Network Basics 2 Flashcards by Melissa Nyberg

What do you call the process of transferring VLAN traffic between two or more switches?

Trunking

How well did you know this?

Not at all

Perfectly

What is a trunk port on a switch?

A port configured to carry all traffic, regardless of VLAN number, between all switches in a LAN.

How well did you know this?

Not at all

Perfectly

What is the IEEE trunking protocol used in VLANS that enable you to connect switches from different manufacturers?

802.1Q

How well did you know this?

Not at all

Perfectly

A static VLAN assigns VLANS to ____.

ports

How well did you know this?

Not at all

Perfectly

A dynamic VLAN assigns VLANS to ____.

MAC addresses

How well did you know this?

Not at all

Perfectly

A network vulnerability that lets the attacker access VLANs they should not be able to access is called:

double-tagging attack

How well did you know this?

Not at all

Perfectly

The process of passing traffic between two VLANs using a router (using one or more ports) is called:

inter-VLAN routing

How well did you know this?

Not at all

Perfectly

What type of VLAN only allows traffic from private ports to be switched to the uplink trunk port, isolating hosts from each other at Layer 2?

A private VLAN

How well did you know this?

Not at all

Perfectly

You can configure any port on a multilayer switch to act as a ____ port or a ____ port.

switch; router

How well did you know this?

Not at all

Perfectly

Making multiple servers look like a single server, creating a server cluster, and evenly distributing requests to these servers is called ____.

load balancing

How well did you know this?

Not at all

Perfectly

When a computer comes to the DNS server for resolution, the server responds with all the “A” records for a FQDN. Then the next time DNS is queried, all the “A” records for a FQDN are returned again but in a different order. This is known as ____.

round robin

This is how DNS performs load balancing by having each Web server gets its own public IP address and each DNS server for the domain has multiple “A” records, each with the same fully qualified domain name (FQDN).

How well did you know this?

Not at all

Perfectly

Hardware and software tools that filter traffic based on various criteria, such as port number, IP address, or protocol are called ____.

firewalls

How well did you know this?

Not at all

Perfectly

An application that inspects packets, looking for active intrusions and functions inside the network is called a/an ____.

IDS or Intrusion Detection System

How well did you know this?

Not at all

Perfectly

Similar to an IDS, a/an ____ sits directly in the flow of network traffic and can stop an attack while it is happening.

IPS or Intrusion Prevention System

How well did you know this?

Not at all

Perfectly

Copying data from any or all physical ports on a switch to a single physical port is called ____.

port mirroring

How well did you know this?

Not at all

Perfectly

What standalone multi-port hardware device copies all of the bits it sees and sends them out on a separate port for monitoring and is used for non-obtrusive data collection?

A network tap

How well did you know this?

Not at all

Perfectly

What sits between clients and external servers, pocketing the requests from the clients for external server resources and making those requests itself?

A proxy server

How well did you know this?

Not at all

Perfectly

Whom does a forward proxy server act on behalf of?

Clients, getting information from various sources and handing that info to the clients.

How well did you know this?

Not at all

Perfectly

Whom does a reverse proxy server act on behalf of?

Servers

Clients contact the reverse proxy server, which gathers info from its associated server(s) and hands the info to the clients.

How well did you know this?

Not at all

Perfectly

802.1X is an example of ____.

port-based authentication

How well did you know this?

Not at all

Perfectly

Define: IPv6 Address

A 128-bit address consisting of eight sets of four hexadecimal numbers, each number being a value between 0000 and ffff, using a colon to separate the numbers.

How well did you know this?

Not at all

Perfectly

What two parts are IPv6 addresses generally split into?

A 64-bit network prefix used for routing and a 64-bit interface ID, the user portion.

How well did you know this?

Not at all

Perfectly

The network prefix of an IPv6 address gets split into what two parts?

A routing prefix and a subnet ID.

How well did you know this?

Not at all

Perfectly

What are the IPv6 shorthand notation rules?

Leading zeroes can be dropped and only one group of contiguous zeroes can be represented by a double colon (::).

How well did you know this?

Not at all

Perfectly

What does the IPv6 "/x" prefix length naming convention specify?

The number of bits in the network ID.

What is the IPv6 loopback address?

::1

What is a link-local address and what is it used for?

The address that a computer running IPv6 gives itself after first booting. It is used for communicating on a local network.

What is the IPv6 link-local address?

The first 64 bits are always fe80::/64 (fe80:0000:0000:0000)

What address type does a client need to access IPv6 content on the Internet

A global unicast address

Does IPv6 use broadcast addresses or multicast addresses?

Multicast addresses

What is the all-nodes IPv6 multicast address?

ff02::1 The 2 (scope) indicates the local network segment. The 1 (group) indicates all nodes within the scope.

What is the all-routers IPv6 multicast address?

ff02::2 The first 2 (scope) indicates the local network segment. The second 2 (group) indicates all routers within the scope.

What is the Ethernet address (MAC address) for IPv6 multicast traffic?

33-33-xx-xx-xx-xx

What is the solicited-node IPv6 multicast address?

ff02::1:ffxx:xxxx (The last six digits equal the last six digits of the corresponding unicast address).

Define: IPv6 Anycast Address

A single IP address shared by multiple hosts. Routers are configured to direct traffic destined for that single address to the closest system based on what routing metrics were chosen.

The ____ is an IPv6 protocol that performs the same functions as ARP in IPv4 and plays a role in features such as stateless address autoconfiguration (SLAAC).

NDP or Neighbor Discovery Protocol

Hosts use ____ messages to request the MAC address of a target system, to inform the target system of their own MAC address, and to verify a system is still reachable. They also help IPv6 hosts detect duplicate addresses on the local network.

neighbor solicitation

What is the neighbor discovery cache in IPv6?

A host's list of known MAC addresses.

What are NDP's (Neighbor Discovery Protocol's) five control message types?

Neighbor solicitation Neighbor advertisement Router solicitation Router advertisement Redirect

Routers use ____ messages in an IPv6 network to send out important information such as their MAC and link-local addresses (default gateway), how hosts on the network should get a global unicast address, whether to use DHCP, and DNS server addresses.

router advertisement

What are router solicitation messages used for in IPv6?

Nodes on the network send them to find any routers on the network. These packets are always sent to the all-router multicast address.

What are neighbor advertisement messages used for in IPv6?

To respond to neighbor solicitation messages with the host's MAC address and to let the requesting system know that it is reachable. These packets are sent via unicast addresses.

What are redirect messages used for in IPv6?

They enable a router to tell a host that there is a better router to use for traffic to a given destination when multiple routers are available for a host to use.

What does a DHCPv6 server in stateful mode do?

It tells the host the full 128-bit address it should use and keeps track of the addresses it has passed out. It also gives out other information.

What does a DHCPv6 server in stateless mode do?

It lets hosts pick out their own IPv6 addresses using SLAAC (stateless address autoconfiguration) and gives out other information.

As you get to the top of the Internet, the Tier 1 routers that connect to other Tier 1 routers can't have any default route. These no-default routers make up the ____.

default-free zone (DFZ)

What is aggregation in IPv6?

Where every router underneath one router always uses a subset of that router's existing routes.

What is the 6in4 IPv6 tunneling protocol?

It is one of only two IPv6 tunneling protocols that can go through IPv4 NAT (called NAT traversal).

What is NAT64?

A transition mechanism that attaches the bytes of an IPv4 address onto the end of an IPv6 address for network traversal.

Downstream routers may, in theory, do what if their upstream router suddenly changes the IPv6 prefix it delegates to them?

Send an all-nodes router advertisement so that clients can renumber.

A router feature that labels certain data to use a desired connection, and works with any type of packet switching to force certain types of data to use a certain path is called ____.

MPLS or Multiprotocol Label Switching

What is a metro Ethernet network?

A secure, private network within a city using fiber-optic cabling. This is also called a metropolitan area network (MAN).

A business that leases direct connections to the Internet and in turn provides a public on-ramp (provider links) to the Internet is called a/an ____.

ISP or Internet Service Provider

A/An ____ is a high-speed Internet connection technology that uses a modem and a regular telephone line for connectivity.

DSL or Digital Subscriber Line

For DSL and a plain old telephone service (POTS) to coexist, you need a ____ for the phone line installed.

DSL POTS filter

What protocol do cable modems use?

DOCSIS or Data Over Cable Service Interface Specification

Satellite access comes in two types:

one-way (download via satellite, upload via PSTN/dial-up) two-way (download and upload via satellite)

Which last mile architecture enables fiber-to-the-home to connect the neighborhood switch to the premises?

PON (Passive Optical Network)

What do all remote terminal programs require?

A server (the computer to be controlled) and a client.

What two important things do VPNs (Virtual Private Networks) need to function?

