Ch.7 Flashcards
a monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised
anomaly-based monitoring
a firewall that can identify the applications that send packets through the firewall and then make decisions about the applications
application-aware firewall
a specialized intrusion detection system (IDS) that is capable of using “contextual knowledge” in real time
application-aware IDS
an intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems
application-aware IPS
a special proxy server that knows the application protocols that it supports
application-aware proxy
a monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it
behavior-based monitoring
searching incoming web content to match keywords
content inspection
a defense that uses multiple types of security devices to protect a network. Also called LAYERED SECURITY
defense in depth
a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network
demilitarized zone (DMZ)
a set of individual instructions to control the actions of a firewall
firewall rules
a monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists
heuristic monitoring
a software-based application that runs on a local host computer that can detect an attack as it occurs
host-based intrusion detection system (HIDS)
a device that detects an attack as it occurs
intrusion detection system (IDS)
a defense that uses multiple types of security devices to protect a network. Also called DEFENSE IN DEPTH
layered security
a dedicated network device that can direct requests to different servers based on a variety of factors
load balancer
searching for malware in incoming web content
malware inspection
a technique that examines the current state of a system or network device before it is allowed to connect to the network
network access control (NAC)
a technique that allows private IP addresses to be used on the public Internet
network address translation (NAT)
a technology that monitors network traffic to immediately react to block a malicious attack
network intrusion prevention system (NIPS)
hardware or software that captures packets to decode and analyze their contents
protocol analyzer
a computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the user
proxy server
any combination of hardware and software that enables remote users to access a local internal network
remote access
a computer or an application program that routes incoming requests to the correct server
reverse proxy
a device that can forward packets across computer networks
router
a monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares that activities against a predefined signature
signature-based monitoring
a technique that uses IP addresses to divide a network into network, subnet, and host
subnetting (subnet addressing)
a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices
switch
network hardware that provides multiple security functions
unified threat management (UTM)
restricting access to unapproved websites
URL filtering
a technology that allows scattered users to be logically grouped together even though they may be attached to different switches
virtual LAN (VLAN)
a technology that enables use of an unsecured public network as if it were a secure private network
virtual private network (VPN)
a device that aggregates VPN connections
VPN concentrator
a special type of application-aware firewall that looks at the applications using HTTP
web application firewall
a device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).
web security gateway
- Which secure feature does a load balancer NOT provide?
a. hide HTTP error pages
b. remove server identification headers from HTTP responses
c. filter packets based on protocol settings
d. block denial-of-service (DoS) attacks
C
- Which of these would NOT be a filtering mechanism found in a firewall rule?
a. source address
b. date
c. protocol
d. direction
b
- A(n)_____ can identify the application that send packets and then make decisions about filtering based on it.
a. application-aware firewall
b. reverse proxy
c. Internet content filter
d. web security gateway
a
- Which function does an Internet content filter NOT perform?
a. URL filtering
b. malware inspection
c. content inspection
d. intrusion detection
d
- How does network address translation (NAT) improve security?
a. it discards unsolicited packets
b. it filters based on protocol
c. it masks the IP address of the NAT device
d. NATs do not improve security
A
- How does a virtual LAN (VLAN) allow devices to be grouped?
a. based on subnets
b. logically
c. directly to hubs
d. only around core switches
b
- Which device is easiest for an attacker to take advantage of in order to capture and analyze packets?
a. hub
b. switch
c. router
d. load balancer
a
- Which of these is NOT an attack against a switch?
a. MAC address impersonation
b. ARP poisoning
c. MAC flooding
d. ARP impersonation
d
- Which statement regarding a demilitarized zone (DMZ) is NOT true?
a. It can be configured to have one or two firewalls
b. It provides an extra degree of security
c. It typically includes an email or web server
d. It contains servers that are used only by internal network users
d
- Which statement about network address translation (NAT) is true?
a. It can be stateful or stateless
b. It substitutes MAC addresses for IP addresses
c. It removes private addresses when the packet leaves the network
d. It can be found only on core routers
c
- Which of these is NOT an advantage of a load balancer?
a. The risk of overloading a desktop client is reduced
b. Network hosts can benefit from having optimized bandwidth
c. Network downtime can be reduced
d. DoS attacks can be detected and stopped
a
- A (n)___________intercepts internal user requests and then processes those requests on behalf of the users.
a. content filter
b. host detection server
c. proxy server
d. Intrusion prevention device
C
- A reverse proxy _____.
a. only handles outgoing request
b. is the same as a proxy server
c. must be used together with a firewall
d. routes incoming requests to the correct server
d
- Which is the preferred location for installation of a spam filter?
a. on the POP3 server
b. with the SMTP server
c. on the local host client
d. on the proxy server
b
- A _____ watches for attacks and sounds an alert only when one occurs.
a. firewall
b. network intrusion prevention system (NIPS)
c. proxy intrusion device
d. network intrusion detection system (NIDS)
d
- A multipurpose security device is known as _____.
a. Cohesive Attack Management System (Co-AMS)
b. Proxy Security System (PSS)
c. Intrusion Detection/Prevention (ID/P)
d. Unified Threat Management (UTM)
d
- Each of these can be used to hide information about the internal network EXCEPT _____.
a. a protocol analyzer
b. subnetting
c. a proxy server
d. network address translation (NAT)
a
- What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?
a. There is no difference; a NIDS and a NIPS are equal
b. A NIPS can take actions more quickly to combat an attack
c. A NIDS provides more valuable information about attacks
d. A NIPS is much slower because it uses protocol analysis
b
- If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by ______.
a. a Trojan horse
b. TCP/IP hijacking
c. Address Resolution Protocol (ARP) poisoning
d. DHCP man-in-middle
c
- A firewall using ______ is the most secure type of firewall.
a. stateful packet filtering
b. network intrusion detection system replay
c. stateless packet filtering
d. reverse proxy analysis
a