SANS SEC401 EXAMS SCRIPT QUESTIONS AND SOLUTIONS
MARKED A+
✔✔VLAN Hopping - ✔✔Virtual Local Area Network is a way for switches to segment a
network into different areas for security purposes. A VLAN hopping attack fools the
VLAN into allowing packets into a prohibited VLAN segment.
✔✔Physical Topology - ✔✔How devices are physically connected together
How communications are sent over the physical connection (electrical signaling, pulses
of light, radio, etc.)
✔✔Logical Topology - ✔✔How communication is logically formed prior to transmission
✔✔Ethernet - ✔✔Most common communication mechanism on networks worldwide
Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it
listens to ensure only one station communicates at a time and monitors the transitions
to detect collisions.
✔✔Segmentation (network design) - ✔✔Segmentation = separation
Assets should not be able to communicate unabated
Concept of principle of least privilege
✔✔Software Defined Networking (SDN) - ✔✔Networking from a virtualized concept
Can visualize the network as a whole and segment accordingly
Can be achieved programmatically
✔✔Benefits of network architecture understanding - ✔✔Situational awareness
Prioritization of effort
Reduced cost of effort
Timely detection of attacks
Timely detection = timely response = reduction of damage
✔✔Network design objectives - ✔✔Protect internal network from external attacks
Provide defense in depth through a tiered architecture
,Control flow of information between systems
✔✔Network sections - ✔✔Public
Semi public (DMZ)
Middleware
Private
✔✔DMZ (network section, tier) - ✔✔Demilitarized zone - a network tier intended to be
public facing, systems include web servers, email servers, DNS, etc.
This tier is at greater risk of compromise because it faces the public internet at all times.
Assume it will be compromised.
✔✔Middleware (network section, tier) - ✔✔A network segmentation to separate the
DMZ from the private, internal network. An example may include a proxy, which
inspects traffic coming in from the DMZ intended for a database on the private network.
The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).
✔✔Private (network section, tier) - ✔✔The internal network of the organization, an area
of higher trust and less risk, it is not connected directly to the public internet, security,
such as firewalls are still present.
✔✔3 rules of tiered network architecture - ✔✔1. Any system visible from the internet
must reside in the DMZ and may not contain sensitive data.
2. Sensitive data must reside on the internal, private network and not be accessible
from the public, internet
3. DMZ systems can only communicate with private systems through middleware
proxies.
✔✔What is a network protocol - ✔✔A set of rules dictating how computer networks
communicate through network hardware and software. The protocols define the format
and order of messages and actions to be taken.
✔✔What is a protocol stack - ✔✔A set of network protocol layers that work together to
implement communications.
✔✔Three purposes for communication protocols - ✔✔1. Standardize the format of a
communication
,2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication
✔✔ISO OSI Protocol Stack - ✔✔ISO = international Standardization Organization
OSI = open Systems Interconnection
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
✔✔Layer 7 (OSI Protocol Stack) - ✔✔Application... This layer interacts with the
application to determine which network services are required.
✔✔Layer 6 (OSI Protocol Stack) - ✔✔Presentation...This layer makes sure that data
sent from one end of the connection is received in a format that is useful to the other
side. Example, if the sending end compressed data, then then the receiving end would
decompress it.
✔✔Layer 5 (OSI Protocol Stack) - ✔✔Session....handles the establishment and
maintenance of connections between systems. It negotiates the connection, sets it up,
maintains it, and makes sure everything is in sync on both ends.
✔✔Layer 4 (OSI Protocol Stack) - ✔✔Transport....prepares data for transmission,
ensures reliable connectivity from end to end, handles the sequencing of packets.
✔✔Layer 3 (OSI Protocol Stack) - ✔✔Network....handles the network addressing
scheme and connectivity of multiple network segments. It describes how systems on
different network segments find and communicate with each other
✔✔Layer 2 (OSI Protocol Stack) - ✔✔Data link....connects the physical part of the
network (cables and electrical signals) with the abstract parts (packets and data
streams)
✔✔Layer 1 (OSI Protocol Stack) - ✔✔Physical....handles transmission across physical
media, includes electrical pulses on wires, radio waves, light pulses, connection
specifications between the interface hardware and the network cable, and voltage
regulation
✔✔Encapsulation (protocol stack) - ✔✔Moving down the protocol stack with each layer
doing work and adding headers.
, ✔✔Decapsulation (protocol stack) - ✔✔Moving up the protocol stack with each layer
doing work and removing headers.
✔✔TCP/IP Model Layers - ✔✔1. Application
2. Transport (tcp)
3. Internet (ip)
4. Network
✔✔OSI Layers compared to TCP/IP layers - ✔✔Application = application, presentation,
session
Transport (tcp) = transport
Internet (ip) = network
Network = data link, physical
✔✔OSI Model Vs. TCP/IP Model - ✔✔OSI is most commonly referenced and detailed in
practical application
TCP/IP is most commonly used in real application
Both models must do the same work , TCP/IP does more work within each layer
✔✔Application layer (TCP/IP model) - ✔✔This layer takes information from an
application (like a web browser) , creates a packet with the information in it (like a
request for a website) and passes the packet to the transport layer.
✔✔Transport layer (TCP/IP model) - ✔✔Takes the packet from the application layer,
adds a header and instructions for the transport layer on the receiving end on how to
handle the data
✔✔Internet Layer (TCP/IP Model) - ✔✔Adds another header and includes IP
information on how to route the packet to the destination
✔✔Network Layer (TCP/IP Model) - ✔✔Adds another header, includes information for
routers to get to the destination, puts the packet onto the wire for transmission
✔✔IP (Internet Protocol) basics - ✔✔1. Works on Internet layer of TCP/IP model, layer
3 of OSI model
2. The core routing protocol of the internet , finds best path,
3. Deals with transmission of packets between endpoints , but does not guarantee
successful transmission
4. Defines formation of IP addresses, based on network characteristics
✔✔IPv4 Characteristics (list 4) - ✔✔32 bit address space, 4.2 billion addresses
No authentication
Encryption provided by applications
Best effort transport
MARKED A+
✔✔VLAN Hopping - ✔✔Virtual Local Area Network is a way for switches to segment a
network into different areas for security purposes. A VLAN hopping attack fools the
VLAN into allowing packets into a prohibited VLAN segment.
✔✔Physical Topology - ✔✔How devices are physically connected together
How communications are sent over the physical connection (electrical signaling, pulses
of light, radio, etc.)
✔✔Logical Topology - ✔✔How communication is logically formed prior to transmission
✔✔Ethernet - ✔✔Most common communication mechanism on networks worldwide
Uses CSMA/CD (Carrier Sense with Multiple Access / Collision Detection) that is, it
listens to ensure only one station communicates at a time and monitors the transitions
to detect collisions.
✔✔Segmentation (network design) - ✔✔Segmentation = separation
Assets should not be able to communicate unabated
Concept of principle of least privilege
✔✔Software Defined Networking (SDN) - ✔✔Networking from a virtualized concept
Can visualize the network as a whole and segment accordingly
Can be achieved programmatically
✔✔Benefits of network architecture understanding - ✔✔Situational awareness
Prioritization of effort
Reduced cost of effort
Timely detection of attacks
Timely detection = timely response = reduction of damage
✔✔Network design objectives - ✔✔Protect internal network from external attacks
Provide defense in depth through a tiered architecture
,Control flow of information between systems
✔✔Network sections - ✔✔Public
Semi public (DMZ)
Middleware
Private
✔✔DMZ (network section, tier) - ✔✔Demilitarized zone - a network tier intended to be
public facing, systems include web servers, email servers, DNS, etc.
This tier is at greater risk of compromise because it faces the public internet at all times.
Assume it will be compromised.
✔✔Middleware (network section, tier) - ✔✔A network segmentation to separate the
DMZ from the private, internal network. An example may include a proxy, which
inspects traffic coming in from the DMZ intended for a database on the private network.
The middleware inspects traffic for threats. Traffic from the private network intended for
the DMZ is also inspected in the proxy (reverse proxy).
✔✔Private (network section, tier) - ✔✔The internal network of the organization, an area
of higher trust and less risk, it is not connected directly to the public internet, security,
such as firewalls are still present.
