2.0 Tools and Technologies

Question 1

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

Answer 1

ACL

Question 2

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.

Answer 2

Firewall

Question 3

A condition that states that unless otherwise given, the permission will be denied.

Answer 3

Implicit deny

Question 4

Firewall that filters packets based on the full context of a given network connection.

Answer 4

Stateful Firewall

Question 5

Firewall that is designed to protect networks based on static information such as source and destination.

Answer 5

Stateless Firewall

Question 6

Firewall that are designed to protect the public-facing servers providing specific applications

Answer 6

Application-based Firewall

Question 7

Firewall that controls traffic going in and out of a network.

Answer 7

Network-based Firewall

Question 8

A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.

Answer 8

IPSec

Question 9

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.

Answer 9

Authentication Header (AH)

Question 10

A technology used to securely connect to an organization’s internal network by tunneling unsecure protocols and data over a secure connection through an unsecure external network, such as the internet, to secure a device.

Answer 10

VPN (Virtual Private Network)

Question 11

An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).

Answer 11

ESP (Encapsulating Security Payload)

Question 12

A system that is not only responsible for detecting network attacks based upon certain traffic characteristics, but also has the ability to prevent and stop attacks upon detection.

Answer 12

NIPS (Network Intrusion Prevention System)

Question 13

A system that detects network attacks based upon certain traffic characteristics.

Answer 13

NIDS (Network Intrusion Detection System)

Question 14

A system that uses signatures to scan for attacks or viruses and then alerts the administrator.

Answer 14

Signature-based System

Question 15

A system that relies on an established pattern of behavior, typically through the establishment of a usage baseline, in order to detect unusual patterns, such as network attacks or misuse.

Answer 15

Heuristic/Behavioral Based System

Question 16

A system that relies on an established pattern of behavior, typically through the establishment of a usage baseline, in order to detect unusual patterns, such as network attacks or misuse.

Answer 16

Anomoly/Behavioral Based System

Question 17

A system that combines the best of both anomoly-based and signature-based systems.

Answer 17

Heuristic Based System

Question 18

A flagged event that isn’t really an event and has been falsely triggered.

Answer 18

False Positive

Question 19

An event that should be flagged but isn’t.

Answer 19

False Negative

Question 20

A hardware device used to connect physically separate local area networks. These devices direct traffic based upon logical Internet protocol addresses, and also eliminate broadcast domains, since broadcasts cannot normally cross router connections to different networks.

Answer 20

Router

Question 21

A method used on some routers to protect against spoofing attacks . A common implementation is to implement specific rules to block certain traffic.

Answer 21

Antispoofing

Question 22

A network device that can replace a router or hub in a local network and get data from a source to a destination. Switching allows for higher speeds.

Answer 22

Switch

Question 23

The “Data Link Layer” identifies devices on the physical layer.
MAC addresses and Bridges operate at the Data Link Layer

Answer 23

Layer 2

Question 24

The “Network Layer” moves packets between computers on different networks.
Routers, IP, IPX operate at the “Network Layer”

Answer 24

Layer 3

Question 25

A method of preventing switching loop or bridge loop problems.
STP and RSTP prevent switching loops.

Answer 25

Loop Prevention

Question 26

A structuire of thwarting flood attacks.
On Switches, a flood guard thwarts MAC flood attacks.
On routers, a flood guard prevents SYN Flood Attacks.

Answer 26

Flood Guard

Question 27

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

Answer 27

Proxy

Question 28

A device or software that recognizes application-specific commands and offers granular control over them.

Answer 28

Application Proxy

Question 29

Dividing a load for greater efficiency of management among multiple devices.

Answer 29

Load Balancer

Question 30

Scheduling method used with load balancers. It uses client IP addresses to ensure the client is redirected to the same server during a session.

Answer 30

Affinity

Question 31

Scheduling method used with load balancers. It redirects each client request to servers in a predetermined order.

Answer 31

Round-Robin

Question 32

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).

Answer 32

AP (Access Point)

Question 33

The Service Set Identifier (SSID) is used by the access point of a wireless LAN to identify itself and is intended to be unique for a particular area/entity on a network.

Answer 33

SSID

Question 34

Form if NAC to allow or block access based on the MAC address.
Its configured on switches for port security or on AP’s for wireless security.

Answer 34

MAC Filtering

Question 35

Refers to the technologies and products used to integrate security information management and security event management information into a centralized interface, providing real-time event correlation and analysis.

Answer 35

SIEM (Security Information and Event Management)

Question 36

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

Answer 36

Aggregation Switch

Question 37

A self replicating malware that travels through a network. They do not need user interaction to execute.

Answer 37

WORM

Question 38

Software or techniques designed to detect attempts to exfiltrate data.

Answer 38

DLP (Data Loss Prevention)

Question 39

Solutions specifically protect organizations that have adopted cloud storage by ensuring sensitive data does not make its way into the cloud without first being encrypted and is only sent to authorized cloud applications.

Answer 39

Cloud-Based DLP

Question 40

The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.

Answer 40

NAC (Network Access Control)

Question 41

A NAC agent that runs on a client, but deletes itself later. It checks the client for healt.

Answer 41

Dissolvable Agent

Question 42

A NAC that is installed on a client permanently. It checks for client health.

Answer 42

Permanent Agent

Question 43

A process that scrambles, or ciphers, data to make it unreadable.
Usually includes a public algorithm and a private key.

