Network Defense Essentials Flashcards
Clark, a thief, escaped from the civil forces and tried to enter the nearest company’s premises. The security systems installed at the entrance identified the unauthorized entry into the organization’s premises and triggered an alarm to activate security teams.
Which of the following types of security control system triggered an alarm in the above scenario when the unauthorized intrusion attempt was made?
Detection controls
These are used to detect unauthorized access attempts.
Clark, a network security specialist, was assigned to secure an organization’s network. Clark implemented a network defense approach that can tackle network attacks such as DoS and DDoS and includes security monitoring methods such as IDS, SIMS, TRS, and IPS.
Reactive approach
Consist of methods or techniques that are used to detect attacks on the target network.
Which of the following components of technical security controls protects the information passing through the network and preserves the privacy and reliability of the data?
Encryption and protocols
Sally, a security professional, implemented a protocol for authenticating requests in computer networks. The protocol implemented by Sally is based on the client-server model, and uses encryption technology and a “ticket” mechanism to prove the identity of a user on a non-secure network.
Identify the protocol implemented by Sally in the above scenario.
Kerberos
Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks.
Margaret, a system administrator, regularly administers the devices connected to the organizational network. She found that certain devices are vulnerable to sniffing attacks. To protect the device from such attacks, Margaret employed a protocol that encrypts the entire communication between the client and the server, including the user’s password, which protects it from sniffing attacks.
Identify the protocol employed by Margaret in the above scenario.
TACACS+
provides authentication, authorization, and accounting (AAA) services for network communication.
Which of the following protocols provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server?
RADIUS
Remote authentication dial-in user service (RADIUS) is an authentication protocol which provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server.
James, a network administrator, was assigned a task to create a standard access control model for the organization’s confidential data. He implemented an access control model that determines the usage and access policies for the users. After its implementation, only users with appropriate access rights can access the resource.
Which of the following access control models James has implemented in the above scenario?
Mandatory access control (MAC)
The MAC determines the usage and access policies for the users.
Identify the access control terminology that is referred to as an explicit resource on which an access restriction is imposed.
Object
An object is an explicit resource on which an access restriction is imposed.
Identify the access control model in which the access permissions are beyond the user control, which implies that users cannot amend the access policies created by the system.
Role-Based access control (RBAC)
In a role-based access control, the access permissions are available based on the access policies determined by the system.
Which of the following access control models can be termed as need-to-know access model where the decision can be taken by an owner to provide or deny access to specific user or a group of users?
Discretionary Access Control (DAC)
DAC determines the access control taken by any possessor of an object in order to decide the access control of a subject on that object.
Ronnie, a security professional got many tickets stating that certain miscreants have been accessing the files with the credentials of the employees and they are creating havoc in the organization. To prevent such incidents, Ronnie implemented an authentication mechanism that identifies human characteristics for authenticating people.
Biometric authentication
Biometrics is a technology which identifies human characteristics for authenticating people.
Rachel, a security professional plans to implement an added layer of defense to protect critical assets from sophisticated cyberattacks. She implemented an authentication technique that uses a physical entity such as a security token as one of the credentials and the other credential can include security codes.
Identify the type of authentication implemented by Rachel in the above scenario.
Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.
Alice, a shopping freak, logged into an ecommerce app and added certain favorite items to her cart list. Before placing the order, she added her shipping address and debit card details along with the CVV number on the app. After adding her card details, Alice clicked on the proceed option to pay the bill. During the bill payment, Alice received an OTP on her mobile phone. Upon providing a valid OTP on the payment gateway, Alice’s order was successfully accepted.
Which of the following types of authentication method was demonstrated in the above scenario?
Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.
Smith, a developer in a software company, has designed a banking application. For security reasons, he created an authentication mechanism that requires logging-in with user credentials as well as an OTP, which is sent to the user’s mobile number.
Which of the following authentication methods Smith has implemented in the above scenario?
Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.
Williams, a network administrator, was assigned a duty to configure network security devices such as intrusion detection system (IDS) and intrusion prevention system (IPS) to protect the organization network from intrusion and block hackers’ traffic from entering the network.
Which of the following ISO/IES standards Williams must follow while configuring or modifying these security devices?
ISO/IEC 27039
provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS).
(An Incident Detection System (IDS) is a hardware or software program using known intrusion signatures to identify and analyze inbound and outbound network traffic for suspicious activities.)
Which of the following ISO/IEC standards provides ISMS implementation guide for the telecom industry that was developed jointly by ITU Telecommunication Standardization Sector (ITU-T) and ISO/IEC JTC1/SC 27?
ISO/IEC 27011
specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
Which of the following acts allows a provision for the regulation of the processing of information relating to individuals and to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information?
Data Protection Act 2018 (DPA)
The DPA is an act to make provision for the regulation of the processing of information relating to individuals.
Which of the following Internet access policy starts with all services blocked and enables safe and necessary services individually?
Prudent Policy
A prudent policy starts with all services blocked. The Network defender enables safe and necessary services individually.
Sam, a system administrator, was assigned to configure the information security policy that focuses on the overall security of a particular system in an organization. Jack selected a security policy that includes DMZ policy, encryption policy, policies for IDS/IPS implementation, and acceptable use policy.
Which of the following security policies Jack has implemented in the above scenario?
System-specific security policy (SSSP)
SSSP directs users while configuring or maintaining a system.
Which of the following types of Internet policy accepts a majority of Internet traffic and only blocks known dangerous services/attacks?
Permissive policy
This policy is wide open, and only known dangerous services/attacks or behaviors are blocked.
Which of the following security labels is given to a data or object that is only accessible by few people in the organization because of its technical, business, and personal issues?
Restricted
Stella, a security team member, was instructed to train new employees on securing the organization from unwanted issues. As a primary part of training, she instructed employees not to throw sensitive documents in the trash, and also trained them on how to shred documents and erase magnetic data before putting them into the trash.
Which of the following attacks were mitigated by grooming employees on the above techniques?
Dumpster diving
Which of the following types of physical threat involves activities such as planting a vehicle bomb, human bomb, or a postal bomb in and around the organization’s premises that impacts the physical security of the organization?
Terrorism
Identify the type of man-made threat that includes former employees who try to compromise the system by willingly harming the system components.
Vandalism
Identify the fire-fighting system that provides a pre-piped water system for organizations and provides water supply to hose lines in certain locations.
Standpipe system
Which of the following physical security barriers can affect the fast evacuation of occupants in case of a fire emergency as it allows entry of only one person at a time?
Turnstiles
Which of the following activities is a physical security measure implemented for maintaining servers and backup devices?
Use rack mount servers
Freddy, a network engineer, detects that the network cabling of his organization was flawed and insecure. To implement secure network cabling, he installed a type of cable where each pair of wires is individually guarded with foil and is less susceptible to external interference.
Identify the type of cable utilized by Freddy in the above scenario.
Shielded twisted pair cable
Williams, an infrastructure designer, was assigned to design the arrangement of servers in a data center. The requirement is that the arrangement of equipment should maintain airflow to save energy. The arrangement designed by Williams can save the hardware from humidity and heat and increases hardware performance.
Which of the following options was employed by Williams in the above scenario?
Hot and cold aisles
Which of the following practices is NOT a measure for strengthening the physical security of an organization?
Never follow copyright rules and licensing restrictions
Which of the following types of bastion host is a firewall device with only one network interface and all the traffic is routed through the bastion host?
Single-homed bastion host
Finch, a network administrator in the process of securing the internal network, segregated the LAN creating an independent subnetwork. The newly created subnetwork has been placed between the organization’s internal network and the outside public network to enable high-level protection for the LAN.
Identify the independent network created by Finch in the above scenario to protect the LAN.
Demilitarized Zone (DMZ)
A computer subnetwork is placed between the organization’s private network such as a LAN, and an outside public network such as the Internet, and acts as an additional security layer.
Which of the following types of bastion host operates with multiple network connections but the network connections do not interact with each other?
Non-routing dual-homed host
Given below are the different steps involved in firewall implementation and deployment.
Planning
Testing
Managing and maintaining
Configuring
Deploying
What is the correct sequence of steps involved in firewall implementation and deployment?
1 -> 4 -> 2 -> 5 -> 3
Planning, Configuring, Testing, Deploying, and then Managing, and maintaining
Which of the following firewall technologies works at the session layer of the OSI model or the TCP layer of TCP/IP model and filters the traffic based on specified session rules?
Circuit-Level Gateway
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP.
John, a network specialist at an organization, was instructed to monitor unusual behaviors in the network. He implemented an IDS system that first creates models of possible intrusions and then compares these models with incoming events to make a detection decision.
Identify the type of IDS detection method employed by John in the above scenario.
Misuse detection
David, a network specialist at an organization, was monitoring incidents on an IDS solution. The IDS solution detected suspicious activity performed by a threat actor over the organization’s network and had sent an email alert to David operating at the control room. David immediately took the pre-configured counter-action and blocked the attacker from further attempts on the organization’s network.
Identify the tool that helped David detect intrusion attempts in the above scenario.
Suricata
a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.
Jackson, a security analyst at an organization, was instructed to strengthen the security of their intranet. He deployed a honeypot solution the monitors attackers’ tricks and exploits by logging all their activity. As a result, Jackson can respond to such exploits quickly before the attacker can misuse or compromise the system.
Identify the honeypot solution that helps Jackson in the above scenario.
KFSensor
acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans. KFSensor is pre-configured to monitor all TCP and UDP ports, along with ICMP. It is also configured with the emulation of common services.
Which of the following types of honeypot simulates only a limited number of services and applications of a target system or network and if the attacker does something that the emulation does not expect, the honeypot will simply generate an error?
Low-interaction honeypot
Low-interaction honeypots emulate only a limited number of services and applications of a target system or network.
Which of the following types of proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests?
Anonymous Proxy
An anonymous proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests.