Chapter 2: Technologies and Tools

Question 1

1. Both the _______ and _________ use ACLs to block traffic by port, protocol, or IP address.

Answer 1

Router, firewall

Question 2

2. Where the router or firewall has no allow rule for a particular type of traffic, the traffic is blocked by a technique called ________ ____.

Answer 2

Implicit deny

Question 3

3. When setting up IPSec across the internet, it is used in _________ mode but when it is used in the LAN between client and server or server to server, it is known as ___________ mode.

Answer 3

Tunnel, transport

Question 4

4. I have installed a _________ ________ is my DMZ so that it will decrypt incoming traffic so that my firewall or inline NIPS can __________ the traffic.

Answer 4

Reverse proxy, inspect

Question 5

5. If I disable the SSID on my wireless access point, it can be discovered by a ___________ _________ _________ as the SSID is included in the packet or an SSID _______ device.

Answer 5

Wireless packet sniffer, decloak

Question 6

6. The role of the VPN concentrator is to set up the _________ ________ before the exchange of data.

Answer 6

Secure tunnel

Question 7

7. _____ ___________ is used to prevent someone plugging a laptop into my network; however, ________ is used to prevent a rogue access point being plugged into my network as it authenticates the user or device itself.

Answer 7

Port security, 802.1x

Question 8

8. A __________ is a device that is used by cybersecurity administrators so that they can observe the attack method used by hackers. This will then enable them to prevent these types of attacks in the future.

Answer 8

Honeypot

Question 9

9. A security administrator has noticed in the SIEM system log files that an attack was detected on Server 1 but when they manually inspected the server, the attack was not shown; this is known as a ______ ___________.

Answer 9

False positive

Question 10

10. One of the reasons why a SIEM system records a false positive is because the wrong ______ _________ were being used, therefore it was monitoring the wrong type of attack.

Answer 10

Input filters

Question 11

An ________ NIPS has traffic flowing through it; however, the NIDS is known as ________ and relies on sensors and collectors to discover new attacks.

Answer 11

Inline, passive

Question 12

_________ __________ inspects traffic going to a website, whereas a _______ ________ inspects traffic across the network.

Answer 12

Banner Grabbing, packet sniffer

Question 13

Banner grabbing uses tools such as Dimitri, _____, ________, and ________.

Answer 13

Nmap, telnet, and netcat

Question 14

__________ shows established connections in a Windows environment, whereas _________ shows established connections in a Linux/Unix environment.

Answer 14

Netstat, netcat (nc)

Question 15

A _____ system correlates security logs from various devices such as servers and firewalls. The security administrator has decided to store the logs into a _______ drive so that they can be read but not tampered with as they may be needed as evidence at a later date.

Answer 15

SIEM, WORM

Question 16

A company could use a ____-__-____ VPN instead of an expensive lease line or even more expensive dark fiber, but it must be set to _______ - ___ mode.

Answer 16

Site-to-site, always-on

Question 17

A _____ ________ could be used as a spam filter and a ____ solution to prevent PII and sensitive information from leaving the company.

Answer 17

Mail gateway, DLP

Question 18

Both ____ and a ______ can detect when new hosts have been added to your internal network.

Answer 18

Nmap, NIDS

Question 19

A __________-______ NIDS/NIPS uses a known database and is reliant on regular updates where _______- _____ NIDS/NIPS start with a known database but can identify new variants.

Answer 19

Signature-based, anomaly-based

Question 20

A security administrator changes the default _________ and _________, disables the SSID, and enables ______ filtering to make a wireless access point more secure.

Answer 20

Username, password, MAC