CCT 111: Practice CISSP Questions - IPv4, IPv6, IP Classes, ICMP, IGMP, and ARP for Cybersecurity Success (D4.1.2)

Get ready to fortify your cyber defenses and unwrap the complexities of internet protocols with me, Sean Gerber, in a week charged with cybersecurity insights. We’re dissecting the digital fabric of IPv4 and IPv6, from the nuances of subnetting to the stealthy signals of ICMP, ensuring you walk away with a fortified understanding of the cyber terrain. Don't miss the pivotal segment where I unravel the CIDR notation—a cornerstone concept for network professionals—and how recognizing a Class C address, such as 192.168.1.1, can be the key to differentiating your network strategy.

As the shadow of ransomware looms over our critical infrastructure, I delve into the harrowing onslaught of attacks plaguing wastewater treatment facilities, bringing to light the urgent call for cyber vigilance. Discover the significance of link-local addresses and the potential pitfalls of rogue IPv6 devices in your network. The world of cybersecurity is a battleground, and this episode is your armory—equip yourself with the knowledge to lead the charge against the digital threats of today and tomorrow.

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

TRANSCRIPT

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Hey, all, it's Sean Gerber with CISSP Cyber Training, and I hope you all are having a great day today. Today is CISSP Question Thursday, so we are going to be going over CISSP questions related to domain four. So, yeah, we're pretty excited about that and this is the follow on to what we have from the podcast that occurs on Monday with the various domains that we're having. So this one will be over domain four, because Monday's was over domain four, and so we're going to kind of get into various aspects of IPv4, v6, igmp, icmp and ARP ARP routing tables. So, yeah, just some questions around those. But before we do again, one of the things that popped up in the news just saw this this morning and it's actually again quite disturbing the fact that there was another wastewater service plant that was attacked with ransomware, one in the United States and one in the UK. This one is Viola Viola, viola North America and United States, and Southern water in the United Kingdom both hit a ransomware tax and had some relative had some data breaches associated with it. The bad thing is, obviously, is wastewater treatment plants may seem benign, but unfortunately we all need them because we all use the restroom and therefore we need that to be clean, right. So if they have problems and you can't use the restroom anymore, then, yeah, it becomes a bit of a problem. So, hitting them with ransomware attacks, I know there has been various groups that have been targeting the critical infrastructure, and this is a no different than before, I'd say just in this past year. This is, then, probably the seventh or eighth one that I've seen of that's actually hit either wastewater treatment facilities or water treatment facilities of some kind. Now, right now, at this point, no ransomware group has taken attack or credit for the attack and it's they service about. Let's see what it say about 2.5 million customers is the one that services in the United States and then the one in England is about 4.7 million in South of England. So it's obviously ramping up substantially what's going on. They said they stole about 750 gigs of files, obviously with personal information and corporate documents, and that's to be expected almost in these types of events. But the bigger issue that I see is not necessarily the stealing of data, which is a bad deal right, we don't want people's personal information stolen, but, like the mother of all breaches that occurred last week or earlier this week, I just expect your stuff is out there. But the bigger issue is the fact that they have any sort of control over these wastewater treatment facilities. Taking remote control, remote access to them, is a very dangerous aspect and we really are hopeful that something will come of this where there's maybe some. I don't want legislation, believe me, I really don't, but if that may be what's required to get some of these actions taken. But this is hard already on an overly strained cybersecurity group of people trying to ensure that this stuff gets secured and managed correctly. But so that's about all I've got for that. So let's roll into the CISSP exam questions and we're going to talk about domain four, and you can go to CISSP cyber training and you can get access to this. Quite these questions, along with a plethora of many other questions that are all available for you. Now, again trying to re reaffirm the fact that these questions are not questions you will exactly see on the ISC squared CISSP exam. That is not the case. These questions are designed to help you understand what they're actually asking. That's the purpose of these questions is to get you thinking like a security manager or security leader that can then, when something happens in your organization, you make decisions based on it. Okay, so let's roll into question number one what is the primary reason for subnetting in IPv4 networks? Okay, what is the primary reason for subnetting in IPv4 networks? A enhanced security, b efficient IP address allocation, c improved routing or D faster data transfer Again, the primary reason for subnetting in IPv4 networks. And the answer is B efficient IP address allocation. This allows for organizations to optimize address space usage and manage networks more effectively. Question two in IPv6, what is the purpose of a link local address? In IPv6, what is the purpose of a link local address? A global internet communication. B communication with the same subnet, c multicast group membership or D experimental testing. Again, the purpose of a link local address, and it is B communication with the same subnet. Link local addresses are in IPv6, are specifically designed for communications within the same subnet, and this can be done through the link local address to communicate without the need for a globally unique address. Okay, these are automatically configured and are not routable beyond the local subnet. So that is the purpose of a link local address. Question three what is which IP class is used? Uses a standard default subnet of 255.255.0.0. Again, what is this default subnet? Which IP class? Your ABCD right will use a default subnet of 255.255.255.0.0. And the answer is B. Okay, there's ABCD right, class ABC and D. The answer is B, class B, a class B network has a default subnet mask of 255.255.0.0. Basically, the first two octets are reserved for the network portion and the last two are available for the host addresses. So again, we talked about this before it's for medium-sized businesses. Class A are more or much larger and C are more restrictive in size. Question four which ICMP message type is commonly used for network troubleshooting? By sending an echo request? Which ICMP message type is commonly used for networking for network troubleshooting by sending an echo request? A destination unreachable. B, redirect message, c echo message or echo request slash reply or D time exceeded. So which ICMP message is commonly used for network troubleshooting by sending an echo request? And the answer is C echo request, slash reply, the ICMP echo request. I can't say request slash reply is often referred to as the ping right? That's what we talk about. Was a ping. You ping in something, you send a ping to it. Okay, this request message sends the recipient response to the echo reply. This process helps determine the reachability of the host and the round trip time for the data to travel from the source to the destination and back. That's the purpose of it. Question five which version of the IGMP introduces source-specific multicast allowing precise control over group membership? Which version of the IGMP introduces source-specific multicast allowing precise control over group membership? A IGMP v version one, b IGMP version two, c IGMP version three and the IGMP version four? Which version of IGMP introduces source-specific multicast allowing precise control over group membership? And the answer is C IGMP version three. Is it improved over other previous versions? Because it includes source-specific multicast. This allows the host to specify the sources from which they want to receive the multicast traffic from and it does provide more granular control over group memberships. It's particularly useful in scenarios where precise control over multicast communication is necessary. Question number six what is the primary function of ARP or of ARP address resolution protocol? Okay, so what is the primary function of ARP? A map IP addresses to MAC addresses. B assign IP addresses. C establish secure connections. Or D in manage multicast group memberships. What is the primary purpose of ARP address resolution protocol? And the answer is A map addresses to MAC addresses. We talked about this before. Ip addresses to MACs is what the purpose of the ARP protocol is for. The ARP routing tables the MAC addresses that when a device needs to communicate with another one on the same subnet, it uses ARP to discover the MAC address associated with the IP address. Question seven what does CIDR stand for? Classful internet domain routing? A be centralized internet design and routing. C controlled internet dynamic routing. Or D classless interdomain routing. What does CIDR stand for? And the answer is D classless interdomain routing. Cidr is a method by which to use, to allocate and specify IP addresses in their routing behavior, and it's allows for more flexible and efficient allocation of IP addresses. The notation that you'll see typically with the CIDR addresses is slash eight, 16, 24, and so forth. That indicates the number of bits used for the network portion of the address. Question eight which address 192.168.1.1, belongs to which? Class A, class A, b, class C, c, class B or D, class D? Mixed it up a bit. Which address 192.168.1, belongs to which one and 192.168.1.1, belongs to class C. Class C addresses are commonly used for small networks and that is where it falls in that range for the class C address, 192.168. Okay, so question nine what is the CIDR equivalent of a subset subnet mass 255.255.255.192? And then, so this is gonna be what is the equivalent of that? So let's kind of break that out A slash 26. B slash 25. C slash 24. Or D slash 23. So what is the CIDR equivalent of a subnet mask? 255.255.255.192? And it is slash 26. So in this case, the subnet mask of what we talked about, 3255.192, has 26 bits dedicated to the network portion, making it equivalent to a slash 26. Now, if you're gonna look at the as we talk about this, one thing to kind of put into perspective is those other examples that I gave you 22, slash 24, 25, 26, 27. So, to put it, if you're seeing this on the video, you can see this. Go to CIS's Peace Hyper Training. You can see the video of it, or I'll just kind of walk you through it on the podcast piece of this. But a slash 27 would be. Your subnet mask would be a 255, 355.224, that would be a slash 27, because that has five bits. Okay, so that's total IP addresses would be 32. Now, when you're dealing with the slash, the dot 192, that's a slash 26, because there's six bits and that is a there's 64 IP addresses that are tied to that. Now, when you get a slash 25, it's the 255, but then it gets to the dot 128, and that's your slash 25, and your IP address gives you 128 different IP addresses that you can utilize it. And then a slash 24, your slash 24 would be your 255, 255, 255.0, that's your eight bits and that would give you 256 IP addresses. So, basically, as you're getting down to the, when