Chapter 3 - Understanding Devices and infrastructure

Question 1

Rene

What consists of TCP 3-way handshake

Answer 1

page 86

SYN > SYN/ACK > ACK

Question 2

Rene

What is APIs?

Answer 2

page 86
Application Programming Interfaces
Allows programmers to create interfaces to the protocol suite

Question 3

Rene

What ports does iSCSI use?

Answer 3

page 87
Internet Small Computer Systems Interface
Uses ports 860 and 3260 by default for allowing data storage and transfers across the existing network

Question 4

Rene

When designing a security topology, what are the 7 common element s to consider?

Answer 4

page 87

• DMZs
• Subnetting
• VLANs
• Remote Access
• NAT
• Telephony
• NACs

Question 5

Rene

What are the two reasons subnetting is implemented?

Answer 5

page 89

• To use IP address more effectively’
• To make the network more secure and manageable.

Question 6

Rene

What tunneling protocol supports encapsulation in a single point-to-point environment.

Answer 6

page 90
Point-to-Point Tunneling Protocol (PPTP)
Uses port 1723

Question 7

Rene

Which Tunneling protocol is a hybrid of PPTP and L2F?

Answer 7

page 91
Layer 2 Tunneling Protocol (L2TP)
It’s primarily a Point-to-Point protocol and supports multiple network protocols and can be used in networks besides TCP/IP.

Question 8

Rene

What is IPSec?

Answer 8

page 91
Is not a tunneling protocol, but it is used in conjunction with tunneling protocols. IPSec provides secure authentication and encryption of data and headers; this makes a good choice for security.

Question 9

Rene

What acts as proxy between the local area network, and creates a unique opportunity to assist in the security of a network.

Answer 9

page 93

Network Address Translation (NAT)

Question 10

Rene

What are the private address ranges?

Answer 10

page 93

10. 0.0.0. to 10.255.255.255
11. 16.0.0 to 172.31.255.255
12. 168.0.0 to 192.168.255.255

Question 11

Rene

What does Packet Filter Firewalls Do?

Answer 11

page 97
Passes or blocks traffic to specific addresses based on the type of application.
Don’t analyze the data of a packet: it decides whether to pass it based on the packet’s addressing information

Question 12

Rene

How many NICs does a proxy firewall typically use?

Answer 12

page 99

two, referred to as a dual-home firewall

Question 13

Rene

Anytime you have a system that is configured with more than one IP address, it can be said to be ____?

Answer 13

page 99

Multi-homed

Question 14

Rene

What type of proxy function reads the individual commands of the protocols that are being served

Answer 14

page 99

Application-Level

Question 15

Rene

What type of proxy function creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed?

Answer 15

page 99

Circuit-Level

Question 16

Rene

What splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available and shift a load from one device to another?

Answer 16

page 103

Load Balancer

Question 17

Rene

What are IDS and how can they be utilized?

Answer 17

page 105
A software that runs either on individual workstations or on network devices to monitor and track network activity.

Can be configured to act as a burglar alarm

Question 18

Rene

What are several key terms associated with IDS?

Answer 18

page 107
Activity Administrator
Alert Analyzer
Data Source Event
Manager Notification
Operator Sensor

Question 19

Rene

What are IDS four primary approaches?

Answer 19

page 109
Behavior-Based_Detection IDS
Signature-Based-Detection IDS
Anomaly-Based-Detection IDS
Heuristic IDS

Question 20

Rene

What attaches itself to the system to a point in the network where it can monitor and report on all traffic, can be in front of or behind the firewall.

Answer 20

page 111

Network-Based IDS (NIDS)

Question 21

Rene

What is the most common type of response to many intrusions and in general the easiest to develop and implement?

Answer 21

page 113

Passive Response

Question 22

Rene

What are three types of passive response strategies?

Answer 22

page 113
Logging
Notification
Shunning

Question 23

Rene

What are three types of active response strategies?

Answer 23

page113
Terminating Processes or Sessions
Network Configuration Changes
Deception

Question 24

Rene

What are HIDS?

Answer 24

page 116
Host-based IDS
Are designed to run as software on a host computer system

Question 25

Rene

What TWO major problems HIDS aren’t easily overcome?

Answer 25

page 117

• 1st problem involves a compromise of the system.
• 2nd problem is that it must be deployed on each system that needs it.