Computer Networking
The OSI seven-layer model and the TCP/IP map
Type a web address and a lot happens before the page appears. Your browser's request is wrapped by one layer of software, handed down to the next, and the next, until it leaves your machine as electrical or radio signals; the server reverses the process on the way up. Networking people describe this stack with the OSI (Open Systems Interconnection) reference model, which splits the work into seven layers. CC expects you to know the order in both directions and the job of each layer, because this is the most heavily tested networking idea on the exam.
The seven layers, top to bottom
Reading from layer 7 down to layer 1:
- Layer 7, Application is where network services meet user applications. Protocols like HTTP, DNS, and SMTP live here. This is not your web browser itself; it is the protocol the browser speaks.
- Layer 6, Presentation formats, encodes, compresses, and encrypts data so the application can use it. TLS encryption and character encodings sit here.
- Layer 5, Session sets up, manages, and tears down the conversation between two hosts.
- Layer 4, Transport delivers data end to end and uses port numbers to direct it to the right service. TCP and UDP are the layer 4 protocols.
- Layer 3, Network handles logical addressing and routing across networks. This is where IP lives and where routers operate.
- Layer 2, Data Link moves frames across one local link and uses hardware MAC (Media Access Control) addresses. Ethernet, switches, and VLANs are layer 2.
- Layer 1, Physical is the raw bits on the medium: copper cables, fiber, WiFi radio, and hubs.
A classic mnemonic for layer 7 down to 1 is "All People Seem To Need Data Processing" (Application, Presentation, Session, Transport, Network, Data Link, Physical). For the reverse, layer 1 up to 7, many people use "Please Do Not Throw Sausage Pizza Away".
TCP/IP, the model the internet actually runs on
OSI is a teaching reference. The protocol suite that genuinely carries traffic is TCP/IP, which does the same work in four layers instead of seven. The mapping is fixed and worth memorizing, because questions ask you to translate one model into the other: the TCP/IP Link layer covers OSI layers 1 to 2, Internet covers OSI layer 3, Transport covers OSI layer 4, and Application covers OSI layers 5 to 7. IP and IPsec live at OSI layer 3[1] (the Internet layer), while TCP and UDP live at layer 4. The two models do not disagree; TCP/IP simply groups OSI's top three layers into one Application layer and its bottom two into one Link layer.
Addresses and ports: IPv4, IPv6, and the well-known ports
Two numbers get a packet to the right place: an IP address says which machine, and a port number says which service on that machine. Keep them separate in your head, because the most common beginner mistake is to mix them up, and the exam tests the difference directly.
IPv4 versus IPv6
An IPv4 address is 32 bits long, written as four decimal numbers from 0 to 255 separated by dots, such as 203.0.113.5. Thirty-two bits gives about 4.3 billion unique addresses, and the global supply has effectively run out. IPv6 was created to fix that shortage, and its addresses are 128 bits long, written as eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:0000:0000:0000:0000:0000:0001 (often shortened to 2001:db8::1). One hundred twenty-eight bits is an enormous space, roughly 3.4 x 10^38 addresses, so exhaustion is no longer a practical concern. The two figures to lock in are 32 bits for IPv4 and 128 bits for IPv6; questions love to swap them.
Addresses come in two scopes. Public addresses are routable on the open internet and must be globally unique. Private IPv4 ranges (such as 10.x.x.x and 192.168.x.x) are reused inside many separate networks and are not routed on the internet, which is part of how IPv4 stretched its limited supply.
