Chapter 2: Monitoring and Diagnosing Networks

Question 1

A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in the DMZ.

Answer 1

Demilitarized Zone

Question 2

A network that functions in the same manner as a honeypot.

Answer 2

Honeynet

Question 3

A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.

Answer 3

Honeypot

Question 4

A broad term that applies to a wide range of systems used to manage information security.

Answer 4

Information Security Management System (ISMS)

Question 5

A system that monitors the network for possible intrusions and logs that activity.

Answer 5

Intrusion Detection System (IDS)

Question 6

A system that monitors the network for possible intrusions and logs that activity and then blocks the traffic that is suspected of being an attack.

Answer 6

Intrusion Prevention System (IPS)

Question 7

Any information that could identify a particular individual.

Answer 7

Personally Identifiable Information (PII)

Question 8

The entire network, including all security devices, is virtualized.

Answer 8

Software-Defined Network (SDN)

Question 9

A firewall that not only examines each packet but also remembers the recent previous packets.

Answer 9

Stateful Packet Inspection (SPI)

Question 10

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.

Answer 10

ISO/IEC 27001:2013

Question 11

Recommends best practices for initiating, implementing, and maintaining information security management systems.

Answer 11

ISO 27002

Question 12

This an agreement on shared or divided security responsibilities between the customer and cloud provider.

Answer 12

CLD.6.3.1

Question 13

This control addresses how assets are returned or removed from the cloud when the contract is terminated.

Answer 13

CLD.8.1.5

Question 14

This control states that the cloud provider must separate the customers’ virtual environment from other customers or outside parties.

Answer 14

CLD.9.5.1

Question 15

This control states that the customer and the cloud provider both must ensure the virtual machines are hardened.

Answer 15

CLD.9.5.2

Question 16

It is solely the customer’s responsibility to define and manage administrative operations.

Answer 16

CLD.12.1.5

Question 17

The cloud provider’s capabilities must enable the customer to monitor their own cloud environment.

Answer 17

CLD.12.4.5

Question 18

The virtual network environment must be configured so that it at least meets the security policies of the physical environment.

Answer 18

CLD.13.1.4

Question 19

Defines privacy requirements in a cloud environment-particularly how the customer and cloud provider must protect personally identifiable information (PII).

Answer 19

ISO 27018

Question 20

Publishes standards for electrical power companies.

Answer 20

North American Electric Reliability Corporation (NERC)

Question 21

The source for many of the national standards in the United States.

Answer 21

National Institute of Standards and Technology (NIST)

Question 22

What are the 6 phases of the IT security life cycle?

Answer 22

Phase 1: Initiation
Phase 2: Assessment
Phase 3: Solution
Phase 4: Implementation
Phase 5: Operations
Phase 6: Closeout

Question 23

A series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACSs).

Answer 23

ISA/IEC-62443

Question 24

The standard used by Visa, Mastercard, American Express, and Discover.

Answer 24

Payment Card Industry Data Security Standard (PCI-DSS)

Question 25

What includes a wide variety of resources used in web application security?

Answer 25

Open Web Application Security Project (OWASP)

Question 26

Which security zone has the most sensitive systems, with mission-critical data?

Answer 26

Secure Zone

Question 27

Which security zone contains standard workstations and servers, with typical business data and functionality?

Answer 27

General Work Zone

Question 28

Which security zone contains computers, network segments, and systems that have no highly sensitive information, and the breach of these systems would have minimal impact?

Answer 28

Low Security Zone

Question 29

Not relying on a single control to address any security threat.

Answer 29

Control Diversity

Question 30

A hardware device used to create remote access VPNs.

Answer 30

VPN concentrator

Question 31

A software application that programmatically understands relationships.

Answer 31

Correlation engine

Question 32

A method of monitoring network traffic where the switch sends a copy of all network packets see on one port (or an entire VLAN) to another port, where the packet can be analyzed.

Answer 32

Port mirroring

Question 33

Freestanding devices that operate in a largely self-contained manner, requiring less maintenance ad support than a server-based product.

Answer 33

Appliance

Question 34

A firewall that has two Network Interface Cards (NICs)

Answer 34

Dual-homed firewall

Question 35

The encryption key used in SEDs.

Answer 35

Media Encryption Key (MEK)

Question 36

The key used to decrypt the MEK.

Answer 36

Key Encryption Key (KEK)

Question 37

Dedicated processors that use cryptographic keys to perform a variety of tasks.

Answer 37

Trusted Platform Modules (TPMs)

Question 38

Devices that handle digital keys and can be used to facilitate encryption as well as authentication via digital signatures.

Answer 38

Hardware Security Modules (HSMs)

Question 39

A process whereby the BIOS or UEFI makes a cryptographic hash of the operating system boot loader and any boot devices and compares that against a stored hash.

Answer 39

Secure boot

Question 40

A security process that has to begin with some unchangeable hardware identity often stored in a TPM.

Answer 40

Root of Trust (RoT)