1.1 Threat Management

Question 1

what is a public cloud?

Answer 1

the standard cloud computing model where a service provider makes resources available to the public over the internet

Question 2

what does OS fingerprinting involve?

Answer 2

using active fingerprinting to look at the ports (open/closed and the types of responses) and passive fingerprinting to examine the traffic to and from the computer (looking for the default window size or TTL of packets)

Question 3

what are the three main protocols that can be used for wireless networks?

Answer 3

wired equivalent privacy (WEP), WPAv1, WPAv2

Question 4

what is the purpose of infrastructure as a service (IaaS) in cloud computing?

Answer 4

it provides computer and server infrastructure, typically through a virtualization environment

Question 5

what do you use to control traffic from the internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

Answer 5

a firewall

Question 6

what is the most common type of system used to detect intrusions into a computer network?

Answer 6

NIDS

Question 7

what is the purpose of PaaS in cloud computing?

Answer 7

it provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform

Question 8

what is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

Answer 8

missed detection or false positive

Question 9

what does the acronym IDS denote?

Answer 9

Intrusion detection system

Question 10

what is the main difference between an IDS and an IPS?

Answer 10

an IDS detects intrusions. an IPS prevents intrusions

Question 11

what does the acronym ACL denote?

Answer 11

access control list

Question 12

what devices can limit the effectiveness of sniffing attacks: switches or routers?

Answer 12

switches

Question 13

what are the two major types of intrusion detection systems (IDS)?

Answer 13

network IDS (NIDS) and host IDS (HIDS)

Question 14

which type of IDS detects attack on individual devices?

Answer 14

host intrusion detection system (HIDS)

Question 15

which layer 3 device allows different logical networks to communicate?

Answer 15

router

Question 16

what is the default rule found in a firewall’s access control list (ACL)?

Answer 16

deny all

Question 17

what does the acronym NIDS denote?

Answer 17

network-based intrusion detection system

Question 18

which security control is lost when using cloud computing?

Answer 18

physical control of the data

Question 19

what is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?

Answer 19

false positive

Question 20

what are the four types of cloud computing based on management type?

Answer 20

public, private, hybrid, and community

Question 21

what is hybrid cloud?

Answer 21

a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally via a public cloud

Question 22

what is multi-tenancy cloud?

Answer 22

a cloud model where multiple tenants share the resources. this model allows the service providers to manage the resource utilization more efficiently

Question 23

which type of system identifies suspicious patterns that may indicate a network or system attack?

Answer 23

intrusion detection system (IDS)

Question 24

why is data isolation used in cloud environments?

Answer 24

to ensure that tenant data in a multi-tenant solution is isolated from other tenant’ data using a tenant ID in the data labels

Question 25

which information do routers use to forward packets to their destinations?

Answer 25

the network address and subnet mask

Question 26

what does the acronym HIDS denote?

Answer 26

host-based intrusion detection system

Question 27

what is a community cloud?

Answer 27

an infrastructure that is shared among several organizations from a specific group with common computing concerns

Question 28

what is the purpose of software as a service (SaaS) in cloud computing?

Answer 28

it ensures on-demand, online access to an application suite without the need for local installation

Question 29

what is a single-tenancy cloud?

Answer 29

a cloud model where a single client or organization uses a resource

Question 30

what OS footprinting do?

Answer 30

it performs the fingerprinting steps as well as gathering additional information, such as polling DNS (check the status/survey), registrar queries, and so on

Question 31

which type of IDS detects malicious packets on a network?

Answer 31

network intrusion detection system (NIDS)