Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Introduction to Networking > 11. Network Security Fundamentals > Flashcards

11. Network Security Fundamentals Flashcards

1
Q

List out the 4 types of threats

A
  1. Information Theft
  2. Data Loss and Manipulation
  3. Identity Theft
  4. Disruption of Service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What will result in when network are being attacked?

A
  1. Loss of Time & Money due to damange
  2. Theft important information or assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does attacker access network? ( )

A
  1. Software Vulnerabilities ( Bug )
  2. Hardware Attacks
  3. Guessing someone Username and Password
  4. Modifying software or exploiting vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is vulnerability ?

A
  1. Degree of weakness in a network or a device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What device that may have some vulnerability? ( 5 )

A
  1. Routers
  2. Switches
  3. Desktops
  4. Servers
  5. Security Devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List out the 3 primary vulnerabilities or weakness

A
  1. Technological Vulnerabilities
  2. Configuration Vulnerabilities
  3. Security Policy Vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does Technological Vulnerabilities might include ( 3 )

A
  1. TCP/IP Protocol Weakness
  2. Operating System Weakness
  3. Network Equipment Weakness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does Configuration Vulnerabilities might include?

A
  1. Unsecured user accounts
  2. System accounts with easily guessed passwords
  3. Misconfigured internet services
  4. Unsecure default settings
  5. Misconfigured netwoek equipment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does Security Policy Vulnerabilities might include?

A
  1. Lack of a written security policy, politics
  2. Lack of authentication continuity
  3. Logical access controls not applied
  4. Software and Hardware Installation
  5. Changes not following policy
  6. Nonexistent disaster recovery plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List out the 4 classes of physical threads

A
  1. Hardware Threats
  2. Environment Threads
  3. Electrical Threats
  4. Maintenance Threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does Hardware Threads includes?

A
  1. Physical Damage to
    • Servers
    • Routers
    • Switches
    • Cabling Plant
    • Workstations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does Environment Threats includes?

A
  1. Extreme Temperature
  2. Extreme Humidity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Electrical Threats include?

A
  1. Voltage Spikes
  2. Insufficient Supply Voltage
  3. Unconditioned Power
  4. Total power loss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does Maintenance Threats includes?

A
  1. Poor handling of key electrical components
  2. Lack of critical spare parts
  3. Poor cabling
  4. Poor labeling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the short form for Malicious Software?

A
  1. Malware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is viruses?

A
  1. A malware that propagates by inserting a copy of itself into, and becoming part of, another program
  2. Spreads from one computer to another, leaving infections as it travels
15
Q

What are the types of malware?

A
  1. Viruses
  2. Worms
  3. Trojan Horses
16
Q

What is worms?

A
  1. Similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage.
17
Q

What is the difference between viruses and worms?

A
  1. Viruses need to spread from an infected host file
  2. While worms are standalone software and do not require a host program or human help to propagate
18
Q

What is Trojan Horses?

A
  1. Harmful piece of software that looks legimate
19
Q

Do trojan horses reproduce by infectting other files?

A
  1. No
  • It must spread through user interaction ( Opening and email attachment , Downloading a file from the internet )
20
Q

List out 3 major categories for network attacks

A
  1. Reconaissance Attacks
    • Discovery and Mapping of Systems, Services or Vulnerabilities
  2. Access Attacks
    • The unauthorized manipulation of data system access, or user privileges
  3. Denial Of Service
    • The disabling or corruption of networks, systems, or services
21
Q

List out the 4 types of access attacks

A
  1. Password Attacks
  2. Trust Exploitation
  3. Port Redirection
  4. Man-in-the middle
22
Q

How does attacker attacks password?

A
  1. Brute Force
  2. Trojan Horse
  3. Packet Sniffers
23
Q

How does attacker uses trust exploitation for attacking?

A
  1. A threat actor uses unauthorized privileges to gain access to a system, possibly compromising the target
24
Q

How does attacker users port direction for attacking?

A
  1. A threat actor compromised system as a base for attacks against other targets.
  • A threat actor using SSH ( Port 22 ) to connect to a compromised host A. Host A is trusted by Host B and, therefore, the threat actor can use Telnet ( port 23 ) to access it
25
Q

How does attacker uses man-in-the middle for attacking?

A
  1. The threat actor is positional in between two legitimate entities in order to rad or modify the date that passes between the 2 parties
26
Q

What is teh most publicized form of attack and among the most difficult to eliminate?

A
  1. Denial of Service Attack
27
Q

What is a network or zombie PC called?

A
  1. Botnet
28
Q

List out the devices and services implemented to protect and organization’s users and assets against TCP/IP threats

A
  1. VPN
  2. ASA Firewall
  3. IPS
  4. ESA / WSA
  5. AAA Server
29
Q

What is one of the most effective ways of protecting against data loss?

A
  1. Keep Backups
  • Should be performed on a regular basis as identified in the security policy
30
Q

List out the backup considerations ( 4 )

A
  1. Frequency ( Backup on a regular basis )
  2. Storage
  3. Security
  4. Validation ( Strong password )
31
Q

What is the most effective way to mitigate a worm attack ?

A
  1. Download security updates from the OS vendor and patch all vulnerable systems
  • One solution to the management of critical security patches is to make sure all end systems automatically download updates
32
Q

What does Authentication, Authorization and Accounting Network Security ( AAA Server ) primary purposes?

A
  1. Set up access control on network devices
  • A way to control who is permitted to access a network ( authenticate ) what actions they perform while accessing the network and making a record of what was done while they are there ( accounting )
33
Q

List out the types of firewalls

A
  1. Packet Filtering
  2. Application Filtering
  3. URL Filtering
  4. Stateful Packet Inspection ( SPI )
    • Incoming packets must be legitimate responses to requests from internal hosts. Unsolicited packets are blocked unless permitted speci fically. SPI can also include the capability to recodnize and filter out specific types of attacks , such as denial of service ( DoS )
34
Q

Why securing endpoint devices is one of the most challenging jobs of a network administrator?

A
  1. It involves human nature
  • A company must have well-documented policies in place and employees must be aware of these rules
  • Often include the use of antivirus software and host intrison prevention
35
Q

List out some steps that should be taken that apply to most operating system

A
  1. Default usernames and passwords should be changed immediately
  2. Access to system resources should be restricted to only the individuals that are authorized to use those resources
  3. Any unecessary services and applications should be turned off and uninstalled when possible
  4. Ofen, devices shipped fromthe manufacturer have been sitting in a warehouse for a period of time and do not have the most up-to-date patches installed. It is important to update any software and install any security patches prior to implementation
36
Q

List out the standard guidelines for a strong password

A
  1. Use a password length of at least eight characters, preferably 10 or more characters.
  2. Make passwords complex. Include a mix of uppercase and lowercase letters, numbers, symbols, and spaces, if allowed.
  3. Avoid passwords based on repetition, common dictionary words, letter or number sequences, usernames, relative or pet names, biographical information, such as birthdates, ID numbers, ancestor names, or other easily identifiable pieces of information.
  4. Deliberately misspell a password. For example, Smith = Smyth = 5mYth or Security = 5ecur1ty.
  5. Change passwords often. If a password is unknowingly compromised, the window of opportunity for the threat actor to use the password is limited.
  6. Do not write passwords down and leave them in obvious places such as on the desk or monitor.
37
Q
A

Introduction to Networking (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions