Network Security Operations Flashcards
1
Q
Blank start with understanding how a firewall is used to secure a network
A
Foundational Network security
2
Q
What is a barrier that intercepts and inspects traffic moving from one area of the network to another?
A
Firewall
3
Q
What may be physical appliances or may be virtual appliances operating as a VMS.
A
firewall
4
Q
What is the term for a firewall that operates as apps running on workstations and servers
A
host-based firewalls
5
Q
All firewalls have what in common that will determine whether the firewall will permit or deny traffic to pass on to its intended destination
A
Set of rules
6
Q
Blank is a firewall that operates on layers 3 & 4.
A
Packet Filtering
7
Q
Most networks equate what to layer 3 and what to layer 4
A
IP address
TCP or UDP port number
8
Q
Blank inspect incoming (ingress) and outgoing (egress) traffic and compare the attributes to a database of packet filter rules that determine if the movement is permitted
A
Firewalls
9
Q
Name the five attributes in a packet filter
A
Protocol (typically IP)
Source of IP address
Destination IP address
Source TCP or UDP port number
Destination TCP or UDP port number
10
Q
Packet filters are only concerned with what of the packets and perform no level of inspections on the contents of the package
A
Address label (header)
11
Q
What could pass through packet filtering undetected as long as the source and destination values were approved by the firewall rules
A
Dangerous payloads
12
Q
What is a device that operates as a middleman between two or more systems to help conceal the true nature of the client and server
A
Circuit Level Gateways
13
Q
The circuit level gateway may change what two things to allow two networks to communicate that otherwise could not
A
IP address and TCP/UDP port number
14
Q
What does NAT stand for
A
Network address translation
15
Q
What does PAT stand for
A
Port address translation
16
Q
What refers to the connection state of a conversation between two computers
A
State
17
Q
What term operates on levels 3,4,5 that allows a firewall to identify traffic as conversational and automatically create temporary firewall rules to permit the response traffic to flow back to the sender
A
Stateful Inspection
18
Q
The goal of stateful inspections is to reduce what?
A
Firewall rules
19
Q
To combat malicious traffic passing into the network unchecked (packet filtering) , what was created as a middle-man that reads and parses the traffic payload before forwarding it (if safe)
A
Proxy servers
20
Q
Inspection of payload is commonly called what?
A
Application-aware firewalls or Layer-7 firewalls
21
Q
What two things are advanced security solutions that can identify malicious traffic based on a database of known behaviors and payload signatures?
A
IDS and IPS
22
Q
What monitors networks to detect threats?
A
IDS
23
Q
What intercepts and blocks threats?
A
IPS
24
Q
What is the term for when IDS and IPS attach to a network in listen-only mode, alerting a network admin if they detect any suspicious behavior
A
Tap mode
25
What mode refers to the configuration required for an IPS to intercept and block suspicious traffic?
In-line mode
26
What is the term for when an IPS device blocks files known to carry viruses and malware, like .exe files
Reputation-based protection
27
What device monitors the network to detect threats, listens passively and alerts network admins of suspicious behavior?
IDS
28
What device intercepts and blocks and creates choke points?
IPS
29
Which layer includes protocols such as 802.3 and 802.11?
Layer 2 (data link)
30
What is a layer 1 threat because it involves tampering with the physical cables of a victim's network?
Wiretapping
31
Wiretapping, theft of devices, and unlocked equipment racks are all threats at what layer?
Layer 1 (physical)
32
What as a Layer 1 attack could interfere with a victim's wireless network card and prevent him from communicating with a WAP?
Radio Jammer
33
What layer attack would a wireless deauthentication attack be?
Layer 2 (Data Link)
34
What type of attack involves sending a special frame to a WAP that disconnects it from the wireless network?
Wireless Deauthentication
35
What can be the goal of deauthentication attacks?
Getting the wireless network password
36
What layer is an ARP poisoning attack?
Layer 2
37
What attack sends special frames to the network that quickly poison the switch's internal traffic handling database?
ARP poisoning
38
What does FIB stand for?
Forwarding Information Base
39
The switch is a network device at what level?
Layer 2 (Data Link)
40
An attacker can merge ARP poisoning with what to reconstruct and analyze the received frames to gather info for future attacks?
Packet Sniffer
41
Ethernet switches separate traffic into multiple logical networks called what?
Virtual local area network (VLANS)
42
A switch can operate in one of what two modes?
Access mode (untagged mode)
Trunk Mode (tagging mode)
43
What ports are used by servers and workstations assigned to a single VLAN?
Access Mode
44
What ports are used to interconnect multiple switches or routers and carry traffic to multiple VLANS
Trunk mode
45
What is a layer 2 attack that occurs when an attacker gets access to a computer connected trunk port that allows them to join a network that would not normally be available to them?
VLAN hopping attack
46
What attack can be mitigated by following a switch vendor's recommendation for VLAN configuration as well as designating computer switch ports as access mode?
VLAN hopping attack
47
What layer attack is a ping attack?
Layer 3: Network
48
What can mitigate a ping attack?
Packet filtering firewall
49
Spoofing attacks can occur on what two levels?
Layer 2 (data Link) and Layer 3(network)
50
What does MAC stand for?
Media Access Control
51
Which protocol is a connection-oriented protocol?
TCP
52
Which protocol is a connection-less protocol?
UDP
53
A connection-oriented protocol provides what when data is sent between two computers?
Delivery confirmation
54
What tool can an attacker run that allows him to scan the victim's computer for open ports that they could later attack?
Port Scanner
55
What helps against a port scanning attack?
Packet-filtering firewall
56
What layer does a port scanning attack work on?
Layer 4: Transport
57
What is a commonly known port number?
TCP port 8080
58
What is the practice of redirecting a commonly known port number in hopes of hiding that the computer is running a web browser?
Port redirection
59
What is a protocol at layer 5: Session?
Remote Procedure Call (RPC)
60
What attacks are at layer 5?
RPC attacks
61
How do you mitigate RPC attacks?
Regular operating system updates and patches
62
What conceals data and is commonly performed at presentation level?
Encryption
63
Encryption at the presentation level uses what, which is the replacement for what?
Transport Layer Security
SSL protocol
64
What attack occurs at Layer 6?
Man-in-the-middle attack
65
How do you mitigate man-in-the-middle attacks?
Use an Application-layer proxy or an IPS
66
What does API stand for?
Application Programming Interface
67
What can be attacked at Layer 7?
API
68
How can you mitigate attacks via the API of you application?
By adding authentication
69
What do security professionals use to detect problems and known bad code in an application?
Vulnerability scanner
70
SQL injection, buffer overrun, and other take control attacks happen at what layer?
Layer 7: Application
71
What are two other ways other than authentication that helps mitigate attacks at the application level?
Reverse Proxy system and an IPS device
72
Encrypted data is referred to as what?
Ciphertext
73
What is the proper term for an encryption algorithm?
Cipher
74
What is also known as private key encryption that uses the same key to encrypt data as it does to decrypt data?
Symmetric key encryption
75
The what of the symmetric key encryption depends on the complexity of the cipher and the key?
Security
76
What is the most vulnerable point of a symmetric key encryption?
During key exchange
77
What are the two advantages of a symmetric key encryption?
Simplicity
Speed
78
What relies on two different keys to encrypt and decrypt traffic?
Asymmetric key encryption
79
Asymmetric key encryption relies on what since customers have no reliable and secure means to exchange a secret key prior to data transfer?
Public key infrastructure
80
In a PKI system, each party that can either send or receive data must first create a what that contains what two things?
Key pair
Public Key
Private key
81
The key pair is created using what that enables one key to decrypt the ciphertext that the other key has written>
algorithm
82
What feature is known as allowing anybody to decrypt your data who downloaded your public key guaranteeing that you haven't changed it since creation?
Digital Signature
83
Blank is one downside to asymmetric key ciphers?
Computational power
84
What type of encryption uses a symmetric key to cipher, but exchanges that key by using an asymmetric key to have both speed and security?
Transport Layer Security (TLS)
85
What uses algebraic structures to create a key that is even smaller than traditional asymmetric keys, yet is substantially more difficult to breach without the aid of quantum computers?
Elliptic Curve Cryptography (ECC)
86
What is the most common forms of encryption found on the internet today?
SSL/TLS encryption
87
What type of encryption creates a secure channel over the internet in order to exchange a public key in the form of a certification (certification authority like Verisign) issued by a well known authority that is presented to the public when the user connects to the website while the private key is kept on the webserver in secret and protected?
TLS
88
When a client computer (the web browser) contacts the web server, the client initiates what that establishes a symmetric key that encrypts a token with the web server's public key, ensuring that only a computer holding the private key can decrypt the token?
Encryption handshake
89
What type of encryption provides an authentication and encryption solution that secures IP network traffic at Layer 3?
Internet Protocol Security (IPSEC)
90
TLS encryption works at what layer?
Layer 6
91
IPSEC encryption works at what layer?
Layer 3
92
IPSEC encryption is commonly used to create what across the internet or other untrusted networks that allow computers to communicate with each other?
VPN tunnels
93
IPSEC traffic is what and what, which allows the devices to create an encrypted tunnel that traffic may pass through.
Encapsulated and authenticated
94
What hides the fact that the packets are flowing across an untrusted network and gives the client the illusion they are directly connected to each other in the same network in IPSEC encryption?
Encapsulation
95
IPSEC encryption is composed of what which provides the encryption for the connection, and the security associations which define the algorithms to be used and the key exchange methods?
Authentication Header (AH) protocol
96
IPSEC is often used with what negotiation that holds the tunnel?
Internet Key Exchange (IKE)
97
What in IPSEC encryption is used to create encrypted IP packets for transferring data?
IPSEC keys
98
Data payload in IPSEC is encrypted how?
DES or AES
99
Data integrity in IPSEC encryption is ensured how?
One way hash functions (MD5 or SHA1)
100
When data is stored in a permanent or semi-permanent state, the data is said to be at what and should be treated with the same level care as data in transit?
At rest
101
What is the most secure algorithm for storing and encrypting data at rest?
Advanced Encryption Standard (AES)
102
What is the term for a symmetric key cipher that makes use of different key and block sizes and creates a near-impenetrable encryption by using a series of transformations on plain text?
AES
103
What three things all play a role in protecting data?
Data Classification
Data Protection
Encryption
104
What is the term for identifying the type of data you are storing and creating policies that describe how to handle the data>?
Data classification
105
What is the term for something that dictates how long a piece of data should remain active whether in day-to-day storage or in archive copies?
Retention policy
106
Data stored in the public cloud is or isn't backed up automatically and can be restored at any time?
Is not
107
Sending backup from your onsite premises to the cloud would cause how much in network fees with a cloud provider?
Nothing
108
What provides a physical safeguard for your data because even if the server is stolen, the data remains protected?
Encryption for data at rest
109
What is the term for the thing used to encrypt and decrypt your data that must be kept from an attacker getting?
Data Encryption Key (DEK)
110
What are the two ways to mitigate an attacker from getting access to your data through a DEK?
1) Rotate the DEK regularly
2) Seek a method that does not require you to expose the DEK to anybody
111
What should you do to ensure you have a method that does not require you to expose the DEK to anybody?
Encrypt the DEK
112
What does KMS stand for?
Key management System
113
Data in transit is also known as what?
Data in flight
114
What is the term that means users can can authenticate to your app using identity servers like Google or Facebook?
Federated Identity management
115
What is the term for a secured region of your private network where firewalls are configured to carefully inspect and traffic entering and leaving the network and where an IPS can be implemented?
Extranet
116
What stems from the idea that you will have to authenticate using different methods - what you know (username and password) and what you have (fingerprints or other biometric data)?
Multifactor Authentication (MFA)
117
Most public cloud providers rely on what that may be a device or a virtual identification program that generates a PIN
Token
118
What is a key chain-like device?
Key fob
119
Public cloud providers keep detailed what that account the actions taken within your system to help you see changes and unauthorized use of privileged credentials?
Audit logs
120
In a private cloud, who holds the final responsibility for all of the hardware and most, if not all, of the physical data center security concerns?
Owner of the equipment
121
Who is generally responsible for the physical data center security in a public cloud?
Public Cloud provider
122
Who typically owns the responsibility of security for the data center in a hybrid cloud service?
Whoever owns the equipment
123
Whenever you connect to what, you are sending and receiving all of your data in the clear, meaning unencrypted?
Open Wi-Fi network
124
What is the term for a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data?
3DES (triple DES)
125
3DES uses only what bit encryption and can be compromised by brute force software running on modern hardware in less than a day?
56-bit
126
What does AES stand for?
Advanced Encryption Standard
127
What form of encryption is used by most wireless networks today?
AES
128
AES can be used with what three bit lengths?
128-bit, 192-bit, or 256-bit
129
Today, most AES use what bit length?
256-bit (AES-256)
130
In AES, most modern processors support hardware acceleration via the CPU instruction set called what which allow the CPU to process AES encryption at very fast speeds?
AES-NI (AES new instruction)
131
What does WEP stand for?
Wired Equipment Privacy
132
What was the first wireless standards proposed by the IEEE in 1997 that was designed to provide the same level of security as wired networks?
WEP
133
A WEP key is either 10 or 26 what?
hexadecimal
134
In 2004, what did the WI-FI alliance deprecate?
WEP
135
What was created by the WI-FI alliance and IEEE to overcome the weakness of WEP that was first released in 2003?
WPA (Wi-Fi Protected Access)
136
In WPA, the key is a what that can range from 8-63 characters in length?
variable-length alphanumeric passphrase
137
A difference between WEP and WPA was the addition of what, which gave WPA a significant security boost by generating a new 128 bit encryption key for every packet sent on the network (not the same key like in WEP)?
Temporal key integrity protocol (TKIP)
138
What was introduced in 2004 and quickly became the standard for wireless security for the next 15 years?
WPA2
139
What was the major difference between WPA and WPA2?
Counter Blocking Message Authentication Code (CCMP)
140
What was designed to provide data confidentiality authentication and access control to WPA2?
CCMP
141
What was released in 2018 that increases minimum key strength to 192 bits, provides SAE and PFS?
WPA3
142
What does SAE stand for?
Simultaneous Authentication of Equals
143
What is the term for the method to exchange the network key in personal mode by eliminating the need to tell others the key before connecting?
SAE
144
What does PFS stand for?
Perfect forward secrecy
145
What ensures that even if one session key is compromised that no past or future session's data will be compromised, just that one session?
PFS
146
In what wireless network infrastructure is all wireless communication performed in a peer-to-peer fashion and does not require of involve WAP?
Ad-hoc
147
In what wireless network infrastructure is a WAP, or a wireless router, used to connect wireless devices to the network?
Infrastructure
148
What is the security standard used to provide network access control at the port level and provides an authentication standard level based on Extensible Authentication Protocol (EPA)?
802.1x
149
What does RADIUS stand for?
Remote Authentication Dial-In User Service
150
What type of wireless attack is a DoS attack that can prevent access to a network, can force users to reconnect to the attacker's point instead, and captures the 4-way handshake to gain intelligence to gain access to the corporate network?
Deauth attack
151
What is the simplest defense against a deauth attack?
Use WPA3 since the management packets are encrypted
152
In what attack, does the attacker set up an illegitimate wireless network to gain access to unencrypted data from the victim?
Fake Access
153
How can you mitigate a fake access attack if you must use an unsecured network?
Create a VPN tunnel
154
What are the three As in AAA?
Authentication, Authorization, and accounting
155
What is the process of confirming a person's identity?
Authentication
156
What determines what the user may access?
Authorization
157
What is auditing needed to verify the restrictions put in place are working?
Accounting
158
What is the term for carefully reviewing the security settings, updating device software and testing the security of the device?
Device Hardening
159
What are ten steps to harden devices?
1) Change Default Passwords
2) Remove unnecessary logins
3) Enforce a strong password policy
4) Remove unnecessary services
5) Keep patches up to date
6) Limit Physical Access to devices
7) Only allow for changes from a trusted network
8) Require Encryption for wireless networks
9) Control Audit access
10) Backup
160
What is the common way to get audit logs?
Syslog
161
How long before a vulnerability has to be publicly disclosed from discovery?
90 days
