Chapter 4

Question 1

IDS

Answer 1

Intrusion detection systems monitor a network and send alerts when they detect suspicious events on a system or network.

Question 2

IPS

Answer 2

Intrusion prevention systems react to attacks in progress and prevent them from reaching systems and networks.

Question 3

HIDS

Answer 3

Host-based intrusion detection system

Software installed on a system to detect attacks

It protects local resources on the host

A host-based intrusion prevention system (HIPS) is an extension of HIDS

It is software installed on a system to detect and block attacks

Question 4

NIDS

Answer 4

Network based intrusion detection system

A device that detects attacks and raises alerts

A NIDS is installed on network device, such as routers or firewalls, and monitors network traffic

Question 5

Port Mirror

Answer 5

A monitoring port on a switch

All traffic going through the switch is also sent to the port mirror

Question 6

Taps

Answer 6

Monitoring ports on a network device

IDSs use taps to capture traffic

Question 7

Signature-based

Answer 7

A type of monitoring used on intrusion detection and intrusion prevention systems

It detects attacks based on known attack patterns documented as attack signatures

Question 8

Heuristic/behavioral-based

Answer 8

A type of monitoring on intrusion detection and intrusion prevention systems

It detects attacks by comparing traffic against a baseline

It is also known as anomaly detection

Question 9

NOC

Answer 9

Filler

Question 10

False Negative

Answer 10

A security icident that isn’t detected or reported

As An example, A NIDS false negative occurs if an attack is active on the network but the NIDS does not raise an alert

Question 11

NIPS

Answer 11

Network-based intrusion prevention system

A device that detects and stops attacks in progress

A NIPS is placed inline (In-Band) with traffic so that it can actively monitor data streams

Question 12

Inline

Answer 12

A configuration that forces traffic to pass through a device

A NIPS is place inline, allowing it to prevent malicious traffic from entering a network

Sometimes called in-band, as opposed to out-of-band

Question 13

Out-of-Band

Answer 13

A configuration that allows a device to collect traffic without the traffic passing through it

sometimes called passive, opposed to inline

Question 14

ACLs

Answer 14

Access control lists are lists of rules used by routers and stateless firewalls

These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols

Question 15

SCADA

Answer 15

Supervisory control and data acquisition

A system used to control an ICS such as a power plant or water treatment facility

Ideally, a SCADA is within an isolated network

Question 16

RATs

Answer 16

Remote access Trojans are malware that allows an attacker to tak control of a system from a remote location

Question 17

DMZ

Answer 17

Demilitarized zone is a buffer zone between the internet and an internal network

Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer of protection for the internal network

Question 18

SSL/TLS Accelerators

Answer 18

Devices used to handle TLS traffic

Servers can off-load TLS traffic to improve performance

Question 19

SSL Deccryptors

Answer 19

Devices used to create separate SSL (or TLS) sessions

They allow other security devices to examine encrypted traffic sent to and from the Internet

Question 20

SDN

Answer 20

A Software Defined Network is a method of using software and virtualization technologies to replace hardware routers

SDNs separate the data and control planes

Question 21

Honeypot

Answer 21

A server designed to attract an attacker

It typically has weakened security encouraging attackers to investigate it

Question 22

Honeynet

Answer 22

A group of honeypots in a network

Honeynets are often configured in virtual networks

Question 23

IEEE 802.1x

Answer 23

An authentication protocol used in VPNs and wired and wireless networks

VPNs often implement it as a RADIUS server

Wired networks use it for port-based authentication

Wireless networks use it in Enterprise modee

Question 24

IEEE 802.1x

Answer 24

An authentication protocol used in VPNs and wired and wireless networks

VPNs often implement it as a RADIUS server

Wired networks use it for port-based authentication

Wireless networks use it in Enterprise mode

Question 25

WLAN

Answer 25

Filler

Question 26

AP

Answer 26

An Access Point is a device that connects wireless clients to wireless networks

Sometimes called Wireless Access Point (WAP)

Question 27

SSID

Answer 27

Service Set Identifier is the name of a wireless network

SSIDs can be set to broadcast so users can easily see it

Disabling SSID broadcast hides it from casual users

Question 28

MAC Filtering

Answer 28

A form of network access control to allow or block access based on the MAC address

It is configured on switches for port security or on APs for wireless security

Question 29

Antenna Types

Answer 29

Filler

Question 30

Network Architecture Zones

Answer 30

Filler

Question 31

WPA

Answer 31

Wi-Fi Protected Access is a legacy wireless security protocol

it has been superseded by WPA2

Question 32

WPA2

Answer 32

Wi-Fi Protected Access II is a wireless security protocol

It supports CCMP for encryption, which is based on AES

It can use Open mode, a pre-shared key, or Enterprise mode

Question 33

TKIP

Answer 33

Temporal Key Integrity Protocol is a legacy wireless security protocol

CCMP is the recommended replacement

Question 34

AES

Answer 34

Advanced Encryption Standard is a strong symmetric block cipher that encrypts data in 128-bit blocks

AES can use key sizes of 128 bits, 192 bits, or 256 bits

Question 35

PSK

Answer 35

Pre-shared key is a wireless mode that uses a pre-shared key (similar to a password or passphrase) for security

Compare with Enterprise and Open modes

Question 36

Enterprise

Answer 36

A wireless mode that uses an 802.1x server for security

It forces users to authenticate with a username and password

Compare with Open and PSK modes

Question 37

Authentication Protocols

Answer 37

Filler

Question 38

Disassociation Attck

Answer 38

An attack that removes wireless clients from a wireless network

Question 39

WPS

Answer 39

Wi-Fi Protected Setup is a method that allows users to easily configure a wireless network, often by using only a PIN

WPS brute force attacks can discover the PIN

Question 40

WPS Attack

Answer 40

An attack against an AP

A WPS attack discovers the eight-digit WPS PIN and uses it to discover the AP passphrase

Question 41

Rouge AP

Answer 41

An unauthorized AP

It can be placed by an attacker or an employee who hasn’t obtained permission to do so

Question 42

Evil Twin

Answer 42

A type of rouge AP

An evil twin has the same SSID as a legitimate AP

Question 43

Jamming

Answer 43

A DoS attack against wireless networks

It transmits noise on the same frequency used by a wireless network

Question 44

IV Attack

Answer 44

An Initialization Vector attack is a wireless attack that attempts to discover the IV

Legacy wireless security protocols are susceptible to IV attacks

Question 45

NFC Attack

Answer 45

An attack against mobile devices that use near field communication (NFC)

NFC is a group of standards that allow mobile devices to communicate with nearby mobile devices

Question 46

Bluejacking

Answer 46

An attack against Bluetooth device

It is the practices of sending unsolicited messages to nearby Bluetooth devices

Question 47

Bluesnarfing

Answer 47

An attack against Bluetooth devices

Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device

Question 48

Replay Attack

Answer 48

An attack where the data is captured and replayed

Attackers typically modify data before replaying it

Question 49

RFID

Answer 49

Filler

Question 50

RFID Attack

Answer 50

Attacks against radio-frequency identification (RFID) systems

Some common RFID attacks are eavesdropping, replay, and DoS

Question 51

VPN

Answer 51

Virtual Private Networks are a method that provides access to a private network over a public network such as the internet

VPN concentrators are dedicated devices used to provide VPN access to large groups of users

Question 52

NICs

Answer 52

Filler

Question 53

Remote Access VPN

Answer 53

Filler

Question 54

IPsec

Answer 54

Internet Protocol Security is a suite of protocols used to encrypt data-in-transit that can operate in both tunnel mode and transport mode

It uses Tunnel mode for VPN traffic and Transport mode in private networks

Question 55

Authentication (AH)

Answer 55

Authentication Header is an option within IPsec to provide authentication and integrity

Question 56

Encryption (ESP)

Answer 56

Encapsulating Security Payload is an option within IPsec to provide confidentiality, integrity, and authentication

Question 57

TLS

Answer 57

Transport Layer Security is the replacement for SSL

TLS is used to encrypt data-in-transit

Like SSL, it uses certificates issued by CAs

Question 58

SSTP

Answer 58

Filler

Question 59

TLS Tunneling

Answer 59

Filler

Question 60

Split Tunnel

Answer 60

An encrypted connection used with VPNs

A split tunnel only encrypts traffic going to private UP addresses used in the private network

Question 61

Full Tunnel

Answer 61

An encrypted connection used with VPNs

When a user is connected to a VPN, all traffic from the user is encrypted

Question 62

UTM

Answer 62

Unified threat management is a group of security controls combined in a single solution

UTM appliances can inspect data streams for malicious content and block it

Question 63

NAC

Answer 63

Network access control is a system that inspects clients to ensure they are healthy

Agents inspect clients and agents can be permanent or dissolvable (also known as agentless)

Question 64

Site-to-Site VPNs

Answer 64

Filler

Question 65

Always-On VPN

Answer 65

Filler

Question 66

Identity and Access Services

Answer 66

Filler