3 & 4 – Network Operations & Security Flashcards

Question 1

Q

What are some examples of Fault Tolerance?

Answer

A

RAID UPS Clustering Load balancing Any redundant hardware components or network paths

Question 2

Q

What does “High Availability” mean?

Answer

A

Automatic fault tolerance such that there is essentially zero down time.

Question 3

Q

What is NIC Teaming?

Answer

A

• Multiple network adapters combined in software to work as a single adapter. • Used particularly in virtualization / SDN. • Aggregates bandwidth and provides redundant paths. • NICs communicate with each other to fail over when a NIC doesn’t respond. • LBFO: Load Balancing / Fail Over.

Question 4

Q

What is Port Aggregation?

Answer

A

Using multiple interfaces as a single port, which provides redundancy. If used across multiple switches, it provides fault tolerance.

Question 5

Q

What is a Cold Site?

Answer

A

A recovery site. • Has no hardware, no data, and no people. • Just an empty location that you would need to bring everything to if the main site went down.

Question 6

Q

What is a Warm Site?

Answer

A

A recovery site that functions somewhere between a cold site and a hot site. • May have some hardware ready and waiting, but you would need to bring the data. • Or, it may just have empty rack space, and you’d also need to bring hardware.

Question 7

Q

What is a Hot Site?

Answer

A

A type of recovery site that is an exact (or, at least sufficient) replica of your main site. • Has all necessary hardware. You buy two of everything, one for the main site and one for the hot site. • Applications, software, and data are constantly updated via automated replication from the main site.

Question 8

Q

What is MTTR?

Answer

A

Mean Time to Restore (or, Repair)

Question 9

Q

What is MTBF?

Answer

A

Mean Time Between Failures

Question 10

Q

What is an SLA?

Answer

A

Service Level Agreement • Contractual recovery expectations. If there is an outage, it must be restored within a certain time. • May include penalties for not meeting certain service levels.

Question 11

Q

What is SIEM?

Answer

A

Security Information and Event Management • Software or a device which allows you to consolidate logs and real-time monitoring data for long-term storage. • Usually needs a lot of disk space. • Can create reports, send out security alerts, and provide details for forensic analysis.

Question 12

Q

What is a vulnerability scan?

Answer

A

Checks for vulnerabilities on your network, but is usually minimally invasive, unlike a penetration test. • Runs a scan, identifies systems and security devices. • Can test the network from both the inside and the outside.

Question 13

Q

What are some examples of what a vulnerability scan is useful for identifying?

Answer

A

• Lack of security controls, such as no firewall or no AV. • Misconfigurations, such as open shares or guest access. • Application and service vulnerabilities • Finds unknown devices on the network

Question 14

Q

What is Syslog?

Answer

A

A standardized way to transfer log information from a variety of different devices to a centralized log receiver, often a SIEM.

Question 15

Q

What is a MIB?

Answer

A

Management Information Base • A database of data used for SNMP. • MIB-II is the standardized database, that most devices use. • Proprietary MIBs also exist. A MIB for a specific device can be provided to an SNMP system so it knows how to read that device’s SNMP metrics.

Question 16

Q

What is IPSec?

Answer

A

Internet Protocol Security • A remote access protocol. • One of the most popular. Different vendors can be implemented together. • Commonly used for Site-to-Site VPNs. • Provides security at OSI Layer 3 (network) • Authenticates and encrypts every packet.

Question 17

Q

What is an SSL VPN?

Answer

A

• Commonly used for end-user / client-to-site VPN access. • Uses the common SSL/TLS protocol (tcp/443), which is typically allowed through firewalls without requiring additional configuration. • Uses software or clients built into the OS.

Question 18

Q

What is a DTLS VPN?

Answer

A

Datagram Transport Layer Security • Provides the security of SSL/TLS, but the speed of datagrams. • Transport uses UDP instead of TCP. • Useful for streaming and VoIP.

Question 19

Q

What is Out-of-band management?

Answer

A

• Allows access to a device without using the external network. • Usually a separate management interface, often a serial or USB connection. • A modem could be connected to that interface, to allow remote access to the device over phone lines.

Question 20

Q

What is a Console Router?

Answer

A

Out-of-band access for multiple devices. • Connected to a modem to allow dial-in remote access. • Multiple out-of-band management interfaces are connected to the Console Route to allow access. • Also known as a Comm Server

Question 21

Q

What is a Comm Server?

Answer

A

Another name for a Console Router.

Question 22

Q

What is a Privileged User Agreement? What are the related best practices?

