Network Security Implemenation Flashcards

Question 1

Q

What is AAA

Answer

A

Authentication
Authorization
Accounting
Framework for controlling remote access to system resources

Question 2

Q

Give all the remote networking protocols that implement AAA

Answer

A

RADIUS
TACACS
TACACS+
Diameter

Question 3

Q

Definition of Authentication

Answer

A

The method of uniquely validating a particular entity or individual’s credentials.

Question 4

Q

Give all Authentication factors

Answer

A

Something you know, such as a password
Something you have, such as a token or access card
Something you are, including physical characteristics such as fingerprints or a retina pattern
Somewhere you are or are not
Something you do; for example, a keystroke logger that measures how hard you press the keys while typing, or how long the keys remain pressed

Question 5

Q

Definition of MFA

Answer

A

MFA: Multifactor authentication is an authentication scheme that requires the validation of at least two of the possible authentication factors.

Question 6

Q

Definition of Two Factor Aunthentication

Answer

A

Two-factor authentication: An authentication scheme that requires validation of two authentication factors.

Question 7

Q

What is Local Authentication and give examples

Answer

A

When users are off the network, rather than authenticating to a network server database, they authenticate to a local system account

Windows: SAM registry hive
Linux: /etc/passwd or /etc/shadow file

Question 8

Q

What do users need for Local Authentication

Answer

A

Biometric authentication
Passphrase
Token device

Question 9

Q

Definition of SSO

Answer

A

Single sign-on is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.

Question 10

Q

Definition of LDAP

Answer

A

Lightweight Directory Access Protocol (LDAP) is a directory service protocol that defines how a client can access information, perform operations, and share directory data on a directory server.

Question 11

Q

What is a digital certificate

Answer

A

Digital certificate: An electronic document that associates credentials with a public key.

Question 12

Q

What is a CA

Answer

A

Digital certificate: An electronic document that associates credentials with a public key.

Question 13

Q

What is the purpose of a certificate

Answer

A

Users, devices, services, and applications can all hold certificates.
Certificates validate the certificate holder’s identity.
Certificates are a way to distribute the holder’s public key.
A root CA is typically the first or only CA installed.
A root certificate is typically a self-signed certificate that identifies the root CA.

Question 14

Q

Defintion of Kerberos

Answer

A

Kerberos: A popular open-source authentication protocol that is based on a time-sensitive ticket-granting system.

Question 15

Q

Definition of TGT

Answer

A

TGT: (Ticket-Granting Ticket) Used in Kerberos. It is an encrypted file requested from a Ticket-Granting Server that is only valid for a short time to access network services.

Question 16

Q

Definition of TGS

Answer

A

TGS: (Ticket-Granting Server) Used by Kerberos. It is the logical key distribution center and functions as a trusted third party to issue Ticket-Granting Tickets.

Question 17

Q

Give the process of Kerberos

Answer

A

1 A user logs on to the domain.

2 The user requests a Ticket Granting Ticket (TGT) from the authenticating server.

3 The authenticating server responds with a time-stamped TGT.

4 The user presents the TGT back to the authenticating server and requests a service ticket to access a specific resource.

5 The authenticating server responds with a service ticket.

6 The user presents the service ticket to the resource.

7 The resource authenticates the user and allows access.

Question 18

Q

Give a full description of RADIUS

Answer

A

Enables a server to provide standardized, centralized authentication for remote users.

Configure one RADIUS server; configure the other remote access servers as RADIUS clients.

RADIUS clients will pass all authentication requests to the RADIUS server for verification.

Can centralize user configuration, remote access policies, and usage logging on a RADIUS server.

Supported by VPN servers, Ethernet switches requiring authentication, wireless access points (WAPs), as well as other types of network devices.

Question 19

Q

Give a full description of TACAS+

Answer

A

Authentication protocols that provide centralized authentication and authorization services for remote users.

TACACS includes process-wide encryption for authentication; RADIUS encrypts only passwords.

TACACS uses TCP instead of UDP and supports multiple protocols. Extensions to the TACACS protocols exist, such as Cisco’s TACACS+ and XTACACS.

TACACS uses TCP port 49 and also supports multifactor authentication.

TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user.

TACACS+ is not compatible with TACACS because it uses an advanced version of the TACACS algorithm.

Question 20

Q

Give a full description of RDP

Answer

A

The backbone of Microsoft’s Remote Desktop system.

Its capabilities include data encryption, remote audio and printing, access to local files, and redirection of the host’s disk drives and peripheral ports.

In client versions, 6.1 and later, any application that can be accessed via the normal remote desktop can serve as a standalone remote application.

The server listens on port 3389.

The server component, the terminal server, is available on most Windows operating systems, except for Windows Vista® Home Edition.

A desktop client is available for most operating systems.

Question 21

Q

Give a full description of VNC

Answer

A

A platform-independent desktop sharing system.

VNC client and server software is available for almost any operating system (and for Java®), so a VNC viewer on a Linux system can connect to a VNC server on a
Microsoft system and vice versa.

VNC uses the Remote Frame Buffer (RFB) protocol, which allows the client and server to determine the best version of RFB they can support during a session.

VNC is not an inherently secure system but does offer varying levels of password and content encryption, depending on the implementation.

Question 22

Q

Definition of NAC

Answer

A

Network access control (NAC) is a general term for the collected protocols, policies, and hardware that govern access on network interconnections.

Question 23

Q

Give a full descrpition of NAC

Answer

A

NAC provides an additional security layer that scans devices for conformance and allows or quarantines updates to meet policy standards.

Security professionals will deploy a NAC policy according to an organization’s needs based on three main elements:
=The authentication method
=Endpoint vulnerability assessment

Network security enforcement

Once the NAC policy is determined, professionals must determine where NAC will be deployed within their network structure.

Question 24

Q

What is IEEE 802.1x

Answer

A

IEEE 802.1x is a standard for securing networks by implementing Extensible Authentication Protocol (EAP) as the authentication protocol over either a wired or wireless Ethernet LAN, rather than the more traditional implementation of EAP over Point-to-Point Protocol (PPP).

Question 25

Q

What does IEEE 802.1x employ

Answer

A

Employs an authentication service, such as RADIUS, to secure clients, removing the need to implement security features in APs, which typically do not have the memory or processing resources to support complex authentication functions.

Question 26

Q

Give a full description of IEEE 802.1x

Answer

A

The switch or wireless access point puts the client session on hold and does not allow it to enter the network until either the device or user is authenticated and authorized by a RADIUS server.
Wireless hotspots that require a user name and password in a browser are using 802.1x.
It is an IEEE standard used to provide a Port-based Network Access Control (PNAC), using the 802.11 protocols.
802.1x uses EAP to provide user authentication against a directory service.

Question 27

Q

What is an ACL

Answer

A

An Access Control List is a set of data that is used to control access to a resource.

Question 28

Q

What data is included in an ACL

Answer

A

Data includes items such as:
User names
Passwords
Time and date
IP addresses
MAC addresses

Question 29

Q

What resources are included in an ACL

Answer

A

Resources include items such as:
Devices
Files
Networks

Question 30

Q

Give all the characteristics of an ACL

Answer

A

ACLS can be configured to explicitly allow or deny access to resources.
An implicit deny-all clause placed at the end of an ACL will deny permissions to all traffic that is not explicitly permitted in the list.

Question 31

Q

Definition of a Firewall

Answer

A

A software program or a hardware device (or a combination of both) that protects a device or network from unauthorized access by blocking unsolicited traffic.

Question 32

Q

Give a description of a Packet Filter

Answer

A

The simplest firewall implementation. They work at the OSI Network layer (Layer 3). Each network packet is compared either to a set of default criteria or to a set of rules configured by an administrator. Based on the rules, the packet is passed or dropped, or a message is sent back to the originator. Packet filters are usually a part of a router.

Question 33

Q

Give a description of a Stateful Inspection

Answer

A

Works at the OSI Session layer (Layer 5) by monitoring the condition, or state, of the connection. Monitors the TCP connection establishment to determine if a request is legitimate. Stateful inspection firewalls are also known as circuit-level gateways.

Question 34

Q

Give a description of a proxy

Answer

A

Works at the OSI Application layer (Layer 7) and requires incoming and outgoing packets to have the proxy to access services. This functionality allows proxy firewalls to filter application-specific commands. Can be used to log user activity and logons, which offers administrators a high level of security but significantly affects network performance. Also known as Application-level gateways.

