Question 1

What is a firewall?

Accepted Answer

Hardware or software that is designed to limit the spread of malware. uses bidirectional inspection to examine both outgoing and incoming network packets

Question 2

List some examples of firewall rules:

Accepted Answer

Source address . The source address is the location of the origination of the packet (where the packet is from ). Addresses generally can be indicated by a specific IP address or range of addresses, an IP mask, the MAC address, or host name. Destination address . This is the address the connection is attempting to reach (where the packet is going to ). Destination addresses can be indicated in the same way as the source address. Source port . The source port is the TCP/IP port number used to send packets of data. Options for setting the source port often include a specific port number or a range of numbers. Destination port . This setting gives the port on the remote computer or device that the packets will use. Options are the same as for the source port. Protocol. The protocol defines the network protocol (such as TCP , UDP , TCP or UDP , ICMP , or IP ) used when sending or receiving packets of data. Direction . This is the direction of traffic for the data packet ( Incoming , Outgoing , or Both ). Priority . The priority determines the order in which the rule is applied. Time . Rules can be set so they are active only during a scheduled time. Context . A rule can be created that is unique for specific circumstances (contexts). For example, different rules may be in effect depending on whether a laptop is on-site or is remote

Question 3

What is a policy based firewall?

Accepted Answer

This type of firewall allows more generic statements instead of specific rules.

Question 4

What is content/URL filtering?

Accepted Answer

A process used by a firewall to monitor websites accessed through HTTP to create custom filtering profiles.

Question 5

What is stateful vs stateless packeting? (in terms of firewalls)

Accepted Answer

Stateless packeting: A firewall that looks at the incoming packet and permits or denies it based on specific conditions. Stateful packeting: A firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Question 6

What is the difference between open-source firewalls and proprietary firewalls?

Accepted Answer

Open-source firewalls: A firewall that is freely available. Proprietary firewalls: A firewall that is owned by an entity who has an exclusive right to it.

Question 7

What is the difference between a hardware firewall vs a software firewall?

Accepted Answer

Software firewall:A firewall that runs as a program or service on a device, such as a computer or router. Hardware firewall: A firewall that runs on a separate device.

Question 8

What is the difference between a host, appliance, and virtual firewall?

Accepted Answer

Host-based firewall: A software firewall that runs as a program on the local device to block or filter traffic coming into and out of the computer. Appliance Firewall: A separate hardware device designed to protect an entire network. Virtual Firewall: A firewall that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.

Question 9

What is a web application firewall?

Accepted Answer

A firewall that filters by examining the applications using HTTP. (type of specialized firewall)

Question 10

What is a Network address translation (NAT)?

Accepted Answer

A cloudbased technology that performs NAT translations for cloud services. (type of specialized firewall)

Question 11

What is next generation firewall?

Accepted Answer

A firewall that has additional functionality beyond a traditional firewall such as the ability to filter packets based on applications. (type of specialized firewall)

Question 12

What is unified threat management?

Accepted Answer

An integrated device that combines several security functions.

Question 13

What is a forward proxy?

Accepted Answer

A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users. (devices act as substitutes on behalf of the primary device) Can intercept malware before it reaches internal endpoint

Question 14

What is a reverse proxy?

Accepted Answer

A proxy that routes requests coming from an external network to the correct internal server.

Question 15

What is a honeypot?

Accepted Answer

A computer located in an area with limited security that serves as “bait” to threat actors and is intentionally configured with security vulnerabilities. Generally has two goals: 1. Deflect: Deflect threat actors’ attention away from legitimate servers by encouraging them to spend their time and energy on the decoy server 2. Discover: trick threat actors into revealing their attack techniques.

Question 16

What is the difference between a low interaction honeypot and a high interaction honeypot?

Accepted Answer

Low interaction honeypot: only records login attempts and provides information on the threat actor’s IP address of origin High interaction honeypot: configured with a default login and loaded with software, data files that appear to be authentic but are actually imitations of real data files (collects information on attack techniques for example)

Question 17

What is a honeynet?

Accepted Answer

A network set up with intentional vulnerabilities.

Question 18

What is a DNS sinkhole?

Accepted Answer

A technique that changes a normal DNS request to a preconfigured IP address pointing to a device that will drop all received packets.

Question 19

What is the difference between an intrusion detection system vs an intrusion prevention system? (IDS vs IPS)

Accepted Answer

Intrusion detection system (IDS): Can detect attacks as they occur Intrusion prevention system (IPS): Attempts to block the attack

Question 20

What is an inline system?

Accepted Answer

A system that is connected directly to the network and monitors the flow of data as it occurs.

Question 21

What is a passive system?

Accepted Answer

A system that is connected to a device that receives a copy of network traffic.

Question 22

What is in band management vs out bound management? (referring to IDS systems)

Accepted Answer

In band management: through the network itself by using network protocols and tools Out bound management: using an independent and dedicated channel to reach the device.

Question 23

What are the four monitoring methodologies?

Accepted Answer

1. Anomaly monitoring: creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from the baseline, an alarm is raised. (used by IDS) 2. signature-based monitoring: examines network traffic to look for well-known patterns and compares the activities against a predefined signature. 3. Behavioral monitoring: uses the normal processes and actions as the standard and compares actions against it. 4. heuristic monitoring: uses an algorithm to determine if a threat exists.

Question 24

What is a network intrusion detection system (NIDS)?

Accepted Answer

A technology that watches for attacks on the network and reports back to a central device.

Brainscape's Knowledge GenomeTM

Module 9 Flashcards

Brainscape's Knowledge Genome^TM