APPENDIX C

Memory Tables Answer Key

Chapter 1
Table 1-2 Protocols at Each Layer of the TCP/IP Model
TCP/IP Layer Protocols
Link Ethernet, Point-to-Point (PPP)
Internet IP
Transport TCP/UDP
Application HTTP, SMTP, FTP

Table 1-3 Message Unit Naming at Each Layer of the TCP/IP Model
TCP/IP Layer Protocols
Link Frame
Internet Packet
Transport Segment
Application Application data

Table 1-4 Protocols and Devices Mapping to the OSI Layer Model and the TCP/IP
Model
OSI Layer Model TCP/IP Model Protocols Devices
Application Application FTP, HTTP, SMTP Host, servers
Presentation
Session
Transport Transport TCP, UDP Stateful firewalls
Network IP IP Router
Data Link Link Ethernet, PPP, ATM Switches
Physical Ethernet (physical Repeater
layer), cable, optical
4 CCNA Cyber Ops SECFND 210-250 Official Cert Guide

Table 1-5 Popular Ethernet Physical Layer Standards

Name IEEE standard Speed Media Maximum
Distance
10BASE-T 802.3 (Ethernet) 10 Mbps Twisted pair 100 m
(copper)

100BASE-T 802.3u 100 Mbps Twisted pair 100 m

(FastEthernet) (copper)
1000BASE-T 802.3ab 1000 Mbps Twisted pair 100 m
(GigaEthernet) (copper)
1000BASE-LX 802.3z 1000 Mbps Long wavelength 5 km
(GigaEthernet) (single-mode
fiber)
10GBASE-T 802.3an (10 10 GBps Twisted pair 100 m
Gigabit Ethernet) (copper)

Table 1-6 Spanning Tree Port Costs

Port Speed Recommended Cost
<=100 Kbps 200000000

1 Mbps 20000000

10 Mbps 2000000

100 Mbps 200000

1 Gbps 20000

10 Gbps 2000

100 Gbps 200

1 Tbps 20
10 Tbps 2

Table 1-23 TCP Services

Service Description
Multiplexing Allows multiple transport layer connections
between the same hosts. Sockets are used to
distinguish to which application a connection
belongs.
Connection establishment and termination A connection is established before data
is sent. This ensures that the other host is
ready to receive data. The connection is also
terminated through a formal data exchange.
 Appendix C: Memory Tables Answer Key 5

Service Description
Reliability Data lost due to error or from the underlying
datagram can be recovered by asking the
remote device to send the information again.
Flow control TCP uses a windowing system to adjust the
speed of transmission.

Chapter 2
Table 2-1 RFC 1918 Private Address Ranges
Class IP Address Range Networks Number of Hosts
Class A 10.0.0.0 to 1 16,777,214
10.255.255.255
C
Class B 172.16.0.0 to 16 65,534
172.31.255.255
Class C 192.168.0.0 to 256 254
192.168.255.255

Chapter 4
Table 4-2 Authentication Methods
Authentication Method Description Examples
Authentication by knowledge Something the user knows Password, PIN
Authentication by ownership Something the user owns Smart card, badge, token
Authentication by Something the user is or does Fingerprint, hand geometry,
characteristic keystroke dynamic

Table 4-3 Access Control Process Phases

Phase Questions It Answers Examples
Identification Who are you? User ID, IP address.
Authentication Can you prove you are who Password, badge, fingerprint.
you claim to be?
Authorization Can you access a resource? User A can access Resource B
What can you do with that in read and write mode.
resource?
Accounting What have you done with that User A has modified Resource
resource? B on August 31, 2016.
6 CCNA Cyber Ops SECFND 210-250 Official Cert Guide

Table 4-5 Mapping Access Controls to Access Control Types

Administrative Physical Technical
Preventive Firewall
Deterrent Fence
Detective Intrusion detection
system
Corrective Employee termination
policy
Recovery Data backup
Compensating Manual user screening

Table 4-6 Overview of Access Control Models

Access Control Model Access Decision Reference
DAC Access decisions and DoD – Trusted Computer
permissions are decided by System Evaluation Criteria
the object owner.
MAC Access decision is enforced DoD – Trusted Computer
by the access policy enforcer System Evaluation Criteria
(for example, the operating
system). It uses security
labels.
RBAC Access decisions are based ANSI INCITS 359-2004
on the role or function of the
subject.
ABAC Access decisions are NIST SP 800-162
based on the attributes or
characteristics of the subject,
object, and environment.