Ports identify the service
A server can run a web service, an email service, and a remote-login service at the same time on one IP address because each listens on its own port. A port is a 16-bit number, so the range is 0 to 65535. The lowest block, ports 0 to 1023, are the well-known (system) ports reserved for standard internet services and assigned by IANA. CC expects you to recognize a specific short list by number, summarized in the table below. Treat these as flashcards: a question may give the service and ask for the number, or give the number and ask for the service.
| Service | Port(s) | What it does |
|---|---|---|
| FTP | 20 (data), 21 (control) | File Transfer Protocol; transfers files, sends data and control on separate ports |
| SSH | 22 | Secure Shell; encrypted remote command-line and file transfer |
| Telnet | 23 | Remote command-line in cleartext; insecure, replaced by SSH |
| SMTP | 25 | Simple Mail Transfer Protocol; sends email between mail servers |
| DNS | 53 | Domain Name System; resolves names like example.com to IP addresses |
| HTTP | 80 | Web traffic in cleartext |
| HTTPS | 443 | Web traffic encrypted with TLS |
| RDP | 3389 | Remote Desktop Protocol; remote graphical access to Windows |
The pattern worth noticing: the secure version of a protocol usually runs on a different port from the cleartext version (HTTP 80 versus HTTPS 443; Telnet 23 versus SSH 22). When a question contrasts a secure and an insecure service, the port number is often the tell.
WiFi and exam-pattern recognition
The last building block is wireless. WiFi is the IEEE 802.11 family of wireless LAN standards, and the thing that matters for security is simple: WiFi sends data over radio, so anyone within range can capture the signal off the air. That makes link encryption essential, not optional.
Securing wireless
The encryption standards arrived in order, and only the newest are safe. WEP (Wired Equivalent Privacy) is the original and is thoroughly broken; never select it. WPA and WPA2 (WiFi Protected Access) replaced it, and WPA3 is the current standard and the strongest. For CC, the rule is: choose WPA3 (or WPA2 if WPA3 is unavailable) and reject WEP. An open network with no encryption, such as a coffee-shop hotspot, should be treated as untrusted; sensitive traffic over it needs its own protection, such as a VPN tunnel or HTTPS, on top.
Reading the question stems
Networking items on CC tend to fall into a few shapes, and recognizing the shape tells you which fact to fetch.
- Layer placement. "At which OSI layer does a router operate?" Answer with the function-to-layer map: routing and IP are layer 3 (Network); switching and MAC addresses are layer 2 (Data Link); ports and end-to-end delivery are layer 4 (Transport); the application protocol is layer 7.
- Model translation. "Which TCP/IP layer corresponds to OSI layers 5 through 7?" Apply the fixed mapping: that is the Application layer.
- Service-to-port (or port-to-service). "Which port does HTTPS use?" or "What runs on port 22?" Recall the well-known list. The frequent trap is the cleartext/secure pair: HTTP 80 versus HTTPS 443, Telnet 23 versus SSH 22.
- Address facts. "How many bits is an IPv6 address?" The answer is 128 (IPv4 is 32). Watch for stems that swap the two numbers.
- Wireless choice. "Which protocol should secure a new wireless network?" Choose WPA3 or WPA2, never WEP.
A reliable habit on any networking question: first decide whether the stem is about where (a layer), who (an IP address), what service (a port), or how it is protected (encryption such as WPA3 or TLS). Naming the category first keeps you from answering a port question with a layer fact, which is exactly the kind of mismatch distractors are built to exploit.
OSI seven layers mapped to the TCP/IP four-layer model
| OSI layer (number) | What it does | TCP/IP layer | Example at this layer |
|---|---|---|---|
| 7 Application | Network services to user applications | Application | HTTP, HTTPS, DNS, SMTP, FTP |
| 6 Presentation | Format, encode, encrypt for the app | Application | TLS encryption, data formats |
| 5 Session | Set up, manage, tear down sessions | Application | Session establishment |
| 4 Transport | End-to-end delivery, ports | Transport | TCP, UDP (ports 80, 443, 53) |
| 3 Network | Logical addressing and routing | Internet | IP, IPsec, routers |
| 2 Data Link | Frames on the local link, MAC addresses | Link | Ethernet, switches, VLANs |
| 1 Physical | Bits on the wire or radio | Link | Cables, WiFi radio, hubs |
Sharp facts the exam loves — give these one last read before exam day.
Cheat sheet
Sharp facts the exam loves — scan these before test day.
- Know the OSI seven layers in order, both directions
The OSI (Open Systems Interconnection) model has seven layers, from the bottom up: 1 Physical, 2 Data Link, 3 Network, 4 Transport, 5 Session, 6 Presentation, 7 Application. A common mnemonic for layer 7 down to 1 is "All People Seem To Need Data Processing". Exam questions ask you to place a function or device at the right layer, so the order and each layer's job are the core facts to memorize.
- OSI maps onto TCP/IP's four layers by a fixed rule
TCP/IP is the four-layer model the internet actually runs on, and it maps onto OSI predictably: Link = OSI layers 1 to 2, Internet = OSI layer 3, Transport = OSI layer 4, and Application = OSI layers 5 to 7. The two models do not disagree; TCP/IP just groups OSI's top three layers into one Application layer and its bottom two into one Link layer. Questions often give an OSI layer and ask for the matching TCP/IP layer, or the reverse.
Trap Assuming TCP/IP has a separate Session or Presentation layer; those OSI layers (5 and 6) are folded into the single TCP/IP Application layer.
- IP and routing live at OSI Layer 3 (Network)
The Network layer (OSI layer 3) handles logical addressing and routing between networks, which is where IP operates and where routers do their work. When a stem asks at which layer a router operates or where IP addressing happens, the answer is layer 3. IPsec, which protects IP packets, also operates at this layer.
Trap Placing a router at OSI layer 2; switches and MAC addressing are layer 2, while routing and IP are layer 3.
11 questions test this
- A router makes forwarding decisions based on which type of address?
- What is required for devices on different VLANs to communicate with each other?
- Devices on one VLAN cannot communicate directly with devices on a different VLAN. What additional network component is required to enable…
- An organization wants to connect multiple separate networks and route traffic between them using IP addresses. Which device should they…
- An organization needs to connect two separate IP networks and enable communication between devices on different subnets. Which device…
- What is the PRIMARY function of a router in network infrastructure?
- An organization needs to connect two separate networks with different IP address ranges. Which network device is specifically designed for…
- Devices on two different VLANs need to communicate with each other. What is required to enable this inter-VLAN communication?
- Which OSI model layer does a router primarily operate at when making forwarding decisions?
- Which network device operates at Layer 3 of the OSI model and uses IP addresses to determine the best path for forwarding data between…
- A network administrator needs a device that can connect two separate networks and forward packets based on destination IP addresses. Which…
- Switches and MAC addresses operate at Layer 2 (Data Link)
The Data Link layer (OSI layer 2) moves frames across a single local link and uses hardware MAC (Media Access Control) addresses to identify devices on that link. Ethernet switches and VLANs operate here. A MAC address is the physical hardware address burned into a network interface, distinct from the logical IP address assigned at layer 3.
Trap Confusing a MAC address (layer 2 hardware address) with an IP address (layer 3 logical address); the two identify a device at different layers.
6 questions test this
- At which layer of the OSI model does a network switch primarily operate?
- What does a network switch use to forward frames to the correct destination port?
- What is the PRIMARY security advantage of using a switch instead of a hub on a network?
- Which network device operates at Layer 2 of the OSI model and forwards frames based on MAC addresses?
- Which type of address does a network switch use to forward data frames to the appropriate destination port?
- How does a hub differ from a switch in handling network traffic?
- TCP and UDP carry data at Layer 4 (Transport) using ports
The Transport layer (OSI layer 4) delivers data end to end between hosts and uses port numbers to direct it to the right service. TCP and UDP are the layer 4 protocols. When a question is about ports, end-to-end delivery, or TCP versus UDP, the layer is 4.
- An IP address identifies the host; a port identifies the service
Keep the two roles separate: an IP address says which machine, and a port number says which application or service on that machine. This is why one server with a single IP can run web, email, and remote-login services at the same time, each listening on its own port. A question asking how one server offers many services at once is about ports, not addresses.
Trap Answering a one-server-many-services question with multiple IP addresses; the services are separated by port number, not by address.
