Firewall Prevention

Question 1

These are sources of information that provide real-time or updated data on current cybersecurity threats, vulnerabilities, and attack tactics. Threat intelligence feeds help organizations stay informed about potential threats and improve their security posture.

Answer 1

Threat Intelligence Feeds

Question 2

This is a security technique that focuses on monitoring and analyzing the behavior of systems, networks, or users. It looks for unusual or malicious activities by comparing current behavior to established baselines.

Answer 2

Behavior-Based Analysis

Question 3

_____________ is a security system that monitors network traffic for suspicious activities or patterns, while IPS takes action to prevent or block potential threats based on the detected anomalies.

Answer 3

IDS, IPS,
Intrusion Detection/Prevention System (IDS/IPS)

Question 4

This involves the management and restriction of applications that can be run on a network or system to prevent unauthorized or risky software from being used.

Answer 4

Application Control

Question 5

This refers to the examination of data packets or content to identify and filter out malicious or undesirable content, such as malware or inappropriate materials.

Answer 5

Content Inspection

Question 6

This is the practice of dividing a network into smaller, isolated segments to enhance security. It limits lateral movement for attackers and contains potential breaches.

Answer 6

Network Segmentation

Question 7

It involves verifying the identity of devices attempting to connect to a network or system and applying access controls based on device characteristics and user privileges.

Answer 7

Device Authentication and Access Control

Question 8

_____________ is a security measure that validates ARP packets to prevent ARP spoofing attacks, which can lead to man-in-the-middle attacks.

Answer 8

ARP Inspection/Address Resolution Protocol (ARP) inspection

Question 9

This access control technique permits or denies network access based on the Media Access Control (MAC) addresses of devices. It can be used to restrict network access to authorized devices.

Answer 9

MAC Address Filtering

Question 10

_____________ limits and controls the devices that can connect to network switch ports, preventing unauthorized access and network attacks.

Answer 10

Port Security

Question 11

These are predefined rules and policies that govern who can access specific resources, such as files, applications, or network segments, and what actions they can perform.

Answer 11

Access Control Policies

Question 12

Firewalls enforce rules that determine which network traffic is allowed or denied based on predefined criteria, such as IP addresses, ports, and protocols.

Answer 12

Firewall Rules and Access Control

Question 13

This involves incorporating threat intelligence data into security systems to improve the ability to detect and respond to emerging threats.

Answer 13

Threat Intelligence Integration

Question 14

Scheduled assessments of systems, networks, and applications to identify vulnerabilities and assess overall security effectiveness.

Answer 14

Regular Security Audits and Scanning

Question 15

_____________ enforces policies to ensure that only authorized and compliant devices can access a network. It often involves authentication, endpoint security checks, and policy enforcement.

Answer 15

Network Access Control (NAC)

Question 16

_____________ keep track of the state of active connections and make decisions based on the context of the traffic, improving security by understanding the state of network sessions.

Answer 16

Stateful Firewall Rules

Question 17

Filtering and inspecting traffic at the application layer of the OSI model, which allows for granular control over specific applications and services.

Answer 17

Application Layer Filtering

Question 18

_____________ requires users to provide multiple forms of authentication (e.g., password, fingerprint, token) to access a system or application, enhancing security beyond just a password.

Answer 18

Multi-Factor Authentication (MFA)

Question 19

It restricts the rate at which certain actions or requests can be made, which can help prevent denial-of-service attacks and control resource usage.

Answer 19

Rate Limiting

Question 20

The process of scanning and filtering incoming and outgoing emails for spam, malware, and other threats to protect email communication.

Answer 20

Email Filtering

Question 21

Blocking or allowing access to websites based on predefined URL categories or content to enforce security policies.

Answer 21

URL Filtering

Question 22

Rules and settings that define how authentication is performed, including password complexity requirements, account lockout policies, and authentication methods.

Answer 22

Authentication Policies

Question 23

A specialized firewall that focuses on protecting web applications by inspecting and filtering web traffic to block common web application attacks.

Answer 23

Web Application Firewall (WAF)

Question 24

Monitoring and controlling both content and application usage on a network to enforce security policies and prevent unauthorized activities.

Answer 24

Content Filtering and Application Control

Question 25

Using regular expressions to search for specific patterns or strings within data, which is useful for identifying and blocking malicious content.

Answer 25

Regular Expression (Regex) Pattern Matching

Question 26

Analyzing HTTP headers and content to identify and block malicious or unauthorized web traffic.

Answer 26

HTTP Header and Content Inspection

Question 27

Adhering to coding best practices and security guidelines to develop software and applications that are less vulnerable to exploits.

Answer 27

Secure Coding Practices

Question 28

Monitoring and filtering Domain Name System (DNS) traffic to block malicious domains and prevent DNS-related attacks.

Answer 28

DNS Inspection and Filtering

Question 29

Implementing security measures at the application layer to detect and prevent application-specific attacks and vulnerabilities.

Answer 29

Application Layer Threat Prevention

Question 30

Combining sandboxing (isolated execution environments) with behavioral analysis to detect and analyze threats in a controlled environment.

Answer 30

Sandboxing and Behavioral Analysis

Question 31

_____________ is a set of tools and processes designed to prevent sensitive data from being accessed, shared, or leaked without authorization. It involves monitoring, classifying, and protecting data throughout its lifecycle.

Answer 31

Data Loss Prevention (DLP)

Question 32

_____________ is a suite of extensions to DNS that adds cryptographic security to prevent DNS spoofing and ensure the authenticity and integrity of DNS data.

Answer 32

DNS Security (DNSSEC)

Question 33

This involves analyzing DNS traffic to identify and filter out malicious or unwanted domain requests, such as those associated with phishing or malware distribution.

Answer 33

DNS Filtering and Inspection

Question 34

_____________ restricts access to certain websites or types of content, often based on predefined categories or keywords, to enforce security and compliance policies.

Answer 34

Content Filtering

Question 35

This technique allows network administrators to define routing policies based on specific criteria, such as source IP address or application type, to control how network traffic is forwarded.

Answer 35

Policy-Based Routing

Question 36

It refers to the integration of threat intelligence data into DNS security measures to enhance the detection and prevention of DNS-related threats.

Answer 36

DNS Threat Intelligence

Question 37

This involves implementing measures to mitigate DNS amplification attacks, which abuse open DNS resolvers to amplify and amplify traffic towards a target.

Answer 37

DNS Amplification Attack Prevention

Question 38

These services assess the reputation of domains based on their historical behavior, helping to identify and block potentially malicious or untrustworthy domains.

Answer 38

Domain Reputation Services

Question 39

_____________ redirects malicious or suspicious domain requests to a controlled server, effectively blocking access to malicious content and providing threat visibility.

Answer 39

DNS Sinkholing

Question 40

_____________ is a firewall technology that examines the state of active connections and makes decisions based on the context of the traffic, enhancing security by understanding the state of network sessions.

Answer 40

Stateful Packet Inspection (SPI)

Question 41

_____________ are rules and configurations put in place to detect and mitigate DoS attacks, which aim to disrupt or overload a network or service.

Answer 41

DoS Protection Policies/Denial-of-Service (DoS) protection policies

Question 42

This involves the real-time identification and response to security threats and anomalies using dynamic, automated mechanisms.

Answer 42

Dynamic Detection and Mitigation

Question 43

Rate limiting restricts the rate at which certain actions or requests can be made, helping to prevent overuse of network resources and mitigate abuse.

Answer 43

Traffic Rate Limiting

Question 44

Protecting against threats and attacks that target the application layer of the OSI model, such as application-layer DDoS attacks and web application vulnerabilities.

Answer 44

Application-Layer Protection

Question 45

Assessing the reputation of URLs and web domains to determine if they are associated with malicious or unwanted content and blocking access accordingly.

Answer 45

URL Reputation Filtering

Question 46

Identifying and blocking malware and exploits in network traffic to prevent infections and compromise of systems.

Answer 46

Malware and Exploit Detection

Question 47

Encryption secures data in transit using cryptographic protocols, and VPNs (Virtual Private Networks) provide secure, encrypted communication channels over public networks.

Answer 47

Encryption and VPNs

Question 48

_____________ involves examining network packets and applying _____________ rules to determine whether to allow or block traffic based on specific criteria.

Answer 48

Packet Filtering, Access Control

Question 49

_____________ is a security system that monitors wireless networks for unauthorized access points, rogue devices, and suspicious activities.

Answer 49

Wireless Intrusion Detection System (WIDS)

Question 50

_____________ solutions provide real-time monitoring and response capabilities on endpoints (computers and devices). Integration involves connecting _____________ with other security systems for improved visibility and response.

Answer 50

Endpoint Detection and Response (EDR) Integration

Question 51

Analyzing network ports and services to identify vulnerabilities, misconfigurations, or unauthorized services running on network devices.

Answer 51

Port and Service Analysis

Question 52

Managing and enforcing _____________ methods and _____________ to ensure that only authorized users can access resources.

Answer 52

Authentication, Access Control

Question 53

_____________ uses machine learning and behavior analysis to detect abnormal or suspicious activities and behaviors among users and entities on a network.

Answer 53

User and Entity Behavior Analytics (UEBA)

Question 54

Recording and monitoring access to systems and resources to track user activities, detect anomalies, and investigate security incidents.

Answer 54

Access Auditing and Logging

Question 55

Managing and updating firmware and software patches on network devices and systems to address security vulnerabilities and ensure they are up-to-date.

Answer 55

Firmware and Patch Management

Question 56

This involves controlling and verifying user access to systems, networks, and data through authentication mechanisms and access policies.

Answer 56

Access Control and Authentication

Question 57

Setting rules to block online advertisements and potentially malicious content in web browsers and applications.

Answer 57

Ad-Blocking Rules

Question 58

_____________ is an isolated environment where untrusted or potentially malicious files or programs can be executed and analyzed safely without affecting the host system.

Answer 58

Sandboxing

Question 59

Decrypting and inspecting encrypted network traffic to detect and prevent threats hidden within encrypted communication.

Answer 59

Encrypted Traffic Inspection

Question 60

Decrypting SSL/TLS-encrypted traffic for inspection and analysis, allowing security systems to inspect the content of encrypted connections for threats and vulnerabilities.

Answer 60

SSL/TLS Decryption

Question 61

_____________ is a framework that manages digital keys and certificates to ensure secure communication. _____________ includes the infrastructure and tools needed for key generation, distribution, and management.

Answer 61

Public Key Infrastructure (PKI), Public Key Infrastructure (PKI) Support

Question 62

_____________ is the intentional limiting or regulating of network or application traffic to prevent overuse, abuse, or congestion, often used as a security measure to protect resources.

Answer 62

Throttling

Question 63

This involves inspecting network traffic across multiple protocols to identify and mitigate threats that may exploit various protocol vulnerabilities.

Answer 63

Multi-Protocol Inspection

Question 64

Integrating security systems with authentication services like LDAP or Active Directory to enhance user authentication and access control.

Answer 64

Integration with Authentication Services

Question 65

_____________ is the process of blocking or redirecting DNS requests to prevent access to malicious or inappropriate websites.

Answer 65

DNS Filtering

Question 66

These are DNS servers configured to provide secure and validated DNS responses, helping to prevent DNS-related attacks.

Answer 66

Secure DNS Resolvers

Question 67

_____________, also known as SSL/TLS decryption, involves decrypting and inspecting encrypted SSL/TLS traffic to detect and prevent threats hidden within encrypted connections.

Answer 67

SSL Inspection

Question 68

_____________ encompasses measures to protect email communications from spam, phishing, malware, and other email-borne threats.

Answer 68

Email Security

Question 69

This involves analyzing the content of files or data packets to detect and prevent malicious content, including malware and exploits.

Answer 69

Content Analysis

Question 70

This refers to the use of extensive and up-to-date threat intelligence data to identify and respond to advanced threats and attacks.

Answer 70

Advanced Threat Intelligence

Question 71

_____________ restricts access to websites based on predefined categories or policies to enforce security and compliance.

Answer 71

Web Filtering

Question 72

Inspecting and scanning content, such as files and data packets, for malware and malicious content.

Answer 72

Content Inspection and Anti-Malware Scanning

Question 73

Filtering email traffic to detect and block spam, phishing attempts, and malware.

Answer 73

Email Security Filtering

Question 74

The use of encryption and secure communication protocols (e.g., _____________) to protect data in transit and maintain confidentiality and integrity.

Answer 74

Encryption and Secure Protocols, (e.g., HTTPS, SSL/TLS)

Question 75

Managing user sessions to ensure proper access control and security during a user’s interaction with a system or application.

Answer 75

Session Management

Question 76

Implementing policies to automatically log out users after a period of inactivity to reduce the risk of unauthorized access.

Answer 76

Session Timeout and Inactivity Management

Question 77

Implementing filtering mechanisms for both email and web traffic to protect against email and web-based threats.

Answer 77

Email and Web Filtering

Question 78

Training programs and initiatives to educate users about cybersecurity best practices and potential risks.

Answer 78

User Awareness Training

Question 79

_____________ is an advanced network analysis technique that examines the content and attributes of data packets to detect and classify traffic, often used for security and monitoring purposes.

Answer 79

Deep Packet Inspection (DPI)

Question 80

Implementing policies and controls to manage and secure connected devices (e.g., USB drives, mobile devices) within a network.

Answer 80

Device Control

Question 81

Security measures to protect Voice over Internet Protocol (VoIP) communication systems from attacks and eavesdropping.

Answer 81

VoIP Security

Question 82

Gathering, analyzing, and using information about potential threats and vulnerabilities to improve security measures.

Answer 82

Threat Intelligence

Question 83

Providing ongoing education and awareness programs to help users recognize and respond to security threats effectively.

Answer 83

User Education

Question 84

Ensuring the authenticity of calls in VoIP or telecommunications systems to prevent spoofing and fraud.

Answer 84

Call Authentication

Question 85

Restricting access to websites based on policies and URLs to prevent access to malicious or inappropriate content.

Answer 85

Web Filtering and URL Filtering

Question 86

A form of analysis that uses rules and algorithms to detect unknown or evolving threats based on patterns and behaviors.

Answer 86

Heuristic Analysis

Question 87

Data sources that provide information on vulnerabilities and threats that are not yet publicly known or patched.

Answer 87

Zero-Day Feeds

Question 88

Combining _____________ feeds to enhance detection and response capabilities against emerging threats.

Answer 88

Threat Intelligence and Zero-Day Feeds

Question 89

Identifying abnormal or suspicious activities and behaviors within a network or system using advanced algorithms and machine learning.

Answer 89

Advanced Anomaly Detection

Question 90

Analyzing user and system behaviors to detect anomalies and potentially malicious activities.

Answer 90

Behavioral Analysis