Domain 3 (Security Architecture) Flashcards

Practice questions unofficial sources

1
Q

When computing resources are delivered to a remote customer over a network

A

Cloud computing (simple definition)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

A

Cloud computing (NIST definition)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This is the business that offers cloud computing services for sale to third parties

A

Cloud service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The consumers of cloud computing services who use the services as the infrastructure, platforms, and/or applications that help them run their own business

A

Cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Third-party companies who offer some product or service that interacts with the primary offerings of a cloud service provider

A

Cloud service partner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cloud service providers who offer a managed identity and access management service to cloud customers

A

Cloud access security broker (CASB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This adds more servers to the pool to meet increased user demand

A

Horizontal scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This adds more resources (such as CPU or memory) to existing servers to meet increased demand

A

Vertical scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This refers to both increasing and decreasing capacity as short-term needs fluctuate

A

Elasticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Paying only for what you consume

A

Measured Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Many different customers share use of the same computing resources

A

Multitenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Multitenancy cloud users don’t impact each other; one customer should never be able to see data belonging to another

A

Principle of Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sold capacity exceeds actual capacity; cloud providers can oversell because customer use varies at different times, different peaks

A

Oversubscription

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CPU and memory shared among users; in the physical environment they are shared among many different users and can be reassigned as needed

A

Resource pooling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vendors that provide security services for other organizations

A

Managed Security Service Providers (MSSPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This term may also describe Managed Security Service Providers when the service being performed has more of a software as a service feel; almost like a subcategory of MSSP but people blur the lines

A

Security as a Service (SECaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A category of security service that add a third party security layer to the interactions that users have with other cloud services

A

Cloud Access Security Brokers (CASBs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security service where the broker sits in between the users and the cloud service, monitoring requests and watching for potential violations of security policy, broker blocks requests if necessary

A

Network-Based CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security service where the broker does not sit in the line of communication, uses API to interact with the cloud service. Broker may be unable to block requests, and the service entirely in the cloud

A

API-Based CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When the hypervisor runs directly on top of the hardware, and then hosts guest operating systems on top of that; the most common form of virtualization found in data centers

A

Type 1 Hypervisor (Bare Metal Hypervisor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In the past decade we have a shift in the computing landscape from the client/server model to _____ technology

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

_____ technology allows many virtual servers to make use of the same underlying hardware, easily shifting processing power to wherever it’s needed at the time

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When the physical machine runs an operating system of its own and the hypervisor runs as a program on top of the operating system; commonly used on personal computers; virtual boxes and parallels

A

Type 2 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In virtualization, the ___ tricks each guest into thinking it runs on its own dedicated hardware

A

Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
An attack where the attacker breaks out of the guest system in a virtualized environment, trying to access the memory and storage of the other virtualized machines
VM escape attack
21
Where there are large numbers of unused and abandoned virtual servers on the network, creating a security risk as they are not maintained
VM sprawl
22
Applies virtualization to desktop technology; provides network-based access to a desktop computing environment
Virtual Desktop Infrastructure (VDI)
23
Storage that allocates a large chunk of storage for access as a disk volume managed by the operating system; large chunk of storage is partitioned into volumes; commonly used to create virtual disk drives for cloud servers
Block storage
24
Storage that stores files as individual objects managed by the cloud service provider; used to maintain files for a website, build large data stores, etc.
Object Storage
25
Classes of block storage
magnetic drives or solid state drives
26
Classes of object storage
premium level of service that is available for immediate use, or archival storage
27
These allow you to directly connect VPCs to each other and to other cloud-based services without requiring that the traffic travel on the open internet
VPC endpoints
28
SDN
Software Defined Networking Allows you to automate your cloud networking in an infrastructure as code approach by integrating the cloud provider's API into your operations stack
29
SDV
Software Defined Visibility Allows you to use the provider's API to gain visibility into network traffic through the use of virtual tapping, virtual net flow, etc.
30
VDI
Virtual Desktop Infrastructure
31
This streams applications to the user's desktop
Application Virtualization
32
Before the 1980's the enterprise IT landscape was based on ___ technology
mainframe
33
During the 1980s and 1990s the enterprise IT landscape was based on _____ technology
client-server model
34
MSPs
Managed Service Providers
35
They offer information technology services to customers, a broader term
MSPs, Managed Service Providers
36
CASB
Cloud Access Security Broker
37
API
Application Programming Interfaces
38
This creates automated workflows for managing cloud environments; allows cloud administrators to quickly and easily create workloads, shift operations between environments, etc
Cloud Orchestration
39
The idea that administrators should never build or manage resources using the command line or graphical interfaces, they should write code that performs those actions for them, as that code is then reusable
Infrastructure as Code
40
A lightweight way to package up an entire application and make it portable so that it can easily move between hardware platforms; lightweight application virtualization; "the next evolution of virtualization"
Containers
41
A design philosophy that encourages organizations to create discreet services that may be accessed by customers and other users in a black box fashion
Service-Oriented Architecture (SOA)
42
A standards body for architecture
The Open Group
43
A modern adaptation of SOA to the world of cloud enabled computing; fine grain services that provide small and discreet functions to other services
Microservices
44
This is published by the ISO; lays out a common terminology framework that assists cloud service providers, customers, and partners in communicating about roles and responsibilities; a starting point for organizations
Cloud reference architecture
45
ISO
International Organization for Standarization
46
Activities: Use cloud services, perform service trials, monitor services, administer security, provide billing and usage reports, handle problem reports, administer tenancies, perform business administration, select and purchase service, request audit reports
ISO cloud reference architecture customer activities
47
Activities: Prepare systems and services, monitoring and administering services, managing assets, providing audit data, manage customer relationships, preform peering, ensure compliance, provide connectivity, etc.
ISO cloud reference architecture provider activities
48
Activities: design create and maintain services, test services, perform audits, set up legal agreements, acquire and assess customers, assess the marketplace
ISO cloud reference architecture partner activities
49
The ISO cloud reference architecture aligns nicely with ____, which is designed to help cloud providers and customers understand the detailed security controls that may be used to achieve cloud security objectives
Cloud Security Alliance's Cloud Controls Matrix
50
Cloud deployment model providing flexibility, scalability, agility, and cost-effectiveness of the cloud while not sharing computing resources with other organizations; organization builds and runs its own cloud infrastructure
Private Cloud
51
Cloud deployment model using the multitenancy model, where cloud providers build massive infrastructures in their own data centers and then make those resources available to all users; physical hardware may be running workloads for many different customers at the same time
Public Cloud
52
Cloud deployment model that uses a combination of public and private cloud computing, different clouds for different workloads likely depending on data sensitivity concerns
Hybrid Cloud
53
Cloud deployment model not open to the general public, but are shared amongst several organizations that are related to each other in a common community
Community cloud
54
