Тест: Understanding Port States and Network Security Techniques — 7 въпроса

Question 1

1. What does the 'Open|Filtered' state indicate in port scanning?

The port is definitively open and accepting connections

The scanner cannot determine if the port is open or filtered due to missing TCP responses

The port is definitively closed and not accepting connections

The port is filtered by a firewall and actively blocking all traffic

Обяснение

The 'Open|Filtered' state indicates that Nmap cannot determine whether a port is open or filtered because it does not receive the expected TCP responses, often due to network devices like firewalls or SYN proxies intercepting or withholding responses, creating ambiguity in port status.

Answer

The scanner cannot determine if the port is open or filtered due to missing TCP responses

Question 2

2. What is the primary function of a SYN proxy in network security?

It encrypts all TCP traffic to ensure confidentiality during transmission

It filters traffic based on security rules and blocks unauthorized access

It translates IP addresses between internal and external networks during TCP sessions

It intercepts initial SYN packets and responds with SYN-ACK, withholding internal responses until the handshake completes

Обяснение

A SYN proxy intercepts initial SYN packets, responds with SYN-ACK on behalf of the internal host, and delays forwarding the actual SYN/ACK from the internal host until the TCP handshake is fully completed. This behavior helps obscure internal network details and affects port scanning results.

Answer

It intercepts initial SYN packets and responds with SYN-ACK, withholding internal responses until the handshake completes

Question 3

3. What is the primary role of firewalls and load balancers when they act as SYN proxies in network security?

They block all incoming traffic to protect the network

They distribute traffic evenly across servers

They intercept and respond to initial TCP connection requests on behalf of internal hosts

They encrypt data to secure communication channels

Обяснение

Firewalls and load balancers acting as SYN proxies intercept initial TCP connection requests (SYN packets) and respond on behalf of internal servers. This behavior hides the true port status from external scanners and enhances security by preventing direct access or detection of internal network details.

Answer

They intercept and respond to initial TCP connection requests on behalf of internal hosts

Question 4

4. In the operation of an Nmap half-open scan, what is the correct chronological order of events when probing a port?

Nmap completes the TCP handshake by sending a SYN, receiving a SYN/ACK, and then sending an ACK, confirming the port is open.

Nmap sends a SYN packet, then receives a SYN/ACK if the port is open, and finally sends an ACK to complete the handshake.

A firewall or SYN proxy intercepts the SYN, responds with a SYN/ACK on behalf of the target, and withholds the internal SYN/ACK until the handshake is completed.

Nmap sends a SYN packet, then receives a RST if the port is closed, or no response if the port is filtered, leading to classification.

Обяснение

The correct order involves Nmap sending a SYN, and network devices like firewalls or SYN proxies intercepting this SYN and responding with a SYN/ACK on behalf of the target, but they do not forward the internal SYN/ACK until the handshake is completed. This results in Nmap not seeing the actual response from the target, classifying the port as open|filtered. The other options describe standard TCP handshake steps or responses, but do not include the interception behavior characteristic of SYN proxies.

Answer

A firewall or SYN proxy intercepts the SYN, responds with a SYN/ACK on behalf of the target, and withholds the internal SYN/ACK until the handshake is completed.

Question 5

5. How does port knocking differ from firewalls or SYN proxies in controlling access to network ports?

Port knocking operates at the application layer, while firewalls and SYN proxies operate at the network layer, affecting port visibility differently.

Port knocking is a static method that blocks all ports unless a specific IP address is whitelisted, unlike firewalls or SYN proxies that use sequences or filtering.

Port knocking permanently closes ports until manually reopened, while firewalls and SYN proxies can dynamically open ports based on traffic.

Port knocking requires a specific sequence of connection attempts to open ports, whereas firewalls and SYN proxies typically block or filter ports without such sequences.

Обяснение

Port knocking differs from firewalls or SYN proxies because it requires a specific sequence of connection attempts (knocks) to open a port, providing dynamic and stealthy access control. Firewalls and SYN proxies typically block or filter ports based on rules or intercept TCP handshakes without requiring such sequences, making port knocking a more active and sequence-dependent method of securing ports.

Answer

Port knocking requires a specific sequence of connection attempts to open ports, whereas firewalls and SYN proxies typically block or filter ports without such sequences.

Question 6

6. Who is credited with the concept of NAT devices acting as SYN proxies that impact port scanning results?

NAT device without SYN proxy

Firewall acting as a NAT device

Load balancer without TCP intercept

SYN proxy (TCP intercept) mechanism

Обяснение

The SYN proxy (TCP intercept) is credited with the mechanism of intercepting TCP handshakes and causing ports to appear as open|filtered during scans. NAT devices without SYN proxy do not alter TCP responses, so they are not credited with this concept. Firewalls and load balancers can be configured as SYN proxies, but the concept itself is attributed to the SYN proxy mechanism, which is a specific security technique involving intercepting TCP handshakes.

Answer

SYN proxy (TCP intercept) mechanism

Question 7

7. What is a primary cause for ports appearing as open|filtered during a TCP port scan involving firewalls or load balancers?

The devices operate as SYN proxies, intercepting and responding to SYN packets

The devices disable TCP timestamps, causing response ambiguity

The devices act as NAT routers without intercepting TCP handshakes

The devices block all incoming TCP packets, preventing responses

Обяснение

SYN proxies intercept initial TCP SYN packets and respond on behalf of internal hosts, withholding actual responses until the handshake completes. This causes port scanners like Nmap to classify ports as open|filtered because no definitive TCP responses (SYN/ACK or RST) are received, which is the primary cause of this port state classification.

Answer

The devices operate as SYN proxies, intercepting and responding to SYN packets

Тест: Understanding Port States and Network Security Techniques — 7 въпроса

Подробни въпроси и отговори

1. What does the 'Open|Filtered' state indicate in port scanning?

2. What is the primary function of a SYN proxy in network security?

3. What is the primary role of firewalls and load balancers when they act as SYN proxies in network security?

4. In the operation of an Nmap half-open scan, what is the correct chronological order of events when probing a port?

5. How does port knocking differ from firewalls or SYN proxies in controlling access to network ports?

6. Who is credited with the concept of NAT devices acting as SYN proxies that impact port scanning results?

7. What is a primary cause for ports appearing as open|filtered during a TCP port scan involving firewalls or load balancers?

Прегледайте с флашкарти

Учете с листа за преговор

Similar courses

Introduction aux documents et sécurité en construction

Introduction à l'Informatique et IA

Introduction aux marchés publics et réglementations du bâtiment

Gestion des imprimantes Windows et PDF

Introduction aux bases de données relationnelles

Maîtrise des Boucles en Programmation

Създайте свои собствени тестове