Chapter 4: Securing Your Network

Question 1

______ and _____ inspect traffic using the same functionality as a protocol analyzer.

Answer 1

Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs)

Question 2

A _____ can detect attacks on local systems such as workstations and servers. The HIDS protects local resources on the host and can detect some malware that isn’t detected by traditional antivirus software.

Answer 2

host-based IDS (HIDS)

Question 3

A ______ detects attacks on networks.

Answer 3

network-based

IDS (NIDS)

Question 4

A signature-based IDS or IPS uses _____ to detect known attacks or vulnerabilities.

Answer 4

signatures

Question 5

____-based or ______-based IDSs (also called anomaly-based IDSs) require a baseline and detect attacks based on anomalies or when traffic is outside expected boundaries.

Answer 5

Heuristic-based or behavioral-based

Question 6

A _____ _____ incorrectly raises an alert indicating an attack when an attack is not active. They increase the workload of administrators.

Answer 6

false positive

Question 7

A ____ _____ is when an attack is active, but not reported.

Answer 7

false negative

Question 8

An IPS is similar to an active IDS except that it’s placed ____ with the traffic and can stop attacks before they reach the internal network. An IPS can actively monitor data streams, detect malicious content, and prevent it from reaching a network. In contrast, an IDS is out-of-band.

Answer 8

inline/ in-band

Question 9

IDSs and IPSs can also protect internal private networks, such as ________ and _______

Answer 9

private supervisory control and data acquisition (SCADA) networks

Question 10

_____ ______ are dedicated hardware devices that handle Transport Layer Security (TLS) traffic.

Answer 10

SSL/TLS accelerators

Question 11

_____ _______ allow an organization to inspect traffic, even when traffic is using SSL or TLS.

Answer 11

SSL decryptors

Question 12

A ______ _____ _____ uses virtualization technologies to route traffic instead of using hardware routers and switches. It separates the data and control planes.

Answer 12

software defined network (SDN)

Question 13

_____ and _____ appear to have valuable data and attempt to divert attackers away from live networks. Security personnel use them to observe current attack methodologies and gather intelligence on attacks.

Answer 13

Honeypots and honeynets

Question 14

An _____ provides strong port security using port-based authentication. It prevents rogue devices from connecting to a network by ensuring that only authorized clients can connect.

Answer 14

802.1x server

Question 15

____ ____ ____ connect wireless clients to a wired network.

Answer 15

Wireless access points (APs)

Question 16

A ____ _____, also known as a stand-alone AP, includes everything
needed to connect wireless clients to a wireless network.

Answer 16

fat AP

Question 17

_____ _____ are controller-based APs. A controller configures and manages a thin AP.

Answer 17

Thin APs

Question 18

The ___ ____ _____ is the name of the wireless network. Disabling the SSID broadcast hides a wireless network from casual users.

Answer 18

service set identifier (SSID)

Question 19

You can restrict access to wireless networks with ___ ___ ___ filtering. However, attackers can discover authorized MACs and spoof an authorized MAC address.

Answer 19

media access control (MAC)

Question 20

Most WAPs have _____ antennas. ____ antennas

have narrower beams and longer ranges.

Answer 20

omnidirectional antennas. Directional antennas

Question 21

An ___ ___ wireless network is two or more devices connected together without an AP.

Answer 21

ad hoc

Question 22

Wi-Fi Protected Access (WPA) can use Temporal Key Integrity Protocol (TKIP) or Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). Both WPA and TKIP have been ______.

Answer 22

deprecated

Question 23

Personal mode uses a ___ ____ ____. It is easy to implement and is used in many smaller wireless networks.

Answer 23

pre-shared key (PSK)

Question 24

______ mode is more secure than Personal mode because it adds authentication. It uses an 802.1x authentication server implemented as a RADIUS server.

Answer 24

Enterprise

Question 25

_____ mode doesn’t use a PSK or an 802.1x server. Many hot spots use Open mode when providing free wireless access to customers.

Answer 25

Open

Question 26

_____ servers use one of the Extensible Authentication Protocol (EAP) versions, such as Protected EAP (PEAP), EAP-Tunneled TLS (EAP-TTLS), EAP-TLS, or EAP-Flexible Authentication via Secure Tunneling (EAP-FAST).

Answer 26

802.1x

Question 27

The most secure EAP method is _____, and it requires a certificate on the server and on each of the wireless clients.

Answer 27

EAP-TLS

Question 28

_____ and _____ require a certificate on the server, but not the client.

Answer 28

PEAP and EAP-TTLS

Question 29

_____ is often implemented with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2).

Answer 29

PEAP

Question 30

LEAP is proprietary to Cisco and does not require a certificate. Cisco designed _____ to replace Lightweight EAP (LEAP).

Answer 30

EAP-FAST

Question 31

A _____ _____ forces wireless clients to complete a process, such as acknowledging a policy or paying for access, before it grants them access to the network.

Answer 31

captive portal

Question 32

A _____ _____ effectively removes a wireless client from a wireless network, forcing it to reauthenticate.

Answer 32

disassociation attack

Question 33

___ ___ ____allows users to easily configure a wireless device by pressing a button or entering a short PIN. WPS is not secure. A WPS attack can discover the PIN within hours. It then uses the PIN to discover the passphrase.

Answer 33

Wi-Fi Protected Setup (WPS)

Question 34

A ____ ____ ___ is an AP placed within a network without official authorization. An evil twin is a rogue access point with the same SSID as a legitimate access point.

Answer 34

rogue access point (rogue AP)

Question 35

A ____ attack floods a wireless frequency with noise, blocking wireless traffic.

Answer 35

jamming

Question 36

An _____ _____ attack attempts to discover the IV and uses it to discover the passphrase.

Answer 36

initialization vector (IV)

Question 37

____ _____ _____ attacks use an NFC reader to

read data from mobile devices.

Answer 37

Near field communication (NFC)

Question 38

_____ is the practice of sending unsolicited messages to a phone. _____ is the unauthorized access to, or theft of information from, a Bluetooth device.

Answer 38

Bluejacking

Bluesnarfing

Question 39

In a _____ _____ attack, an attacker captures data sent between two entities, modifies it, and then impersonates one of the parties by replaying the data. WPA2 using CCMP and AES prevents wireless replay attacks.

Answer 39

wireless replay

Question 40

___-_____ _____ attacks include eavesdropping, replay, and DoS.

Answer 40

Radio-frequency identification (RFID)

Question 41

A ____ ____ ____ provides access to private networks via a public network, such as the Internet. _____ concentrators are dedicated devices that provide secure remote access to remote users.

Answer 41

virtual private network (VPN) x 2

Question 42

_____ is a common tunneling protocol used with VPNs. It secures traffic within a tunnel. It provides authentication with an Authentication Header (AH). Encapsulating Security Payload (ESP) encrypts VPN traffic and provides confidentiality, integrity, and authentication.

Answer 42

IPsec

Question 43

IPsec ____ mode encrypts the entire IP packet used in the internal network. IPsec _____ mode only encrypts the payload and is commonly used in private networks, but not with VPNs.

Answer 43

Tunnel

Transport

Question 44

Some VPNs use____ to encrypt traffic within the VPN tunnel.

Answer 44

TLS

Question 45

A ____ tunnel encrypts all traffic after a user has connected to a VPN. A ____ tunnel only encrypts traffic destined for the VPN’s private network.

Answer 45

full

split

Question 46

___-__-____ VPNs provide secure access between two networks. These can be on- demand VPNs or always-on VPNs.

Answer 46

Site-to-site

Question 47

____ ____ can also use always-on VPNs to protect traffic when users connect to public hot spots.

Answer 47

Mobile devices

Question 48

____ ____ ____ inspects clients for specific health conditions such as up- to-date antivirus software, and can redirect unhealthy clients to a remediation network.

Answer 48

Network access control (NAC)

Question 49

A _____ NAC agent (sometimes called a persistent NAC agent) is installed on the client and stays on the client. A _____ NAC agent (sometimes called agentless) is downloaded and run on the client when the client logs on, and deleted after the session ends; they agents are commonly used for employee-owned mobile devices.

Answer 49

permanent

dissolvable

Question 50

____ ____ ____ is used when a user accesses a private network from a remote location, such as with a VPN connection.

Answer 50

Remote access authentication

Question 51

___ ____ ____ uses a password or PIN for authentication. A significant weakness is that it sends passwords across a network in cleartext.

Answer 51

Password Authentication Protocol (PAP)

Question 52

____ ____ ____ ____is more secure than PAP and uses a handshake process when authenticating clients.

Answer 52

Challenge Handshake Authentication Protocol (CHAP)

Question 53

_____ and _____ are the Microsoft improvement over CHAP.

Answer 53

MS-CHAP and MS-CHAPv2

Question 54

MS-CHAPv2 provides mutual _____.

Answer 54

authentication

Question 55

______ provides central authentication for multiple remote access services. It relies on the use of shared secrets and only encrypts the password during the authentication process. It uses UDP.

Answer 55

RADIUS

Question 56

_____ is used by some Cisco systems as an alternative to RADIUS. It uses TCP, encrypts the entire authentication process, and supports multiple challenges and responses.

Answer 56

TACACS+

Question 57

_____ is an improvement over RADIUS. It uses TCP,

encrypts the entire authentication process, and supports many additional capabilities.

Answer 57

Diameter

Question 58

RADIUS, TACACS+, and Diameter are all _____, _____, and _____ protocols.

Answer 58

authentication, authorization, and accounting