Answer

A

• A signed agreement outlining the policies of privileged access to data. • Since Network and System Admins have such high access, best practices are to: - use non-privileged methods when possible and appropriate - use privileged access only for assigned job duties

Question 23

Q

What are On-Boarding and Off-Boarding policies?

Answer

A

Policies regarding when a new person is coming into an organization, and when an employee is leaving an organization.

Question 24

Q

What is DLP?

Answer

A

Data Loss Prevention • Policies relating to how sensitive information is appropriately handled. • For example, requiring that medical information is encrypted a certain way when transferred. • DLP solutions can monitor traffic and create alerts when a policy violation occurs.

Question 25

Q

What should be included in an Incident Response Policy?

Answer

A

• How an incident is identified • How an incident is categorized • Who responds to an incident • What process is followed

Question 26

Q

What is an AUP?

Answer

A

Acceptable Use Policy • Defines acceptable use of company assets.

Question 27

Q

What is an NDA?

Answer

A

Non-Disclosure Agreement • Legal agreement for confidentiality. • Prevents the use and dissemination of confidential information.

Question 28

Q

What is an MSDS?

Answer

A

Material Safety Data Sheet Provides safety information for proper handling of materials and disposal of waste.

Question 29

Q

What is TACACS?

Answer

A

Terminal Access Controller Access-Control System • A remote authentication protocol. • An alternative to RADIUS, and similar. • Created to control access to dial-up lines to ARPANET. • Not often used anymore.

Question 30

Q

What is RADIUS?

Answer

A

Remote Authentication Dial-In User Service • A remote authentication protocol (AAA protocol) • Standard and widely used, available on almost any server OS • Centralizes authentication for users to routers, switches, firewalls, servers, remote VPN access, etc.

Question 31

Q

What is XTACACS?

Answer

A

Extended TACACS • A proprietary, customized version of TACACS created by Cisco • Provides additional support for accounting and auditing. • Not often used anymore.

Question 32

Q

What is TACACS+?

Answer

A

• The latest version of TACACS, and usually the only one still used today. • Not backwards compatible • Released as an open standard in 1993 • Adds more authentication requests and response codes.

Question 33

Q

What is Kerberos?

Answer

A

A network authentication protocol • Single sign-on feature: authenticate once, and you’re trusted by the system. No need to re-authenticate to everything separately. • Mutual authentication: client authenticates to the server, and the server also authenticates to the client • Also provides encryption, preventing man-in-the-middle or reply attacks. • A standard since the 1980s, developed by MIT. • Microsoft started using Kerberos in Windows 2000.

Question 34

Q

What is “local authentication”?

Answer

A

A type of authentication in which credentials are stored on the local device, rather than any centralized database or directory. For example, switches typically only use local authentication. • Most devices include an initial local account, which has a default password.

Question 35

Q

What are possible factors of MFA?

Answer

A

Multi-factor authentication Factors could include: • Something you are • Something you have • Something you know • Somewhere you are • Something you do

Question 36

Q

What is NAC?

Answer

A

Network Access Control A form of port-based access control (physical ports, not TCP/UDP ports). Requires authentication before allowing access to any interface on the switch. IEEE 802.1X is the most common standard of NAC.

Question 37

Q

What is Port Security, and how does it operate?

Answer

A

A method for preventing unauthorized connections to a switch interface, based on the source MAC address (even if it is forwarded from elsewhere). • Configure the max number of MAC addresses allowed on an interface (Might just be a single MAC, and/or you might configure an allow list of specific MACs). • The switch monitors the number of unique MACs • Once the max is exceeded, port security activates. The default is usually to disable the interface. • Also referred to as Flood Guard

Question 38

Q

What is MAC filtering?

Answer

A

Limits access by MAC address, either through allow lists or block lists. However, MACs are easy to spoof, so this is only security through obscurity.

Question 39

Q

What is an ACL?

Answer

A

Access Control List • Used to allow or deny traffic, or apply NAT, QoS, or other settings on the traffic. • Usually configured on routers • Can evaluate based on criteria such as Source, Destination, Port number, ICMP, etc.

Question 40

Q

What are common types of Wireless Encryption (including historical)?

Answer

A

WEP WPA WPA2

Question 41

Q

What is WPA?

Answer

A

Wi-Fi Protected Access • Created in 2002 to replace WEP, which had a serious cryptographic weakness. • Every packet gets a unique 128-bit encryption key • Uses RC4 with TKIP.

Question 42

Q

What is WEP?

Answer

A

Wired Equivalent Privacy An old method for wireless encryption Unsafe to use due to vulnerabilities and cryptographic weaknesses.

