Professional Documents
Culture Documents
35 | Domain 2 Lesson 1: Protocols Using Encryption Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
Instructions: While watching Domain 2 Lesson 1, fill in the missing words according to the information presented by the
instructor. [References are found in the brackets.]
1. Computers and devices connected to a network are often referred to as nodes . [TCP, UDP, and
HTTP]
2. TCP, UDP, and HTTP often need security protocols to add security to network communication.
[TCP, UDP, and HTTP]
3. While executing a three-way handshake, the ACK flag is used to acknowledge a request. [TCP, UDP,
and HTTP]
4. An Address Resolution Protocol (ARP) request translates an IP address into a physical address, or
Media Access Control (MAC) address. [ARP, ICMP, DHCP, and DNS]
5. The most widely recognized ICMP packet is the ping packet. [ARP, ICMP, DHCP, and DNS]
6. After sending a DHCP request and receiving a proper response from a router, a new host will use that response to
set up a LAN connection. [ARP, ICMP, DHCP, and DNS]
7. DNS translates a domain name into an IP address. [ARP, ICMP, DHCP, and DNS]
36 | Domain 2 Lesson 1: Fill-in-the-Blanks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
TCP, UDP, and HTTP Project Details
Project file
Network protocols are rules that computers and devices use to exchange N/A
messages across a network. A protocol defines the format and content of a
Estimated completion time
message. Transmission Control Protocol (TCP) and User Datagram Protocol
5-10 minutes
(UDP) provide the transport mechanism for most traffic across local area
networks (LANs) and the internet. At the same time, Hypertext Transfer Protocol Video reference
(HTTP) is the most common protocol used by web browsers and web servers. Domain 2
Topic: TCP/IP Protocol Vulnerabilities
Many protocols were designed before the emergence of the field of
Subtopic: TCP, UDP, and HTTP
cybersecurity. Therefore, these three protocols frequently require helper
protocols to ensure secure communication. Objectives covered
2 Basic Network Security Concepts
Purpose 2.1 Describe TCP/IP protocol
vulnerabilities
Upon completing this project, you will better understand the three most 2.1.1 TCP
common protocols used in today’s networks. 2.1.2 UDP
2.1.3 HTTP
Steps for Completion Notes for the teacher
If time permits, students should review
1. What step must occur before any two nodes can communicate over a
the following documentation from
network? Ionos further detailing TCP.
a TCP handshake https://www.ionos.com/digitalguide/ser
ver/know-how/introduction-to-tcp/
4. Before a TCP session, two nodes must negotiate the session. This process is known as a: C
A. TCP agreement
B. TCP contract
C. TCP handshake
D. TCP layout
5. UDP is often used to send packets to all nodes in a network, a process referred to as broadcasting a
message.
6. Briefly explain why the UDP protocol is not susceptible to the same half-open connection attack that threatens
TCP.
UDP is a connectionless protocol that doesn't store any active connections.
37 | Domain 2 Lesson 1: TCP, UDP, and HTTP Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
ARP, ICMP, DHCP, and DNS Project Details
Project file
In addition to TCP, UDP, and HTTP, several popular protocols support network N/A
operations. These protocols include Address Resolution Protocol (ARP), Internet
Estimated completion time
Control Message Protocol (ICMP), Dynamic Host Configuration Protocol (DHCP),
5-10 minutes
and Domain Name System (DNS). A security professional must have a solid
working understanding of each of these protocols to secure modern networks Video reference
and devices properly. Domain 2
Topic: TCP/IP Protocol Vulnerabilities
Purpose Subtopic: ARP, ICMP, DHCP, and
DNS
Upon completing this project, you will better understand how ARP, ICMP, DHCP,
Objectives covered
and DNS support everyday network operations. 2 Basic Network Security Concepts
2.1 Describe TCP/IP protocol
Steps for Completion vulnerabilities
2.1.4 ARP
1. LAN network switches keep internal tables which store 2.1.5 ICMP
the IP address and MAC (Media Access Control) address for each 2.1.6 DHCP
connected device. 2.1.7 DNS
2. A switch has just broadcasted an ARP request to find the MAC address Notes for the teacher
for an unknown node. Which event most likely triggered this If time permits, students should run the
nslookup command on at least five
action? D
domains and record the results. The
A. The switch has been unplugged. nslookup command should function
inside both Windows and Mac
B. The MAC address for the switch has been altered. terminals.
3. Which command from the video reference can be used to retrieve an entire ARP table?
arp -a .
4. Why does a failed ping command not necessarily represent a host that is down?
Some servers block or ignore ICMP requests
6. Once a router accepts a DHCP request, that router is responsible for selecting an IP address for that
device that falls within the appropriate range.
7. The nslookup command issues a DNS query and returns the IP address associated with a
hostname or domain.
38 | Domain 2 Lesson 1: ARP, ICMP, DHCP, and DNS Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 2 Lesson 2
39 | Domain 2 Lesson 2: ARP, ICMP, DHCP, and DNS Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
Instructions: While watching Domain 2 Lesson 2, fill in the missing words according to the information presented by the
instructor. [References are found in the brackets.]
1. Internet Protocol (IP) defines how to determine a packet route from sender to receiver. [IPv4 and
IPv6 Addresses]
2. There are an estimated 46 billion devices connected to the internet today. [IPv4 and IPv6
Addresses]
3. The ipconfig command can be entered into a Windows command line to display the
configuration for all network adapters. [IPv4 and IPv6 Addresses]
4. Media Access Control (MAC) addresses provide a physical device address. [MAC Addresses and
Network Segmentation]
5. A network interface controller (NIC) is a networking device that connects a node to network media.
[MAC Addresses and Network Segmentation]
6. An IP address comprises two parts, the network address and the host address. [CIDR Notation]
7. The use of private IP addresses allows organizations to build large internal networks without
consuming any IP addresses from the public space. [NAT and Public vs. Private Networks]
8. Network Address Translation (NAT) allows nodes with private addresses to communicate
with external nodes. [NAT and Public vs. Private Networks]
40 | Domain 2 Lesson 2: Fill-in-the-Blanks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
IPv4 and IPv6 Addresses Project Details
Project file
Internet Protocol (IP) is the most common network layer protocol. Like other N/A
protocols, IP can be considered a set of rules. This set of rules pertains to
Estimated completion time
routing and addressing packets, ensuring that packets arrive at the intended
5-10 minutes
destination. Two versions of IP are prevalent in modern networks, IPv4 and IPv6.
IPv4 cannot provide unique addresses to the estimated 46 billion devices Video reference
connected to the internet. IPv6 is a new version of IP with a much larger Domain 2
Topic: How Network Addresses
address, thus providing a massive number of potential addresses. Despite a
Impact Network Security
significant increase in the use of IPv6, IPv4 is likely to remain in use for the Subtopic: IPv4 and IPv6 Addresses
foreseeable future.
Objectives covered
Purpose 2 Basic Network Security Concepts
2.1 Describe TCP/IP protocol
Upon completing this project, you will better understand IPv4 and IPv6 vulnerabilities
addresses and the differences between each protocol. 2.2 Explain how network addresses
impact network security
Steps for Completion 2.2.1 IPv4 and IPv6 addresses
1. With an address space of 32 bits, IPv4 addresses can Notes for the teacher
If time permits, students should find
identify 4,294,967,296 unique devices. their own IPv4 and IPv6 addresses.
Students may need to use the ip -a
2. Which character is used to separate the four 8-bit numbers that make
command or ifconfig command on Mac
up an IPv4 address? and Linux machines.
period
5. Only about 20% of the address space for IPv6 addresses has been defined, which is enough to allocate
roughly 4000 addresses to each person on earth.
41 | Domain 2 Lesson 2: IPv4 and IPv6 Addresses Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
MAC Addresses and CIDR Project Details
Project file
Notation N/A
a. Physical Location
b. Category (Accounting)
5. CIDR notation helps to express and interpret a network’s scope in a compact form.
6. The ipconfig command can be used to retrieve a device’s IP address and subnet mask which can
be used to determine the CIDR format for a device’s network.
