IS3220 CHAPTER 1 Flashcards
The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic is called ___?
ACCESS CONTROL
A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and only supporting the intended function. Firewalls, routers, and switches are typical ___?
APPLIANCE
Anything you use in a business process to accomplish a business task is considered an ___?
ASSET
This can be the action of a system that is recording user activity and system events into a log. It can also be the action of one who checks for compliance with security policies and other regulations and is called the act of ___?
AUDITING
Either an outside consultant or an internal member of the Information Technology staff. They perform security audits, confirms that the checking is sufficient, and investigates trails produced by system checks. In the case of regulatory compliance, they should be external and independent of the organization. This person/position is called ___?
AUDITOR
The process of confirming the identity of a user. It is also know as logon and is called ___?
AUTHENTICATION
Defining what users are allowed and not allowed to do. This is also known as access control and is called ___?
AUTHORIZATION
When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If availability becomes compromised, a denial of service is taking place and is called ___?
AVAILABILITY
This is any access method or pathway that circumvents access or authentication mechanisms or unauthorized access to a system is called ___?
BACKDOOR
A type of filtering in which all activities or entities are permitted except for those on a ___?
BLACK LIST
Any restriction on the performance of a system. Can be caused by a slower component or pathway with insufficient throughput. It causes other components of system to work slower than their optimum rate and is called ___?
BOTTLENECK
Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider is called ___?
BREACH
A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. It forwards only packets whose destination address is on the opposing network and is called ___?
BRIDGE
Any activity necessary to meet an organization’s long-term goals. These are assigned to employees and other authorized personnel via their job description and is called ___?
BUSINESS TASK
Specifically, this is a proxy server and is the retention of Internet content. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly and is called ___?
CACHING
Similar to a bottleneck, but deliberately created within a network infrastructure. It is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur and is called ___?
CHOKE POINT
This is a host on a network. It is the computer system, which supports user interaction with the network. Users employ this to access resources from the network. Users can also employ this generically as any hardware or software product to access a resource. This is called a ___?
CLIENT
A form of network where certain computers are designated as “servers” to host resources shared with the network. The remaining computers are designated as this to enable users to access shared resources. Most ___ employ directory services and single sign-on.
CLIENT/SERVER NETWORK
The security service of preventing access to resources by unauthorized users, while supporting access to authorized users is called ___?
CONFIDENTIALITY
A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one is called ___?
DEFENSE IN DEPTH
A type of perimeter network used to host resources designated as accessible by the public from the Internet is called ___?
DEMILITARIZED ZONE (DMZ)
A form of attack that attempts to compromise availability. These attacks are usually of two types: flaw exploitation and flooding and is called ___?
DENIAL OF SERVICE (DoS)
A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system and an essential service of large networks is called ___?
DIRECTORY SERVICES
A client/server network managed by a directory service is called ___?
DOMAIN
A network service that resolves FQDNs into their corresponding IP address. This is an essential service of most networks and their directory services and is called ___?
DOMAIN NAME SYSTEM (DNS)
Any planned or unplanned period when a network service or resource is not available. This can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize this through security and system management is called ___?
DOWNTIME
Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations is called ___?
EGRESS FILTERING
The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also know as “tunneling.” This allows for communications to cross intermediary networks that might be incompatible with the original protocol and is called ___?
ENCAPSULATION
The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties is called __?
ENCRYPTION
An attack tool, method or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system is called ___?
EXPLOIT
A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to this requires the use of a virtual private network or VPN, especially when access originates from the Internet and is called ___?
EXTRANET
The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering is called ___?
FILTERING
A network security device or host software that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device is called ___?
FIREWALL
A complete Internet host name including a top level domain name, registered domain name, possibly one or more sub-domain names, and a host name and is called ___?
FULLY QUALIFIED DOMAIN NAME (FQDN)
A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as “crackers.” This is called a ___?
HACKER
The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice and is called ___?
HACKING
The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings is called ___?
HARDENING
This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. Then disconnects one of the session’s hosts. Impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the person takes over the session of the offline host, while the other host is unaware of the switch is called ___?
HIJACKING
A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the network layer. This would include clients, servers, firewalls, proxies, and even routers. This excludes switches, bridges, and other physical devices such as repeaters and hubs and is called a ___?
HOST
A static file on every IP enabled host where FDQN to IP address resolutions can be hard coded and is called ___?
HOSTS FILE
Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destination is called ___?
INGRESS FILTERING
The security service of preventing unauthorized changes to data is called ___?
INTEGRITY
A security mechanism to detect unauthorized user activities, attacks, and network compromise. It can respond in a passive manner through alerts and logging or in an active manner by disconnecting session is called ___?
INTRUSION DETECTION SYSTEM (IDS)
A security mechanism to detect and prevent attempts to breach security is called ___?
INTRUSION PREVENTION SYSTEM (IPS)
IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. This provides tunnel mode and transport mode encrypted network layer connections between hosts and/or networks is called ___?
IPSEC
An essential part of security and an extension of the written security policy. This defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplished these assigned tasks is called ___?
JOB DESCRIPTION
A network confined to a limited geographic distance. Generally, this is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos is called ___?
LOCAL AREA NETWORK (LAN)
A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events is called __?
LOG
The act of creating or recording events into a log. It is similar to auditing and monitoring and is called ___?
LOGGING
Any software that was written with malicious intent. Administrators use antivirus and anti-malware scanners to detect and prevent malicious code from causing harm within a private network or computer is called ___?
MALICIOUS CODE (OR MALWARE)
This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxies by the hacker. This allow the hacker to eavesdrop and manipulate the communications is called ___?
MAN-IN-THE-MIDDLE
The physical address assigned to a network interface by the manufacturer. This is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of this address is known as the Organizationally Unique Identifier or vender ID, the last half is the uniques serial number of the NIC and is called ___?
MEDIA ACCESS CONTROL (MAC) ADDRESS
The act of watching for abnormal or unwanted circumstances. Commonly used interchangeably with logging and auditing and is called ___?.
MONITOR OR MONITORING
A mechanism that limits access or admission to a network based on the security compliance of a host is called ___?
NETWORK ACCESS CONTROL (NAC)
A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal clients configuration. The primary purpose is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers. This is called ___?
NETWORK ADDRESS TRANSLATION (NAT)
The collection of security components assembled in a network to support secure internal and external communications. This depends on host security and operates to protect the network as a whole, rather than as individual systems and is called ___?
NETWORK SECURITY
Any device on the network that can act as the endpoint of a communication. this includes clients, servers, switches, routers, firewalls, and anything with a network interface that has a MAC address. This is called ___?
NODE
This is a standard conceptual tool used to discuss protocols and their functions. This model has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While this helps to discuss protocols, most protocols are not in full compliance with it. This is called ___?
OPEN SYSTEM INTERCONNECTION REFERENCE MODEL (OSI MODEL)
This is an extension of network address translation (NAT) that permits multiple devices on a local area network to be mapped to a single public IP address. This is called ___?
PORT ADDRESS TRANSLATION (PAT)
An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs) is called ___?
PERMISSIONS
This keeps information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cell phone numb, etc., this concerns extend to any data that represents personally identifiable information and is called ___?
PRIVACY
The ranges of IP addresses defined in RFC 1918 for use private networks that are not usable on the Internet is called ___?
PRIVATE IP ADDRESS
An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system is called ___?
PRIVILEGES
A network service that acts as a “middle man” between a client and server. It can hide the identity of the client, filter content, perform NAT services, and cache content. This is called ___?
PROXY
Any address that is valid for use on the Internet is called ___? This excludes specially reserved addresses such as loopback.
PUBLIC IP ADDRESS
The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure. This is called ___?
REDUNDANCY/REDUNDANT
A communications link that enable access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over this connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection. This is called ___?
REMOTE ACCESS
This accepts inbound connections from remote clients and is called ___?
REMOTE ACCESS SERVER (RAS)
The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance and is called ___?
REMOTE CONTROL
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on the network at a later time. This often focuses on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access and is called ___?
REPLAY ATTACK
Any data item or service available on a computer or network accessible by a user to perform a task is called ___?
RESOURCES
A document that defines or describes computer and networking technologies. This exists for hardware, populating systems, protocols, security services, and much more. This is called ___?
RFC (REQUEST FOR COMMENT)
IP addresses that, by convention, are not routed outside a private or closed network. Class A 10.0.0.0-10.255.255.255; Class B 172.16.0.0-172.31.255.255; Class C 192.168.0.0-192.168.255.255 is known as \_\_\_?
RFC 1918 ADDRESSES
The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. This is a combination of an asset’s value, exposure level, and rate of occurrence of the threat. This is called ___?
RISK
A collection of tasks and responsibilities defined by a security policy or description for an individual essential productivity, or security position is called ___?
ROLES/JOB ROLES
A network device responsible for directing traffic towards its stated destination along the known current available path is called a ___?
ROUTER
Sets of stated purposes or targets for network security activity. First part include confidentiality, integrity, and availability. Second part are generally more oriented towards achieving or maintaing the goals, such as ensuring the confidentiality of resource. These are called ___?
SECURITY GOALS & SECURITY OBJECTIVES
The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rest with ___?
SENIOR MANAGEMENT
A host on a network. This is the computer system that hosts resources accessed by users from clients and is called __?
SERVER
Any element of a system or network infrastructure, which is the primary or only pathway through which a process occur. The compromise of such an element could result in system failure. Network design should avoid this by including redundancy and defense in depth. This is called ___?
SINGLE POINT OF FAILURE
A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. This is called ___?
SINGLE SIGN-ON (SSO)
A software utility or hardware device that captures network communications for investigation and analysis. Also know as packet analyzer, network analyzer, and protocol analyzer and is called ___?
SNIFFER
Any small network, workgroup, or client/server, deployed by a small business, home based or just a family network at home is called ___?
SOHO (SMALL OFFICE, HOME OFFICE NETWORK)
A device, which provides network segmentation through hardware. Across this, temporary dedicated electronic communication pathways are created between the endpoints of a session. This pathway prevents collisions. Additionally, it allows the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions. This is called ___?
SWITCH
This is short for telecommunication company or corporation. Used to refer to any company that sells or leases WAN connection service whether wired or wireless and is called ___?
TELCO
A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which stimulates remote control. A terminal service system can support multiple simultaneous connection. When this is in use, the client workstation converts to a thin client status. All operations of storage and processing then take place on the ___.
TERMINAL SERVER/SERVICES/SESSION
A legacy terminal concept used to control mainframes. These had no local processing or storage capability. These simulate these limitations and perform all operations on the terminal server, remote control server, or ___.
THIN CLIENT
Any potential harm to a resource or node on the network. threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally. This is called ___?
THREAT
Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, this is the confidence that other users will act in accordance with the organization’s security rules and not attempt to violate stability, privacy, or integrity of the network and its resources. This is called ___?
TRUST
The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol is called ___?
TUNNELING
A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. This allows for cheap long distance connections established over the Internet. This is called ___?
VIRTUAL PRIVATE NETWORK (VPN)
A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security management aims to discover and eliminate such ___.
VULNERABILITY
A type of filtering concept where the network denies all activities except for those on this. This is called ___?
WHITE LIST
A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members. All members are on equal footing because they can manage their own local resources and users and this is called a ___?
WORKGROUP
New and previous unknown attacks for which there are no current specific defenses. This refers to the newness of an exploit, which may be known in the hacker community for days or weeks. This is called ___?
ZERO DAY EXPLOITS
The process of purging a storage device by writing zeros to all addressable locations on the device. This contains no data remnants that other users could potentially recover and is called ___?
ZEROIZATION
- An outsider needs access to a resource hosted in your extranet. The outside is a stranger to you, but one of your largest distributors vouches for them. If you allow them access to the resource, this is know as implementing what?
- DMZ
- virtualization
- trusted third party
- remote control
- encapsulation
Trusted third party
- Which of the following are common security objectives?
- Non-repudiation
- confidentiality
- Integrity
- availability
- All the above
Non-repudiation
Confidentiality
Integrity
Availability
ALL CORRECT
- What is an asset?
- Anything used in a business task
- Only objects of monetary value
- A business process
- Job descriptions
- Security policy
Anything used in a business task
- What is the benefit of learning to think like a hacker?
- Exploiting weaknesses in targets
- Protecting vulnerabilities before they are compromised
- Committing crimes without getting caught
- Increase in salary
- Better network design
Protecting vulnerabilities before they are compromised
- What is the most important part of an effective security goal?
- That it is inexpensive
- That it is possible with currently deployed technologies
- That it is written down
- That it is approved by all personnel
- That it is a green initiative
That it is written down
- What is true about every security component or device?
- They are all interoperable
- The are all compatible with both IPv4 and IPv6
- They always enforce confidentiality, integrity, and availability
- They are sold with pre-defined security plans
- They all have flaws or limitations
They all have flaws or limitations
- Who is responsible for network security?
- Senior management
- IT and security staff
- End users
- Everyone
- Consultants
Consultants
- What is a distinguishing feature between workgroups and client/server networks? (Or, what feature is common to one of these but not both?)
- DNS
- Centralized authentication
- List of shared resources
- User accounts
- Encryption
Centralized authentication
- Remote control is to thin clients as remote access is to ___?
- NAC
- VPN
- DNS
- IPS
- ACL
VPN
- What two terms are closely associated with VPNs?
- Tunneling and encapsulation
- Bridging and filtering
- Path and network management
- Encapsulation and decapsulation
- Port forwarding and port blocking
Tunneling and encapsulation
- What is a difference between a DMZ and an extranet?
- VPN required for access
- Hosted resources
- External user access
- Border or boundary network
- Isolation from the private LAN
VPN required for access
- What is the primary security concern with wireless connections?
- Encrypted traffic
- Support for IPv6
- Speed of connection
- Filtering of content
- Signal propagation
Signal propagation
- What are two elements of network design that have the greatest risk of causing a SoS?
- Directory service
- Single point of failure
- Bottlenecks
- Both 1 and 2
- Both 2 and 3
Single point of failure
Bottlenecks
- For what type of threat are there no current defenses?
- Information leakage
- Flooding
- Buffer overflow
- Zero day
- Hardware failure
Zero day
- Which of the following is true regarding a layer 2 address and layer 3 address?
- MAC address is at layer 2 and is routable
- Layer 2 address contains a network number
- Layer 2 address can be filtered with MAC address filtering
- Network layer address is at layer 3 and routable
- Both 3 and 4
Layer 2 address can be filtered with MAC address filtering &
Network layer address is at layer 3 and routable
- Which of the following are NOT benefits of IPv6?
- Native communication encryption
- RFC 1918 address
- Simplified routing
- Large address space
- Smaller packet header
RFC 1918 address
- What is the most common default security stance employed on firewalls?
- Allowing by default
- Custom configuring of access based on user account
- Caching Internet content
- Denying by default, allowing by exception
- Using best available path
Denying by default, allowing by exception
- What is egress filtering?
- Investigating packets as they enter a subnet
- Allowing by default, allowing by exception
- Examining traffic as it leaves a network
- Prioritizing access based on job description
- Allowing all outbound communications without restriction
Examining traffic as it leaves a network
- Which of the following is NOT a feature of a proxy server?
- Caching Internet content
- Filtering content
- Hiding the identity of a requester
- Offering NAT services
- MAC address filtering
MAC address filtering
- Which of the following is allowed under NAC if a host is lacking a security patch?
- Access to the Internet
- Access to email
- Access to Web-based technical support
- Access to file servers
- Access to remediation servers
Access to remediation servers
