701 - Chapter 3 Flashcards
What are the seven layers of the OSI model starting from lowest to highest?
Physical, data link, network, transport, session, presentation, application
This layer is where the network switches reside, it format, data, and data frames and routes it between systems using their media access control addresses?
Data link
This layer introduces IP addresses. At this layer, routers use IP addresses to send information between systems that are not located on the same local network. The Internet protocol is the primary protocol at this layer.
Network
This layer is all about the basic equipment of networking, copper, wires, fiber, optic cables, and radio waves?
Physical
This layer provides Aunt and communication services for applications. TCP and UDP exist at this layer.
Transport
This layer establishes, manages, and terminates sessions between applications, running on different devices, allowing them to communicate and exchange data
Session
This layer translates data into a standard format that can be understood by the application layer and provides encryption compression and other data transformation services
Presentation
This layer provides network services to applications, allowing them to communicate with other applications over the network
Application
This protocol provides connection oriented traffic with guaranteed delivery. It uses a three-way handshake….
TCP
This protocol provides connection sessions without a three-way handshake. It also makes a best effort to deliver data without using extra traffic to ensure delivery…
UDP
Many network based denial of service attacks, use what protocol?
UDP
This protocol identifies hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
IP
This protocol tests basic connectivity and includes tools like ping and tracert?
Internet control message protocol ICMP
True or false blocking ICMP prevents attackers from discovering devices on a network
True
It is not common to block ICMP at firewall and routers
False, because I often ICMP is used in attack. It has become common to block IMCP.
This protocol resolves IPV four addresses to Mac addresses
Address Resolution protocol ARP
Name the three protocols that are now insecure and should no longer be used to transfer data over a network?
FTP, trivial file transfer protocol TFTP, secure socket layer SSL
What is the designated secure replacement for SSL?
Transport layer security TLS
This protocol is used to encrypt IP traffic?
IPSec
This protocol encrypt data in transit and can be used to encrypt other protocols, such as FTP… what port does it use?
Secure shell SSH, port 22
This protocol is based on SSH and is used to copy encrypted files over a network?
Secure copy SCP
This protocol is a secure implementation of FTP and uses SSH to encrypt traffic?
Secure file transfer protocol SFTP
This protocol is another secure implementation of FTP, it uses TLS to encrypt FTP traffic?
File transfer protocol secure, FTPS
What is the secure version of email protocol SMTP (port 25)? And what protocol and port does it use?
Simple mail transfer protocol secure SMTPS, it uses TLS encryption and uses TCP port 587
What is the secure version email protocol POP3 (port 110)? And what port does it use?
POP3, it uses port 995
This email protocol is used to store email on a Mail server and it allows users to organize and manage Mail and folders on the server? And what is the secure port used for this protocol?
Internet message access protocol IMAP (port 143)…secure port is 993.
What is the secure version of HTTP (port 80)? And what port does it use?
HTTPS, port 443
What are the three email authentication methods that help prevent email fraud and abuse by verifying the authenticity of the sender’s domain and ensure that the emails not been modified during transit?
Sender policy framework SPF, domain keys identified mail DKIM, domain based message authentication reporting and conformance DMARC
Which email authentication method uses DNS records to define which IP addresses are authorized to send emails on behalf of a domain?
SPF
Which email authentication method uses public key cryptography to sign and verify and email domain and content?
DKIM
Which email authentication method builds on top of SPF and DKIM by allowing domain owners to set policies for how to handle emails that fail authentication checks and provide reporting mechanisms to monitor monitor and improve email authentication performance
DMARC
What network device or software applications act as a barrier between an organizations, internal email system and the external Internet, filtering, incoming and outgoing emails for spam malware, and other types of threats?
Email gateway
What is the Microsoft directory service that provides authentication and authorization services for a network?
Active directory domain services AD DS
What does a AD DS use for its operations?
LDAP encrypted with TLS when querying the directory
What port does LDAP use? And what port does LDAPS use?
389 and 636
What protocol delivers audio and video over IP networks? And what is its secure counterpart?
Real time, transport protocol, RTP and secure real time transport protocol SRTP
This protocol is used to initiate maintain and terminate voice video and messaging sessions?
Session initiation protocol SIP
What are the three ways that administrators can connect to servers remotely?
SSH, RDP, a VPN
What port does RDP use?
TCP port 3389
What is the name of the suite of tools that simplifies the use of SSH to connect to remote servers securely?
Open SSH
What is the SSH command to create a public private key pair? And what is the SSH command that copies the public key to a remote server?
ssh-keygen…ssh-copy-id
What is the most commonly used protocol for time synchronization?
Network time protocol NTP
What are the three IP ranges that are private and can be used to allocate with a private network? And what do routers on the Internet do when they see any traffic that’s coming from or going to a private IP address?
10.x.y.z, 172.16.y.z - 172.31.255.255, 192.168.y.z… they have rules to drop that traffic
What was created in response to exhausting all IPv4 addresses? And what is used for local addresses?
IPV6…fc00
What is used to resolve hostname to IP addresses?
Domain name system DNS
What is it called when attacker modifies the DNS cash with a bogus IP address?
DNS poisoning
What is the primary method of present preventing DNS cash poisoning called?
Domain name system security extensions DNSSEC
With DNSSEC, what is added to each DNS record? And what does that do?
Resource record signature RRSIG… It is a digital signature, added to each record which provides data integrity and authentication for DNS replies
What is one to one traffic called? And what is one to all traffic called? What will pass broadcast traffic between its ports and what will not pass Broadway broadcast traffic?
Unicast… Broadcast…a switch…a router
What connects computers and other devices to each of its physical ports?
A switch
What is the main security reason why organizations replace hubs with switches?
Because Uni cast traffic goes to all ports on a hub, whereas on a switch, the traffic only goes to the port referenced in the unicast
What is a switch hardening technique that disables unused ports and/or limits the number of MAC addresses per port?
Port security
What is a switch hardening technique that allows or blocks access to system by MAC address?
MAC filtering
What can flood a network with traffic and effectively disable a switch? And what two protocols are used to prevent this and broadcast storm prevention from happening?
Switching loop or bridge loop problem… spanning tree protocol, STP or rapid STP RSTP
What does STP send to detect switching loops in a network
Bridge protocol data unit BPDU messages
What is a switch port that’s connected to a device called?
An edge port
Many switches support what feature that is enabled on edge ports? And how does it work?
BPDU Guard… it monitors ports for any unwanted BPD messages, if it receives any, it disables the port effectively blocking a BPDU attack
What device connects multiple network segments into a single network and route traffic between the segments? And what is the name for the segments that are separated by these devices sometimes referred to?
A router… broadcast domain
What is implemented on routers and firewalls to identify what traffic is allowed and what traffic is denied?
Access control lists…ACL
Router ACLs provide basic packet filtering…they filter packets on what three common characteristics?
IP address, ports, protocols
What is used to block all access that has not been explicitly granted, routers and firewalls use this as the last rule and their access control list?
Implicit deny
What command is used to display or modify a systems routing table on both windows and Linux systems?
The route command
What protocol is used to monitor and manage network devices such as routers or switches? What version do administrators use? Why? And what port does it use?
Simple network management protocol SNMP…SNMPv3…it encrypt credentials before sending them over the network and is more secure than the earlier versions… UDP port 161 and 162
What filters incoming and outgoing traffic for a single host or between networks?
A firewall
Which firewall type monitors traffic going in and out of a single host such as a server or a workstation? And which firewall type protects an entire network?
A host based firewall…network based firewall
True or false host based firewalls tend to be software based while network based firewalls tend to be a device?
True… a network based firewall is usually a network appliance
True or false most organizations will either use host space or network-based firewalls but not both together?
False… The two together provide overall defense in depth
This type of firewall rule is purely implemented on ACL’s and treats each network package that they see as a new event and does not track any information about previous network traffic?
Stateless firewall
What is the rule that firewalls use at the end of the ACL to enforce an implicit deny strategy?
A deny any any, a deny any, or a drop all
This type of firewall uses ACLs but also inspects traffic and makes decisions based on the traffic context or state, it keeps track of establish sessions and inspects traffic based on the state within a session and will block traffic that isn’t part of an establish session?
A stateful firewall
Most modern based firewalls are of what type? What layer do they operate at? what is the commonly referred to name?
Stateful… transport layer… Layer 4 firewalls
This type of firewall is specifically designed to protect a web application from a wide variety of web based
attacks and is placed between the web server and the web server clients?
Web application firewall WAF
This type of firewall performs deep packet inspection and adds application level inspection as a core feature and is aware of common application protocols used on the Internet, such as FTP and HTTP?
Next generation firewall NGFW
What is another name for WAF and NGFW? And why?
