Chapter 19: Protecting Your Network

Question 1

The three goals of security, the CIA triad, are:

Answer 1

1. Confidentiality
2. Integrity
3. Availability

Question 2

____ is the goal of keeping unauthorized people from accessing, seeing, reading, or interacting with systems and data.

Answer 2

Confidentiality

Question 3

____ requires maintaining data and systems in a pristine, unaltered state when they are stored, transmitted, processed, and received, unless the alteration is intended due to normal processing.

Answer 3

Integrity

Question 4

____ means ensuring that systems and data are available for authorized users to perform authorized tasks, whenever they need them.

Answer 4

Availability

Question 5

____ is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.

Answer 5

Zero trust

Question 6

____ acknowledges that you can’t build a completely secure perimeter, so you should design your security posture with the assumption that every single defense can be beaten.

Answer 6

Defense in depth

Question 7

____ is about identifying how people could abuse or misuse a system, determining what access they’d need to do so, and then splitting up that access so that no individual has the ability to do it alone.

Answer 7

Separation of duties

Question 8

In ____, an attacker alters a DNS server’s cache to point clients to an evil Web server instead of the correct one.

Answer 8

DNS poisoning

Question 9

To prevent DNS cache poisoning, the typical use case scenario is to add ____ for domain name resolutions.

Answer 9

DNSSEC or DNS Security Extensions

Question 10

____ is a switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically, it’s used to block attacks that use a rogue DHCP server.

Answer 10

DHCP snooping

Question 11

In IPv6 networks, ____ enables the switch to block router advertisements and router redirect messages that are not sent from trusted ports or don’t match a policy.

Answer 11

RA-Guard or Router Advertisement Guard

Question 12

____ attacks target ARP caches on hosts and MAC address tables on switches.

Answer 12

ARP cache poisoning

Question 13

What tool uses the DHCP snooping binding database to prevent ARP cache poisoning?

Answer 13

DAI or Dynamic ARP Inspection (Cisco)

Question 14

Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ____, a key network hardening technique.

Answer 14

switch port protection

Question 15

A ____ attack is a targeted attack on a server (or servers) that provides some form of service on the Internet with the goal of making that service unable to process any incoming requests.

Answer 15

DoS or Denial of Service

Question 16

Used in DDoS attacks, ____ is where the attacker sends requests to normal servers with the target’s IP address spoofed as the source. The normal servers respond to the spoofed IP address (the target system), overwhelming it with reflected traffic without identifying the true initiator.

Answer 16

reflection

Question 17

A/An ____ DoS attack sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.

Answer 17

amplified

Question 18

A/An ____ is a form of DoS attack that targets 802.11 WiFi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.

Answer 18

deauthentication (deauth) attack

Question 19

A/An ____ attack is where an attacker takes advantage of DHCP scope exhaustion by spoofing packets to the DHCP server, tricking it into giving away all of its leases and therefore running out of open addresses. It is a technique used to encourage clients to switch to a rogue DHCP server that the attacker controls.

Answer 19

DHCP starvation

Question 20

In an ____, an attacker taps into the communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.

Answer 20

on-path attack (aka. man-in-the-middle)

Question 21

____ tries to intercept a valid computer session to get authentication information.

Answer 21

Session hijacking

Question 22

____ is an attack where a threat agent guesses every permutation of some part of data.

Answer 22

Brute force

Question 23

A/An ____ uses a list of known words and partial words as the starting point for cracking passwords.

Answer 23

dictionary attack

Question 24

____ is a Layer 2 attack that enables an attacker to access hosts on a VLAN the attacker is not a part of. The mechanism behind the attack is to take a system that’s connected to one VLAN and, by abusing VLAN commands to the switch, convince the switch to change your switch port connection to a trunk line.

Answer 24

VLAN hopping

Question 25

The term ____ describes any program or code (macro, script, and so on) that’s designed to do something on a system or network that you don’t want to have happen.

Answer 25

malware

Question 26

____ uses some form of encryption to lock a user out of a system, usually by encrypting the boot drive.

Answer 26

Crypto-malware

Question 27

____ is any form of malware the makes you pay to get the malware to go away.

Answer 27

Ransomware

Question 28

A ____ is a malware program that replicates and activates. It only replicates to other applications on a drive or to other drives and does not replicate across networks. It is not a stand-alone program, but rather something attached to a host file. They carry some payload that may or may not do something malicious when activated.

