ch 6

Question 1

Hardware or software device used to join two separate computer networks to enable communication between them

Answer 1

• Bridges

Question 2

A device that connects network hosts intelligently.

Answer 2

• Switches

Question 3

Forwards packets across different computer networks.

Operates at a Network Layer (layer3)

Answer 3

• Routers

Question 4

acts upon data found in Network and transport layer protocols

Answer 4

• Layer 4 Load balancer

Question 5

Distribute requests based on data found in application layer protocols.

Answer 5

• Layer 7 load balancer

Question 6

a computer or an application program that intercepts user requests from the internal network and processes that request on behalf of the user.

Answer 6

Forward proxy

Question 7

A special proxy server that “knows” the application protocols that it supports.

Answer 7

• Application/Multipurpose

Question 8

Routs requests coming from an external network to correct internal server.

Answer 8

• Reverse Proxy

Question 9

Does not require any configuration on the user’s computer.

Answer 9

• Transparent Proxy

Question 10

Can be software or hardware based.

Both types inspect packets and either accept or deny entry.

Answer 10

• Firewalls

Question 11

– Inspects incoming packet and permits or denies based on conditions set by administrator

Answer 11

• Stateless Packet Filtering

Question 12

– (lets packets pass through)

Answer 12

Allow

Question 13

– (prevent the packet from passing into the network and send no response to sender)

Answer 13

Drop

Question 14

– (prevent the packet from passing into the network but send a message to the sender).

Answer 14

Reject

Question 15

– Operates on a higher level by identifying applications that send packets through the firewall and make decisions about actions to take.

Answer 15

• Application-Aware Firewalls

Question 16

– Special type of application aware firewall that looks deeply into packets that carry HTTP traffic. Can block specific sites of HTTP traffic

Answer 16

• Web application Firewall (WAF)

Question 17

enables authorized users to use an unsecured public network as if it were a secure private network.

Answer 17

• (VPN) Virtual Private Network

Question 18

a user to LAN connection

Answer 18

• Remote access VPN

Question 19

Multiple sites can connect to other sites over the internet

Answer 19

• Site to Site

Question 20

Allow the user to always stay connected.

Answer 20

• Always on VPNs

Question 21

end of the tunnel between VPN devices, may be software on local computer or a VPN concentrator.

Answer 21

Endpoints

Question 22

A dedicated hardware device that aggregates hundreds of thousands of VPN connections.

Answer 22

• VPN concentrator

Question 23

some traffic is routed over the secure VPN, while other traffic directly accesses the internet.

Answer 23

• Split Tunneling

Question 24

(SMTP)

Answer 24

Simple Mail Transfer Protocol

Question 25

(POP/POP3)

Answer 25

Post Office Protocol

Question 26

(IMAP)

Answer 26

Internet Message Access Protocol

Question 27

is a more recent and advanced email system

Answer 27

• (IMAP) Internet Message Access Protocol

Question 28

Monitors email for unwanted content.

Answer 28

• Mail Gateway

Question 29

Can detect attack as it occurs

Answer 29

• (IDS) Intrusion detection system

Question 30

– Compares current detected behavior with baseline

Answer 30

• Anomaly- based Monitoring

Question 31

Looks for well-known attack signature patterns

Answer 31

• Signature based monitoring

Question 32

Detects abnormal actions by processes or programs, alerts user who decides whether to allow or black activity.

Answer 32

• Behavior based monitoring

Question 33

– Uses experience based techniques

Answer 33

• Heuristic Monitoring

Question 34

A software- based application that can detect an attack as it occurs. Monitors, system calls and files, unauthorized registry modification, anomalous activity.

Answer 34

• (HIDS) Host intrusion detection system

Question 35

watches for attack on the network, sensors installed on firewalls and routers, can sound alarm and log events.

Answer 35

• (NIDS) Network intrusion detection system-

Question 36

aware IDS- a specialized IDS, uses “contextual knowledge” in real time, it can know the version of the OS or which application is running.

Answer 36

• Application

Question 37

Monitors network traffic to immediately block a malicious attack, similar to NIDS.

Answer 37

• (IPS) Intrusion Prevention System

Question 38

knows which application are running as well as the underlying OS.

Answer 38

• Application aware IPS

Question 39

Consolidates real-time monitoring and management of security information.

Answer 39

• (SIEM) Security and Information Event Management

Question 40

a dedicated cryptographic processor that provides protection for cryptographic keys

Answer 40

hardware security module

Question 41

a separate device that decrypts SSL traffic

Answer 41

SSL decryptor

Question 42

a seperate hardware card that insets into a web server that contains one or more co-processors to handle SSL/TLS processing

Answer 42

SSL/TLS accelerator

Question 43

a device that converts media data from one format to another

Answer 43

Media gateway

Question 44

integrated device that combines several security functions

Answer 44

Unified Threat Management (UTM)

Question 45

monitors internet traffic and blocks access to preselected websites and files

Answer 45

internet content filter

Question 46

Blocks malicious content in real time as it would appear without first knowing the URL at a dangerous site.

Answer 46

Web Security Gateway

Question 47

a separate network located outside the secure network. (unsecure)

Answer 47

• (DMZ) Demilitarized Zones

Question 48

Allows private IP addresses to be used on the public internet, replaces private IP addresses with public addresses. Masks IP addresses

Answer 48

• (NAT) Network address Translation

Question 49

a private network that belongs to an organization that can only be accessed by internal users

Answer 49

intranet

Question 50

a private network that can be accessed by authorized external customers, vendors, and partners

Answer 50

extranet

Question 51

a separate open network that anyone can access without prior authorization

Answer 51

guest network

Question 52

Isolates the network so that it is not accessible by outsiders.

Answer 52

• Physical Network Segregation

Question 53

The absence of any type of connection between devices, (a secure network and a regular network

Answer 53

• Air gap

Question 54

allow scattered users to be logically grouped together, even if attached to different switches.

Answer 54

• (VLAN) Virtual Lan

Question 55

protocol is used for communicating between switches

Answer 55

special “tagged” (802.1Q)

Question 56

Examines the current state of a system or network device before it can connect to the network

Answer 56

• (NAC) Network Access Control

Question 57

disappears after reporting information to the NAC

NAC technology can be embedded within a Microsoft Windows Active Directory domain controller.

Answer 57

Dissolve NAC agent

Question 58

NAC uses AD to scan the device

Answer 58

agent-less NAC)

Question 59

system of security tools that is used to recognize and identify data that is critical to the organization.

Answer 59

• (DLP) data loss prevention

Question 60

is used for Monitoring emails through mail gateway, blocking and copying files to a USB flash drive (USB Blocking).

Answer 60

• (DLP) data loss prevention

Question 61

Defined as a security analysis of the transaction within its approved context.

Answer 61

Content inspection –

Question 62

Three types of DLP sensors

Answer 62

DLP network sensors
DLP storage sensors
DLP agent sensors (host)