Chapter 3: Understanding Devices and Infrastructure Flashcards

1
Q

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

A

Access Control List (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The point at which access to a network is accomplished. This term is often used in relation to a wireless access point.

A

Access Point (AP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A response generated in real time.

A

Active Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A notification that an unusual condition exists and should be investigated.

A

Alarm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A notification that an unusual condition could exist and should be investigated.

A

Alert

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An appliance that performs multiple functions.

A

All-in-one Appliance; also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The component or process that analyzes the data collected by the sensor.

A

Analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Variations from normal operations.

A

Anomalies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An anomaly-detection intrusion detection system that works by looking for deviations from a pattern of normal network traffic.

A

Anomaly-Detection IDS (AD-IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A freestanding device that operates in a largely self-contained manner.

A

Appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A device or software that recognizes application–specific commands and offers granular control over them.

A

Application-Level Proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.

A

Authentication Header (AH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A method of balancing loads and providing fault tolerance.

A

Clustering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we compensate for them.)

A

Compensating controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

A

Data Loss Prevention (DLP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An IPSec header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header.

A

Encapsulating Security Payload (ESP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The process of enclosing data in a packet.

A

Encapsulating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An event that should be flagged but isn’t.

A

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A flagged event that isn’t really an event and has been falsely triggered.

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access though public networks, including the Internet.

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

A

Host-Based IDS (HIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A software or appliance stand-alone used to enhance security and commonly used with PKI systems.

A

Hardware Security Module (HSM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A condition that states that unless otherwise given, the permission will be denied.

A

Implicit Deny

24
Q

A set of protocols that enable encryption, authentication, and integrity over IP. It is commonly used with virtual private networks (VPNs) and operates at layer 3.

A

Internet Protocol Security (IPSec)

25
Q

Tools that identify attacks using defined rules or logic and are considered passive. This can be network or host based.

A

Intrusion Detection System (IDS)

26
Q

Tools that respond to attacks using defined rules or logic and are considered active. This can be network or host based.

A

Intrusion Prevention System (IPS)

27
Q

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction, and replacement.

A

Key Management

28
Q

Dividing a load for greater efficiency of management among multiple devices.

A

Load Balancing

29
Q

The set of standards defined by the network for clients attempting to access it. Usually, it requires that clients be virus free and adhere to specified policies before allowing them on the network,

A

Network Access Control (NAC)

30
Q

An intrusion prevention system that is network based.

A

Network-Based IPS (NIPS)

31
Q

An approach to an intrusion detection system (IDS); it attaches the system to a point in the network where it can monitor and report on all network traffic.

A

Network-Based IDS (NIDS)

32
Q

A nonactive response, such as logging.

A

Passive Response

33
Q

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

A

Proxy

34
Q

A proxy server that also acts as a firewall, blocking network access from external networks.

A

Proxy Firewall

35
Q

A type of server that makes a single Internet connection and services requests on behalf of many users.

A

Proxy Server

36
Q

A protocol that secures messages by operating between the Application Layer (HTTP) and the Transport Layer.

A

Secure Sockets Layer (SSL)

37
Q

This software combines SIM and SEM functions to provide real-time analysis of security alerts.

A

Security Information and Event Management (SIEM)

38
Q

A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.

A

Signature-Based System

39
Q

An access point’s broadcasting of the network name.

A

SSID Broadcast

40
Q

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communication channel.

A

Stateful Inspection

41
Q

A network device that can replace a router or hub in a local network and get data from a source to a destination. It allows for higher speeds.

A

Switch

42
Q

Creates a circuit between the client and the server and doesn’t deal with the contents of the packets that are being processed.

A

Circuit-level proxy

43
Q

Defined as any activity or action that attempts to undermine or compromise the confidentiality, integrity, or availability of resources.

A

Intrusion

44
Q

An element of a data source that is of interest to the operator.

A

Activity

45
Q

The person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS.

A

Administrator

46
Q

The raw information that the IDS or IPS uses to detect suspicious activity.

A

Data Source

47
Q

An occurrence–or continuous occurrence–in a data source that indicates that suspicious activity has occurred.

A

Event

48
Q

The component or process the operator uses to manage the IDS or IPS.

A

Manager

49
Q

The process or method by which the IDS/IPS manager makes the operator aware of an alert.

A

Notification

50
Q

The person primarily responsible for the IDS/IPS.

A

Operator

51
Q

The IDS component that collects data from the data source and passes it to the analyzer for analysis.

A

Sensor

52
Q

Which log file in Linux allows a user to view a list of users’ failed authentication attempts?

A

/var/log/faillog

53
Q

Which log file in Linux allows a user to view a list of all users and when they last logged in?

A

/var/log/lastlog

54
Q

Which log file in Linux can a user grep to fin login-related entries?

A

/var/log/messages

55
Q

Which log file in Linux allows a user to view a list of users who have authenticated to the system?

A

/var/log/wtmp