Security Threat Landscape

Question 1

Has the potential to cause harm to an IT Asset…

Answer 1

Threat

Question 2

A weakness that compromises the security or functionality of a system…

Answer 2

Vulnerability

Question 3

Uses a weakness to compromise the security or functionality of a system…

Answer 3

Exploit

Question 4

The likelihood of a successful attack…

Answer 4

Risk

Question 5

Techniques to eliminate or reduce the potential of and seriousness of an attack…

Answer 5

Mitigation

Question 6

Malicious software including viruses, trojan horses, worms and ransomware…

Answer 6

Malware

Question 7

Obtains information about the intended victim in an unassuming, unobtrusive way such a searching WHOIS, phone directories, etc…

Answer 7

Reconnaissance

Question 8

The use of user deception to manipulate individuals into divulging confidential or personal information…

Answer 8

Social Engineering

Question 9

A Social Engineering attack where the attacker pretends to be from a reputable company to get individuals to reveal person information, such as passwords and credit card numbers….

Answer 9

Phishing

Question 10

An attack where data leaves an organization without authorization…

Answer 10

Data Exfiltration

Question 11

This type of attack prevents legitimate users from accessing an IT resource typically in brute force fashion…

Answer 11

DoS (Denial of Service)

Question 12

A specific type of DoS attack when an attacker only sends Syn and receives SynAcks but never sends back an Ack…

Answer 12

TCP Syn Flood Attack

Question 13

A DoS but from multiple sources…

Answer 13

DDoS (Distributed Denial of Service)

Question 14

This is an army of infected zombie hosts…

Answer 14

Botnet

Question 15

This attack is where an attacker fakes their identity …

Answer 15

Spoofing

Question 16

A type of DoS attack where the attacker spoofs the victim’s source address…

Answer 16

Reflection and Amplification Attack

Question 17

With this attack, the attacker inserts themselves into the communication path between legitimate hosts…

Answer 17

Man in the Middle

Question 18

An attack where the attacker has connectivity to a login window, they can attempt to gain access to the system behind it…

Answer 18

Password Attack

Question 19

An Attacker sends malformed and/or too much data to the target system…

Answer 19

Buffer Overflow Attack

Question 20

An attack where an attacker has compromised a target system or inserted themselves into the network path, Packet Sniffers such a WireShark can be used to read the sent and received packets…

Answer 20

Packet Sniffer

Question 21

IDS and IPS’ use what to inspect packets?

Answer 21

Signatures

Question 22

What layer can IDS and IPS’ inspect packets up to?

Answer 22

Layer 7

Question 23

In regards to the traffic flow, IDS does what?

Answer 23

Sits alongside the traffic flow

Question 24

In regards to the traffic flow, an IPS does what?

Answer 24

Sits inline with the traffic flow

Question 25

What is one of the chief differences between an IPS and an IDS?

Answer 25

• An IPS blocks attacks and notifies admins about those attacks
• An IDS inspects the traffic and notifies the administrator about potential concerns

Question 26

What do firewalls block or permit traffic based on?

Answer 26

Rules not signatures

Question 27

Do modern firewalls have IPS capability?

Answer 27

Yes

Question 28

What is the benefit of clustered devices when it comes to Firewalls, IPS or IDS systems?

Answer 28

Clustering allows more throughput, traffic to be load balanced, added redundancy, etc.

Question 29

What is a network segment that is isolated from both the internal, trusted network and the external, untrusted network, typically by one or more firewalls. It is used to host servers or services that need to be accessible from the internet while keeping the internal network secure

Answer 29

DMZ Demilitarized Zone

Question 30

Firewalls secure traffic passing through them by either ___________ or _________ it

Answer 30

Permitting or Denying

Question 31

These types of firewalls maintain a connection table which tracks the two-way state of traffic passing through a firewall

Answer 31

Stateful Firewalls

Question 32

What type of traffic is permitted by default on Stateful Firewalls?

Answer 32

Return traffic

Question 33

How does Stateful firewalls keep track of traffic and whether it’s permitted or denied?

Answer 33

The Firewall Connection Table

Question 34

What Layer do old school Firewalls inspect traffic up to?

Answer 34

Layer 4 Port and Protocol

Question 35

What Layer do Next Gen Firewalls inspect traffic up to?

Answer 35

Layer 7. All the way up to the application layer.

Question 36

What is another name for an Access Control List

Answer 36

A Packet Filter

Question 37

Do ACLs maintain a Connection Table?

Answer 37

No

Question 38

How many directions does an ACL affect traffic?

Answer 38

One way

Question 39

What does appending an ACE with the keyword established actually do?

Answer 39

Checks for Ack Flag in return traffic

Question 40

Does the ‘established’ keyword make the ACL stateful in any way?

Answer 40

No

Question 41

If you have an ACL applied affecting outbound traffic only with no other ACL in place what will happen to return traffic?

Answer 41

It will be allowed because there is no ACL in place denying it.

Question 42

True or False: On next-gen firewalls, different permissions for different users can be applied

Answer 42

True

Question 43

_______________ transforms readable messages into an unintelligible form and then later reverses the process

Answer 43

Cryptography

Question 44

What services(s) does Cryptography provide to data?

