Network Security Controls - Techincal Controls

Question 1

Describe these email protocols:
1) PGP
2) S/MIME
3) SMTP
4) POP3
5) IMAP

Answer 1

1) Provides cryptographic privacy and authentication for emails.
2) Is used for sending digitally signed and encrypted emails.
3) Sends messages from one email server to another.
4) Retreives email from a server, once retrieved it is deleted from the server.
5) Retrieves email from a server. Synchronizes to the email server.

Question 2

Describe these protocols:
1) RADIUS
2) TACACS
3) Kerberos
4) DNSSEC
5) HTTPS

Answer 2

1) Centralized authentication, authorization, and accounting for remote servers to communicate with a central server.
2) Provides AAA of network devices through one or more centralized servers.
3) An authentication method to access a network based on TGT and TGS.
4) A suite of specifications for securing certain tpes of information provided by DNS.
5) Is used to secure communications across the Internet.

Question 3

Describe these protocols:
1) TLS
2) SSL
3) SRTP
4) LDAP
5) IPSec

Answer 3

1) Ensures secure communcation between client-server application. Supercedes SSL.
2) Uses RSA to ensure secure communcations between client-server models.
3) Used to deliver real-time data such as audio and video streams.
4) Is used to accesss and managing directory services such as AD.
5) Secures IP communications. Mainly used in VPNs and remote user access.

Question 4

Describe these components of IPSec:
1) Authentication Header (AH)
2) Enscapsulation Security Payload (ESP)

Answer 4

1) Provides the data authentication of the sender.
2) Provides both the data authentication and encryption of the sender.

Question 5

Describe these protocols:
1) FTP
2) SNMP
3) SSH
4) OAuth
5) OpenID (OIDC)

Answer 5

1) It used for secure file transmission and file access.
2) Used to monitor and manage devices over a network.
3) Is used by Linux and Unix for secure remote login.
4) Allows user to grant limited access to resources from one site to another.
5) Is an authentication protocol that is buil into OAuth

Question 6

What is Network Segmentation?

Answer 6

Is the practice of splitting a network into smaller networks segments.

Question 7

Describe these types of Network Segmentation:
1) Physical
2) Logical
3) Virtualization

Answer 7

1) Networks are segmented based on physical components.
2) Utilizes VLANs which are isolated logically without considering physical locations of devices.
3) Combines all available network resources to share these resources amongst the network users using a single admin unit.

Question 8

What is a Bastion Host?

Answer 8

Is a computer system that is designed and configured to protect network resources from attacks.

Question 9

Describe these types of Bastion Hosts:
1) Single-homed
2) Multi-homed
3) Internal

Answer 9

1) A firewall with one network interface. All incoming/outgoing traffic is routed through the bastion host.
2) A firewall device with at least 2 network interfaces. Seperates internal and external networks.
3) Resides inside the internal network. Can be single/multi-homed. Network devices communcate directly with bastion host.

Question 10

What is a DMZ?

Answer 10

A computer subnetwork that is placed between the organizations private network and the Internet. Allows for external users to access organzations servers.

Question 11

Describe these types of traffic:
1) East-West
2) North-South

Answer 11

1) Traffic between servers in a data centre
2) Traffic between an outside client and a server.

Question 12

What is a Zer-Trust Network?

Answer 12

Is a model where every user is not trusted by default and needs to verify every incoming connection before allowing access to the network.

Question 13

What is a Firewall?

Answer 13

Is a hardware/software that is used to monitor and filter incoming and outgoing traffic and prevents unauthorized access to private networks.

Question 14

Describe these firewalls:
1) Host-based
2) Network-based
3) External
4) Internal

Answer 14

1) Filters inbound/outbound traffic of an individual computer.
2) Filters inbound/oubound traffic across a LAN.
3) Limits acces between protected and public networks. Provides protection for DMZ.
4) Protects one network segment from another.