- IPv4 addresses are 32 bits long
An IPv4 address is 32 bits, written as four decimal numbers from 0 to 255 separated by dots, such as 203.0.113.5. Thirty-two bits gives about 4.3 billion possible addresses, a supply the world has effectively exhausted. The 32-bit figure is the single most testable IPv4 fact.
Trap Stating IPv4 is 128 bits; 128 bits is IPv6. IPv4 is 32 bits.
10 questions test this
- What is the bit length of an IPv4 address?
- What was a primary reason for developing IPv6 to replace IPv4?
- What is the primary advantage of IPv6 over IPv4 regarding address space?
- Which statement accurately describes the format of an IPv4 address?
- How is an IPv4 address structured?
- Which characteristic distinguishes IPv6 addressing from IPv4 addressing?
- What is a primary reason organizations are transitioning from IPv4 to IPv6?
- What is the primary reason IPv6 was developed to replace IPv4?
- How does the format of an IPv6 address differ from an IPv4 address?
- What is the primary advantage of IPv6 over IPv4 that addresses the limitation of internet growth?
- IPv6 addresses are 128 bits long and solve IPv4 exhaustion
IPv6 was created because IPv4's address space ran out, and its addresses are 128 bits long, written as eight groups of hexadecimal separated by colons, such as 2001:db8::1. One hundred twenty-eight bits gives roughly 3.4 x 10^38 addresses, so exhaustion is no longer a practical concern. Remember 128 bits for IPv6 versus 32 bits for IPv4; questions like to swap the two numbers.
Trap Stating IPv6 is 64 bits or 32 bits; an IPv6 address is 128 bits.
10 questions test this
- What was a primary reason for developing IPv6 to replace IPv4?
- How are IPv6 addresses typically represented in text format?
- What is the primary advantage of IPv6 over IPv4 regarding address space?
- Which characteristic distinguishes IPv6 addressing from IPv4 addressing?
- What is a primary reason organizations are transitioning from IPv4 to IPv6?
- What is the primary reason IPv6 was developed to replace IPv4?
- Which address format uses 128 bits and is represented by eight groups of hexadecimal digits separated by colons?
- How does the format of an IPv6 address differ from an IPv4 address?
- How is an IPv6 address typically represented?
- What is the primary advantage of IPv6 over IPv4 that addresses the limitation of internet growth?
- Ports 0 to 1023 are the well-known (system) ports
A port number is 16 bits, so the full range is 0 to 65535, and the lowest block, ports 0 to 1023, are the well-known or system ports reserved by IANA for standard internet services. The well-known set is where the named protocols a candidate must recognize, like HTTP and HTTPS, live. Higher ports are registered or dynamic and are not the focus of CC recall.
4 questions test this
- Which range of TCP/UDP ports are classified as 'well-known ports' and typically require administrative privileges to use?
- Which range of ports is known as the 'well-known ports' or 'system ports' that are typically reserved for privileged services?
- Port numbers ranging from 0 to 1023 are classified into which category by the Internet Assigned Numbers Authority (IANA)?
- Which range of port numbers are known as 'well-known ports' assigned by IANA for standard services?
- HTTP is port 80; HTTPS is port 443
Web traffic uses HTTP on port 80 in cleartext and HTTPS on port 443 encrypted with TLS. The pair is a favorite exam contrast: the secure version runs on a different well-known port from the cleartext version. If a question asks which port carries encrypted web traffic, the answer is 443.
Trap Answering 80 for encrypted web traffic; port 80 is cleartext HTTP, while HTTPS (TLS-encrypted) is port 443.
8 questions test this
- An organization wants to secure web traffic between users and its public web server. Which port should be allowed through the firewall to…
- A firewall administrator needs to allow web servers to serve encrypted content to external users. Which port should be opened on the…
- A security team is configuring a firewall to allow secure web traffic. Which port should be opened to permit HTTPS connections?
- A security analyst notices outbound traffic from an internal server to an external host on port 443. What type of traffic is this port…
- A security analyst reviewing firewall logs notices traffic on port 443. Which service is MOST likely associated with this port?
