4.5-4.6

Question 1

network based fw

Answer 1

can also be layer 3 router, can do NAT, dynamic routing, can VPN between sites

Question 2

ips rules

Answer 2

signature based if signature matches then reject it. anomaly based, unusual traffic patterns flagged.

Question 3

url scanning

Answer 3

allow or restrict based on a url. managed by category.

Question 4

agent based web filter

Answer 4

deploy software on the user’s device to collect data.

Question 5

dns filtering

Answer 5

harmful sites don’t have their ip address resolved so they can’t connect to their website

Question 6

active directory (AD)

Answer 6

a database of everything on the network
-computers users, file sharess, printers, groups, and more

Question 7

SELinux

Answer 7

Security Enhanced Linux.
Adds mandatory access control (MAC) to Linux
which allows central admin to decide who gets access to what security level

Question 8

dac

Answer 8

discretionary access control. user has their own discretion as to what rights and permissions to assign to different resources in linux os.

Question 9

how to secure traffic over wifi or in general?

Answer 9

use wpa3 which encrypts all traffic over wifi

use vpn tunnel

Question 10

mail gateway

Answer 10

evaluates all emails to see if it is legit. decides if it goes to inbox or spam

Question 11

spf protocol

Answer 11

sender policy framework.
identifies authorized mail servers so you know if it is coming from a legit source

Question 12

dkim

Answer 12

domain keys identified mail. mail server digitally signs all outgoing mail

Question 13

dmarc

Answer 13

domain based message authentication, reporting, and conformance.

extension of spf and dkim. allows you to decide what receiving email servers should do with emails that weren’t validated with spf and dkim. also sends compliance reports

Question 14

fim

Answer 14

file integrity monitoring. monitor important os and app files and identify when changes occur.

Question 15

sfc

Answer 15

system file checker. windwos fim

Question 16

tripwire

Answer 16

linux fim

Question 17

endpoint

Answer 17

the user’s access.

Question 18

edr
xdr

Answer 18

endpoing detection and response many ways to detect threat, can investigate and respond.

extended detection and response. evolution of edr, has network based detection, correlateds endpoint, network, and cloud data for improved detection rates.

Question 19

persistent agent

Answer 19

permanently installed onto system

Question 20

dissolvable agent

Answer 20

no install required, runs during posture assessment deletes itself when scan is over

Question 21

agentless nac

Answer 21

integrated with active directory, checks made during login and logoff dont need download

Question 22

iam

Answer 22

identity and access management. identity lifecycle management. form onboard to leaving. nobody gets admin access

Question 23

Ldap

Answer 23

protocol for reading and writing directories over an ip network

Question 24

samL

Answer 24

security assertion markup language. you can autheticate through a third party to gain access. not made for mobile devices

Question 25

OAuth

Answer 25

authorization framework for modern and mobile devices. created by twitter,google and many others. allows for different types of authentication throught third parties to authorize access

Question 26

federation

Answer 26

when a website allows you to make an account using your google or facebook account

Question 27

interoperability

Answer 27

protocols and authentication or authorization method work well with each other

Question 28

rule based access control

Answer 28

generic term for following rules. access determined through system-enforced rules

Question 29

abac

Answer 29

attribute based access control, can consider many parameters when authorizing.

Question 30

hard/soft

Answer 30

key card or usb (physical things), hardware or software tokens (logical)