1.0 Threat Management Flashcards
<p>what is a public cloud?</p>
<p>the standard cloud computing model where a service provider makes resources available to the public over the internet</p>
<p>what does OS fingerprinting involve?</p>
<p>using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)</p>
<p>what are the three main protocols that can be used for wireless networks?</p>
<p>wired equivalent privacy (WEP), WPAv1, WPAv2</p>
<p>what is the purpose of infrastructure as a service (IaaS) in cloud computing?</p>
<p>it provides computer and server infrastructure, typically through a virtualization environment</p>
<p>what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?</p>
<p>a firewall</p>
<p>what is the most common type of system used to detect intrusions into a computer network?</p>
<p>NIDS</p>
<p>what is the purpose of PaaS in cloud computing?</p>
<p>it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform</p>
<p>what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?</p>
<p>missed detection or false positive</p>
<p>what does the acronym IDS denote?</p>
<p>Intrusion detection system</p>
<p>what is the main difference between an IDS and an IPS?</p>
<p>an IDS detects intrusions. an IPS prevents intrusions</p>
<p>what does the acronym ACL denote?</p>
<p>access control list</p>
<p>what devices can limit the effectiveness of sniffing attacks: switches or routers?</p>
<p>switches</p>
<p>what are the two major types of intrusion detection systems (IDS)?</p>
<p>network IDS (NIDS) and host IDS (HIDS)</p>
<p>which type of IDS detects attack on individual devices?</p>
<p>host intrusion detection system (HIDS)</p>
<p>which layer 3 device allows different logical networks to communicate?</p>
<p>router</p>
<p>what is the default rule found in a firewall's access control list (ACL)?</p>
<p>deny all</p>
<p>what does the acronym NIDS denote?</p>
<p>network-based intrusion detection system</p>
<p>which security control is lost when using cloud computing?</p>
<p>physical control of the data</p>
<p>what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?</p>
<p>false positive</p>
<p>what are the four types of cloud computing based on management type?</p>
<p>public, private, hybrid, and community</p>
<p>what is hybrid cloud?</p>
<p>a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud</p>
<p>what is multi-tenancy cloud?</p>
<p>a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently</p>
<p>which type of system identifies suspicious patterns that may indicate a network or system attack?</p>
<p>intrusion detection system (IDS)</p>
<p>why is data isolation used in cloud environments?</p>
<p>to ensure that tenant data in a multi-tenant solution is isolated from other tenant' data using a tenant ID in the data labels</p>
<p>which information do routers use to forward packets to their destinations?</p>
<p>the network address and subnet mask</p>
<p>what does the acronym HIDS denote?</p>
<p>host-based intrusion detection system</p>
<p>what is a community cloud?</p>
<p>an infrastructure that is shared among several organizations from a specific group with common computing concerns</p>
<p>what is the purpose of software as a service (SaaS) in cloud computing?</p>
<p>it ensures on-demand, online access to an application suite without the need for local installation</p>
<p>what is a single-tenancy cloud?</p>
<p>a cloud model where a single client or organization uses a resource</p>
<p>what OS footprinting do?</p>
<p>it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on</p>
<p>which type of IDS detects malicious packets on a network?</p>
<p>network intrusion detection system (NIDS)</p>
what is lightweight extensible authentication protocol (LEAP)?
a proprietary wireless LAN authentication method developed by Cisco Systems
which type of analysis involves identifying traffic that is abnormal?
anomaly analysis
which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?
WPA2 with CCMP
which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?
active detection
what does the acronym SIEM denote?
security information and event management
what should you do to ensure that a wireless access point signal does not extend beyond it needed range?
reduce the power levels
which type of analysis involves examining information in the header of the packet?
protocol analysis
what is the purpose of MAC filtering?
to restrict the clients that can access a wireless network
what is protected extensible authentication protocol (PEAP)?
a protocol that encapsulates the EAP within an encrypted and authenticated TLS tunnel
what are the two modes of WAP and WPA2?
personal (also called preshared key or WPA-PSK / WPA2-PSK) and enterprise
what type of analysis focuses on the long term direction in the increase or decrease in a particular type of traffic?
trend analysis
which security protocol is the standard encryption protocol for use with the WPA2 standard?
counter mode cipher block chaining message authentication code protocol (CCMP)
which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?
temporal key integrity protocol (TKIP)
which intrusion detection system (IDS) watches for intrusions that match a known identity?
signature-based IDS
which software can collect logs from specified devices, combine the logs, and analyze the combined logs for security issues?
security information and event management (SIEM)
what doe heuristic analysis do?
it determines the susceptibility of a system towards a particular threat/risk using decision rules or weighing methods
which protocol does the enterprise mode of WPA and WPA2 use for authentication?
extensible authentication protocol (EAP)
which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?
isolation mode
which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?
heuristic
what doe packet analysis do?
it examines the entire packet, including the payload
what are the non-overlapping channels for 802.11g/n?
channels 1,6, and 11
what are the non-overlapping channels for 802.11b?
channels 1,6,11, and 14