CSUN Spring IS 497c Edit
Note: Please upload your midterm questions to this site. Please post your questions directly under the previous upload and make sure to provide ANSWERS
Example Code: """ '=== Please do not delete any information unless it is your own! ==='
Which one is not include in the most common uses for data link protocols? A. Navigating data between point-to-point networks B. Load attacks C. Frame relay D. Access restriction Answer: B (pg 155) ""
Post question after this line!!!!!!!!!!!!
1. Broadcast protection, interception and higher layer relaying are all part of: a) destination anonymity b) link anonymity c) network anonymity d) none of the above Answer: a
Chapter 13, page 262-263
2. Which of the following is not true about DNS? a) provides hostname to network address mapping; b) provides domain information; c) it was designed for security purposes; d) highly distributed and very scalable; Answer: c
Chapter 17, page 384
3. The following are transport layer protocols, EXCEPT: a) TCP b) UDP c) HTTP d) Apple Talk Answer: c
Chapter 14, page 280
4. Which of the following is NOT a characteristic of UDP? a) provides a flow control and sequence number; b) mostly used for connectionless services; c) transmission does not generate acknowledgment; d) requires less bandwidth than TCP; Answer: a Chapter 15, page 321
5. All of the following are true about DNS, EXCEPT: a) it is a network layer protocol; b) supports hostname lookups; c) provides hostname-to-address mapping; d) provides mail server identification; Answer; a
Chapter 17, page 349
1) Which of the following is not a motivator for anonymity?
a) Doing something wrong b) Detection avoidance c) Doing something legal d) Marketing avoidance
2) which of the following is not a service provided by Tor?
a) Sender anonymity b) Destination anonymity c) Receiver anonymity d) Link anonymity
3) which of the following is not a fingerprinting option based on retries?
a) SYN retries b) NACK retries c) ACK retries d) SYN-ACK retries
4) which of the following is not a type of reply to a TCP port scan?
a) SYN-ACK b) RST c) ICMP Unreachable d) Nothing e) SYN-NACK
1. Describe the three basic states of TCP initialization, data exchange and disconnect.
TCP uses a three-way handshake which comprise of syncing the two connection together in the initialization stage, then as the file is being received, it will acknowledge each packet that is being sent to make sure there is no error during the sending process for each packet and finally sending a finish flag at the end to acknowledge that it is finished.
During the initialization process, the client will send a TCP packet with a SYN flag to a specific port on the destination computer which will then resend a SYN-ACK flag which will set the initial sequence number and acknowledge to the client computer which will then send an acknowledgement (ACK) and confirm the sequence number.
When the data start to exchange, the destination computer would send an ACK to start receiving the packet but also will tell the client computer the window size such as a buffer so the client computer does not have to wait for every ACK before sending the next packet. It allows the client to send enough packet equal or less than the window size and would need to wait for an ACK with a new windows size before it can resend the next packet.
When disconnecting, a computer will send a FIN flag to tell the other computer that it is finish sending and is time to disconnect and then the other computer will send an ACK for the FIN and will then disconnect.
Source is on page 307-308
2. What is not a common risk in the session layer?
a. Session Hijacking b. Blind Session Attacks c. Man-in-the-Middle d. Social engineering e. None of the above
The answer is “d.” and the source is located on page 342-344
Questions for Final
Multiple Choice 1. Which of the following term below describes when converting between hostnames and IP addresses? a. DNS b. LDAP c. NIS d. BSD e. NFS
Answer: A chapter 17 page 349
2. Which of the following provides a connection-orientated service that guarantees packet delivery and order of delivery? a. TCP b. SPI c. ARP d. ICMP e. SYM
Answer: A. Chapter 15 page 321
Essay 3. Why are “TCP port scans” used for network security?
Answer: TCP porn scans are used to identify running services. A port scan attempts to connect to ports and records the results.
4. What are the 5 phases of SSH protocol?
Answer: Algorithm negotiation, key exchange, server authentication, client
authentication, client authentication, and data transfer.
