Security

Question 1

SSL

Answer 1

Secure sockets layer
-cryptographic protocol designed to secure network communications at the upper layers (5,6, and 7)

Question 2

Stateful Firewall

Answer 2

Inspects traffic as part of a session and recognizes where the traffic originated
-allows traffic that originates from inside the network and go out to the internet
-blocks traffic originated from internet from getting into network
-tracks and is more secure

Question 3

NextGen Firewall (NGFW)

Answer 3

3rd generation firewall that conducts deep packet inspection and packet filtering
-can operate at layers 2-7 instead of just 2-4
-goes deeper than traditional stateful firewall and can inspect in the application level
-

Question 4

Stateless Firewall

Answer 4

Checks packets individually before deciding whether or not to permit them

Question 5

CPP - Control Plane Policing

Answer 5

-QoS filter that manages traffic flow of control plane packets to protect the control plane of Cisco routers and switches against DoS attacks.

Question 6

Port Security

Answer 6

-persistent MAC learning (or sticky MAC)
-enables switch interface to retain dynamically learned MAC when switch is restarted or interface goes down.
-prevents from someone unplugging a port and plugging in their laptop.

Question 7

DoS - TCP SYN Flood

Answer 7

Attacker initiates multiple TCP sessions, but never completes them

Question 8

DoS - ICMP Flood

Answer 8

Attacker sends ping to a subnet broadcast address with source IP spoofed to that of the victim server

Question 9

DNS poisoning

Answer 9

Attacker manipulates known vulnerabilities within the DNS to reroute traffic from one site to a fake version of that site

Question 10

UTM device

Answer 10

United Threat Management device
-combines firewall, router, intrusion detection/prevention system, anti malware, and other features into single device

Question 11

IDS / IPS

Answer 11

-Signature based detection (string of bytes)
-policy based detection (security policy)
-statistical anomaly based detection (watched baseline)
-non statistical anomaly based detection (admin defines patterns)
—Network based (NIDS/NIPS) (entire network)
—host based (HIPS/HIDS) (software based and installed on servers and clients)
-network and host based can work together for more protection

Question 12

VNC

Answer 12

Virtual Network Computing
-port 5900
-cross platform screen sharing system created to remotely control another computer
-works on client/server model (VNC viewer on the client)

Question 13

In-Band Management

Answer 13

Managing devices with Telnet or SSH

Question 14

Out-of-band Management

Answer 14

Connecting to devices with an alternative path to manage like plugging directly to or using a server connected directly to devices

Question 15

L2TP

Answer 15

Layer 2 Tunneling Protocol
-lacks security features like encryption by default and needs to be combined with an extra encryption layer for protection
-extension of the point to point tunneling protocol (PPTP) used by ISPs to enable VPNs.