7. What year was CIDR first introduced? (Hint: Use the webpage provided in the video reference.)
1993
42 | Domain 2 Lesson 2: MAC Addresses and CIDR Notation Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Public vs. Private Networks Project Details
Project file
For several years there have been far more devices connected to the internet N/A
than there are possible IPv4 addresses. Fortunately, the designers of IPv4 set
Estimated completion time
aside reserved address ranges that are not part of the public address pool. An
5-10 minutes
organization may only need a single public IP address, and all other IP addresses
will come from the range of private addresses. Packets that use a private Video reference
address never leave a network. Therefore, any number of organizations can use Domain 2
Topic: How Network Addresses
the same set of private addresses.
Impact Network Security
Private network packets can leave that network through Network Address Subtopic: NAT and Public vs.
Private Networks
Protocol (NAT). The NAT protocol is used to replace the private IPv4 address
with the organization's public IP address when a packet is sent outside of a Objectives covered
private network. The router also adds a note to its translation table for later use. 2 Basic Network Security Concepts
NAT enables nodes with private addresses to communicate with external nodes 2.1 Describe TCP/IP protocol
vulnerabilities
while also helping to hide actual IP addresses from the outside world.
2.2 Explain how network addresses
impact network security
Purpose 2.2.5 NAT
2.2.6 Public vs. private networks
Upon completing this project, you will better understand NAT, public networks,
and private networks. Notes for the teacher
If time permits, students should review
Steps for Completion the following webpage from Cisco
featuring FAQs regarding NAT.
1. Describe the purpose of public IP addresses. https://www.cisco.com/c/en/us/support
Allows a single public IP address to be used for an organization, so that all other
/docs/ip/network-address-translation-
nat/26704-nat-faq-00.html
devices connected use a private IP, as a bandage for the limit to how many
IPv4 addresses there are.
2. Describe the following statement in greater detail: Private IP addresses are non-routable.
Private IP addresses are only use for internal networks, as they cannot be routed on the internet due to IP duplication.
3. Fill in the ranges for the three most common private IPv4 networks.
5. When a border router receives a response from a packet that it sent outside of a private network, it uses the note
in its translation table to replace the destination IPv4 address with the correct private address.
43 | Domain 2 Lesson 2: Public vs. Private Networks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 2 Lesson 3
44 | Domain 2 Lesson 3: Public vs. Private Networks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
Instructions: While watching Domain 2 Lesson 3, fill in the missing words according to the information presented by the
instructor. [References are found in the brackets.]
1. Network security architecture refers to how a network is organized to operate efficiently and
resist interruptions . [Network Security Architecture and DMZ]
2. A demilitarized zone (DMZ) is a network segment with at least two firewalls . [Network Security
Architecture and DMZ]
4. Oracle VM is free virtualization software that runs on many popular operating systems.
[Virtualization and Cloud]
6. Proxy servers often use rules to determine the best action to take for a message. [Honeypot, Proxy
Server, IDS, and IPS]
7. An intrusion detection system (IDS) is a passive network device that examines packets and
compares each one to a database of malicious patterns. [Honeypot, Proxy Server, IDS, and IPS]
45 | Domain 2 Lesson 3: Fill-in-the-Blanks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Network Security Architecture Project Details
Project file
Network security architecture refers to the overall structure of a network and its N/A
effect on operations and interruptions. A network with a robust architecture
Estimated completion time
should provide redundancy and resilience. It is important to note that the
5 minutes
primary goal of any network security architecture is to avoid interruption.
Video reference
One common extension to a basic network is the inclusion of a network Domain 2
segment called a demilitarized zone (DMZ). A DMZ is commonly made up of Topic: Network Infrastructure and
two or more firewalls separating public-facing services from internal resources. Technologies
The purpose of a DMZ is to provide internet access to services and data while Subtopic: Network Security
Architecture and DMZ
also protecting internal resources.
