1What is the primary function of the Domain Name System (DNS)?
Domain Name System
Easy
A.To securely transfer files between computers
B.To route packets across the internet
C.To assign IP addresses to hosts dynamically
D.To translate human-readable domain names into IP addresses
Correct Answer: To translate human-readable domain names into IP addresses
Explanation:
DNS acts as the phonebook of the internet, translating domain names (like www.example.com) into IP addresses that computers use to identify each other.
Incorrect! Try again.
2Which port number is typically used by the DNS protocol?
Domain Name System
Easy
A.Port 21
B.Port 25
C.Port 53
D.Port 80
Correct Answer: Port 53
Explanation:
DNS traditionally uses UDP and TCP port 53 for resolving domain names.
Incorrect! Try again.
3Which protocol is primarily used for sending email messages?
E Mail
Easy
A.SMTP
B.HTTP
C.IMAP
D.POP3
Correct Answer: SMTP
Explanation:
Simple Mail Transfer Protocol (SMTP) is the standard protocol used for sending emails across the internet.
Incorrect! Try again.
4Which of the following protocols is used to retrieve emails from a server?
E Mail
Easy
A.IMAP
B.FTP
C.SMTP
D.SNMP
Correct Answer: IMAP
Explanation:
Internet Message Access Protocol (IMAP) is a protocol used by email clients to retrieve messages from a mail server.
Incorrect! Try again.
5What does MIME stand for in the context of email?
E Mail
Easy
A.Multicast Internet Message Extension
B.Multiple Internet Message Exchange
C.Multipurpose Internet Mail Extensions
D.Multimedia Internet Mail Exchange
Correct Answer: Multipurpose Internet Mail Extensions
Explanation:
MIME extends the format of email messages to support text in character sets other than ASCII, as well as attachments of audio, video, images, and application programs.
Incorrect! Try again.
6What is the main purpose of the File Transfer Protocol (FTP)?
FTP
Easy
A.To browse the web
B.To transfer files between a client and a server on a computer network
C.To resolve hostnames to IP addresses
D.To assign IP addresses to devices
Correct Answer: To transfer files between a client and a server on a computer network
Explanation:
FTP is a standard network protocol used for the transfer of computer files between a client and server on a computer network.
Incorrect! Try again.
7FTP utilizes two connections for its operation. What are they?
FTP
Easy
A.Local and Remote connections
B.TCP and UDP connections
C.Control and Data connections
D.Active and Passive connections
Correct Answer: Control and Data connections
Explanation:
FTP uses a control connection (typically port 21) for commands and replies, and a separate data connection (typically port 20) for transferring the actual file data.
Incorrect! Try again.
8The Transport Layer provides logical communication between ____, whereas the Network Layer provides logical communication between ____.
TRANSPORT LAYER: Relationship between Transport and Network Layer
Easy
A.networks; hosts
B.hosts; processes
C.processes; hosts
D.routers; switches
Correct Answer: processes; hosts
Explanation:
The Transport Layer ensures end-to-end communication between application processes, while the Network Layer handles routing and communication between the host devices.
Incorrect! Try again.
9In the OSI model, which layer sits directly below the Transport Layer?
TRANSPORT LAYER: Relationship between Transport and Network Layer
Easy
A.Application Layer
B.Session Layer
C.Network Layer
D.Data Link Layer
Correct Answer: Network Layer
Explanation:
The Network Layer is layer 3, which sits directly below the Transport Layer (layer 4) in the OSI model.
Incorrect! Try again.
10Which of the following is NOT a typical service of the Transport layer?
Transport Layer Services
Easy
A.Congestion control
B.Multiplexing and demultiplexing
C.Routing path selection
D.Reliable data transfer
Correct Answer: Routing path selection
Explanation:
Routing path selection is a function of the Network Layer, not the Transport Layer.
Incorrect! Try again.
11What mechanism does the Transport Layer use to direct incoming data to the correct application process?
Transport Layer Services
Easy
A.IP addresses
B.MAC addresses
C.Hostnames
D.Port numbers
Correct Answer: Port numbers
Explanation:
Port numbers are used by the Transport Layer to identify specific application processes running on a host.
Incorrect! Try again.
12TCP is considered a ____ protocol.
TCP- Header format and handshaking operation
Easy
A.stateless
B.best-effort
C.connectionless
D.connection-oriented
Correct Answer: connection-oriented
Explanation:
TCP is a connection-oriented protocol because it establishes a connection between the sender and receiver before any data is transferred.
Incorrect! Try again.
13How many steps are involved in the TCP connection establishment process?
TCP- Header format and handshaking operation
Easy
A.Three (3-way handshake)
B.Five (5-way handshake)
C.Two (2-way handshake)
D.Four (4-way handshake)
Correct Answer: Three (3-way handshake)
Explanation:
TCP establishes a connection using a 3-way handshake: SYN, SYN-ACK, and ACK.
