1.0 Network Security

Question 1

What does security mean?

Answer 1

Security is the degree of protection against danger, damage, loss, and criminal activity.

Question 2

What does CIAN stand for?

Answer 2

CIAN stands for Confidentiality Integrity Availability Non-repudiation.

Question 3

What are the steps of an attack?

Answer 3

Then steps of an attack generally include Reconnaissance, Breach, Escalate privilages, Stage, Exploit.

Question 4

What defense methodology is Layering?

Answer 4

Layering involves implementing multiple security measures to protect the same asset.

Question 5

What defense methodology is the principle of least privilege?

Answer 5

The principle of least privilege states that users or groups are given only the access they need to do their job and nothing more.

Question 6

What does access control mean?

Answer 6

Access control is the ability to permit or deny privileges that users have when accessing resources on a network or computer.

Question 7

What processes are included in access control?

Answer 7

Some processes that are included in access control are Identification, Authentication, Authorization, and Auditing.

Question 8

What is the MAC access control model?

Answer 8

The MAC access control model is Mandatory Access Control which uses authorization policies to determine if a resource can be accessed by a specific user.

Question 9

What is the DAC access control model?

Answer 9

The DAC access control model is Discretionary Access Control which assigns access directly to users based on the discretion of the owner of the resource.

Question 10

What is the RBAC access control model?

Answer 10

The RBAC access control model is Role-Based Access Control where access is allowed based on the role of the user in an organization.

Question 11

What does authorization mean?

Answer 11

Authorization is the process of controlling access to resources.

Question 12

What is an Access Control List?

Answer 12

An Access Control List identifies users or groups who have specific security assignments to an object.

Question 13

What is a DACL type of access list?

Answer 13

A DACL access list is a Discretionary Access Control List which is the implementation of Discretionary Access Control (DAC)

Question 14

What is a SACL type of access list?

Answer 14

A SACL access list is a System Access Control List which is used by Microsoft for auditing to identify past actions performed by users on an object.

Question 15

What are Effective Permissions?

Answer 15

Effective permissions are the combined inherited permissions and explicit permissions.

Question 16

Define ‘Need to know’.

Answer 16

Need to know describes the restriction of data that is highly sensitive and is usually referenced in government and military context.

Question 17

Define ‘Separation of duty”.

Answer 17

Separation of duty is the concept of having more than one person required to complete a task.

Question 18

Define ‘Job rotation’.

Answer 18

Job rotation is a technique where users are cross-trained in multiple job positions, and where responsibilities are regularly rotated between personnel.

Question 19

Define ‘Defense-in-depth’.

Answer 19

Defense-in-depth is an access control method which implements multiple access control methods instead of relying on a single method.

Question 20

What is creeping privileges?

Answer 20

Creeping privileges occurs when a user’s job position is changed and they are granted a new set of access privileges and their previous access privileges are not removed or modified.

Question 21

What are the four stages in the remote access process?

Answer 21

The four stages in the remote access process are Connection, Authentication, Authorization, and Accounting.

Question 22

Explain RADIUS.

Answer 22

Remote Authentication Dial-In User Service is used to centralize remote access administration. A RADIUS server combined authentication, authorization, and accounting and can use PPP, CHAP, and PAP. RADIUS uses UDP port 1812 and 1813.

Question 23

Explain TACACS+

Answer 23

Terminal Access Controller Access-Control System Plus is used to centralize remote access administration. TACACS+ provides authentication, authorization, and accounting with the ability to host each service on separate servers. TACACS+ uses TCP port 49.

Question 24

What is Telephony?

Answer 24

Telephony is the transmission of voice communications.

Question 25

What is 'convergence'?

Answer 25

Convergence refers to the intermingling of voice and data services on networks.

Question 26

What are the layers of the OSI model?

Answer 26

``` Layer 7: Application Layer 6: Presentation Layer 5: Session Layer 4: Transport Layer 3: Network Layer 2: Data Link Layer 1: Physical ```

Question 27

What are two types of Reconnaissance?

Answer 27

Organization (conducting research about a company to find information and create a profile about the organization) and Technical (using electronic means to scan systems to collect configuration and security data).

Question 28

What is the difference between passive reconnaissance and active scanning?

Answer 28

Passive reconnaissance is characterized by gathering data while active scanning is coming into contact with the system.

Question 29

What is a ping flood?

Answer 29

A ping flood is a simple DoS attack where the attacker overwhelms the victim with ICMP Echo Request packets.

Question 30

What is the ping of death?

Answer 30

The ping of death is a DoS attack that uses the ping program to send oversized ICMP packets.

Question 31

What is a smurf attack?

Answer 31

A smurf attack is a form or DRDoS attack that spoofs the source address in ICMP packets.

Question 32

What is a SYN flood attack?

Answer 32

A SYN flood attack exploits the TCP three-way handshake by not sending the last message that would close the message.

Question 33

What is a LAND attack?

Answer 33

A LAND attack is one in which the attacker floods the victim's system with packets that have forged headers.

Question 34

What is a Christmas Tree attack?

Answer 34

A Christmas tree attack uses an IP packet with every option turned on for the protocol being used.

Question 35

What is a bastion host?

Answer 35

A bastion or sacrificial host is any host that is exposed to attack and that has been hardened against those attacks.

Question 36

What is a demilitarized zone?

Answer 36

A demilitarized zone or DMZ is a buffer network that sits between the private network and an untrusted network.

Question 37

What is a screening router?

Answer 37

A screening router is the router that is most external to your network and closest to the Internet.

Question 38

What is a duel-homed gateway?

Answer 38

A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to a private network, and one connected to a public network.

Question 39

What is a screened host gateway?

Answer 39

A screened host gateway resides within the DMZ, requiring users to authenticate in order to access resources within the DMZ or the intranet.

Question 40

What is the difference between a network-based firewall and a host-based firewall?

Answer 40

A host-based firewall inspects the traffic when it is received by a host while a network-based firewall inspects the traffic while it comes into the network.

Question 41

What is a packet filtering firewall?

Answer 41

A packet filtering firewall makes decisions about which traffic to allow by examining information in the IP packet header.

Question 42

What is a stateful firewall?

Answer 42

A stateful firewall makes decisions about which traffic to allow based on virtual circuits or sessions.

Question 43

What is an application firewall?

Answer 43

An application firewall makes security decisions based on information contained within the data portion of a packet.

Question 44

What is a NAT router?

Answer 44

A Network Address Translation (NAT) router translates multiple private addresses the single registered IP address.

Question 45

What is a VPN?

Answer 45

A Virtual Private Network (VPN) is a remote access connection that uses encryption to securely send data over an untrusted network.

Question 46

Explain what PPTP is.

Answer 46

Point-to-Point Tunneling Protocol (PPTP) was one of the first VPN protocols. It uses CHAP or PAP for authentication and MPPE for encryption. PPTP uses TCP port 1723.

Question 47

Explain what L2TP is.

Answer 47

Layer 2 Tunneling Protocol (L2TP) is an open standard for securing multi-protocol routing. It operates at the data-link layer and uses IPSec for encryption. L2TP uses TCP port 1701 and UDP port 500.

Question 48

Explain what IPSec is.

Answer 48

Internet Protocol Security provides authentication and encryption and can be used in conjunction with L2TP or by itself as a VPN solution. IPSec uses Authentication Header (AH) for authentication and Encapsulating Security Payload (ESP) for encryption.

Question 49

Explain what SSL is.

Answer 49

Secure Sockets Layer (SSL) is a protocol that has long been used to secure traffic generated by other IP protocols. SSL encrypts the entire communication session and uses port 443.

Question 50

What is NAP?

Answer 50

Network Access Protection (NAP) is a collection of components that allow administrators to regulate network access or communication based on a computer's compliance with health requirement policies.

Question 51

What is a NAP client and a NAP server?

Answer 51

A NAP client is a computer that has NAP-aware software while a NAP server is responsible for keeping track of health requirements and verifying that clients meet those requirements.

Question 52

What is an enforcement server?

Answer 52

An enforcement server is the connection point for clients to the network.

Question 53

What are remediation servers?

Answer 53

Remediation servers are a set of resources that non-compliant computers can access on the limited-access network.

Question 54

What is a DHCP enforcement server?

Answer 54

The DHCP enforcement server controls access by leasing addresses only to computers that meet the health requirements.

Question 55

What is a Remote Desktop Gateway server?

Answer 55

A Remote Desktop Gateway server can be combined with NAP to allow or deny access based on health compliance.

Question 56

What is WEP?

Answer 56

Wired Equivalent Privacy (WEP) is an optional component of the 802.11 specification and is available in 64-bit and 128-bit implementations. WEP uses RC4 with a 40-bit key for encryption and CRC-32 for data integrity.

Question 57

What is WPA?

Answer 57

Wi-Fi Protected Access (WPA) is the implementation name for wireless security besed on initial 802.11i drafts and uses TKIP for encryption. WPA provides dynamic keys and dynamic key rotation.

Question 58

What is WPA2?

Answer 58

