Type 1

Q1. List the five types of network topology in computer networks.

Five types of topologies in computer networks include as below.

1) Mesh Topology
2) Star Topology
3) Bus Topology
4) Ring Topology
5) Tree Topology

Q2. List the Application Layer attacks.

1) Virus/Worm
2) Password attack
3) Information sniffing
4) Domain Name Servers (DNS) attack
5) Simple Network Management Protocol (SNMP) attack
6) File Transfer Protocol (FTP) bounce attack
7) Operating system and application weaknesses
8) Distributed Denial of Service (DDoS)
9) Man-in-the-Middle (MitM)
10) Cross-Site Scripting (XSS)
11) Cross-Site Request Forgery (CSRF)
12) SQL Injection

Q3. List the Transport Layer attacks.

1) SYN attack
2) SSL Man-in-the-Middle attacks
3) Local Area Network Denial (LAND) attack
4) TCP Connection Hijacking
5) Port Scan Attack
6) Session Hijacking
7) UDP Flood Attack
8) Sequence Number Prediction

Q4. List the Internet/Network Layer attacks.

Common network level threats include information gathering, packet sniffing, spoofing and DoS.

1) IP spoofing
2) Routing attacks
3) (Internet Control Message Protocol) ICMP attacks
4) PING flood (ICMP flood)
5) Ping of death attack
6) Packet sniffing
Q5. List the Data Link Layer attacks.

1) Flooding attack
2) VLAN hopping attack
3) Media Access Control (MAC) attacks/address spoofing
4) Address Resolution Protocol (ARP) attacks
5) Dynamic Host Configuration Protocol (DHCP) starvation attacks

Q6. List the two types of attacks.

Two types of attacks:

1) Active attack: An attempt to alter system resources or affect their operation. Modify or
disrupt system resources. Examples: Masquerade, Replay, DoS.
2) Passive attack: An attempt to learn or make use of information from the system that does
not affect system resources. Intercept information without modification. Examples:
Message release, Traffic analysis.

Q7. List the types of malicious code.

1) Virus: attaches itself to a program and propagates a copy of itself to other programs
2) Trojan Horse: contains unexpected, additional functionality for malicious purposes
3) Trapdoor: allows unauthorized access to functionality
4) Worm: as a virus but propagates itself through a network
5) Rabbit: replicates without limit to exhaust resources

Q8. List the types of virues.

1) Transient virus – life depends on the life of the host – runs when its infected program
runs.
2) Resident virus – locates itself in memory so that it can be activated as a stand-alone
program.
1) Boot Sector Viruses: Infect boot sectors of hard drives.
2) Directory Viruses: Change file paths.
3) Stealth Viruses: Evade antivirus detection.
4) Macro Viruses: Infect macros in documents.
5) Program Viruses: Infect program files.
6) File Deleting Viruses: Delete specific file types.
7) Mass Mailers: Spread through emails.
8) Parasitic Viruses: Attach to executables.
Q9. List the TCP flags.
8 Flags:

1) SYN (Synchronization): Used as first step in establishing 3-way handshake. Only first
packet from sender & receiver should have this set.
2) ACK (Acknowledgement): Used to acknowledge successful receipt of a packet.
3) Push: Instructs receiver to give packets priority usually means processing packets as they
are received instead of queueing them. Used when there should be no interruptions.
4) FIN (Finish): Set to indicate there is no more data to be sent from the sender & closes
connection.
5) RST (Reset): Set on a rejection packet returned to sender when receiver was not expecting
the packet sent. Any connection will also be reset.
6) URG (Urgent): Marks segment as urgent and it will be processed immediately, skipping
any queued segments. Pointer used to indicate how much data in segment is urgent.
7) ECN-E (Explicit Congestion Notification-Echo): Set during handshake & denotes whether a
TCP peer is ECN capable. ECN allows E2E notification of congestion & used to prevent
packet drop.
8) CWR (Congestion Window Reduced): Set to indicate to receiver that it has reacted &
reduced the window size.

Q10. List IEEE 802.11 the wireless protocols and security.

