COURSE 4 – NETWORK SECURITY & DATABASE VULNERABILITIES

Module 2: Basics of IP Addressing and the OSI Model 

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – Basics of IP Addressing and the OSI Model 

Throughout this module, you’ll acquire fundamental knowledge about IP Addressing and its impact on network traffic routing. Additionally, you’ll explore application and transport protocols, gaining insights into their roles within network communication.

Delving deeper, you’ll study firewalls and delve into further details surrounding Intrusion Detection and Intrusion Prevention Systems. Finally, you’ll grasp the concepts of high availability and clustering, essential components for ensuring robust and reliable network infrastructure.

Learning Objectives

  • Describe how to achieve high availability through clustering
  • Describe high availability in information technology
  • Describe the flow of packets through an NGFW
  • Explain how NGFWs can inspect and block more intrusion types than is possible with traditional firewalls
  • Contrast traditional firewalls with next-generation firewalls (NGFWs)
  • Identify the legitimate and illegitimate uses of port mirroring
  • Explain how to use flow utilities such as NetFlow to collect and visualize network traffic flow statistics on routing devices
  • Define the Syslog protocol
  • Describe the dynamic host configuration protocol (DHCP), including the service that it provides
  • Describe the domain name system (DNS), including the service that it provides
  • Differentiate between the TCP and UDP transport layer protocols
  • Contrast IPv4 and IPv6 addressing
  • Describe the purpose of subnet masks and gateways
  • Explain how IP addresses work
  • Describe IPv4’s four-octet format and the five ranges of IPv4’s classful addressing schema
  • Convert numbers between binary, octal, decimal, and hexadecimal number systems

BASICS OF IP ADDRESSING

1. The binary (base 2) number “0101” is how much in decimal (base 10)?

  • 3
  • 5 (CORRECT)
  • 9
  • 1

Correct, 5

2. The IP address range goes from 0.0.0.0 to 255.255.255.255 and is known as the “four octets”. Why are these 4 numbers called octets?

  • They form a total of 8 subranges.
  • This was the eighth version of the IP address range to be adopted by the Internet Standards Committee (and the first to gain widespread acceptance.)
  • The inventor noted the similarity to the “octives” in piano music.
  • The number 255 in decimal takes up 8 digits in binary. (CORRECT)

Correct, it takes up 8 digits in binary.

3. How many octets are used to define the network portion of the IP address in a Class C network?

  • 0
  • 1
  • 2
  • 3 (CORRECT)

Correct, 3 octets.

4. True or False: A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.

  • True (CORRECT)
  • False

Correct, A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.

5. True or False: The destination address is defined in the packet header but the source address is in the packet footer.

  • True
  • False (CORRECT)

Correct, True or False: The destination address is  not defined in the packet header but the source address is in the packet footer. 

6. Which network mask belongs to a Class A network?

  • 255.255.255.0
  • 255.0.0.0 (CORRECT)
  • 255.255.255.255
  • 0.0.0.0

Correct, network mask of a Class A network

7. IPv6 changes the IP address from a 32 bit address used in IPv4 to a 128 bit address. This results in which of the following?

  • Many billions of times as many possible IP addresses. (CORRECT)
  • Four times as many possible IP addresses.
  • The same number of possible IP addresses, but expressed with greater precision.
  • The same number of possible host addresses but many more network addresses.

Correct, many billions of times as many IP addresses.

8. Which IPv4 addressing schema would you use to send a message to select group systems on the network?

  • Unicast
  • Broadcast
  • Simulcast
  • Multicast (CORRECT)

TCP/IP LAYER 4, TRANSPORT LAYER OVERVIEW

1. True or False: Utilities such as TFTP, DNS and SNMP utilize the UDP transport protocol.

  • True (CORRECT)
  • False

Correct, Utilities such as TFTP, DNS and SNMP utilize the UDP transport protocol.

2. True or False: The UDP transport protocol is faster than the TCP transport protocol.

  • True (CORRECT)
  • False

Correct, The UDP transport protocol is faster than the TCP transport protocol.

3. Which four (4) of these are characteristic of the UDP transport protocol?

  • Ordered data; duplicate detection
  • Unreliable (CORRECT)
  • Connection-oriented
  • Flow control
  • Unordered data; duplicates possible (CORRECT)
  • Reliable
  • Connectionless (CORRECT)
  • No flow control (CORRECT)

Correct, you have 3 more to complete this question

TCP/IP LAYER 5, APPLICATION LAYER OVERVIEW

1. What is the primary function of DNS?

  • To convert MAC addresses to domain names and vice versa.
  • To translate domain names to IP addresses and vice versa. (CORRECT)
  • To filter out domains not authorized access to the local network.
  • To assign domain names to new endpoints.