Endpoints and the same network ID for the computers on both sides.

What is SONET (Synchronous Optical Network) used for?

Long-distance, high-speed, fiber optic transmission.

What VPN technology enables direct connections between satellite/multiple locations?

DMVPN or Dynamic Multipoint VPN

What protocol is commonly used with today's VPNs?

IPsec

The ____ standard defines both how wireless devices communicate and how to secure that communication.

802.11

What is the 802.11 network operation mode where two or more devices communicate directly without any other intermediary hardware?

ad hoc mode

What is the 802.11 network operation mode that uses one or more WAPs?

infrastructure mode

Two or more wireless nodes communicating in ad hoc mode form a/an ____.

IBSS (Independent Basic Service Set)

A single WAP servicing a given area is called a/an ____.

BSS (Basic Service Set)

Multiple WAPs servicing an area is called a/an ____.

ESS (Extended Service Set)

What is a 32-bit identification string, sometimes called a network name, that's inserted into the header of each data packet processed by a WAP (wireless access point)?

Service Set Identifier (SSID)

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data out on different frequencies at the same time is called ____.

Direct-Sequence Spread-Spectrum (DSSS)

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data on one frequency at a time, constantly shifting (or hopping) frequencies is called ____.

Frequency-Hopping Spread-Spectrum (FHSS)

A spread-spectrum broadcasting method defined in the 802.11 standard that combines the multiple frequencies of DSSS with FHSS's hopping capability is called ____.

Orthogonal frequency-division multiplexing (OFDM)

For the ____GHz band, the 802.11 standard defines 14 channels (US limits it to channels 1-11) of 20 MHz each.

2.4 GHz

What three channels in the 2.4 GHz band should be used on WAPs to avoid overlap?

1, 6, and 11

The versions of 802.11 that use the ____GHz and ____GHz bands use automatic channel switching and in general have around 40 different channels in the spectrums.

5.0 GHz, 6.0 GHz

Wi-Fi networks use carrier-sense multiple access with ____ (CSMA/____)?

collision avoidance (CSMA/CA)

802.11b Frequency Spectrum Speed Range

Frequency: 2.4 GHz Spectrum: DSSS Speed: 11 Mbps Range: ~300 feet

802.11a Frequency Spectrum Speed Range

Frequency: 5.0 GHz Spectrum: OFDM Speed: 54 Mbps Range: ~150 feet

802.11g Frequency Spectrum Speed Range

Frequency: 2.4 GHz Spectrum: OFDM Speed: 54 Mbps Range: ~300 feet

802.11n (Wi-Fi 4) Frequency Spectrum Speed Range

Frequency: 2.4 GHz Spectrum: OFDM (QAM) Speed: 100+ Mbps Range: ~300 feet

____ is a feature in 802.11n and later WAPs that enables them to make multiple simultaneous connections called streams.

Multiple Input/Multiple Output (MIMO)

____ is a multiple-antenna technology in 802.11n WAPs that helps get rid of dead spots.

Transmit beamforming

802.11ac (Wi-Fi 5) Frequency Spectrum Speed Range

Frequency: 5.0 GHz Spectrum: OFDM (QAM) Speed: Up to 1 Gbps Range: ~300 feet

____ is a feature of 802.11ac and later networking that enables a WAP to broadcast to multiple users simultaneously.

Multi-User MIMO (MU-MIMO)

802.11ax (Wi-Fi 6/6E) Frequency Spectrum Speed Range

Frequency: 2.4 GHz, 5.0 GHz, 6.0 GHz Spectrum: OFDMA (1024 QAM) Speed: Up to 10 Gbps Range: ~300

____ is an early wireless security protocol for Wi-Fi that uses the RC4 encryption algorithm and is no longer used due to major security vulnerabilities.

WEP or Wired Equivalent Privacy

____ is a wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. It also supports authentication using EAP.

WPA or Wi-Fi Protected Access

____ is an authentication wrapper that ___-compliant applications can use to accept one of many types of authentication. It is a general-purpose authentication wrapper mainly used in wireless networks.

EAP or Extensible Authentication Protocol

____ is a port-based authentication network access control mechanism for networks. It's a complete authentication standard designed to force devices to go through a full AAA process to get anywhere past the interface on a network connection device such as a WAP (aka. network access server or NAS).

802.1X

____ is the consumer name for the IEEE 802.11i standard and the replacement for the WPA protocol. It uses the AES (Advanced Encryption Standard) algorithm.

WPA2

A switch that's designed to handle a number of WAPs simultaneously and does the job of configuring them is called a/an ____.

wireless LAN controllers

____ is a method to load-balance wireless network clients associated with a single SSID. It distributes clients across many VLANs to avoid excessive levels of broadcast traffic.

VLAN pooling

____ are flat, plate-shaped antennas that generate a half-sphere beam and are placed on walls.

Patch antennas

Wi-Fi ____ is the loss of packets due to an overworked WAP.

jitter

What are the three physical problems that cause attenuation in Wi-Fi networks, the progressive loss of radio signal strength as the radio wave passes through different mediums?

Absorption Reflection Refraction

A ____ is a Wi-Fi network implementation used in some public facilities that directs attempts to connect to the network to an internal Web page for that facility; generally used to force terms of service on users.

captive portal

When setting up WPA2-PSK on your wireless network, you have the option to choose TKIP or AES. Which should you implement?

AES

What type of server supports EAP-encrypted passwords in accordance with the 802.1X standard?

RADIUS server

A ____ hypervisor is installed on the system in lieu of an operating system.

Type 1

A ____ hypervisor is installed on top of the operating system.

Type 2

Infrastructure as a Service (IaaS) providers enable you to:

set up and tear down infrastructure, such as servers, switches, and routers, on demand.

The ____ cloud service model provides a complete deployment and management system with all the tools needed to administer and maintain a Web application.

PaaS or Platform as a Service

The ____ cloud service model replaces applications once distributed and licensed via physical media with subscriptions to equivalent applications from online servers.

SaaS or Software as a Service

____ is the practice of increasing the capacity of a service or application deployed in a private cloud by adding extra instances in a public cloud.

Cloud bursting

____ is an automation philosophy that defines the infrastructure (servers and network components) an application or service requires in configuration files or scripts well enough that it is easy to create identical copies of the needed infrastructure.

IaC or Infrastructure as Code

____ is programming that allows a master controller to determine how network components will move traffic through the network and is used in virtualization.

SDN or Software-Defined Networking

____ is a cloud computing service that enables a user or organization to virtualize user workstations and manage them as flexibly as other cloud resources.

DaaS or Desktop as a Service

A/An ____ can establish a permanent tunnel (often using IPsec) between a local network and a virtual network in the cloud.

site-to-site VPN

What are the three layers that make up the three-tiered architecture for traditional data centers?

1. Access/edge layer 2. Distribution/aggregation layer 3. Core layer

A ____ is a server that can take a pool of hard disks and present them over the network as any number of logical disks. The interface it presents to a client computer pretends to be a hard disk and enables the client's operating system to read and write blocks over a network.

SAN or Storage Area Network

A process in which an organization places its own server hardware in a public, third-party data center is called ____.

co-location

What is the spine-and-leaf architecture in data centers?

Where every spine switch connects with every leaf switch in a two-tiered mesh network.

What protocol provides load balancing in a spine-and-leaf data center?

ECPM or Equal-Cost Multipath

____ means to have multiple pieces of interconnected equipment, such as servers, appear to the network as a single (logical) device.

Clustering

Clustering solutions are an example of ____ high availability (HA) in that all members of the cluster are active at the same time.

active-active

____ is an open standard protocol that enables redundant routers to appear as a single virtual router with a single virtual IP (VIP) address for high availability.

VRRP or Virtual Router Redundancy Protocol

____ is a Cisco proprietary protocol that enables redundant routers to appear as a single virtual router with a single virtual IP (VIP) address for high availability.

HSRP or Hot Standby Router Protocol

VRRP (Virtual Router Redundancy Protocol) and HSRP (Hot Standby Router Protocol) are examples of ____ high availability (HA) in that only one router is active at a time. All other routers are passive until the active router fails.

active-passive

What document contains details about all the hardware and software installed in a data center and provides the foundation for future upgrades?

Baseline configuration

Devices using the proprietary ____ protocol form a mesh network using the 908 MHz and 916 MHz band.

Z-Wave

Devices using the open source ____ protocol form a mesh network using either the 2.4 GHz or 915 MHz band.

Zigbee

Virtually all VoIP (Voice over IP) systems use what two protocols?

SIP or Session Initiation Protocol RTP or Real-time Transport Protocol

____ is a complete VoIP or video presentation connection and session controller protocol.

MGCP or Media Gateway Control Protocol

The overall system that monitors and controls machines today is called a/an ____.

ICS or Industrial Control System

A/An ____ is a computer that controls a machine according to a set of ordered steps.

PLC or Programmable Logic Controller

____ is a system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.

SCADA or Supervisory Control And Data Acquisition

A ____ consists of small controllers added directly to a machine used to distribute the computing load. Each of the local controllers connects to a centralized controller, the ICS server, where global changes can be managed.

DCS or Distributed Control System

In a/an ____ deployment model, the corporation owns all the mobile devices and issues them to employees. The corporation is solely responsible for the maintenance of the devices, the applications, and the data. Nothing but company approved software is used on the issued mobile devices.

COBO or Corporate Owned, Business Only

In a/an ____ deployment model, the organization issues mobile devices and employees are presented with a whitelist of pre-approved applications that they may install.

COPE or Corporate Owned, Personally Enabled

An organization offering ____ options provides employees free choice within a catalog of mobile devices. The organization retains complete control and ownership over the mobile devices, although the employees can install their own apps on the mobile devices.

CYOD or Choose Your Own Device

A/An ____ is a document between a customer and a service provider that defines the scope, quality, and terms of service to be provided. ____ requirements are a common part of business continuity and disaster recovery.

SLA or Service Level Agreement SLA

A/An ____ is a document that defines an agreement between two parties in situations where a legal contract wouldn't be appropriate. It defines the duties the parties commit to perform for each other and a time frame for the ____.

MOU or Memorandum Of Understanding MOU

A/An ____ is a legal contract between a vendor and a customer that defines the services and products the vendor agrees to supply and the time frames in which to supply them.

SOW or Statement Of Work

A/An ____ will inspect a huge number of potential vulnerabilities and create a report for an organization to then act upon.

vulnerability scanner

A/An ____ covers all the various threats and risks to which a company is exposed and includes the cost of negative events in both money and time.

posture assessment

A/An ____ examines all aspects of a third party's security controls, processes, procurement, labor policies, and more to see what risks that third party poses to the organization.

vendor risk assessment

Incidents that take place within the organization that can be stopped, contained, and remedied without outside resources are handled by ____ planning.

incident response

If an incident can no longer be contained, causing significant damage or danger to the immediate infrastructure, it is covered under ____.

disaster recovery

If the disaster requires actions offsite from the primary infrastructure, it is under the jurisdiction of ____.

business continuity

A/An ____ sets an upper limit to how much lost data the organization can tolerate if it must restore from a backup, effectively dictating how frequently backups must be taken.

RPO or Recovery Point Objective

The ____ sets an upper limit to how long the organization can tolerate an outage before full functionality must be restored.

RTO or Recovery Time Objective

A/An ____ details risks to critical systems, cost to replace or repair such systems, and how to make those replacements or repairs happen in a timely fashion.

BCP or Business Continuity Plan

____ is identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident or disaster.

Succession planning

In general, when you are in a situation where you are the first responder, you need to do the following three things:

1. Secure the area 2. Document the scene 3. Collect evidence

A/An ____ is the process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.

legal hold

Through what mechanism is a change to the IT structure initiated?

Users submit a change request to the change management team.

What is the job of a first responder?

To react to the notification of a computer crime.

The best way to know the vulnerabilities of an IT infrastructure is to run what?

A vulnerability scanner

The three goals of security, the CIA triad, are:

1. Confidentiality 2. Integrity 3. Availability

In ____, an attacker alters a DNS server's cache to point clients to an evil Web server instead of the correct one.

DNS poisoning

To prevent DNS cache poisoning, the typical use case scenario is to add ____ for domain name resolutions.

DNSSEC or DNS Security Extensions

____ is a switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically it's used to block attacks that use a rogue DHCP server.

DHCP snooping

In IPv6 networks, ____ enables the switch to block router advertisements and router redirect messages that are not sent from trusted ports or don't match a policy.

RA-Guard or Router Advertisement Guard

____ attacks target ARP caches on hosts and MAC address tables on switches.

ARP cache poisoning

What tool uses the DHCP snooping binding database to prevent ARP cache poisoning?

DAI or Dynamic ARP Inspection (Cisco)

Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ____, a key network hardening technique.

switch port protection

Used in DDoS attacks, ____ is where the attacker sends requests to normal servers with the target's IP address spoofed as the source. The normal servers respond to the spoofed IP address (the target system), overwhelming it with reflected traffic without identifying the true initiator.

reflection

A/An ____ DoS attack sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.

amplified

A/An ____ is a form of DoS attack that targets 802.11 WiFi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.

deauthentication (deauth) attack

A/An ____ attack is where an attacker takes advantage of DHCP scope exhaustion by spoofing packets to the DHCP server, tricking it into giving away all of its leases and therefore running out of open addresses. It is a technique used to encourage clients to switch to a rogue DHCP server that the attacker controls.

DHCP starvation

In an ____, an attacker taps into the communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.

on-path attack (aka. man-in-the-middle)

____ tries to intercept a valid computer session to get authentication information.

Session hijacking

____ is a Layer 2 attack that enables an attacker to access hosts on a VLAN the attacker is not a part of. The mechanism behind the attack is to take a system that's connected to one VLAN and, by abusing VLAN commands to the switch, convince the switch to change your switch port connection to a trunk line.

VLAN hopping

____ uses some form of encryption to lock a user out of a system, usually by encrypting the boot drive.

Crypto-malware

A ____ is a malware program that replicates and activates. It only replicates to other applications on a drive or to other drives, and does not replicate across networks. It is not a stand-alone program, but rather something attached to a host file. They carry some payload that may or may not do something malicious when activated.

virus

A/An ____ replicates exclusively through networks by sending copies of itself to any other computers it can locate on the network. They can exploit inherent vulnerabilities in program code, attacking programs, operating systems, protocols, and more.

worm

A/An ____ is code written to execute when certain conditions are met, usually with malicious intent.

logic bomb

A/An ____ is a piece of malware that looks or pretends to do one thing while, at the same time, doing something evil. They do not replicate.

Trojan horse

A/An ____ is a type of malware that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools.

rootkit

____ is a social engineering technique where the attacker poses as a trusted source and tries to inspire the victim to act based on a false premise (usually communicated via e-mail, phone, or SMS). A successful attack typically obtains confidential information or introduces malware into the network.

phishing

To lock a Windows computer, press the ____ combination.

WINDOWS KEY-L

An unauthorized person attempting to follow an authorized person into a secure area without the authorized person's consent or even realization is called ____.

tailgating

An authorized person helping an unauthorized person follow them into a secure area is called ____.

piggybacking

A/An ____, is an entryway with two successive locked doors and a small space between them providing one-way entry or exit.

access control vestibule (aka. mantrap)

A/An ____ is a sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.

proximity reader

A device (such as a credit card) that you insert into your PC or use on a door pad for authentication is called a/an ____.

smart card

In all network operating systems, the permissions of the groups are combined, and the result is what is called the ____ the user has to access a given resource.

effective permissions

____ is a standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.

NAC or Network Access Control

In terms of posture assessment, a/an ____ refers to software that runs within a client and reports the client's security characteristics to an access control server to be approved or denied entry to a system.

agent

Attackers can use ____, excessive or malformed packets, to conduct DoS attacks on networks and hosts, targeting vulnerable switches through their switch ports.

traffic floods

A/An ____ is a network segment carved out by firewalls to provide a special place (a zone) on the network for any servers that need to be publicly accessible from the Internet.

screened subnet (aka. a DMZ or demilitarized zone)

A/An ____ is a network containing one or more honeypots created to lure in hackers.

honeynet

Which Windows utility displays open ports on a host?

netstat

The NSA's TEMPEST security standards are used to combat which risk?

RF emanation using enclosures, shielding, and even paint.

A DoS attacker using ____ would focus on sending the smallest amount of traffic possible.

amplification

An SNMP (Simple Network Management Protocol) system, which creates a managed network, consists of at least three components:

1. Managed devices 2. SNMP manager aka. a NMS (Network Management System 3. SNMP agent

SNMP uses ____ to categorize the data that can be queried.

MIBs or Management Information Bases

SNMP managers use UDP ports:

162 or 10162 (with TLS)

SNMP agents use UDP ports:

161 or 10161 (with TLS)

A/An ____ is a program that queries a network interface and collects (captures) packets in a file. They need to capture all the packets they can, so it's typical for them to connect to an interface in promiscuous mode or, in the case of a switch, a mirrored port.

packet sniffer

A/An ____ is a program that processes capture files from packet sniffers and analyzes them based on our monitoring needs.

protocol analyzer

A/An ____ tool tracks traffic flowing between specific source and destination devices.

packet flow monitoring

The default destination port for syslog is UDP port ____.

514