Security in the public cloud follows the ____ model.
Shared responsibility model
55
XaaS
_____ as a service
56
Cloud services come in a variety of different categories and can be described using the term __
XaaS, _ as a Service
57
Cloud service model where the public cloud provider delivers an entire application to the customers. Customer doesn't worry about processing, storage, networking, and other infrastructure details; Providers get everything running for customers; usually accessed through a standard web browser
Software as a Service (SaaS)
58
Cloud service model where customers purchase basic computing resources from vendors and put them together for customized IT solutions. Vendors might provide data storage, compute capacity, etc.
Infrastructure as a Service (IaaS)
59
Cloud service model where vendors provide customers with a platform to run their own application code without worrying about server configuration. A middle ground between IaaS and SaaS; customer doesn't worry about managing servers but is running their own code
Platform as a Service (PaaS)
60
Three major IaaS vendors
Amazon Web Services, Microsoft Azure, Google Compute
61
Could be considered fourth goal of cybersecurity
Privacy
62
This goal protects the confidentiality rights of individuals whose information we store, process, or transmit;
Privacy
63
Ensures effective oversight of cloud use in an organization; ensures cloud partners comply with security, legal, business, and other constraints
Governance
64
An important component of governance; verifies that cloud service providers are fulfilling their security and operational obligations
Auditability
65
This term describes how cloud providers serving regulated customers must support compliance efforts; providers are subject to things such as HIPAA just as on-premises computing is; organizations must make sure that their cloud providers allow them to remain compliant
Regulatory Oversight
66
A principle stating that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed; storing data in multiple locations subjects it to multiple jurisdictions
Data Sovereignty
67
The ability of the cloud infrastructure to withstand disruptive events
Resiliency
68
Using a redundant server to protect against the failure of a single server is an example of __
Resiliency
69
How well a cloud service stand up to the demands that we place on it is described as ___
Performance
70
Written agreements with vendors documenting vendor obligations
Service Level Agreements (SLAs)
71
The idea that if something goes wrong operationally, technically, or financially, we can roll back operations to the original state prior to cloud transition
Reversibility
72
The design principle saying that workloads should be designed with the ability to move between cloud vendors, workloads shouldn't leverage vendor specific features
Portability
73
Design principle asking if cloud solutions from different vendors are compatible to work together, can services integrate; Especially important for SaaS and PaaS products
Interoperability
74
OSI model layer 1
Physical layer
75
OSI model layer 2
Data link layer
76
OSI model layer 3
Network layer
77
OSI model layer 5
Session layer
77
OSI model layer 4
Transport layer
78
OSI model layer 6
Presentation layer
79
OSI model layer 7
Application layer
80
These serve as IaaS firewalls; similar to firewall rules and allow you to control the traffic that's passed from the internet to your virtualized systems, even between systems operating in the virtual environments
Network Security Groups
81
These are security control offered by cloud providers that tightly integrate with the provider's service offerings; likely easy to use, but not work across multiple cloud platforms
Cloud-Native Controls
82
These are security controls offered by third-party vendors that integrate with cloud providers through their API and may work across multiple cloud platforms; often more expensive
Third-Party Controls
83
Policies that place limits on the actions that may be taken by users with direct access to your cloud environment
Resource Policy
84
Tools that allow you to store encryption keys and other sensitive credentials in a manner that allows you and your applications to access them, but keeps them safe from prying eye; can be expensive; such as cloud hardware security modules
Secret Management
84
This creates secure connections VPCs running in the cloud and VLANs on your local network, like cloud routers that provide strongly-encrypted connections; Links on-premises and cloud networks; An important control for organizations in a hybrid cloud environment
Transit Gateway
85
TCP/IP
Transmission Control Protocol/Internet Protocol
86
Two of the main protocols that make up all modern networks
TCP and IP
87
Protocol responsible for routing information across networks, provides an addressing scheme that uniquely identifies computers on a network, delivers information in chunks (packets) from their source to the correct destination; a network layer protocol that supports transport layer protocols
Internet Protocol (IP)
88
Two main transport layer protocols
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
89
TCP
Transmission Control Protocol
90
UDP
User Datagram Protocol
91
Protocol responsible for the majoritiy of network traffic, a connection-oriented protocol, connection between systems is established before data is transferred; reliable and guarantees delivery through destination receipt acknowledgment ; widely used for critical applications
Transmission Control Protocol (TCP)
92
User Datagram Protocol (UDP)
93
TCP three way handshake flag that identifies packets that are requesting a new connection
SYN flag
94
TCP three way handshake flag that identifies packets that are requesting the closure of an existing connection
FIN flag
95
TCP three way handshake flag that acknowledges a SYN or FIN request
ACK flag
96
TCP three way handshake
SYN, SYN/ACK, ACK
97
Protocol that is not connection-oriented, systems send data off to each other without establishing connection, no acknowledgments when received so no guarantee of delivery; may be used for voice and video applications
User Datagram Protocol
98
OSI model
Open Systems Interconnection model
99
OSI layer that sends bits over the network using wires, radio waves, fiber optics, etc.
OSI Layer 1 Physical
100
OSI Layer that transfers data between two nodes connected to the same physical network
OSI Layer 2 Data Link
100
OSI Layer that creates connections between systems and transfers data in a reliable manner; TCP and UDP work here
OSI Layer 4 Transport
101
OSI Layer that expands networks to many different nodes; where Internet Protocol works
OSI Layer 3 Network Layer
102
OSI Layer that manages the exchange of communications between systems
OSI Layer 5 Session
103
OSI Layer that translates data so that it may be transmitted on a network; it describes how to represent a character in terms of bits and performs encryption and decryption
OSI Layer 6 Presentation
104
OSI Layer that determines how users interact with data using web browsers or other client applications
OSI Layer 7 Application
105
The addressing scheme used by Internet Protocol
IP addresses
106
IP address numbers can range from _ to _
0 - 255
107
The IP address includes the __ and the __
network address and host address
108
IP version using the dotted quad notation
IPv4
109
IPv4 uses __ bits
32 bits
110
IPv6 uses __ bits
128 bits
111
IP addresses that are manually assigned to systems by an administrator. They must be unique and within the appropriate range for the network; user is responsible for choosing a unique address; typically used for servers
Static IPs
112
Protocol that allows the automatic assignment of IP addresses from an administrator-configured pool
Dynamic Host Configuration Protocol (DHCP)
113
DNS
Domain Name System
114
DNS functions over UDP port __
port 53
115
This protocol adds a digital signature to DNS
DNSSEC protocol
116
Attacks where attackers may attempt to insert false DNS records into intermediate DNS servers in an attempt to fool unsuspecting clients into accessing fake sites
DNS poisoning attacks
117
These are particular locations on a system associated with a specific application; they guide traffic to the correct final destination
Network Ports
118
Network ports are represented using a __ bit binary number
16 bit
119
The well-known ports; these are reserved for common applications that are assigned by internet authorities
ports 0-1,023
120
Web server port number
Port 80
121
Secure web server port number
Port 443
122
The registered ports; where application vendors may register their applications for use
Ports 1,024 - 49,151
123
FTP File Transfer Protocol (FTP) port used to transfer data between systems
Port 21
124
Secure Shell Protocol (SSH) used for encrypted administrative connections to servers
Port 22
125
Remote Desktop Protocol (RDP) used for encrypted administrative connections to servers
Port 3389
126
Windows systems ports used for network communications using the NetBIOS protocol
Ports 137, 138, 139
127
Port used by all systems for DNS lookup
Port 53
128
Simple Mail Transfer Protocol (SMTP) port used to exchange email between servers
Port 25
129
Post Office Protocol (POP) port that allows clients to retrieve mail
Port 110
130
Internet Message Access Protocol (IMAP) port used to access mail
Port 143
131
Hypertext Transfer Protocol (HTTP) port used for unencrypted web communications
Port 80
132
Secure Hypertext Transfer Protocol (HTTPS) port used for encrypted web communications
Port 443
133
ICMP
Internet Control Message Protocol
134
The housekeeping protocol of the internet that performs a variety of important administrative functions, such as the ping command
Internet Control Message Protocol (ICMP)
135
This command is a basic network troubleshooting command; a system sends this command over the network and the receiving system will respond with an acknowledgement; uses the ICMP protocol
Ping command
136
Packet that is sent to ask another system "are you there?" during the ping command
ICMP Echo request
137
Packet that is sent to tell another system "I am here" during the ping command
ICMP Echo reply
138
This command performs more detailed troubleshooting by showing you whether a system is alive on the network and showing the path over the network between the two systems; uses the ICMP protocol
Traceroute command
139
These typically have three network interfaces to connect three different security zones together. One interface connects to the internet or other untrusted network, another to the Intranet,
Network Border Firewall
140
The interface zone that connects to untrusted networks; is the interface between the protected networks and the outside world
Internet Zone
141
The interface zone that connects to the organization's intranet, the internal network where most systems reside
Intranet zone
142
Segments for endpoint network, wireless network, guest network, data center networks
Intranet Zone segments
143
The interface zone that is a network where you can place systems that must accept connections from the outside world, such as a mail server; also referred to as a DMZ
Screened Subnet zone
144
A security philosophy where systems do not gain privileges based solely on their network location
Zero Trust
145
Special purpose networks that are special intranet segments that are accessible by outside parties
Extranet
146
Special purpose networks that are decoy networks designed to attract attackers; they appear lucrative to attackers but don't really contain any sensitive information
Honeynet
147
Special purpose network that spring up whenever someone sets up a wired or wireless network outside of your standard security design; often planned to be temporary, can be a security risk as they might not have the usual security controls
Ad Hoc Network
148
This is network traffic between systems in the same data center
East-West traffic
149
This is network traffic between systems in the data center and systems located on the internet
North-South traffic
150
These allow us to logically group together related systems regardless of where they exist on the network; they extend the broadcast domain, allowing users on the same VLAN to directly connect to each other as if they were connected to the same switch
Virtual LANS (VLANs)
151
This allows you to monitor network traffic by duplicating all of the traffic from a single switch port; ideal for monitoring traffic to or from a single device
Port Mirrors
152
These are hardware devices used to aggregate inbound network connections from employees and other users who require remote access
VPN concentrators
153
These handle the tough cryptographic work of setting up an TLS connection on behalf of a web server, allowing the web server to focus on delivering web content; they are designed to boost service performance; in the DMZ
SSL Accelerators
154
These allocate the load of inbound user requests among a pool of servers, allowing the organization to scale a service quickly; in the DMZ
Load Balancers
155
SDN
Software Defined Networking
156
This is a technology that allows network administrators to treat the functionality and implementation details of a network as separate and distinct functions
Software Defined Networking (SDN)
157
This is responsible for the routing and switching decisions that determine how data flows around a network; determines how network devices interact with each other
The control plane
158
This consists of the mechanics of moving packets around in a network; it carries out the instructions of the control plane
The data plane
159
Devices that network engineers use to connect devices to networks; contain a large number of network ports; normally hidden away in wiring closets
Switches
160
Devices that contain radios that send and receive network signals to mobile devices; this device is wired back to the switch, but other devices connect to it wirelessly; uses radio-based wireless networks
Wireless Access Points (WAPs)
161
Switches operate at level __ of the OSI model, where they work with MAC addresses only
Level 2 (sometimes 3)
162
Switches sometimes operate at level __ of the OSI model, where they can interpret IP addresses; has some of the function of routers at this level
Level 3
163
Device that connects networks together by serving as a central aggregation point for network traffic heading to or from a large network; they connect networks to each other, making intelligent packet routing decisions; uses access control lists
Routers
164
Devices that connect two networks together, uses MAC addresses
Bridges
165
These devices analyze all attempts to connect to systems on a network and determining whether the request should be allowed or denied; often at the network perimeter in between routers and the internet
Firewalls
166
A technique that is an older version, they evaluate each packet separately; is inefficient and doesn't allow the device to make decisions
Stateless Firewall
167
A modern technique that allows users to keep track of established connections; doesn't have to reevaluate every incoming packet as it knows they are from the same origin
Stateful Inspection
168
Stateful inspection uses layer __ of the OSI model
Layer 4
169
Rule stating that if a firewall receives traffic not explicitly allowed by a firewall rule, then that traffic must be blocked
Implicit Deny (default deny)
170
These firewalls incorporate contextual information into their decision-making; devices capable of incorporating some contextual information into their decision-making process; work at all levels of the OSI model
Next-generation firewalls (NGFWs) aka layer 7 firewalls
171
Devices that inspect HTTP requests made to a web server and watch for any signs of a potential attack occurring against the application
Web Application Firewall (WAFs)
172
A deployment model for web application firewalls that is a physical device positioned between the network firewall and web server
Hardware WAF
173
A deployment model for web application firewalls that is software running on the web server that screens requests
Software WAF
174
A deployment model for web application firewalls that is a third-party service that remotely filters malicious traffic; very effective at dealing with DDOS attacks
Cloud-Based WAF
175
A specialized case of web application firewall; solutions designed specifically to protect XML-based services, such as restful APIs, watching for unauthorized requests, and performing rate limiting; filters access to REST APIs
XML Firewall
176
These are specialized servers that browse websites on behalf of end users. They serve as intermediaries that prevent users from directly connecting to websites; provide anonymity
Proxy Servers
177
When the proxy server is on the client's network; the client is aware of this server and sends all requests for web content to that server, which then passes it along to the remote web servers
Forward Proxies
178
___ ___ sit on the remote network and work on the server's behalf. The client is not aware that they're connect to a remote proxy server and believes they're connecting to the actual web server
Reverse Proxies
179
___ ___ work without the knowledge of either the client or the server. Servers that sit on the client's network physically in between the client and the internet. Intercepts requests for web services and proxy them on behalf of the client. Can cause some issues on the network and doesn't work well with TLS communication
Transparent Proxies aka incline proxies or forced proxies
180
These help web servers scale by distributing the workload among multiple servers
Load balancers
181
This automatically adds and removes servers as needed; expands and contracts the cluster of servers based upon demand
Autoscaling
182
When the load balancer makes each server gets an equal number of requests; When the load balancer rotates servers giving each server an equal share; not always the most efficient, some servers may be more powerful or some requests bigger
Round-robin scheduling
183
This routes an individual user's requests to the same server; when applications require that users return to the same server for future requests to maintain information about sessions
Session Persistence
184
An approach to load balancing where two or more load balancers actively handle network traffic and continue to function with diminished capacity if one device fails
Active-Active
185
An approach to load balancing where one load balancer handles all traffic while a second monitors activity and assumes responsibility if the primary load balancer fails
Active-Passive
186
These allow the secure interconnection of remote networks, such as connecting branch offices to a corporate headquarters or to each other
Site-to-Site VPNs
187
These provide mobile workers with a mechanism to securely connect from remote locations back to the organization's network
Remote Access VPNs
188
IPsec
Internet Protocol Security
189
The protocol most VPNs used to create their encrypted tunnels; works at network layer 3 of OSI model, supports layer 2 tunneling protocol, provides robust secure transport, difficult to configure; used for site-to-site VPNs but not remote
Internet Protocol Security (IPsec)
190
Remote user VPNs now often rely upon __ or __ VPNs that work at the ___ layer over port __
Remote user VPNs now often rely upon (SSL) or (TLS) VPNs that work at the (application) layer over port (443, TCP)
191
SSL VPN
Secure Sockets Layer Virtual Private Network
192
TLS VPN
Transport Layer Security Virtual Private Network
193
Tunneling approach for remote-access VPNs where any traffic leaving the remote device is routed through the VPN tunnel and protected by encryption, regardless of its final destination
Full-tunnel VPN
194
Tunneling approach for remote-access VPNs where only traffic destined for the corporate network is sent through the VPN tunnel, other traffic is routed directed over the internet; the routing policy is set by the VPN administrator; can prove a false sense of security as users assume all of their traffic is secure, so not recommended
Split-tunnel VPN
195
These systems sit on the network and monitor traffic searching for signs of potentially malicious traffic, such as SQL injections, malformed packets, etc.
Intrusion Detection Systems (IDS)
196
These systems can take immediate corrective action in response to a detected threat, may block potentially malicious traffic from entering the network
Intrusion Prevention System (IPS)
197
These errors occur when IDS/IPS triggers an alert when an attack did not actually take place. Could lead to administrators ignoring future alerts
False Positive Error
198
These errors occur when an attack takes place but the intrusion detection system doesn't notice it
False Negative Error
199
Technology used by IDS/IPS systems to identify suspicious traffic that works similarly to antivirus software. The system contains very large databases with patterns of data or signatures that are known to be associated with malicious activity. When something matching a malicious signature is detected the system triggers an intrusion alert. Vulnerable to new unknown attacks, but less false positives
Signature Detection System (rule-based detection)
200
Technology used by IDS/IPS systems to detect malicious activity. They system tries to develop a model of the trend of normal activity and then report deviations from those trends as suspicious. Has increased false positive rate
Anomoly Detection Systems aka behavior detection or heuristic approach
201
IPS approach where IPS sits directly on the network path and all communications must pass through it on the way to their final destination. The IPS can block suspicious traffic. Approach allows an active response, but risks issue with IPS disrupting all network communications
Inline deployments
202