Question 15

Describe these Firewall technologies:
1) Packet Filtering
2) Circuit-Level Gateway
3) Application Layer Gateways
4) Stateful Multilayer Inspection
5) Application Proxy
6) NAT
7) VPN
8) NGFW

Answer 15

1) Resides in routers; each packet is compared to a set of criteria before being forwarded.
2) Monitor the TCP handshake to determine whether a session is legitimate or not.
3) Filter packets at the application layer such as HTTP-GET and POST.
4) Combines Application, Circuit-Level and Packet Filtering technologies.
5) Is a proxy server that filters connections between services.
6) Allows multiple LAN devices to use a single IP address.
7) Is a service that creates a secure, encrypted connection over a less secure network, typically the internet. It allows users to send and receive data as if their devices were directly connected to a private network.
8) Is a firewall that is also capable of inspecting packet content, not just port/protocol inspection.

Question 16

Describe the following:
1) IDS
2) IPS

Answer 16

1) Is a system that sits ‘off to the side’ that monitors traffics and alerts admins about suspicious activites.
2) Is an ‘in-line’ system that allows or block packets depending on established policies.

Question 17

Describe the following IDS detection methods:
1) Signature Recognition
2) Anomaly Detection
3) Protocol Anomaly Detection

Answer 17

1) Identifies events based on packet content that indicate an abuse of a system.
2) Detects instrusions based on the established behavioural characteristics of users and components of a computer system.
3) Models are used to detect anomalies in the way TCP/IP protocols behave.

Question 18

Give examples of the following types of intrusions:
1) File System
2) Network
3) System

Answer 18

1) Presence of nnew unfamiliar files, change in file permissions, change in file size, rogue files, missing files.
2) Repeated probes of service, connections from unusual locations, repeated login attempts from remote hosts, influx of login data.
3) Short/incomplete logs, slow system performance, missing logs, modified config files, unusual grpahics/text, gaps in system accounting, systems crashes/boots, unfamiliar processes.

Question 19

Describe the following classifications of IDS:
1) Approach-based
2) Behaviour-based
3) Protection-based
4) Structure-based
5) Analysis Timing-based
6) Source Data Analysis-based

Answer 19

1) Uses the signature, anomaly, and protocol anomaly detection systems to monitor suspicious behaviour.
2) How an IDS responds to events, Active/Passive; Active detects and responds, Passive only detects.
3) What an IDS offers protection to, HIDS/NIDS; HIDS protects the host, NIDS protects the network.
4) Where the IDS is placed, Centralized/Distributed; Centralized is all data is sent to one authority, Distributed uses several IDS to communicate with each other.
5) Ttime between event occurring and analysis, Interval/Real-time; Interval performs analysis offline, Real-time performs analysis on the fly.
6) The data source that is used to detect intrusions, Audit Trails/Network Packets.

Question 20

Describe the components of an IDS:
1) Network Sensors
2) Command Console
3) Alert Systems
4) Response System
5) Attack Signature Databse

Answer 20

1) Hardware/software components that monitor network traffic and trigger alarms.
2) Is the installed software that is dedicated to the IDS.
3) Sends an alert message when an anomaly or misuse is detected.
4) Issues countermeacures against any intrusion that is detected.
5) Attacks are compared against known signatures and then a decision is made.

Question 21

List the four locations where an IDS should be deployed.

Answer 21

1) Behind the external firewall and in the network DMZ,
2) Outside the external firewall.
3) On major network backbones
4) On critical subnets.

Question 22

Describe the following types of alerts:
1) True-positive
2) False positive
3) False Negative
4) True Negative

Answer 22

1) An alarm when an attack occurs.
2) An alarm when no attack has actually taken place.
3) When no alarm is raised when an attack occurs.
4) When no alarm is raised when an attack hasn’t occured.

Question 23

What is a Honeypot?

Answer 23

Is a information system resource that is set up to attract and trap people who attempt to hack a network.

Question 24

Describe these types of Honeypots:
1) Low-interaction
2) Medium-interaction
3) High-Interaction
4) Pure

Answer 24

1) Simulate a limited number of services and applications of a system.
2) Simulate real OS, applications and service of a network.
3) Simulate all services and applications of a network.
4) Emulate the real production environment of a network.

Question 25

Describe these types of Honeypots:
1) Production
2) Research
3) Malware
4) Database

Answer 25

1) Deployed inside the production network to find internal flaws and attackers in a network.
2) High-interaction honeypots to gain detailed knowledge about an attacker.
3) Used to trap malware campaigns and attempts.
4) Fake databases that are vulnerable to database-related attacks such as SQL.