1. List four types of connection-oriented packet confirmations except A. Per-packet confirmation B. Per-set confirmation C. Sliding window confirmation D. Implicit confirmation E. Explicit confirmation * Ch. 14, Page 288-289, Slide 14-15
2. How many bytes for the smallest TCP packet (containing no data and no options)? A. 8 B. 10 C. 16 D. 20 * E. 32 Ch. 15, Page 302, Slide 4
3. List three ways of fingerprinting based on retries except A. RST retries * B. SYN retries C. SYN-ACK retries D. ACK retries Ch. 15, Page 311, Slide 11
4. List four TCP port scans except A. SYN-ACK B. ACK * C. RST D. ICMP unreachable E. Nothing Ch. 15, Page 312-313, Slide 13
5. List three options to mitigate the risk from a SYN attack except A. Increase SYN queue B. Decrease SYN timeout C. Enable SYN timeout * D. Enable SYN cookies Ch. 15, Page 316, Slide 15
1. What are the characteristics of UDP protocol? a. Connection-less b. Transmits data but does not validate data receipt c. Commonly used by higher-level protocols d. Transmits data faster than other protocols e. All of the above
2. TCP is all of the following except? a. Common basis for connection-oriented transport services b. Provides reliable end to end communication c. DNS and VoIP use it d. Single most widely used transport layer protocol
3. DNS is all but one of the following:
a. An application layer protocol b. Provides memorable hostnames and meta-information c. Used for hostname to address mapping d. A session layer protocol
4. What are the basic preventative measures for DNS security? a. Reconnaissance b. Social threat mitigation c. Direct threat mitigation d. All of the above
5. What key is not a key used with SSH? a. Cryptographic keys b. Server keys c. Host keys d. Client keys
List three types of connection-oriented packet confirmations and briefly describe them.
1. Per-Packet Confirmation a. Each transmitted packet receives an acknowledgement. 2. Per-Set Confirmation
a. Group of packets can be transmitted with one acknowledgement accounting for the entire group. The confirmation reports the packets received, as well as the ones that were missed. 3. Sliding Window Confirmation
a. Similar to the per-set confirmation however, packets are sent continuously and acknowledgements are sent periodically. The acknowledgements confirm a set of transmitted packets and some acknowledgements may identify a few packets or many. 4. Implicit Confirmation
a. Some protocols may be designed as connection-less but actually provide connection-oriented acknowledgements. For example when the presentation layer protocol SSL uses encryption, transport layer is connection-less, the overall transport operates in a connection oriented fashion; if a packet is not confirmed then the encryption fails.
Answer is on Page 289 Chapter 14
What protocol was used as a basis for SMTP?
Answer is on Page 452 Chapter 22
What does DNS stand for?
a. Do not Steal
b. Domain name server
c. Domain name system
d. Domain name storm
Answer is on Page 348 Chapter 17
a. Very secure
d. None of the above
Answer is on Page 489 Chapter 23 summary __________________________________________________ __________________________________________________
Question 1) What are the three attributes of network anonymity?
a)Secure anonymity, destination anonymity, and link anonymity
b)Source anonymity, destination anonymity, and link anonymity
c)Source anonymity, attack anonymity, and link anonymity
d)Source anonymity, destination anonymity, and address anonymity
Q1 Correct Answer: b (Page 261-263)
Question 2) What are some of the main features that differ between TCP and UDP protocol?
a)TCP is a connection oriented protocol that validates transmission of data, while UDP is connectionless protocol that does not provide validation but transmits data much faster due to less overhead
b)TCP is a connectionless protocol that does not provide validation of data, while UDP is a connection oriented protocol and transmits data much slower then TCP
c)UDP is connectionless and provides validation of data, while TCP is connection oriented and does not validate data but transmits data much faster then UDP
d)UPD is a connection oriented protocol that validates transmission of data, while TCP is a connectionless protocol that does not provide validation but transmits data much faster due to less overhead
Q2 Correct Answer: a (Page 280-281, 301 & 321)
Question 3) The window size is used in which of the following protocols?
