1.1 Threat Management Flashcards
what is a public cloud?
the standard cloud computing model where a service provider makes resources available to the public over the internet
what does OS fingerprinting involve?
using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)
what are the three main protocols that can be used for wireless networks?
wired equivalent privacy (WEP), WPAv1, WPAv2
what is the purpose of infrastructure as a service (IaaS) in cloud computing?
it provides computer and server infrastructure, typically through a virtualization environment
what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?
a firewall
what is the most common type of system used to detect intrusions into a computer network?
NIDS
what is the purpose of PaaS in cloud computing?
it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform
what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?
missed detection or false positive
what does the acronym IDS denote?
Intrusion detection system
what is the main difference between an IDS and an IPS?
an IDS detects intrusions. an IPS prevents intrusions
what does the acronym ACL denote?
access control list
what devices can limit the effectiveness of sniffing attacks: switches or routers?
switches
what are the two major types of intrusion detection systems (IDS)?
network IDS (NIDS) and host IDS (HIDS)
which type of IDS detects attack on individual devices?
host intrusion detection system (HIDS)
which layer 3 device allows different logical networks to communicate?
router
what is the default rule found in a firewall’s access control list (ACL)?
deny all
what does the acronym NIDS denote?
network-based intrusion detection system
which security control is lost when using cloud computing?
physical control of the data
what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?
false positive
what are the four types of cloud computing based on management type?
public, private, hybrid, and community
what is hybrid cloud?
a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud
what is multi-tenancy cloud?
a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently
which type of system identifies suspicious patterns that may indicate a network or system attack?
intrusion detection system (IDS)
why is data isolation used in cloud environments?
to ensure that tenant data in a multi-tenant solution is isolated from other tenant’ data using a tenant ID in the data labels
which information do routers use to forward packets to their destinations?
the network address and subnet mask
what does the acronym HIDS denote?
host-based intrusion detection system
what is a community cloud?
an infrastructure that is shared among several organizations from a specific group with common computing concerns
what is the purpose of software as a service (SaaS) in cloud computing?
it ensures on-demand, online access to an application suite without the need for local installation
what is a single-tenancy cloud?
a cloud model where a single client or organization uses a resource
what OS footprinting do?
it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on
which type of IDS detects malicious packets on a network?
network intrusion detection system (NIDS)
