WGU C172..docx

Application Layer-7 - correct answer This layer is responsible for network applications (like HTTP or FTP) and their production of data to be transferred over the network Presentation Layer-6 - correct answer This layer is responsible for translating data from the application layer into the format required to transmit the data over the network as well as encrypting the data for security if encryption is used. Session Layer-5 - correct answer This layer is responsible for connection establishment, session maintenance, and authentication. Transport Layer-4 - correct answer This layer provides services to the application layer and receives services from the network layer. It is responsible for the reliable delivery of data. It segments and reassembles data in the correct order for it to be sent to the receiving device Network Layer-3 - correct answer This layer is responsible for the transmission of data between hosts in different networks as well as routing of data packets. This layer is implemented through the use of devices such as routers and some switches. Data Link Layer-2 - correct answer This layer is responsible for the error-free delivery of data to the receiving device or node. This layer is implemented through the use of devices such as switches and bridge devices, as well as anything with a network interface, like wireless or wired network cards Physical Layer-1 - correct answer This layer is responsible for the physical connections of the devices in the network. This layer is implemented through the use of devices such as hubs, repeaters, modem devices, and physical cabling PAN - correct answer a network that is centered around a person and their devices LAN - correct answer consists of computers connected within a limited area WLAN - correct answer a LAN with wireless connectivity SAN - correct answer a network that allows access to storage devices specifically instead of the more general networking that can be used for any purpose CAN - correct answer provides networking of multiple LANs across a limited area, like a university campus or a group of buildings owned by a company MAN - correct answer provides networking across a larger area than a CAN, but smaller than a WAN, such as a whole city or the equivalent of a metropolitan area WAN - correct answer t it covers a large geographical area within its network. This would be the case for worldwide businesses or government bodies Private cloud - correct answer Owned privately Full responsibility to repair and maintain Public cloud - correct answer Owned privately Full responsibility to repair and maintain Community cloud - correct answer Data structure sometimes used in government agencies and universities Hybrid Cloud - correct answer -Company uses combination of private and public cloud -Sometimes used for burst demand (seasonal) -Connection can be VPN or WAN Multi-cloud - correct answer -Using multiple public cloud providers -Can add redundancy and flexibility -Company can use services from one company, but cheaper cloud services from another (ex. Data warehousing) Type 1 hypervisor - correct answer -"bare-metal" -runs directly on the physical hardware of the host machine -loaded directly on the hardware to abstract the hardware to the virtualization layer and is commonly used on servers Type 2 hypervisor - correct answer -installed as an application within another operating system environment -commonly used on personal computers. IaaS (Infrastructure as a Service) - correct answer -Consumer given access to portal -Provider allows you to choose amount of Ram, storage, and network cards -Cloud Provider typically has little to no interaction with virtual machines -You are responsible to protect VM's from disaster and data loss Paas (Platform as a service) - correct answer -Partially managed services -Webhosting is an example -Server is maintain for you -Attractive to devs because it allows them to deploy cod to an application runtime environment Saas (Software as a service) - correct answer -Could represent anything you consume over the internet -Examples: Facebook, Office 365, Salesforce Advanced persistent threats - correct answer -Virus or malware stay undetected till triggered by hacker or time -Will add itself to as many backups as possible Zero-day - correct answer -Day one virus -Dangerous because it is unknown Red Team - correct answer Team that attempts to compromise the security Blue Team - correct answer Team that defends Purple Team - correct answer the red and blue team engage, and then when certain success criteria are met, the teams debrief, cross-train each other, and repeat Insider Threats - correct answer -Come from inside the organization -Can be disgruntled employee, but is sometimes accidental Nation States - correct answer Industrial espionage Script Kiddies - correct answer -Hack out of curiosity -New found skills -Lack of knowledge and unpredictability of attacks -Don't always realize consequences of their actions Wiretapping - correct answer any process that allows an attacker to electronically eavesdrop on a conversation, whether between two humans or two computers (packet snffer) Port Scanning - correct answer -Process of systematically scanning thousands of ports to gain access (TCP port) -Sends thousands of TCP/IP packets to different ports on victims PC to find a response Buffer overflow - correct answer when too many characters are added in a region of memory and can trick the CPU into allowing access Solution to Buffer overflow - correct answer -One protection is to review source code and verify user input fields -Second is enable NX-bit (no-execute) functionality on pc Spoofing - correct answer convinces system it is communicating with a known trusted entity. Gives attacker access to system. Denial-of-service - correct answer prevent legitimate users from accessing the resource by sending an overwhelming amount of data to the target server Ping of Death - correct answer a trick whereby the attacker would send the victim a malformed ICMP packet that would cause the victim's computer to crash or stop functioning on the network. Ping flood - correct answer overwhelms a victim's computer with an immense volume of ICMP echo-request packets, all containing a forged, randomized source address. Smurf - correct answer IP spoofing attacks ICMP, causes to ping indefinitely. Social engineering (hack a human) - correct answer the art of manipulating human trust to gain access or information Phishing - correct answer Emails appear to be from trusted source. Spear phishing is more personal and relevant. Vulnerabilities - correct answer -Poor security measures