4.3 Flashcards

(37 cards)

1
Q

intrusion prevention system (IPS) Actions

A

Alerts/alarms and verbose dumps
Block attackers inline and drop packets
Syslog, Simple Network Management Protocol
(SNMP), and NetFlow outputs
Integrate with security information and event
management (SIEM) and security orchestration,
automation, and response (SOAR) systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

web filter

A

an application layer gateway server or service (physical or virtual dedicated to analysis and
control of HTTP and HTTPS traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Agent-based web filters require:

A

the deployment of
lightweight software packages on network devices,
whereas agentless filters can be instantly deployed
in Random Access Memory (RAM) or persistently
without any manual configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Web reputation services accuracy is typically determined by :

A

the breadth, depth, and variety of
the data being used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Group Policy (GP)

A

a Microsoft Windows service
that enabled IT administrators to centrally manage
and configure the settings on Windows operating
systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Group Policy can manage:

A

operating system settings,
applications, browsers, and user settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Some Group Policy examples include:

A
  • Password Policy
  • Screen Lock
  • Power Settings
  • Map Network Drives
  • Install printers, software, desktop shortcuts, etc.
  • Software restrictions (blocking access to programs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Group Policy Objects (GPOs)

A

are collections of policy
settings that apply to the domain (or OU) to manage
users, computers, or the entire domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Enhanced Linux (SELinux)

A

an access
control system built into the Linux kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Enhanced Linux (SELinux) is used:

A

to enforce the resource policies that
define what level of access users, programs, and
services have on a system

enforces principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The most common are targeted policy or multi-level
security (MLS):

A
  • Targeted policy is the default option and covers a
    range of processes, tasks, and services
  • MLS can be very complicated and is typically only
    used by government organizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Intrusion detection system (IDS)

A

Known as a passive, as it takes no action to protect or defend your network beyond its role as an alarm system it uses sensors and collectors to detect, suspicious activities 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intrusion prevention system (IPS)

A

A more aggressive and actively protects a network by not only identifying suspicious activities, but also taking swift action to actively block or mitigate threats, ensuring that the network remains resilient against potential threats 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Network – based IPS (NIPS)

A

Placed very close to the firewall to filter all traffic coming into the network

Can only operate on a network, not a host device 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DNS filtering

A

the technique of using DNS to block
malicious websites and filter out damaging or unsuitable content

**least secure network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DNS filtering ensures:

A

the organizational data stays secure and private

17
Q

DNS filtering can blocklist web attributes based on:

A

domain or ip address

18
Q

domain

A

The DNS resolver does not resolve (or look up) the IP addresses for certain domains at all

19
Q

IP address

A

The DNS resolver attempts to resolve all domains, but if the IP address is on the blocklist,
the resolver will not send it back to the requestor

20
Q

DNS Security Extensions (DNSSEC)

A

adds a layer of trust on top of DNS by providing authentication

adding additional DNS record types (for cryptographic signatures)

21
Q

To facilitate signature validation, DNSSEC adds a few new DNS record types:

A
  • RRSIG – contains a cryptographic signature
  • DNSKEY – contains a public signing key
  • DS – contains the hash of a DNSKEY record
  • NSEC and NSEC3 – for explicit denial-of-existence of a
    DNS record
  • CDNSKEY and CDS – for a child zone requesting
    updates to DS record(s) in the parent zone
22
Q

OpenDNS (umbrella solution)

A

a company that offers DNS resolution
services and a suite of consumer solutions with the
goal of making the Internet faster, safer, and more
reliable

23
Q

Sender Policy Framework (SPF)

A

an open standard
that introduces a method to prevent sender
address forgery

24
Q

SPF (info)

A

More precisely, the current version of SPF —
called SPFv1 or SPF Classic — protects the
envelope sender address, which is used for
messages delivery

25
OpenDNS (umbrella solution) info
It is also a cloud-delivered enterprise security service that protects against threats on the Internet; OpenDNS's consumer products include parental and content filtering, web performance, and web security
26
The SPF solution requires two sides to work together:
1. The domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domai 2. The receiving server can check whether the message complies with the domain's stated policy
27
Domainkeys identified mail (DKIM)
an email authentication method conducted between the outbound and inbound mail server or Message Transfer Agents (MTAs)
28
With DKIM, If the public key does not match the signature, it may be because:
* The email was not sent from the mail server designated in the email header but was sent from another (spoofed) server instead * The email was modified in transit to the recipient * For instance, an attacker could intercept an email that was sent from a valid mail server, change it and then resend it
29
domain-based message authentication reporting and conformance (DMARC)
an email authentication, policy, and reporting protocol empowers domain owners to dictate the actions taken when their emails fail authentication tests
30
DMARC builds on the widely deployed SPF and DKIM protocols, offering:
* Linkage to the sender ("From:") domain name * Published policies for recipient handling of authentication failures * Reporting from receivers to senders, to enhance and monitor protection of the domain from fraudulent email
31
email security gateways
special gateway appliances are dedicated email security services that work in or with MTAs to protect electronic mail
32
File Integrity Monitoring (FIM)
examines operating system files, configuration files, registries, application software, and Linux system files for changes and indicators of compromise
33
Windows FIM provides alerts about suspicious activity such as:
* File and registry key creation or removal * File modifications (changes in file size, access control lists, and hash of the content) * Registry modifications (changes in size, access control lists, type, and content)
34
There are a variety of hardware/software solutions that cam mitigate data leakage and data loss:
* Secure email gateways * Cloud-based email security * Cloud access security brokers (CASB) * Endpoint detection and response (EDR) * Database activity monitoring (DAM)
35
* Network admission control (NAC)
It typically enables 802.1X port-based network access control (PNAC) on Layer 2 and Layer 3 networks
36
endpoint detection and response (EDR) tools focus on
detecting and investigating suspicious activities and are indicators of compromise (IoCs) on hosts/endpoints
37
EDR monitors:
endpoint and network events and send information to a SEIM system or centralized database so further analysis, investigation, and reporting can take place