Protecting Networks

Question 1

CIA in network security stands for?

Answer 1

Confidentiality
Integrity
Availability

Question 2

Three things that can cause you security problems on your network:

Answer 2

Threat - internal and external
Vulnerability
Exploit

Question 3

One example of an Exploit is called _________ where an external threat / computer tries to act like a node on your network and installs a trojan virus on your network to gain access.

Answer 3

spoofing

Question 4

Threats can cause ______________, vulnerabilities create _________ and exploits can give unauthorized users access to your network.

Answer 4

Vulnerabilities
Exploits`

Question 5

this is a designed layer of security designed in a way that if a system goes down there is some other system or measure in place.

Answer 5

Defense in Depth

Question 6

Layers of the Defense in Depth are :

Answer 6

1st - perimeter first line of defense
between these 2 layers sits the: Screened Subnet or DMZ
2nd - Network layer - Network segmentation enforcement and
network access control ( separate VLANs )
3rd - Host Endpoint ( all host on your network ) update policies and
firmware
4th - Application - Test all apps
5th - Data Layer - lowest endpoint ( protecting all data ) like with
Separation of Duties or no user should be given enough rights to abuse a system by themselves.

Question 7

these are used to lure attackers to test for vulnerabilities:

Answer 7

Honey Pots
Honey nets

Question 8

_______ __________ breaks the network down into subnets for improved security

Answer 8

network Segmentation

Question 9

_________DHCP servers can be used to perform an on-path ( man in the middle) attack

Answer 9

Rogue

Question 10

If the ___ ________ is outside of the network ID, then you have a Rogue DHCP server.

Answer 10

IP Address

Question 11

To help prevent an attacker from entering your network internally, be sure to _________ any unused ports / jacks.

Answer 11

disable

Question 12

This attack is designed to deny anyone service or access to a network. It’s done when you have so many people trying to access a server and they can’t, basically flooding the server all at once.

Answer 12

Denial of Service ( DoS ) attack

Question 13

Types of DoS attacks include:

Answer 13

Volume Attack - Ping Flood, UDP flood, ( nothing wrong just a lot of it )
Protocol Attack - SYN Flood or SYN Attack (most common )
Application Attack - slow Loris Attack, Smurf Attack,
Amplification Attack

Question 14

Getting a bunch of computers or BotNet to attack a single host that is a big problem today is called:

Answer 14

Distributed denial of service ( DDoS)

Question 15

Computers that are trying to attack servers that are called Zombies are in a group called:

Answer 15

BotNet

Question 16

This attack is started when a node in a private network has been taking over and is turned into a Zombie, then turning the rest of the network into a BotNet, that then takes commands from the C&C server.

Answer 16

Command and control ( C&C or C2)

Question 17

this attack is where a 3rd party intercepts data and information between a 2 party conversation and uses the information they gain to their own advantage

Answer 17

Man in the middle attack

Question 18

Examples of ways for a Man in the Middle attack to happen are:

Answer 18

Through wireless networks (biggest problem)
Bluetooth
NFC or cell phones

Question 19

this type of Man in the Middle attack is used more in wired networks and its where making something in the attackers address looks like the victims address. ( mac address or IP address or DNS address )

Answer 19

spoofing

Question 20

When a Man in the Middle attack involves IP address stealing, is very noisy, its sending out packets to different target machines, lying to them so that their ARP caches are confused is called:

Answer 20

ARP poisoning

Question 21

This man in the middle attack happens when you misspell or mistype the wrong URL and get sent to another site is called:

Answer 21

URL hijacking or Typosquatting

Question 22

Somebody doesn’t keep the domain updated / paid and then buys it up and puts a lot of bad information on the website

Answer 22

Domain Hijacking

Question 23

Things that can actually be done once you get the data or information from a man in the middle attack:

Answer 23

Replay Attack for secure communication
Downgrade attack, effects webpages
Session Hijacking - where 2 people are already in a conversation and you push out bad information to those computers

Question 24

Man in the Middles attacks are now called;

Answer 24

on-path attacks

Question 25

To help prevent a Man in the middle attack, make sure to:

Answer 25

Harden your network or make it more secure

Question 26

There are 2 types of “Password Attacks”:

Answer 26

Brute force -
Dictionary -

Question 27

__________ and ________policies are a great way to protect against password attacks

Answer 27

Password and Account

Question 28

Training __________ about possible threats is key to helping them protect their passwords.

Answer 28

users

Question 29

Two ways of VLAN hopping are:
To help prevent against these type of attacks, do not use the “native” VLAN ( only for maintenance )

Answer 29

VLAN spoofing - Cisco Dynamic Trunking Protocol (DTP) - hackers trick a switch to create a trunk link to gain access from a VLAN
Double Tagging - where a hacker modifies a data frame so it can tell the packet where to go so they can gain access. One directional

Question 30

You should manually set all your ________ ports on your switch.

Answer 30

Trunk

Question 31

This is a way to control which ports on a switch communicate with other Ports.