Question 43

Q

What is TKIP?

Answer

A

Temporal Key Integrity Protocol • Changes encryption key information constantly. • Uses a sequence counter to protect against replay attacks. • Uses as 64-bit Message Integrity Check to protect against tampering. • No longer used due to vulnerabilities; deprecated in the 802.11 standard in 2012.

Question 44

Q

What is an IV?

Answer

A

Initialization Vector

Question 45

Q

What is WPA2?

Answer

A

Replacement for WPA, beginning in 2004. • Uses AES instead of RC4 • Uses CCMP instead of TKIP

Question 46

Q

What is AES?

Answer

A

Advanced Encryption Standard

Question 47

Q

What is CCMP?

Answer

A

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol • Uses AES for data confidentiality • Uses a 128-bit key and a 128-bit block size • Requires additional computer resources • Superior encryption than TKIP

Question 48

Q

What is EAP?

Answer

A

Extensible Authentication Protocol An authentication framework, allowing many different ways to authenticate. Used by WPA and WPA2.

Question 49

Q

What is EAP-FAST?

Answer

A

EAP Flexible Authentication via Secure Tunneling.

Question 50

Q

What is PEAP?

Answer

A

Protected Extensible Authentication Protocol • Encapsulates EAP in a TLS tunnel

Question 51

Q

What is EAP-TLS?

Answer

A

EAP over TLS. Also available as EAP-TTLS, a tunneled version. Strong security, widely adopted

Question 52

Q

What is the difference between WPA2-Personal and WPA2-Enterprise?

Answer

A

Personal uses a pre-shared key; everyone uses the same key. Enterprise authenticates uses an 802.1X authentication server, such as RADIUS. Everyone has their own credentials which can be changed or revoked individually.

Question 53

Q

What is a logic bomb, and how should they be dealt with?

Answer

A

A type of malware that is set to take harmful effect under certain conditions, such as a specified time or event. Because each is unique and has no predefined signature, they are best prevented by formal change control and automated change alerting.

Question 54

Q

What is 802.1X?

Answer

A

IEEE 802.1X is the most common standard of Network Access Control. A form of port-based access control (physical ports, not TCP/UDP ports). Requires authentication before allowing access to any interface on the switch.

Question 55

Q

What is Wardriving?

Answer

A

Collecting information about area networks while driving / travelling, by using a WiFi monitor and GPS.

Question 56

Q

What is a “deauthentication” attack?

Answer

A

An DOS attack that causes a device to disconnect from a resource, typically a wireless network, and prevents it from reconnecting.

Question 57

Q

What is VLAN hopping?

Answer

A

Connecting to a VLAN other than the one you’re on. Two primary methods: • Switch spoofing • Double tagging

Question 58

Q

What is Double Tagging?

Answer

A

A form of VLAN hopping. • The device sends traffic with multiple VLAN tags, to get through multiple switches. The first switch removes the first tag, but sends it to the next switch with the second tag. • The communication is only one way, so no responses will be received back. • Useful for a DOS.

Question 59

Q

What is Switch Spoofing?

Answer

A

A form of VLAN hopping. • Some switches support auto-configuration to determine if a port is connected to a device or a trunk. • A device can take advantage of this by pretending to be a trunk link (a switch), which allows TX and RX with any VLAN. • This can be prevented by disabling automatic trunk negotiation.

Question 60

Q

What is ARP Poisoning?

Answer

A

Sending out ARP data that tells target systems that you have the MAC address which actually belongs to another device. Used for Man-in-the-Middle attacks.

Question 61

Q

What is the difference between a vulnerability and an exploit?

Answer

A

A vulnerability is a weakness in a system. An exploit is an attack that takes advantage of that vulnerability.

Question 62

Q

What is an out-of-band update?

Answer

A

An update released outside of the normal schedule, usually in emergency to address a zero-day exploit or important security discovery.

Question 63

Q

What is file hashing?

Answer

A

A hash is a unique, short string of text that’s created by running an algorithm against a data source. • The string is called a “message digest.” • It allows you to verify the integrity of a downloaded file, because you can compare the downloaded file hash against the posted hash value.

Question 64

Q

What is FIM?

Answer

A

File Integrity Monitoring Monitors important OS and application files that should generally never change, and identifies when changes occur. It can monitor constantly, or on demand.

Answer 65

A

• Windows: SFC (System File Checker • Linux: Tripwire • Many host-based IPS options that can monitor any system

Answer 66

A

Unlike a vulnerability scan, a penetration test will actually attempt to exploit the vulnerabilities it finds.

Answer 67

A

Also known as Port Security. A method for preventing unauthorized connections to a switch interface, based on the source MAC address (even if it is forwarded from elsewhere). • Configure the max number of MAC addresses allowed on an interface (Might just be a single MAC, and/or you might configure an allow list of specific MACs). • The switch monitors the number of unique MACs • Once the max is exceeded, port security activates. The default is usually to disable the interface.

Answer 68

A

Can be enabled on switches to help prevent rogue DHCP servers. You configure certain interfaces on the switch as trusted, where you know your DHCP server connects. You would then configure the other interfaces as untrusted. The switch then watches for DHCP conversations, and adds a list of trusted and untrusted devices to a table. If the switch sees static IP addresses, rogue DHCP server responses, or other invalid traffic patterns, it can filter that traffic out.

Answer 69

A

Bridge Data Protocol Unit The Spanning Tree control procotol. STP uses BPDU to communicate between all the different switches on the network.

Answer 70

A

When connecting a device to a network, STP convergence can take 20-30 before the new device is able to communicate. When BPDU Guard is enabled on a particular switch interface, it will bypass the STP configuration phase so devices can connect and communicate immediately on that interface. It works because non-switch devices should never send BPDU frames. If the switch detects BPDU frames from that interface, it will disable the interface to prevent a potential loop.

Answer 71

A

Cisco’s name for BPDU Guard.

Answer 72

A

STP configures the root bridge automatically, but you can also configure it manually by setting a “root bridge priority.” The switch with the lowest root bridge priority will be set as the root. (0 is the lowest priority option.) If more than one switch has the same root bridge priority, STP will give priority to the one with the lowest MAC address.

Answer 73

A

A feature of Cisco switches, designed to prevent a rogue root bridge. If you manually configured your root bridge, and it receives a superior BPDU on a root guard port, then root guard will change that interface to listening-only status, and show a “root-inconsistent” message, effectively disabling any inbound traffic from the rogue root interface.

Answer 74

A

It can be segmented: • Physically (using separate, disconnected devices), • Logically (using VLANs), • or Virtually (using virtual networks).

Answer 75

A

Statement of Work A document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines.

Answer 76

A

A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is anticipated. For example: If a legal hold notice has been given to a backup service provider, the provider will not destroy old backups until the hold is lifted.

Answer 77

A

Link Aggregation Control Protocol Configured on a switch to allow port aggregation.

Answer 78

A

A man trap, like an air lock, is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. In a manual man trap, a guard locks and unlocks each door in sequence.

Answer 79

A

Secure Hash Algorithm a hashing function used for checking data integrity

Answer 80

A

Message Digest a hashing function used for checking data integrity

Answer 81

A

Secure Hash Algorithm (SHA) and Message Digest (MD) are a series of hashing functions used for checking data integrity (SHA-1 and MD5 are the most popular versions).

Answer 82

A

An open network is one that does not require a pre-shared key or authentication through remote hosts. These networks are generally insecure, as data is sent non-encrypted over the wireless.

Answer 83

A

a WLAN using wired equivalent privac has an AP configured with a static WEP key

Answer 84

A

a nonprofit organizaiton formed to certify interoperability of wireless devices

Answer 85

A

The wifi alliance developed their own security standard, WPA to address the weaknesses of WEP, WPA uses Temporal Key Integrity Protocol for enhanced encryption

Answer 86

A

the standard implemented in the wifi alliance’s WPA version 2 security standard

Answer 87

A

a packet sniffing attack occurs when an attacker uses a packet capture utility to view the contents of packets flowing across a network segment

Answer 88

A

a buffer oveerflw attack occurs when an attacker exploits a known vulnerability in an application that could cause another application to crash, for example, an error in an application that aloolowed that application to write to an area of memory(that is a buffer)dedicated to a different applicaiton

Answer 89

A

it occurs when an attacker causes traffic flowing between two devices on a network to flow through his own device

Answer 90

A

it occurs when an attacker convinces someone to voluntarily provide information(for example, username and password credentials)

Answer 91

A

public key infrastructure uses digital certificates and certificate authority(CA) to allow secure communication across a public network

Answer 92

A

certificate authority

Answer 93

A

the device seeking addmission to the network

Answer 94

A

the device to which the supplicant connects, either wirelessly or through a wired connection

Answer 95

A

the device checks the supplicant’s credentials and permits or denies the supplicant access to the network is called authentication server

Answer 96

A

RADIUS server

Answer 97

A

microsoft challenge handshake authentication protocol is a Microsoft-Enhanced version of CHAP, it offers a collection of additional fetures not present with CHAP, including two-way authentication

Answer 98

A

Microsoft Remote Access Server is the predecessor to Microsoft Routing and Remote Access Server(RRAS). Both RAS and RRAS are MicroSoft Windows Server features allowing Microsoft Windowns clients to remotely access a Microsoft Windows network

Answer 99

A

secure sockets layer, it provides cryptography and reliability for upper layer(that is, layers 5 - 7) of the OSI Model.

Answer 100

A

Diffie_Hellman securely establishes a shared secret key over an unsecured medium

Answer 101

A

Security association, an agreement between two IPsec peers about the cryptographic parameters to be used in an Internet Security Association and Key Management Protocol

Answer 102

A

An ISAKMP session is a secure session with which parameters for an IPsec session are negotiated.

Answer 103

A

Perfect forwary secrecy makes sure that a session key will remain secure, even if one of the private keys used to derive the session key becomes compromised

Answer 104

A

A wireless device by design is able to remember and reconnect to network SSIDs, In this case, when an attacker configures an access point(AP) to match the SSID of a company’s legitimate AP, the wireless devices can have trouble determining the proper access point. Implementing a wireless LAN controller(WLC)can mitigate this issue.

Answer 105

A

a program runs in the background of a computer and logs keystrokes made by the user , After the user enters a passward, it stored in the log , attacker can then retrievee the log of keystrokes to determine the user’s password

Answer 106

A

a piece of code that infects a system when en end user executes a program

Answer 107

A

a program that appears to be for one purpose but secretly performs another task

Answer 108

A

i t infects a sstem or propagate to other systems without any intervention

Answer 109

A

a host intrusion prevention system is an installed software package that monitors a single host for suspicious activity by analyzing events occurring within that host. in other words, a hips aims to stop malware by monitoring the behavior of code. This makes it possible to help keep your system secure without depending on a specific threat being added to a detection update.

Answer 110

A

signature, policy and behavior based methods

Answer 111

A

a publicl available network security scanner, offers features such as scanning and sweeping that identify services running on systems in a specified range of IP addresses; using a stealth approach to scanning and sweeping, making the scanning and sweeping less detectable by hosts and IPS technology; and using OS fingerprinting technology to identify an operating system running on a target system

Answer 112

A

FTP supports a variety of commands for setting up a session and managing file transfers. One of these commands is the PORT comand and can, in some cases, be used by an attacker to access a system that wound otherwise deny the attacker. This type of attack is called FTP bounce attack

Answer 113

A

can use internet control message protocol traffic(ICMP), directed to a subnet, to flood a target system with ping replies

Answer 114

A

a denial-of-service attack occurs when an attacker sends the target system a flood of data or requests that consume the target system’s resources

Answer 115

A

A distributed denial-of service(DDoS) attack can increase the amount of traffic flooded to a target system, as compared to a DoS attack. Specifically, the attacker compromises multiple systems, and those compromised systems, called “zombies”, can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.

Answer 116

A

on many modern routers, it is possible to enable a feature called MAC filtering. This function ensures that only known MAC address are allowed to connect to the switch. With MAC filtering enabled, if an individual tries to connect their laptop to the network without having their MAC address in the enabled list, they will be unable to connect.

Answer 117

A

Diffie-Hellman, securely establishes a shared key over an unsecured medium.

Answer 118

A

Terminal Access Controller Access-Control System Plus is a TCP based protocol used to communicate with AAA server. Unlike Remote Authentication Dial-In User Service(RADIUS), TACACS+ encrypts an entire authentication, rather than just the password. TACACS+ does offer accounting fetures, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-Proprietary protocol.

Answer 119

A

Challenge Handshake Authentication Protocol performs a one-way authentication for a remote access connection. However, authentication is performed through a three-way handshake(that is, challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated withoutsending credential information across a network.

Answer 120

A

UDP-based protocol, used to communicate with an AAA server. Unlike TACACS, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS does offer more robust accounting features than TACACS+. Also, RADIUS is a standards based protocol, while TACACS+ is a Cisco-proprietary protocol

Answer 121

A

a client-server authentication protocol, which supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party(that is a key distribution center) that hands out tickets that are used instead of a username and password combination

Answer 122

A

a device that filters traffic based on a set rules specifying what traffic is allowed to enter or exit an interface, without inspecting that traffic, is a packet filtering firewall

Answer 123

A

a firewall’s interfaces canbe assigned to zones, and rules canthen be setup to specify what traffic is allowed to flow between zones(as opposed to interfaces). Many firewalls have demilitarized zone(DMZ) defined, which often contains servers that should be accessible from the public internet. This approach would, for example, allow users on the internet to initiate an email or a web session coming into an organization’s email server or web server.

