Firewall and Switch Protection

Question 1

What is a CAM table overflow attack?

Answer 1

Generating fake MAC addresses repeatedly sending frames into the switch to overload memory capacity

Question 2

What is TTL?

Answer 2

Time to live (L3)

Decrements packet TTL value each hop, prevents loops

Question 3

What is STP?

Answer 3

Spanning Tree Protocol (L2)

Prevents loops by blocking redundant paths

Question 4

What are flood guards?

Answer 4

Limits specific protocol activity on network in case STP is disabled, i.e set the threshold for broadcast activity ideally based on baseline

Question 5

Why would an administrator put an explicit deny rule despite the default implicit deny?

Answer 5

Implicit deny is not logged, so explicit deny can generate events based on deny rule

Question 6

What is private, public vs hybrid cloud?

Answer 6

Private VMs have no connection to internet
Public VMs accessible over internet
Hybrid Combination of public and private

Question 7

What is Community cloud?

Answer 7

Organisations striving for same objectives in a collaborative effort share cloud infrastructure

Question 8

What is ARP poisoning?

Answer 8

Spoofing, i.e sending incorrect ARP of default gateway to rogue computer to do packet sniffing

Question 9

What is DNS poisoning?

Answer 9

Changing DNS server to rogue computer to see DNS resolution of victim