Chapter 7: Delving into Network and Security Concepts

Question 1

prevents unauthorized access to the corporate network; we tend to use back-to-back configuration

Answer 1

Firewall

Question 2

Internal Network

Answer 2

Local Area Network (LAN)

Question 3

This is an application firewall that is build into desktop operating systems, such as Windows 10 operating system.

Answer 3

Host-Based Firewall

Question 4

this is a hardware appliance that keeps the network safe. It is vital that only the ports required are open. The network based firewall is placed at the edge of the network to prevent unauthorized access.

Answer 4

Network-Based Firewall

Question 5

: this looks deep at the application and its traffic to see whether it is allowed through

Answer 5

stateful firewall

Question 6

could also be called packet-filtering firewall. It only looks at whether the packet is permitted and never looks in depth at the packet format

Answer 6

stateless firewall

Question 7

is placed on a web server and its role is to protect web-based applications running on the webserver

Answer 7

Web Application Firewall (WAF)

Question 8

is a multipurpose firewall: it does malware, content, and URL filtering. –all in one security appliance

Answer 8

Unified Threat Management Firewall (UTM)

Question 9

this is a firewall that is application aware and can be used for both on premise and a cloud environment. It has cloud intelligence and the capabilities of an intrusion prevention system.

Answer 9

Next Generation Firewall (NGFW)

Question 10

where a request from a private internal IP address is translated to an external IP public address, hiding the internal from the external attack.

Answer 10

Network Address Translation (NAT)

Question 11

device that connects two different networks when setting up a host machine
-known as the default gateway.
-used by your company to give you access to other networks—for example the internet

Answer 11

Router

Question 12

ensure applications have the amount of bandwidth they need to operate when there is limited network bandwidth.

Answer 12

Quality of Service (QOS)

Question 13

when two or more switches are joined together they can create loops that create broadcast storms—Spanning Tree Protocols (STPs) prevent this by blocking, listening, or forwarding ports.

Answer 13

Loop Protection

Question 14

frames that contain information about the STP

Answer 14

Bridge Protocol Data Units (BPDU)

Question 15

set up on a port of a switch so that when the data arrives at that port, a splitter sends a copy to another device for later investigation.
-will inform NIDS Network Intrusion Detection System

Answer 15

Port mirror (port spanning)

Question 16

link aggregation allows you to connect multiple switches so that they work as a single logical unit and prevent looping
Switch 1/Switch 2/Switch 3–>________

Answer 16

Aggregation Switches

Question 17

when security teams are trying to find out the attack methods that hackers are using, they set up a website similar to the legitimate website with lower security. When the attack commences, the security team monitors the attack methods so that they can prevent future attacks.

Answer 17

Honeypot

Question 18

Group of honeypots

Answer 18

Honeynet

Question 19

is a decoy file that is probably called password.txt so that it attracts the attention of an attacker. An alert has been set up to alert the security team once that fie has been opened.

Answer 19

Honey File

Question 20

where the cybersecurity team notices that an attacker is using tools such as IP or Port Scanner to gain information about your network. They then send false information back to the attacker.

Answer 20

Fake Telemetry

Question 21

is a server that controls requests from clients seeking resources on the internet or an external network. Think of it as a go between that makes requests on behalf of the client ensure that anyone outside of your network does not know the details of the requesting host.

Answer 21

Proxy Server

Question 22

3 main functions of a Proxy Server

Answer 22

-URL Filter: companies may not want their employees to go to certain websites so they block them (example: espn.com)
-Content filter: looks at the content on the requested web page. It will block the request depending on what filters are set up. If we block gambling then users that try and visit a poker or horse betting site are blocked.
-Web page caching: purpose is to reduce the bandwidth being used as well to make access to web pages faster as they are actually obtaining content from their LAN

Question 23

The IT team sets up jobs to cache web pages; for example they cache espn.com at 3am local time to ensure it has the latest results

Answer 23

Active Caching

Question 24

when new web pages are being requested the pages are fetched and submitted to the requesting a host and a copy is then placed in the cache. That way, the second time it is requested, it is retrieved from the cache

Answer 24

Passive caching

Question 25

this deals with requests on behalf of another server. It could be, for example, a page within an online ship that loads its content and displays from another location outside the shop

Answer 25

Application Proxy

Question 26

he flow of traffic from a _______ is incoming traffic from the internet coming into your company network; placed in a boundary network called a screened subnet

Answer 26

reverse proxy

Question 27

also known as a jump host or jump box, is a hardened host that could be used as an intermediary device or as a gateway for administrators who would then connect to other servers for remote administrators. It would only have secure remote access tools installed. It could be used to SSH into the screened subnet or an Azure public network

Answer 27

Jump Server

Question 28

is a device that is used when there is a high volume of traffic coming into the companys network or web server. It can be used to control access to web servers, video conferencing, or email.

Answer 28

Load Balancer

Question 29

load balancer knows status of all web servers in the server farm and knows which web servers are least utilized by using a scheduling algorithm.

Answer 29

Least Utilized Host

Question 30

the request is sent to the same web server based on the requesters IP address. This is also known as persistence or a stick session where the load balancer uses the same server for the session

Answer 30

Affinity

Question 31

when the request comes in the load balancer contacts the DNS server and rotates the request based on the lowest IP address first

Answer 31

DNS Round Robin

Question 32

Load balancer configuration where–>load balancers act like an array dealing with the traffic together as they are both active. One load balancer deals with the workload of two

Answer 32

Active/Active

Question 33

you have a pair of load balancers. The active node is fulfilling load balancing duties and the passive node is listening and monitoring the active node. Should the active node fail, the passive will take over.

Answer 33

Active/Passive

Question 34

legacy server where dial up network is used. This has been discontinued because no speed

Answer 34

Remote Access Server

Question 35

located in the company’s network and client has software to allow connection but it utilizes the internet; this makes it cheaper to use.

Answer 35

Virtual Private Network (VPN)

Question 36

most secure tunneling protocol that can use certification, Kerberos authentication, or a preshared key. Provides both a secure tunnel and authentication

Answer 36

L2TP/IPSec

Question 37

this works on legacy systems and uses SSL certificates for authentication

Answer 37

Secure Socket Layer (SSL) VPN

Question 38

similar to SSL VPN it uses certificates for authentication. It is easy to setup just need an HTML 5 browser such as Opera, Edge, Firefox, or Safari.

Answer 38

HTML 5 VPN

Question 39

consists of either SHA 1 (160 bits) or MD 5 (128 bits) protocols, which ensure the packet header has not been tampered with in transit.

Answer 39

Authenticated Header (AH)

Question 40

uses DES (56), 3DES(168), or AES (256). Symmetric encryption protocols

Answer 40

Encapsulated Payload (ESP)

Question 41

–can be used to create a secure session between a client computer and server.
______ Handshake—Internet Key Exchange (IKE)
-Diffie Hellman is used to set up a secure tunnel before the data
*DH uses UDP port 500 to create quick mode—creates secure session so that data can flow through.

Answer 41

IPSec

Question 42

where IPSec session is used across internet as part of L2TP/IPSec tunnel. AH and ESP are both encrypted

Answer 42

Tunnel Mode

Question 43

IPSec tunnel is created with an internal network using a client/server to server communication. During transport, only ESP is encrypted

Answer 43

Transport Mode

Question 44

Low latency Point to point connection between two sites

Answer 44

Always on mode

Question 45

Layer 1 of OSI Model

Answer 45

The Physical Layer

-physical connection between devices

–hubs, modems, repeaters, cables (bits)

Question 46

Layer 2 of OSI Model

Answer 46

Data Link Layer

–responsible for the node to node delivery of the message

–Switches/bridge

–frame

Question 47

Layer 3 of OSI Model

Answer 47

Network Layer

–transmission of data from one host to the other located in different networks

–Router

-packet

Question 48

Layer 4 of OSI Model

Answer 48

Transport Layer

—refferred to as Segments
–responsible for the End to End Delivery of the complete message

–Firewall

Question 49

Layer 5 of OSI Model

Answer 49

Session Layer

–establishment of connection, maintenance of sessions, and authentication and also ensures security

–Gateway

–Message

Question 50

Layer 6 of OSI model

Answer 50

Presentation Layer
—data from application layer is extracted here

–JPEG/MPEG/GIF

–Message

Question 51

Layer 7 of OSI model

Answer 51

Application layer

–applications produce the data which has to be transferred over the network

–SMTP

–Message