Chapter 2 - Malware

Question 1

What is UAC

Answer 1

User Access Control is a feature that helps prevent unauthorized changes to your computer.

Question 2

Multi Layer Based Firewall

Answer 2

Filters based on IP addresses and applications

Question 3

Stateless Firewall Filtering

Answer 3

Looks at each packet and matches specific criteria you define to block AKA Access Control List (ACL)

Question 4

Stateful Firewall Filtering

Answer 4

Looks at streams of packets to identify signatures or patterns. Can also monitor the network connection.

Question 5

Content Filtering

Answer 5

Looks at the content of packets to identify whether or not traffic should be allowed through I.e keywords

Question 6

What is a Smart Screen Filter?

Answer 6

Examines traffic for evidence of hosing activity and displays a warning to the user if it finds any.

Question 7

What is Pharming?

Answer 7

an attack aimed at redirecting a websites traffic to a bogus website.

Question 8

What is SSL

Answer 8

Secure Socket Layer is used to encrypt dats sent over the one internet. Starts with httpS

Question 9

What is Dynamic DNS

Answer 9

Lets client computers dynamically update their resource records in DNS.

Question 10

What is secure DNS

Answer 10

Secure DNS makes it so only members of an Active Directory domain can create records on the DNS server.

Question 11

A record

Answer 11

IPv4 name to IP address DNS record

Question 12

AAAA record

Answer 12

IPv6 name to IP address DNS record

Question 13

PTR (Pointer) record

Answer 13

Reverse IPv4 or IPv6 IP to name DNS record

Question 14

CNAME (Canonical Name) record

Answer 14

Alias name to a domain name

Question 15

PPTP

Answer 15

Point to Point Tunneling Protocol

Simple you configure
Lease secure if options of Clients
Acceptable for many types of VPNs

Question 16

L2TP/IPSec

Answer 16

Layer 2 Tunneling Protocol

IPSec used in conjunction with L2TP to provide encryption
Most popular VPN protocol today (Cisco certified)
Very secure when configured properly. May be difficult to configure

Question 17

What is NAT

Answer 17

Network Address Translation

Used to hide the internal IP addresses that are being used.

Question 18

What is NAP

Answer 18

Network Access Protection

Special set of protocols that allow for monitoring of computers on the network and permission granting based on behavioral (health) metrics.

Used to enforce health requirements and policy compliance.

Only ensures computer health but cannot always prevent attacks.

Question 19

NAP Implementstikn Methods

Answer 19

IPSec Enforcement: only computers allowed into the network are the ones with correct configuration

802.1x enforcement: using RADIUS servers

VPN enforcement: VPN services must be set up on client in order to communicate

DHCP enforcement: uses a configuration that can be overwritten by users that have admin access. Last resort.

Question 20

What are Network Protocols?

Answer 20

Used to communicate using standard methods in the network.

Some are transport oriented I.e TCP and UDP and others are security oriented I.e IPSec and SSL

Question 21

DNS

Answer 21

Resolves domain names to an IPS address.

Question 22

SMTP

Answer 22

Simples Mail Transfer Protocol

Otherwise nail can be taken over to spam

Question 23

SMB

Answer 23

Server Message Block Protocol

Communications with network file serves running Windows. Should be secured using secure file permissions

Question 24

Why do admins scan the network?

Answer 24

Ensure only permitted devices are present

Ensure decides are only running on permitted services

Question 25

Port Scanning

Answer 25

Once IP addresses are obtained try to connect to those computers on commonly opened ports like 80 for HTTP or 20 for FTP

Question 26

What are sniffers

Answer 26

Application that capture network traffic pulling traffic off of the network for analysis

AKA protocol analyzers

Question 27

MAC Filtering

Answer 27

Wifi Security option. Weak security. MAC spoofing is possible and easy to do

Question 28

SSID hiding

Answer 28

Weak solution. Wireless can be analyzed & then located with a wireless protocol analyzer

Question 29

WEP

Answer 29

Wired Equivalent Privacy

Weakest encryption. Intended to prevent casual eavesdropping only. Can be hacked easily in about 5-6 minutes on a busy network

Question 30

WPA/WPA2

Answer 30

Strongest to use in a corporate environment. WPA isn’t as strong as WPA2 and was I ole fed as a temporary fix to WEP. WPA is the standard.

Personal: uses a preheated key for authentication
Enterprise: uses a RADIUS server for authentication

Question 31

IEEE 802.1

Answer 31

Defines port based authentication. Each connection to the network must be authenticated before network communication can occur.

Supplicant: user of client device
Authenticator: point of access to the network
Authentication Server: access user account databases & validates authentication method (RADIUS server)