Question 35

Q

Give a description of a hybrid

Answer

A

Combines the functionality of all of the above and operates at the OSI Network, Session, and Application layers simultaneously.

Question 36

Q

Definition of a UTM

Answer

A

Unified Threat Management (UTM) is a network security solution that is used to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console.

Question 37

Q

True or False

UTMs can be network appliances or cloud services.

Question 38

Q

Give all the security functions that UTMs provide

Answer

A

UTMs provide multiple security functions such as:
Network firewalling
Network intrusion prevention
Anti-malware
VPN
Spam and content filtering
Load balancing
Data leak prevention
On-appliance reporting

Question 39

Q

Definition of IANA

Answer

A

IANA: (Internet Assigned Number Authority) An international organization established in 1993 to govern the use of IP addresses. The Internet Corporation for Assigned Names and Numbers (ICANN) is now responsible for leasing IP addresses worldwide.

Question 40

Q

Definition of a Port

Answer

A

IANA: (Internet Assigned Number Authority) An international organization established in 1993 to govern the use of IP addresses. The Internet Corporation for Assigned Names and Numbers (ICANN) is now responsible for leasing IP addresses worldwide.

Question 41

Q

What is the purpose of a dynamic port

Answer

A

Dynamic ports: assigned by a client operating system as needed when there is a request for service.

Question 42

Q

What port is FTP assigned to

Question 43

Q

What port is SMTP assigned to

Question 44

Q

What port is DNS assigned to

Question 45

Q

What port is HTTP assigned to

Question 46

Q

What port is POP3 assigned to

Question 47

Q

What port is HTTPS assigned to

Question 48

Q

What port is SMB assigned to

Question 49

Q

What is the purpose of registered ports

Answer

A

Registered ports: available to user processes and listed as a convenience by the IANA.

Question 50

Q

What do all ports have?

Answer

A

All ports are assigned a number between 0 and 65,535.

Question 51

Q

Give the concept of Open Ports

Answer

A

A TCP or UDP port number is configured to accept packets, unlike a closed port (which rejects connections or ignores all packets directed at it).

Question 52

Q

Characteristics of Open Ports

Answer

A

Every open port is a potential security vulnerability.

When ports are open and not needed, consider disabling them.

Question 53

Q

Give the protocol and service of the port 21

Answer

A

Protocol: TCP and Service: FTP

Question 54

Q

Give the protocol and service of the port 22

Answer

A

Protocol: TCP and Service: SSH

Question 55

Q

Give the protocol and service of the port 23

Answer

A

Protocol: TCP and Service: Telnet

Question 56

Q

Give the protocol and service of the port 25

Answer

A

Protocol: TCP and Service: SMTP

Question 57

Q

Give the protocol and service of the port 53

Answer

A

Protocol: TCP/UDP and Service: DNS

Question 58

Q

Give the protocol and service of the port 80

Answer

A

Protocol: TCP and Service: HTTP

Question 59

Q

Give the protocol and service of the port 110

Answer

A

Protocol: TCP and Service: POP3

Question 60

Q

Give the protocol and service of port 135

Answer

A

Protocol: TCP/UDP

and Service: Windows RPC

Question 61

Q

Give the protocol and service of port 137

Answer

A

Protocol: TCP/UDP

and Service: NetBIOS over TCP/IP

Question 62

Q

Give the protocol and service of port 138

Answer

A

Protocol: TCP/UDP

and Service: NetBIOS over TCP/IP

Question 63

Q

Give the protocol and service of port 139

Answer

A

Protocol: TCP/UDP

and Service: NetBIOS over TCP/IP

Question 64

Q

Give the protocol and service of the port 443

Answer

A

Protocol: TCP

and Service: HTTPS

Answer 57

A

Protocol: TCP

and Service: Microsoft SQL Server

Answer 58

A

Protocol: UDP and Service: Microsoft SQL Server

Answer 59

A

On a server, if USB ports are enabled, someone could insert a portable USB drive and copy sensitive files directly from the hard drive.
On a switch, if unused ports are left enabled, attackers could physically connect to and access the network.

Answer 60

A

Entering BIOS setup or other management software and disabling a port.
Editing the Windows Registry.
Physically disconnecting the port from the motherboard.
For details, consult the manufacturer documentation for the individual devices you are responsible for hardening.

Answer 61

A

Disable unnecessary services.
Close ports that are by default open or have limited functionality.
Disable unnecessary running services.
Regularly apply appropriate security patches.
Hide responses from ports that indicate their status and allow pre-configured connections only.

Answer 62

A

Protocols that do not expose data and/or credentials in cleartext.

Answer 63

A

SSH(Secure Shell)

Used for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.

It was designed as a replacement for Telnet and other insecure remote shell protocols.

Answer 64

A

HTTPS (Hypertext Transfer Protocol Secure)

Used for secure communication over a computer network, with especially wide deployment on the Internet.
The main purpose of HTTPS is to prevent eavesdropping and man-in-the-middle attacks.

Answer 65

A

TLS/SSLTLS/SSL (Transport Layer Security/Secure Sockets Layer)

Used to provide communication security over the Internet.
Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging, and voice-over-IP (VoIP).

Answer 66

A

SFTP (Secure File Transfer Protocol)

Used for secure file access, file transfer, and file management.

Answer 67

A

SNMPv3 (Simple Network Management Protocol version3)

Used for managing devices on IP networks.
Version 3 added cryptographic security to secure data and user credentials.

Answer 68

A

IPSec (IP Security)

Used for securing IP communications by authenticating and/or encrypting each IP packet of a communication session.

Answer 69

A

Windows Firewall and Windows Defender Firewall with Advanced Security are software firewall applications that are included with every version of the Windows operating system, including versions of Windows Server.
Some versions of Windows Server also contain Datacenter Firewall.
This provides users and administrators with at least a minimal firewall solution to help create a more secure network.
For many users and for small organizations, the Windows Firewall will meet their needs without purchasing a more complicated firewall solution.
Home users should use the Windows Firewall program in Control Panel.
Windows Defender Firewall with Advanced Security is designed for administrators of a managed network to allow, deny, or secure network traffic in an enterprise environment.
Datacenter Firewall is a multi-tenant firewall intended to be used in cloud service provider situations.
Connection security rules are used to implement IPSec.

Answer 70

A

Determine which ports are currently open.
Determine which of the open ports are required to be open.
Close any ports that are not required to be open.
Determine which services are currently running.
Determine which of the running services are required.
Disable any services which are not required.

Answer 71

A

Wireless security: Any method of securing your WLAN to prevent unauthorized network access and network data theft.

Answer 72

A

Site survey: An analysis technique that determines the coverage area of a wireless network, identifies any sources of interference and establishes other characteristics of the coverage area.

Answer 73

A

You need to ensure that authorized users can connect to the network without any hindrances.
Wireless networks are more vulnerable to attacks than any other network system.
Most wireless devices search and connect automatically to the access point with the best signal, which could be coming from an attacker.
Wireless transmissions can also be scanned or sniffed out of the air, with no need to access physical network media.
Such attacks can be avoided by using relevant security protocols.
You use a site survey to help you install and secure a WLAN.
Although an authorized site survey is a standard part of planning or maintaining a wireless network, unauthorized site surveys or compromise of the site survey data can be a security risk.
Wireless access points (WAP) and wireless routers come with a default service set identifier (SSID).
An administrator can accept a device’s default SSID, but this is not recommended.
The administrator should specify an SSID manually.
Another method of securing a wireless connection is by disabling the broadcast of the SSID of the wireless device.
Disabling the broadcast causes the wireless device to not appear on the network. Therefore, when a client device scans the network, it will not be able to locate the disabled SSID.
Though disabling the broadcast of SSID is a comparatively easy task, this method is not completely effective because hackers can still access the WLAN by using sniffing software.
Do not use WPS (WiFi Protected Setup).
If any devices on your network have WPS, disable it.
When purchasing devices, try to obtain devices that do not include WPS.

Answer 74

A

Encrypts wireless communications, making them less vulnerable.
Designed to provide the same level of security as wired networks.
Has many well-known security flaws.

Answer 75

A

Both encrypt wireless communications, making them less vulnerable to unauthorized access.
Both offer better security than WEP, with WPA2 being more secure.
Both protocols have a Personal and Enterprise mode.
The personal mode uses a preshared key that all clients use for encryption.
Enterprise mode uses 802.1x authentication and a unique encryption key for every client who logs on to the network.

Answer 76

A

TKIP provides the encryption for WPA.

AES provides the encryption for WPA2.

Answer 77

A

A security protocol that protects sensitive communication from being eavesdropped on and tampered with.
TTLS is an EAP protocol that extends TLS by providing authentication that is as strong as TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates.

Answer 78

A

Open system authentication uses null authentication, which means that user names and passwords are not used to authenticate a user.
This is the default for many access points (APs) and stations.
Open system authentication enables a station to connect to any wireless AP that has open system authentication enabled, even if the service set identifier (SSID) is different from the station.
An open system is often used in conjunction with 802.1x.
The wireless client is allowed to make an unauthenticated association with the AP, but until the user logs on, the client cannot connect to the network.
The shared-key authentication method verifies the identity of a station by using a WEP key.
Both the station and the AP must be configured to use data encryption and the same WEP key.
The station also needs to be configured to use a shared-key authentication instead of the default open-system authentication.
A pre-shared key is used for WPA-Personal and WPA2-Personal.
The key needs to be shared by the communicating parties before it can be used.
PSKs are more often found in use on home wireless networks.
The EAP authentication method authenticates a user and not the station.
This is an enterprise implementation that is done with a RADIUS server.
An AP forwards the authentication request to the RADIUS server, and the server calls the user credential database (for example, Active Directory in Windows domains) to verify the user.
The RADIUS server then passes the identity verification to the AP.

Answer 79

A

A protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.
EAP categorizes the devices into different EAP types depending on each device’s authentication scheme.
The EAP method associated with each type enables the device to interact with a system’s account database.

Answer 80

A

Designed to replace the Lightweight EAP (LEAP).

It addresses LEAP vulnerabilities through the use of TLS tunneling using a Protected Access Credential (PAC).

Answer 81

A

Mac OS X 10.3 and above
Windows 7 and above
Windows Server 2012 and above
Windows Mobile 7 and above

Answer 82

A

Proposed as an open standard by a coalition made up of Cisco Systems®, Microsoft, and RSA Security.
PEAPv0/EAP-MSCHAPv2 is a widely supported authentication method in EAP implementations.

Answer 83

A

A simple method of securing a wireless network is by controlling which MAC addresses are allowed to access the network.

Answer 84

A

By configuring a wireless access point (WAP) to filter MAC addresses, you can control which wireless clients can access your network.
Typically, an administrator configures a list of client MAC addresses that are allowed to join the network.
Those pre-approved clients are granted access if the MAC address is “known” by the access point.
Although MAC filtering is usually implemented on wireless networks, it can also be used on wired networks to allow and deny access to the network.

Answer 85

A

A public-access or guest network often presents a web page users must view and acknowledge before they are granted network access.
These open networks usually include anti-virus software and a firewall between the open network and the organization’s production network.
These are often found in places such as restaurants, airports, lobbies, libraries, and other public spaces that provide free WiFi access.
The captive portal typically includes:
A statement indicating who is providing the network service. This will help users know whether this is a legitimate site or one set up by a hacker.
A statement that the information users send over the network is not secure. These open networks are typically do not using authentication or data encryption.
Advertisements or social media links. This can help the organization provide access to customize the content based on which advertisements are clicked on and by seeing the users’ social media content.

Answer 86

A

A method of defining virtual geographical boundaries using GPS or RFID.

Answer 87

A

When a mobile device with GPS or RFID capabilities enabled crosses into or out of the geofenced area, an event can be triggered.
Examples of triggered events might include:
Changing the temperature in a room or building.
Turning the lights on or off when you enter a room or building.
Locking your computer when you and your mobile device leave the defined area.
Network administrators can also use geofencing to help manage BYODs to automatically change settings on the devices to comply with organization policies.
Blocking some apps.
Making other apps available only when within the organization’s geofenced area.
Changing access rights to data based on location.
It can also be used to alert administrators if equipment owned by the organization travels outside of the geofenced area.

Answer 88

A

Unauthorized wireless access point on a corporate or private network.
Not detected easily; can allow private network access to many unauthorized users with the proper devices.
Can allow man-in-the-middle attacks and access to private information.
Organizations should protect themselves from this type of attack by implementing techniques to constantly monitor the system, such as installing an IPS.

Answer 89

A

Rogue access points on a network that appear to be legitimate.
Typically found in public Wi-Fi hotspots where users select available networks from a list.
Evil twins can be more dangerous than other rogue access points because the user thinks that the wireless signal is genuine, making it difficult to differentiate from a valid access point with the same name.

Answer 90

A

Locates wireless access points while traveling, which can be exploited to obtain unauthorized Internet access and potentially steal data.
This process can be automated by using a GPS device and wardriving software.
Common war driving and war chalking tools include NetStumbler, Kismet, Aircrack, and Airsnort.

Answer 91

A

The act of using symbols to mark off a sidewalk or wall to indicate that there is an open wireless network that may be offering Internet access.

Answer 92

A

The method used to crack the encryption keys used in WEP, WPA, and WPS installations to gain access to private wireless networks.
Many tools are available that can aid attackers in cracking encryption keys, such as Aircrack.

Answer 93

A

IV is used in many cryptosystems; its implementation in wireless WEP encryption is weak.
It is fairly easy and quick, using automated tools and a replay attack, to extract enough IV data to crack the WEP key. This gives the attacker the ability to connect to a WEP-encrypted wireless network along with all the other clients.

Answer 94

A

An attack on a network where an attacker captures network traffic, allowing data to be extracted from the packets.
On a wireless network, a sniffer can be used not only to monitor transmitted data but also to identify the SSID of a wireless network even if that network’s SSID broadcast is disabled.

Answer 95

A

A method used by attackers to send out unwanted Bluetooth® signals.
Because Bluetooth has a 30-foot transmission limit, this is a very close-range attack.
Attackers can send out unsolicited messages along with images and videos.
These types of signals can lead to many different types of threats. They can lead to devise malfunctions, or even propagate viruses, including Trojan horses.
Users should reject anonymous contacts and configure their mobile devices to the non-discoverable mode.

Answer 96

A

A method in which attackers gain access to unauthorized information on a wireless device by using a Bluetooth connection within the 30-foot Bluetooth transmission limit.
Unlike bluejacking, access to wireless devices such as tablets, mobile phones, and laptops by bluesnarfing can lead to the exploitation of private information including email messages, contact information, calendar entries, images, videos, and any data stored on the device.

Answer 97

A

Makes the attack surface smaller.
Hardening is done in multiple ways or layers to protect devices, the network, and data.
An important part of hardening is ensuring appropriate patches and updates are installed.

Answer 98

A

Patch: A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system.

Answer 99

A

Hotfix: A patch that is often issued on an emergency basis to address a specific security flaw.

Answer 100

A

Rollup: A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a device, such as a web browser or a particular service.

Answer 101

A

Service pack: A larger compilation of operating system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the service pack.

Answer 102

A

The practice of monitoring for, obtaining, evaluating, testing, and deploying software patches and updates

Answer 103

A

Test the functionality of the updates before widespread installation of updates.
In order for some updates to function properly, you might need to also update system firmware and drivers.
Additional features might be available with some updates.
If vulnerabilities in the firmware or operating system software on a server, workstation or other network device are detected, and an update is issued, you should immediately begin testing the updates.

Answer 104

A

As part of the patch management process, you backed up the software before installing the patch or update.
If something goes wrong with updates or additional problems are found after deploying the updates, you can downgrade again to the previous version.
If you have a configuration backup of all devices stored, and the patch or update is causing problems, the devices can easily be restored to the previous configuration.
Many operating systems and applications have options built in that allow you to roll back to the previous version.
Sometimes this is accessed through the installation program and other times it is a feature within an application or operating system.

Answer 105

A

Is called flashing

Answer 106

A

There are a few reasons why you should consider upgrading the system firmware, including:

Provide support for new hardware.
Fix bugs that prevent the operating system from installing or running properly.
Enable advanced management features.
Be eligible for vendor support.

Answer 107

A

Upgrading firmware can be damaging to devices if it is not done correctly.
If you improperly flash the system firmware, it can render the device unusable.
Often, your recovery options will be limited, but they should be listed on the manufacturer’s support website.

Answer 108

A

A category of protective software that scans devices and sometimes networks for known viruses, Trojans, worms, and other malicious programs.

Answer 109

A

Implement Internet email virus protection by:
Screening the Internet gateway devices for viruses
Employing reliable desktop antivirus software
Scanning incoming emails between the Internet and the email server
Scanning email again at the device level
Disabling all Internet connections and isolating affected devices if a virus attack is detected

Answer 110

A

Scans devices or networks for known viruses, Trojans, worms, other malware.
Some software can scan for unknown harmful software.
Install on all devices and keep it updated.
Can be host-based, server-based, or cloud-based.

Answer 111

A

Shared Key or Symmetric encryption: The same key is used both to encode and decode the message.

Answer 112

A

Key Pair or Asymmetric encryption: Each party has a public key that anyone can obtain and a private key known only to the individual.

Answer 113

A

Public key: In key-pair encryption, the key is available to all and is used to encode data.

Answer 114

A

Private key: In key-pair encryption, the key is known only to an individual and is used to decode data.

Answer 115

A

Reasons to generate new keys include:

If a key is compromised.
To replace the special production key shipped with some software images.
If required by the organization’s policy to update a key after a period of time.
This helps limit exposure if a key compromise was not detected

Answer 116

A

CA: (Certificate Authority) A server that can issue digital certificates and the associated public/private key pairs.

Answer 117

A

Encryption key: A specific piece of information that is used with an algorithm to perform encryption and decryption in cryptography.

Answer 118

A

A root CA is typically the first or only CA installed.
A root certificate is an unsigned public key certificate or a self-signed certificate that identifies the root CA.
A CA can issue multiple certificates in the form of a tree structure.
A root certificate is at the top of the tree and is the private key that is used to sign other certificates.
All certificates immediately below the root certificate inherit the trustworthiness of the root certificate.
Certificates further down the tree also depend on the trustworthiness of the intermediate CAs.

Answer 119

A

A different key can be used with the same algorithm to produce different ciphertext.
Without the correct key, the receiver cannot decrypt the ciphertext even if the algorithm is known.
The longer the key, the stronger the encryption

Answer 120

A

Permission: A security setting that determines the level of access a user or group account has to a particular resource.

Answer 121

A

Hashing encryption: One-way encryption that transforms cleartext into a coded form that is never decrypted.

Answer 122

A

Hash (Hash value, message digest): The value that results from hashing encryption.

Answer 123

A

EFS: (Encrypting File System) A file encryption tool available on Windows systems that have partitions formatted with NTFS.

Answer 124

A

FDE: (full disk encryption) A storage technology that encrypts an entire storage drive at the hardware level.

Answer 125

A

SED: (self-encrypting disk) A storage device that is encrypted at the hardware level in order to avoid relying on software solutions.

Answer 126

A

A permission is a security setting that determines the level of access a user or group account has to a particular resource.
Permissions can be associated with a variety of resources, such as files, printers, shared folders, and network directory databases.
Permissions can typically be configured to allow different levels of privileges or to deny privileges to users who should not access a resource.
Assign rights and permissions to user groups.
As the needs of individual users change, the users can be placed in groups with the appropriate security configuration.

Answer 127

A

Certificates can be used for data encryption. The certificate encryption process consists of four steps:
A security principal obtains a certificate and a public/private key pair from a CA.
The party that encrypts data obtains the user’s public key from the user or from the CA’s certificate repository.
The encrypting party then uses the public key to encrypt the data and sends it to the other user.
The other user uses the private key to decrypt the data.

Answer 128

A

Hashing encryption is one-way encryption that transforms cleartext into ciphertext that is not intended to be decrypted.
The result of the hashing process is called a hash, hash value, or message digest.
The input data can vary in length, whereas the hash length is fixed.
Two types of hashes:
MD5 (Message Digest version 5) creates a 128-bit message digest from the input data.
Secure Hash Algorithm (SHA) is used for US government documents and other documents to create a digital signature. SHA-2 and SHA-3 have four variations: SHA-224, SHA-256, SHA-384, and SHA-512.

Answer 129

A

A file-encryption tool is available on Windows devices that have NTFS-formatted partitions.
EFS encrypts file data by using digital certificates.
If a CA is not available to issue a file-encryption certificate, the local device can issue a self-signed encryption certificate to users who want to encrypt files.
NTFS permissions control file access, but EFS protects the contents of the file.
EFS can keep data secure even if NTFS security is breached—for example, if an attacker moves a physical hard drive to another system to bypass NTFS.

Answer 130

A

Used on SED devices, it ensures encryption at the hardware level.

Answer 131

A

A privileged user has full access to all aspects of a network, a device, or a computer.
On a Windows system, this is the Administrator user.
On a Linux or UNIX system, this is the root user.
This account should only be used when absolutely necessary.
For day-to-day operations, each user should have a regular user account.
With the additional access that the privileged account has, if the account is compromised, the attacker can reach more data and devices.
The principle of least privilege dictates that users and software should have only the minimal level of access that is necessary for them to perform their duties.
This level of minimal access includes facilities, computing hardware, software, and information.
Where a user or system is given access, that access should conform to the least privilege level required to perform the necessary task.

Answer 132

A

Role separation, also known as separation of duties, is implemented as a policy that states that no one person should have too much power or responsibility.
Duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuses of power.
Duties such as authorization and approval, and design and development, should not be held by the same individual because it would be far too easy for that individual to defraud or otherwise harm an organization.
In many typical IT departments, roles like backup operator, restore operator, and the auditor is assigned to different people.

Answer 133

A

Turn off trunking on all ports unless trunking is specifically required on a certain port.
On a port where trunking is enabled, disable dynamic trunk protocol (DTP), then manually enable trunking.

Answer 134

A

Used on Cisco switches to prevent protected ports from forwarding traffic to any other protected port on the switch.
Traffic is forced to be forwarded through a router or other Layer 3 device.
The switch port port-security command enables port security on a port.
switch port command options allow you to configure:
Spanning tree
Flood guard
BPDU guard
Root guard
DHCP snooping
MAC address filtering

Answer 135

A

Make sure that user ports and native VLAN trunk ports are different.
Consider using a fixed VLAN that is completely separate from all user VLANs on the switched network.

Answer 136

A

Increases system security by reducing the attack surface.
Compliance requirements might require segmentation.
DMZ helps protect networks from unauthorized access.
VLANs can be used to create smaller segmented networks.
If an attacker gets through the DMZ, they must breach another firewall to get into a network segment.
Each subsystem is placed in its own area or zone.
Zones are defined by a logical or physical boundary.
Each zone has a security zone that contains a group of logical or physical assets that require similar security measures.
A physical or logical border separates zones from other resources.
A conduit is established that connects defined zones with other network resources.
The conduit enables safe and secure communications between the defined zone and other network zones.
Conduits can include network security features such as firewalls and VPNs.
All communication between any zones must take place through one of the implemented conduits to protect the data and systems.

Answer 137

A

NAT conceals internal private IP addresses from external networks.
The private address is a virtual IP address, not assigned to an actual device.
The router is configured with a single public IP address on its external interface and a private address on its internal interface.
NAT service translates between the two addressing schemes.
Packets sent to the Internet from internal hosts appear as if they came from a single IP address.
In static NAT, an unregistered address is mapped to a single specific registered address.
In dynamic NAT, a single unregistered address is mapped to the first registered address in an address pool.
PAT is a subset of dynamic NAT functionality that maps either one or more unregistered addresses to a single registered address using multiple ports.
PAT is also known as overloading

Answer 138

A

Port forwarding, also called port mapping, enables a permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private LAN.
Network clients cannot see port forwarding.
This allows communications from an external source to a destination within a private LAN.
For example, a remote device could use port forwarding to connect to a specific device or service within a private LAN.

Answer 139

A

Penetration testing: An attack authorized by the owner of a computer network with the purpose of finding security weaknesses.

Answer 140

A

IDS: (intrusion detection system) Software, hardware, or both, that scans, audits, and monitors for signs of attacks in progress.

Answer 141

A

IPS: (intrusion protection system) Inline security device that monitors suspicious network traffic and reacts in real-time to block it.

Answer 142

A

Can discover which defenses were effective and which were vulnerable.
Penetration test results should be reported to the owners so that they are aware of any issues they need to address.
Uses intrusion detection (IDS) and intrusion prevention systems (IPS).

Answer 143

A

Honeypot: A security tool used to lure attackers away from the actual network components. Also called a decoy.

Answer 144

A

Honeynet: An entire dummy network used to lure attackers away from actual network components.

Answer 145

A

Proxy server: A system that isolates internal clients from the servers by downloading and storing files on behalf of clients.

Answer 146

A

Reverse proxy server: A type of proxy server that retrieves resources on behalf of a client from one or more servers.

Brainscape's Knowledge GenomeTM

Network Security Implemenation Flashcards

Brainscape's Knowledge Genome^TM