Chapter 3: Understanding Devices and Infrastructure

Question 1

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

Answer 1

Access Control List (ACL)

Question 2

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point.

Answer 2

Access Point (AP)

Question 3

A response generated in real time.

Answer 3

Active Response

Question 4

A notification that an unusual condition exists and should be investigated.

Answer 4

Alarm

Question 5

A notification that an unusual condition could exist and should be investigated.

Answer 5

Alert

Question 6

An appliance that performs multiple functions.

Answer 6

All-in-one Appliance; also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW)

Question 7

The component or process that analyzes the data collected by the sensor.

Answer 7

Analyzer

Question 8

Variations from normal operations.

Answer 8

Anomalies

Question 9

An anomaly-detection intrusion detection system that works by looking for deviations from a pattern of normal network traffic.

Answer 9

Anomaly-Detection IDS (AD-IDS)

Question 10

A freestanding device that operates in a largely self-contained manner.

Answer 10

Appliance

Question 11

A device or software that recognizes application–specific commands and offers granular control over them.

Answer 11

Application-Level Proxy

Question 12

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.

Answer 12

Authentication Header (AH)

Question 13

A method of balancing loads and providing fault tolerance.

Answer 13

Clustering

Question 14

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we compensate for them.)

Answer 14

Compensating controls

Question 15

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

Answer 15

Data Loss Prevention (DLP)

Question 16

An IPSec header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header.

Answer 16

Encapsulating Security Payload (ESP)

Question 17

The process of enclosing data in a packet.

Answer 17

Encapsulating

Question 18

An event that should be flagged but isn’t.

Answer 18

False negative

Question 19

A flagged event that isn’t really an event and has been falsely triggered.

Answer 19

False positive

Question 20

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access though public networks, including the Internet.

Answer 20

Firewall

Question 21

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

Answer 21

Host-Based IDS (HIDS)

Question 22

A software or appliance stand-alone used to enhance security and commonly used with PKI systems.

Answer 22

Hardware Security Module (HSM)

Question 23

A condition that states that unless otherwise given, the permission will be denied.

Answer 23

Implicit Deny

Question 24

A set of protocols that enable encryption, authentication, and integrity over IP. It is commonly used with virtual private networks (VPNs) and operates at layer 3.

Answer 24

Internet Protocol Security (IPSec)

Question 25

Tools that identify attacks using defined rules or logic and are considered passive. This can be network or host based.

Answer 25

Intrusion Detection System (IDS)

Question 26

Tools that respond to attacks using defined rules or logic and are considered active. This can be network or host based.

Answer 26

Intrusion Prevention System (IPS)

Question 27

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction, and replacement.

Answer 27

Key Management

Question 28

Dividing a load for greater efficiency of management among multiple devices.

Answer 28

Load Balancing

Question 29

The set of standards defined by the network for clients attempting to access it. Usually, it requires that clients be virus free and adhere to specified policies before allowing them on the network,

Answer 29

Network Access Control (NAC)

Question 30

An intrusion prevention system that is network based.

Answer 30

Network-Based IPS (NIPS)

Question 31

An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.

Answer 31

Network-Based IDS (NIDS)

Question 32

A nonactive response, such as logging.

Answer 32

Passive Response

Question 33

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

Answer 33

Proxy

Question 34

A proxy server that also acts as a firewall, blocking network access from external networks.

Answer 34

Proxy Firewall

Question 35

A type of server that makes a single Internet connection and services requests on behalf of many users.

Answer 35

Proxy Server

Question 36

A protocol that secures messages by operating between the Application Layer (HTTP) and the Transport Layer.

Answer 36

Secure Sockets Layer (SSL)

Question 37

This software combines SIM and SEM functions to provide real-time analysis of security alerts.

Answer 37

Security Information and Event Management (SIEM)

Question 38

A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.

Answer 38

Signature-Based System

Question 39

An access point’s broadcasting of the network name.

Answer 39

SSID Broadcast

Question 40

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel.

Answer 40

Stateful Inspection

Question 41

A network device that can replace a router or hub in a local network and get data from a source to a destination. It allows for higher speeds.

Answer 41

Switch

Question 42

Creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed.

Answer 42

Circuit-level proxy

Question 43

Defined as any activity or action that attempts to undermine or compromise the confidentiality, integrity, or availability of resources.

Answer 43

Intrusion

Question 44

An element of a data source that is of interest to the operator.

Answer 44

Activity

Question 45

The person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS.

Answer 45

Administrator

Question 46

The raw information that the IDS or IPS uses to detect suspicious activity.

Answer 46

Data Source

Question 47

An occurrence–or continuous occurrence–in a data source that indicates that suspicious activity has occurred.

Answer 47

Event

Question 48

The component or process the operator uses to manage the IDS or IPS.

Answer 48

Manager

Question 49

The process or method by which the IDS/IPS manager makes the operator aware of an alert.

Answer 49

Notification

Question 50

The person primarily responsible for the IDS/IPS.

Answer 50

Operator

Question 51

The IDS component that collects data from the data source and passes it to the analyzer for analysis.

Answer 51

Sensor

Question 52

Which log file in Linux allows a user to view a list of users’ failed authentication attempts?

Answer 52

/var/log/faillog

Question 53

Which log file in Linux allows a user to view a list of all users and when they last logged in?

Answer 53

/var/log/lastlog

Question 54

Which log file in Linux can a user grep to fin login-related entries?

Answer 54

/var/log/messages

Question 55

Which log file in Linux allows a user to view a list of users who have authenticated to the system?

Answer 55

/var/log/wtmp