Wi-Fi Protected Access 2 (WPA2) or 802.11i usesCBC-MAC for data integrity and AES with either TKIP or CCMP for encryption. WPA2 supports dynamic key generation and rotation through CCMP.

Question 59

What is a rouge access point?

Answer 59

A rouge access point is any unauthorized access point added to a network.

Question 60

What is the difference between wardriving and warchalking?

Answer 60

Wardriving involves an attacker scanning an area looking for available wireless networks where warchalking involves drawing symbols in public places to advertise the existence and status or wireless networks.

Question 61

What is EAP?

Answer 61

Extensible Authentication Protocol (EAP) is a set of interface standards that allows you to use various authentication methods.

Question 62

What is LEAP?

Answer 62

Light-weight Extensible Authentication Protocol (LEAP) is considered to be the weakest 802.1x protocol. It does not use SSL/TLS to encapsulate authentication data.

Question 63

What is PEAP?

Answer 63

Protected Extensible Authentication Protocol (PEAP) provides authentication in an SSL/TLS tunnel with a sungle certificate on the server.

Question 64

What is MAC flooding?

Answer 64

MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub.

Question 65

What is ARP spoofing/poisoning?

Answer 65

ARP spoofing/poisoning associates the attacker's MAC address with the IP address of victim devices.

Question 66

What is MAC spoofing?

Answer 66

MAC spoofing is changing the source MAC address on frames sent by the attacker.

Question 67

What is DTP?

Answer 67

Dynamic Trunking Protocol (DTP) is where switches have the ability to automatically detect ports that are trunk ports and to negotiate the trunking protocol used between devices.

Question 68

What is a VLAN?

Answer 68

A Virtual LAN (VLAN) is a logical grouping of computers based on switch ports.

Question 69

What is MAC filtering/port security?

Answer 69

With switch port security, the devices that can connect to a switch through the port are restricted by MAC address.

Question 70

What is port authentication?

Answer 70

Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch.

Question 71

What is FTP?

Answer 71

File Transfer Protocol (FTP) uses IPSec or a VPN tunnel to transfer data. It uses port 20 for data transfer and 21 for logons.

Question 72

What is TFTP?

Answer 72

Trivial File Transfer Protocol (TFTP) provides no authentication, encryption or error detection to transfer files.

Question 73

What is SCP?

Answer 73

Secure Copy Protocol (SCP) uses SSH to secure file transfers and logon credentials.

Question 74

What is SFTP?

Answer 74

Secure Shell File Transfer Protocol (SFTP) is a file transfer protocol that uses SSH to secure data transfers. SFTP is not FTP that uses SSH but rather a secure transfer protocol that is separate from FTP.

Question 75

What is Secure FTP?

Answer 75

Secure FTP tunnels FTP traffic through an SSH tunnel.

Question 76

What is FTPS?

Answer 76

FTP Secure (FTPS) is FTP that uses SSL to secure logon credentials and encrypt data transfers.

Question 77

What is Virtualization?

Answer 77

Virtualization is the ability to install and run multiple operating systems concurrently on a single physical machine.

Question 78

What is included in virtualization?

Answer 78

Typically, components of virtualization are a physical machine, a virtual machine, a virtual hard disk, and a hypervisor.

Question 79

What is a 'hot site'?

Answer 79

A hot site is a redundant facility that is immediately available, requiring only a few minutes to hours to activate.

Question 80

What is a 'warm site'?

Answer 80

A warm site is a partially configured redundant facility that takes a few days to a few weeks to activate.

Question 81

What is a 'cold site'?

Answer 81

A cold site takes a few weeks to a few months to activate.

Question 82

What is clustering?

Answer 82

Clustering is the connection of a group if independent computers to increase the availability to applications and services.

Question 83

What is a high availability cluster?

Answer 83

A high availability cluster is a group of computers that are configured with the same service.

Question 84

What is a load balancing cluster?

Answer 84

A load balancing cluster disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput or response time.

Question 85

What is SSL?

Answer 85

Secure Sockets Layer (SSL) secures messages being transmitted on the internet. It uses RSA or KEA for secure exchange of encryption keys and uses port 443.

Question 86

What is TLS?

Answer 86

Transport Layer Security (TLS) is the successor to SSL 3.0. TLS uses Diffie-Hellman or RSA to exchange session keys.

Question 87

What is SSH?

Answer 87

Secure Shell (SSH) allows for secure interactive control of remote systems.

Question 88

What is Authentication Header?

Answer 88

Authentication Header (AH) provides authenticity, non-repundiation, and integrity.

Question 89

What is ESP?

Answer 89

Encapsulating Security Payload (ESP) provides all security of AH plus confidentiality.

Question 90

What is a public cloud?

Answer 90

A public cloud can be accessed by anyone.

Question 91

What is a private cloud?

Answer 91

A private cloud provides resources to a single organization.

Question 92

What is a community cloud?

Answer 92

A community cloud is designed to be shared by several organizations.

Question 93

What is a hybrid cloud?

Answer 93

A hybrid cloud is composed of a combination of public, private, and community cloud resources from different service providers.

Question 94

What is IaaS?

Answer 94

Infrastructure as a Service (IaaS) delivers infrastructures to the client, such as processing, storage, networks, and virtualized environments.

Question 95

What is PaaS?

Answer 95

Platform as a Service (PaaS) delivers everything a developer needs to build an application.

Question 96

What is SaaS?

Answer 96

Software as a Service (SaaS) delivers software applications to the client either over the Internet or on a local area network.

Question 97

What is a protocol analyzer?

Answer 97

A protocol analyzer is hardware or software for monitoring and analyzing digital traffic over a network.