Module 6: Implementing Firewall Technologies and Intrusion Detection Flashcards

1
Q

A set of rules that is usually used to filter network traffic.

A

Access Control List (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It can be configured on network devices with packet filtering capabilities, such as routers and firewalls

A

Access Control List (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A type of ACL that allows you to evaluate only the source IP address of a packet.

A

standard access list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A type of ACL that allows you to evaluate the source and destination IP addresses, the type of Layer 3 protocol, source and destination port, and other parameters

A

extended access list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Cisco command to apply ACL to an interface?

R(config-std-nacl)# permit 192.168.11.10

R(config-ext-nacl)# permit 192.168.11.10 0.0.0.255 any

R(config-if)# access-group ADMIN out

R(config-line)# access-class ADMIN in

A

R(config-if)# access-group ADMIN out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Cisco command to apply ACL to a vty lines?

R(config-if)# access-group ADMIN out

R(config-line)# access-class ADMIN in

R(config-std-nacl)# permit 192.168.11.10

R(config-ext-nacl)# permit 192.168.11.10 0.0.0.255 any

A

R(config-line)# access-class ADMIN in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Cisco command for configuring named ACL?

access-list 150 permit 192.168.1.2

deny host 192.168.11.10

access-list 99 permit 192.168.1.2

ip access-list ADMIN

A

ip access-list ADMIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Cisco command for configuring standard numbered ACL?

access-list 150 permit 192.168.1.2

deny host 192.168.11.10

access-list 99 permit 192.168.1.2

ip access-list ADMIN

A

access-list 99 permit 192.168.1.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Cisco command for configuring extended numbered ACL?

access-list 150 permit 192.168.1.2

deny host 192.168.11.10

access-list 99 permit 192.168.1.2

ip access-list ADMIN

A

access-list 150 permit 192.168.1.2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Cisco command for configuring standard ACE?

R(config-if)# access-group ADMIN out

R(config-line)# access-class ADMIN in

R(config-std-nacl)# permit 192.168.11.10

R(config-ext-nacl)# permit 192.168.11.10 0.0.0.255 any

A

R(config-std-nacl)# permit 192.168.11.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Cisco command for configuring extended ACE?

R(config-if)# access-group ADMIN out

R(config-line)# access-class ADMIN in

R(config-std-nacl)# permit 192.168.11.10

R(config-ext-nacl)# permit 192.168.11.10 0.0.0.255 any

A

R(config-ext-nacl)# permit 192.168.11.10 0.0.0.255 any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The act of disguising a communication from an unknown source as being from a known, trusted source.

A

Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

It is a supporting protocol used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address.

A

Internet Control Message Protocol (ICMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

It is lessening the gravity of an offense or mistake.

A

Mitigating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An additional option in mitigating ICMP abuse where a message from one host computer to another telling it to reduce the pace at which it is sending packet to that host.

A

source quench

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An additional option in mitigating ICMP abuse where message is generated as a response for any error not specifically covered by another ICMP message.

A

Internet Control Message Protocol (ICMP) Parameter problem message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An additional option in mitigating ICMP abuse where it is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.

A

Internet Control Message Protocol (ICMP) Destination unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network.

A

Teredo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A protocol uses that uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reachability of a neighbor, and track neighboring devices.

A

Neighbor Discovery (ND) protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This is the counter part of ARP reply in the IPv6.

A

neighbor advertisement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This is the counter part of ARP request in the IPv6.

A

neighbor solicitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A simple form of security that is resistant to attack.

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A simple form of security that is the only transit point between networks because all traffic flows through the firewall.

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A simple form of security that enforces the access control policy.

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A firewall technique which is also known as static filtering.

A

Packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A firewall that operates on a router to protect private networks.

A

NAT firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A firewall that can be used to deny access to the resources of private networks to distrusted users over the Internet.

A

Application Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A firewall that provides application-level control over network traffic.

A

Application Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A firewall that protects the identity of a network and doesn’t show internal IP addresses to the internet.

A

Network Address Translation (NAT) firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A firewall that works by only allowing internet traffic to pass through if a device on the private network requested it.

A

Network Address Translation (NAT) firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A firewall that monitors the full state of active network connections.

A

stateful firewall

32
Q

A firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.

A

Packet filtering

33
Q

A firewall that constantly analyzes the complete context of traffic and data packets, seeking entry to a network rather than discrete traffic and data packets in isolation.

A

stateful firewall

34
Q

A firewall that operates on a router to protect private networks.

A

Network Address Translation (NAT) firewall

35
Q

This configuration model offers intuitive policies for multiple-interface routers, increased granularity of firewall policy application, and a default deny-all policy that prohibits traffic between firewall security zones until an explicit policy is applied to allow desirable traffic.

A

Zone-Based Policy Firewall

36
Q

What are the considerations for network layered defense?

A
  • network core security
  • perimeter security
  • endpoint security
  • communications security
37
Q

What are common ZPF designs?

A
  • lan-to-internet
  • firewalls between public servers
  • redundant firewalls
  • complex firewalls
38
Q

A ZPF action that configures Cisco IOS stateful packet inspections.

39
Q

A ZPF action that is analogous to a deny statement in an ACL.

40
Q

A ZPF action that is analogous to a permit statement in an ACL.

41
Q

An attack that refers to a newly discovered software vulnerability where the patch or update to fix the issue has not been released.

42
Q

It detect and stop attacks. Responds immediately, not allowing any malicious traffic to pass

A

intrusion prevention system (IPS)

43
Q

It monitors attacks only.

A

intrusion detection system (IDS)

44
Q

Factors affecting the IPS sensor selection and deployment

A
  • Amount of network traffic
  • Network topology
  • Security budget
  • Available security staff to manage IPS
45
Q

A mode of deployment for IPS where it allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service.

A

inline mode

46
Q

A mode of deployment for IPS where IPS is put directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency.

A

inline mode

47
Q

A mode of deployment for IPS where IPS does not affect the packet flow with the forwarded traffic.

A

promiscuous mode

48
Q

A mode of deployment for IPS where IPS cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks).

A

promiscuous mode

49
Q

A mode of deployment for IPS where the packets do not flow through the IPS.

A

promiscuous mode

50
Q

It is a technique in which localize the target device and analyzer system on the same network segment by plugging them directly into a hub.

A

Hubbing out

51
Q

The most basic networking device that connects multiple computers or other network devices together

52
Q

A Cisco Feature that duplicates network traffic to one or more monitor interfaces as it transverse the switch.

A

switch port analyzer

53
Q

A Cisco Feature that is an efficient, high performance traffic monitoring system.

A

switch port analyzer

54
Q

A Cisco SPAN command used to associate a source port and a destination port with a SPAN session.

A

Monitor session command

55
Q

A Cisco SPAN command used to verify the SPAN session.

A

Show monitor command

56
Q

It is a set of rules that an IDS and an IPS use to detect typical intrusion activity.

57
Q

What are the distinct attributes of signature?

A
  • Type
  • Trigger (alarm)
  • Action
58
Q

A signature type that consists of a single packet, activity, or event that is examined to determine if it matches a configured signature.

59
Q

A signature type that identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time.

60
Q

A Cisco IOS micro-engine where the internal engine handles miscellaneous signatures.

61
Q

A Cisco IOS micro-engine that supports flexible pattern matching and Trend Labs signatures.

A

Multi-string

62
Q

A Cisco IOS micro-engine that examine simple packets.

63
Q

A Cisco IOS micro-engine that examine the many services that are attacked.

64
Q

A Cisco IOS micro-engine that use regular expression-based patterns to detect intrusions.

65
Q

A detection type of signature alarm where it is easy to configure, fewer false positive and a good signature design.

A

Pattern-based

66
Q

A detection type of signature alarm where it is simple, reliable and has a customizable policy.

A

Anomaly-based

67
Q

A detection type of signature alarm where it is easy to configure, and can detect unknown attacks.

A

Policy-based

68
Q

A detection type of signature alarm where there is a window to view attacks, distract and confuse attackers, slow down and avert attacks, and collect information about the attack.

A

Honey pot-based

69
Q

IPS Planning and Monitoring Considerations

A
  • Management method
  • Event correlation
  • Security staff
  • Incident response plan
70
Q

A new standard proposed by the International Computer Security Association that specifies the format of messages and protocol used to communicate events generated by security devices.

A

Security Device Event Exchange (SDEE)

71
Q

A standard protocol used to send system log or event messages to a specific server, called a syslog server.

A

System Logging Protocol

72
Q

A feature is Cisco IPS that contains detailed information about known threats on the Internet, including serial attackers, Botnet harvesters, Malware outbreaks, and dark nets.

A

cisco sensorbase network

73
Q

It works by blocking traffic to or from IP addresses that have a known bad reputation.

A

Security Intelligence

74
Q

A feature is Cisco IPS feature that allows you to immediately blacklist (block) connections based on the latest reputation intelligence, removing the need for a more resource-intensive, in-depth analysis.

A

Security Intelligence feature

75
Q

A term related to signature that means Cisco IOS IPS will compile that signature into memory and use the signature to scan traffic.

A

unretiring

76
Q

A term related to signature that means Cisco IOS IPS will NOT compile that signature into memory for scanning.