IPS approach where the IPS is not in the network path, but it sits outside the flow of network traffic where it can still monitor traffic. Connected to a span or tap port on a switch which allows it to receive copies of all traffic sent through the network to scan , but doesn't disrupt flow of traffic. Passive approach
Out-of-Band deployment
203
An important tool that allows administrators to peer into the actual packets traveling on a network. Allows users to investigate security incidents, but can also jeopardize confidentiality of confidential communications
Protocol analyzers
204
A command line packet sniffing tool that is also available as open source software and can be used programmatically. An open-source command-line protocol analyzer
tcpdump
205
A command line tool that takes packet captures created by tcpdump or wireshark and allows you or an attacker to edit and replay that network traffic
tcpreplay
206
These solutions combine many different security functions on a single device. Includes/can include routing traffic, blocking unsolicited traffic, VPN connectivity, intrusion detection/prevention, URL filtering, etc. They still require regular monitoring and managing. May be better for smaller businesses
Unified Threat Management (UTM)
207
This approach does not consider security as a design element, instead engineers attempt to retrofit an existing system with security features. Sometimes successful but much less effective and more expensive
Bolt-On security
208
Failure mode where if security controls fail, they are automatically bypassed. This approach favors continued business operations but poses security risk
Fail Open system
209
Failure mode where if security controls fail, the system locks itself down and no access is granted.
Fail Close system
210
Security administrators typical two main objectives/goals
Perimeter security and network access control
211
Security type where security administrators want to keep unwanted remote users out of the network through the use of firewalls and access control lists
Network Perimeter Security
212
Security type where security administrators want to limit physical access to authorized individuals and devices
Network Access Control
213
When access is restricted based upon business logic
Rule Based Restriction
214
When access is restricted based upon the identity of the individual
Role Based Restriction
215
When access is restricted based upon the time of day; access may only be granted during business hours
Time Based Restriction
216
When access is restricted based upon a physical location; depending on the user's physical location access may be granted
Location Based Restriction
217
Technology that intercepts network traffic coming from unknown devices and verifies that the system and user are authorized before allowing further communication; often uses 802.1x authentication
Network Access Control (NAC)
218
NAC
Network Access Control
219
NAC uses ___ authentication protocol
802.1x authentication
220
This technology allows administrators to block inbound traffic based upon source IP address, using the access-list command. Doesn't provide much flexibility
Standard Router Access Control Lists
221
This technology allows administrators to block traffic based upon more advanced criteria, such as source and destination IP addresses, source and destination ports, and the protocols used for communication
Extended Router Access Control Lists
222
These devices are much better at performing complex filtering than routers
Firewalls
223
Unlike routers which are normally centrally located in secure data centers, ___ are spread all over the place to provide connectivity at the edge of the network
Switches
224
This is when you limit the unnecessary exposure of VLANs by limiting the number of switches where they are trunked
VLAN pruning
225
When administrators manually configure valid MAC addresses for each port. Is very time consuming, but is the most secure way to implement port security
Static Port Security
226
When switches memorize the first MAC address they see on each port and limit access to that address. Makes configuration much faster but can be risky if you have unused but active ports
Dynamic Port Security/Sticky mode
227
switch level security control technology that allows the switch to inspect DHCP messages to ensure that they're properly formatted and that they're coming from authorized DHCP servers
DHCP snooping
228
Attack where the attacker creates thousands of partially open TCP connections to a device by sending SYN packets and never completing the three-way handshake. Denial of service attacks that rely upon flooding devices with traffic until they're overwhelmed.
SYN Flooding Attacks
229
Attack where the attacker sends large numbers of MAC addresses to a switch hoping to overflow the switch's MAC address table and cause it to forget where devices are and then flood traffic out to every switch port. Allows the attackers to eavesdrop on sensitive communications. Denial of service attacks that rely upon flooding devices with traffic until they're overwhelmed.
MAC Flooding Attack
230
These occur when there are multiple physical paths between two network devices and they mistakenly begin routing broadcast traffic in a redundant fashion. The network quickly fills up with these broadcast messages and no capacity is left for legitimate use, creating a broadcast storm
Routing Loops
231
This is a loop protection protocol that allows multiple physical connections between devices, but restricts logical connections to remove the final links that would allow a loop
Spanning Tree Protocol