12-Week Exam Study Guide

General

The exam will focus on content from Networking: Network Layer, up to and including the Cyber Security Tools: Firewalls.

In preparation for the 12-Week Exam, complete the following activities:

Compiled Learning Objectives

Data-Link Layer

  • Describe terms associated with the Data Link Layer: frame, interface, address, MAC address
  • Explain the purpose of the following protocols: Ethernet, ARP
  • Explain the problems that the Data Link Layer protocols above handle; i.e. the services the Data Link Layer protocols provide
  • Explain the problems that the Data Link Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Describe the purpose/functionality of the following hardware devices: hub, switch, Ethernet adapter

Network Layer:

  • Describe terms associated with the Network Layer: packet, IP address, routing, private IP space, internet
  • Explain the purpose of the following protocols: IPv4, ICMP, IPv6
  • Explain the problems that the Network Layer protocols above handle; i.e. the services the Network Layer protocols provide
  • Explain the problems that the Network Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Describe the purpose/functionality of the following hardware devices: router

Transport Layer:

  • Describe terms associated with the Transport Layer: datagram, port
  • Explain the purpose of the following protocols: TCP, UDP
  • Explain the problems that the Transport Layer protocols above handle; i.e. the services the Transport Layer protocols provide
  • Explain the problems that the Transport Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Explain the concept of Network Address Translation

Application Layer:

  • Explain the purpose of the following protocols: DNS, DHCP, HTTP, HTTPS, SSH
  • Describe the Transport Layer protocols used by, and why that Transport Layer protocol is used for the following protocols: DNS, DHCP, HTTP, SSH
  • Explain the problems that the protocols above do not handle; i.e. security concerns associated with the protocol

Build-a-LAN Lab:

  • Setup a wired network.
  • Interconnect multiple wired networks forming a simple internet.
  • Use and explain the use of: arp, ipconfig, ping, tracert, netstat, netcat (nc)
  • Use networking utilities to configure and test network communications.
  • Analyze output of networking utilities to determine: host information, network topology, and services in use.

Wireless:

  • Describe the TCP/IP Stack layers that change and do not change between wired and wireless networks.
  • Describe the following wireless networking terms: base station, Basic Service Set (BSS), Basic Service Set Identifier (BSSID), Service Set Identifier (SSID), Extended Service Set Identifier (ESSID).
  • Describe the purpose of encryption on a wireless network.
  • Compare and contrast WEP, WPA, WPA2.

Build-a-WLAN Lab:

  • Setup a wireless network.
  • Interconnect multiple wireless networks forming a simple internet.
  • Use networking utilities to configure and test network communications.
  • Describe the purpose of encryption on a wireless network.
  • Discuss risks associated with unencrypted wireless networks, and broken cryptographic protocols.

Web

The Web and HTML:

  • Describe the World Wide Web (www, web) as a client-server system that uses HTTP/HTTPS.
  • Explain the components of a URL.
  • Describe the basic structure of an HTML Document.
  • Describe the use of HTML Tags to markup content in an HTML Document.
  • Describe the interactions between a client and server based on a simple HTML Document.
  • Explain the information that is logged in a web server access log.

Build-a-Web-Site Lab:

  • Describe the syntax and semantics of basic HTML Tags.
  • Design and create a simple website using HTML.
  • Upload web content to a web server using a secure file transfer protocol.
  • Describe how basic HTML will be rendered by a web browser.
  • Explain the concept of absolute and relative HTML references.

Client Side Scripting: Non-Event Driven:

  • Describe how basic HTML with client side scripting will be rendered by a browser.
  • Describe the client-server interaction for a dynamic web page.
  • Explain how an email containing HTML with embedded scripts is a security risk.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

Client Side Scripting: Event Driven:

  • Describe how basic HTML with client side scripting will be rendered by a browser.
  • Describe the client-server interaction for a dynamic web page.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

HTML Forms:

  • Describe how basic HTML will be rendered by a browser.
  • Describe client-server interaction for a dynamic web page that involves user input to a form.
  • Discuss trade offs between client-side and server-side scripts, and explain why client-side input validation is weaker than server-side.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

Server Side Scripting:

  • Describe client-server interaction for a dynamic web page that involves user input to an HTML Form and server side scripts.
  • Discuss trade offs between client-side and server-side scripts, and explain why client-side input validation is weaker than server-side.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.
  • Relate to other network services an understanding of the web as a client-server based network service.

Injection Attacks and XSS:

  • Explain how cookies are used by both the web browser, and the web server.
  • Explain how reflection, injection, and cross-site scripting work, and why they may fail.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.
  • Relate to other network services an understanding of the web as a client-server based service.

Cyber Security Tools

Firewalls:

  • Design an Access Control List (ACL) for an idealized router to achieve a desired availability of services.
  • Relate the use of a firewall to the Pillars of Cyber Security.
  • Describe a firewall's role in implementing decisions concerning tradeoffs between service and security.