✔✔3 rules of tiered network architecture - ✔✔1. Any system visible from the internet
must reside in the DMZ and may not contain sensitive data.
2. Sensitive data must reside on the internal, private network and not be accessible
from the public, internet
3. DMZ systems can only communicate with private systems through middleware
proxies.
✔✔What is a network protocol - ✔✔A set of rules dictating how computer networks
communicate through network hardware and software. The protocols define the format
and order of messages and actions to be taken.
✔✔What is a protocol stack - ✔✔A set of network protocol layers that work together to
implement communications.
✔✔Three purposes for communication protocols - ✔✔1. Standardize the format of a
communication
,2. Specify the order or time of communication
3. To allow all parties to determine the meaning of the communication
✔✔ISO OSI Protocol Stack - ✔✔ISO = international Standardization Organization
OSI = open Systems Interconnection
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
✔✔Layer 7 (OSI Protocol Stack) - ✔✔Application... This layer interacts with the
application to determine which network services are required.
✔✔Layer 6 (OSI Protocol Stack) - ✔✔Presentation...This layer makes sure that data
sent from one end of the connection is received in a format that is useful to the other
side. Example, if the sending end compressed data, then then the receiving end would
decompress it.
✔✔Layer 5 (OSI Protocol Stack) - ✔✔Session....handles the establishment and
maintenance of connections between systems. It negotiates the connection, sets it up,
maintains it, and makes sure everything is in sync on both ends.
✔✔Layer 4 (OSI Protocol Stack) - ✔✔Transport....prepares data for transmission,
ensures reliable connectivity from end to end, handles the sequencing of packets.
✔✔Layer 3 (OSI Protocol Stack) - ✔✔Network....handles the network addressing
scheme and connectivity of multiple network segments. It describes how systems on
different network segments find and communicate with each other
✔✔Layer 2 (OSI Protocol Stack) - ✔✔Data link....connects the physical part of the
network (cables and electrical signals) with the abstract parts (packets and data
streams)
✔✔Layer 1 (OSI Protocol Stack) - ✔✔Physical....handles transmission across physical
media, includes electrical pulses on wires, radio waves, light pulses, connection
specifications between the interface hardware and the network cable, and voltage
regulation
✔✔Encapsulation (protocol stack) - ✔✔Moving down the protocol stack with each layer
doing work and adding headers.
, ✔✔Decapsulation (protocol stack) - ✔✔Moving up the protocol stack with each layer
doing work and removing headers.
✔✔TCP/IP Model Layers - ✔✔1. Application
2. Transport (tcp)
3. Internet (ip)
4. Network
✔✔OSI Layers compared to TCP/IP layers - ✔✔Application = application, presentation,
session
Transport (tcp) = transport
Internet (ip) = network
Network = data link, physical
✔✔OSI Model Vs. TCP/IP Model - ✔✔OSI is most commonly referenced and detailed in
practical application
TCP/IP is most commonly used in real application
Both models must do the same work , TCP/IP does more work within each layer
✔✔Application layer (TCP/IP model) - ✔✔This layer takes information from an
application (like a web browser) , creates a packet with the information in it (like a
request for a website) and passes the packet to the transport layer.
✔✔Transport layer (TCP/IP model) - ✔✔Takes the packet from the application layer,
adds a header and instructions for the transport layer on the receiving end on how to
handle the data
✔✔Internet Layer (TCP/IP Model) - ✔✔Adds another header and includes IP
information on how to route the packet to the destination
✔✔Network Layer (TCP/IP Model) - ✔✔Adds another header, includes information for
routers to get to the destination, puts the packet onto the wire for transmission
✔✔IP (Internet Protocol) basics - ✔✔1. Works on Internet layer of TCP/IP model, layer
3 of OSI model
2. The core routing protocol of the internet , finds best path,
3. Deals with transmission of packets between endpoints , but does not guarantee
successful transmission
4. Defines formation of IP addresses, based on network characteristics
✔✔IPv4 Characteristics (list 4) - ✔✔32 bit address space, 4.2 billion addresses
No authentication
Encryption provided by applications
Best effort transport