Question 26

Describe these types of Honeypots:
1) Spam
2) Email
3) Spider
4) Honeynets

Answer 26

1) Set up to target spammers who abuse open relays/proxies.
2) Fake email addresses to attract malicious emails.
3) Designed to trap web crawlers and spiders.
4) Networks of Honeypots.

Question 27

What are proxy servers?

Answer 27

Is a dedicated computer/software located betrween a client and the actual server. It serves client requests on behalf of actual servers, preventing actual servers from exposing themselves.

Question 28

Describe these types of proxies:
1) Transparent
2) Non-transparent
3) SOCKS
4) Anonymous
5) Reverse

Answer 28

1) When a client system connects to a server without its knowledge.
2) The client is made aware of the proxy’s existence.
3) Doesn’t allow external network components to collection information on the client that generated the request.
4) Does not transfer information about the IP address of the user.
5) Is situated between the client and the web server. Acts as an intermediary which accepts then forwards requests to the web server.

Question 29

What is a VPN concentrator?

Answer 29

Is a network device that is used to create secure VPN connections.

Question 30

What are these VPN types?
1) Client-to-Site
2) Site-to-Site

Answer 30

1) Remote-Acces VPNs that allow an individual to create secure connections to a company’s network over the Internet.
2) Intranet-based: VPN connects between sites of a single organization
Extranet-based: VPN connects between different organizations.

Question 31

What is VPN Encapsulation?

Answer 31

When packets over a VPN are enclosed within another packet that contains a different IP source and destination. Protects the integrity of the data being sent.

Question 32

Describe these VPN technologies:
1) Trusted
2) Secure
3) Hybrid

Answer 32

1) The service provider owns and manages the entire VPN infrastructure, including servers and networking equipment.
2) Focus on encrypting data as it travels across the public internet or other insecure networks.
3)C ombine elements of both trusted and secure VPNs.

Question 33

Describe these VPN topologies:
1) Hub-and-Spoke
2) Point-to-Point
3) Full Mesh
4) Star

Answer 33

1) Each individual creates a seperate and secure tunnel between themselves and the hub.
2) Different locations can communicate with each other.
3) Peer-to-peer connection is established between all devices.
4) Interconnection is not allowed and remote sites can only connect to the central authority.

Question 34

Describe these modes of IPSec:
1) Tunnel
2) Transport

Answer 34

1) Both header and payload are encrypted.
2) Only the payload is encrypted.

Question 35

What is a Jump Server?

Answer 35

Is an intermediary gateway inside a secure environment that is used to connect hosts/devices in that network to another security zone such as a DMZ.

Question 36

What is User Behaviour Analytics (UBA)?

Answer 36

The process of tracking user behaviour to detect malicious attacks, threats, and fraud.

Question 37

What is Network Accesc Control (NAC)?

Answer 37

Are solutions that attempt to protect the network by restricting the connect of an end user to a network nased on security policy.

Question 38

What is a Web Content Filter?

Answer 38

Hardware/Software solution that block browsing of harmful websites.

Question 39

What is Unified Threat Management (UTM)?

Answer 39

Is a network management solutions to monitor and manage an organization’s network through a centralized console. Is comprised of:
1) Load Balancer
2) Network Firewall
3) Content Filter
4) VPN
5) Anti-Virus/Spam
6) IDS/IPS

Question 40

What are the following?
1) Security Incident and Event Mangement (SIEM)
2) Security Orchestration, Automation, and Response (SOAR)

Answer 40

1) Performs real-time SOC functions like identifying, monitoring, recording and auditing security incidents.
2) A stack of technologies that assist security teams in accumulating, investigating and responding to security events.

Question 41

What is a Load Balancer?

Answer 41

Is a device that distributes network traffic across multiple servers.

Question 42

Describe these Load Balancing algorithms:
1) Session Affinity
2) Round-robin
3) Least Connections
4) Random Connections

Answer 42

1) Tracks the session cookie and forwards the request to the same application server.
2) Distributes requests sequentially according to weights assigned to each server.
3) Chooses the server with the least active connections.
4) Selects two random servers then the chosen one is based on the least-connections algorithm.