1) Wired Equivalent Privacy (WEP) - Weak security
2) Wi-Fi Protected Access (WPA) - Improved security over WEP
3) Wi-Fi Protected Access 2 (WPA2) - Strong security with AES encryption
4) Wi-Fi Protected Access 3 (WPA3) - Latest and most secure
5) Wi-Fi Protected Setup (WPS) - Simplified setup, potential vulnerabilities

Q11. List the six main categories of access control.

There are six main categories of access control:

1) Preventative: Avoid undesirable events from occurring

2) Detective: Identify undesirable events that have occurred
3) Corrective: Correct undesirable events that have occurred
4) Deterrent: Discourage security violations
5) Recovery: Restore resources and capabilities
6) Compensative: Provide alternatives to other controls
Q12. List the Access Control Threats.
1) Denial of service
2) Buffer overflows
3) Mobile code
4) Malicious software
5) Password crackers
6) Spoofing/masquerading
7) Sniffers
8) Eavesdropping
9) Social engineering

Q13. There are many techniques that can be used to help keep a network safe. List any five
techniques to keep your network safe.
➢ Use strong, unique passwords and enable multi-factor authentication.
➢ Regularly update and patch all software, including operating systems and applications.
➢ Implement a robust firewall and intrusion detection/prevention system.
➢ Educate employees about phishing and other cyber threats.
➢ Regularly backup data and ensure it can be restored quickly in case of a cyber incident.
Type 2
Q1. What are the main characteristics of networks.
1) Quality of Service (QoS): refers to the ability to set priorities and manage data traffic and
reduce data loss, delay, etc.
2) Reliability/fault tolerance: Capacity of the network to offer the same services even during a
failure. Single failures (node or link) are usually considered since they account for the vast
majority of failures.
3) Scalability: the capability of a system, network, or process to handle a growing amount of
work, or its potential to be enlarged to accommodate that growth.
4) Security: protection of the access to files and directories in a computer network against
hacking, misuse and unauthorized changes to the system.
5) Sharing resources: allows resources to be shared over a network, be they files, documents,
folders, media, etc. These are made accessible to other users/computers over a network.

Q2. What are the types of computer networks based on area of coverage.
1) LAN – Local Area Network
➢ Small area network (such as one site or building) with central administration.
➢ Connects devices that are in a single, limited area
2) WAN – Wide Area Network
➢ Large area network shared among many users.
➢ Most WANs are made from several LANs connected together.
➢ The Internet is the largest WAN, spanning the Earth.
➢ WANs use technology like ATM, Frame Relay and X.25 for connectivity over the
longer distances.
3) WLAN – Wireless Local Area Network
➢ Small area wireless network connecting through an access point.
➢ This gives users mobility to move around.
4) MAN – Metropolitan Area Network
➢ Smaller than WAN and larger than LAN. Spans an entire city or campus
➢ MANs are extremely efficient and provide fast communication via high-speed
carriers, such as fibre optic cables.
5) SAN – Storage Area Network
➢ Provides high performing, highly available and highly scalable storage environment
for your mission-critical data.
➢ SANs are typically composed of hosts, switches, storage elements, and storage
devices that are interconnected using a variety of technologies, topologies, and
protocols.
6) WiMAX – Worldwide Interoperability for Microwave Access
➢ Provides fixed and mobile Internet.
➢ WiMAX supports mobile and fixed wireless applications. A mobile user, in this
context, is someone in transit, such as a commuter on a train.
 7) MANET – Mobile Adhoc Network
➢ Self-configuring infrastructure less network of mobile devices connected by wireless
links.
➢ Provides fixed and mobile Internet.
➢ Other types include vehicular ad-hoc network.
8) WSN – Wireless Sensor Network
➢ Consists of spatially distributed autonomous sensors to monitor physical or
environmental conditions.
➢ Wide array of applications ranging from military, scientific, industrial, healthcare,
and domestic.00

Q3. What are the types of cables are used in computer networking.
1) Twisted Pair
➢ Unshielded Twisted Pair (UTP)
➢ Shielded Twisted Pair (STP)
2) Coaxial Cable
➢ Support greater bandwidth and longer cable lengths
➢ Superior insulation protects coaxial cable from electronic interference
3) Fiber Optics
➢ Useful in WAN installations where long distance underground or outdoor cable runs
are required and in office buildings where a high volume of communication traffic is
common.

