Networking Week 4 Study Guide

What is referred to as configuration drift?

The deviation of a CI from its baseline

Why should configuration changes only be made with a service request ticket?

To ensure that the activity of network personnel is recorded

What is the primary purpose of using physical network diagrams?

To capture the complex relationships between network elements

Why is it important to track software license usage in an asset inventory?

To ensure compliance with the vendor's licensing agreement

Why is it important to stay up to date with system security advisories?

To stay informed about vulnerabilities

What role does a Change Advisory Board (CAB) play in change management?

It approves major or significant changes.

What historical method might IT departments have used for tracking IP usage?

Static files

What is the purpose of a rack diagram?

To record the position of each appliance in the rack

Which agreement is most likely to be used between two companies to protect shared sensitive information?

Non-Disclosure Agreement (NDA)

What is a configuration backup used for when applying an update?

To serve as a fallback

Which backup mode creates a snapshot-type image of the whole system?

State/bare metal

Which layer's diagram would show asset IDs, cable links, and wall/patch panel/switch port IDs?

PHY (Physical layer)

Which of the following is the BEST approach when a configuration has drifted from its baseline?

Perform testing to determine whether to revert.

What does the Secure Erase (SE) command do on HDDs?

Performs a single pass of zero-filling

What is the standard method of sanitizing an HDD?

Overwriting

Which feature allows Nmap to work out hop counts?

--traceroute switch

What does a configuration monitor do when there is a change to a device's production configuration?

It generates logs, alerts, or alarms.

What is the primary function of an availability monitor?

To trigger an alarm for service unscheduled downtime

What metric measures the actual amount of data transferred over a network?

Throughput

What is the purpose of using the -sV or -A switch with Nmap?

To probe for software versions on each port

Which type of scanners use specially crafted probes to locate hosts that might be configured not to respond to pings?

Security-oriented scanners

What is the primary function of Cisco Discovery Protocol (CDP)?

To discover information about directly connected Cisco devices

What does Nmap use to determine whether a host is present when used without switches?

It pings and sends a TCP ACK packet to ports 80 and 443.

What does an IP scanner do?

Establishes the logical topology of the network

What can cause a broadcast storm in a network?

Switching loops

What does an availability monitor check for in an HTTP service to confirm availability?

A 200 status code

What is a basic type of IP scanning mentioned in the document?

Host discovery

Which of the following is NOT information that CDP can report?

MAC address table sizes

Which Nmap scan type is less stealthy due to its use of the operating system to attempt a full TCP connection?

TCP connect (-sT)

What should you consider doing if a server hosting a service is overloaded?

Throttle client connections.

Which version of SNP supports encryption and strong user-based authentication?

SNMP v3

What mode in SNMPv3 does not encrypt packets but requires authentication?

authNoPriv

What is a major security weakness of SNMP v2c?

It sends community strings in plaintext.

An organization is using the Simple Network Management Protocol (SNMP) for remote management and monitoring of servers and network appliances and must deploy an agent to each device.

Where are the statistics relating to the activity of each device kept?

MIB

What is the purpose of a community string in SNMP?

To serve as a type of password

What does a syslog message comprise?

A PRI code, a header, and a message part

What is the purpose of the PRI code in a syslog message?

To indicate the message's priority

What does log aggregation in the context of SIEM refer to?

Normalizing data from different sources to make it consistent

How do SIEM tools handle differences in date/time zones among various log sources?

By normalizing date/time zone differences to a single timeline

What is an automated event management system configured to generate?

Some sort of alert

What type of events does an audit log generally record?

Success/fail type events related to authentication

What is a key feature of performance/traffic logs?

They record metrics for network resources.

How can a high priority alert be communicated in an event management system?

By sending an email to the system administrator

What distinguishes an application log from a system log?

An application log records data for a single specific service.

Why is plotting data as a graph helpful in log analysis?

It makes it easier to spot trends or spikes in the data.

In Wireshark, where can you access tools for traffic analysis?

Statistics menu

What distinguishes a Passive TAP from a SPAN/port mirroring connection?

It physically copies the signal from the cabling to a monitor port.

Why might an aggregation TAP drop frames under heavy load?

Because it rebuilds streams into a single channel

What does the -w switch do in tcpdump?

Writes output to a file

How can the detail of the information shown about each frame be increased in tcpdump?

Using the -v, -vv, or -vvv switches

Which open-source tool is mentioned as a graphical packet capture and analysis utility?

Wireshark

Which option is used with tcpdump to specify the network interface to listen on?

-i

What is the purpose of installing a special driver for a software-based sniffer?