Incorrect! Try again.
14What is the minimum size of a standard TCP header?
TCP- Header format and handshaking operation
Easy
A.8 bytes
B.32 bytes
C.20 bytes
D.16 bytes
Correct Answer: 20 bytes
Explanation:
The minimum size of a TCP header is 20 bytes when no options are present.
Incorrect! Try again.
15During the TCP 3-way handshake, what flag is set in the very first segment sent by the client to the server?
TCP- Header format and handshaking operation
Easy
A.ACK
B.FIN
C.RST
D.SYN
Correct Answer: SYN
Explanation:
The client initiates a connection by sending a segment with the SYN (synchronize) flag set.
Incorrect! Try again.
16UDP is a ____ protocol.
UDP- Header format
Easy
A.connection-oriented and unreliable
B.connection-oriented and reliable
C.connectionless and reliable
D.connectionless and unreliable
Correct Answer: connectionless and unreliable
Explanation:
UDP provides connectionless, best-effort service, meaning it does not guarantee delivery, order, or error recovery.
Incorrect! Try again.
17What is the fixed size of the UDP header?
UDP- Header format
Easy
A.16 bytes
B.4 bytes
C.20 bytes
D.8 bytes
Correct Answer: 8 bytes
Explanation:
The UDP header has a fixed size of 8 bytes, consisting of source port, destination port, length, and checksum.
Incorrect! Try again.
18Which of the following fields is NOT present in a UDP header?
UDP- Header format
Easy
A.Checksum
B.Destination Port
C.Source Port
D.Sequence Number
Correct Answer: Sequence Number
Explanation:
Sequence numbers are used in TCP for reliable data transfer and ordering. UDP does not use sequence numbers as it is an unreliable, connectionless protocol.
Incorrect! Try again.
19Which Transport Layer protocol would be best suited for real-time video streaming where occasional frame loss is acceptable?
Transport Layer Services
Easy
A.HTTP
B.UDP
C.TCP
D.FTP
Correct Answer: UDP
Explanation:
UDP is preferred for real-time applications like video streaming because it has lower overhead and avoids delays caused by TCP's retransmission of lost packets.
Incorrect! Try again.
20What type of DNS record maps a domain name to an IPv4 address?
Domain Name System
Easy
A.CNAME record
B.A record
C.MX record
D.AAAA record
Correct Answer: A record
Explanation:
An 'A' (Address) record is used to map a domain name to its corresponding IPv4 address.
Incorrect! Try again.
21A local DNS server receives a request for a domain name it does not have in its cache. If it uses an iterative query process, what will be its immediate next step?
Domain Name System
Medium
A.It will query the Root DNS server, which will return the IP address of the Top-Level Domain (TLD) server.
B.It will broadcast the DNS query to all adjacent local DNS servers.
C.It will query the Root DNS server, which will recursively fetch the IP address on behalf of the local server.
D.It will query the Authoritative DNS server directly to minimize resolution time.
Correct Answer: It will query the Root DNS server, which will return the IP address of the Top-Level Domain (TLD) server.
Explanation:
In an iterative DNS query, the queried server replies with the best answer it currently knows, which is often a referral to the next server in the hierarchy (like a TLD server). The Root server does not fetch the IP recursively.
Incorrect! Try again.
22An organization wants its primary domain example.com to point to a mail server hosted at mail.example.com. Which DNS record type should be configured to route emails correctly to this server?
Domain Name System
Medium
A.NS Record
B.MX Record
C.CNAME Record
D.A Record
Correct Answer: MX Record
Explanation:
An MX (Mail Exchanger) record specifies the mail server responsible for accepting email messages on behalf of a domain name.
Incorrect! Try again.
23If a DNS resource record is cached with a Time-To-Live (TTL) of 3600 seconds, what happens when a client requests the same domain 45 minutes later?
Domain Name System
Medium
A.The DNS server returns the cached record immediately without contacting other servers.
B.The DNS server drops the cached record and queries the authoritative server.
C.The DNS server sends a conditional query to check if the IP has changed.
D.The client must flush its local cache before receiving the response.
Correct Answer: The DNS server returns the cached record immediately without contacting other servers.
Explanation:
45 minutes is 2700 seconds, which is less than the 3600-second TTL. Therefore, the DNS server will serve the response directly from its cache.
Incorrect! Try again.
24A user wants to read their emails from multiple devices, ensuring that marking an email as read on their phone updates the status on their laptop. Which protocol combination is most appropriate for this scenario?
E Mail
Medium
A.POP3 for sending, SMTP for receiving
B.IMAP for sending, POP3 for receiving
C.SMTP for sending, POP3 for receiving
D.SMTP for sending, IMAP for receiving
Correct Answer: SMTP for sending, IMAP for receiving
Explanation:
SMTP is used to push/send emails. IMAP is a pull protocol that synchronizes state across multiple clients, unlike POP3 which traditionally downloads and deletes emails from the server.
Incorrect! Try again.
25SMTP is strictly a 7-bit ASCII protocol. How are modern email clients able to send non-text attachments like images or PDFs over SMTP?
E Mail
Medium
A.By switching to IMAP for the transmission of binary files.
B.By using MIME to encode the binary data into 7-bit ASCII characters.
C.By establishing a separate FTP connection to transfer the file.
D.By using an encrypted SSL tunnel that bypasses SMTP character limits.
Correct Answer: By using MIME to encode the binary data into 7-bit ASCII characters.
Explanation:
Multipurpose Internet Mail Extensions (MIME) translates non-ASCII data (like images and attachments) into a 7-bit ASCII format that SMTP can handle.
Incorrect! Try again.
26In the context of email delivery, what is the primary distinction between a Mail Transfer Agent (MTA) and a Mail Delivery Agent (MDA)?
E Mail
Medium
A.An MTA provides the user interface for reading emails, while an MDA routes the emails over the Internet.
B.An MTA routes emails between servers, while an MDA delivers the email to the recipient's local mailbox.
C.An MTA handles text-only emails, while an MDA processes MIME-encoded attachments.
D.An MTA is used for IMAP connections, while an MDA is used for POP3 connections.
Correct Answer: An MTA routes emails between servers, while an MDA delivers the email to the recipient's local mailbox.
Explanation:
The MTA (e.g., Postfix, Sendmail) is responsible for routing and transferring the email across networks. The MDA (e.g., Dovecot) takes the email from the MTA and stores it in the user's specific mailbox.
Incorrect! Try again.
27A client behind a strict NAT firewall is trying to download a file from an FTP server. The control connection succeeds, but the data transfer fails. Which mode should the client use to resolve this issue?
FTP
Medium
A.Passive Mode, so the client initiates both the control and data connections.
B.Binary Mode, to prevent ASCII character translation errors.
C.Active Mode, so the server initiates the data connection.
D.Anonymous Mode, to bypass authentication requirements.
Correct Answer: Passive Mode, so the client initiates both the control and data connections.
Explanation:
In Passive FTP, the client initiates the data connection to a port specified by the server. This is firewall/NAT friendly, unlike Active FTP where the server attempts to open a connection to the client.
Incorrect! Try again.
28FTP is described as an 'out-of-band' protocol. What does this mean in the context of file transfers?
FTP
Medium
A.It uses UDP instead of TCP for faster data transmission.
B.It compresses data before sending to conserve bandwidth.
C.It uses a separate connection for sending control commands and for transferring file data.
D.It encrypts the payload independently of the headers.
Correct Answer: It uses a separate connection for sending control commands and for transferring file data.
Explanation:
FTP uses port 21 for the control connection (commands/responses) and port 20 (in active mode) for the actual data transfer, making its control signaling out-of-band.
Incorrect! Try again.
29Unlike HTTP, FTP is a stateful protocol. Which of the following best demonstrates this characteristic?
FTP
Medium
A.FTP data connections remain open indefinitely even if no data is being sent.
B.FTP requires a new TCP handshake for every single file transferred.
C.The FTP server maintains information about the client's current working directory and authentication status across multiple requests.
D.FTP uses cookies to track user sessions.
Correct Answer: The FTP server maintains information about the client's current working directory and authentication status across multiple requests.
Explanation:
Stateful protocols remember client data across requests. An FTP server remembers the user's login state and current directory during the session over the control connection.
Incorrect! Try again.
30If the Network layer provides logical communication between hosts, what specific logical communication does the Transport layer provide?
TRANSPORT LAYER: Relationship between Transport and Network Layer
Medium
A.Communication between different subnets.
B.Communication between the Data Link layer and the Application layer.
C.Communication between adjacent routers on a path.
D.Communication between processes running on different hosts.
Correct Answer: Communication between processes running on different hosts.
Explanation:
While IP (Network Layer) routes packets from host to host, the Transport layer (TCP/UDP) uses port numbers to deliver those packets to the correct application processes running on those hosts.
Incorrect! Try again.
31The Network layer (IP) is an unreliable, best-effort delivery service. How does a transport protocol like TCP provide reliability on top of IP?
TRANSPORT LAYER: Relationship between Transport and Network Layer
Medium
A.TCP bypasses the IP layer and establishes a direct physical circuit between end systems.
B.TCP modifies the IP headers to enforce guaranteed delivery at the router level.
C.TCP implements its own mechanisms such as acknowledgments, sequence numbers, and retransmissions at the end systems.
D.TCP requires the Data Link layer to perform error correction before passing frames to IP.
Correct Answer: TCP implements its own mechanisms such as acknowledgments, sequence numbers, and retransmissions at the end systems.
Explanation:
TCP builds a reliable service on top of an unreliable network layer by handling error checking, acknowledgments, and retransmitting lost packets exclusively at the end hosts.