- Which protocol and port combination provides encrypted web communications?
- A security team is configuring firewall rules for a web server that should only serve encrypted web content. Which port should be ALLOWED…
- An organization wants to ensure secure web communications for its e-commerce site. Which TCP port should be allowed through the firewall…
- SSH is port 22; it replaces cleartext Telnet on port 23
SSH (Secure Shell) provides encrypted remote command-line access and file transfer on port 22, and it is the secure replacement for Telnet, which runs in cleartext on port 23. Telnet sends credentials and commands unencrypted, so it should not be used over untrusted networks. When a stem contrasts secure and insecure remote login, the ports 22 and 23 are the tell.
Trap Choosing Telnet (port 23) for secure remote administration; Telnet is cleartext, and SSH on port 22 is the encrypted choice.
13 questions test this
- Which of the following port and protocol combinations represents an UNENCRYPTED service that poses security risks when used over untrusted…
- An organization wants to replace an insecure protocol used for remote administration. Which protocol pair shows an INSECURE protocol and…
- During a security assessment, a penetration tester identifies that port 22 is open on a server. Which service is MOST likely running on…
- A security analyst notices traffic on TCP port 22 during network monitoring. Which service is MOST likely generating this traffic?
- A security team wants to block insecure remote management protocols in the firewall. Which port should they block to prevent unencrypted…
- During a security audit, an analyst discovers that a server is accepting connections on port 23. What security concern does this represent?
- A security analyst is reviewing firewall rules and sees traffic allowed on port 22. Which service uses this port and why is it considered…
- During a security assessment, a firewall administrator notices unexpected traffic on port 23. From a security perspective, what concern…
- A security analyst discovers that administrators are using Telnet to manage network devices. What is the PRIMARY security concern with this…
- A security analyst notices unexpected traffic on TCP port 23 on a server. Which protocol is likely being used, and why is this a security…
- Which TCP port is used by SSH (Secure Shell) for secure remote access to servers?
- A security analyst reviews firewall logs and notices traffic on TCP port 22. Which protocol is most likely being used on this port?
- A security analyst discovers that an administrator has been using Telnet to remotely manage network devices. Which security risk does this…
- FTP uses ports 20 and 21
FTP (File Transfer Protocol) transfers files using two ports: port 21 carries the control connection (commands) and port 20 carries the data. Plain FTP is unencrypted, so secure alternatives like SFTP (over SSH, port 22) or FTPS are preferred for sensitive transfers. The two-port pattern, 20 for data and 21 for control, is a recall point.
- SMTP is port 25 and DNS is port 53
SMTP (Simple Mail Transfer Protocol) sends email between mail servers on port 25, and DNS (Domain Name System) resolves names like example.com into IP addresses on port 53. Both are well-known ports a candidate is expected to recognize by number. DNS is the service that lets people use names instead of memorizing numeric addresses.
3 questions test this
- Which port is used by DNS services to resolve domain names to IP addresses?
- A security analyst notices traffic on port 53 during network monitoring. Which service is most likely associated with this traffic?
- A network administrator needs to allow DNS traffic through the firewall. Which port and protocol combination should be configured?
- RDP is port 3389
RDP (Remote Desktop Protocol) gives remote graphical access to Windows systems on port 3389. Because RDP exposed to the internet is a frequent attack target, it should be restricted to a VPN or trusted network rather than opened publicly. The number 3389 is the one to recall for remote desktop.
- The secure protocol usually runs on a different port from the cleartext one
When a question pairs an insecure protocol with its secure counterpart, the port number is often the distinguishing clue: HTTP 80 versus HTTPS 443, and Telnet 23 versus SSH 22. Recognizing the pair lets you pick the encrypted option by its port. The secure choice is the encrypted protocol, and it listens on its own well-known port.
