Cards

1. What does TCP stand for?

Transmission Control Protocol.

2. What port is TCP?

TCP is a transport protocol, it doesn't have assigned ports.

3. What port is DNS?

TCP/UDP port 53.

4. What is SMTP?

Simple Mail Transfer Protocol. For email used by mail servers.

5. Name the TCP/IP layer that TCP belongs to.

Transport Layer.

6. Which OSI layer does a router operate in.

Layer 3 (Network).

7. What feature gives switches layer 3 functionality?

Inter-VLAN routing.

8. What port is DHCP?

UDP port 67 for requests and 68 for replies.

9. What port is ICMP?

Doesn't have one!

10. What does ICMP stand for?

Internet Control Message Protocol.

11. What does DHCP stand for?

Dynamic Host Configuration Protocol.

12. What does OSI layer 6 do?

Data encryption and compression.

13. What port is FTP?

FTP servers use TCP port 21, FTP clients use TCP port 20.

14. What does SSH do?

Creates an encrypted tunnel for communication.

15. What's the difference between POP3 and SMTP?

STMP sends email from sender to reciever's mail server.
POP3 is used by the receiver to fetch mail from the mail server.

16. What does OSI layer 1 do?

Converts binary into electronic signals, through wire, wifi, cellular, etc.

17. What does UDP stand for?

User Datagram Protocol.

18. Do LANs use routing tables?

Yes, if it uses a distance vector algorithm.

19. Which OSI layer do switches mainly operate?

Layer 2 (Data Link).

20. Name the layers of the TCP/IP model.

Network Access, Internet, Transport, Application.

21. What is the shorthand for the subnet mask 255.255.252.0?

/22.

22. What is the broadcast address for the network 172.25.0.0/24?

172.25.0.255.

23. What class is the IP address 10.305.1.256?

It's not a valid IP address!

24. What class is the IP address 8.8.8.8?

Class A.

25. What is the full subnet mask for /28?

255.255.255.240.

26. What is the valid host range for the network 192.168.0.64/26?

192.168.0.65-192.168.0.126.

27. How many usable IP addresses are in a /30 subnet?

4.

28. What is the first usable host IP address in the network 251.156.11.64/15?

251.156.11.65.

29. What is the full subnet mask for /24?

255.255.255.0.

30. What is the broadcast address for the network 192.168.2.0/25?

192.168.2.127.

31. What is valid host range for the network 10.1.0.64/27?

10.1.0.65-10.1.0.94.

32. What is the full subnet mask for /18?

255.255.192.0.

33. What class is the IP address 172.0.0.1?

Class B.

34. What is the default gateway for the IP address 192.168.12.254/24?

192.168.12.1.

35. What is the shorthand for the subnet mask 255.255.255.254?

/31.

36. What is the valid host range for the network 10.10.1.64/28?

10.10.1.65-10.10.1.78.

37. What is the default gateway for the IP address 200.10.10.3/30

200.10.10.1.

38. What network does the IP address 192.168.0.25/25 belong to?

192.168.0.0.

39. What network does the IP address 172.16.50.16/23 belong to?

172.16.50.0.

40. What is the default gateway for the IP address 10.0.0.130/26

10.0.0.129.

41. Can a router provide DHCP services?

Yes, routers can provide DHCP to its local subnet.

42. What does ARP stand for?

Address Resolution Protocol.

43. Why does a device need a MAC address?

It's used for layer 2/LAN routing. Without a MAC address it cannot use a network interface and Ethernet.

44. Why would you refer to the TCP/IP model instead of the OSI model?

The TCP/IP model describes Internet communication. The OSI model is outdated.

45. What does NAT stand for?

Network Address Translation.

46. Why would a router do port forwarding?

Routers only have a single public IP address, in order to route traffic to the correct private IP, the public IP uses ports to identify the correct private IP.

47. Can a router perform NAT?

Yes.

48. Can a router do ARP?

Yes. Just like any device in the network, a router can also use ARP to build its own ARP table.

49. What's the difference between HTTP and HTTPS?

HTTPS uses SSL/TLS to encrypt web traffic, HTTP does not encrypt its traffic so it is less secure.

50. What TCP/IP layer does FTP work in?

Layer 4 (Application).

51. Can a host also be a server?

Yes. As long as they don't use the same port.

52. How many bits are in a IPv4 address?

32 bits.

53. Which protocol is implemented to mitigate IPv4 address exhaustion?

NAT.

54. What port is HTTP and HTTPS?

HTTP uses TCP port 80, HTTPS uses TCP port 443.

55. What does DNS do with URLs and IPs?

It translate network IP addresses into human-readable urls in order to easily connect to domains and websites.

56. List 5 common DNS record types.

A, AAAA, CNAME, NS, MX.

57. Why would an online banking site need SSL/TLS?

Sensitive information like passwords must be encrypted with SSL/TLS or else it will be human-readable and then stolen.

58. What role does an IDS/IPS do inside a network?

They are network security devices similar to firewalls.

59. What layer 2 technology connects devices inside a network?

Ethernet.

60. What role do router ACLs do inside a network?

ACLs are basic traffic filters that allow or block certain IP addresses into the network.

61. Can switches have ACLs?

Yes, if it enabled inter-VLAN routing.

