Lesson 10: Network Access Security Flashcards

1
Q

A list of rules or policies programmed into a router or other device to control what can gain access to a network. When used in servers ___s are used to control what resources are available to specific users or devices. When used in routers and firewalls, ___s are used to define what protocols are allowed in a network and what content various protocol packets are allowed to bring into the network.

A

Access Control List (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Rules that define who is permitted access to the network, what methods are permitted to gain that access, and which resources users are permitted to access.

A

Access Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A mathematical formula that is applied to a data packer or packet header so that the information contained in the packet or header can be encrypted, compressed, checked for errors, or manipulated in some other fashion.

A

Algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of network protection device that works with protocols and services located on the Application layer of the TCP/IP protocol stack. Administrators can use ___________ ____ ________s to block TELNET, DNS, FTP, HTTP, and any other protocols or services located on the Application layer. Such firewalls are also sometimes known as proxy servers.

A

Application Layer Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security protocol that is part of the IPsec suite. _ _ provides packet integrity and origin authentication, but it cannot provide encryption.

A

Authentication Header (AH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An assessment recommending the most appropriate method for performing a certain task based on observations of and experience with that task.

A

Best Practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In cryptography, a mathematical formula or algorithm that encrypts the clear text or plaintext of a message in a data packet or packet header.

A

Cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A service that looks at the actual content of the data coming into the device and evaluates it against a predefined set of guidelines about what is allowed through.

A

Content Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A unique pattern that identifies a threat such as malicious software or a network attack. Various network and system defense software programs use definitions to detect and identifY the virus or attack in order to counter the threat.

A

Definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The area created between two firewalls, which functions as a buffer between internal and external networks.

A

Demilitarized Zone (DMZ)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A locally-run database service that contains information about network users and resources, typically used to control access to those resources.

A

Directory Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A network defense mechanism that consists of two separate firewalls, one providing protection to the internal network and one providing protection from the outer network. The area between the firewalls is called a demilitarized zone, or DMZ.

A

Dual Firewall Configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The directory services environment created by Novell for use on Linux and other operating systems.

A

e-Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security protocol that is part of the IPsec suite. _ _ _ provides packet integrity, origin
authenrication, and data encryption.

A

Encapsulating Security Payload (ESP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A process that allows either the header or the entire data packet to be encoded using a predetermined algorithm in such a way that if an eavesdropper on the network can intercept the data as it’s transmitted, he still can’t understand it without knowing how to decode it.

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A data manipulation technique that firewalls use to protect a network from malicious attacks by preventing data packets that meet certain criteria from entering into the system or network.

A

Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A networking device designed
to prevent a hacker or other security
threats from entering the network or -barring
that- limit the ability of threats
to spread through the network using
intrusion detection software generally
into rhe ________ device.

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A mechanism
by which humans interact with a
computer using graphics, icons, and windows
instead of simple text characters.

A

Graphical User Interface (GUI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A software package that
runs on a computer platform and evaluates
packets that arrive on the host to
determine whether they are malicious.

A

Host-Based Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Software firewalls installed on
a host computer.

A

Host-Based Intrusion Detection System (HIDS)/System Intrusion Detection Software (SIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A host-based intrusion detection
system (HIDS) that also has the
ability to prevent an intrusion or take
action against a detected intrusion.

A

Host-Based Intrusion Prevention System (HIPS)/System Intrusion Prevention Software (SIPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A type of
communication session in which one
host, such as a workstation, connects to
another host. An example of this type
of communication is a private chat
session.

A

Host-to-Host Communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A protocol
in the IPSec suite that handles the
negotiation of protocols and algorithms
and to generate encryption and authentication
keys.

A

Internet Key Exchange (IKE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A
suite of protocols designed to provide
security options to IP.

A

Internet Protocol Security (IPSec)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A tunneling
protocol developed by Cisco Systems
that encapsulates the PPP data generated by virtual private networks for safe transmission over the Internet.

A

Layer 2 Forwarding (L2F)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A protocol, designed as an extension
of the Point-to-Point Protocol (PPP),
that allows PPP to establish a Layer 2
(Data Link layer) connection so that
the endpoints can reside on two different
devices as long as they are connected
by a packet-switched network.

A

Layer 2 Tunneling Protocol (L2TP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An application protocol that
is the basis for various directory services
environments, such as Microsoft’s Active
Directory and Novell’s e-Directory.

A

Lightweight Directory Access Protocol (LDAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A component of PPP that enables it to establish
and configure a data-link layer connection
between two systems.

A

Link Control Protocol (LCP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A technology in
which only a preprogrammed MAC
address is allowed access to a specific
wireless access point (WAP).

A

MAC Address Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A type of firewall
residing on the network that prevents
a threat from actually entering the network
it’s protecting.

A

Network-Based Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A
component of PPP that enables it to
establish and configure different protocols
functioning at the network layer of
the OSI reference model.

A

Network Control Protocol (NCP)

32
Q

Network software designed
to look for evidence of threats and
report it. Similar to an intrusion detection
system (IDS) except that it works
for the entire network rather than a
single host.

A

Network Intrusion Detection System (NIDS)

33
Q

Network software designed to
look for evidence of threats, report it, and act to stop the threat. Similar to an intrusion protection system (IPS). NIPSs work on the entire network instead of a single device.

A

Network Intrusion Prevention System (NIPS)

34
Q

A type of network
protection device that functions on the
network layer of the OSI model and primarily
targets packet communications.

A

Network Layer Firewall

35
Q

A detailed document
outlining a large variety of guidelines
related to the security of a company
or organization’s network.

A

Network Security Policy

36
Q

A type of communication that occurs
when a router on one network communicates
with a host, or workstation
on another network. An example of
this type of communication is remote
access.

A

Network-to-Host Communications

37
Q

A type of communication that occurs
when a router on one network communicates
with a router on a different
network.

A

Network-to-Network Communications

38
Q

Another term for a Network
layer firewall that targets packet traffic.

A

Packet Filters

39
Q

A collection of standardized
criteria that make a password
acceptable for network use.

A

Password Policies

40
Q

An unencrypted communication
packet, message, or password.

A

Plaintext

41
Q

A Data Link layer protocol that helps ensure
that packets arrive at their destination
in sequence without having to find
their own routes to the destination.

A

Point-to-Point Protocol (PPP)

42
Q

A protocol that allows PPP to
be used in an Ethernet environment.

A

Point-to-Point Protocol over Ethernet (PPPoE)

43
Q

A tunneling protocol
developed by Microsoft for use with
virtual private networks (VPNs).

A

Point-to-Point Tunneling Protocol (PPTP)

44
Q

A component of network
management that concerns how the
network is documented.

A

Policy

45
Q

A function of Cisco switches
that is designed to counter the ability
of attackers to share a switch port with
the legitimate user to gain access to network
resources.

A

Port Security

46
Q

A component of network
management that lays out how the
network should be maintained, what
should happen should failure or
other such issues occur, and how to
implement established policies.

A

Procedure

47
Q

A server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

A

Proxy Server

48
Q

A group
of technologies used to facilitate remote
access to a computer network.

A

Remote Access Services (RAS)

49
Q

A service that
provides a method of centralized
AAA (authentication, authorization,
accounting) between a computer and a
managed network.

A

Remote Authentication Dial-In User Service (RADIUS)

50
Q

The client
program for Microsoft’s proprietary
Remote Desktop Protocol (RDP).

A

Remote Desktop Connection

51
Q

A proprietary
protocol from Microsoft used
to create a graphical interface from one
computer to another.

A

Remote Desktop Protocol (RDP)

52
Q

The server
program for Microsoft’s proprietary
Remote Desktop Protocol (RDP).

A

Remote Desktop Service

53
Q

The ability of a firewall
to scan packets and protocols for specific
threats.

A

Scanning Services

54
Q

A networking
protocol that, in conjunction with
other protocols, provides security for
Internet-based communications.

A

Secure Sockets Layer (SSL)

55
Q

A specific implementation of a virtual
private network (VPN) that allows
secure VPN sessions to be set up from
within a browser.

A

Secure Sockets Layer VPN (SSL VPN)

56
Q

Unique patterns of threats,
whether viruses or network attacks, that
uniquely identifY them.

A

Signature

57
Q

A process that
many firewalls, IDSes, and antivirus
programs use to identifY threats.

A

Signature Identification

58
Q

A simple
securiry configuration that uses only one
firewall to protect the network.

A

Single Firewall Configuration

59
Q

A type of network protection
device which uses stateful packet inspection to
filter communications.

A

Stateful Firewall

60
Q

A form of packet filtering
that is based on a packet’s state
which includes as IP address, port
number, sequence number, what session
it is part of, and packet type.

A

Stateful Inspection

61
Q

A type of
packer inspection that treats each packet
as if it were a separate entity without
regard to session or state.

A

Stateless Packet Inspection

62
Q

A server component
in Windows that is now referred to as
Remote Desktop Services.

A

Terminal Services

63
Q

The equivalent
of remote desktop connection (RDC)
in earlier versions of windows.

A

Terminal Services Client

64
Q

An operational mode
of lPSec in which only the payload or
the data in a packet is encrypted.

A

Transport Mode

65
Q

An operational mode of
IPSec that encrypts the entire packet
and then surrounds it with a new IP
packet containing a new IP header.

A

Tunnel Mode

66
Q

A suite of algorithms designed to add
security on top of what wired equivalent
privacy (WEP) provides.

A

Temporal Key Integrity Protocol (TKIP)

67
Q

The process of establishing a
connection through a public nerwork
that looks like a point-to-point connection
to the devices on either end of it,
but in reality is not.

A

Tunneling

68
Q

A term originally used by
Cisco to describe virtual private networks.

A

Virtual Dial-Up

69
Q

An open-source standard that gives users
remote access to a desktop computer,
much like Microsoft’s Remote Desktop
Protocol (RDP).

A

Virtual Network Computing (VNC)

70
Q

A technology
used to establish a connection
from a client computer outside a
local nerwork to an enterprise LAN
using the Internet or other public
nerwork. ___ is commonly used by
corporations to allow their users to
gain remote access to their corporate
servers.

A

Virtual Private Network (VPN)

71
Q

A device created by
Cisco that is designed ro concentrate
multiple virtual private network (VPN)
connections into a single device.

A

VPN concentrator

72
Q

A specific implementation of
virtual private networking rhar allows
secure VPN sessions ro be set up from
within a browser.

A

Web VPN

73
Q

A specification
or certification that ensures a
certain level of securiry for every wireless
device that claims ro be WPA.

A

Wi-Fi Protected Access (WPA)

74
Q

A
deprecated securiry algorithm for IEEE
802.11 to make wireless communications
just as secure and private as
wired communications.

A

Wired Equivalent Privacy (WEP)

75
Q

A part of the underlying components
used by the various Linux GUis,
such as GNOME. Other underlying
components include X-Windows, and
X-Server.

A

X11

76
Q

A rype of router firewall
based on interface groups instead
of on individual interfaces, unlike other
firewalls.

A

Zone-Based Firewall