5 questions test this
- An organization wants to secure web traffic between users and its public web server. Which port should be allowed through the firewall to…
- Which of the following port and protocol combinations represents an UNENCRYPTED service that poses security risks when used over untrusted…
- An organization wants to replace an insecure protocol used for remote administration. Which protocol pair shows an INSECURE protocol and…
- A security team wants to block insecure remote management protocols in the firewall. Which port should they block to prevent unencrypted…
- A security analyst is reviewing firewall rules and sees traffic allowed on port 22. Which service uses this port and why is it considered…
- Private IP ranges are not routed on the public internet
Public IP addresses are globally unique and routable on the open internet, while private IPv4 ranges (such as 10.x.x.x and 192.168.x.x) are reused inside many separate internal networks and are not routed across the internet. Reusing private ranges behind translation is part of how IPv4 stretched its limited supply. A host with only a private address cannot be reached directly from the internet.
5 questions test this
- Which IP address range is designated as private and NOT routable on the public internet?
- Which IP address range is designated as private address space according to RFC 1918 and cannot be routed on the public internet?
- Which address range is designated for private IPv4 networks that are not routable on the public internet?
- Which address range is designated as private IPv4 address space according to RFC 1918?
- Which of the following correctly identifies the three private IPv4 address ranges defined in RFC 1918?
- WiFi is the IEEE 802.11 wireless LAN family, and it is broadcast
WiFi refers to the IEEE 802.11 family of wireless LAN standards, which carry data over radio. Because the signal travels through the air, anyone within range can capture it, so encryption on the wireless link is essential rather than optional. This broadcast nature is the reason wireless security gets special attention.
- Secure WiFi with WPA3 or WPA2, never WEP
The WiFi encryption standards arrived in order, and only the newest are safe: WPA3 (WiFi Protected Access 3) is the current and strongest standard, WPA2 is still acceptable, and WEP (Wired Equivalent Privacy) is thoroughly broken and must never be selected. For CC, choose WPA3 if available, otherwise WPA2, and reject WEP outright. A stem asking how to secure a new wireless network is testing this choice.
Trap Selecting WEP because it is listed as an encryption option; WEP is broken and offers no real protection, so WPA3 or WPA2 is the correct choice.
- Treat an open WiFi network as untrusted
An open wireless network with no encryption, such as a public coffee-shop hotspot, gives no link protection, so any traffic on it can be intercepted. Treat it as untrusted and protect sensitive traffic with its own layer on top, such as a VPN tunnel or HTTPS. The wireless link being open does not encrypt your data; only an added layer does.
Trap Assuming an open hotspot is safe as long as the site uses HTTPS for everything; the open link still exposes any unencrypted traffic, so a VPN or per-session encryption is needed.
- TLS encryption sits around OSI layers 5 to 6, not the Transport layer
Despite the name Transport Layer Security, TLS encrypts an application session and conceptually sits around OSI layers 5 to 6 (it secures the data the application sends). The OSI Transport layer (4) is about end-to-end delivery with TCP and UDP and ports, not encryption. Do not equate the OSI Transport layer with transport-layer security; they are different ideas.
Trap Treating the OSI Transport layer (4) as the encryption layer because of the name TLS; layer 4 handles delivery and ports, while TLS protects the application session.
- Categorize a networking question by where, who, what service, or how protected
A reliable habit on any networking item is to first decide whether the stem asks about where a function sits (a layer), who a host is (an IP address), what service is involved (a port), or how traffic is protected (encryption like WPA3 or TLS). Naming the category first keeps you from answering a port question with a layer fact, which is exactly the mismatch that distractors exploit.
- A LAN is small, fast, and locally owned; a WAN connects LANs across distance more slowly
A Local Area Network covers a confined area such as a building or campus, is usually owned and managed by one organization, and offers the highest data-transfer speeds. A Wide Area Network spans cities or countries and interconnects multiple LANs over long distances, so it serves more users with greater geographic reach but typically lower speed and higher latency; LANs are the building blocks a WAN ties together, and the internet is the largest WAN.
Trap Expecting a WAN to be faster than a LAN; its long-distance links raise propagation delay and lower throughput.
