Protecting Your Network

Question 1

when an attacker targets a DNS server with a bad one, sending spoofed DNS info, which will be cached and spread to other devices

Answer 1

DNS cache poisoning

Question 2

extensions added for domain name resolution to prevent DNS cache poisoning, used by all the DNS root and top-level domains

Answer 2

Domain Name System Security Extensions (DNSSEC)

Question 3

whenever one does something with a protocol that it was never meant to do and results in a threat

Answer 3

protocol abuse

Question 4

the insertion of unwanted information into a packet using special software with the aim of breaking another system

Answer 4

malformed packets

Question 5

the way and attack takes advantage of a vulnerability

Answer 5

attack surface

Question 6

the process of attacking the ARP caches on hosts and switches, such as by sending false information

Answer 6

ARP cache poisoning

Question 7

Cisco technology for avoiding ARP cache poisoning by keeping track of known good IP addresses and MAC addresses, in switches

Answer 7

Dynamic ARP Inispection (DAI)

Question 8

technology that creates a list of MAC addresses for known DHCP servers and clients, used to prevent someone unknown (MAC address) sending DHCP server messages; sends an alarm to the appropriate person

Answer 8

DHCP snooping

Question 9

a key network hardening technique, enchanced by adding DAI or DHCP snooping

Answer 9

switch port protection

Question 10

single computer under the control of an operator in a DDoS attack

Answer 10

zombie/bot

Question 11

a group of computers under the control of an operator in a DDoS atatck

Answer 11

botnet

Question 12

attack that sends a large amount of packets to a server with that server’s IP address set as the source

Answer 12

reflection/reflective DDoS

Question 13

form of DoS attack with the aim of kicking a client off of its WAP; a rogue AP nearaby acts as an alternative

Answer 13

deauthentication (deauth) attack

Question 14

DoS attack lacking any malice from the attacker, such as when a site/server cannot handle the legitimate load it is under

Answer 14

friendly/unintentional DoS

Question 15

unintentional DoS attack where a popular sites references a smaller site, resulting in a massive amount of traffice to that smaller site

Answer 15

slashdotting/Reddit hug of death

Question 16

attack where the culprit tries to intercept a valid computer session to get authentication data

Answer 16

session hijacking

Question 17

the addition of redundancy to a system to prevent loss?

Answer 17

fault tolerance

Question 18

an attack where a malicious user probes an open port to gain information about the running services

Answer 18

banner grabbing

Question 19

attack that takes a system connected to one VLAN and use switch commands to change the switch port connection to a trunk link

Answer 19

VLAN hopping

Question 20

list on many devices that defines what a user can do with that device’s shared resources

Answer 20

access control list (ACL)

Question 21

attack that uses encryption to lock a user out of a system, such as encrypting the hard drive; usually used to force users to pay money to get the device decrypted - crypto-ransomware

Answer 21

crypto-malware

Question 22

program (not stand-alone) that is designed to replicate and activate (by user action); often replicates as code added to boot sector or extra code added to the end of executables; only replicates to other applications on a drive or to other drives; needs a host file to infect

Answer 22

virus

Question 23

program that replicates exclusively through a network, replicating itself to any computer it sees on the network; can exploit vulnerabilities in program code, attack program code, programs, OS’s, protocols, etc.; does not need host files to infect

Answer 23

worm

Question 24

virus that uses application macros to replicate and activate

Answer 24

macro (virus)

Question 25

code that is written to execute when certain conditions are met, usually malicious

Answer 25

logic bomb

Question 26

malware that pretends to be one things while instead doing something bad; can be used to capture keystrokes, files, credit card info, etc.

Answer 26

trojan horse

Question 27

malware that takes advantage of low-level operating system functions to hide itself; it also gains privileged access to the computer; attacks OS’s, hypervisors, and even firmware

Answer 27

rootkit

Question 28

a program that monitors the sites you visit to send you advertisements, usually via pop-up windows; the ads can install viruses or contain sypware

Answer 28

adware

Question 29

process of manipulating the people inside the organization to gain access to the network; includes spam calls and pretending to be someone legit to get information or examine workstations

Answer 29

social engineering

Question 30

social engineering attack where the attacker poses as a legit site, requesting that a person update their information (like financial info)

