Firewalls and Intrusion Detection Flashcards
Your organization uses Microsoft Active Directory with domain-joined computers. You need to deploy the same Windows Defender inbound rules to a subnet of those computers. What should you do?
A. Create a PowerShell script to create the rules, run the script on each computer
B. Configure the rules on each computer
C. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO
D. Configure the rules on one computer, export them, then import them to the remaining computers
C. Configure a GPO targeting the appropriate computers, create inbound rules in the GPO.
Centralized Management: A GPO allows you to centrally manage the configuration for a group of computers, ensuring consistency.
Scalability: You can easily apply the GPO to multiple computers within the subnet.
Ease of Deployment: Group Policy is a built-in feature of Active Directory, making it straightforward to deploy and manage.
Security: By using GPOs, you can enforce security policies consistently across the entire organization, reducing the risk of security breaches.
Which snort command starts the snort engine on Linux?
A. snort -T console -i eth0
B. snort -A console -i eth0
C. snort -A console -i eth0 -c /etc/snort/snort conf
D. snort -T console -I eth0/etc/snort/snort conf
C. snort -A console -i eth0 -c /etc/snort/snort.conf
Here’s a breakdown of the options:
-A console: Specifies that Snort should output alerts to the console.
-i eth0: Specifies the network interface to monitor (in this case, eth0).
-c /etc/snort/snort.conf: Specifies the configuration file to use.
The other options are incorrect or incomplete:
A. snort -T console -i eth0: This option is invalid.
B. snort -A console -i eth0: This option is missing the configuration file.
D. snort -T console -I eth0/etc/snort/snort conf: This option is invalid and combines incorrect options.
Which additional feature does an IPS provide over an IDS?
A. Enhanced security rule configuration
B. Ability to log suspicious activity
C. Ability to send alerts when suspicious activity is detected
D. Ability to stock attacks in progress
D. Ability to block attacks in progress.
While both Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can detect malicious activity, the key difference lies in their response capabilities:
IDS: Detects and logs malicious activity, but it doesn’t actively prevent attacks. It relies on human intervention to respond to alerts.
IPS: Detects malicious activity and can take proactive measures to block attacks, such as dropping malicious packets or resetting connections.
Therefore, an IPS provides an additional layer of security by actively preventing attacks, making it a more robust security solution.
Which type of firewall works up to layer 4 of the OSI model?
A. Forward proxy
B. Reverse proxy
C. Packet filtering
D. Content filtering
C. Packet filtering.
Packet filtering firewalls examine the header information of network packets (such as source and destination IP addresses, port numbers, and protocol types) to determine whether to allow or block the packet. They operate at Layer 3 (Network) and Layer 4 (Transport) of the OSI model.
Here’s a brief explanation of the other options:
A. Forward proxy: Operates at the application layer (Layer 7) and acts as an intermediary between a client and a server, hiding the client’s IP address.
B. Reverse proxy: Also operates at the application layer and acts as an intermediary between a server and clients, often used to load balance traffic or mask the server’s IP address.
D. Content filtering: Examines the content of packets (Layer 7) to identify and block specific types of traffic, such as malicious websites or unauthorized file transfers.
Which is reverse proxying similar in concept to?
A. Packet filtering
B. IPSec
C. Port forwarding
D. Load balancing
D. Load balancing is the correct answer.
Both reverse proxying and load balancing involve distributing incoming network traffic across multiple servers.
Here’s a breakdown:
Reverse Proxy: A single server (the reverse proxy) receives incoming traffic and distributes it to multiple backend servers based on specific rules or load-balancing algorithms. This can be used to mask the identities of backend servers, improve performance, and enhance security.
Load Balancing: A load balancer distributes incoming traffic across multiple servers to optimize resource utilization and improve performance. It can be hardware-based or software-based.
Both techniques aim to optimize resource usage, improve performance, and enhance system reliability by distributing the workload across multiple servers.
To which types of Azure resources can network security groups be associated with? Choose more than one option.
A. Subnets
B. Vnets
C. Network interfaces
D. Virtual machines
A. Subnets
C. Network interfaces
Network Security Groups (NSGs) are associated with subnets and network interfaces to filter inbound and outbound traffic.
Here’s a breakdown of the other options:
B. Vnets: While NSGs are part of the network infrastructure within a VNet, they are not directly associated with the VNet itself.
D. Virtual machines: Virtual machines inherit the NSG rules from the subnet they are attached to.
By associating NSGs with subnets and network interfaces, you can control the flow of network traffic to and from your Azure resources, enhancing security and protecting your workloads.
You need to configure the Squid proxy server. Which file should you edit?
A. /var/squid/squid.conf
B. /var/log/squid.conf
C. /etc/squid/squid.conf
D. /etc/snort/snort.conf
C. /etc/squid/squid.conf.
This file contains the configuration settings for the Squid proxy server. You can modify parameters like listening ports, caching policies, access control lists, and more within this file.
Which are commonly used to configure firewall rules on Linux hosts? Choose more than one option.
A. ipconfig
B. iptables
C. ifconfig
D. ufw
B. iptables
D. ufw
These are two commonly used tools for configuring firewall rules on Linux systems:
iptables: A powerful command-line tool that allows you to configure firewall rules at a very granular level. It can be used to create complex firewall rulesets.
ufw: A user-friendly frontend for iptables that simplifies firewall configuration. It provides a more intuitive way to manage firewall rules, making it suitable for users who are not familiar with iptables.