Answer 28

virus

Question 29

A/An ____ replicates exclusively through networks by sending copies of itself to any other computers it can locate on the network. They can exploit inherent vulnerabilities in program code, attacking programs, operating systems, protocols, and more.

Answer 29

worm

Question 30

A/An ____ is code written to execute when certain conditions are met, usually with malicious intent.

Answer 30

logic bomb

Question 31

A/An ____ is a piece of malware that looks or pretends to do one thing while, at the same time, doing something evil. They do not replicate.

Answer 31

Trojan horse

Question 32

A/An ____ is a type of malware that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools.

Answer 32

rootkit

Question 33

____ is a program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements.

Answer 33

Adware

Question 34

____ is a function of any program that sends information about your system or your actions over the Internet. The type of information sent depends on the program.

Answer 34

Spyware

Question 35

____ is the process of using or manipulating people inside the networking environment to gain access to that network from the outside.

Answer 35

Social engineering

Question 36

____ is a social engineering technique where the attacker poses as a trusted source and tries to inspire the victim to act based on a false premise (usually communicated via e-mail, phone, or SMS). A successful attack typically obtains confidential information or introduces malware into the network.

Answer 36

Phishing

Question 37

To lock a Windows computer, press the ____ combination.

Answer 37

WINDOWS KEY-L

Question 38

An unauthorized person attempting to follow an authorized person into a secure area without the authorized person’s consent or even realization is called ____.

Answer 38

tailgating

Question 39

An authorized person helping an unauthorized person follow them into a secure area is called ____.

Answer 39

piggybacking

Question 40

A/An ____, is an entryway with two successive locked doors and a small space between them providing one-way entry or exit.

Answer 40

access control vestibule (aka. mantrap)

Question 41

A/An ____ is a sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.

Answer 41

proximity reader

Question 42

A device (such as a credit card) that you insert into your PC or use on a door pad for authentication is called a/an ____.

Answer 42

smart card

Question 43

A/An ____ is a door unlocking system that uses a door handle, a latch, and a sequence of mechanical push buttons.

Answer 43

cipher lock

Question 44

In all network operating systems, the permissions of the groups are combined, and the result is what is called the ____ the user has to access a given resource.

Answer 44

effective permissions

Question 45

____ is a standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.

Answer 45

NAC or Network Access Control

Question 46

In terms of posture assessment, a/an ____ refers to software that runs within a client and reports the client’s security characteristics to an access control server to be approved or denied entry to a system.

Answer 46

agent

Question 47

Attackers can use ____, excessive or malformed packets, to conduct DoS attacks on networks and hosts, targeting vulnerable switches through their switch ports.

Answer 47

traffic floods

Question 48

Better switches today employ ____ to detect and block excessive traffic. This enhances switch port protection.

Answer 48

flood guards

Question 49

A/An ____ is the code pattern of a known virus.

Answer 49

signature

Question 50

____ are a network security device or software that restricts incoming and outgoing network traffic based on pre-defined rules.

Answer 50

Firewalls

Question 51

A/An ____ is a network segment carved out by firewalls to provide a special place (a zone) on the network for any servers that need to be publicly accessible from the Internet.

Answer 51

screened subnet (aka. a DMZ or demilitarized zone)

Question 52

A/An ____ is a resource that an administrator sets up for the express purpose of attracting a computer hacker, often using fake data and deliberate vulnerabilities as bait. If a hacker takes the bait, the network’s important resources are unharmed and the network personnel can analyze the attack to predict and protect against future attacks, making the network more secure.

Answer 52

honeypot

Question 53

A/An ____ is a network containing one or more honeypots created to lure in hackers.

Answer 53

honeynet

Question 54

A computer compromised with malware to support a botnet is called a ____.

Answer 54

zombie

Question 55

Which Windows utility displays open ports on a host?

Answer 55

netstat

Question 56

The NSA’s TEMPEST security standards are used to combat which risk?

Answer 56

RF emanation using enclosures, shielding, and even paint.

Question 57

A DoS attacker using ____ would focus on sending the smallest amount of traffic possible.

Answer 57

amplification