3.0 Flashcards

Question

NGFW

Answer 1

Next-generation firewall An advanced network security solution that combines traditional firewall capabilities with additional features such as intrusion prevention, application awareness, and advanced threat detection and mitigation.

Answer 2

Internet Protocol Security A suite of protocols used to secure and encrypt communication over IP networks. Send information in the layer 3 public internet, but encrypt the data Uses Authentication Header (AH) for integrity and Encapsulation Security Payload (ESP) for encryption.

Answer 3

Secure Sockets Layer It ensures that data exchanged between a web server and a web browser remains confidential, integral, and authenticated. However, it's worth noting that SSL has been largely replaced by its successor, Transport Layer Security (TLS), which offers enhanced security features and improved protocols.

Answer 4

Certificate Authority Is the trusted authority that certifies individuals’ identities and creates electronic documents indicating that individuals are who they say they are.

Answer 5

Terminal Access Controller Access-Control System Plus A network authentication, authorization, and accounting (AAA) capabilities, a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network.

Answer 6

A network authentication protocol designed to provide secure authentication for client-server applications over a non-secure network, such as the internet. (Ticketing system)

Answer 7

Trusted Platform Module A chip that resides on the motherboard of the device. Provides the operating system with access to keys. Ex. enables hard drive encryption

Answer 8

Hardware Security Module A security device you can add to a system to manage, generate, and securely store cryptographic keys.

Answer 9

Proxies are servers that act as middlemen between your device (like a computer or phone) and the internet. They help with things like hiding your IP address, filtering content, speeding up web browsing by storing copies of web pages, and balancing internet traffic across multiple servers.

Answer 10

Simple Mail Transfer Protocol The standard Internet protocol used to transfer e-mail between hosts. Protocol number 25

Answer 11

Secure/Multipurpose Internet Mail Extensions A protocol that adds a layer of security to email messages. It provides encryption and digital signatures to ensure the confidentiality, integrity, and authenticity of email communication.

Answer 12

Data Loss Prevention Solutions serve to prevent sensitive data from leaving the network without notice.

Answer 13

Boot attestation verifies the integrity of a computer's boot process using cryptographic signatures to ensure only trusted software components are loaded, preventing unauthorized alterations.

Answer 14

Is the process of substituting a surrogate value, called a token, for a sensitive data element.

Answer 15

Is the process of adding a random element to a value before performing a mathematical operation like hashing.

Answer 16

A process of converting input data (such as text, files, or passwords) into a fixed-size string of characters using a hash function. Hashing is commonly used for data integrity verification, password storage, digital signatures, and indexing data structures.

Answer 17

Is when the code is examined without being executed.

Answer 18

Analyzes the code during execution.

Answer 19

(or fuzz testing) is a brute force method of addressing input validation issues and vulnerabilities. They have software tools that transmit unexpected and abnormal data to applications to assess their response.

Answer 20

Repository of all information related to configurations. Configuration options for the OS are located in the Registry.

Answer 21

Zero trust network is a network that doesn’t trust any devices by default, even if it was previously verified.

Answer 22

Next-Gen Secure Web Gateway A combination of a proxy server and a stateless firewall. Provides proxy services for traffic from clients to Internet sites, such as filtering URLs and scanning for malware.

Answer 23

Mobile Application Management Manages applications on mobile devices. Provision, update, and remove apps.

Answer 24

A hardened server used to access and manage devices in another network with a different security zone.

Answer 25

Unified Endpoint Management to ensure systems are kept up to date with current patches, have antivirus software installed with up-to-date definitions, and are secured using standard security practices.

Answer 26

Mobile device management Includes the technologies to manage mobile devices with the goal to ensure these devices have security controls in place to keep them secure. Ex. Application management, Full device encryption, Passwords and PINs

Answer 27

Security Assertion Markup Language It is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Answer 28

A method of storing decryption keys with a trusted third-party. This includes a system by which your private key is kept both by you and by a third party.

Answer 29

Domain Name System Security Extensions Allows for the verification of DNS data and denial of existence and ensures data integrity for DNS. However, it does not offer confidentiality or availability controls.