Correct, To translate domain names to IP addresses and vice versa.

2. How does a new endpoint know the address of the DHCP server?

  • The endpoint sends an inquiry to the gateway and the gateway responds with the address of the DHCP server.
  • The DHCP server is always located on the gateway.
  • The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network. (CORRECT)
  • The administrator must input the IP address of the DHCP server in the endpoint’s network configuration.

Correct, The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network.

3. Which Syslog layer contains the actual message contents?

  • Syslog Application
  • Syslog Content (CORRECT)
  • Syslog Message
  • Syslog Transport

Correct, Syslog Content

4. True or False: Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.

  • True (CORRECT)
  • False

Correct, Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.

5. True or False: The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.

  • True (CORRECT)
  • False

Correct, The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.

6. Why is port mirroring used?

  • To provide a stream of all data entering or leaving a specific port for debugging or analysis work. (CORRECT)
  • To make the network faster by providing two parallel ports through which data can flow.
  • To make the network more reliable by providing a redundant path for all traffic destined for a specific port.
  • To provide an independent data stream for when two processes must operate on the same incoming data.

Correct, To provide a stream of all data entering or leaving a specific port for debugging or analysis work.

FIREWALLS, INTRUSION DETECTION AND INTRUSION PREVENTION SYSTEMS

1. What is the main difference between a Next Generation Firewall (NGFW) and a traditional firewall?

  • NGFW do essentially the same thing as traditional firewalls but can handle substantially more network traffic per firewall.
  • NGFW use sessions.
  • NGFW inspect both TCP and UDP traffic while traditional firewalls inspect TCP traffic only. (CORRECT)
  • NGFW inspect all 7 network layers.

Correct, NGFW use sessions.

2. True or False: Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.

  • True (CORRECT)
  • False

Correct,  Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.

3. What are the two (2) primary methods used by Intrusion Prevention Systems (IPS) to discover an exploit?

  • Layer interleave-based detection.
  • Signature-based detection. (CORRECT)
  • Statistical anomaly-based detection. (CORRECT)
  • Transport layer variance detection.

Partially correct, you need to select one more correct answer.

4. If your nontechnical manager told you that you must configure your traditional second-generation firewalls to block all users on your network from posting messages on Facebook from their office computers, how would you carry out this request?

  • You would have to block all social media access from your network.
  • You would have to block any IP addresses used by Facebook. (CORRECT)
  • You would have to block all HTTP traffic from entering or leaving your network.
  • Specific sites cannot be blocked using a traditional firewall.

CLUSTERING AND HIGH AVAILABILITY SYSTEMS

1. Which condition should apply in order to achieve effective clustering and failover among your firewalls?

  • The firewall hardware should be identical.
  • The firewall operating systems should be identical.
  • There should be direct connections between the primary and secondary nodes.
  • All of the above. (CORRECT)

Correct, all answers are valid.

BASICS OF IP ADDRESSING AND THE OSI MODEL

1. How would you express 15 in binary (base 2)?

  • 10000
  • 01010
  • 01111 (CORRECT)
  • 01001

2. How many octets are used to define the network portion of the IP address in a Class A network?

  • 0
  • 3
  • 2
  • 1 (CORRECT)

3. The device used to separate the network portion of an IP address from the host portion is called what?

  • The host mask.
  • The network separation filter.
  • The address filter.
  • The subnet mask. (CORRECT)

4. The IP header contains a time-to-live (TTL) value. How is this value expressed?

  • The number of delivery attempts that may be made before the packet is returned to the source address as undeliverable.
  • The number of seconds a packet may live if not delivered.
  • The number of minutes a packet may live if it is not delivered.
  • The number of Layer 3 devices (hubs, routers, etc.) the packet is allowed to pass through before it is dropped. (CORRECT)

5. Which is the host portion of this IP address 192.168.52.3/24?

  • 192.168.52
  • 24
  • 168.52.3
  • 3 (CORRECT)

6. Which network mask belongs to a Class C network?

  • 255.255.255.255
  • 255.0.0.0
  • 0.0.0.0
  • 255.255.255.0 (CORRECT)

7. Which IPv4 addressing schema would you use to send a message to all systems on the network?

  • Unicast
  • Multicast
  • Simulcast
  • Broadcast (CORRECT)

8. Which three (3) of the following are legitimate IPv6 addressing schemas?

  • Broadcast
  • Multicast (CORRECT)
  • Unicast (CORRECT)
  • Anycast (CORRECT)

Partially correct!