Answer 31

Private VLANS or Port Isolation

Question 32

________ in a VLAN can be either community ports ( ports that communicate with everyone ) or Isolated Ports ( ports cannot communicate with anyone even in their own VLAN )

Answer 32

Ports

Question 33

System Life Cycle consists of the following:

Answer 33

Asset Disposal ( IT Asset disposal or ITAD )
Using Asset Tags helps track devices

Question 34

When disposing of hard drives you would use:

Answer 34

Department of Defense (DoD) 5220.22 - M or the security Standard for wiping data

Question 35

__________ that don’t contain sensitive data can be reset to factory defaults.

Answer 35

Devices

Question 36

____________ do things to files and then propogate

Answer 36

viruses

Question 37

__________ collects keystrokes and information

Answer 37

Malware

Question 38

__________and logic bombs can devastate systems

Answer 38

Ransomware

Question 39

___________ or _________ are hard to detect.

Answer 39

Rootkit or Backdoor

Question 40

Security regarding social engineering can include:

Answer 40

Dumpster Diving
Phishing
Whaling
Shoulder Surfing
Eavesdropping
Tailgating / Piggybacking
Access control vestibule (mantrap)
Masquerading ( impersonating )

Question 41

Common vulnerabilities and exposure (CVE)

Answer 41

this is a list of publically disclosed security flaws

Question 42

CVE numbering authority or ( CNA )

Question 43

Zero day vulnerability is when a hacker finds a flaw before the vendor does:

Answer 43

Zero day vulnerability
Zero day exploit
Zero day attack

Question 44

Physical Security can be some of the following:

Answer 44

Motion Sensors
Asset Tags
Tamper Detection
Badge Reader
biometrics - retinal scanners, facial recognition
Smart / Secure lockers

Question 44

Protect yourself from ________ - _____ vulnerabilities by keeping systems up to date, using strong firewall configurations and educating users.

Answer 44

zero-day

Question 44

Physical controls can include:

Answer 44

*Deterrent Physical Controls _ good lighting - signage - security guard
*Preventative Physical controls - fences - barricades - K ratings
mantrap, Cabling systems - have air gaps / use VLANs, Safes, Locked cabinets, Faraday cages, locks - must have key management system in play, Workstations should have : cable locks, screen filters
*Detective tools can include - alarm systems, log files
compensating and corrective controls - are used if a control is compromised or becomes vulnerable

Question 45

A good tool for preventing against ARP poisoning is known as:

Answer 45

Cisco Dynamic ARP Inspection (DAI) - compiles a list of good known MAC and IP addresses

Question 46

this also has a list of all known DHCP servers and clients

Answer 46

DHCP snooping

Question 47

Both Cisco Dynamic ARP Inspection and DHCP snooping help with:

Answer 47

Switch Port Protection ( port security )

Question 48

A good idea to _________ any unused switch ports or unneeded network services

Answer 48

disable

Question 49

When using IPv6 routers will send out:

Answer 49

Router Advertisements ( RA ) and are used by the: Neighbor Discovery Protocol (NDP) used to detect neighbors

Question 50

You can use this tool to protect against rogue generated messages from unauthorized routers

Answer 50

IPv6 Router Advertisement (RA) guard

Question 51

You can protect against service attacks by using:

Answer 51

Control Plane policing - which uses quality of service ( QoS )to avoid denial of service ( DoS) attacks

Question 52

computers that are in a place that is not protected, are exposed but are outside of your private network

Answer 52

De-militarized Zone ( DMZ )

Question 53

A router that is open to the Internet traffic is called a:

Answer 53

Bastion host ( most hardened )

Question 54

___________ in a network that are setup to invite attacks to capture information are called:

Answer 54

Honeypots

Question 55

____________ are connected to a network to invite attacks to capture information, but act like a mini network instead of one computer

Answer 55

Honeynets

Question 56

___________ in the DMZ are still protected by a firewall.

Answer 56

Servers

Question 57

___________ basically filter traffic based on specific criteria and are normally positioned on the edge of your network. They can be either network or host based. Also come in hardware and software varieties.

Answer 57

firewalls

Question 58

A physical firewall device is called a:

Answer 58

Hardware Firewall

Question 59

These are firewalls but can also be much, much more:

Answer 59

Unified threat management ( UTM )

Question 60

this type of firewall looks at and directs its traffic coming in and out based on the IP and MAC addresses

Answer 60

Stateless firewall

Question 61

This type of firewall uses what is like a state table or a hierarchy of account roles/permissions. Allows internal computers to communicate with servers or other computers based on their conversations.

Answer 61

Stateful Firewall

Question 62

It’s common to have a ________ function both as stateful and stateless

Answer 62

firewall

Question 63

_____________ can have context - and application -aware __________ that filter based on the content of the packets

Answer 63

Routers - Firewalls

Question 64

Which would be an example of a Denial of Service (DoS) attack?

Answer 64

Ping flood

Question 65

Which would be the BEST example of an on-path attack (man-in-the-middle)?

Answer 65

Connecting a laptop to an access point to sniff packets and intercept them.

Question 66

A standard user in a company receives an e-mail from what looks like her bank. It requests that she click on a link to fix her account information. What type of social engineering is this?

Answer 66

Phishing

Question 67

Which type of malware seems innocent until you perform a specific action?

Answer 67

Trojan