Incorrect! Try again.
32A web server is handling multiple HTTP requests simultaneously. How does the transport layer demultiplex incoming TCP segments to the correct client session?
Transport Layer Services
Medium
A.By using only the destination IP address and destination port.
B.By using a 4-tuple consisting of source IP, source port, destination IP, and destination port.
C.By assigning a unique MAC address to every active connection.
D.By analyzing the HTTP headers within the application payload.
Correct Answer: By using a 4-tuple consisting of source IP, source port, destination IP, and destination port.
Explanation:
Connection-oriented transport protocols (like TCP) use the combination of Source IP, Source Port, Destination IP, and Destination Port (the 4-tuple) to uniquely identify and demultiplex incoming segments to the correct socket.
Incorrect! Try again.
33Which of the following scenarios best highlights the difference between flow control and congestion control in the transport layer?
Transport Layer Services
Medium
A.Flow control is only used in UDP, while congestion control is exclusive to TCP.
B.Flow control prevents a fast sender from overwhelming a slow receiver, while congestion control prevents a sender from overwhelming the network routers.
C.Flow control manages errors using checksums, while congestion control recovers lost packets.
D.Flow control prevents the network core from dropping packets, while congestion control limits the application's data generation rate.
Correct Answer: Flow control prevents a fast sender from overwhelming a slow receiver, while congestion control prevents a sender from overwhelming the network routers.
Explanation:
Flow control is an end-to-end mechanism to protect the receiver's buffer, whereas congestion control protects the intermediate network infrastructure from too much traffic.
Incorrect! Try again.
34Both TCP and UDP provide multiplexing and demultiplexing. What primary mechanism makes this service possible at the transport layer?
Transport Layer Services
Medium
A.IP addresses
B.Checksums
C.Sequence numbers
D.Port numbers
Correct Answer: Port numbers
Explanation:
Port numbers are used by transport layer protocols to direct data to the appropriate application process, achieving multiplexing (at the sender) and demultiplexing (at the receiver).
Incorrect! Try again.
35During a TCP 3-way handshake, host A sends a SYN segment with sequence number . Host B responds with a SYN-ACK segment. What are the sequence and acknowledgment numbers in host B's response?
TCP- Header format and handshaking operation
Medium
A.Sequence Number = , Acknowledgment Number =
B.Sequence Number = , Acknowledgment Number =
C.Sequence Number = , Acknowledgment Number =
D.Sequence Number = , Acknowledgment Number =
Correct Answer: Sequence Number = , Acknowledgment Number =
Explanation:
In the SYN-ACK step, Host B generates its own initial sequence number () and acknowledges Host A's SYN by setting the acknowledgment number to .
Incorrect! Try again.
36What is the primary function of the 'Window Size' field in the TCP header?
TCP- Header format and handshaking operation
Medium
A.To specify the number of bytes the receiver is currently willing to accept.
B.To determine the size of the TCP header in 32-bit words.
C.To indicate the maximum segment size (MSS) the network can handle.
D.To dictate the size of the congestion window maintained by the sender.
Correct Answer: To specify the number of bytes the receiver is currently willing to accept.
Explanation:
The Window Size field is used for flow control. It advertises the amount of available buffer space at the receiver, telling the sender how much data can be sent unacknowledged.
Incorrect! Try again.
37If the 'Data Offset' (Header Length) field in a TCP header has a binary value of 0111, what is the total size of the TCP header in bytes?
TCP- Header format and handshaking operation
Medium
A.7 bytes
B.32 bytes
C.28 bytes
D.14 bytes
Correct Answer: 28 bytes
Explanation:
The Data Offset field indicates the length of the TCP header in 32-bit (4-byte) words. Binary 0111 is decimal 7. Thus, bytes.
Incorrect! Try again.
38In the TCP connection teardown process, Host A sends a FIN segment to Host B. Host B receives it and sends an ACK. What is the state of the connection at this exact moment?
TCP- Header format and handshaking operation
Medium
A.Host A can no longer send data, but Host B can still send data to Host A.
B.Host B can no longer send data, but Host A can still send data to Host B.
C.Both hosts can continue to send data until a TIME_WAIT timeout occurs.
D.The connection is completely closed in both directions.
Correct Answer: Host A can no longer send data, but Host B can still send data to Host A.
Explanation:
TCP supports half-close. When Host A sends a FIN and B acknowledges it, A cannot send more payload data, but B can continue sending data until B also sends its own FIN.
Incorrect! Try again.
39A UDP datagram carries an application payload of 40 bytes. What will be the value placed in the 'Length' field of the UDP header?
UDP- Header format
Medium
A.48
B.8
C.60
D.40
Correct Answer: 48
Explanation:
The UDP Length field specifies the length of the UDP header plus the UDP data. Since the UDP header is exactly 8 bytes, the total length is bytes.
Incorrect! Try again.
40Which of the following is true regarding the UDP checksum calculation?
UDP- Header format
Medium
A.It includes a pseudo-header containing IP addresses from the network layer to detect misrouted datagrams.
B.It is heavily relied upon for error correction without retransmission.
C.It only covers the UDP header to ensure fast processing at routers.
D.It is a mandatory 32-bit field in IPv4 to guarantee data integrity.
Correct Answer: It includes a pseudo-header containing IP addresses from the network layer to detect misrouted datagrams.
Explanation:
The UDP checksum is calculated over a pseudo-header (which includes source and destination IP addresses), the UDP header, and the data, helping ensure the datagram reached the correct destination.
Incorrect! Try again.
41In a DNS amplification attack, an attacker exploits the characteristics of the DNS protocol to overwhelm a victim. Which of the following combinations of DNS characteristics and architectural design choices makes this attack highly effective?
Domain Name System
Hard
A.The use of TCP for reliable zone transfers combined with DNSSEC cryptographic signatures.
B.The recursive resolution process of root servers combined with the lack of source port randomization in resolvers.
C.The stateless nature of UDP combined with spoofed source IP addresses and large response records like ANY or DNSSEC.
D.The use of iterative queries over TCP combined with a short Time-To-Live (TTL) for A records.
Correct Answer: The stateless nature of UDP combined with spoofed source IP addresses and large response records like ANY or DNSSEC.
Explanation:
DNS amplification attacks rely on UDP because its connectionless nature allows an attacker to spoof the source IP address (making it the victim's IP). The attacker requests records that yield large responses (like DNSSEC data or the ANY query), causing the DNS server to send a massive amount of data to the victim.
Incorrect! Try again.
42A local DNS server receives an iterative query for a host. The local server's cache contains an NS record for the authoritative domain with a remaining TTL of 5 seconds, but the corresponding A record for that name server has expired. How must the local DNS server proceed to resolve the query?
Domain Name System
Hard
A.It must query the root DNS server directly to re-establish the entire delegation chain.
B.It uses the cached NS record and broadcasts an ARP request to find the authoritative server's MAC address.
C.It must first resolve the IP address of the authoritative name server by issuing a new query for the name server's A or AAAA record.
D.It returns a non-existent domain (NXDOMAIN) error to the client since the glue record is missing.
Correct Answer: It must first resolve the IP address of the authoritative name server by issuing a new query for the name server's A or AAAA record.
Explanation:
To contact the authoritative name server specified in the cached NS record, the local DNS server needs its IP address. Since the A/AAAA record (glue record) has expired, the resolver must initiate a new resolution process specifically for the name server's hostname before it can continue the original query.
Incorrect! Try again.
43Consider a scenario where a domain's zone file contains a CNAME record mapping 'www.example.com' to 'server.example.net'. Which of the following configurations violates DNS RFC standards and will likely cause resolution failures?
Domain Name System
Hard
A.Creating an MX record for 'server.example.net'.
B.Creating an A record for 'server.example.net'.
C.Creating an MX record for 'www.example.com'.
D.Creating a TXT record for 'server.example.net'.
Correct Answer: Creating an MX record for 'www.example.com'.
Explanation:
According to DNS standards (RFC 1034/1912), if a CNAME record exists for a specific name (like 'www.example.com'), no other records (such as MX, TXT, or A) can exist for that exact same name. The CNAME must be the only record for that node.
Incorrect! Try again.
44An email with a large binary attachment is encoded using Base64 for transmission via SMTP. If the original binary attachment size is exactly $3$ Megabytes, what will be the approximate size of the encoded attachment transmitted over the network, ignoring MIME headers and line break characters?
E Mail
Hard
A.$4.5$ Megabytes
B.$6$ Megabytes
C.$3$ Megabytes
D.$4$ Megabytes
Correct Answer: $4$ Megabytes
Explanation:
Base64 encoding translates every 3 bytes of binary data into 4 characters (which take 4 bytes in ASCII). Therefore, it adds a overhead. A $3$ MB file will be encoded into exactly $4$ MB of data ().
Incorrect! Try again.
45During an SMTP transaction between a sending Message Transfer Agent (MTA) and a receiving MTA, the receiver issues a '452 Requested action not taken: insufficient system storage' reply after the sender issues the DATA command. What is the standard-compliant behavior of the sending MTA?
E Mail
Hard
A.Queue the message and retry sending it after a predetermined delay, up to a maximum timeout period.
B.Ignore the error and forcefully stream the message data, assuming a temporary buffer issue.
C.Drop the email immediately and send a Non-Delivery Report (NDR) to the original sender.
D.Downgrade the connection to unencrypted SMTP and attempt to resend the DATA command.
Correct Answer: Queue the message and retry sending it after a predetermined delay, up to a maximum timeout period.
Explanation:
In SMTP, status codes beginning with '4' indicate a transient negative completion reply (a temporary failure). The sending MTA must queue the message and retry later. A '5' series code would indicate a permanent error requiring an immediate Non-Delivery Report.
Incorrect! Try again.
46Which of the following best describes how the IMAP protocol handles state transitions when a client successfully authenticates and then selects a specific mailbox?
E Mail
Hard
A.Disconnected Authenticated Syncing
B.Not Authenticated Authenticated Selected
C.Authenticated Selected Fetching
D.Not Authenticated Selected Authenticated
Correct Answer: Not Authenticated Authenticated Selected
Explanation:
IMAP operates as a state machine. When a connection is established, it begins in the 'Not Authenticated' state. After successful login, it moves to the 'Authenticated' state. Once the client issues a SELECT command for a specific mailbox, it transitions to the 'Selected' state to allow reading/manipulating messages.
Incorrect! Try again.
47An FTP client behind a strict stateful NAT firewall attempts to download a file from a public FTP server using Active FTP mode. The control connection is established successfully, but the file transfer times out. What is the fundamental reason for this failure?
FTP
Hard
A.The FTP server drops the incoming SYN packet from the client because the client's source IP address is a private, non-routable address.
B.The NAT firewall drops the incoming SYN packet from the FTP server attempting to connect to the client's ephemeral port for the data connection.
C.The FTP protocol cannot multiplex control and data streams over a single TCP connection through a NAT.
D.The client's NAT firewall alters the PORT command payload, corrupting the TCP checksum of the control connection.
Correct Answer: The NAT firewall drops the incoming SYN packet from the FTP server attempting to connect to the client's ephemeral port for the data connection.
Explanation:
In Active FTP, the client opens a random port and sends the PORT command to the server. The server then initiates a new TCP connection from its port 20 to the client's random port. A typical NAT firewall will block this unsolicited inbound SYN packet from the server.
Incorrect! Try again.
48During a massive, multi-hour file transfer over an FTP data connection, the FTP control connection may suddenly be dropped by intermediate stateful firewalls. How can modern FTP clients and servers mitigate this specific issue without aborting the ongoing data transfer?
FTP
Hard
A.By embedding control commands within the data stream using escape sequences.
B.By enabling TCP Keep-Alive packets on the control connection or periodically sending harmless FTP commands like NOOP.
C.By automatically renegotiating a new passive port for the data connection every 10 minutes.
D.By switching to TFTP (Trivial File Transfer Protocol) for large files to avoid maintaining a control plane.
Correct Answer: By enabling TCP Keep-Alive packets on the control connection or periodically sending harmless FTP commands like NOOP.
Explanation:
Because the control connection is idle during a long data transfer, stateful firewalls may time out and drop the control connection. To prevent this, clients/servers can send TCP Keep-Alives or application-layer NOOP commands over the control connection to reset the firewall's idle timer.
Incorrect! Try again.
49If an IP datagram carrying a large TCP segment is fragmented into three pieces by an intermediate router, how does the destination host's transport layer demultiplex the segment to the correct application socket?
TRANSPORT LAYER: Relationship between Transport and Network Layer
Hard
A.The transport layer demultiplexes each fragment independently using the IP identification field to correlate them to the correct socket.
B.The intermediate router duplicates the TCP header into every fragment, allowing the destination transport layer to demultiplex them concurrently.
C.The network layer at the destination host reassembles the IP fragments; the transport layer is unaware of the fragmentation and uses the port numbers in the reassembled TCP header.
D.The destination router reassembles the fragments before delivering them to the transport layer, so the transport layer only sees the complete TCP segment with its header.
Correct Answer: The network layer at the destination host reassembles the IP fragments; the transport layer is unaware of the fragmentation and uses the port numbers in the reassembled TCP header.
Explanation:
IP fragmentation and reassembly are strictly network layer functions. The receiving host's network layer waits for all fragments, reassembles the original IP datagram, and then passes the complete payload (the TCP segment) to the transport layer. The transport layer relies on the TCP header (present only in the first fragment) for demultiplexing.
Incorrect! Try again.
50Which of the following scenarios best demonstrates a violation of the pure end-to-end principle regarding the relationship between the Transport and Network layers?
TRANSPORT LAYER: Relationship between Transport and Network Layer
Hard
A.The network layer using ICMP source quench messages to instruct the transport layer to slow down.
B.A host's transport layer calculating a checksum that includes a pseudo-header derived from IP layer addresses.
C.An intermediate NAT device modifying the TCP source port and recalculating the TCP checksum.
D.A router using Equal Cost Multi-Path (ECMP) to route packets of the same TCP connection over different physical paths.
Correct Answer: An intermediate NAT device modifying the TCP source port and recalculating the TCP checksum.
Explanation:
The end-to-end principle states that application-specific features (like transport layer connections) should reside entirely in the end nodes. A NAT device intercepts, modifies transport layer headers (ports), and alters end-to-end checksums at an intermediate network node, which inherently violates the pure end-to-end model.
