Network Security Operations

Question 1

Blank start with understanding how a firewall is used to secure a network

Answer 1

Foundational Network security

Question 2

What is a barrier that intercepts and inspects traffic moving from one area of the network to another?

Answer 2

Firewall

Question 3

What may be physical appliances or may be virtual appliances operating as a VMS.

Answer 3

firewall

Question 4

What is the term for a firewall that operates as apps running on workstations and servers

Answer 4

host-based firewalls

Question 5

All firewalls have what in common that will determine whether the firewall will permit or deny traffic to pass on to its intended destination

Answer 5

Set of rules

Question 6

Blank is a firewall that operates on layers 3 & 4.

Answer 6

Packet Filtering

Question 7

Most networks equate what to layer 3 and what to layer 4

Answer 7

IP address
TCP or UDP port number

Question 8

Blank inspect incoming (ingress) and outgoing (egress) traffic and compare the attributes to a database of packet filter rules that determine if the movement is permitted

Answer 8

Firewalls

Question 9

Name the five attributes in a packet filter

Answer 9

Protocol (typically IP)
Source of IP address
Destination IP address
Source TCP or UDP port number
Destination TCP or UDP port number

Question 10

Packet filters are only concerned with what of the packets and perform no level of inspections on the contents of the package

Answer 10

Address label (header)

Question 11

What could pass through packet filtering undetected as long as the source and destination values were approved by the firewall rules

Answer 11

Dangerous payloads

Question 12

What is a device that operates as a middleman between two or more systems to help conceal the true nature of the client and server

Answer 12

Circuit Level Gateways

Question 13

The circuit level gateway may change what two things to allow two networks to communicate that otherwise could not

Answer 13

IP address and TCP/UDP port number

Question 14

What does NAT stand for

Answer 14

Network address translation

Question 15

What does PAT stand for

Answer 15

Port address translation

Question 16

What refers to the connection state of a conversation between two computers

Answer 16

State

Question 17

What term operates on levels 3,4,5 that allows a firewall to identify traffic as conversational and automatically create temporary firewall rules to permit the response traffic to flow back to the sender

Answer 17

Stateful Inspection

Question 18

The goal of stateful inspections is to reduce what?

Answer 18

Firewall rules

Question 19

To combat malicious traffic passing into the network unchecked (packet filtering) , what was created as a middle-man that reads and parses the traffic payload before forwarding it (if safe)

Answer 19

Proxy servers

Question 20

Inspection of payload is commonly called what?

Answer 20

Application-aware firewalls or Layer-7 firewalls

Question 21

What two things are advanced security solutions that can identify malicious traffic based on a database of known behaviors and payload signatures?

Answer 21

IDS and IPS

Question 22

What monitors networks to detect threats?

Answer 22

IDS

Question 23

What intercepts and blocks threats?

Answer 23

IPS

Question 24

What is the term for when IDS and IPS attach to a network in listen-only mode, alerting a network admin if they detect any suspicious behavior

Answer 24

Tap mode

Question 25

What mode refers to the configuration required for an IPS to intercept and block suspicious traffic?

Answer 25

In-line mode

Question 26

What is the term for when an IPS device blocks files known to carry viruses and malware, like .exe files

Answer 26

Reputation-based protection

Question 27

What device monitors the network to detect threats, listens passively and alerts network admins of suspicious behavior?

Answer 27

IDS

Question 28

What device intercepts and blocks and creates choke points?

Answer 28

IPS

Question 29

Which layer includes protocols such as 802.3 and 802.11?

Answer 29

Layer 2 (data link)

Question 30

What is a layer 1 threat because it involves tampering with the physical cables of a victim’s network?

Answer 30

Wiretapping

Question 31

Wiretapping, theft of devices, and unlocked equipment racks are all threats at what layer?

Answer 31

Layer 1 (physical)

Question 32

What as a Layer 1 attack could interfere with a victim’s wireless network card and prevent him from communicating with a WAP?

Answer 32

Radio Jammer

Question 33

What layer attack would a wireless deauthentication attack be?

Answer 33

Layer 2 (Data Link)

Question 34

What type of attack involves sending a special frame to a WAP that disconnects it from the wireless network?

Answer 34

Wireless Deauthentication

Question 35

What can be the goal of deauthentication attacks?

Answer 35

Getting the wireless network password

Question 36

What layer is an ARP poisoning attack?

Answer 36

Layer 2

Question 37

What attack sends special frames to the network that quickly poison the switch’s internal traffic handling database?

Answer 37

ARP poisoning

Question 38

What does FIB stand for?

Answer 38

Forwarding Information Base

Question 39

The switch is a network device at what level?

Answer 39

Layer 2 (Data Link)

Question 40

An attacker can merge ARP poisoning with what to reconstruct and analyze the received frames to gather info for future attacks?

Answer 40

Packet Sniffer

Question 41

Ethernet switches separate traffic into multiple logical networks called what?

Answer 41

Virtual local area network (VLANS)

Question 42

A switch can operate in one of what two modes?

Answer 42

Access mode (untagged mode)
Trunk Mode (tagging mode)

Question 43

What ports are used by servers and workstations assigned to a single VLAN?

Answer 43

Access Mode

Question 44

What ports are used to interconnect multiple switches or routers and carry traffic to multiple VLANS

Answer 44

Trunk mode

Question 45

What is a layer 2 attack that occurs when an attacker gets access to a computer connected trunk port that allows them to join a network that would not normally be available to them?

Answer 45

VLAN hopping attack

Question 46

What attack can be mitigated by following a switch vendor’s recommendation for VLAN configuration as well as designating computer switch ports as access mode?

Answer 46

VLAN hopping attack

Question 47

What layer attack is a ping attack?

Answer 47

Layer 3: Network

Question 48

What can mitigate a ping attack?

Answer 48

Packet filtering firewall

Question 49

Spoofing attacks can occur on what two levels?

Answer 49

Layer 2 (data Link) and Layer 3(network)

Question 50

What does MAC stand for?

Answer 50

Media Access Control

Question 51

Which protocol is a connection-oriented protocol?

Answer 51

TCP

Question 52

Which protocol is a connection-less protocol?

Answer 52

UDP

Question 53

A connection-oriented protocol provides what when data is sent between two computers?

Answer 53

Delivery confirmation

Question 54

What tool can an attacker run that allows him to scan the victim’s computer for open ports that they could later attack?

Answer 54

Port Scanner

Question 55

What helps against a port scanning attack?

Answer 55

Packet-filtering firewall

Question 56

What layer does a port scanning attack work on?

Answer 56

Layer 4: Transport

Question 57

What is a commonly known port number?

Answer 57

TCP port 8080

Question 58

What is the practice of redirecting a commonly known port number in hopes of hiding that the computer is running a web browser?

Answer 58

Port redirection

Question 59

What is a protocol at layer 5: Session?

Answer 59

Remote Procedure Call (RPC)

Question 60

What attacks are at layer 5?

Answer 60

RPC attacks

Question 61

How do you mitigate RPC attacks?

Answer 61

Regular operating system updates and patches

Question 62

What conceals data and is commonly performed at presentation level?

Answer 62

Encryption

Question 63

Encryption at the presentation level uses what, which is the replacement for what?

Answer 63

Transport Layer Security
SSL protocol

Question 64

What attack occurs at Layer 6?

Answer 64

Man-in-the-middle attack

Question 65

How do you mitigate man-in-the-middle attacks?

Answer 65

Use an Application-layer proxy or an IPS

Question 66

What does API stand for?

Answer 66

Application Programming Interface

Question 67

What can be attacked at Layer 7?

Answer 67

API

Question 68

How can you mitigate attacks via the API of you application?

Answer 68

By adding authentication

Question 69

What do security professionals use to detect problems and known bad code in an application?

Answer 69

Vulnerability scanner

Question 70

SQL injection, buffer overrun, and other take control attacks happen at what layer?

Answer 70

Layer 7: Application

Question 71

What are two other ways other than authentication that helps mitigate attacks at the application level?

Answer 71

Reverse Proxy system and an IPS device

Question 72

Encrypted data is referred to as what?

Answer 72

Ciphertext

Question 73

What is the proper term for an encryption algorithm?

Answer 73

Cipher

Question 74

What is also known as private key encryption that uses the same key to encrypt data as it does to decrypt data?

Answer 74

Symmetric key encryption

Question 75

The what of the symmetric key encryption depends on the complexity of the cipher and the key?

Answer 75

Security

Question 76

What is the most vulnerable point of a symmetric key encryption?

Answer 76

During key exchange

Question 77

What are the two advantages of a symmetric key encryption?

Answer 77

Simplicity
Speed

Question 78

What relies on two different keys to encrypt and decrypt traffic?

Answer 78

Asymmetric key encryption

Question 79

Asymmetric key encryption relies on what since customers have no reliable and secure means to exchange a secret key prior to data transfer?

Answer 79

Public key infrastructure

Question 80

In a PKI system, each party that can either send or receive data must first create a what that contains what two things?

Answer 80

Key pair
Public Key
Private key

Question 81

The key pair is created using what that enables one key to decrypt the ciphertext that the other key has written>

Answer 81

algorithm

Question 82

What feature is known as allowing anybody to decrypt your data who downloaded your public key guaranteeing that you haven’t changed it since creation?

Answer 82

Digital Signature

Question 83

Blank is one downside to asymmetric key ciphers?

Answer 83

Computational power

Question 84

What type of encryption uses a symmetric key to cipher, but exchanges that key by using an asymmetric key to have both speed and security?

Answer 84

Transport Layer Security (TLS)

Question 85

What uses algebraic structures to create a key that is even smaller than traditional asymmetric keys, yet is substantially more difficult to breach without the aid of quantum computers?

Answer 85

Elliptic Curve Cryptography (ECC)

Question 86

What is the most common forms of encryption found on the internet today?

Answer 86

SSL/TLS encryption

Question 87

What type of encryption creates a secure channel over the internet in order to exchange a public key in the form of a certification (certification authority like Verisign) issued by a well known authority that is presented to the public when the user connects to the website while the private key is kept on the webserver in secret and protected?

Answer 87

TLS

Question 88

When a client computer (the web browser) contacts the web server, the client initiates what that establishes a symmetric key that encrypts a token with the web server’s public key, ensuring that only a computer holding the private key can decrypt the token?

Answer 88

Encryption handshake

Question 89

What type of encryption provides an authentication and encryption solution that secures IP network traffic at Layer 3?

Answer 89

Internet Protocol Security (IPSEC)

Question 90

TLS encryption works at what layer?

Answer 90

Layer 6

Question 91

IPSEC encryption works at what layer?

Answer 91

Layer 3

Question 92

IPSEC encryption is commonly used to create what across the internet or other untrusted networks that allow computers to communicate with each other?

Answer 92

VPN tunnels

Question 93

IPSEC traffic is what and what, which allows the devices to create an encrypted tunnel that traffic may pass through.

Answer 93

Encapsulated and authenticated

Question 94

What hides the fact that the packets are flowing across an untrusted network and gives the client the illusion they are directly connected to each other in the same network in IPSEC encryption?

Answer 94

Encapsulation

Question 95

IPSEC encryption is composed of what which provides the encryption for the connection, and the security associations which define the algorithms to be used and the key exchange methods?

Answer 95

Authentication Header (AH) protocol

Question 96

IPSEC is often used with what negotiation that holds the tunnel?

Answer 96

Internet Key Exchange (IKE)

Question 97

What in IPSEC encryption is used to create encrypted IP packets for transferring data?

Answer 97

IPSEC keys

Question 98

Data payload in IPSEC is encrypted how?

Answer 98

DES or AES

Question 99

Data integrity in IPSEC encryption is ensured how?