11 questions test this
- What is the primary function of a Wide Area Network (WAN)?
- What is the relationship between LANs and WANs in enterprise network architecture?
- Which network type is designed to connect devices within a geographically limited area such as a single building or campus?
- Which network architecture type typically provides the HIGHEST data transfer speeds?
- Which characteristic is typically associated with a LAN compared to a WAN?
- An organization needs to connect its branch offices located in different countries to share resources and communicate. Which network type…
- What is the relationship between Local Area Networks and Wide Area Networks?
- Which characteristic accurately describes the relationship between LANs and WANs in network architecture?
- Which characteristic BEST distinguishes a Wide Area Network (WAN) from a Local Area Network (LAN)?
- Which characteristic is typically associated with a Wide Area Network compared to a Local Area Network?
- What is a primary characteristic that distinguishes a WAN from a LAN in terms of network performance?
- A hub blindly broadcasts to all ports; a switch forwards by MAC to one port
A hub is a Layer 1 device that repeats incoming data out every other port, so all stations share one collision domain and can see each other's traffic. A switch is a Layer 2 device that reads the destination MAC address and uses its MAC address table to forward a frame only to the correct port, giving each port its own collision domain. A router is the Layer 3 device that connects networks with different IP ranges and contains broadcast traffic.
Trap Treating a hub as a secure equivalent of a switch, when its broadcast-to-all behavior lets any attached host sniff the segment.
6 questions test this
- What is the PRIMARY security advantage of using a switch instead of a hub on a network?
- Which network device operates at Layer 2 of the OSI model and forwards frames based on MAC addresses?
- When a hub receives data on one of its ports, what action does it take?
- What is a key security advantage of using a switch instead of a hub on a network?
- How does a hub differ from a switch in handling network traffic?
- What security benefit do routers provide by separating networks into distinct segments?
- DNS uses UDP 53 for normal queries and TCP 53 for large responses and zone transfers
DNS runs on port 53 over both transports: standard name-resolution queries use UDP 53 because it is fast and low-overhead, while TCP 53 handles responses larger than 512 bytes and zone transfers between servers, where reliable delivery matters.
Trap Opening only UDP 53 on a firewall and breaking zone transfers and oversized responses that need TCP 53.
5 questions test this
- A security administrator needs to configure firewall rules for DNS traffic. Which statement about DNS port usage is correct?
- A network administrator needs to allow DNS traffic through a firewall. Which port and protocol combination is primarily used for standard…
- A network administrator is configuring firewall rules and needs to allow DNS traffic. Which port and protocol combination should be…
- Which statement accurately describes why DNS uses BOTH TCP and UDP on port 53?
- A network administrator needs to allow DNS traffic through the firewall. Which port and protocol combination should be configured?
- WPA3 replaces WPA2's PSK handshake with SAE to defeat offline dictionary attacks
WPA3-Personal uses Simultaneous Authentication of Equals (SAE), the dragonfly handshake, in place of WPA2's pre-shared-key four-way handshake. SAE requires live interaction with the network for each password guess, so an attacker who captures the handshake cannot run an offline dictionary attack against it even when the password is weak.
Trap Believing WPA3 is just a stronger password; its protection comes from the SAE handshake, not from key length.
5 questions test this
- Which security enhancement does WPA3 introduce to protect wireless networks against offline dictionary attacks?
- What authentication method does WPA3-Personal use to replace the Pre-Shared Key (PSK) exchange found in WPA2-Personal?
- Which wireless security protocol introduced Simultaneous Authentication of Equals (SAE) to replace the Pre-Shared Key (PSK) method?
- A security administrator is configuring wireless access points and wants to protect against offline dictionary attacks. Which…
- Which security benefit does the WPA3 SAE handshake provide that was not available with the WPA2-PSK four-way handshake?
- WPA3 forward secrecy keeps past captured traffic safe even if the password leaks later
Through SAE, WPA3 derives a unique session key for each connection, providing forward secrecy. If an attacker has been recording encrypted traffic and later obtains the network password, they still cannot decrypt the previously captured sessions because each used a separate key not derived from the password alone.