Q4. What are the different types of firewalls in network security?

The National Institute of Standards and Technology (NIST) 800-10 divides firewalls into three

basic types:

1) Packet Filtering Firewall: Firewall doesn't route packets, but instead compares each packet
received to a set of established criteria -- such as the allowed IP addresses, packet type, port
number, etc.
2) Stateful Inspection Firewall: Stateful inspection firewalls examine each packet and keep
track of whether or not that packet is part of an established TCP session.
3) Proxy Firewall: A proxy firewall is a network security system that protects network
resources by filtering messages at the application layer. A proxy firewall may also be called
an application firewall or gateway firewall.

Q5. What are the functions of Radius Server?

A RADIUS Server has three main functions:

➢ Authenticating users and/or devices and providing permission for them to access the network
➢ Authorizing users and/or devices for specific services on the network
➢ Accounting for usage of network services
Q6. What are the four types of backups?
The four types of backups are:

1) Full Backup
2) Incremental Backup
3) Differential Backup
4) Mirror Backup

Q1. Compare the OSI model and TCP model.

Q2. What is the storage area network?

SAN – Storage Area Network

➢ Provides high performing, highly available and highly scalable storage environment for your
mission-critical data.
➢ SANs are typically composed of hosts, switches, storage elements, and storage devices that
are interconnected using a variety of technologies, topologies, and protocols.
Q3. What is the virus?
Virus, which is a computer virus, is a type of malicious code or program written to
alter the way a computer operates and is designed to spread from one computer to another. A virus
operates by inserting or attaching itself to a legitimate program or document that supports macros in
order to execute its code. In the process, a virus has the potential to cause unexpected or damaging
effects, such as harming the system software by corrupting or destroying data.

Types of viruses:

➢ Transient virus – life depends on the life of the host – runs when its infected program runs.
➢ Resident virus – locates itself in memory so that it can be activated as a stand-alone program.

Q4. What is crypto ransomware and locker ransomware?

There are two main types of ransomwares: crypto ransomware and locker ransomware.

Crypto Ransomware

It encrypts valuable files on a computer so that the user cannot access them. Cyber thieves
that conduct crypto ransomware attacks make money by demanding that victims pay a ransom to get
their files back.

Locker Ransomware

It does not encrypt files. Rather, it locks the victim out of their device, preventing them from
using it. Once they are locked out, cybercriminals carrying out locker ransomware attacks will demand
a ransom to unlock the device.

Q1. How to countermeasures from malware attack.

If prevention fails, then technical mechanisms can be used to support the following
threat mitigation options:

➢ Detection: Once the infection has occurred, determine that it has occurred and locate the
malware.
➢ Identification: Once detection has been achieved, identify the specific malware that has
infected the system.
➢ Removal: Once the specific malware has been identified, remove all traces of malware virus
from all infected systems so that it cannot spread further.
Q2. How does a firewall work?
A firewall is a focus for security decisions. It can enforce a security policy and log Internet
activity efficiently.

Service Control: Determines what services can be accessed, inbound or outbound. Firewalls may
filter traffic based on IP, port or protocol.
Direction Control: Determines the direction that service requests are allowed to flow.
User Control: Controls service access according to which user is attempting to access it.
Behavior Control: Controls how particular services are used. E.g., connection limits or mail filters.

Q3. How to examining IDS step by step?

1) Installing IDS database
2) Gathering Data
3) Sending Alert Messages
4) The IDS Responds
5) The administrator accesses the intrusion
6) Intrusion procedures are followed
7) Logging and reviewing the event

Q4. How to prevent of computer virus infection?