Answer 30

phishing

Question 31

the accidental spilling of radio waves outside of their intended area, where people can intercept them; address this by adding filtering between the system and where malicious people might try to access it

Answer 31

RF emanation

Question 32

series of standards for addressing RF emanation, found in US Government agencies

Answer 32

TEMPEST

Question 33

feature of many chassis, including all modern servers, that records onto NVRAM when the chassis was opened; more basic items like stickers or zip ties can create this feature

Answer 33

tamper detection

Question 34

small device, as might be used to open a car, that contains RFID circuitry to open doors

Answer 34

key fob

Question 35

unlocking system that consists of a latch, door handle, and series of mechanical push buttons, where a person must press the buttons in a certain pattern to gain entry; turning the handle open the latch if the pattern is correct or clears the entry

Answer 35

cipher lock

Question 36

self-contained, closed system in which camera feeds go to specific dedicated monitors and storage devices

Answer 36

closed-circuit televisions (CCTV)

Question 37

approach to network security where each user has a single user account and they only have permission to access the resources they need for the job; the most common approach to network security

Answer 37

principle of least privilege

Question 38

the combined permissions for a user that is a part of multiple groups; Deny always trumps other permissions

Answer 38

effective permissions

Question 39

piece of hardware optimized to perform a certain task; multiple of these work in conjuection with a central controller rather than have one controller do everything

Answer 39

edge device

Question 40

standardized approach to network security in which devices much meet a certain criteria before being allowed to connect to a network

Answer 40

network access control (NAC)

Question 41

tools used by Cisco to implement NAC; a switch or router which this enabled will query devices (the agent program on the device containing node info, resources, assets) to make sure they meet certain criteria, such as anti-malware, QoS, OS version; if they pass, the device connects to the network; if a node does not pass, it either doesn’t connect or is connected to a different network until it reaches the criteria

Answer 41

posture assessment

Question 42

program that runs every time the host boots up, storing system information for posture assessment querying

Answer 42

persistent agent

Question 43

program that runs whenever a client needs to connect to a secure network through a web portal; the program only checks those components that will reach the criteria of the posture assessment

Answer 43

non-persistent agent

Question 44

Cisco program, process, or server that is responsible for admitting or denying a connection for a node to a network; it directs an edge device to deny or allow

Answer 44

Access Control Server (ACS)

Question 45

excessive or malformed packets sent by attackers to a network/switch (DoS attack)

Answer 45

traffic flood

Question 46

employed by modern switches to detect and block excess traffic, enhancing switch port protection

Answer 46

flood guard

Question 47

system with a very high network output, likely the result of malware

Answer 47

top talker

Question 48

capability of some anti-malware programs to passively monitor a computer’s activities and check for malware only at certain events, like downloading a file or executing a program

Answer 48

virus shield

Question 49

anti-malware setup where a single server runs on a number of systems (systems may have a small client); easier to update and administer, and responsibility falls to the provider

Answer 49

network-based anti-malware

Question 50

anti-malware program that is stored on a server in a remote location; nothing is stored on the host, but the host is responsible for accessing the software

Answer 50

cloud/server-based anti-malware

Question 51

capability in a firewall to tell if a packet is part of an existing connection

Answer 51

stateful inspection

Question 52

firewall capability where the firewall looks at each packet fresh with no regard for the state of the packet’s relation to another packet

Answer 52

stateless inspection

Question 53

capability of firewalls to filter based on the application or service that originated the packet; operates at OSI layer 7

Answer 53

application/context aware

Question 54

the marriage of firewalls with other security services, such as network-based IPS, load balancing, etc.

Answer 54

unified threat management (UTM)

Question 55

organized, ongoing attack against the same entity

Answer 55

advanced persistent threats (APTs)

Question 56

a feature the enables networks to block access to certain Web sites; for firewalls and others advanced networking devices

Answer 56

web filtering

Question 57

a networking features that enables the network to block traffic based on specific signatures or keywords (like profane language)

Answer 57

content filtering

Question 58

any machine that is fully exposed to the Internet, like a firewall

Answer 58

bastion host

Question 59

a machine, program, or VM that acts as a decoy within a network for the purpose of attracting attention to hackers and wasting their time and resources; can also monitor and reports on any attacks; must be segmented from trusted network

Answer 59

honeypot