Incorrect! Try again.
51A custom transport protocol is designed to provide strict flow control but explicitly lacks congestion control. Under which of the following network conditions will this protocol cause severe performance degradation for the entire network?
Transport Layer Services
Hard
A.When the sender and receiver are on the same local subnet with mismatched Maximum Transmission Units (MTU).
B.When multiple senders transmit data at high rates across a shared, bottlenecked WAN link, even if all receivers have infinite buffer space.
C.When the receiver's application processes data much slower than the sender transmits it over a gigabit LAN.
D.When the physical layer introduces a high bit error rate (BER) due to electromagnetic interference.
Correct Answer: When multiple senders transmit data at high rates across a shared, bottlenecked WAN link, even if all receivers have infinite buffer space.
Explanation:
Flow control protects the receiver from being overwhelmed, while congestion control protects the network. If the protocol lacks congestion control, senders will flood a bottlenecked network link, leading to router buffer overflows, packet loss, and congestive collapse, regardless of how fast the receiver can process data.
Incorrect! Try again.
52Why is it fundamentally impossible for Internet transport layer protocols (like TCP or UDP) to guarantee a maximum end-to-end delay (delay bounds) for application data?
Transport Layer Services
Hard
A.Because TCP's sliding window mechanism dynamically alters the transmission rate, introducing variable processing delays at the sender.
B.Because the underlying IP network layer provides a best-effort delivery service with variable queuing delays at intermediate routers.
C.Because transport layer checksum calculations require variable amounts of CPU time depending on the payload entropy.
D.Because UDP lacks acknowledgment mechanisms, making it impossible to measure Round Trip Time (RTT).
Correct Answer: Because the underlying IP network layer provides a best-effort delivery service with variable queuing delays at intermediate routers.
Explanation:
Transport layer services are constrained by the underlying network layer. Since IPv4/IPv6 are best-effort protocols with no inherent Quality of Service (QoS) reservations for strict timing, packets experience variable queuing delays at routers. Therefore, the transport layer cannot guarantee maximum delay bounds.
Incorrect! Try again.
53During a TCP SYN flood attack, a server utilizes SYN cookies to avoid allocating state for half-open connections. How does the server encode the necessary connection parameters (like MSS) to reconstruct the state when the final ACK arrives from a legitimate client?
TCP- Header format and handshaking operation
Hard
A.It embeds the parameters into the TCP Options field of the SYN-ACK packet, relying on the client to echo them back in the ACK packet.
B.It cryptographically hashes the client IP, port, and a secret key, and embeds this hash along with an MSS index into the server's Initial Sequence Number (ISN).
C.It modifies the TCP Window Size field in the SYN-ACK to represent a mathematical function of the MSS and a server-side secret.
D.It stores the MSS and client IP in a heavily compressed hash table indexed by the client's ISN.
Correct Answer: It cryptographically hashes the client IP, port, and a secret key, and embeds this hash along with an MSS index into the server's Initial Sequence Number (ISN).
Explanation:
To operate statelessly, SYN cookies encode vital information (like an index of the agreed MSS) and a cryptographic hash of the connection tuple and a secret key directly into the server's Initial Sequence Number (ISN) sent in the SYN-ACK. When the client replies with an ACK, the server validates the hash and decodes the MSS from the acknowledgment number.
Incorrect! Try again.
54Assume a TCP connection is operating over a $10$ Gbps link at maximum capacity. The TCP sequence number field is $32$ bits long. Approximately how long will it take for the sequence numbers to wrap around (complete one full cycle)?
TCP- Header format and handshaking operation
Hard
A. seconds
B. minutes
C. hours
D. seconds
Correct Answer: seconds
Explanation:
The TCP sequence number space is bytes (approx. bytes). A $10$ Gbps link transmits at bytes per second. Time to wrap around seconds.
Incorrect! Try again.
55In a TCP header, the Data Offset field is 4 bits long and indicates the size of the TCP header in 32-bit words. If a TCP segment carries the maximum allowable length of TCP Options, what is the value of the Data Offset field in decimal, and what is the size of the TCP Options field in bytes?
TCP- Header format and handshaking operation
Hard
A.Data Offset: $15$; Options Size: $60$ bytes
B.Data Offset: $60$; Options Size: $40$ bytes
C.Data Offset: $10$; Options Size: $20$ bytes
D.Data Offset: $15$; Options Size: $40$ bytes
Correct Answer: Data Offset: $15$; Options Size: $40$ bytes
Explanation:
The maximum 4-bit value for Data Offset is $15$. This means the max header size is bytes. Since the standard TCP header is $20$ bytes, the maximum size for TCP options is bytes.
Incorrect! Try again.
56Two hosts, A and B, perform a 'simultaneous open' in TCP, meaning both send SYN segments to each other simultaneously. What is the correct sequence of state transitions for Host A to establish the connection?
TCP- Header format and handshaking operation
Hard
A.CLOSED LISTEN SYN_RCVD ESTABLISHED
B.CLOSED SYN_SENT SYN_RCVD ESTABLISHED
C.CLOSED SYN_RCVD SYN_SENT ESTABLISHED
D.CLOSED SYN_SENT ESTABLISHED
Correct Answer: CLOSED SYN_SENT SYN_RCVD ESTABLISHED
Explanation:
In a simultaneous open, Host A sends a SYN (entering SYN_SENT). Before receiving B's SYN-ACK, A receives B's SYN. A responds with a SYN-ACK and transitions to the SYN_RCVD state. Once A receives B's ACK (or SYN-ACK), it transitions to ESTABLISHED.
Incorrect! Try again.
57Host A initiates an active close on a TCP connection with Host B. After sending the final ACK in the 4-way handshake, Host A enters the TIME_WAIT state for an interval equal to twice the Maximum Segment Lifetime (2MSL). Which of the following is the primary reason for this specific duration?
TCP- Header format and handshaking operation
Hard
A.To keep the socket buffers allocated in case the application process decides to reopen the connection immediately.
B.To allow enough time for Host B to transition from CLOSE_WAIT to LAST_ACK.
C.To ensure that if the final ACK is lost, Host B can retransmit its FIN and Host A can retransmit the final ACK, while also letting old duplicate segments expire in the network.
D.To synchronize the sequence numbers with the network layer's routing table updates.
Correct Answer: To ensure that if the final ACK is lost, Host B can retransmit its FIN and Host A can retransmit the final ACK, while also letting old duplicate segments expire in the network.
Explanation:
The TIME_WAIT state serves two main purposes: to reliably implement TCP's full-duplex connection termination (by ensuring the other side receives the final ACK, allowing retransmissions if lost), and to allow old duplicate segments from the connection to vanish from the network before the socket pair (tuple) can be reused.
Incorrect! Try again.
58When computing the UDP checksum for an IPv6 packet, the calculation includes a pseudo-header. Which of the following accurately describes a critical difference in the UDP checksum implementation between IPv4 and IPv6?
UDP- Header format
Hard
A.In IPv4, the pseudo-header includes the TTL field, whereas IPv6 uses the Hop Limit field in the pseudo-header.
B.In IPv6, the UDP checksum covers only the pseudo-header and UDP header, omitting the payload to optimize processing speed.
C.In IPv6, the pseudo-header includes the flow label field to ensure QoS parameters are not tampered with, whereas IPv4 does not.
D.In IPv4, the UDP checksum calculation is optional and can be set to all zeros, whereas in IPv6, the UDP checksum is strictly mandatory.
Correct Answer: In IPv4, the UDP checksum calculation is optional and can be set to all zeros, whereas in IPv6, the UDP checksum is strictly mandatory.
Explanation:
Because the IPv6 header inherently lacks its own header checksum (unlike IPv4), the transport layer checksum becomes critical for detecting corruption in the IP addresses. Therefore, RFC standards make the UDP checksum mandatory in IPv6, while it remains optional (set to 0x0000) in IPv4.
Incorrect! Try again.
59The UDP header contains a $16$-bit Length field. Given that the underlying IPv4 header also contains a Total Length field, the UDP Length field might seem redundant. In which of the following edge cases is the UDP Length field strictly necessary to correctly extract the UDP payload?
UDP- Header format
Hard
A.When the UDP packet encapsulates an IPsec ESP header which uses aggressive padding.
B.When the IP packet is fragmented, and the UDP header is distributed across multiple IP fragments.
C.The UDP length field is entirely redundant in IPv4 and was only included to maintain structural alignment with the TCP header.
D.When the Ethernet frame carrying the IP datagram is padded to meet minimum frame size requirements, causing the IP payload to contain trailing garbage bytes.
Correct Answer: When the Ethernet frame carrying the IP datagram is padded to meet minimum frame size requirements, causing the IP payload to contain trailing garbage bytes.
Explanation:
Ethernet requires a minimum payload size (46 bytes). If a small UDP datagram is sent, the Ethernet frame is padded. While IPv4's Total Length indicates the IP packet size, if an IP option isn't used or IP itself requires padding, the UDP length explicitly defines where the actual UDP data ends, differentiating valid payload from padding.
Incorrect! Try again.
60An application requires sending the largest possible UDP payload in a single, unfragmented standard Ethernet frame (MTU = 1500 bytes) over an IPv4 network without any IP options. What is the exact maximum size of the application data (UDP payload) in bytes?
UDP- Header format
Hard
A.$1460$ bytes
B.$1472$ bytes
C.$1500$ bytes
D.$1480$ bytes
Correct Answer: $1472$ bytes
Explanation:
The maximum Ethernet payload (MTU) is $1500$ bytes. A standard IPv4 header without options is $20$ bytes. The UDP header is $8$ bytes. Therefore, the maximum application payload size is bytes.