Answer 124

A

it inspects traffic leaving an inside network as it goes out to the internet. Then, when returning traffic from the same session(as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called “stateful inspection”

Answer 125

A

a dedicated network device that acts as an intrution prevention system sensor is called network-based intrusion prevention system

Answer 126

A

a dedicated network device that acts as an intrusion detection system sensor is called a network-based intrusion detection system.

Answer 127

A

a host that can protect itself by inspecting traffic flowing into its network interface is called a host-based intrusion prevention system

Answer 128

A

using CCMP for intergrity checking and AES for encryption

Answer 129

A

onece an open WLAN or a WLAN whose SSID and authentication credentials are known is found in a public place, a suer might wirte a symbol on a wall, letting others know the characterestics of the discovered network.

Answer 130

A

IEE802.11i

WiFI Alliance’s WPA version 2

WPA2 uses Counter Mode with Cipher Block CHaning Message Authentication Code Protocol(CCMP) for integrity checking and Advanced Encryption Standard(AES) for encryption.. BOth WPA and WPA2 can optionally operate in enterprise mode, where users are authenticated against an authentication server’s database, rather than a client being configured with a PSK.

Answer 131

A

Transport Layer Security has largely replaced SSL as the VPN protocol of choice for providing cryptography and reliability to upper layers of the OSI model. For example, when you securely connect to a website using HTTPS, you areprobably using TLS

Answer 132

A

a wireless networking standard providing higher throughput much greater thant the 902.11n

Answer 133

A

address the spanning tree protocol specification to reduce routing loops

Answer 134

A

session initiation protocol, is a signaling protocol used in VoIP

Answer 135

A

Network News Transport Protocol is used in Usenet environments for news transfer

Answer 136

A

it used to check applications, particularly web applications, for known flaws

Answer 137

A

it is incorrect because password crackers are often used by network administrators to chec the security of passwords, but are not useful in checking to see if all traffic of a particular type is encrypted

Answer 138

A

Tenable Network Security has a vulnerability scanning product called Nessus which is a product performing audits on systems without requiring an agent to be installed on the systems; checking system configurations for compliance with an organization’s policy; auditing systems for specific content, performing continuous scanning, thus reducing the time required to identify a network vulnerability, and scheduling scans to run once ,daily, weekly, monthly

Answer 139

A

Independent Computing Architecture is a Citrix Systems proprietary protocol that allows applications running on one platform to be seen and controlled from a remote client.

Answer 140

A

a common Layer 2 protocol offering features such as multilink interface, looped link detection, error detection, and authentication

Answer 141

A

Wireless clients and wiress access points must have matching security setting in order for the client to associate with the AP. Common wireless security standards include Wired Equivalent Privacy, WIFI protected Access, and WPA2

Answer 142

A

Implicit deny all rules are used as a way to configure all non-permitted traffic to be rejected. This rule will have the lowest priority against all other rules, so ti can be overwritten by a rule endbling a specific port and service. However, if the traffic doesn’t match any of the custom rules, the implicit deny rule will come into effect and reject the traffic.

Answer 143

A

To limit war driving, you would change the signal strength of the APs. In war driving, the attacker seraches for WIFI networks by simply moving around with a portable computer, smartphone or personal digital assistant(PDA) until he finds a network he can connect to and create a database comprised of the network name, signal strength, location, IP address, and namespace.

Answer 144

A

Confidentiality:Data confidentiality is provided by encrypting data. If a third party intercepts the encrypted data, they will not be able to interpret it.

Intergrity:Data intergirty ensures that data is not modified in transit. For example, routers at each end of a tunnel can calculate a checksum value or a hash value for the data, and if both routers calculate the same value, then the data has most likely not been modified in transit

Authentication: it allows parties involved in a conversation to verify the other party as the party they claim to be.

Answer 145

A

initialization vector is an arbitrary number that can be used along with a secret key for data encryption. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher

Answer 146

A

Spoofing makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID and so on

Answer 147

A

through an encapsulation process, tunneling allows a secure communication between a private network and a public network, such as the internet. VPN is an example of tunneling

Answer 148

A

IDS sensor receives a copy of traffic eing analyzed and communicates with a security appliance to prevent subsequent attack

Answer 149

A

Authentication HEader is one of two major protocols used in IPsec, with the other being Encapsulating Security Payload(ESP). AH only provides authentication capabilities, whereas ESP can provide both authentication and encryption

Answer 150

A

WPA use TKIP, Temporal Key Intergrity Protocol for enhanced encryption, it relies on IV.