Answer 99

One way hash functions (MD5 or SHA1)

Question 100

When data is stored in a permanent or semi-permanent state, the data is said to be at what and should be treated with the same level care as data in transit?

Answer 100

At rest

Question 101

What is the most secure algorithm for storing and encrypting data at rest?

Answer 101

Advanced Encryption Standard (AES)

Question 102

What is the term for a symmetric key cipher that makes use of different key and block sizes and creates a near-impenetrable encryption by using a series of transformations on plain text?

Answer 102

AES

Question 103

What three things all play a role in protecting data?

Answer 103

Data Classification
Data Protection
Encryption

Question 104

What is the term for identifying the type of data you are storing and creating policies that describe how to handle the data>?

Answer 104

Data classification

Question 105

What is the term for something that dictates how long a piece of data should remain active whether in day-to-day storage or in archive copies?

Answer 105

Retention policy

Question 106

Data stored in the public cloud is or isn’t backed up automatically and can be restored at any time?

Answer 106

Is not

Question 107

Sending backup from your onsite premises to the cloud would cause how much in network fees with a cloud provider?

Answer 107

Nothing

Question 108

What provides a physical safeguard for your data because even if the server is stolen, the data remains protected?

Answer 108

Encryption for data at rest

Question 109

What is the term for the thing used to encrypt and decrypt your data that must be kept from an attacker getting?

Answer 109

Data Encryption Key (DEK)

Question 110

What are the two ways to mitigate an attacker from getting access to your data through a DEK?

Answer 110

1) Rotate the DEK regularly
2) Seek a method that does not require you to expose the DEK to anybody

Question 111

What should you do to ensure you have a method that does not require you to expose the DEK to anybody?

Answer 111

Encrypt the DEK

Question 112

What does KMS stand for?

Answer 112

Key management System

Question 113

Data in transit is also known as what?

Answer 113

Data in flight

Question 114

What is the term that means users can can authenticate to your app using identity servers like Google or Facebook?

Answer 114

Federated Identity management

Question 115

What is the term for a secured region of your private network where firewalls are configured to carefully inspect and traffic entering and leaving the network and where an IPS can be implemented?

Answer 115

Extranet

Question 116

What stems from the idea that you will have to authenticate using different methods - what you know (username and password) and what you have (fingerprints or other biometric data)?

Answer 116

Multifactor Authentication (MFA)

Question 117

Most public cloud providers rely on what that may be a device or a virtual identification program that generates a PIN

Answer 117

Token

Question 118

What is a key chain-like device?

Answer 118

Key fob

Question 119

Public cloud providers keep detailed what that account the actions taken within your system to help you see changes and unauthorized use of privileged credentials?

Answer 119

Audit logs

Question 120

In a private cloud, who holds the final responsibility for all of the hardware and most, if not all, of the physical data center security concerns?

Answer 120

Owner of the equipment

Question 121

Who is generally responsible for the physical data center security in a public cloud?

Answer 121

Public Cloud provider

Question 122

Who typically owns the responsibility of security for the data center in a hybrid cloud service?

Answer 122

Whoever owns the equipment

Question 123

Whenever you connect to what, you are sending and receiving all of your data in the clear, meaning unencrypted?

Answer 123

Open Wi-Fi network

Question 124

What is the term for a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data?

Answer 124

3DES (triple DES)

Question 125

3DES uses only what bit encryption and can be compromised by brute force software running on modern hardware in less than a day?

Answer 125

56-bit

Question 126

What does AES stand for?

Answer 126

Advanced Encryption Standard

Question 127

What form of encryption is used by most wireless networks today?

Answer 127

AES

Question 128

AES can be used with what three bit lengths?

Answer 128

128-bit, 192-bit, or 256-bit

Question 129

Today, most AES use what bit length?

Answer 129

256-bit (AES-256)

Question 130

In AES, most modern processors support hardware acceleration via the CPU instruction set called what which allow the CPU to process AES encryption at very fast speeds?

Answer 130

AES-NI (AES new instruction)

Question 131

What does WEP stand for?