Table 4-7 Pros and Cons of Access Control Models

Access Control Model Pros Cons
DAC Simpler than the other models Security policy can be
bypassed. No centralized
control.
MAC Strict control over Complex administration.
information flow
RBAC Scalable and easy to manage Increase in role definition.
ABAC Flexible More complex compared to
DAC or RBAC.
 Appendix C: Memory Tables Answer Key 7

Table 4-8 RADIUS vs. TACACS+ Comparison

RADIUS TACACS+
Transport protocol UDP. TCP.
Security Encrypts user password in Can optionally encrypt the
ACCESS-REQUEST packets. full payload.
AAA phases Authentication and Authentication, authorization,
authorization are performed and accounting are performed
with the same exchange. with separate exchanges.
Accounting is done with a
separate exchange.
Command authorization There is no support Allows command
for granular command authorization.
authorization.
Accounting Implements strong accounting Provides basic accounting C
capabilities. capabilities.
Standard RFC 2865 (authentication and Cisco proprietary.
authorization) and RFC 2866
(accounting)

Table 4-9 IDS vs. IPS Comparison

IDS IPS
Works on a copy of the packet (promiscuous Intercepts and processes real traffic (inline
mode). mode).
No latency added. Adds latency due to packet processing.
Cannot stop malicious packets directly. Can Can stop malicious packets.
work together with other devices.
Some malicious packets may pass through (for Malicious packets always can be dropped.
example, the first packet).

Table 4-10 Network-Based Vs. Host-Based Detection/Prevention Systems

NIDS/NIPS HIDS/HIPS
Software is deployed on a dedicated machine. Software is installed on top of the host (end
user) operating system (OS). It may require
support for several OSs.
Easy to maintain and update. May require an update of several endpoints.
Have visibility on all network traffic; Have visibility only on traffic hitting the host.
therefore, can offer better event correlation.
Can introduce delay due to packet processing. Can slow down the operating system of the
host.
8 CCNA Cyber Ops SECFND 210-250 Official Cert Guide

NIDS/NIPS HIDS/HIPS
Do not have visibility into whether an attack Can verify whether an attack has been
was successful. successful on a host.
Do not have visibility into encrypted packets. Have visibility after encryption and can block
an attack delivered via encrypted packets.
Can block an attack at the entry point. The attacker is able to reach the target before
being blocked.

Table 4-11 Network-Based Vs. Host-Based Antivirus/Antimalware Systems

Network-based Antivirus/Antimalware
Software is deployed on a dedicated
machine.
Easier to maintain and update.
Have visibility into all network traffic;
therefore, can offer better event correlation.
Can introduce delay due to packet
processing.
Do not have visibility into whether an
attack was successful.
Do not have visibility into encrypted
packets.
Can block an attack at the entry point.
Host-based Antivirus/Antimalware
Software is installed on top of the host (end
user) operating system (OS). It may require
support for several OSs.
May require updating of several endpoints.
Have visibility only into traffic hitting the host.
Can slow down the operating system of the host.
Can verify whether an attack has been successful
on a host.
Have visibility after encryption and can block an
attack delivered via encrypted packets.
The attacker is able to reach the target before
being blocked.

Chapter 5
Table 5-2 Summary of Password-Generation Methods
Method Description Pros Cons
User-generated The user generates the Simple to remember. Usually leads to an easily
password password himself. guessable password.
Users may reuse the same
password on multiple
systems.
System- The password is Strong password. Difficult to remember.
generated generated by the
Compliant with Users tend to write
Password system.
security policy. down the password, thus
defeating the purpose.
 Appendix C: Memory Tables Answer Key 9

Method Description Pros Cons

OTP and token The password is Users do not need to More complicated
generated by an remember a difficult infrastructure.
external entity (such as password.
It makes use of hardware
hardware or software)
or software to generate
that is synchronized
the token, which
with internal resources.
increases maintenance
The device is usually
and deployment costs.
protected by a user-
generated password.

Table 5-6 Comparing Cloud-Based MDM and On-Premises MDM

Cloud-Based MDM Characteristics On-Premises MDM Characteristics
Deployed as a service and operated by a third Deployed and managed within the
C
party from the cloud organization
Lower cost of the solution and deployment Higher level of control
Flexibility Intellectual property retention
Fast deployment Regulatory compliance
Scalability
Easier to maintain

Table 5-7 Comparing Vulnerability Scan and Penetration Assessment

Vulnerability Scan
Works by assessing known vulnerabilities.
Can be fully automated.
Minimal impact on the system.
Main goal is to report any hits on known
vulnerabilities.
Penetration Assessment
Can find unknown vulnerabilities.
Mixture of automated and manual process.
May completely disable the system.
Main goal is to compromise the system.

Chapter 7
Table 7-2 IPsec Attributes
Attribute Possible Values
Encryption None, DES, 3DES, AES128, AES192, AES256
Hashing MD5, SHA, null
Identity information Network, protocol, port number
10 CCNA Cyber Ops SECFND 210-250 Official Cert Guide

Attribute Possible Values

Lifetime 120–2,147,483,647 seconds 10–2,147,483,647
kilobytes
Mode Tunnel or transport
Perfect Forward Secrecy (PFS) group None, 1, 2, or 5

Table 7-3 Contrasting Cisco VPN Client and SSL VPN

Feature Cisco VPN Client
VPN client Uses Cisco VPN client software Uses a standard web browser to access
for complete network access.
Management You must install and configure
Cisco VPN client.
Encryption Uses a variety of encryption
and hashing algorithms.
Connectivity Establishes a seamless
connection to the network.
Applications Encapsulates all IP protocols,
including TCP, UDP, and ICMP.
Clientless SSL VPN
limited corporate network resources.
Eliminates the need for separate client
software.
You do not need to install a VPN client.
No configuration is required on the client
machine.
Uses SSL encryption native to web
browsers.
Supports application connectivity through
a browser portal.
Supports limited TCP-based client/server
applications.

Chapter 9
Table 9-2 List of Permission Values
Column Value Permissions Represented By
0 None ---
1 Execution-only --x
2 Write -w-
3 Execution and write -wx
4 Read-only r--
5 Read and execution r-x
6 Read and write rw-
7 Read, write, and execution rwx
 Appendix C: Memory Tables Answer Key 11

Table 9-3 UNIX Facilities

Facility Description
auth For requesting name and password activity
authpriv Same as auth but data is sent to a more secured file
console Messages directed at the system console
cron Cron system scheduler messages
daemon Daemon catch-all messages
ftp FTP daemon messages
kern Kernel-related messages
local0.local7 Local facilities defined per site
lpr Line printing system messages
mail Mail system messages C
mark Pseudo event used to generate timestamps in log files
news Network News Protocol messages
ntp Network Time Protocol messages
user Regular user processes
uucp UUCP subsystem

Table 9-4 UNIX Message Priorities

Priority Description
emerg Emergency condition, such as a system
crashing
alert Condition that should be dealt with
immediately, such as a corrupted database
crit Critical condition, such as a hardware failure
err Standard error
warning Standard warning
notice No error condition but attention may be
needed
info Information message
debug Messages used for debugging errors or
programs
none Specifies not to log messages
12 CCNA Cyber Ops SECFND 210-250 Official Cert Guide

Chapter 11
Table 11-2 Syslog Severity Logging Levels
Level System Description
Emergency 0 System unusable messages
Alert 1 Immediate action required
messages
Critical 2 Critical condition messages
Error 3 Error condition messages
Warning 4 Warning condition messages
Notification 5 Normal but significant
messages
Information 6 Informational messages
Debugging 7 Debugging messages