Security Technologies

Question 1

Stateful Firewall

Answer 1

Inspects traffic as a part of a session & recognizes where the traffic originated

Question 2

NGFW (NextGen Firewall)

Answer 2

Third-generation firewall that conducts deep packet inspection & packet filtering (Layer 7)

Question 3

ACL

Answer 3

Access Control List:
A set of rules applied to router interfaces that permit/deny traffic
(IP/MAC)

Question 4

Switch Firewall

Answer 4

IP address or port:
Source/destination IP
Source/destination Port
Source/destination MAC

Question 5

NIDS/NIPS & HIDS/HIPS

Answer 5

Admin defines patterns:
NIDS/NIPS (Network-Based): A network device protects the network
HIDS/HIPS (Host-Based): Software-based & installed on servers/clients

Network & Host-Based systems can work together for more complete protection

Question 6

RDG

Answer 6

Remote Desktop Gateway:
Provides a secure connection using SSL/TLS protocols to the server via RDP

Encrypted connection
Control access to network resources based on permissions/group roles
Maintain/enforce authorization policies
Monitor the status of the gateway & any RDP connections passing through the gateway

Question 7

VNC

Answer 7

Virtual Network Computing (Port 5900):

Designed for thin client architectures & things like VDI

Question 8

In-Band Management

Answer 8

Managing devices using Telnet/SSH protocols over the network

Question 9

VPN

Answer 9

Extends a private network across public networks & enables sending/receiving data cross shared/public networks
(Site-to-site, Client-to-site, Clientless)

Question 10

Full Tunnel VPN

Answer 10

Routes & encrypts all network requests through the VPN connection back to the headquarters

Question 11

Split Tunnel VPN

Answer 11

Routes & encrypts only the traffic bound for the headquarters over the VPN, & sends the rest of the traffic to the regular internet
(Better performance than full tunnel, less secure)

Question 12

Clientless VPN

Answer 12

Creates a secure, remote-access VPN tunnel using a web browser without requiring a software/hardware client

Question 13

SSL

Answer 13

Secure Socket Layer:

Provides cryptography/reliability using the upper OSI layers (5/6/7)

Question 14

TLS

Answer 14

Transport Layer Security:
Provides secure web browsing over HTTPS

SSL/TLS use TCP to establish secure client/server connections

Question 15

DTLS

Answer 15

Datagram Transport Layer Security:

UDP-based version of the TLS protocol which operates a bit faster due to having less overhead

Question 16

L2TP

Answer 16

Layer 2 Tunneling Protocol:
Lacks security features like encryption by default
Needs to be combined with extra encryption layer for protection

Question 17

L2F

Answer 17

Layer 2 Forwarding:

Provides a tunneling protocol for the P2P protocol, but also lacks native security/encryption

Question 18

PPTP

Answer 18

Point-to-Point Tunneling Protocol:
Supports dial-up networks but also lacks native security
(Except for when using with Windows)

Question 19

SNMP: Managed Device

Answer 19

Any device that can communicate with an SNMP manager known as the MIB (Management information base)

Question 20

SNMP

Answer 20

Simple Network Management Protocol (Port 161):

Used to send/receive data from managed devices back to a centralized network management station

Question 21

SNMP: Granular

Answer 21

Sent trap messages get a unique objective identifier to distinguish each message as a unique message being received

Question 22

SNMP: MIB

Answer 22

Management Information Base:
An SNMP Manager

The structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers

Question 23

SNMP: Verbose

Answer 23

SNMP traps may be configured to contain all the info about a given alert/event as a payload

Question 24

SNMPv1 & SNMPv2

Answer 24

Use a community string to give them access to the device as their security mechanism

Default community strings of public (read-only) or private (read-write) devices are considered a security risk

Question 25

SNMPv3

Answer 25

Provides 3 security enhancements which added integrity, authentication, & confidentiality to the SNMP protocol

Integrity - Message hashing
Authentication - Source validation
PoE+ 802.3at Confidentiality - DES 56-bit encryption

Question 26

Syslog

Answer 26

System Logging Protocol:
Sends system log or event messages to a central server, called a syslog server

SIM - Security Information Management
SEM - Security Event Management
SIEM - Security Information & Event Management

Question 27

Syslog Levels

Answer 27

0 - Emergency - System has become unstable
1 - Alert - A condition should be corrected immediately
2 - Critical - A failure in the system’s primary application requires immediate attention
3 - Error - Something is preventing proper system function
4 - Warning - An error will occur if action is not taken soon
5 - Notice - The events are unusual
6 - Information - Normal operational message (no action required)
7 - Debugging - Useful info for developers

Question 28

Syslog: Traffic Log

Answer 28

Contains info about the traffic flows on the network

Allows for investigation of any abnormalities

Question 29

Syslog: Audit Log/Audit Trail

Answer 29

Contains a sequence of events for a particular activity

Question 30

Syslog: Application Log

Answer 30

Contains info about software running on a client/server

Informational, Warning, Error

Question 31

Syslog: Security Log

Answer 31

Contains info about security of client/server

Question 32

Syslog: System Log

Answer 32

Contains info about the operating system itself

Question 33

SIEM

Answer 33

Security Information & Event Management:

Provides real-time or near-real-time analysis of security alerts generated by network hardware & applications

Question 34

SIEM: Systems it gathers data from…

Answer 34

Log Collection
Normalization - Maps log messages into a common data model
Correlation - Links logs/events form different systems into a single feed
Aggregation - Reduces volume of event data via consolidation of duplicate events
Reporting