Network Security

Question 1

TCP/IP Architecture

Answer 1

Application Layer
Transport Layer
Internet Layer
Network Interface Layer

Question 2

IPv4 allowed private ip addresses

Answer 2

Range
10.0.0.0 to 10.255.255.254
172.16.0.0 to 172.31.255.254
192.168.0.0 to 192.168.255.254

Question 3

ftp sftp ports

Answer 3

21ftp
22 sftp

Question 4

telnet
ssh

Answer 4

23 telnet
22 ssh

Question 5

smtp
smtp w/ tls

Answer 5

25 smtp
587 smtp w/ tls

Question 6

time
ntp

Answer 6

37 time
123 ntp

Question 7

dns
dot (dns over tls)

Answer 7

53 dns
853 dot

Question 8

http
https

Answer 8

http 80
https 443

Question 9

imap (internet message access protocol)
imap for ssl/tls

Answer 9

143 imap
993 imap ssl/tls

Question 10

snmp

Answer 10

161/162 snmp

Question 11

smb (server message block)
nfs (network file system)

Answer 11

445 smb
2049 nfs

Question 12

ldap
ldaps

Answer 12

389 ldap
636 ldaps

Question 13

three-way handshake between client and server

Answer 13

syn, syn-ack, ack

Question 14

spoofing

Answer 14

An attack with the goal of gaining access to a target system through the use of a falsified identity.

Question 15

Phishing

Answer 15

An attack that attempts to misdirect legitimate users to malicious websites through the abuse of URLs or hyperlinks in emails could be considered phishing.

Question 16

Virus

Answer 16

A virus is a self-replicating piece of code that spreads without the consent of a user, but frequently with their assistance (a user has to click on a link or open a file).

Question 17

Worm

Answer 17

They contain the same destructive potential as other malicious code objects with an added twist—they propagate themselves without requiring any human intervention.

Question 18

Trojan

Answer 18

a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network.

Question 19

Side-channel attack

Answer 19

A side-channel attack is a passive, noninvasive attack to observe the operation of a device. Methods include power monitoring, timing and fault analysis attacks.

Question 20

Malware

Answer 20

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim’s data, applications or operating system or otherwise annoying or disrupting the victim.

Question 21

HIDS

Answer 21

A HIDS monitors activity on a single computer, including process calls and information recorded in system, application, security and host-based firewall logs. It can often examine events in more detail than a NIDS can, and it can pinpoint specific files compromised in an attack. It can also track processes employed by the attacker. A benefit of HIDSs over NIDSs is that HIDSs can detect anomalies on the host system that NIDSs cannot detect.

Question 22

NIDS

Answer 22

A NIDS monitors and evaluates network activity to detect attacks or event anomalies. It cannot monitor the content of encrypted traffic but can monitor other packet details. A single NIDS can monitor a large network by using remote sensors to collect data at key network locations that send data to a central management console. These sensors can monitor traffic at routers, firewalls, network switches that support port mirroring, and other types of network taps. A NIDS has very little negative effect on the overall network performance, and when it is deployed on a single-purpose system, it doesn’t adversely affect performance on any other computer. A NIDS is usually able to detect the initiation of an attack or ongoing attacks, but they can’t always provide information about the success of an attack. They won’t know if an attack affected specific systems, user accounts, files or applications.

Question 23

Security Information and Event Management (SIEM)

Answer 23

The general idea of a SIEM solution is to gather log data from various sources across the enterprise to better understand potential security concerns and apportion resources accordingly.

Question 24

Preventing threats

Answer 24

Keep systems and applications up to date.
Remove or disable unneeded services and protocols.
Use intrusion detection and prevention systems.
Use up-to-date anti-malware software.
Use firewalls.

Question 25

Cloud computing benefits

Answer 25

-Usage is metered and priced according to units (or instances) consumed. -Reduced cost of ownership. -Reduced energy and cooling costs, along with “green IT” environment effect with optimum use of IT resources and systems. -Allows an enterprise to scale up new software or data-based services/solutions through cloud systems quickly and without having to install massive hardware locally.

Question 26

SaaS benefits

Answer 26

-All users will have the same version of the software release. Automatic updates and patch management. -Ease of use and limited/minimal administration. -The user will always be running the latest version and most up-to-date deployment of the software release, as well as any relevant security updates, with no manual patching required. -Standardization and compatibility. -All users will have the same version of the software release.

Question 27

What is PaaS?

Answer 27

Platform as a Service (PaaS): A cloud provides an environment for customers to use to build and operate their own software. PaaS is a way for customers to rent hardware, operating systems, storage and network capacity over the internet from a cloud service provider. The service delivery model allows customers to rent virtualized servers and associated services for running existing applications or developing and testing new ones. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems or storage, but has control over the deployed applications and possibly application-hosting environment configurations. A PaaS cloud provides a toolkit for conveniently developing, deploying and administering application software that is structured to support large numbers of consumers, process very large quantities of data and potentially be accessed from any point on the internet. PaaS clouds will typically provide a set of software building blocks and a set of development tools such as programming languages and supporting run-time environments that facilitate the construction of high-quality, scalable applications. Additionally, PaaS clouds will typically provide tools that assist with the deployment of new applications. In some cases, deploying a new software application in a PaaS cloud is not much more difficult than uploading a file to a web server. PaaS clouds will also generally provide and maintain the computing resources (e.g., processing, storage and networking) that consumer applications need to operate. PaaS clouds provide many benefits for developers, including that the operating system can be changed and upgraded frequently, along with associated features and system services.

Question 28

What is Iaas and its benefits?

Answer 28

Aka hardware as a service. provides network access to traditional computing resources such as processing power and storage. Benefits include: -Ability to scale up and down infrastructure services based on actual usage. -Retain system control at the operating system level.

Question 29

What are the four cloud deployment models

Answer 29

-Public - A public cloud deployment model includes assets available for any consumers to rent or lease and is hosted by an external cloud service provider (CSP). -Private - generally developed and deployed for a private organization that builds its own cloud. -Hybrid - Gaining popularity. to use public cloud service to fulfill non-mission-critical workloads, and taking advantage of flexibility, scalability and cost savings. -Community - can be either public or private. What makes them unique is that they are generally developed for a particular community.

Question 30

What is a service level agreement?

Answer 30

an agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing– specific terms to set the quality of the cloud services delivered. Think of a rule book and legal contract—that combination is what you have in a service-level agreement (SLA).

Question 31

DMZ

Answer 31

A DMZ is a network area that is designed to be accessed by outside visitors but is still isolated from the private network of the organization. The DMZ is often the host of public web, email, file and other resource servers.

Question 32

VPN

Answer 32

a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network.