Trap Assuming a later password compromise exposes old WPA3 sessions, as it would under WPA2-PSK.
6 questions test this
- What is a primary security benefit that WPA3-Personal provides over WPA2-Personal?
- An organization discovers that an attacker has been capturing its encrypted wireless traffic for months. The organization recently…
- What security feature introduced in WPA3 provides protection by changing the encryption password each time a connection is established?
- Which capability of WPA3 ensures that previously captured encrypted wireless traffic cannot be decrypted even if the network password is…
- Which security benefit does the WPA3 SAE handshake provide that was not available with the WPA2-PSK four-way handshake?
- What security feature does WPA3 provide that prevents an attacker from decrypting previously captured wireless traffic if they later obtain…
- WPA3 mandates Protected Management Frames to stop forged deauth attacks
WPA3 requires Protected Management Frames (PMF), which authenticate and protect the integrity of wireless management frames. This blocks eavesdropping, replay, and forgery of management frames, including the spoofed deauthentication/disassociation frames an attacker uses to knock clients off the network.
4 questions test this
- What security feature does WPA3 mandate to protect wireless management frames from eavesdropping and forgery attacks?
- Which of the following is a mandatory security requirement in the WPA3 wireless security standard?
- What security feature in WPA3 protects wireless management frames from being forged or tampered with to prevent certain denial-of-service…
- Which feature, made mandatory in WPA3, protects wireless management frames from being forged by attackers to force clients to disconnect…
- WPA2/WPA3-Enterprise uses 802.1X with a RADIUS server to authenticate each user individually
Enterprise wireless mode runs the 802.1X framework against a central RADIUS authentication server so every user logs in with unique credentials rather than a shared password, giving centralized authentication, individual accountability, and dynamic keys. In 802.1X the wireless access point acts as the authenticator, relaying credentials between the client (supplicant) and the RADIUS server.
Trap Choosing WPA2/WPA3-Personal (a shared PSK) when the requirement is per-user credentials checked against a central server.
10 questions test this
- In an 802.1X wireless authentication architecture, which component acts as the authenticator that controls access to the network?
- An organization wants to verify each employee's unique identity before granting wireless network access using credentials checked against a…
- Which wireless security protocol is MOST appropriate for enterprise environments that require centralized authentication using a RADIUS…
- Which wireless security configuration requires users to authenticate through a centralized authentication server such as RADIUS?
- An organization requires wireless network authentication that verifies users through a centralized authentication server. Which mode should…
- A security administrator is configuring wireless security for an enterprise network that requires centralized user authentication through a…
- An organization wants each employee to use unique login credentials when connecting to the wireless network. Which wireless security…
- An organization wants to verify each wireless user individually through a centralized authentication server instead of using a shared…
- An organization requires that each wireless user be authenticated with individual credentials verified by a centralized server. Which…
- An organization wants to implement wireless security that requires users to authenticate against a centralized authentication server. Which…
- WPA2 should use AES-CCMP, not the legacy TKIP
AES, implemented as AES-CCMP with 128-bit keys, is the mandatory and strongest encryption for WPA2 and provides both confidentiality and integrity. TKIP was only a transitional fix for WEP-era hardware and relies on the weak RC4 cipher, so a WPA2 network running TKIP should be moved to AES.
Trap Leaving WPA2 on TKIP for compatibility, which keeps the weak RC4-based cipher instead of AES.
5 questions test this
- A security analyst notices that the organization's wireless network is configured to use WPA2 with TKIP encryption. What recommendation…
- An organization is configuring wireless access points and must choose between encryption protocols. Which encryption type should be…
- Which encryption protocol is recommended for WPA2 wireless networks to provide the strongest security?
- Which encryption standard does WPA2 use to secure wireless network traffic?
- Which encryption algorithm is mandated by the WPA2 standard for protecting wireless data transmissions?