9. True or False: Utilities such as TFTP, DNS and SNMP utilize the TCP transport protocol.

  • True
  • False (CORRECT)

10. Which two (2) of these fields are included in a UDP header?

  • Source Port (CORRECT)
  • Source IP Address
  • Destination IP Address
  • Destination Port (CORRECT)

Partially correct!

11. Which four (4) of these are characteristic of the TCP transport protocol?

  • Unreliable
  • Connection-oriented (CORRECT)
  • Connectionless
  • Ordered data; duplicate detection (CORRECT)
  • Flow control (CORRECT)
  • Reliable (CORRECT)

Partially correct!

12. How does an endpoint know the address of the DNS server?

  • The endpoint sends out a DNS Discover broadcast request to all endpoints on the local network.
  • The endpoint sends an inquiry to the gateway and the gateway responds with the address of the DNS server.
  • It is manually configured in the network settings by the administrator or obtained from the DHCP server. (CORRECT)
  • The DNS server is always located on the gateway.

13. What is the primary function of DHCP?

  • To translate domain names to IP addresses and vice versa.
  • To collect host names present on a local network segment.
  • To automatically assign IP addresses to systems. (CORRECT)
  • To automatically assign MAC addresses to systems.

14. Which Syslog layer handles the routing and storage of a Syslog message?

  • Syslog Application (CORRECT)
  • Syslog Content
  • Syslog Message
  • Syslog Transport

15. Which of the following flow data are gathered by utilities such as NetFlow?

  • Packet count and byte count.
  • Source and destination TCP/UDP ports.
  • Source and destination IP addresses.
  • Routing and peering data such as TCP flags and protocol.
  • All of the above. (CORRECT)

16. When a network interface card in operating in promiscuous mode, what action does it take?

  • The NIC sends out one false, or “promiscuous” packet for every legitimate packet it sends to interfere with eavesdropping operations.
  • The NIC forwards promiscuous packets to the Promiscuous Server.
  • The NIC sends all packets to the CPU for processing instead of only those packets indicated for its MAC address. (CORRECT)
  • The NIC filters out dangerous or “promiscuous” packets.

17. If a packet is allowed to pass through a NGFW based upon the established firewall rules and a new session is established, how does the NGFW treat the next packet it encounters from the same session?

  • Subsequent packets of the same session are automatically allowed. (CORRECT)
  • Subsequent packets that arrive within the Session Interval configured for that firewall will be allowed to pass without inspection. The first packet that arrives after the session interval expires will trigger the creation of a new session.
  • Every packet is inspected and allowed or denied based upon the same firewall rules that applied to the first packet.
  • The subsequent packets are inspected based on session-specific rules, not the packet-specific rules that were used to inspect the first packet in the session.

18. If your nontechnical manager told you that you must configure your next generation firewalls (NGFW) to block all users on your network from posting messages on Facebook from their office computers, what would be the consequence of carrying out his order?

  • No serious consequence, application-level inspection and blocking can be configured. (CORRECT)
  • You would have to block all social media access from your network.
  • You would have to block all access to Facebook from your network.
  • You would have to block all HTTP traffic from entering or leaving your network.

19. Monitoring network traffic and comparing it against an established baseline for normal use is an example of which form of intrusion detection?

  • Signature-based detection
  • Statistical anomaly-based detection (CORRECT)
  • Traffic Variance Analysis
  • Traffic Impact Analysis

20. Which are three (3) characteristics of a highly available system?

  • Redundancy (CORRECT)
  • Independence
  • Failover (CORRECT)
  • Geographically dispersed
  • Monitoring (CORRECT)

Partially correct!

CONCLUSION – Basics of IP Addressing and the OSI Model 

In conclusion, this module has covered the essentials of networking, including IP addressing’s impact on traffic routing and an overview of application and transport protocols.

You’ve also gained insights into firewalls, Intrusion Detection, and Prevention Systems. Additionally, you’ve explored concepts like high availability and clustering, crucial for building resilient network infrastructures.

Previous Week
Next Week

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe