Network Security Foundations Flashcards
Is this TCP/IP or OSI?
Application Layer: This layer is responsible for the communication protocols between nodes. The protocols in this layer include hypertext transfer protocol (HTTP and HTTPS), Secure Shell (SSH), and network time protocol (NTP), among many others.
Transport Layer: This layer is responsible for the end-to-end transport of data. The protocols that live in this layer are transmission control protocol (TCP) and user datagram protocol (UDP).
Network Layer: This layer defines the logical transmission protocols for the whole network. The main protocols that live in this layer are internet protocol (IP), internet control message protocol (ICMP), and address resolution protocol (ARP).
Network Interface Layer: This layer establishes how data should be physically sent through the network.
TCP/IP
Application Layer.
Transport Layer.
Network Layer.
Network Interface Layer.
Which is this, OSI or TCP/IP?
TCP/IP
The ……. ? model is used for practical application when locating specific protocol.
TCP/IP
The #1……..? model was developed by the International Standards Organization (ISO) after the #2…….? model to provide greater granularity of networking assignments within the model.
1. OSI
OSI stands for what?
Open System Interconnection model.
Which computer/internet protocol uses seven layers?
OSI (Open System Interconnection)
The ……..? model consists of a seven-layer architecture that organizes the sending of data from hosts across a network.
OSI (Open System Interconnection)
The …… is widely used throughout networking documentation and discussions. Layers are often referred to by number, not name, so memorizing the numbers and having a good understanding of each layer’s uses are essential for success in the IT community.
OSI model
Example:
Receives the frames and data and sends them via the local media (copper wires, fiber-optic cables, etc.) to the switches, routers, etc., along the network path. All of this takes a matter of microseconds to achieve.
What model and what layer is the above example?
Layer 1
Layer 5
Layer 7
Layer 3
OSI
Layer 1
What number is the transport layer of OSI?
Layer 4
What number is the Session Layer of OSI?
Layer 5
Example:
This layer is responsible for the error-free delivery of data to the receiving device or node. This layer is implemented through the use of devices such as switches and bridge devices, as well as anything with a network interface, like wireless or wired network cards.
What OSI layer is this and what is its name?
Layer 2
Data Link Layer
Application Layer.
This layer is responsible for network applications (like HTTP or FTP) and their production of data to be transferred over the network.
What number is the Application Layer?
Layer 7
Receives the packets and adds physical addressing by adding sender and receiver MAC addresses to each data packet. This information forms a unit called a frame.
What OSI Layer is this? And what number?
Layer 2
Data Link Layer
This layer is responsible for translating data from the application layer into the format required to transmit the data over the network as well as encrypting the data for security if encryption is used.
What layer is this and what number?
Layer 6
OSI Presentation Layer
This layer is responsible for the transmission of data between hosts in different networks as well as routing of data packets. This layer is implemented through the use of devices such as routers and some switches.
What layer is this and what number?
Network Layer
Number 3
Layer 5 of the OSI model is?
Session Layer
Which layer of the OSI model establishes, manages, and terminates connections?
Session
Application
Presentation
Network
Session layer
Which layer of the OSI model does a bridge use to make decisions about forwarding data packets?
Network
Physical
Data Link
Transport
Data Link
Which transmission control protocol/internet protocol (TCP/IP) layer performs addressing and routing?
Application
Transport
Presentation
Network
Network layer
OSI model:
The …….. represents network communication at a MAC-address level and forwards packets on …….. devices, like a bridge.
Data Link layer (Layer 2)
Layer 2
Which device is used to connect host devices within a local area network?
Gateway
Repeater
Switch
Router
Switch
Which device operates at layer 2 of the OSI model?
Hub
Repeater
Switch
Router
Switch
A …….. is a layer 3 device that connects networks together
Hub
Repeater
Switch
Router
Router
……. is also used in Ethernet LANs and data centers. …… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.
Cat6 cables
…….. is used in Ethernet LANs containing two twisted pairs allowing for up to 100 Mbps up to 100 meters between the device and the switch, hub, or router. This has been practically replaced by the …. specification.
Cat5
Cat5e
……… is an improvement of the Cat6 standard, supporting the same standards and lengths (with the ability to run 10 Gbps over 100 meters maximum), but using a higher quality cable that is more resistant to interference. This is most commonly used in wired networks today.
Cat6a
There are several different connectors that can be connected to the end of these UTP cables; the two most common are:
RJ11
&
RJ45
UTP cables.
UTP stands for?
Unshielded twisted pair cables.
…… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.
Cat6
……. are analog cables made of copper but specifically engineered with a metal shield intended to block signal interference. This cable was patented in 1880 by Oliver Heaviside and was used as an improvement over the bare copper cables widely used in that day.
Coaxial Cables
Copper cables:
There are several types of ….. cables, but since they are not widely used in networking today, they are not discussed further.
coaxial
……….use glass or plastic threads within cables to transfer the data using light (lasers or LEDs) as opposed to traditional metal cables using electricity.
Fiber optic cables (Fiber cables)
……….. cables are useful for high bandwidth needs, meaning they can carry more data at one time.
Fiber optic cables
…….. cables are lighter and thinner to install but are much more expensive.
Fiber optic cables
There are two types of fiber cables:
These are?
single-mode
multimode.
………. fibers are highly effective over medium distances (500 meters or less at higher speeds) and are generally used within a LAN.
Multimode
The benefit of a ……. fiber cable is the ability to carry higher bandwidth for 50 times the distance of a multimode cable.
single (fiber optic cable mode)
…….. cables are more protected from outdoor weather than traditional copper cables.
Fiber optic cables
Connectors:
…………? : This stands for ……… This is a smaller version of the standard connector (SC). This supports more ports to be used in the same space. This is probably the most common type used in corporate data centers today and is usually used with SFP (small form-factor pluggable) transceivers.
LC
lucent connector
………? : This stands for a ………. This was the most commonly used connector with multimode fiber until the mid-2000s. It was used on campuses, corporate networks, and for military purposes. Today, LC connectors are usually used instead, as they are denser and more convenient at almost the same cost.
ST
Straight tip connector
……..cables are used to connect two computing devices of the same type directly to each other. In computers, this is accomplished via their network interface controllers (NIC) or switches.
Crossover cable
……….. are used to connect a device to a wall outlet, for example. The wall outlet is wired to another patch panel in the networking closet, and that networking panel is wired into a switch. These cables can also be used to wire servers in a rack to the top-of-rack (ToR) switch.
Patch cables
……. is an association of professional electronic and electrical engineers responsible for many of the standards created in networking today. Founded in 1963.
IEEK
BCGF
KBIE
IEEEC
IEEE
The Institute of Electrical and Electronics Engineers (IEEE)
….. is one of the most basic tools for testing connectivity to other hosts.
Ping
……….. are used to trace the route an IP packet takes to a destination.
Traceroute and tracert
Ipconfig stands for?
Internet Protocol Configuration
…….. is similar to traceroute or tracert in that it displays the path taken by a packet from its source to its destination.
Tracepath
……… provides the user with the IP, subnet mask, and default gateway for each network adapter by default with the /all option information, such as MAC address, DHCP status, and lease information.
Ipconfig (internet protocol configuration)
Similar to ipconfig, …….. is used to configure the kernel network interfaces. It is implemented at the time of booting to configure the necessary interfaces. Once the interfaces are configured, it is used for debugging or tuning the system. It is primarily used in Linux.
ifconfig
Network Commands:
ARP stands for?
Address Resolution Protocol
……… displays the IP to physical (MAC) address mappings for hosts that have been discovered in the …….
ARP (Address Resolution Protocol)
ARP cache
telnet/ssh
tcpdump
nmap
finger
These are examples of what?
Network Commands
……. displays information about active ports and their state and can be useful in troubleshooting and capacity management. The command netstat -r displays routing information for network adapters. It is available in Windows, MacOS, and Linux.
Netstat (network statistics)
…….. displays information for displaying DNS information and troubleshooting DNS problems. It is useful in displaying names to IP address mappings.
Nslookup (name server lookup)
………….is a command used to query the DNS name servers. It is helpful in troubleshooting DNS problems. It is also used for lookups and will display answers from the query. It is a replacement for nslookup.
dig
nslookup
ARP
ipconfig
dig
Dig stands for?
domain information groper
……..is a tool most often used to look up who owns a domain or block of IP addresses on the internet, including name, email address, and physical address. However, there are many privacy options that hide this information from being returned. It is primarily used in Linux.
Whois
……. can be used to display the current route tables on a host.
Route
The ……… command is used to securely copy files between servers, leveraging SSH (secure shell) for authentication and encryption.
SCP (Secure Copy Protocol)
………. copies the file from one host to another host.
telnet/ssh
FTP
Netstat
Dig
FTP (file transfer protocol)
Network commands:
SSH stand for?
Secure shell
………. transfers a file from either a client to a server or from a server to a client using UDP (user datagram protocol) instead of TCP, and so it is usually used on reliable (local) networks.
ARP
dig
tftp
ftp
TFTP (trivial file transfer protocol)
………. displays information about a user or users on a remote system, including things such as last log-in time and username. It is primarily used in Linux.
dig
ftp
ifconfig
Finger
Finger
……….. scans networks to see what it can find in terms of hosts and open ports (including well-known ones for many applications). It is commonly used to determine what is deployed on a network for vulnerability analysis, security scans, and related activities.
Nmap (Network Mapper)
…….. and …….. are not native to either Linux or Windows but can be downloaded for free and used with both.
dig
finger
tcpdump
nslookup
Nmap
tcpdump
Nmap
……….. displays TCP/IP packets and other network packets that are being transmitted over the network system.
Tcpdump
…………: It is a form of protocol analyzer (sometimes called a sniffer) and is designed to show the contents of network packets in human-readable form for troubleshooting, security analysis, etc.
Tcpdump
…….. allows a user to manage accounts and devices remotely but unencrypted.
Telnet
………….allows a user to manage accounts and devices remotely but it is encrypted.
SSH Secure Shell
An organization needs to perform an analysis to identify vulnerabilities such as open firewall ports, unauthorized operating systems or device types, and weak passwords. Which tool is recommended?
nslookup
nmap
tracepath
finger
nmap
The ………. utility is the correct answer and can perform many types of vulnerability scans by sending specially crafted data packets and learning about the target(s) based on the responses of the target(s).
Network Mapper (nmap)
A server administrator is tasked to harden the database servers, and one of the requirements is to document any firewall ports that are open and closed. Which native Windows command line utility should the administrator use?
finger
tcpdump
dig
netstat
netstat
The …… is used in Linux to limits the number of pings within a single session. In this example, the ping command attempts transmission eight times and is the correct answer.
-c switch
Which protocol provides remote access over encrypted connections?
File transfer protocol (FTP)
Secure shell (SSH)
Domain Name System (DNS)
Internet control method protocol (ICMP)
Secure shell (SSH)
What does the address resolution protocol (ARP) cache map?
IP addresses to network destinations
IP addresses to MAC addresses
MAC addresses to interfaces
MAC addresses to ICMP
IP addresses to MAC addresses
Bluetooth ear pods connected to a phone or laptop would be an example of what kind of network?
LAN
WAN
PAN
WLAN
PAN
Personal Area Network
Networks:
SAN stand for?
Storage Area Network
WAN stands for?
WLAN stands for?
Wide Area Network (WAN)
Wireless Local Area Network (WLAN)
Examples of ….. are a home, lab, or office building. Most often, ….. use Ethernet, Wi-Fi, or both to connect the network devices.
LANs
Many private homes use …. in the form of Wi-Fi, as it allows for multiple users to be connected to the network (and usually the broader internet), but not be tied down to a specific location in the home.
WLAN
………… allow servers to access devices such as tape libraries and disk arrays while presenting them to the operating system like any other locally attached device.
SANs
………. may also use other protocols, such as Fibre Channels that do not usually operate on traditional network equipment.
SANs
….. there is no individually designated server or client. Each machine on the network can act as both server and client, sometimes requesting data from other nodes and sometimes answering requests from others. Bitcoin and Tor are examples of ……. networks.
Peer to Peer (P2P)
The server is the system that stores data and information. The client is the machine that needs access to that data. This is the traditional model of networking since the 1990s.
This is an example of what networking model?
Client Server
Unlike other topologies such as bus, ring, or star, …….? topologies are not necessarily constructed using physical network cables. The nodes may connect using Wi-Fi or radio signals or by virtual links such as virtual private networks (VPNs).
What topology is this?
Mesh topology
…….. networks are typically used where communication within a network must be highly available and redundancy is needed.
Which topology is this?
Star
Bus (Linear)
Mesh
Ring
Mesh
Architecturally speaking, there are two extremes in networking and computing architecture:
Which are?
centralization
&
decentralization
In the early days of mainframe computers, nearly all computing and network power was …… in a large data center.
centralized
The performance is also much more constant and reliable.
While security is a great benefit of …….?
The above is an example of what type of network architecture.
Centralized?
Or…
Decentralized?
Centralized
Another advantage of ……….. is the lack of a single point of failure, or, perhaps more accurately, each computer is its own single point of failure because the computers do not rely on each other.
decentralization
What is the principle advantage of wireless networks?
Redundancy
Stability
Security
Portability
Portability
Which network model is characterized by client computers that act as both servers and workstations?
Client/server
Wired
Wireless
Peer-to-peer
Peer-to-peer
Virtualization relies on a special type of software, known as a …….., which creates the virtual hardware for devices.
hypervisor
Regardless, all …….. have something in common: they use software to create the illusion of physical hardware.
hypervisors
…… is essentially programming instructions baked into copper and silicon chips.
Hardware
Each instance of virtual hardware is called a ……, or VM.
virtual machine
NOT A FLASHCARD.
The operating system (OS) installed within the VM is often referred to as a guest OS to differentiate it from the operating system of the underlying physical computer, which is called the host OS.
The ……. serves as a resource traffic cop in that it manages how each VM (virtual machine) accesses and consumes the physical hardware resources, such as CPU, RAM, networking, and storage.
hypervisor
…….. hypervisors typically requires dedicated hardware and are installed as that machine’s operating system, making them more commonly found in data centers than in home networks.
Type 1
Type 2
Which?
Type 1
Bare metal hypervisor is….
Type 1
Or…
Type 2
Type 1 hypervisor is bare metal
Hypervisor that is hosted is….
Type 1
Or…
Type 2
Type 2 hypervisor is hosted (Installed as an application in the device’s operating system.
VMware Workstation or Microsoft Hyper-V…
Are examples of what type of hypervisor?
Type 1
Or…
Type 2
Type 2
…… hypervisor for MacOS, such as VMware Fusion or Parallels Desktop, which would allow you to create and run a Linux VM on your laptop.
Which type of hypervisor?
Type 2
Or…
Type 1.
Type 2
……….hypervisor is competing for hardware resources with all the other running applications on your computer; and second, the hypervisor does not have direct and unrestricted access to the physical hardware but instead must send all your VM’s hardware requests through your computer’s operating system.
This is what type of hypervisor?
Type 1
Or…
Type 2
Type 2
What kind of software will the IT team need to install on a Mac to enable it to run this Windows environment?
Keyboard video mouse (KVM) switch
Type 2 hypervisor
Virtual machine (VM)
Type 1 hypervisor
Type 2 hypervisor
What is a hypervisor?
A hardware tool used to host virtual systems
A virtual application developer
A software tool used to host virtual systems
A virtual system administrator
A software tool used to host virtual systems
……. are like a layer of system software between computer hardware and virtualized systems.
Hypervisors
Which cloud service model requires the customer to be responsible for operating systems?
PaaS
IaaS
SaaS
IaaS
Infrastructure as a Service
PaaS stand for?
Platform as a Service
SaaS stands for?
Software as a Service.
However, the industry also includes the catch-all term …. as a service, where …. could be nearly anything from security, accounting, hardware, etc.
XaaS
X as a Service
Salesforce
Gmail
Outlook
Are examples of?
IaaS
SaaS
PaaS
DaaS
SaaS
Software as a Service
Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)….
These are examples of Public Cloud providers or Private Cloud providers?
Public Cloud providers.
Which type of cloud between Public Cloud or Private Cloud providers is more likely to be secure?
Public Cloud providers.
……. is the concept of leveraging the services of multiple public cloud providers, such as hosting your website at AWS and GCP and balancing the users between these providers. This concept, in practice, can add redundancy and flexibility.
Which cloud is the above an example of?
Public cloud.
Private cloud.
Community cloud.
Multi-cloud.
Multi-cloud
For …… cloud computing, the customer will require a dedicated connection between their on-premises data center and the public cloud provider.
This is an example of?
Hybrid cloud
Public cloud
Private cloud
Community cloud
Multi-cloud
Hybrid cloud
Why would a business likely choose a hybrid cloud solution?
They want a cloud provider to take responsibility for all hardware aspects of their systems.
They want to maintain total control of all hardware their software runs on.
They want to jointly own and control the hardware their software runs on.
They want to use their own systems but add the ability to scale up for burst demand.
They want to use their own systems but add the ability to scale up for burst demand.
The ….. is a reference model that takes into account confidentiality, integrity, and availability.
CIA triad
…….: The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of attacks.
SecOps
……. : A weakness in software, hardware, facilities, or humans that can be exploited by a threat.
Vulnerability
……. : The potential of a threat to exploit a vulnerability via an attack.
Risk: The potential of a threat to exploit a vulnerability via an attack.
……: Something or someone that can exploit a vulnerability to attack an asset.
Threat
…….: An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset.
Attack
………: A person, device, location, or information that SecOps aims to protect from attack.
Asset: A person, device, location, or information that SecOps aims to protect from attack.
To gain access to the information, the attacker needs to get into the middle of the conversation; however, to do so, the attacker must impersonate the sender and receiver of the traffic. This act is known as “……? its identity.”
This is an example of?
Spoofing
Taking control
SQL Attack
Buffer overflow
Spoofing
An application called a “……..” can systematically check each of these ports by sending thousands of TCP/IP packets to the victim’s computer, each packet on a different TCP port.
port scanner
An attacker just needs to send traffic to each and every port to learn which services are running. Unfortunately for the attacker, there are tens of thousands of ports, numbered from 0 to 65,535.
This type of attack is called?
Port Scanning
The …… attack overwhelms a victim’s computer with an immense volume of ICMP echo-request packets, all containing a forged, randomized source address.
Ping flood attack
Threats known as ……. attacks do just that: they deny someone access to a service, usually by overwhelming the victim with enormous amounts of useless traffic.
denial-of-service (DoS)
Two common social engineering attacks are:
Impersonation
Phishing
Denial of Service
Spoofing
Wiretapping
Poor physical security measures
Impersonation
&
Phishing
A ….. attack creates half-open connections.
SYN
Wiretapping
Spoofing
Smurf attack
SYN attack
How does a Smurf attack operate?
It causes hosts to reboot repeatedly.
It creates multiple VPN connections with hosts.
It creates half-open connections.
It spoofs the source address for all ICMP packets.
It spoofs the source address for all ICMP packets.
This is a Denial-Of-Service attack.
Another example involves ARP poisoning, which is a method attackers use to cause an Ethernet switch to flood all traffic to every port on the switch, including the attacker’s computer.
What kind of attack is the above?
Spoofing
Wiretapping
Denial of Service
Spoofing
The Smurf Attack is what kind of attack?
(It spoofs the source address for all ICMP packets)
Spoofing
Wiretapping
Phishing
Denial-of Service.
Denial-of-Service.
A …… attempts to spoof the source address of ICMP packets and broadcast to the network in an attempt to flood it.
Smurf attack
……..software protects against malware, identifies it, quarantines it, and removes it.
Antivirus
…….. may prevent unwanted connections to a system.
Which is the correct answer?
Antivirus
Personal Firewalls
Content Filter
Personal firewalls
……. prevent malicious or inappropriate network traffic.
Which is the correct answer?
Antivirus
Encryption
Content Filter
Content filters
……. makes content unreadable unless a private key is used.
Content Filter
Firewall
Encryption
Encryption
Which software protection provides malware identification?
Antivirus
Content Filter
Encryption
Antivirus
Which device provides web content filtering and URL scanning?
Web proxy
Stateful firewall
Router
Intrusion detection
Web proxy
A ….. compares inbound and outbound packets and determines whether they are allowed.
Antivirus
Stateful firewall
Content Filter
Stateful firewall
An …….. device or system detects network attacks based on signature.
intrusion detection
A ….. moves traffic from a network to a different network.
Antivirus
Content filter
Router
Router
A ….. filters internet content and performs security checks on sites visited, files downloaded, etc.
Antivirus
Web proxy
Phishing
Web proxy
It is also known as a “tar pit” because it is intended to attract or distract would-be attackers from the actual targets on the network.
This is an example of?
Antivirus
Honeypot
Smurf Attack
Honey Pot
Some attacks are …… and may not cause obvious damage right away. Such is the case with rootkits, backdoor attacks, and Trojan horses.
Forced.
Silent.
Announced.
Silent.
These attack; rootkits, backdoor attacks, and Trojan horses… are meant to be silent and not cause any detection.
CIA triad:
Helps maintain the accuracy of data and to identify the trustworthiness of the information.
This is an example of?
Availability
Integrity
Confidentiality
Integrity
CIA Triad:
Ensures the data is always accessible by its authorized user
This is an example of?
Availability
Integrity
Confidentiality
Availability
CIA Triad:
Helps limit access to information, preventing an unauthorized user from accessing, copying, or transmitting the information.
This is an example of?
Integrity
Confidentiality
Availability
Confidentiality
Firewall:
A ……. is a firewall that operates at Layers 3 and 4 of the OSI network model: network and transport.
Packet filter firewall
Firewall:
A ……. is a device that operates as a middleman between two or more systems to help conceal the true identity of the client and server.
circuit-level gateway
Firewall:
…….are the foundation of network address translation (NAT) and port address translation (PAT), which are commonly used in firewalls to allow private IP address ranges to communicate on the internet.
Circuit-level gateways
Firewall:
These firewalls inspect incoming (ingress) and outgoing (egress) traffic and compare the following attributes to a database of
…….. rules that determine if the firewall will forward (allow) or drop (deny) the traffic.
This is an example of what type of Firewall?
Packet Filter
Remember, ……… firewalls lack the ability to inspect the contents of the packets. Because of this, malicious traffic could pass into the network unchecked.
Packet filter
A system administrator wants to protect the local network from untrustworthy external traffic. Which device should this system administrator implement?
Switch
Repeater
Router
Firewall
Firewall
A network …. is a barrier that intercepts and inspects traffic moving from one network to another.
Firewall
Which three levels of the OSI model does stateful inspection require?
Layers 1, 2 and 3
Layers 3, 4, and 5
Layers 2, 4, and 7
Layers 3, 5, and 7
Layers 3, 4, and 5
In order for a ….. to understand whether there is a conversation going on between two endpoints, it must be able to analyze the address (Layer 3), it must be able to analyze the type of traffic—usually TCP or UDP—which requires Layer 4 inspection, and it must be able to analyze Layer 5 data in order to recognize that a session has been requested and established.
This is an example of?
Antivirus
Hypervisor Type 1
Firewall
Hypervisor Type 2
Firewall
Which layers of the OSI model does a packet-filtering firewall operate in?
Layers 1 and 2
Layers 3 and 4
Layers 4 and 5
Layers 6 and 7
OSI Layers 3 & 4
……. intercept and block threats.
Which one?
IPS
or
IDS
IPS
Intrusion Prevention System
……monitor the network to detect threats.
Which one?
IDS
or
IPS
IDS
Intrusion Detection System
Both types of systems (IPS & IDS) can be configured to operate in …., which is where they attach to the network as listening devices only. (Eavesdropping/Wiretapping listening devices)
Which mode is this called?
tap mode
Tap mode works wells for ……?
IDS
or
IPS
IDS
Intrusion detection system
For an ……. device to stop traffic, it must be positioned in the middle of the traffic stream, a configuration known as in-line mode.
Which one is the correct answer?
IDS
IPS
Circuit-level gateway
IPS Intrusion Prevention System
There are also cases where the IPS device may block traffic, particularly files that are known to carry viruses and malware. This is a method known as ………?
IDS
Tap mode
CIA triad
reputation-based protection
reputation-based protection
A good example of this is when IPS devices and firewalls block executable (EXE) attachments or downloads.
This is called?
CIA Triad
Reputation-based protection
OSI Layer 7
Protocol
Reputation-based protection
Intercepts and blocks threats
Has many network ports to operate as input/output pairs
Has cables routed physically through devices to create choke points
The above is an example of?
IDS
IPS
OSI Layer 3
Antivirus
IPS Intrusion Prevention System
Monitors the network to detect threats
Listens passively on the network
Alerts network admin of any detected suspicious behavior
This is an example of?
Antivirus
CIA Triad
IDS
IPS
IDS Intrusion Detection System
Identifies malicious traffic
Available as virtual and host-based applications
Can be configured to operate in tap mode
This is an example of?
IPS
IDS
IDS & IPS (Both)
CIA Triad
Mesh Topology
IDS & IPS (Both)
Suspicious traffic comes into the switch
Intrusion system inspects traffic and alerts. admin of suspicious packets.
An alarm is sent to admin’s management system.
This is an example of?
OSI Layer 6
IDS deployment
IPS deployment
CIA Triad
IDS deployment
Suspicious traffic comes in.
An intrusion system blocks suspicious packets before it gets to the switch.
This is an example of?
IPS deployment
IDS deployment
OSI layer 5
Hadoop
IPS deployment
Consider the security-related differences between a wired network using Category 6 cables versus a wired network using fiber optic cables. If wiretapping or electronic eavesdropping is a concern, the ……………. provide greater security.
Which cable provides better security?
Fiber optic cables
or
Cat6 (Category 6) cables
Fiber optic cable
Wiretapping is a …… threat because it involves tampering with the physical cables of a victim’s network
What OSI layer is wiretapping?
OSI layer 3
OSI layer 6
OSI layer 7
OSI layer 1
OSI Layer 1 Physical
For instance, check the security of the locks on the doors to the data center, equipment racks, and wiring closets throughout your building.
What OSI layer is the above example?
Layer 4
Layer 7
Layer 3
Layer 1
Layer 1 Physical
An attacker executes a radio jammer attack at ………..?. The radio jammer sends radio signals, which interfere with the victim’s wireless network card and prevents the victim from communicating with a wireless access point (WAP).
What OSI Layer is this?
Layer 5
Layer 3
Layer 7
Layer 1
Layer 1 Physical
WAP stands for?
Wireless access point
The attacker sends special Ethernet frames on the network that quickly poison or overwhelm the switch’s internal traffic-handling database called the forwarding information base (FIB). Without the FIB, the switch no longer knows where to forward traffic, and so it begins flooding all its ports with every frame it receives, allowing the attacker to receive a copy of all the traffic passing through the switch. When coupled with a packet sniffer, the attacker can reconstruct and analyze the received frames to gather information that will help the attacker to conduct further attacks against the network.
What kind if attack is this and what OSI layer?
Smurf attack, layer 2.
or
ARP poisoning, layer 2.
ARP poisoning, layer 2.
What is the best defenses against ARP poisoning?
IPS
IDS
Hadoop
OSI layer 7
IPS
Spoofing is an attack that can occur at both OSI layer ……? & OSI Layer …..?
Layer 4 & Layer 7
Layer 5 & Layer 6
Layer 4 & Layer 1
Layer 2 & Layer 3
Layer 2 (Data link) & Layer 3 (Network)
The best defense of a Spoofing attack is?
IDS
CIA Triad
IPS
IPS
Port scanner attacks happen typically on what layer of OSI?
Layer 2
Layer 7
Layer 4
Layer 6
OSI Layer 4 Transport
Remote procedure call (RPC) is an example protocol at Layer ….? and is used by computers to execute functions and procedures on other computers, such as a central server launching a program or print job.
Layer 3
Layer 7
Layer 2
Layer 5
Layer 5 (Session)
Man-in-the-middle attack happens at what OSI Layer?
Layer 3
Layer 6
Layer 4
Layer 5
Layer 6 (Presentation)
Encryption typically happens at what OSI Layer?
Layer 4
Layer 7
Layer 3
Layer 6
Layer 6 (Presentation)
The ……. layer serves as a translation and security layer between applications, allowing computers to encode and encrypt data.
Physical Layer 1
Network Layer 3
Presentation Layer 6
Session Layer 5
Presentation Layer 6
TLS and SSL (Shell) are commonly performed at what OSI Layer?
Presentation Layer 6
Physical Layer 1
Network Layer 3
Data Link Layer 2
Presentation Layer 6
For example, the ping sweep attack sends pings to a large number of IP addresses to detect which computers are online and may, therefore, be susceptible to other attacks. Fortunately, these attacks can be easily mitigated by using a …….?
Packet-filtering firewall
IPS
IDS
CIA triad
Packet-filtering firewall
Ping flood DoS attack described in an earlier lesson, are typically intended to disrupt ……. on the network.
Communication
Ping attacks commonly are performed at what OSI layer?
Layer 4
Layer 5
Layer 3
Layer 1
Layer 3 Network
API stands for?
application programming interface
Another way to mitigate attacks at the Application layer 7 is to leverage a ……. that is able to scan the incoming packet for malicious behavior instead of simply forwarding the malicious payload to the destination. An IPS device will also protect against these threats.
reverse proxy system
Security professionals use a tool called a ………. to detect problems and known bad code that result in vulnerabilities in your applications.
vulnerability scanner
A security analyst is testing the security of an organization’s website by placing a script directly into a search box. Which level of the OSI model is the analyst addressing?
Layer 4
Layer 5
Layer 6
Layer 7
Layer 7 (Application)
The Application layer 7 defines how users connect with the application services through protocols such as ……? & ….?
HTTP
HTTPS
Application layer is an application programming interface (API) endpoint for web services and websites, both of which leverage the ….. and ….. protocols. Prime targets are web servers, especially web servers that host APIs.
HTTP
HTTPS
Which Transport layer protocol is best suited for streaming audio and video?
User datagram protocol (UDP)
Internet protocol (IP)
Hypertext transfer protocol (HTTP)
Transmission control protocol (TCP)
User datagram protocol (UDP)
The analyst in this scenario is testing for cross-site scripting vulnerabilities, which would affect the Layer ….?
Layer 7 Application
SQL Injection Attack
Security solution: Leverage a reverse proxy system and scan incoming packets for malicious behavior.
OSI Layer…..?
Layer 7 Application
Man-in-the-Middle Attack
Security solution: Mitigate by using an application-layer proxy or an IPS, and train users about fake security certificates.
OSI Layer ….?
Presentation Layer 6
RPC Attack
Security solution: Mitigate with regular OS and application patching.
OSI Layer ……?
Session Layer 5
Wiretapping
Security solution: Look for physical vulnerabilities, check the locks on doors, racks, and wiring closets.
OSI Layer:……?
Layer 1 Physical
VLAN Hopping
Security solution: Configure the VLAN tagging per the switch vendor’s recommendation.
OSI Layer: …..?
Data Link Layer 2
Ping Sweep Attack
Security solution: Mitigate by using a packet-filtering firewall.
OSI Layer: ….?
Network Layer 3
Port Scanner
Security solution: Mitigate by using a packet-filtering firewall.
OSI Layer: …..?
Transport Layer 4
…………..?, also known as private key encryption, uses the same key to encrypt the data as it does to decrypt the data, meaning that when used for data transmissions, symmetric key encryption requires that both the sender and the receiver possess the same cipher key.
Symmetric key encryption
Asymmetric key encryption
Elliptic curve cryptography (ECC)
Symmetric key encryption
………………? rely on two different keys to encrypt and decrypt the traffic. This is particularly useful on the internet where the encryption of the data being sent to and from e-commerce and banking websites is needed.
Elliptic curve cryptography (ECC)
Asymmetric key ciphers
Symmetric key encryption
Asymmetric key ciphers
PKI is an asymmetric key solution that allows two parties to exchange encrypted data without having first exchanged a private or shared key with one another.
This is used in?
Elliptic Curve Cryptography
Asymmetric Key Encryption
Symmetric key encryption
Asymmetric Key Encryption
In order to add complexity to the keys that defies current brute force attack methods, a new breed of asymmetric key creation was unveiled: ………?
PKI
Symmetric Encryption
Elliptic curve cryptography (ECC)
Elliptic curve cryptography (ECC)
………….? uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.
ECC elliptical curve cryptography
…………..?, as well as ………….?, is performed using a symmetric key to optimize its speed, but that key is exchanged using an asymmetric key cipher to ensure perfect secrecy of the key exchange.
(These are hybrid encryption methods that use both symmetric and asymmetric encryption techniques)
Transport Layer Security (TLS) encryption
Bulk data encryption
Which encryption application provides authentication and encryption services that are commonly used to create VPN tunnels at OSI Layer 3?
Secure Socket Layer (SSL)
Internet protocol security (IPSec)
Transport Layer Security (TLS)
Advanced Encryption Standard (AES)
Internet protocol security (IPSec)
What is a characteristic of symmetric key encryption?
Use of a public key and a private key
Public key infrastructure
Use of a shared key
Elliptic curve cryptography
Use of a shared key
…….? data is called plaintext.
Unencrypted
Encrypted plaintext is called……..?
Ciphertext.
IPSec is commonly used to create …… at OSI Layer 3.
VPN tunnels
What is the fastest encryption method for bulk encryption of data?
Asymmetric key encryption
TLS
Symmetric key encryption
PKI
Symmetric key encryption
An ………….? relies on two different keys to encrypt and decrypt the data.
Which one?
Asymmetric key cipher
Symmetric key encryption
Asymmetric key cipher
………… dictate how long a piece of data should remain available, whether in active day-to-day storage or in archive copies.
Retention policies
Data protection
Device hardening
Encryption of Data at Rest
Retention policies
The key used to encrypt and decrypt your data is called a ………?
data encryption key (DEK)
When you encrypt the DEK, you use an asymmetric encryption key called a ………….? . To help keep all these keys organized, you will store the encrypted DEK inside a key management server (KMS) that grants access to the key based on the validity of your KEK.
key encryption key (KEK)
To help keep all these keys organized, you will store the encrypted DEK inside a ……?
key management server (KMS)
It is equally important to encrypt your data in transit, also known as “……”.
“data in flight.”
If you are developing a web application that will require internet users to create credentials for your application, consider instead using an authentication service known as ……?
Federated identity management
Key management server
Data in flight
Federated identity management
IAM stands for?
identity and access management (IAM)
Form of encryption:
SSL stands for?
Secure Sockets Layer
Encryption:
TLS stand for?
Transport Layer Security
Encryption:
IPsec stands for?
Internet Protocol Security
………..? provides an authentication and encryption solution that secures IP network traffic at Layer 3 of the OSI model.
Internet protocol security (IPsec)
This is in contrast to the ….. protocol discussed above, which operates at Layer 6.
TLS
Which layer does TLS operate at?
OSI Layer 6
What is the name of OSI Layer 6?
OSI Presentation layer 6.
Currently, the most secure algorithm for storing and encrypting data at rest is the……….?
Advanced Encryption Standard (AES)
Depending on the key length, as many as 14 transformations can be made against a given block of data, making it exceptionally difficult, if not impossible, to reverse the encryption without the key or the aid of quantum computers.
This is what type of encryption?
TLS
SSL
Advanced Encryption Standard (AES)
Elliptic curve cryptography
Advanced Encryption Standard (AES)
Regardless of your backup solution plan, be sure to test it regularly. In fact, consider automating a restore process once a …..? to check for failures or inconsistencies in the backup.
Month.
Year.
Day.
Week.
Quarter.
Week.
Encryption:
DEK stands for?
Data encryption key
Concepts of data encryption:
These two terms are used in IT Security:
True or False?
Encryption of Data at Rest
Encryption of Data in Transit
True
MFA stands for?
multifactor authentication
API stands for? (keys)
application programming interface
Public cloud providers keep detailed …. of the actions taken within their system to help you account for changes and to discover any unauthorized use of privileged credentials.
audit logs
……..? are scalable, single-tenant clusters of computing, storage, and networking resources owned and maintained by a single company, typically (but not always) located within a data center belonging to that company.
Private clouds
…….? are hosted by companies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), and tend to offer highly scalable, multi-tenant solutions in data centers placed around the world.
Public clouds
A …… is the combination of services running in both public and private clouds.
hybrid cloud
IAM stands for?
Identity & Access Management
Cloud Security
Steps:
Log in using Google ID
User verified with identity token
This would be?
Application
Network
Cloud Platform
Application
Cloud Security
Steps:
Configure firewalls to inspect traffic
Add layers to protect against an attacker
This is an example of?
Network
Application
Cloud Platform
Network
Cloud Security
Steps:
Employs IAM to determine who has access to specific resources
Service provider maintains physical equipment
This is an example of?
Application
Cloud Platform
Network
The ….. algorithm uses only 56-bit encryption and can be compromised by brute force software running on modern hardware in less than a day.
Triple DES aka 3DES
……. is a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data
Triple DES (often abbreviated 3DES)
………? can be used with a 128-bit, 192-bit, or 256-bit key
AES advanced encryption standard
WEP stands for?
Wired equivalent privacy
Because all packets are encrypted by that key, …..? is very vulnerable to attack today.
WEP wired equivalent privacy
……..? key is either 10 or 26 hexadecimal digits. Each hexadecimal digit is 4 bits.
WPA
WPA2
WEP
AES
WPA3
3DES
WEP
WPA stands for?
Wi-Fi protected access WPA
Why would someone choose to implement Advanced Encryption Standards (AES) encryption over Triple Data Encryption Standard (3DES) encryption?
For transmission over longer distances.
For a more secure level of encryption due to increased complexity.
Because they prefer to use a symmetric key algorithm.
To hide the network name from discovery protocols
For a more secure level of encryption due to increased complexity.
Which IEEE 802 standard is for wireless LAN connections?
802.3
802.1x
802.11
802.15
802.11
What is one disadvantage of using WPA3 on a wireless network?
The licensing fees can be costly on large networks.
Security levels are higher using WEP.
Transmission rates are higher using WPA2.
WPA3 may not be supported by many older network devices.
WPA3 may not be supported by many older network devices.
In …….? , all wireless communication is performed in a peer-to-peer fashion and does not require or involve a WAP.
ad-hoc mode
Which network type does not require a wireless router or access point between clients?
WAN
Ad-hoc
SAN
Infrastructure
Ad-hoc
EAP stands for?
And is a?
Extensible Authentication Protocol
Protocol
The …..? security standard was designed to fit that exact situation. It provides network access control at the port level, whether physical or wireless, and it provides an authentication standard based on the Extensible Authentication Protocol (EAP)
802.3
802.1x
802.11
802.15
802.1x
In WPA3, all devices now use the ………..? (SAE) method to exchange the network key as defined in the IEEE 802.11-2016 standard.
simultaneous authentication of equals
A …. is a way for perpetrators to force victims to connect to rogue networks. In other cases, it interrupts the operation of security systems to facilitate burglaries or porch piracy.
deauth attack
………. is a denial-of-service (DoS) attack where the attacker can force any client (or even every client) off of the network.
Deauthentication (abbreviated deauth)
Best defense against a Deauth Attack?
WPA3
The attacker sets up an illegitimate wireless network using their own WAP and may even share their own cellular data to create an internet hotspot. The attacker usually opens this network without any security or authentication so as to entice people in a hurry to connect to the attacker’s rogue WAP.
This type of attack is called?
Fake Access
AAA stands for?
Authentication, authorization, and accounting.
AAA
Confirm user is who they claim to be
Usernames and passwords
Public key infrastructure (PKI) certificates
This is?
Accounting
Authentication
Authorization
Authentication
AAA
Report on user’s access
Provides forensic trail after a security breach
Logs successful and unsuccessful connection attempts
This is?
Accounting
Authentication
Authorization
Accounting
AAA
Define what the user can access, permissions.
Give permissions to a user
Write and delete or read-only
This is?
Accounting
Authentication
Authorization
Authorization
AAA
A system can confirm your identity via usernames and passwords or with certificates, as is the case with …….?
This is?
Accounting
Authentication
Authorization
1.
public key infrastructure (PKI)
2.
Authentication
Below are examples of what?
Change Default Passwords
Remove Unnecessary Logins
Enforce a Strong Password Policy
Remove Unnecessary Services
Keep Patches Up to Date
Limit Physical Access to the Device
Only Allow Changes from a Trusted Network
Require Encryption for Wireless Networks
Audit Access
Backup
Device Hardening methods
…… ? is a common way to gather the logs and send them to a …..? server for storage. There are many applications, both commercial and open-source, that can review these logs and alert you when anomalies are detected and should be further investigated by a person.
Syslog
Syslog server
Which OSI layer is related to the function of the IP protocol suite?
Transport
Network
Data link
Session
Network
Which OSI layer is responsible for organizing how bits are passed over the physical layer between devices within the same collision domain?
Frame
Connection
Transport
Data link
Data Link
Which OSI layer would define the scope of a protocol that makes sure packets of data are received correctly and resends them if they are not?
Validation
Transmission
Transport
Connection
Transport
Which protocol suite performs functions of OSI layer 4?
IPX
MAC
CSMA/CD
TCP
TCP
Which type of Ethernet cable can maintain 10Gbps transmission speeds through the course of its maximum 100-meter length?
CAT 5e
CAT 5
CAT 3
CAT 6a
CAT 6a
Which Internet access technology uses ordinary telephone wires for data transmission?
DSL
Cable
Wi-Fi
Hotspot
DSL
Which device is used to organize network cables as they run between switches and other network devices?
Jack
Hub
Patch panel
Router
Patch panel
Which network device is used to connect two or more network segments by performing OSI layer 3 functions like packet-forwarding?
Router
Repeater
Wire
Switch
Router
Which network device is used to convert between digital information from a LAN and analog signals for transmission over a standard telephone wire?
Repeater
Modem
Signal generator
Bit stretcher
Modem
Which device could be used to send commands to the mainframe for remote execution in early mainframe installations?
Distributed screens
Dumb terminals
Execution displays
Command receivers
Dumb terminals
Which device is responsible for implementing network address translation (NAT)?
Modem
Router
NIC
Switch
Router
Which command produces the following output?
Non-authoritative answer:
Name: www.google.com
Address: 172.217.11.132
dig
nslookup
whois
nmap
nslookup
Which command should be used to manually enter the default gateway for a computer?
route
ipconfig
arp
netstat
Route
Which network diagnostic tool displays the path packets take between two endpoints?
ifconfig
traceroute
ftp
nslookup
traceroute
Which network type is used to wire multiple PCs to a home router?
LAN
PAN
MAN
WAN
LAN
An office’s infrastructure connects network devices and printers through a central access point without the use of cabling.
Which network type does this office use?
WLAN
WAN
CAN
SAN
WLAN
What type of medium is commonly used within a 1000 Mbps Ethernet network?
CAT 5
CAT5e
Coax
Wireless
CAT5e
Which network topology is being implemented when each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node?
Star
Full mesh
Ring
Bus
Ring
In which physical LAN topology are nodes connected to each other with a backbone cable that loops around and ends at the same point it started?
Ring
Bus
Star
Tree
Ring
Which OSI layer ensures error-free packets?
Application
Transport
Session
Presentation
Transport
Which topology uses a switch or hub to connect to all devices in the same network?
Mesh
Ring
Star
Bus
Star
Which cloud service provides hardware, operating systems, and web servers but not end-user applications?
IaaS
PaaS
SaaS
RaaS
PaaS
Which cloud model provides an exclusive cloud computing service environment that is shared between two or more organizations?
Public
Private
Community
Hybrid
Community
Which type of software is used to provide virtualization?
Database
Hypervisor
Antivirus
Spreadsheet
Hypervisor
A user that does not want to be identified while communicating on a network uses an application to alter the computer’s identity.
Which type of exploit is being perpetrated?
Denial-of-service
ARP poisoning
Smurf attack
Spoofing
Spoofing
An attacker attempts to misdirect traffic on a network back to the attacker by corrupting the network computer’s cache of IP address to MAC address mappings that are cached.
Which exploit is the attacker perpetrating?
Port scanning
Wiretapping
Denial-of-service
ARP poisoning
ARO poisoning
Which exploit actually breaches the physical medium or uses devices to monitor signals from outside the physical medium itself?
Spoofing
Wiretapping
Sniffing
Port scanning
Wiretapping
Which type of attack can overwhelm a web server by inserting more data into a web form than the system was configured to hold?
Buffer overflow
ARP poisoning
Session hijacking
Cross-site scripting
Buffer overflow
Which type of attack sends an email claiming to be from a reputable business in order to entice the recipient to provide sensitive information?
Denial-of-service
Phishing
Password attacks
Man-in-the-middle
Phishing
A user on a network is planning to launch an exploit against a coworker in a neighboring department. The user needs to identify the IP address of a coworker in the desired department.
Which tool or utility will allow the user to watch network traffic in real time to identify a target?
Port scan
Antivirus software
Sniffer
Port redirection
Sniffer
Which group of attackers is typically used for penetration testing?
Red team
Blue team
White team
Gray team
Red team
Which type of attack exploits an unpatched software vulnerability?
Zero-day
Brute-force
Diffie-Hellman
Man-in-the-middle
Zero-day
A company has the policy that all new user passwords are P@ssw0rd but does not require new users to change their password. An employee randomly tries a coworker’s account with the new user password to see if they can log in as the coworker.
Which type of vulnerability does this create?
BYOD
Weak password
Default password
Misconfigured firewall rules
Default password
An employee that does not want to miss emails from important clients sets up her cellular smartphone to allow her to check email. Unfortunately, she does not install antivirus software on the cellular phone.
What type of vulnerability is represented?
Industry threat
Misconfigured firewall rules
Weak passwords
BYOD/Mobile
BYOD/Mobile
It is a weakness which can be exploited by a threat, such as an attacker, to perform unauthorized actions within a computer system.
This is the definition of vulnerability, in computer security.
True or False?
True
What is required to establish a secure connection to a remote network over an insecure link?
Virtual Private Network (VPN) service
Linux
Command Line Interface
TOR Network
Virtual Private Network (VPN) service
An organization is concerned about brute force attacks.
How should the organization counter this risk?
Install a mantrap and biometric scanner at the entrance of its data center.
Implement a system hardening policy that ensures operating system updates and software patches are installed regularly.
Institute a log-in policy that locks users out of an account after three failed password attempts.
Initiate role-based access to its systems to reduce the possibility of escalated privileges.
Institute a log-in policy that locks users out of an account after three failed password attempts.
An organization suffers a social engineering attack that results in a cybercriminal gaining access to its networks and to its customers’ private information.
How can the organization mitigate this risk in the future?
Update user antivirus software to the latest version
Implement a stronger password policy
Provide regular cybersecurity training for employees
Install a sophisticated intrusion detection system
Provide regular cybersecurity training for employees
An attacker plans to exploit flaws in an operating system to gain access to a user’s computer system.
What is a prevention mechanism for this type of attack?
Firewall
Patching
Antivirus
Virtual Private Network (VPN)
Patching
An unauthorized third-party has gained access to a company network.
How can they be prevented from deleting data?
Access controls
Physical controls
Biometrics
Man trap
Access controls
An attacker has gained access to the passwords of several employees of a company through a brute force attack.
Which authentication method would keep the attacker from accessing the employees’ devices?
MFA (multi-factor authentication)
AAA (authentication, authorization, and accounting)
PKI (public key infrastructure)
TCP/IP (transmission control protocol/internet protocol
MFA (multi-factor authentication)
After downloading a CD/DVD burning program, a user notices that someone is remotely accessing the computer during nighttime hours.
Which type of malware is likely found in the CD/DVD software?
Virus
Adware
Worm
Trojan horse
Trojan horse
An analyst has identified an active denial of service attack.
Which category of the CIA triad is affected?
Confidentiality
Availability
Integrity
Application
Checkmark
Availability
While investigating a security incident, a technician discovers an unauthorized packet-capturing tool on the network.
Which category of the CIA triad is being attacked?
Authenticity
Confidentiality
Availability
Integrity
Confidentiality
A malicious user was able to lock a user’s account after guessing the user’s password multiple times unsuccessfully.
Which category of the CIA triad did the malicious user target in this attack?
Confidentiality
Integrity
Availability
Accessibility
Availability
Which category of the CIA triad is affected when an unauthorized user changes the data within a read-only file?
Confidentiality
Integrity
Authenticity
Accessibility
Integrity
Which type of firewall initiates a new connection on behalf of the client and presents its own IP to the server when a client initiates a connection to a server?
Application level
Packet filtering
Circuit level
Stateful inspection
Circuit level
Which feature of a firewall allows an organization to use private non-routable networks while enabling communication to the internet?
Port Address Translation (PAT)
Border Gateway Protocol (BGP)
Static routing
Packet filtering
Port Address Translation (PAT)
What is the meaning of “state” when referring to stateful inspection in firewalls?
Which one?
It refers to the connection state of a conversation between two computers.
It refers to the connection state of a computer to the network.
It refers to the connection state of a conversation between two computers.
What can a user install to detect malicious software?
Proxy
Antivirus
Firewall
Patch
Antivirus
Which feature of a network intrusion prevention system (NIPS) uses a lists of known bad IP addresses to protect the network?
Reputation-based prevention
Anomaly-based protection
Behavior-based analysis
Cloud-based sandbox environment
Reputation-based prevention
A company provides access to employees’ tax and personal information via a public-facing web portal.
What should the company implement to encrypt employees’ web access to this information?
Transport layer security (TLS)
Network intrusion detection system (NIDS)
Advanced encryption standard (AES)
L
Two-factor authentication (2FA)
Transport layer security (TLS)
Which attack tricks a client into mapping an IP address to a spoofed MAC address?
ARP spoofing
Evil-twin attack
Rogue DHCP server
IP starvation
ARP spoofing
Which type of port has access to all VLANs by default in a traditional layer 2 switch?
Uplink
Downlink
Trunk
Console
Trunk
What is end-to-end encryption?
Data is encrypted on the sender’s system and only the recipient is able to decrypt it.
True or False?
True
Which phrase describes unencrypted data?
In the clear
At rest
In transit
Ciphertext
In the clear
Which statement is true when comparing AES encryption to Triple DES (3DES)?
AES requires less CPU utilization and uses a larger block size than 3DES.
3DES requires less CPU utilization and uses a larger block size than AES.
3DES is a superior encryption protocol due to the triple nature.
AES requires less CPU utilization and uses a larger block size than 3DES.
What is the best defense against fake access attacks?
Never use unsecured Wi-Fi hotspots.
Never open unsolicited offers.
Never click on a link within an email.
Never reply to an unsolicited email.
Never use unsecured Wi-Fi hotspots.
Which cloud feature is used to prevent data loss and provide for data retrieval in the event of a disaster?
Data backups and archives
Database encryption
Data cleansing and analytics
Database monitoring
Data backups and archives
Which cloud-hosting model provides exclusive cloud access for a single company?
Private
Public
Community
Hybrid
Private
What should a cloud provider use to secure data in flight?
Private key encryption
Demilitarized zone
Multifactor authentication
Updated antivirus software
Private key encryption
An adminstrator fails to configure protection for usernames and passwords transmitted across the network.
Which component of the AAA model is weakened?
Authentication
Authorization
Access
Availability
Authentication
67.
A user is mistakenly granted access to customer accounts not required for his duties.
Which component of the AAA model is violated?
Authentication
Authorization
Availability
Access
Authorization
Which type of firewall technology reads and analyzes the actual content of a message before forwarding to its destination?
Proxy servers
Stateful
Stateless
Router
Proxy servers
An organization’s IT department is concerned that malicious insiders may be using elevated access rights.
Which security control can be used to draw attacks away from critical systems?
Firewalls
Honeypots
IDS
IPS
Honeypots
CIA Triad Some of the common actions that can compromise the ………..? of data include: denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, which prevent legitimate users from accessing the resource by sending an overwhelming amount of data to the target server.
Availability
Integrity
Confidentiality
Availability
Some of the compromises of data …..? include:
Man-in-the-middle attacks, where an attacker changes the contents of the message after it was sent, but before it was received
Confidentiality
Availability
Integrity
Integrity
In the CIA Triad,
Privacy can be equated to …….?
Confidentiality
CIA Triad
Social engineering is a method used by attackers to gain an unsuspecting victim’s trust to provide information, such as passwords or server names, or even just to gain physical building access.
This is an example of?
Integrity
Availability
Confidentiality
Confidentiality
CIA Triad
The physical theft of a device gives an attacker an unlimited time window to break the encryption of your data.
This would be an example of?
Integrity
Confidentiality
Availability
Confidentiality
CIA Triad
Accidents and malfunctions also play into the equation. For example, …..? of information can easily be breached by storing files in the wrong location, emailing data to the wrong person, or printing ……. information to a public printer.
Confidentiality
Availability
Integrity
Confidentiality
Printing confidential information to a public printer
CAT6
Cat6 is also used in Ethernet LANs and data centers. Cat is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gps for up to 100 meters or 10 Gbps for up to 55 meters.
Cat5e doubles the number of twisted pairs to four for up to 1 Gbps (Gigabits per second over up to 100 meters.
Cat5 is used in Ethernet LANs containing two twisted pairs allowing for up to 100
Mbps up to 100 meters between the device and the switch, hub, or router. This has been practically replaced by the Cate specification.
CAT6a is an improvement of the CAT6 standard, supporting the same standards and lengths (with the ability to run 10 Gbps over 100 meters maximum), but using a higher quality cable that is more resistant to interference. This is most commonly used in wired networks today.
Cat4 supports 16 Mbps for up to 100 meters and is not commonly used today.
Cat3 supports up to 10 Mbps (Megabits per second for up to 100 meters and is commonly used for phone lines today.
OSI Layer 1 Physical
Cables
Hubs
Modem devices
Repeaters
OSI Layer 2 Data Link
Switches
Bridge devices
Network Interface Cards (Wireless or Wired)
OSI Layer 3 is Network
Routing data packets.
Routers and some switches.
OSI Layer 4 Transport
This layer is often called the Heart of OSI.
Provides services to the Application layer (Layer 7)
OSI Layer 5 Session
Connection establishment
Session Maintenance
Authentication
OSI Layer 6 Presentation
Translating data
Encryption
