Security Infrastructure

Question 1

Security Infrastructure

Answer 1

Combination of hardware, software policies, and practices used to protect information

Question 2

Ports

Answer 2

Logical communication endpoint that exists on a computer

Question 3

Inbound ports

Answer 3

A port that is open and is listening for connection from a client

Question 4

Outbound ports

Answer 4

Opening created by the server to call out to the client that is listening for its connection

Question 5

Well known Ports

Answer 5

Ports 0-1023 are considered assigned by the Internet Assigned Numbers Authority

Question 6

Registered Ports

Answer 6

1024-49151 are considered registered for proprietary protocols

Question 7

Dynamic Private Ports

Answer 7

49152-65535 can be used by any application

Question 8

File Transfer Protocol (FTP)

Answer 8

Port 21;TCP; Uses the transfer files from host to host

Question 9

(SSH, SCP,SFTP)

Answer 9

Port 22;TCP;provides secure remote terminal access, copies functions, and file transfers

Question 10

Telnet

Answer 10

Port 23;TCP;provides insecure remote control of a machine using a text-based environment

Question 11

Simple Mail Transfer Protocol (SMTP)

Answer 11

Port 25;TCP;provides the ability to send emails over the network

Question 12

Domain Name System (DNS)

Answer 12

Port 53;TCP/UDP;translates domain names into IP addresses

Question 13

Trivial File Transfer Protocol (TFTP)

Answer 13

Port 69;UDP;A lightweight file transfer method for sending configs or network booting and overfitting

Question 14

Hypertext transfer protocol (HTTP)

Answer 14

Port 80;TCP;used for insecure web browsing

Question 15

Kerberos

Answer 15

Port 88;UDP;network authentication protocol protocol

Question 16

Post office protocol version three (POP3)

Answer 16

Port 110;TCP;Responsible for retrieving mail from a server

Question 17

Network news transfer (NNTP)

Answer 17

Port 119;TCP;Used for accessing newsgroups

Question 18

Remote procedure call (RPC)

Answer 18

Port 135;TCP/UDP; Facilitates communication between system processes

Question 19

NetBios

Answer 19

Ports (137,138,139);TCP/UDP; Networking Protocol Suite

Question 20

Internet Message Access Protocol (IMAP)

Answer 20

Port 144;TCP;allows access to email messages on a server

Question 21

Simple Network Management Protocol (SNMP)

Answer 21

Port 161;UDP;Manages network devices

Question 22

SNMP Trap

Answer 22

Port 162;UDP;responsible for sending SNMP trap messages

Question 23

Lightweight Directory Access Protocol (LDAP)

Answer 23

Port 389;TCP;facilitates directory services

Question 24

HTTP Secure (HTTPS)

Answer 24

Port 443;TCP;provides secure web connection

Question 25

Server Message Block (SNMP)

Answer 25

Port 445;TCP;used for file and printer sharing over a network

Question 26

SMTP Secure

Answer 26

Ports (465,587);TCP;provides secure smtp connection

Question 27

Syslog

Answer 27

Port 514;UDP;used for sending log messages

Question 28

LDAP Secure

Answer 28

Port 636;TCP; LDAP communication over ssl/tls

Question 29

Internet Message Access Protocol over ssl\tls

Answer 29

Port 993;TCP;Used for secure email retrieval

Question 30

Post Office Protocol v3 over SSL/TLS (POP3S)

Answer 30

Port 995;TCP;used with secure email retrieval

Question 31

Microsoft SQL

Answer 31

Port 1433;TCP; Used to create communication with Microsoft SQL Server

Question 32

RADIUS TCP

Answer 32

Ports (1645,1646);TCP;Used for remote authentication, authorization, and accounting

Question 33

RADIUS UDP

Answer 33

Ports (1812,1813);UDP;Used for authentication and accounting as defined by the Internet Engineering Task Force (IETF)

Question 34

Remote Desktop Protocol (RDP)

Answer 34

Port 3389;TCP;Enables Remote Desktop Access

Question 35

SYSLOG TLS

Answer 35

Port 6514;TCP;Used in a secure SYSLOG that uses SSL/TLS to encrypt the IP packets using a certificate before sending them across the IP network to a SYSLOG collector