Q3 Correct Answer: c (Page 305-306)
Question 4) What is DNS Cache Poisoning?
a) An attacker who observers a DNS request generates a forged DNS reply that contains a long cache timeout value that causes the DNS server to provide false data
b) An attacker floods the DNS server by sending multiple requests which causes the DNS server to shut down due to overload
c) An attacker sends a poisoned packet that contains a virus to the DNS which causes the server to retransmit the virus to all its client computers
d) An attacker who intentionally transmits fake monetary payments to establish a domain name
Q4 Correct Answer: a (Page 369 -370)
Question 5) What are the three phases of the Secure Socket Layer (SSL) protocol?
a)Authentication, key exchange, data transfer
b)Authentication, validation, data transfer
c)Negotiation, key exchange, routing
d)Negotiation, key exchange, data transfer
Q5 Correct Answer: d (Page 399-403) ____________________________________________ ____________________________________________
1. NetBIOS-DG is used for which of the following? (Pg 282) a. Remote access to BIOS of any computer on the same network. b. Communication between Linux systems c. Transmitting data between Windows systems. <------ Correct Answer d. None of the above
2. Which of the following is a transport layer function? (Pg 283-291) a. Connection Management b. Packet Assembly c. Service Identification d. All of the Above <------ Correct Answer
3. What are the two guarantees offered by TCP for higher layer protocols? (Pg. 302) a. Reliable data delivery b. Sequential data ordering c. Complete security d. a & b <------ Correct Answer e. b & c
4. What is a fundamental security flaw in DNS? (Pg. 368) a. User Error b. Packet Sniffing c. Incorrect Algorithms d. Assumed trust between servers <------ Correct Answer
5. Within which layer does SSL operate? (Pg. 397) a. Application Layer b. Physical Layer c. Presentation Layer <------ Correct Answer d. None of the Above
1. Which of the following is an attribute of network anonymity:
- a. Source
- b. Destination
- c. Link
- d. All of the above.
- Answer: d
- Chapter 13/Pages 261-263
2. Which of the following is a main approach to hide a destination address:
- a. Broadcast protection
- b. Moving addresses
- c. Interception
- d. a and c
- Answer: d
- Chapter 13/Pages 262-263
3. Which of the following is a function of the transport layer?
- a. Connection management
- b. Packet assembly
- c. Service identification
- d. All of the above
- Answer: d
- Chapter 14/ Page 283
4. The following statements are true about TCP, EXCEPT:
- a. TCP guarantees application data delivery
- b. TCP guarantees the order of application data delivery
- c. TCP does not resend unacknowledged data
- d. TCP manages data flow using control flags and windows
- e. All of the are true
- Answer: c
- Chapter 15/ Pages 303-305
5. Which of the following is a Common Lookup Tool:
- a. host
- b. nslookup
- c. dig
- d. a and b
- e. All of the above
- Answer: e
- Chapter 17/ Pages 350-351
Which of the following is a TCP attack mitigation technique? Pg 314
A) Alter System Profile
B) Block Attack Vectors
C) Higher layer Protocals
D) All of the above*
How many OSI connection states are there? Pg333
C) 3 *
Which is not a Session identifier? Pg 342
D) ADD *
Which Session layer attack involves stealing th session identifier? 343-344
A) Authentication and authorization
B) Session Hijacking *
C) Blind side Attacks
D) Information Leakage and Privacy
Which of the following is not a gTLD? pg 364
A ) COM
1. What does DNS stand for ? A. Domain Name System C. Domain Name Service B. Directory Name Service D. Directory Name System Chapter 17, Slide 3
2. Which of these is NOT a type of DNS server A. Primary C. Secondary B. Tertiary D. Caching Chapter 17, Slide 9
3. What does SSL stand for ? A. Secure System Layer C. Secure Socket Layer B. Special Socket Layer D. Super Secure Layer Chapter 19, Slide 3
4. What does TLS stand for ? A. The Sockets Layer C. Trusted Secure Lookup B. Transport Shell Layer D. Transport Layer Security Chapter 19, Slide 7
5. What does DSS stand for A. Digital Security Standard C. Digital Signature Standard B. Directory Service Security D. Decision Support System Chapter 19, Slide 8