62. Which bytes of a MAC address identify the manufacturer?

The first 3 bytes.

63. What is nbns?

It's a network protocol for NetBIOS name resolution.

64. What port does Kerberos use?

It mainly uses UDP port 88 but it may use others.

65. What is a DHCP lease?

It is a temporary IP address leased by the DHCP server for a limited time.

66. What routing algorithms do WAN use?

BGP (Border Gateway Protocol).

67. What does the PSH flag do in TCP packets?

It's the push flag meant to prioritise this packet and bypass buffering.

68. In Ethernet frames, what is MTU?

Maximum Transmission Unit for limiting the size of Ethernet frames.

69. What are the three steps of the TCP Handshake?

SYN, SYN-ACK, ACK

70. What flags are used to end a TCP connection?

FIN and ACK.

71. What is a broadcast IP address?

It's the address used to send packets to every device in the subnet.

72. What does the MAC address FF:FF:FF:FF:FF:FF mean?

It's the broadcast MAC address for the local network.

73. What is a firewall policy?

It defines the traffic that firewalls allow or block in the network.

74. What does it mean when a firewall policy is default deny?

All traffic is blocked.

75. How do firewalls filter traffic based on website data?

By inspecting the data payload of HTTP packets.

76. How do firewalls filter traffic based on website data?

By inspecting the data payload of HTTP packets.

77. What is anomaly-based detection in network security?

A benchmark of normal activity is recorded, any irregular activity is then considered anomalous.

78. What is signature-based detection in network security?

If traffic matches the signatures of malware the traffic is blocked.

79. How do firewalls inspect the packets with encrypted payloads?

Through SSL/TLS inspection. Firewalls hold private keys of incoming traffic.

80. Can firewall be software or hardware?

It can be both.

81. What is polymorphic malware?

Malware that dynamically changes its signature to bypass detection.

82. What is a worm?

Malicious code that self-replicates inside a network.

83. What is a rootkit?

Malware that modify the OS's functions.

84. What does RAT stand for?

Remote Access Trojan.

85. What does the term Script Kiddies mean?

Inexperienced attackers that use open-source scripts.

86. What are the 2 servers needed for Kerberos?

Authentication Server and Ticket Granting Server.

87. What are digital certificates used for?

Data encryption.

88. What do you do in Weaponisation(2) in the Cyber Kill Chain?

Find or develop malicious payloads to attack a network.

89. What do you do in the 8th step of the Cyber Kill Chain?

There's only 7 steps!

90. What do you do in Exploitation(4) in the Cyber Kill Chain?

Exploit vulnerabilities to bypass security measures.

91. What is a logic bomb?

A malicious payload that hides and waits for a date or event before activating.

92. Can you use hashes to encrypt files?

No, hashing is irreversible.

93. What's the difference between encoding and encrypting?

Encrypting needs public and private keys to secure data. Encoding like gzip can be easily decoded by anyone.

94. What is more secure, MD5 or SHA-256?

SHA-256 is a stronger and newer algorithm.

95. What encoding algorithm would have leading "==" as padding?

Base64.

96. Why is ROT-26 not a valid encoding algorithm?

It applies ROT-13 twice. This is a joke.

97. Are private and public keys involved in symmetric encryption?

No, those are for asymmetric.

98. Is Kerberos symmetric or asymmetric encryption?

Symmetric encryption.

99. What is SFTP?

A protocol that combines SSH and FTP for secure file transfers.

100. Why would a sender share the public key and not the private key?

The public key is used to encrypt the reply. The private key then decrpypts the encrypted response.

101. Which tcpdump option lets you 'carve' pcaps?

-w

102. How do you filter for https traffic in tcpdump?

port 443

103. Which tcpdump option switches timestamps to UTC time?

-tttt

104. In tcpdump, why would do -w instead of > foo.pcap ?

> foo.pcap will just make a new text file and so will not be a readable pcap.

105. Does tcpdump -nn slow down command execution?

No, -nn disables hostname and port resolution so it actually makes the command go faster.

106. In tcpdump, how do you extract hostnames from DHCP?

tcpdump -r foo.pcap -v port 67 or port 68 | grep Hostname

107. In tcpdump, what does the tcpflag [S.] mean?

SYN-ACK.

108. In tcpdump, how do you filter 192.168.0.1's FTP traffic?

ip host 192.168.0.1 and port 20 and port 21

109. How do you pipe tcpdump -r output to awk?

tcpdump -r foo.pcap | awk '$0'

110. How do you print the 13th field using awk?

awk '{print $13}'

111. How can you print the last field using awk?

awk '{print $NF}'

112. In awk, how do you filter for the ip 172.16.0.1 and then print the 5th field?

awk '/172.16.0.1/{print $5}'

113. Given a list of filenames, how would you use regex to only filter for html files?

.html$

114. How would you use awk to filter for lines that have greater than 15 characters?

awk 'length{$0}>15'

115. How would you use awk to print the character length of the 2nd field in each line?

awk '{print length($2)}'

116. Where does usually Linux keep a file that lists the port mappings for every service?

/etc/services

117. How would you use Linux's /etc/services to find the port numbers of all SQL services?

cat /etc/services | grep sql -i

118. How would use Linux's /etc/services to the find the service with the default port of 4094?

cat /etc/services | grep 4094