Answer 30

Network Address Translation Gateway allows private subnets to communicate with other cloud services and the Internet, but hides the internal network from Internet users.

Answer 31

Remote Authentication Dial-In User Service Used to provide AAA for network services, a networking protocol that authorizes and authenticates users who access a remote network.

Answer 32

Password Authentication Protocol is a simple, plain-text password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users.

Answer 33

Identity and access management (IAM) – Who gets access, what they get access to on the cloud This allows your organization to set restrictions, manage the resources, and manage cloud costs

Answer 34

Wi-Fi Protected Access 3 Released in 2018 to address the weaknesses in WPA2. Uses a much stronger 256-bit Galois/Counter Mode Protocol (GCMP-256) for encryption. There are two versions: WPA3-Personal for home users, and WPA3-Enterprise for corporate users

Answer 35

Challenge-Handshake Authentication Protocol A more secure version of PAP. Sends an encrypted challenge sent over the network and client has to send a match to be authenticated.

Answer 36

Online Certificate Status Protocol A protocol used for obtaining the revocation status of a digital certificate in real-time. It allows applications to check if a certificate has been revoked by querying a certificate authority's (CA) OCSP server.

Answer 37

Certificate Revocation List A list of certificates that have been revoked by the certificate authority before their scheduled expiration date. This list is periodically published by the CA.

Answer 38

Certificate Signing Request A block of encoded text that is given to a certificate authority when applying for a digital certificate. It contains information about the entity requesting the certificate and the public key to be included in the certificate.

Answer 39

Cookies are text files sent with every request to a website. Secure attribute, when set, instructs the browser and server to only transport the cookie over HTTPS channels.

Answer 40

It indicates that all traffic that isn’t explicitly allowed is implicitly denied. The implicit deny rule is the last rule in an ACL.

Answer 41

Extensible Authentication Protocol A framework for transporting authentication protocols, allowing various authentication methods. It's like a system for checking who is allowed to use a network.

Answer 42

EAP method using TLS for mutual authentication with certificates. Provides high security with client and server certificates.

Answer 43

An EAP method that creates a secure tunnel using a server-side certificate and then authenticates the client using another method inside this tunnel. Provides a secure way to authenticate without requiring client-side certificates.

Answer 44

Redirect all traffic to a specific portal page, either to gather information or display the page itself. Once users fulfill the portal's requirements, they gain access to the Internet.

Answer 45

Limit the number of broadcasts per second to avoid flooding attacks

Answer 46

Bridge Protocol Data Unit Guard A network security feature that disables a port if it receives a BPDU, preventing potential loops and unauthorized devices from influencing Spanning Tree Protocol (STP) topology.

Answer 47

A network feature that ensures data packets do not circulate endlessly in a network, preventing broadcast storms and network congestion. Spanning Tree Protocol (STP) prevents this from happening by forwarding, listening, or blocking on some ports.

Answer 48

A defensive measure against an attacker that attempts to use a rogue DHCP device.

Answer 49

Site survey examines the wireless environment to identify potential issues, such as areas with noise or other devices operating on the same frequency bands.

Answer 50

Provide a means of determining signal strength and channel interference.

Answer 51

– Centralized management of wireless access points – Manage system configuration and performance

Answer 52

– Use strong passwords – Update to the latest firmware

Answer 53

Creates, manages, maintains identity information. Responsible for authenticating identity.

Answer 54

Access credentials used by the Secure Shell (SSH) protocol. They function like usernames and passwords, but SSH keys are primarily used for automated processes and services.

Answer 55

Accounts used by multiple people or for generic purposes, often lacking personalized access controls. These can pose security risks due to the difficulty in tracking individual actions.

Answer 56

Special accounts used by applications or services to interact with the operating system or other software. Not intended for direct human use.

Answer 57

An account on a computer associated with a specific person

Answer 58

Temporary accounts with limited permissions, used to provide access to visitors or short-term users without granting full user privileges.

Answer 59

Automatically allow or restrict access when the user is in a particular location

Answer 60

Add location metadata to a document or file. Latitude and longitude, distance, time stamps

Answer 61

Authentication Header Protocol provides a mechanism for authentication only

Answer 62

Encapsulating Security Payload provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication.

Answer 63

An integrated endpoint security solution that combines: real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

Answer 64

Are designed to transfer information between the host and the web server.

Answer 65

Code is reviewed line by line to ensure that the code is well-written and error free.

Answer 66

It verifies that the keys match before the secure boot process takes place

Answer 67

A private network that is designed to host the information internal to the organization.

Answer 68

A section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public Internet. A cross between internet and intranet

Answer 69

Where traffic moves laterally between servers within a data center. north-south traffic moves outside the data center.

Answer 70

This is the most secure tunneling protocol that can use certificates, Kerberos authentication, or a pre-shared key. L2TP/IPSec provides both a secure tunnel and authentication.

Answer 71

a low-latency point-to-point connection between two sites. A tunnel between two gateways that is “always connected”

Answer 72

Works with legacy systems and uses SSL certificates for authentication.

Answer 73

Similar to the SSL VPN, as it uses certificates for authentication. easy to set up, and you just need an HTML5-compatible browser such as Opera, Edge, Firefox, or Safari.

Answer 74

Uses installed software agents for detailed, customizable data collection; requires more resources and maintenance.

Answer 75

Uses remote queries for easy deployment and low resource usage; may offer less detailed data.

Answer 76

Enable IT to work around problems that may be occurring on the network.

Answer 77

Server that controls requests from clients seeking resources on the internet or an external network.

Answer 78

Placed on a screened subnet, performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.

Answer 79

Creates a baseline of activity to identify normal behavior, and then measures system performance against the baseline to detect abnormal behavior.

Answer 80

Uses signatures similar to the signature definitions used by anti-malware software.

Answer 81

NIDS/NIPS placed on or near the firewall as an additional layer of security. (IDS mode)

Answer 82

Traffic does not go through the NIPS/NIDS. Sensors and collectors forward alerts to the NIDS. (IDS mode)

Answer 83

Can be placed on a network to alert NIDS of any changes in traffic patterns on the network.

Answer 84

Watch network traffic and restrict or block packets based on source and destination addresses or other static values. Not 'aware' of traffic patterns or data flows. Typically, faster and perform better under heavier traffic loads.

Answer 85

Can watch traffic streams from end to end. Are aware of communication paths and can implement various IP security functions such as tunnels and encryption. Better at identifying unauthorized and forged communications.

Answer 86

To allow or deny traffic.

Answer 87

Ensures that applications have the bandwidth they need to operate by prioritizing traffic based on importance and function.

Answer 88

Switch features that duplicate network traffic for monitoring purposes.

Answer 89

Hardware devices that create a copy of the network traffic.

Answer 90

detects changes to files that should not be modified

Answer 91

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol Created to replace WEP and TKIP/WPA uses AES (Advanced Encryption Standard) with a 128-bit key

Answer 92

Simultaneous Authentication of Equals used with WPA3-Personal and replaces the WPA2-PSK Protects against brute-force attacks uses a secure Diffie Hellman handshake, called dragonfly uses perfect forward secrecy, so immune to offline attacks

Answer 93

Enables members of one organization to authenticate to another with their normal credentials. Trust is across multiple RADIUS servers across multiple organizations. A federation service where network access is gained using wireless access points (WAPs).

Answer 94

Subscriber Identity Module cards Small computer chips that contain the information about mobile subscription allows the user to connect to a telecommunication provider to make calls, send text messages, or use the Internet.

Answer 95

The device is purely line-of-sight and has a maximum range of about 1 meter. Can be used to print from your laptop to an infrared printer.

Answer 96

One-to-one connection between the two devices communicating on a network, typically wireless

Answer 97

A WAP connecting to multiple wireless devices

Answer 98

Stores business data in a secure area of the device in an encrypted format to protect it against attacks.

Answer 99

Uses GPS to give the actual location of a mobile device.

Answer 100

MicroSD hardware security module A physical device that provides cryptographic features for your computer in a smaller, mobile form factor.

Answer 101

Provides additional access controls (MAC and DAC), security policies and includes policies for configuring the security of these mobile devices. prevents any direct access to the kernel of the Android operating system provides centralized management for policy configuration and device management.

Answer 102

Enables installing an application package in .apk format on a mobile device. Useful for developers to run trial of third-party apps, but also allows unauthorized software to be run on a mobile device.

Answer 103

updates are pushed out periodically by the vendor, ensuring that the mobile device is secure.

Answer 104

A way to send pictures as attachments, similar to sending SMS messages.

Answer 105

An enhancement to SMS and is used in Facebook and WhatsApp to send messages so that you can see the read receipts. You can also send pictures and videos.

Answer 106

USB On-The-Go Allows USB devices plugged into smartphones and tablets to act as a host for other USB devices.

Answer 107

Wi-Fi direct wireless network allows two Wi-Fi devices to connect to each other without requiring a WAP. Ad-hoc is same but it is multipath and can share an internet connection with someone else.

Answer 108

The process of sharing a mobile device's internet connection with other devices.

Answer 109

Choose your own device New employee chooses from a list of approved devices.

Answer 110

High availability across zones unique physical locations within a region with independent power, network, and cooling

Answer 111

Access for application secrets A secret is anything that you want to control access to, such as API keys, passwords, certificates, tokens, or cryptographic keys.

Answer 112

Public - can connect directly to the internet. Private - cannot connect directly to the internet to use for internal resources

Answer 113

Use security groups to define permissible network traffic, consisting of rules similar to a firewall ruleset.

Answer 114

This uses virtualization technology to scale the cloud resources up and down as the demand grows or falls.

Answer 115

To prevent VM sprawl and unmanaged VMs. Tools like NIDS/NIPS can help to detect new instances.

Answer 116

Practices and tools designed to secure containers, which are lightweight, portable, and scalable units for running applications.

Answer 117

allows you to create a private connection between your VPC and another cloud service without crossing over the internet.

Answer 118

Login from distant locations within an impossibly short timeframe.

Answer 119

Suspicious login attempt based on unusual behavior or patterns.

Answer 120

Account management (the identity lifecycle) ranges from account creation at onboarding to its disablement when a user leaves the company.

Answer 121

is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook, Twitter, One Network etc. accounts without exposing their password.

Answer 122

is an open standard, It provides decentralized authentication, allowing users to log into multiple unrelated websites with one set of credentials maintained by a third-party service referred to as an OpenID provider.

Answer 123

applies global rules that apply to all subjects. Rules within this model are sometimes referred to as restrictions or filters.

Answer 124

Management of cryptographic keys in a cryptosystem.

Answer 125

An Intermediate Certificate Authority is an entity that is subordinate (lower in rank) to the Root CA and is responsible for issuing certificates to end entities or other subordinate CAs.

Answer 126

Registration Authority It is an entity responsible for verifying the identities of entities requesting digital certificates before the certificates are issued by a Certificate Authority (CA).

Answer 127

Common Name It is a field within a digital certificate that specifies the name of the entity (such as a server, device, or user) to which the certificate is issued. This field is part of the Distinguished Name (DN) in the certificate and is often used to identify the subject of the certificate.

Answer 128

Subject alternative name An extension in a digital certificate that allows additional identities (such as domain names, IP addresses, email addresses) to be associated with the subject of the certificate.

Answer 129

Wildcard certificates include an asterisk and period before the domain name. SSL certificates commonly extend encryption to subdomains through the use of wildcards.

Answer 130

A Domain-Validated (DV) certificate is an X.509 certificate that proves the ownership of a domain name.

Answer 131

A type of SSL/TLS certificate that requires a rigorous verification process by the Certificate Authority (CA) to confirm the legal identity and operational status of the entity requesting the certificate.

Answer 132

A method used with OCSP, which allows a web server to provide information on the validity of its own certificate. Done by the web server essentially downloading the OCSP response from the certificate vendor in advance and providing it to browsers.

Answer 133

Certificate Pinning is a security mechanism that associates a host with its expected public key or certificate to mitigate the risk of man-in-the-middle attacks.

Answer 134

The framework and policies for how entities establish and manage trust relationships within a Public Key Infrastructure (PKI).

Answer 135

Certificate Chaining is the process of linking certificates together from the end-entity certificate up to the Root CA to establish a chain of trust.