Question 36

Firewalls

Answer 36

Safeguards networks by monitoring and controlling traffic between networks of predefined security rules

Question 37

Screen subnet (Dual-homed host)

Answer 37

Acts as a security barrier between external untrusted networks and internal trusted networks, using a protected host with security measures like packet filtering firewall

Question 38

Packet filtering firewall

Answer 38

Checks packet headers for traffic allowance based on IP addresses and port numbers

Question 39

Stateful firewall

Answer 39

Monitors all inbound and outbound network connection requests

Question 40

Proxy firewall

Answer 40

Acts as an intermediary between inbound and outbound connections, making connections on behalf of other endpoints

Question 41

Proxy firewall Circuit Level

Answer 41

Like a SOCKS firewall, operates at level 5 of the OSI model

Question 42

Proxy firewall Application Level

Answer 42

Conducts various proxy functions for each type of application at the Layer 7 of the OSI

Question 43

Kernel proxy firewall

Answer 43

Has minimal impact on network performance while thoroughly inspecting packets across all layers

Question 44

Next generation firewall (NGFW)

Answer 44

Aims to address the limitations of traditional firewalls by being more aware of application and their behaviors. Uses a single engine

Question 45

Unified Threat Management Firewall (UTM)

Answer 45

Most used that provides the ability to conduct multiple security functions in a single app. Uses separate and individual engines

Question 46

Web Application Firewall (WAF)

Answer 46

Focuses on the inspection of HTTP traffic

Question 47

Inline systems

Answer 47

See the network firewalls in a server, Outline will record a mirror copy of the traffic

Question 48

Access Control List

Answer 48

A rule set that is placed on firewall, routers, and other network infrastructure devices that permit or allow traffic to a particular interface

Question 49

Defined Action

Answer 49

IDS will (log,alert) where an IPS will (log,alert,take action)

Question 50

Network Intrusion Detection System (NIDS)

Answer 50

Responsible for detecting unauthorized network access and attacks

Question 51

Host-Based IDS (HIDS)

Answer 51

Looks at suspicious network going to and from a single server or endpoint

Question 52

Wireless IDS (WIDS)

Answer 52

Detects attempts to find the cause the denial of service on a wireless network

Question 53

IDS Signature Based Algorithm

Answer 53

Analyze traffic based on defined signatures can only recognize attacks based on previously identified attacks in a database

Question 54

IDS Signature-Pattern Based Algorithm (NIDS,WIDS)

Answer 54

Specific pattern of steps

Question 55

IDS Signatuve Stateful-Matching (HIDS)

Answer 55

Known system baseline

Question 56

IDS Anomaly-based/Behavior-based algorithm

Answer 56

Analyze traffic and compares it to a normal baseline of traffic to determine if a threat is occurring

Question 57

Intrusion Prevention System (IPS)

Answer 57

Scans traffic to look for a malicious activity and takes actions to stop it

Question 58

Network Appliance

Answer 58

Dedicated hardware w/ pre-installed software that is designed to provide specific networking services

Question 59

Load balancers

Answer 59

Designed to distribute network or application traffic across multiple servers

Question 60

Proxy servers

Answer 60

Intermediary between a client and a server to provide functions; (caching,request filter)

Question 61

Network sensors

Answer 61

Designed to monitor, detect traffic and data flows across the network

Question 62

Jump server box

Answer 62

Dedicated gateway used by system admins to securely access devices located in different security zones within the network

Question 63

Port security

Answer 63

Allows administrators with devices to connect to a specific port based on the network MAC address. Switches that are used today are duplex where they send/receive and allow/deny at the same time

Question 64

Content Addressable Memory (CAM) Table

Answer 64

Used to store information about the MAC addresses that are available on any port of the switch

Question 65

Network Switches

Answer 65

Broadcast the data on a specific MAC address in the CAM

Question 66

Network Hub

Answer 66

Broadcast information to every device connected

Question 67

MAC flooding

Answer 67

Where you'll overflow the CAM table with the MAC addresses so that it reverts to a hub to read data from there

Question 68

Persistent (Sticky)MAC Learning

Answer 68

Feature in network port security with a switch automatically learns and associate MAC addresses with specific interfaces

Question 69

802.1x Protocol

Answer 69

Framework that is used for port based authentication for both wired and wireless networks;Wraps the EAP which is used to conduct the authentication

Question 70

EAP-MD5

Answer 70

Uses simple passwords and challenge handshake authentication process to provide remote authentication

Question 71

EAP-TLS

Answer 71

Form of EAP that uses public key infrastructure with a digital signature being started on both the client and the server

Question 72

EAP-TTLS

Answer 72

Only requires a digital certificate on the server

Question 73

EAP-FAST

Answer 73

Uses a protected access credential instead of a certificate to establish a mutual authentication

Question 74

PEAP

Answer 74

Supports mutual authentication by using server certificates and Microsoft AD for authentication with passwords from a client

Question 75

LEAP

Answer 75

Variant that only works on Cisco-based devices

Question 76

Virtual Private Network

Answer 76

Extends a private network over a public one enabling use of securely sending and receiving data

Question 77

Site-to-Site VPN

Answer 77

Connects the networks together

Question 78

Client-to-Site VPN

Answer 78

Connects the client-to-network

Question 79

Full tunnel

Answer 79

Encrypting all traffic to a headquarters while integrating clients with the network

Question 80

Split tunnel

Answer 80

Divides traffic and network requests then routes them to the appropriate network

Question 81

ClientLess VPN

Answer 81

Secures remote access through browser-based VPN tunnels without using client software

Question 82

Transport-Level Security (TLS)

Answer 82

Protocol that provides cryptographic solutions for secure connections and views for secure web browsing and data transfer; HTTPS is technically a client-less VPN

Question 83

Transmission-Controlled Protocol (TCP)

Answer 83

Used by TLS to establish connections between client and the server

Question 84

Datagram TLS (DTLS)

Answer 84

A UDP version of TLS with the same security but better performance

Question 85

IPsec (Internet Protocol Security)

Answer 85

A protocol suite for security and connections through authentication and data encryption on IP networks; IPsec order of use request to start Internet Key Exchange (IKE), IKE Phase 1, IKE Phase 2, Data Transfer, and then termination

Question 86

Data Transfer Transport Mode

Answer 86

Uses the original IP header ideal for client-to-site VPNs and is advantageous when dealing with MTU constraints

Question 87

Data Transfer Tunneling Mode

Answer 87

Use for site-to-site VPNs and adds an extra header that increases packet size and exceeds the MTU

Question 88

MTU

Answer 88

Is typically 1500 by default; Tunneling essentially wraps a packet within a packet making big size

Question 89

Authentication Header

Answer 89

Offers connectionless data integrity and data origin authentication for IP datagrams using cryptographic hash as an ID

Question 90

Encapsulating Security Payload (ESP)

Answer 90

Employed for providing authentication integrity, replay production, and data confidentiality by encrypting the package payload

Question 91

Software-defined Wide-Area Network

Answer 91

Approach to managing and optimizing wide-area network connections to efficiently route traffic between sites

Question 92

Secure Access Service Edge

Answer 92

Consolidates networking security functions into a SQL Cloud-native service to ensure secure connections can be made

Question 93

Security Zone

Answer 93

Distinct segments within a network created by logically isolating the segment using the firewalls or security device

Question 94

Screen Subnet Purpose

Answer 94

Hosts public-facing servers, web servers, email, DNS, and acts as a buffer to the internal network

Question 95

Attack Surface Of A Network

Answer 95

All the points where an unauthorized user can (enter/extract) data

Question 96

Fail Open

Answer 96

Allows for all traffic to flow when an error occurs

Question 97

Fail Close

Answer 97

Blocks all traffic on an error

Question 98

Infrastructure Control

Answer 98

Measures put in place to safeguard and reduce risks

Question 99

Control Types

Answer 99

Least privileged,defense in depth,risk-based approach,lifestyle management,and open design principle

Question 100

Defense In Depth

Answer 100

The use of multiple layers of security to mitigate threats

Question 101

Risk-Based Approach

Answer 101

Prioritizing controls based on the risks and vulnerabilities it brings

Question 102

Lifestyle Management

Answer 102

Regularly reviewing, updating, and retiring controls to adapt

Question 103

Open-Design Principle

Answer 103

Transparency and accounting through rigorous testing and observation of the infrastructure