Answer 43

Encryption

Question 44

A network device used to connect multiple networks together. It can be used other than a router in some situations.

Answer 44

Bridge

Question 45

A server that examines and processes all incoming and outgoing emails.
It typically includes a spam filter and DLP capabilities.

Answer 45

Mail Gateway

Question 46

A software or hardware tool that has the capability to collect and analyze network traffic information.

Answer 46

Protocol Analyzer/Packet Analyzer

Question 47

A tool that enumerates your network and provides a map of the network.

Answer 47

Network Scanner

Question 48

A process used to discover devices on a network, including how they are connected.

Answer 48

Network Mapping

Question 49

A network scanner that scans wireless frequency bands.

Answer 49

Wireless Scanner

Question 50

Identifying specific vulnerabilities in your network.

Answer 50

Vulnerability Scanner

Question 51

The practice of hiding data within data.

Answer 51

Steganography

Question 52

A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.

Answer 52

Honeypot

Question 53

A network that functions in the same manner as a honeypot.

Answer 53

Honeynet

Question 54

A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.

Answer 54

Banner Grabbing

Question 55

Command line tool used to test connectivity with remote systems.

Answer 55

ping

Question 56

A command line tool used to show network statistics on a system.

Answer 56

netstat

Question 57

A command line tool used to trace the route between two systems.

Answer 57

tracert

Question 58

A command line tool used to test DNS on Microsoft systems.

Answer 58

nslookup/dig

Question 59

A command line tool used to show and manipulate the ARP Cache.

Answer 59

arp

Question 60

A command line tool used on Windows Systems to show the configuration settings on a NIC.

Answer 60

ipconfig

Question 61

A command line tool used on Linux systems to show and manipulate setting on a network interface card.

Answer 61

ifconfig

Question 62

A command line protocol analyzer. Administrators use it to capture packets.

Answer 62

tcpdump

Question 63

A command line tool used to scan networks. A type of network scanner.

Answer 63

nmap

Question 64

A command line tool used to connect remote systems.

Answer 64

netcat

Question 65

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

Answer 65

HIDS (Host-Based Intrusion Detection System)

Question 66

An intrusion prevention system that is host based. An alternative is an intrusion prevention system that is network based.

Answer 66

HIPS (Host-Based Intrusion Prevention System)

Question 67

Software that identifies the presence of a virus and is capable of removing or quarantining the virus.

Answer 67

Antivirus

Question 68

The concept of implementing multipurpose security devices that perform a wide variety of functions, including firewall, proxy, VPN, and data loss prevention functions.

Answer 68

UTM (Unified Threat Management)

Question 69

A communication system that allows devices to connect to a satellite for communications.

Answer 69

SATCOM (Satellite Communications)

Question 70

A practice where mobile devices are configured to alert the administrator if they are removed from a particular area, such as the business campus.

Answer 70

Geofencing

Question 71

The location of a device identifies by GPS. It can help locate a lost or stolen mobile device.

Answer 71

Geolocation

Question 72

Mobile device environment in which employees are allowed to use their personally owned devices to access. store. and process data belonging to the organization.

Answer 72

BYOD (Bring Your Own Device)

Question 73

A mobile device deployment model. The organization purchases and issues devices to employees.

Answer 73

COPE (Corporate Owned/Personally Enabled)

Question 74

A mobile device deployment model. Employees can connect their personally owned device to the network as long as the device is on a pre-approved list.

Answer 74

CYOD (Choose Your Own Device)

Question 75

Users access a server hosting virtual desktops and run the desktop operating system from the server.

Answer 75

VDI (Virtual Desktop Infrastructure)

Question 76

A suite of security extensions proposed and and used by the U.S. government and other entities that allows for secure Domain Name System (DNS) queries and zone transfers.

Answer 76

DNSSEC (DNS Security Extenstions)

Question 77

A secure remote connection/terminal emulation program that is not only a protocol but also a suite of secure utilities.

Answer 77

SSH (Secure Shell)

Question 78

Secure version of the Multipurpose Internet Mail Extensions (MIME) protocol built into every e-mail client that enables users to make e-mail attachments.

Answer 78

S/MIME (Secure MIME)

Question 79

A protocol used to encrypt and provide authentication for Real-time Transport Protocol (RTP) traffic. Used for audio/video streaming.

Answer 79

SRTP (Secure Real-time Transport Protocol)

Question 80

A protocol that us used in distributed directory services networks such as Active Directory, to assist hosts in locating network resources.

Answer 80

LDAP (Lightweight Directory Access Protocol)

Question 81

An application-level protocol used to transfer files from one host to another.

Answer 81

FTP (File Transfer Protocol)

Question 82

An extension of Secure Shell (SSH) used to encrypt FTP traffic.

Answer 82

SFTP (Secure File Transfer Protocol)

Question 83

A protocol used to monitor and manage network devices such as routers and switches.

Answer 83

SNMPv3 (Simple Network Management Protocol Version 3)

Question 84

Used to encrypt data-in-transit with the use of certificates.

Answer 84

SSL/TLS (Secure Sockets Layer)

Question 85

A protocol usedd to encrypt HTTP traffic.

Answer 85

HTTPS (Hypertext Transfer Protocol Secure)

Question 86

One of two client-level e-mail protocols that receive e-mail from SMTP servers.

Answer 86

Secure POP/IMAP