strength, most expensive, difficult to tap • Infrared and radio frequency (RF) - uses over-the-air signals, susceptible to interference, becoming widely used since 802.11b • Attenuation – loss of signal strength when cable length exceeds maximum range September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 49 System and Security Management: Local Area Networks • Virtual Local Area Network (VLAN) – Keeps users grouped according to a common task – Uses a high speed backbone and asynchronous transfer – Not physically connected to a server but logically connected • Metropolitan Area Network (MAN) – Connects LANs over a large geographical area (i.e. several blocks away to citywide) – Interconnects two or more LANs – Can be owned by a private or public vendor September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 50 System and Security Management: Local Area Networks • Virtual Private Network (VPN) - Establish a secure network link between two specific network nodes using encryption - VPN agent at remote client and server authenticate - Technique uses secure handshake and key exchange - Establishes a dynamic encrypted link - Works only with IP - Operates at OSI layer 3 (network) September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 51 System and Security Management: Local Area Networks • Wide Area Network (WAN) – Connects LANs over a large geographical area (i.e. across cities to distant continents) – Network can consist of LANs, MANs, and host computers – Supports multiple communication protocols and network services – Dedicated public or virtual circuits used for service • Value-Added Network (VAN) - carriers that lease lines from common carriers and then provide additional services September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 52 Network switching Circuit-switched Transparent path between devices Dedicated circuit Phone call Packet-switched Data is segmented, buffered, & recombined September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 53 Internet Protocols and Security: WAN Data Transmission Protocols • X.25 - defines interface between a computing device and a packet switched network • Frame Relay - standardized packet switching service that improves X.25 with better error recovery • ISDN - Integrated Services Digital Network – Basic Rate Interface (BRI) – Primary Rate Interface (PRI) • High speed Serial - T1, E1, T3, E3, Fractional • ATM - Asynchronous Transfer Mode September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 54 Internet Security: Access Technologies • Today • • • • • Analog or ISDN phone line with Point-to-Point Protocol [PPP] Mobile phones Digital Subscriber Line [DSL] Asynchronous DSL [ADSL] Cable TV • Tomorrow • • • • High-Speed Mobile phones Wireless Local Loop [WLL] Power lines Broadband Satellite RAISF & RIT CISSP Prep Domain 2 - 2002 55 Internet Protocols and Security: Internet Protocol (IP) • IP does not guarantee delivery of data – Connectionless • Allows the protocol to service a request without requesting a verified session and without guaranteeing delivery of data • Addressing – – – – – Current IPv4 addressing is 32 bits Proposed IPv6 is 128 bits More ranges to allocate to eliminate duplicate ranges Complexity of transition increases network control devices New addressing scheme has embedded security September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 IPv4 & IPv6 Header Comparison Version IPv4 Header IHL Type of Service Identification Total Length Flags Time to Live Protocol Fragment Offset Header Checksum Source Address Destination Address Options Padding IPv6 Header Version Traffic Class Payload Length Flow Label Next Header Hop Limit Source Address Destination Address September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 57 IPv4 & IPv6 Functionality Comparison IP Service IPv4 Solution IPv6 Solution Addressing Range 32-bit, Network Address Translation 128-bit, Multiple Scopes Autoconfiguration DHCP Serverless Configuration, Reconfiguration, DHCP Security IPSec IPSec Mandated, works End-to-End Mobility Mobile IP Mobile IP with Direct Routing Quality-of-Service Differentiated Service, Integrated Service Differentiated Service, Integrated Service IP Multicast IGMP/PIM/Multicast BGP MLD/PIM/Multicast BGP, Scope Identifier September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 58 Domain Objectives Re-visited: Telecommunications and Network Security The objective of this domain is to understand: • data communications in terms of physical and logical networks, including local area, metropolitan area, wide area, and the TCP/IP and OSI models Next Week • Remote access, Internet, intranet, extranet, their related technologies of firewalls, Proxy servers, and controls • communications and network security as it relates to voice, data, multimedia, and facsimile • communications security management techniques that prevent, detect, and correct errors September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 59 Domain 2 Practice Questions 1. This protocol matches an Internet Protocol (IP) address to an Ethernet address. a. Address Resolution Protocol (ARP). b. Reverse Address Resolution Protocol (RARP). c. Internet Control Message protocol (ICMP). d. User Datagram Protocol (UDP). 2. Which of the following is a LAN transmission protocol? a. Ethernet b. Ring topology c. Unicast d. Polling September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 60 Domain 2 Practice Questions 3. The basic language of modems and dial-up remote access systems is a. Asynchronous Communication. b. Synchronous Communication. c. Asynchronous Interaction. d. Synchronous Interaction. 4. What is an IP routing table? a. A list of IP addresses and corresponding MAC addresses. b. A list of station and network addresses with corresponding gateway IP address. c. A list of host names and corresponding IP addresses. d. A list of current network interfaces on which IP routing is enabled. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 61 Domain 2 Practice Questions 5. Which of the following IEEE standards defines the token ring media access method? a. 802.3 b. 802.11 c. 802.5 d. 802.2 6. Which device is used to connect two networks at the highest level of the ISO/OSI framework? a. Bridge b. Brouter c. Router d. Gateway September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 62 Domain 2 Practice Questions 7. Which OSI/ISO layer defines how to address the physical devices on the network? a. Session layer b. Presentation layer c. Application layer d. Transport layer 8. Which of the following networking devices allows the interconnection of two or more homogeneous LANs in a simple way? a. Gateways b. Routers c. Bridges d. Firewalls September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 63 Domain 2 Practice Questions 9. Network cabling comes in three flavors, they are: a. twisted pair, coaxial, and fiber optic. b. tagged pair, coaxial, and fiber optic. c. trusted pair, coaxial, and fiber optic. d. twisted pair, control, and fiber optic. 10. How many bits compose an IPv6 address? a. 32 bits b. 64 bits c. 96 bits d. 128 bits September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 64 Domain 2 Practice Questions 11. Which of the following type of packets can be denied with a stateful packet filter? a. ICMP b. TCP c. UDP d. IP 12. Which of the following is a device that is used to amplify the received signals? a. Bridge b. Router c. Repeater d. Brouter September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 65 Domain 2 Practice Questions 13. Which of the following statements pertaining to packet switching is incorrect? a. Most data sent today uses digital signals over network employing packet switching. b. Messages are divided into packets. c. All packets from a message travel through the same route. d. Each network node or point examines each packet for routing. 14. What is a limitation of TCP Wrappers? a. It cannot control access to running UDP servers. b. It stops packets before they reach the application layer, thus confusing some proxy servers. c. The hosts.* access control system requires a complicated directory tree. d. They are too expensive. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 66 Domain 2 Practice Questions 15. Which of the following characteristics does not apply to RIP? a. Distance vector routing b. Maximum of 15 hops c. Exterior Gateway Protocol d. Not the most efficient routing protocol 16. Cable length is the most common failure issue with a. twisted pair cabling. b. Coaxial cabling. c. Fiber Optic cabling. d. inter joined pair cabling. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 67 Domain 2 Practice Questions 17. Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? a. User datagram protocol (UDP) b. Internet protocol (IP) c. Address resolution protocol (ARP) d. Internet control message protocol (ICMP) 18. Which of the following, used to extend a network, has a storage capacity to store frames and act as a store-and-forward device? a. Bridge b. Router c. Repeater d. Gateway September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 68 Domain 2 Practice Questions 19. Coaxial cable is called "coaxial" because a. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. b. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis c. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channel, both running along the same axis. d. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 69 Domain 2 Practice Questions 20. Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange is a. the Internet. b. the Intranet. c. the extranet. d. the Ethernet. September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 70