Chapter 4 Sec +

Question 1

HIDS

Answer 1

Host-based Intrusion Detection System
Is installed on a workstation or a server
Monitor host,detected potential attacks
All traffic from HIDS passed through nic

Question 2

NIDS

Answer 2

Network-based Intrusion Detection System
Monitors activity on a network
Uses sensors and collectors that are typically attached to routers and switches.
Uses a central process monitoring appliance
Cannot detect anomalies on workstations and is unable to decrypt encrypted traffic
Refered to passive since it doesn’t go directly through the IDS

Uses signature and trend base detection

Question 3

NoC

Answer 3

Network Operations Center

Question 4

IPS

Answer 4

Intrusion Prevention Systems
Can Detect, React and Prevent Attacks.
Refered to as active since all traffic passes through the IPS

Question 5

HIPS

Answer 5

Host-based Intrusion Prevention System

Question 6

NIPS

Answer 6

Network-based Intrusion Prevention Systems

Question 7

APT

Answer 7

Advanced Persistent Threat

Question 8

RAT

Answer 8

Remote Access Trojan are installed on internal networks through phishing or malware attacks and attacks can attack from within the internal network

Question 9

WLAN

Answer 9

Wireless Local Area Network

Question 10

AP

Answer 10

Wireless Access point
All wireless routers are AP
Not all aps are wireless routers
Can also provide extra service
NAT/PAT/DHCP

Question 11

SSID

Answer 11

Service Set Identifier
Wireless networks are identified by a SSID, which is simply the wireless networking name
Can be changed by admins

Question 12

WAN

Answer 12

Wide Area Network
2 or More LANs connected together

Question 13

WEP

Answer 13

Wireless Equivalent Privacy
Weak protocol that’s legacy

Question 14

WPA 1/2/3

Answer 14

Wifi Protected Access is crypto graphic protocol
Uses strong protocols such as AES and CCMP

Has 2 modes PSK and Enterprise Mode

WPA 3 uses Enhanced mode and SAE modes

Question 15

EAP

Answer 15

Extensible Authentication Protocol
Provides a method for 2 systems to create a secure encryption key,also known as a PMK.Then uses a PTK to encrypt all data transmitted between devices

It provides an authentication framework that provides general guidance for authentication methods

Question 16

PMK

Answer 16

Pair-wise Master Key
Used with Extensible Authentication Protocol

Question 17

PTK

Answer 17

Pair-wise Transient Key
Used to encrypt all data transmitted between wireless devices using Extensible Authentication Protocol

Question 18

PEAP

Answer 18

Protected Equivalent Authentication Protocol
Provides an extra layer of protection for EAP
Protects communication channel by encapsulating and encrypting the EAP conversation in a TLS tunnel
Requires a cert on the server but not client
Is implementated with Ms-CHAPv2

Question 19

MS-CHAPv2

Answer 19

Microsoft Challenge Handshake Authentication Protocol Version 2 used with PEAP

Question 20

AES

Answer 20

Advanced Encryption Standard
Used with WPA2

Question 21

CCMP

Answer 21

Counter-mode Cipher Block Chaining Message Protocol
Used with WPA2

Question 22

EAP-Fast

Answer 22

Extensible Authentication Protocol Flexible authentication via Tunneling as a secure replacement for (LEAP) lightweight EAP
EAP-Fast supports PAC instead of credentials

Question 23

PAC

Answer 23

Protected Access Credentials
Used with EAP-Fast

Question 24

EAP-TLS

Answer 24

Equivalent Authentication Protocol Transport Layer Security
Is one of the most secure EAP standards because it requires certs on the client side and the 802.11x server.

Question 25

EAP-TTLS

Answer 25

Extensible Authentication Protocol Tunneled TLS Is an extension of EAP-TLS allowing Systems to use older Authentication models within TLS tunnel Requires a certificate on the 802.1x Server

Question 26

AUP

Answer 26

Acceptable Use Policy

Question 27

WPS

Answer 27

Wifi Protected Setup Allows users to configure wireless devices without typing in passphrase -used can instead configure devices by pressing buttons or entering short pin

Question 28

IV

Answer 28

Initialization Vector

Question 29

NFC

Answer 29

Near Field Communications Used with cards to make purchases and share data between phones Uses readers Two way Communication Used within 0-5 meters

Question 30

RFID

Answer 30

Radio Field Identification Uses a Reader and tags One-way communication Used to track objects

Question 31

DoS

Answer 31

Denial of Service

Question 32

PAN

Answer 32

Personal Area Network

Question 33

VPN

Answer 33

Virtual Private Network Is often used for remote access to public or private networks

Question 34

IPSEC

Answer 34

Internet Protocol Security Used with VPNs

Question 35

RADIUS

Answer 35

Remote Authentication Dial-In User Service Is a Centralized Authentication Service VPN Server authenticates clients through a RADIUS server with it's database or forward it to a LDAP

Question 36

AH

Answer 36

Authentication Header IPsec provides security with AH Provides Authentication and integrity

Question 37

ESP

Answer 37

Encapsulating Security Payload is part of IPSec Used to encrypt the data and provide CIA

Question 38

IKE

Answer 38

Internet Key Exchange used with IPSEC over port 500 to authentication clients Creates a Security Associations for the VPN and uses these to setup a secure channel between the client and VPN server

Question 39

SSTP

Answer 39

Secure Socket Tunneling Protocol Encrypts traffic using TLS over port 443 TCP And is a useful alternative when VPN tunnel must go through a device using NAT, and IPsec is not feasible

Question 40

L2TP

Answer 40

Layer 2 Tunneling Protocol Is a Tunneling Protocol that is also used for VPNs L2TP doesnt provide encryptionn by itself and relies on IPsec

Question 41

HTML 5 VPN Portal

Answer 41

Hypertext Markup Language 5 VPN portal Allows users to connect to the VPN using their web browsers

Question 42

NAC

Answer 42

Network Access Control Inspects computers and other devices to see if they met the health requirements to join network if not they are sent to a remediation network. Uses Agent and agentless

Question 43

PAP

Answer 43

Password Authentication Protocol Is used with Point-to-Point to authenticate clients

Question 44

PPP

Answer 44

Point-to-Point Protocol Used with PAP

Question 45

CHAP

Answer 45

Challenge Handshake Authentication Protocol Uses PPP and authenticates remote users but is more secure then pap Goal is to allow clients to pass credentials over a public network without allowing attackers to intercept the data

Question 46

TACACS+

Answer 46

Terminal Access Controller Access Control System Plus Alternative to RADIUS Provides 2 security benefits over RADIUS -encrypts the entire authentication process -used multiple challenges and responses between the client and the server Orgs uses it as an authentication service for network devices

Question 47

BYOD

Answer 47

Bring Your Own Device