➢ Use software from reliable, well-established vendors, as the software is better protected
by the vendors
➢ Open attachments only when you know them to be safe, i.e., you know the sender or
have scanned the file and know it’s safe.
➢ Make a recoverable system image and store it safely
➢ Make & retain back-up copies of executable system files
➢ Use anti-virus software regularly & update them regularly

Q5. How to protect against Packet Sniffing Attacks?

➢ Avoid insecure protocols to send sensitive data.
➢ Use secure protocols such as HTTPS, Secure FTP (SFTP) or Secure Shell (SSH).
➢ Use (Virtual Private Networks) VPNs when connecting to the internet through Public Wi-Fi
or hotspots.
Q1. Describe the attack at each layer of OSI model.
Attacks can occur on different layers.

➢ Application: Buffer overflow

➢ Presentation: Side channel
➢ Session: Hijacking
➢ Transport: Port scanning
➢ Network: DDoS
➢ Data-link: Man-in-the-middle
➢ Physical: Wire-tapping

Q2. Describe the types of authentications.

Types of Authentications

➢ Authentication by knowledge – what a person knows

➢ Authentication by ownership – what a person has
➢ Authentication by characteristic – what a person is or does (biometric)

Q1. Explain about the Demilitarized Zone (DMZ)?

Demilitarized Zone (DMZ) is a physical or logical subnetwork that is separated from
the rest of the network. It usually contains externally-facing services linked to untrusted networks.

A DMZ is a physical or logical subnetwork that contains and exposes an organization's

external-facing services to an untrusted network, usually the internet. The purpose is to add an
additional layer of security to an organization's local area network (LAN); external actors can access
the DMZ but not the entire network.

Q2. Explain about the network-based IDS.

Network-based IDSs provide global intrusion detection, where they provide level monitoring
of traffic flowing through the network and detect intrusions based on the nodes’ behavior over the
network. A network-based IDS observes strategic points within the network to monitor traffic to and
from all devices on the network.
Q3. Explain about the network-based IPS.
A network-based IPS (NIPS) makes use of signature detection and anomaly detection
techniques. In terms of the general methods used by a NIPS device to identify malicious packets, the
following are typical:

➢ Pattern matching: scans incoming packets for specific byte sequences (signatures) stored
in a database of known attacks
➢ Stateful matching: scans for attack signatures in the context of a traffic stream rather than
individual packets
➢ Protocol anomaly: looks for deviation from standards
➢ Traffic anomaly: monitors for unusual traffic activities such as flood of packets or new
services appearing on the network
➢ Statistical anomaly: develops baselines of normal traffic activity and throughput, and
alerts on deviations from these baselines

Q4. Explain about the proxy firewall.

A proxy firewall is a network security system that protects network resources by
filtering messages at the application layer. A proxy firewall may also be called an application firewall
or gateway firewall.

Unlike stateful firewalls or application layer firewalls, which allow or block network
packets from passing to and from a protected network, traffic does not flow through a proxy.

Instead, computers establish a connection to the proxy, which serves as an

intermediary, and initiate a new network connection on behalf of the request. This prevents direct
connections between systems on either side of the firewall and makes it harder for an attacker to
discover where the network is, because they don't receive packets created directly by their target
system.

Q5. Explain about the Guard firewall?

A guard is a sophisticated firewall. Like a proxy firewall, it receives protocol data units,
interprets them, and passes through the same or different protocol data units that achieve either the
same result or a modified result.

The guard decides what services to perform on the user's behalf in accordance with its
available knowledge, such as whatever it can reliably know of the (outside) user's identity, previous
interactions, and so forth. The degree of control a guard can provide is limited only by what is
computable.
Type 3
Q1. Describe the Network attack by/with diagram.
There are four types of network attacks.

1) Interruption
2) Interception
3) Modification
4) Fabrication
Q2. Describe the OSI model and TCP/IP model by/with diagram?
➢ OSI model is structured into seven layers.
➢ TCP/IP structured into four layers.

Q3. Describe the proxy firewall by/with diagram?

Q4. Describe the components of an IDS by/with diagram.

Q5. Describe the Security concepts and relationships by/with diagram?