CASP lesson 4 Flashcards

1
Q

forward traffic between subnets by inspecting IP addresses and so
operate at layer 3 of the OSI model.

A

routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

a special purpose device, or appliance, containing
specialized software allowing the configuration of traffic management rules.

A

load balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

attacks attempt to disrupt the normal flow of traffic
of a server or service by overwhelming the target with traffic.

A

Distributed Denial-of-Service (DDoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

can be used to reduce the amount of throughput available to the
server or service being attacked. This approach protects the attack from consuming
all available bandwidth and impacting other servers and services on the network.

A

Rate Limiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.

A

Web Application Firewall (WAF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.

A

Web Application Firewall (WAF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

essentially takes all the traffic
intended for an endpoint and essentially drops it. This approach drops both
legitimate and malicious traffic.

A

Blackhole Routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

provide DDoS protection as a service and using this
approach requires updating DNS to point traffic to the service provider in order for
it to be inspected prior to it reaching the intended service.

A

Cloud Service Providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

provides special purpose devices and
software designed to identify and protect against this type of attack.

A

DDoS Mitigation Software/Appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a device or virtual appliance
which provides multiple security services in a single solution

A

unified threat management (UTM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Type of proxy provides for protocol-specific outbound traffic.

A

forward proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The main benefit of a _____ is that client computers connect to a specified point
on the perimeter network for web access.

A

proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A _______________ proxy means that the client must be configured with the
proxy server address and port number to use it. The port on which the proxy
server accepts client connections is often configured as port 8080.

A

non-transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A_______________proxy (or forced or intercepting) intercepts client traffic without
the client having to be reconfigured. A transparent proxy must be implemented
on a switch or router or other in-line network appliance.

A

transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A ___________ script allows a client to configure proxy settings without
user intervention. The ____________ protocol allows browsers to
locate a PAC file.

A

proxy autoconfiguration (PAC); Web Proxy Autodiscovery (WPAD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A ______________ is a system put in-line of traffic destined to a specific host or group
of hosts.

A

Reverse

17
Q

A _________________ works as a shield and is designed to protect web
applications from attacks such as SQL injection, cross-site scripting (XSS), crosssite
request forgery (XSRF), file inclusion, directory traversal, and a myriad of
other common web-application attacks.

A

web application firewall

18
Q

A separate host, or virtual machine, configured to perform
WAF functions. This is the most costly option to acquire and maintain but
provides the greatest flexibility and performance.

A

Network-based

19
Q

Software that runs on the same host as the web application server.
It is inexpensive to acquire and maintain but complicates the configuration of
the web application and can require considerable computational resources. A
very popular and widely implemented host-based WAF is __________, which
is Apache licensed free software and compatible with a wide variety of platforms.

A

Host-based; Modsecurity

20
Q

WAF functionality provided by a service provider and delivered
via a cloud platform. Less expensive than a network-based WAF, cloudbased
WAF is a unique option in that it offers access to expertly configured
WAF protection with minimal installation effort and very low maintenance
requirements.

A

Cloud-based

21
Q

An ________________ provides a mechanism allowing software interfaces to be detached
from the main application.

A

API gateway

22
Q

When it is necessary to simply expose an API service externally, such as to the
internet, an ____________________ may be more applicable
as it can isolate the service and allow processing and firewall-like inspection of the
traffic. An _____________________ does not offer the same extensibility as an API Gateway but
offers similar protections.

A

eXtensible Markup Language (XML) gateway

23
Q

There are several ways in which a DNS server can be exploited, but a common attack involves
entering false information into the DNS server’s cache, sometimes referred to as
______________.

A

DNS Spoofing or DNS Poisoning

24
Q

Traditional DNS has no inherent way to verify the
data in its cache, and so the data stored in the cache remains in place until its _______________ expires or the data is manually cleared

A

time
to live (TTL)

25
Q

To extend traditional DNS with DNSSEC functionality, the authoritative DNS server
for a zone must create a “package” of resource records called a _________________ digitally signed using its ______________.

A

Resource Record
Set (RRset); Zone Signing Key

26
Q

The zone signing key is also signed using a ___________________.

A

Key Signing Key

27
Q

vpns..______ is used to establish the
tunnel, and ________ is used to perform encryption.

A

l2tp. IPsec

28
Q

Common VPN protocols

A

OpenVPN
* L2TP/IPSec
* IKEv2/IPSec
* WireGuard
* SSTP
* IPSec
* PPTP

29
Q

To protect a network by limiting access to only trusted devices,_______________________allows the creation of policies designed to evaluate connected
devices and determine whether to allow them access to a network environment.

A

Network Access
Control (NAC)

30
Q

comparing observed traffic to known attacks which are
defined by a signature

A

Signature-based

31
Q

Anomaly-based comparing observed traffic to typical protocol activity, such
as amount, or volume, of a particular protocol or typical characteristics of a
protocol’s operation

A

Anomaly-based

32
Q

comparing observed traffic to the traffic obtained during a
learning period whereby the NIDS determines typical network traffic patterns
and volumes within a specific setting. Anything that deviates from the patterns
determined during the learning period is flagged as suspicious.

A

Behavior-based