Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

security + > 4.5 > Flashcards

4.5 Flashcards

1
Q

Types of firewalls

A

Web App
unified threat management
next generation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Port

A

logical communication endpoints on a computer or server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Inbound port

A

listens for connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

outbound port

A

used to connect to a server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Port classification

A

Well known (0-1023)
registered (1024-49151)
dynamic and private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Protocols

A

rules governing device communication and data exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

screened subnet

A

aka dual homed host
its a dmz and its a logical separated network area between internal network and internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of firewalls

A

packet filtering
proxy
stateful
kernel proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

packet filtering firewall

A

fastest because its only checking packet acts similar to a router
cannot prevent ip spoofing due to limited insepction
operates at layer 4 (transport layer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

stateful firewall

A

tracks connections and requests allowing return traffic for outbound requests
operates at layer 4 (transport layer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Proxy firewall

A

makes connections on behalf of endpoints enhancing security
- very secure
- acts as an intermidiary
- operaties on app layer or session layer - 5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

kernel proxy

A

full packet inspection at every layer
minimal impact on network performance
placed close to every system thy protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NGFW

A

next generation firewall
- application aware (distinguishes different types of traffic)
-conducts deep packet analysis
-operates fast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

UTM

A

unified threat management firewall
-combines multiple securty functions in a single device
- functions can include firewall, intrusion prevention, antivirus, and more
-single point of failure protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WAF

A

web app firewall
–http traffic
-prevents SQL injections etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In line WAF

A

live attack prevention
device sits between the network firewall and the web servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Out of band WAF

A

device receives a mirrored copy of web server traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

ACL

A

access control list
- essential for securing networks from unwanted traffic
consist of permit and deny statements often based on port numbers
the
place most specific rules at the top and generic at the bottom

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ACL key pieces of information

A

type of traffic
source of traffic
destination of traffic
action to take against traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Hardware based firewall

A

a dedicated network security device that filers and controls network traffic at the hardware level
commonly used to protect an entire network or subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Software firewall

A

a firewall that runs as a software app on inidividual devices

22
Q

NAC

A

network access control
-used to protect networks from both known and unknown devices by scanning devices to assess their security status before granting network access
-can be a applied as a hardware or a software solution

23
Q

Persistent Agents

A

installed on devices in a corporate environment where the org conrtrols and owns the device software

24
Q

non-persistent agents

A

common in environments with personal devices where users connect to a web based app and download an agent for scanning. It deletes itself after inspection

25
Q

802.1x standard

A

port based network access control mechanism based on IEEE 802.1x standard
modern NAC solutions build on this

26
Q

Rule based Access Control

A

NAC can use rule based methods like
-time based factors
-location based
-role based
-rule based (implement complex admission policies with logicial statements)

27
Q

WEb filtering

A

Web filtering or content filtering is used to control or restrict the content users
can access on the internet
■ Crucial for businesses, educational institutions, and parents to ensure safe and
productive internet use

28
Q

Types of web filtering

A

agent based
centralized proxy
URL scanning
content categorization
block rules
reputation based filtering

29
Q

Agent based web filtering

A

involves installing an agent on each device
monitors and enforces web usage policies
effective for remote and mobile workers

30
Q

Centralized proxy

A

uses a proxy server as an intermediary between an organization’s end
users and the Internet
● Evaluates and controls web requests based on policies
● If the request does not conform with the policies, the request is simply
blocked or denied

31
Q

URL scanning

A

Analyzes website URLs to check for matches in a database of known
malicious websites

32
Q

Content Categorization

A

Classifies websites into categories (e.g., social media, adult content) and
blocks or allows categories based on policies

33
Q

Block rules

A

Specific guidelines set by organizations to prevent access to certain
websites or categories, often used to address security threats

34
Q

Reputation based filtering

A

Blocks or allows websites based on a reputation score determined by
third-party services, considering factors like hosting malware or phish

35
Q

DNS filtering

A

DNS filtering (Domain Name System filtering) blocks access to specific websites
by preventing the translation of domain names to their IP addresses
-Users’ devices request domain name translation from DNS servers; if the domain
is on the block list, the server withholds the IP address to prevent access
■ Commonly used to enforce internet usage policies, block inappropriate content,
and protect against malicious websites
■ Often employed by schools, universities, and organizations to ensure safe and
educational internet usage

36
Q

DKIM

A

domainkeys identified mail
-Allows the receiver to verify the source and integrity of an email by
adding a digital signature to the email headers
● The recipient server validates the DKIM signature using the sender’s
public cryptographic key in the domain’s DNS records
● Benefits
○ Email authentication
○ Protection against email spoofing
○ Improved email deliverability
○ Enhanced reputation score

37
Q

SPF

A

sender policy framework
Prevents sender address forgery by verifying the sender’s IP against
authorized IPs listed in the sender’s domain DNS records
● A receiving server checks if the sender’s IP is authorized in the SPF recor

38
Q

DMARC

A

domain based message authentication reporting and conformance
DMARC detects and prevents email spoofing by setting policies for email
sending and handling failures
● DMARC can work with DKIM, SPF, or both
● Implementation helps protect against
○ Business email compromise attacks
○ Phishing
○ Scams
○ Cyber threats

39
Q

Email gateway protocol configuration

A

Email gateways serve as entry and exit points for emails, facilitating
secure and efficient email transmission
● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails
● Email gateways handle email routing, email security, policy enforcement,
and email encryption

40
Q

Email gateway deployment options

A

on premiscloud based
hybrid

41
Q

spam filtering

A

Spam filtering detects and prevents unwanted and unsolicited emails from
reaching users’ inboxes
■ Techniques
● Content analysis
● Bayesian filtering
● DNS-based sinkhole list
● Email filtering rules

42
Q

EDR

A

end point detection and response
Category of security tools that monitor endpoint and network events and record
the information in a central databas

43
Q

how endpoint detection works

A

Data Collection
● Collects data from endpoints (devices that are physically on the endpoint
of a network)
○ System processes
○ Registry changes
○ Memory usage
○ Network traffic patterns
■ Data Consolidation
● Sends collected data to a centralized security solution or database
■ Threat Detection
● Analyzes data using techniques like signature-based and behavioral-based
detection to identify threats
■ Alerts and Threat Response
● Takes actions such as creating alerts or performing threat response
actions when threats are detected
■ Threat Investigation
● Provides tools for security teams to investigate threats, including detailed
timelines and forensic data
■ Remediation
● Removing malicious files
● Reversing changes
● Restoring systems to their normal state

44
Q

FIM

A

file integrity monitoring
Validates the integrity of operating system and application software files by
comparing their current state with a known, good baseline
■ Identifies changes to
● Binary files
● System and Application Files
● Configuration and Parameter Files
■ Monitors critical system files for changes using agents and hash digests,
triggering alerts when unauthorized changes occur

45
Q

XDR

A

extended detection and response
ecurity strategy that integrates multiple protection technologies into a single
platform
■ Improves detection accuracy and simplified incident response
■ Correlates data across multiple security layers to detect threats faster, including
● email
● endpoint
● server
● cloud workloads
● network
○ Difference between EDR and XDR
■ EDR is focused on the endpoints to detect and respond to potential threats
■ XDR is more comprehensive solution because it focuses on endpoints, but also
on networks, cloud, and email to detect and respond to potential threats
● It integrates multiple protection technologies

46
Q

UBA

A

user behavior analytics
advanced security strategy that uses big data and machine learning to analyze behaviors for detecting security threats

47
Q

UEBA

A

User and Entity Behavior Analytics (UEBA)
■ Technology similar to UBA but extends the monitoring of entities like routers,
servers, and endpoints in addition to user accounts

48
Q

Secure protocols

A

Choose secure protocols to protect data in transit from unauthorized access
● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

49
Q

Telnet

A

app layer protocol that allows one computer to log onto another computer that is part of the same network
transmits in plaintext
use ssh instead of

50
Q

TCP

A

TCP (Transmission Control Protocol)
● Connection-oriented, ensuring data delivery without errors
● Ideal for applications where data accuracy is crucial, like web and email
servers
● Uses acknowledgments, retransmission, and sequencing for data integrity

51
Q

UDP

A

Connectionless and faster, but doesn’t guarantee data delivery
● Suitable for applications prioritizing speed over accuracy, like streaming
video or gaming

security + (33 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions