Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2023 > 3A. Analyse network Monitoring Output obj 3.1, 4.4 > Flashcards

3A. Analyse network Monitoring Output obj 3.1, 4.4 Flashcards

1
Q

What is a SPAN?

A

Switch Port Analyser
- SPAN allows for traffic from one or more networks to be mirrored to a single monitoring port that can be analysed using network analysis tools e.g., Wireshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a TAP?

A

Test Access Port
- A TAP allows an admin to insert a device the monitor traffic at the physical layer, without interfering with the network. There are 2 types of TAP:
1) Passive - allows admin to monitor without making changes to the network
2) Active - allows admin to make operations on network traffic e.g., filtering, port forwarding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where are sniffers typically placed?

A

Inside a firewall or close to a high priority server. The goal is to identify malicous traffic that has bypassed the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ways to identify an ARP Spoofing attack?

A
  1. Different IP addresses are advertised to the same MAC address
    2.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a flow collector?

A

A means of recording metadata and statistics about network traffic rather than recording each frame. It is a solution to organisations that do not have the resources to Full Packet Capture all the time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is netflow?

A

A means of reporting network flow information to a database. It provides the following:
- networking protocol interface used
- version and type of IP used
- src/dst of IP address
- src/dst of UDP/TCP
- IP’s Type of Service (ToS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Zeek?

A

Zeek acts as a resource saving tool by operating as a passive network monitor, working in the same manner as a sniffer, but instead of recording/storing large quantities of data, instead logs only data of potential interest, reducing storage/processing requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are DGAs?

A

Domain Generation Algorithm
- used by malware packages to dynamically generate domain names, used for C2, from a known seed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ways to identify DGAs

A

1) DGAs can produce long DNS labels that can be identified through expression matching filters
2) High rate of NXDOMAIN errors returned to client or logged by local DNS resolver
3) May have higher levels of entropy, or lower numbers of vowels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

URL Analysis tools can:

A

1) Resolve percent encoding
2) assess URL redirects
3) show source code for scripts a URL might call

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what does HTTP 200 response code indicate?

A

A successful GET or POST request (OK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what does HTTP 201 response code indicate?

A

Successful PUT request in creating a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what does HTTP 3xx response code indicate?

A

Indicates a Redirect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what does HTTP 4xx response code indicate?

A

Indicates an error in the client request e.g., lack of authentication credentials (401), lack of permissions (403)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what does HTTP 5xx response code indicate?

A

Indicates server-side issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2023 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions