Domain 2.1 Install and configure network components, both hardware- and software based, to support organizational security. Flashcards
Number 1 VPN tunnel in the world
IPSEC
What is a piece of hardware designed to protect one network from another?
Firewall
What does a Packet filtering firewall filter traffic based on?
– Source and Destination IP
– Port Numbers
– Protocols Used
What is another name for a layer 7 firewall?
Application Firewall - Opens and inspects every packet on layer 7 of the OSI model.
Stateful Inspection Firewall
Keeps a state table to track every communication channel.
A list of rules that determine what traffic to block, and what to allow
Access Control List (ACL)
what locally installed security control is Used to prevent application specific protocol and payload attacks?
Application Firewall
A hardware device designed for general network filtering.
– Provides protection for the network.
Network Firewall
_______ firewalls analyzes packets on an individual basis against the filtering ACL.
Stateless
Unless some traffic is explicitly allowed it will be Denied.
Implicitly denied
what is a VPN?
A secure tunnel through an unsecured internet.
What does a VPN do?
Secures the private network, using encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted
VPN concentrator
Gives all the VPNs a label.
Site-to-Site VPN
Site-to-site refers to the connection of separate sites through a VPN.
Remote access VPN
Remote Access refers to connecting single entities or hosts through a VPN.
At what layer of the OSI model does a VPN operate?
Layer 3 - Network layer.
An IPSEC VPN tunnel uses ___ by default.
AES - Advanced Encryption Standard.
What part of the packet does AH encapsulate
the outside of the packet
What does ESP do?
ESP encapsulates the data inside the packet.
using a pre-existing VPN tunnel to exchange keys is called.
IKE
ISAKMP
a VPN tunnel setup to send symmetric keys across.
IPSEC Tunnel mode
Encrypts the Header, payload and Footer.
IPSEC Transport mode
Encrypts only the payload of the packets.
What type of tunnel routes all traffic across the tunnel?
A full tunnel
What type of tunnel routes only specific traffic across the tunnel, and routes internet bound traffic outside of the tunnel.
Split tunnel
What layer of the OSI model does TLS operate on?
Layer 4 - The Transport Layer
Host based Intrusion detection system (HIDS)
an IDS installed on your specific computer
Network Based intrusion detection system (NIDS)
an IDS on the network, protecting all devices on your network.
What device analyzes data, logs attacks, and notifies you.
Intrusion Detection System
what is a HoneyPot?
A server setup to entice an attacker.
What device analyzes data and prevents attack, and notifies you.
IPS - Intrusion Prevention System.
NIPS
Network Intrusion Prevention System
HIPS
Host intrusion Prevention System
a known attack
a signature based attack
requires a baseline to evaluate for normal or abhorrent operation
Behavior based IPS/IDS
Compares suspicious programs vs known malware
Heuristics (“watching trends” on the exam)
A flagged event that isn’t really an event and has been falsely triggered
False positive
An event that should be flagged but isn’t.
False negative
firewalls have _____ and routers have ____
firewalls have RULES and routers have ACLs
Port Security AND wireless security
802.1X
RADIUS port
port 1812
A _________ switch works on Layer 2 and Layer 3 of the OSI Model.
Multilayer Switch / Layer 3 Switch
Cisco proprietary Loop prevention
Spanning Tree Protocol (STP)
Flood Gaurd
Stops buffer overflow - A flood guard will prevent your system or network from accepting more than it can handle
a packet that is 9000 bytes
a Jumbo packet
A ______ _______ goes to the internet on your behalf.
A Proxy Server
a Proxy server ________ the websites you visit most often
Caches/stores
what does a load balancer do?
routes traffic to multiple servers to ensure availability
Active-Active
If one goes down the other is already active and in use.
Active-passive
If one goes down the second/backup will activate and begin usage.
Access Point
A device that creates a wireless local area network, or WLAN, usually in an office or large building. (For testing purposes it is a network extender)
802.11a
54 Mbps - 5 GHz
802.11b
11 Mbps - 2.4 GHz
802.11g
54 Mbps - 2.4 GHz
802.11n
200+ Mbps - 2.4 GHz or 5 GHz or both
802.11n uses a unique technology called?
uses MIMO - two or more antenna. multiple input multiple output.
The name of your wireless network
Service Set identifier (SSID)
Each host is allowed or denied based on their mac address.
MAC filtering
According to CompTIA there are 3 wireless channels you can use.
1, 6, and 11
what antenna type goes 360 degrees
omni-directional - rubber-duck
a direction antenna does what?
forces the signal in one direction, and since it is focusing the signal, it can cover a greater distance with a stronger signal. also called a YAGI antenna.
Security Information and Event Management (SIEM)
provide real-time analysis of security alerts that are flagged by network appliances and software applications (aggregation.)
write-once-read-many (WORM)
is built into many SIEMS. means that once the data is written you should not be able to edit it.
What is DLP?
Data Loss Prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed.
What is Tripwire?
File Integrity Verifier (VIF), that is utilized in a DLP environment. It will inform you if anyone accessed data.
Network Access Control
a set of standards defined by the network for clients attempting to access it so that only known devices meeting specified requirements can connect. (similar to 802.1x)
SSL Accelerators
Since encrypting data is very processor intensive, accelerators can be used to offload the public-key encryption to a hardware accelerator, which is a separate plug-in card (usually into a PCI slot).
trusted platform module
a chip on the motherboard called a crypto-processor that performs encryption and decryption,
Bitlocker
a microsoft program used for whole disk or full disk encryption.
Which of the following devices is typically used to provide protection at the edge of the network attack surface? A. Firewall B. Router C. Switch D. VPN concentrator
A. Firewall
In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be configured to provide remote access? (Select TWO). A. Subnetting B. NAT C. Firewall D. NAC E. VPN
C. Firewall
E. VPN
What type of wireless antenna can be used to send or receive signals in any direction? A. Cantenna B. Yagi C. Rubber duck D. Panel
C. Rubber duck
You have recently had some security breaches in the network. You suspect the cause might be a small group of employees. You want to implement a solution that monitors incoming external traffic. Which of the following devices would you use? A. A router B. A network-based IDS C. A VPN D. A host-based IDS
B. A network-based IDS
