Chapter 11 Flashcards
What is the addition of a header, and possibly a footer, to the data received by each layer from the layer above before it’s handed off to the layer below.
Encapsulation
What is the container name for OSI layers 5-7?
PDU
What is the container name for OSI layer 4?
Segment/Datagram
What is the container name for OSI layer 3?
Packet
What is the container name for OSI layer 2?
Frame
What is the container name for OSI layer 1?
Bits
What are the protocols for interior routing ?
RIP
IGRP
OSPF
IS-IS
What are the protocols for exterior routing?
BGP
What are attacks related to DNS poisoning ?
Rouge DNS Server
Pharming
Altering host file
Corrupting IP configuration
DNS query spoofing
Proxy Falsification
What attack is the act of changing the registration of the domain name without the authorization of the owner ?
Domain Hijacking
What are the drawbacks of using multilayer protocols ?
Covert Channels
Filter bypass
Violation of network segmentation boundaries
What are the benefits of multilayer protocols?
Can be used at higher OSI layers
Encryptions
Flexibility
Resiliency
What are some examples of network segmentation?
Intranet
Extranet
Screened Subnets
What are the benefits of network segmentation?
Manage traffic
Improve performance
Enforce security
What is the act of dividing up an internal network into numerous sub zones ?
Micro segmentation
How are micro-segmentated zones separated ?
ISFWs
Subnets
VLANs
What are some converged protocols ?
FCoE
MPLS
iSCSI
VPN
SDN
IaC
What are the two authentication options supported by WPA2?
PSK/PER and 802.1x/ENT
What encryption standard does WPA3 use ?
192-bit AES-CCMP
What encryption standard does WPA3-PER use?
128-bit AES CCMP
Which WPA3 method uses SAE?
WPA3 128-bit AES CCMP
What performs a zero knowledge proof process known as dragonfly key exchange which is a derivative of Diffie-Hellman?
SAW
What are some wireless attacks ?
Evil Twin
Rouge Access Points
Disassociation
Jamming
IV Abuse
War Driving
Replay
What security mechanism seeks to detect, record, evaluate, and respond to suspicious activities?
EDR
What is a combination of multiple technologies such as a SIEM, EDR, NTA, and IDS?
MDR
What service monitors an IT environment in real time to quickly detect and resolve threats ?
MDR
What service is not limited to endpoints and focuses on threat detection and mediation ?
MDR
Managed Detection and Response
What is a variation of EDR?
EPP
Endpoint Protection Platform
What are the four main security functions of EPP?
Predict
Prevent
Detect
Respond
What often includes components of EDR, MDR, and EPP?
XDR
Extended Detection and Response
What can be deployed fully on premises, in the cloud, or as a hybrid structure ?
MSSP
Managed Security Service Provider
What can provide XDR solutions that are centrally controlled and managed ?
MSSP
What is a remote access multilayer switch used to connect distant networks over WAN links ?
LAN Extender
What is a remote access system used to make accessing a system or network easier or more securely.
Jumpbox / Jump server
What is often deployed in extranets, screened subnets, or cloud networks where standard direct links or private channels is not available.
Jump box / Jump server
What is based on SoC and collects and transmits information back to a central system for storage and analysis?
Sensors
What enables the leveraging of an existing AAA service like RADIUS or TACACS+ for authentication?
ENT
What is a mapping of signal strength measurements over a building’s blueprints?
Heat Map
What are the concerns of IPV6?
More addresses for attackers
All security products must be upgraded
Loss/Lack for NAT
What are three ways for IPV4 and IPV6 to coexist on the same network ?
Dual Stack
Tunneling
NAT-PT
What means having the system run both IPV4 and IPV6 and using the correct protocol for each conversation?
Dual stack
What allows most systems to operate a single stack of either IPV4 or IPV6 and use an encapsulation tunnel to access systems of the other protocol.
Tunneling
What can be used to convert between IPv4 and IPv6 network segments?
NAT-PT
What is the default subnet mask of Class A and CIDR equivalent?
255.0.0.0 or /8
What is the default subnet mask of Class B and CIDR equivalent?
255.255.0.0 or /16
What is the default subnet mask of Class C and CIDR equivalent?
255.255.255.0 or /24
What is used to determine the health of a network or specific link?
ICMP
What commands utilize ICMP?
Ping
Traceroute
Pathping
What attacks are used against ICMP?
Ping of Death
Smurf
Ping Flood
What protocol allows systems to support multicasting ?
IGMP
What protocol is used to convert IP 32 bit addresses into MAC addresses?
ARP
What attack is where an attacker send bogus information into the ARP cache?
ARP poisoning/spoofing
What is the best defense against ARP poisoning?
Port Security
What are all the ways to protect against ARP poisoning ?
Port Security
Endpoint security products
Static ARP entries
What is an authentication service for cross-network service communications and is simply a means to prevent unauthorized execution of code on remote systems.
S-RPC
What is a cryptographic protocol that provides end-to-end encryption for voice communications, videoconferencing, and text message services.
Signal protocol
What is nonfederated and is a core element in the messaging app named Signal.
Signal Protocol
What is an encryption protocol that operates at OSI layer 4 (by encrypting the payload of TCP communications).
TLS
What are the drawbacks of multilayered protocols ?
Covert channels are allowed.
Filters can be bypassed.
Logically imposed network segment boundaries can be overstepped.
What operate by encapsulating or converging data storage signals into TCP/IP communications in order to separate storage and proximity.
SAN
What are often used to enhance networked storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries
SAN
What is a high-throughput high-performance network technology that directs data across a network based on short path labels rather than longer network addresses.
MPLS
What is a networking storage standard based on IP that operates at layer 3.
ISCSI
What technology can be used to enable location-independent file storage, transmission, and retrieval over LAN, WAN, or public internet connections ?
ISCSI
What is often viewed as a low-cost alternative to Fibre Channel.
ISCSI
What attacks are VOIP vulnerable to?
SPIT
Host OS and DoS attacks
What aims to minimize the risk of DoS, on-path attacks, and other VoIP exploits through robust encryption and reliable authentication.
SRTP
What refers to the traffic flow that occurs within a specific network, data center, or cloud environment.
East-West Traffic
What refers to the traffic flow that occurs inbound or outbound between internal systems and external systems.
North-South Traffic
What philosophy requires a system to meet all current security requirements (such as patch application and malware scanner updates) before it is allowed to communicate with the network.
Preadmission
What philosophy allows and denies access based on user activity, which is based on a predefined authorization matrix.
Postadmission
What common ingress filters and egress filters can be used to block spoofed packets that often relate to malware, botnets, and other unwanted activities.
Blocking inbound packets claiming to have an internal source address
Blocking outbound packets claiming to have an external source address
Blocking packets with source or destination addresses listed on a block list
Blocking packets that have source or destination addresses from the local area network (LAN) but haven’t been officially assigned to a host
What is a standard or common proxy that acts as an intermediary for queries of external resources.
Forward Proxy
What handles inbound requests from external systems to internally located services.
Reverse Proxy
What is a type of security zone that can be positioned so that it operates as a buffer network between the secured private network and the internet and can host publicly accessible services.
Screened Subnet
What is a set of rules and restrictions that define how data is transmitted over a network medium (e.g., twisted-pair cable, wireless transmission).
Protocol
What is the addition of a header, and possibly a footer, to the data received by each layer from the layer above before it’s handed off to the layer below.
Encapsulation
What layer is responsible for interfacing user applications, network services, or the operating system with the protocol stack.
Application Layer
What layer is responsible for transforming data into a format that any system following the OSI model can understand.
Presentation
What layer is responsible for managing the integrity of a connection and controlling the session.
Transport
What protocol is a path vector ?
BGP
What protocols make next hop decisions based on the entire remaining path (i.e., vector) to the destination.
Path Vector Protocols
What is a 6-byte (48-bit) binary address written in hexadecimal notation?
MAC Address