you move up in your, your cider notation, no-transcript slash 24, all the way up to 20, slash 27, you obviously your, your amount of IP addresses goes down as you go up. So again, just think about it in the fact, if it's a slash 24, you're going to get the full 256. As you go up in the slashes, you're going to end up getting less of your IP addresses that are available to you. And I see the slash is less of the the cider notation. Okay, question 10, in IPv6, which address range is reserved for multicast? Okay, in IPv6, which address range is reserved for multicast, a 128.0.0.0 to 191.255255255255. Okay, I'm not, I'm gonna. I'll go through these, but you guys all fall over asleep when you hear all me talking to 55 all the time. So then it's going to be basically 128.0 to 191.255. And then on, the next one is 192.0 to 223.255. The next one is 224.0 to 239.255. And then the next one is 240.0 to 255 on. Okay, so we know the 255.on. Just throw that out. That isn't going to work. But we're dealing with IPv6, which address range is reserved for multicast in the IPv6. So when I'm not giving you IPv6 IP addresses, I'm basically giving you a IPv4. But when you're dealing with multicast IPv6, like IPv4, to designate specific ranges for the multicast, the IPv6 ranges are is from 224.0 to 239.255. These are used for efficient one to many communications with specific group of hosts. Question 10,. A security analyst is reviewing the IPv6 address scheme for a new network segment. They notice that several devices have the same addresses, starting with fe foxtrot, echo, 80, colon, colon. What is the security concern Does this raise? Okay, so you have several devices that have the IP address starting with fe 80. A. These devices are vulnerable to man. In the middle of tax B these devices are using private addresses and cannot access the internet. C these devices are likely to be rogue or unauthorized. Or D these devices are configured for static addressing and may not receive security updates. So again, ipv6. So we're talking about the security analysts reviewing the IPv6 address scheme for a new network segment. Notice that several devices have addresses starting with FE80. What is the security concern associated? And the answer is C the devices are likely to be rogue or unauthorized. So FE80 are link local addresses in IPv6 and are automatically assigned to the network interfaces. They are not only valid within the same local network, typically just a single switch or a small subnet. These devices are linked local and cannot be directly routed from the outside to the local network. So the bottom line is if you see a couple of these set up, then it's odds or high there might be a rogue network. Something going on right Might have a rogue IP address, could be a device that's on the network. That shouldn't be there, just something to kind of consider. Question 11, what is the primary purpose of a class E IP address? A large networks. B experimental testing. C multicast group membership. D small networks. What is the primary purpose of a class E IP address? And the answer is B experimental testing in classes are reserved for experimental and research purposes only in IPv6. What is the network that is subnetting equivalent to the address 2001 colon. A lot of words will go in octet for another octet, another octet, another octet, multiple octets, because we're dealing with IPv6, right, slash 64. What is the subnetting equivalent to address this? And it is A48, a is slash 48, b slash 56, c slash 72, or D slash 64. And obviously the answer is C or D slash 64. Okay, side or no cation is often obviously required as slash n, whatever the n number is a number of bits and the slash 64 in this situation, with this IPv6 address, means it is a slash 64. Question 13, which ICMP type is commonly associated with ICMP flood attacks causing denial of service? A echo requests and reply. B destination unreachable. C redirect message or D time exceeded. Which ICMP type is commonly associated with ICMP floods, attacks causing denial of service? And the answer is a echo requests and replies. We talked about the ping. It's basically ping flood. Icmp flood attacks are. When you're trying to do an echo request or reply, you'll get a ping flood which will fill up the bandwidth on the network. Question 14, how does CIDR improve address allocation compared to traditional class based addressing? How does CIDR improve address allocation compared to traditional class based addressing? A by allocating large address space. B by enforcing strict class boundaries. C by simplifying or the subnetting. Or. D by allowing flexible address allocation. So how does the CIDR improve address allocation compared to traditional class based addresses? And the answer is D by allowing flexible address allocation. Cidr reduces flexible in IP address allocation by allowing variable links subnetting. Unlike the traditional class based addresses, it does not enforce strict class boundaries. Basically, it doesn't afford you to stay within your class A, b, c or D. This enables organizations to allocate addresses based on their specific needs reducing adridge address wastage that's a new term that I did not know wastage and optimizing resource utilization. Okay, last question which IP address range falls under class B? 192.0.0.0, 128.0.0.0. And okay, so I got I actually got to give you the rest of it 192.0.0.0.0.223.255, 128.0.191.255, 224.0.239.255 or 1.0.221.26.1.255. Okay, which IP address falls under class B? And we know the class B is B. 128.0.191.255 goes up to 192, because 192, once you get into that it is a class C. So 128 to 191.255, that is the range for a class B. Okay, again, this is for a medium size network and again, this is IPv4, not IPv6. All right, that's all I've got for you today. I hope you guys have a wonderful day, a wonderful week, and we will catch you on the flip side, see you.