Answer 131

Wired Equipment Privacy

Question 132

What was the first wireless standards proposed by the IEEE in 1997 that was designed to provide the same level of security as wired networks?

Answer 132

WEP

Question 133

A WEP key is either 10 or 26 what?

Answer 133

hexadecimal

Question 134

In 2004, what did the WI-FI alliance deprecate?

Answer 134

WEP

Question 135

What was created by the WI-FI alliance and IEEE to overcome the weakness of WEP that was first released in 2003?

Answer 135

WPA (Wi-Fi Protected Access)

Question 136

In WPA, the key is a what that can range from 8-63 characters in length?

Answer 136

variable-length alphanumeric passphrase

Question 137

A difference between WEP and WPA was the addition of what, which gave WPA a significant security boost by generating a new 128 bit encryption key for every packet sent on the network (not the same key like in WEP)?

Answer 137

Temporal key integrity protocol (TKIP)

Question 138

What was introduced in 2004 and quickly became the standard for wireless security for the next 15 years?

Answer 138

WPA2

Question 139

What was the major difference between WPA and WPA2?

Answer 139

Counter Blocking Message Authentication Code (CCMP)

Question 140

What was designed to provide data confidentiality authentication and access control to WPA2?

Answer 140

CCMP

Question 141

What was released in 2018 that increases minimum key strength to 192 bits, provides SAE and PFS?

Answer 141

WPA3

Question 142

What does SAE stand for?

Answer 142

Simultaneous Authentication of Equals

Question 143

What is the term for the method to exchange the network key in personal mode by eliminating the need to tell others the key before connecting?

Answer 143

SAE

Question 144

What does PFS stand for?

Answer 144

Perfect forward secrecy

Question 145

What ensures that even if one session key is compromised that no past or future session’s data will be compromised, just that one session?

Answer 145

PFS

Question 146

In what wireless network infrastructure is all wireless communication performed in a peer-to-peer fashion and does not require of involve WAP?

Answer 146

Ad-hoc

Question 147

In what wireless network infrastructure is a WAP, or a wireless router, used to connect wireless devices to the network?

Answer 147

Infrastructure

Question 148

What is the security standard used to provide network access control at the port level and provides an authentication standard level based on Extensible Authentication Protocol (EPA)?

Answer 148

802.1x

Question 149

What does RADIUS stand for?

Answer 149

Remote Authentication Dial-In User Service

Question 150

What type of wireless attack is a DoS attack that can prevent access to a network, can force users to reconnect to the attacker’s point instead, and captures the 4-way handshake to gain intelligence to gain access to the corporate network?

Answer 150

Deauth attack

Question 151

What is the simplest defense against a deauth attack?

Answer 151

Use WPA3 since the management packets are encrypted

Question 152

In what attack, does the attacker set up an illegitimate wireless network to gain access to unencrypted data from the victim?

Answer 152

Fake Access

Question 153

How can you mitigate a fake access attack if you must use an unsecured network?

Answer 153

Create a VPN tunnel

Question 154

What are the three As in AAA?

Answer 154

Authentication, Authorization, and accounting

Question 155

What is the process of confirming a person’s identity?

Answer 155

Authentication

Question 156

What determines what the user may access?

Answer 156

Authorization

Question 157

What is auditing needed to verify the restrictions put in place are working?

Answer 157

Accounting

Question 158

What is the term for carefully reviewing the security settings, updating device software and testing the security of the device?

Answer 158

Device Hardening

Question 159

What are ten steps to harden devices?

Answer 159

1) Change Default Passwords
2) Remove unnecessary logins
3) Enforce a strong password policy
4) Remove unnecessary services
5) Keep patches up to date
6) Limit Physical Access to devices
7) Only allow for changes from a trusted network
8) Require Encryption for wireless networks
9) Control Audit access
10) Backup

Question 160

What is the common way to get audit logs?

Answer 160

Syslog

Question 161

How long before a vulnerability has to be publicly disclosed from discovery?

Answer 161

90 days