To allow the frames to be read from the network stack

What is the purpose of using display filters in Wireshark?

To show only particular frames or sequences of frames

What is the role of a packet sniffer in the context of a protocol analyzer?

To capture frames moving over the network medium

What is considered an acceptable error rate in general terms?

Under 1 percent

Which of the following is NOT a traffic class defined by DiffServ?

Maximum Throughput

What type of data transfer is described as bursty?

File transfer

What is the primary purpose of using Quality of Service (QoS) mechanisms in a network?

To prioritize certain types of traffic over others

Why is collecting just the packet metadata preferred over recording each frame?

It reduces the bandwidth required by the sniffer.

What is the significance of monitoring queue length in network performance?

It helps determine whether the link is a bottleneck.

What are latency and jitter in the context of network performance?

Problems of timing and sequence of packet delivery

A network administrator is tasked with improving the performance of a company's VoIP (Voice over Internet Protocol) system, which has been experiencing poor audio quality during peak business hours.

The network is also used for email, web browsing, and file transfers. The administrator decides to implement a solution to prioritize VoIP traffic over other types of traffic.

Which of the following solutions would be MOST effective in achieving the desired improvement in VoIP performance?

Deploying traffic shaping to prioritize VoIP packets.

What is a potential consequence of using traffic policing devices instead of traffic shapers?

Under-utilization of bandwidth during idle periods

What advantage do website performance checkers offer for testing site response times?

They test from the perspective of customers in different countries.

What is the primary purpose of monitoring individual interface statistics in a network?

To diagnose performance issues

What is the primary function of traffic shapers?

To delay certain packet types based on their content

What do "top talkers" and "top listeners" refer to in network analysis?

Top talkers are interfaces generating the most outgoing traffic, while top listeners are the interfaces receiving the most incoming traffic.

What role does a NetFlow exporter play in a network?

It defines cache flows.

What is packet loss?

The discarding of data packets in a network

What is the role of encryption in an access control solution?

To convert plaintext into ciphertext

What does data locality require?

Data storage within certain geographical boundaries

What is the difficulty in implementing security controls?

They can be expensive.

What does a ciphertext represent in the context of encryption?

The encrypted version of plaintext

What does "integrity" in the context of the CIA Triad mean?

The data is stored and transferred as intended and that any modification is authorized.

What can the most serious vulnerabilities allow an attacker to do?

Execute arbitrary code on the system

What does "availability" in the CIA Triad refer to?

Information and resources are accessible to those authorized when needed.

What is a honeypot in the context of cybersecurity?

A computer system set up to attract attackers

What does a risk assessment involve?

Auditing the company's systems for risk factors

What is one of the key benefits of using a honeypot or honeynet in cybersecurity?

Providing an early warning of attacks

What poses a greater threat than zero-day vulnerabilities?

Unpatched or legacy systems

Under what condition can an organization process credit card transactions directly?

If they adopt the PCI DSS standard

What is the purpose of a cybersecurity audit?

To ensure a security posture aligns with established standards

What is Personally Identifiable Information (PII)?

Data that can identify, contact, or locate an individual

What is meant by "data at rest"?

Data stored on a persistent storage media

What does the payload of malware refer to?

The malware action other than replication

A cyber security technician responds to a department experiencing degraded network bandwidth, and customers call the department saying they cannot visit the company website.

What is likely causing the issue?

Distributed DoS (DDoS)

What distinguishes an external threat actor from an internal threat actor?

Whether they have authorized access to the system

What does the term "advanced persistent threat (APT)" refer to in the context of malware?

A sophisticated malware attack that remains undetected

What are Potentially Unwanted Programs (PUPs)/Potentially Unwanted Applications (PUAs)?

Software installed alongside a package selected by the user

What is the primary goal of most adversaries when launching network attacks?

To steal information from the network

How are botnets typically created?

Through malware that opens a backdoor

Which of the following best describes behavioral threat research?

A commentary describing examples of attacks and TTPs

What is an example of an inadvertent vulnerability that users can create?

Using shadow IT without authorization

What can be a source of internal threats?

Employees within the organization

What is a Distributed Reflection DoS (DRDoS) attack?

A type of attack where the victim's IP address is spoofed

What is the primary difference between footprinting and fingerprinting in network attacks?

Footprinting gathers general network information, while fingerprinting identifies specific device types.

What is malware?

Software that performs malicious actions

What types of devices are vulnerable to becoming part of a botnet?

Any type of Internet-enabled device

What is the purpose of spoofing attacks?

To disguise the attacker's identity