Layer 7 firewalls… because they can analyze information all the way through layer 7
What is the name for an internal network? And what is the name for part of the network that can be accessed by authorize entities from outside of the network?
Intranet and extranet
What is the goal of placing Systems into different zones limiting the connectivity they have to each other?
Reducing the attack surface
What is the security zone between a private network and the Internet called? And what two devices in this area usually sit between?
A screened subnet or DMZ…two firewalls
What is the protocol that translates public IP addresses to private IP addresses and private IP addresses back to public? And what hosts it?
Network address translation, NAT… network address translation gateway
What are two benefits of NAT and one drawback?
Public IP addresses don’t need to be purchased for all clients, NAT hides internal computers from the Internet… NAT is not compatible with IPSec
What is a common form of NAT?
Port address translation PAT
NAT has two forms, what are they? Which one uses a single public IP address in a one to one mapping? And which one uses multiple public IP addresses in a one too many mapping?
Static and dynamic…static…dynamic…
What is it called to physically isolate a network from others? And what type of systems are generally designed this way?
Air gap… SCADA Systems
What is network segmentation between logical groups of users or computers called? And what can it do?
Virtual local area network, VLAN… It can logically group several different computers together or logically separate computers without regard to their physical location.
What device is used when creating a VLAN?
A switch
True or false VLANs can be used to separate traffic types, such as oy traffic on one VLAN and #DATA traffic on a separate VLAN
True
Within a network, East West traffic refers to what? And north south traffic refers to what?
Traffic between servers… Traffic between clients and servers
What is a dedicated system designed to fulfill a specific need called?
Network appliance
What network appliance forwards requests for services such as HTTP or HTTPS from a client?
A proxy server
What are two other functions that proxy server can perform?
Cashing content for performance and content filtering
What do proxy servers use to enforce content filtering?
Block rules
What is the difference between a centralized proxy server versus an agent based proxy server?
A centralized proxy server sits on the network in a strategic location where it can intercept and analyze user request… an agent based is where the filter resides on each users computer, that filter receives a policy from an organized central policy server regarding filtering
What type of proxy server accepts request from the Internet, appearing as the web server, but actually is forwarding the request to the Web server and serving the pages returned by the web server?
Reverse proxy
What two other functions do a reverse proxy perform?
It cashes the requested webpages so it can improve website performance, and it can act as a load balancer
This type of proxy server accepts and forwards requests without modifying them? And this type of proxy server uses URL filters to restrict access to certain sites? Both of which do what?
Transparent… non-transparent… log user activity
This device is a single solution that combines multiple security controls to provide better security while also simplifying management requirements?
Unified threat management UTM
What are the four security controls that a UTM can provide?
URL filtering, malware inspection, content inspection, and DDOS mitigator
What is a hardened device used to access and manage other devices in a different security zone called? Where is it placed on the network?
A jump server… it is placed between different security zones
Why is it important that the jump server be hardened and ideally not be used for anything else?
Hardening the server and limiting the services that can be run on that jump server limits what an attacker can target on the server.
What refers to the idea that we do not make trust decisions based on network location, instead we focus on implementing strong authentication systems and create policy driven access controls based upon a users identity vice their systems location?
Zero trust network access ZTNA
When a user or system wants to access a resource, the zero trust environment makes that decision through what?
A system known as the policy enforcement point PEP
What is when a system changes the way it ask a user to authenticate based upon the context of the request?
Adaptive identity authentication
What are the two planes that a zero trust uses to divide the different types of communication?
Control plane and #DATA plane
Which plane is the communications to control and configure the network occur on?
The control plane
Which plane is the communications used by the end user and software to communicate with each other take place on, in other words, it contains all of all of the systems that carry out the work of the organization?
DATA plane
What are two key components of the control plane called? And together, what are they known as?
Policy engine and policy administrator… policy decision point
What enforces the policy decisions made for a zero trust network and is the only system allowed to cross between the control plane and the data plane?
Policy enforcement point
What decides whether to grant access to a resource for a given subject and they zero trust network?
Policy engine
What is responsible for communicating that decisions made by the policy engine to the policy enforcement point?
The policy administrator
What are the three core components of the data plane?
The subject which is the user, the system which is what is used by the user to access a resource, and the enterprise resource which is what the user wants to access
What is a design philosophy closely related to zero trust that brings together, networking and security functions and delivers them as an integrated cloud service?
Secure access service edge SASE