Answer 151

A

Layer 2 tunneling protocol is a VPN protocol that lacks security features, such as encryption. However, it can still be used for a secure VPN connection if it is combined with another protocol that does provide encryption

Answer 152

A

Point to point tunneling Protocol is an older VPN protocol which supported the DIAL-UP Networking feature in older version of Microsoft Windows.

Answer 153

A

the highest level of encryption you can run on a wireless network is WPA2, specifically iwth AES algorithm. WIFI protected Access 2.

Answer 154

A

two-factor authentication

Answer 155

A

multi-factor authentication

Answer 156

A

single sign-on allows a user to authenticate only once in order to gain access to multiple systems, without requiring them to independently authenticate with each system

Answer 157

A

the least secure option when it come sto PPP authentication methods, with PAP the credentials are passed in clear text between the client and the remote node, which makes it rather easy to eavesdrop. CHAP is more secure, because it provides secure authentication via a one-way hash mechanism

Answer 158

A

if a company wants to draw as little attention to themselves as possible, they ca nconfigure the wireless routers not to broadcast out the wireless network ID. This way, it wo’t pop up during war driving efforts, although this will not stop persistent and focused attackers form finding the SSID

Answer 159

A

a secure session within which parameters for an IPsec session are negotiated

Answer 160

A

TYPICALLY USED IN COMPANIES THAT HAVE A LARGE INTERNET PRESENCE , iN TIMES OF HIGH DEMAND, A LOAD BALANCER DISTRIBUTES THE INCOMING TRAFFIC ACROSS MULTIPLE SERVERS TO ENSURE CONSISTENCY AND AVAILABILITY OF THE APPLICATION

Answer 161

A

handles internet requests on behalf of internal client to provide anonymity and a level of separation from the internet hosts

Answer 162

A

a dedicated device to terminate a VPN circuit

Answer 163

A

it used to move traffic between separate networks

Answer 164

A

Due to its function of switching to the available content, a load balancer also goes by the name “content switch” when a company with large internet presence receives a glut of request that subsequently flood a network, a load balancer springs into action to distribute the traffic t omultiple servers in the farm

Answer 165

A

one form of layer 3 redundancy is achieved by having multiple links between devices and selecting a routing protocol that load balances over the links.LACP Link Aggregation Contro Protocol enables you to assgn multiple physical links to a logical interface which appears as a single link to a route processor. VRRP and GLBP both provide redundancy in deault gateways. GLBP does this while seeking t oautomatically load balance traffic among multiple default gateways.

Answer 166

A

a scalability-enhancing technology, not thought of for redundancy

Answer 167

A

LFI is the link-efficiency tool

Answer 168

A

class based weighted fair queueing is congestion management

Answer 169

A

weighted random early detection is congestion avoidance

Answer 170

A

considered policing and shaping

Answer 171

A

meain time to repair of network devices decreases and as MTTF increases. Therefore, selecting reliable networking devices that are quick to repair ic crucial to a high availability

Answer 172

A

if th efailure of a single network device of link would result in the network becoming unavailable, that single device or link is a potential point of failure. Link redundancy can be achieved with more than one physical link

Answer 173

A

a network without a single point of failure contains redundant network-infrastructure components such as multiple switches and routers. This is often not implemented due to increased cost, but it ensures that there will be en-to end conectivity at virtually all times

Answer 174

A

a service level agreemenet is a commitmenet between a servic eprovider and a client. Particular aspects of the service- quality , availability, responsibilities-are agreed upon between the service provider and the service user. The most common component of an SLA is that the services should be provided to the customer as agreed upon in the contract.

Answer 175

A

the common address redundancy protocol, or CARP is a computer networking protocol which allows multiple host on the same local area network to share a set of IP addresses. Its primary purpose is to provide failover redundancy, especially when used with firewalls and routers. In some configurations, CARP can also provide load balancing functionality. CARP provides functionality similar to VRRP and Cisco Sstems’s HSRP

Answer 176

A

the virtual router redundancy protocol is a computer networking protocol that provides for automatic assignment of available internet Protocol(IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

Answer 177

A

a first hop redundancy protocol proprietary to Cisco systems.

Answer 178

A

Link Agregation Control Protocol enables an administrator to assign multiple physical links to a logical interface, which apperas as a single link to a route processor; however it is not a first-hop redundancy technology

Answer 179

A

this is a backup of whole data set

Answer 180

A

this only backs up data that has changed since the previous backup

Answer 181

A

this is similar to an incremental backup in that it satrts with a full backup and then subsequent backups only contain data that has changed. The difference is that it backs up all the data that has changed since the last full backup, as opposed to the last general backup

Answer 182

A

this is a read-only copy of the data set tat is frozen in a point of time

Answer 183

A

only one network interface card is active at a time, this approach allows the client to appear to have a single MAC address and IP address, eveen in the event of a NIC failure

Answer 184

A

both NICs are active at the same time, and each has its own MAC address. This makes trouble shooting more complex, while giving slightly better performance, thant the active-standaby approach

Answer 185

A

a network appliance that can receive a copy of content sored elsewhere and serve that content to local clients, thus reducing the bandwidth burden on an IP WAN. This is ideal for situations such as video presentation and recorded meetings needing to be shared at multiple remote offices

Answer 186

A

with content switching, load balancing is enabled with multiple servers containing identical content. This approach to load balancing lightens the load on individual servers in a server farm and allows server to be taken out of farm for maintenance wiout disrupting access to the server farm’s data

Answer 187

A

code site, warm site, hot site

Answer 188

A

essential components and infrastructure are available but not current or powered on. Recovery is possbile but is difficult and more time-consuming

Answer 189

A

a warm backup site is already stocked with hardware representing a reasonable facsimile of that found in your data center. To restore service, the last backups from your off-site storage facility must be delivered, and bare metal restoration completed, before the real work of recovery can begin

Answer 190

A

you have a virtual mirror image of your current data center, with all system configured and waiting only for the last backups of user data from your off-site storage facility. As you can imagine, a hot backup site can ofter be brought up to full production in no more than a few hours, this is the most expensive approach to disaster recovery

Answer 191

A

a suite of technologies that allows an administrator to strategically optimize network performance for select traffic types. For examples, in typical modern networks(that is those that are transporting video, voice and data) some applicaitons may be more inteolerant and in capable of handing network delay(VoIP)

Answer 192

A

the time reuqired for a packet to travel from its source to its destination. This effect is more apparent in certain communications that travel great distances, such as satellite. Therefore, for example, you may witness news anchors experienceing a few seconds of delay between responses if they are geographically separated

Answer 193

A

uneven arrival of packets. An example would be a VoIP conversation where packet 1 arrives at a router, and within 20ms packet 2 arrives; 30 ms later packet 3 arrives and then 70ms later, packet 4 arrives. This is not packets dropping, but varying in arrival time, and can be perceived as packets being dropped by the users

Answer 194

A

best effort, IntServ, DiffServ

Answer 195

A

best-effort treatment of traffic does not truly provide QoS to that traffic because there is no reordering of packets. Best effort uses a FIFO queuing strategy, where packets are emptied from a queue in the same order that they entered

Answer 196

A

IntServ. or intergrated services, is an architecture that specifies the elements to guarantee quality of service(QoS) on networks. IntServ can, for example, be used to allow video and sound to reach the receiver without interruption

Answer 197

A

DiffServ works on the provisioned QoS model, where network elements are setup to service multiple classes of traffic with varying QoS requirement

Answer 198

A

Marking alters bits within a frame, cell or packet to indicate how the network should treat the traffic. Marking alone does not change how the network treats a packet. Other tool, such as queuing tools can, however, reference those marking and make decisions based on them

Answer 199

A

when a device such as a switch or a router receives traffic faster than it can be transmitted, the device attempts to buffer the extra traffic until bandawidth becomes avaailable. This buffering process is called queuing or congestion management.

Answer 200

A

WFQ, weighted fair queuing, LLQ , low-latency queuing, WRR, weighted round robin

Answer 201

A

a butt set is typically used by a telephone technician to connect to a punch-down block and determine whether a dia tone is present on th eline or to determine whether a call can be placecd from the line

Answer 202

A

it determines the category of exiting cable, such as Category 3, Category 5 or Category 5e,the different UTP categories support different data rate over specific distances, and the cable certifier tests and determines that

Answer 203

A

a device used to connect connector and UTP cable end

Answer 204

A

it can test a transmission link using both a pattern generator and an error detector, allowing it to calculate the BER for the tested transmission link

Answer 205

A

can test the conductors in an Ethernet cable, enabling a techinician to determine if there are any opens or breaks in the wire

Brainscape's Knowledge GenomeTM

3 & 4 – Network Operations & Security Flashcards

Brainscape's Knowledge Genome^TM