Objectives covered
Purpose 2 Basic Network Security Concepts
2.3 Describe network infrastructure
Upon completing this project, you will better understand network security and technologies
architecture, and you will also better understand the purpose of a DMZ. 2.3.1 Network security architecture
2.3.2 DMZ
Steps for Completion
Notes for the teacher
1. A network with a robust architecture should include devices If time permits, students should review
and protocols that prevent, detect, and resist attacks. several examples of network diagrams
at the webpage below. Example 10
2. What two elements make up a basic network? features an example of a DMZ.
https://www.edrawmax.com/article/net
a. nodes work-diagram-examples.html
b. media
3. Networks that include security components will also contain network security devices, segmented
networks, and redundant media.
4. An administrator is implementing a DMZ to protect sensitive internal network resources from bad actors on the
internet. Which element of a website should exist between two firewalls?
Web server
46 | Domain 2 Lesson 3: Network Security Architecture Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Virtualization and Cloud Project Details
Project file
Virtualization is a term used to describe the practice of running multiple N/A
operating systems on a single computer. In the past, an operating system
Estimated completion time
primarily served as an intermediary between a user and computer hardware.
5 minutes
Virtualization allows organizations to extract significant amounts of value from
their equipment, allowing them to run several different operating systems on Video reference
one set of physical hardware. Virtualization technology also makes it easy to Domain 2
Topic: Network Infrastructure and
suspend a virtual machine and restart it later. Suspended virtual machines can
Technologies
also be migrated to different physical computers. Subtopic: Virtualization and Cloud
Cloud computing describes the delivery of computing services over the internet. Objectives covered
These services include servers, databases, networking infrastructure, software, 2 Basic Network Security Concepts
and more. Some popular cloud computing providers are Amazon (Amazon Web 2.3 Describe network infrastructure
Services or AWS), Microsoft (Azure), and Google (Google Cloud). and technologies
2.3.3 Virtualization
Purpose 2.3.4 Cloud
3. The ease of creating, moving, and managing images on running systems are also convenient for
building standardized virtual machines.
4. Public clouds are virtual machines and virtual environments that can be leased .
47 | Domain 2 Lesson 3: Virtualization and Cloud Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Honeypots, Proxy Servers, IDS, Project Details
Project file
and IPS N/A
2. Honeypots should never be considered substitutes for controls to protect other valuable resources.
5. Which two examples are given in the video reference for steps an IPS may take against a potential attack?
Blocking of an IP address or closing a certain port
48 | Domain 2 Lesson 3: Honeypots, Proxy Servers, IDS, and IPS Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Domain 2 Lesson 4
49 | Domain 2 Lesson 4: Honeypots, Proxy Servers, IDS, and IPS Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Fill-in-the-Blanks
Instructions: While watching Domain 2 Lesson 4, fill in the missing words according to the information presented by the
instructor. [References are found in the brackets.]
1. A little effort invested in securing your wireless networks can significantly reduce your attack
surface. [MAC Address Filtering]
2. Anyone who connects to an open wireless network can view what other wireless users send
and receive. [Encryption Standards, Protocols, and SSID]
3. Security professionals may harden a wireless network by disabling the Service Set Identifier (SSID)
broadcast. [Encryption Standards, Protocols, and SSID]
4. While in personal mode, WPA and WPA2 use a private key that clients must know. [Encryption
Standards, Protocols, and SSID]
5. A packet inspection firewall is the most basic firewall. [ACL and Firewall]
6. A VPN creates an end-to-end connection between a client and a server inside a business’s internal
network. [VPN]
7. In most cases, using a VPN helps to avoid blocked website usage. [VPN]
8. Network access control (NAC) implements controlled remote access through policies and
setting minimum device requirements. [NAC]
50 | Domain 2 Lesson 4: Fill-in-the-Blanks Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Setting up a Secure Wireless Project Details
Project file
SOHO Network N/A
4. While in enterprise mode, the WPA and WPA2 wireless security protocols use which type of server to manage
connections?
RADIUS server
51 | Domain 2 Lesson 4: Setting up a Secure Wireless SOHO Network Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition
Implement Secure Access Project Details
Project file
Technologies N/A
a.
b.
c.
d.
a.
b.
c.
a.
b.
c.
d.
52 | Domain 2 Lesson 4: Implement Secure Access Technologies Cisco Certified Support Technician: Cybersecurity Project Workbook, First Edition