Answer 44

Authenticity (Proof of Source)
Confidentiality (Privacy & Secrecy)
Integrity (Data not changed during transit)
Non-Repudiation (Non-Deniability)

Question 45

What is the chief characteristic of symmetric encryption?

Answer 45

the same shared key both encrypts and decrypts the data (Similar to a Password)

Question 46

With symmetric encryption, is the shared key known by both sender and receiver or just the sender?

Answer 46

Both sender and receiver

Question 47

What types of transmission is symmetric encryption used for?

Answer 47

Large transmission such as email, secure web traffic, IPsec for VPN tunnels, etc.

Question 48

What four algorithms are used for symmetric encryption?

Answer 48

DES, 3DES, AES and SEAL
DES and 3DES are considered legacy though

Question 49

__________________ uses Private and Public Key Pairs

Answer 49

Asymmetric Encryption

Question 50

What is the chief characteristic of Asymmetric Encyption?

Answer 50

Data encrypted with the public key can only be decrypted with the private key, and vice versa

Question 51

With Asymmetric Encryption can the public key be decrypted with the public key?

Answer 51

No, it can only be decrypted with the private key

Question 52

What are the algorithms for Asymmetric Encryption?

Answer 52

RSA and ECDSA

Question 53

What are the algorithms used with HMAC?

Answer 53

MD5 and SHA

Question 54

What does HMAC stand for?

Answer 54

Hash Based Message Authentication Codes

Question 55

What is HMAC used for?

Answer 55

Large transmissions such as Email, Secure web traffic and IPsec

Question 56

What do you need to combine with HMAC to make sure the data is encrypted?

Answer 56

A symmetric key

Question 57

HMAC is used primarily for what?

Answer 57

Integrity to make sure data hasn’t been altered in transmission

Question 58

This uses a trusted introducer (The Certificate Authority) for the two parties who need secure communication

Answer 58

PKI Public Key Infrastructure

Question 59

Scenario:

You’re purchasing something online and need encrypted transmission… does your computer know the shared key and if so how does it get it?

Answer 59

Yes, it needs to know the shared key and gets it from the site who uses a trusted certificate authority

Question 60

What is the chief characteristic of a certificate authority?

Answer 60

It establishes trust between two parties on the internet

Question 61

What does SSL stand for?

Answer 61

Secure Sockets Layer

Question 62

Which is a better security protocol to use… SSL or TLS?

Answer 62

TLS because SSL has been deprecated

Question 63

What does TLS stand for?

Answer 63

Transport Layer Security

Question 64

Site to Site VPNs use what kind of encryption algorithm?

Answer 64

Symmetric encryption algorithms such as DES, 3DES and AES

Question 65

Where do Site to Site VPN’s typically terminate?

Answer 65

On a firewall or router on both sides

Question 66

Each VPN tunnel in a network should have it’s own what?

Answer 66

Unique Pre-Shared Key

Question 67

What security encryption standard is typically used for Site to Site VPNs?

Answer 67

IPsec

Question 68

This is a framework of open standards that provides secure encrypted communication on an IP network

Answer 68

IPsec

Question 69

Inside IPsec, what handles negotiation of protocols and algorithms and generates the encryption and authentication keys

Answer 69

IKE (Internet Key Exchange)

Question 70

This provides and defines the procedures for authenticating and communicating peer creation and management of Security

Answer 70

ISAKMP (Internet Security Association and Key Management Protocol)

Question 71

What two options for authentication protocols can you use when implementing IPsec?

Answer 71

AH (Authentication Header)
ESP (Encapsulating Security Payload)

Question 72

Which authentication protocol is more commonly used and why?

AH or ESP?

Answer 72

ESP because confidentiality is missing from Authentication Header and that’s what encrypts the data

Question 73

What two encapsulation modes are associated with ESP (Encapsulating Security Payload)?

Answer 73

Tunnel Mode
Transport Mode

Question 74

This encapsulation mode protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by another set of IP headers. It is widely implemented in Site to Site VPN scenarios

Answer 74

ESP Tunnel Mode

Question 75

This IPsec encapsulation mode encrypts only the payload and ESP trailer; so the IP header of the original packet is not encrypted

Answer 75

ESP Transport Mode

Question 76

What IPsec encapsulation mode protocol is typically implemented for Remote Access VPN?

Answer 76

EPS Transport Mode

Question 77

When would transport mode be used with IPsec?

Answer 77

When another tunneling protocol is being used such as GRE or L2TP (Layer 2 Tunneling Protocol) because those do not have encryption

Question 78

What are the four phases of IPsec VPN implementation?

Answer 78

1. Interesting Traffic
2. ISAKMP / IKE Phase 1
3. ISAKMP / IKE Phase 2
4. Data Transfer

Question 79

What phase IPsec configuration is this?

The VPN devices negotiate (the two routers) an IKE security policy, authenticate each other and establish a secure channel. This deals with initial authentication and initial set up of the tunnel

Answer 79

Phase 1

Question 80

What phase of IPsec configuration is this?

The VPN devices negotiate an IPsec security policy to protect IPsec data. Negotiating the settings and algorithms that are going to be used for the encryption of the actual data

Answer 80

Phase 2

Question 81

What are a couple of solutions to prevent Malware?

Answer 81

Anti Malware Software
An IPS

Question 82

What are a few solutions to prevent things like malware, phishing and data exfiltration?

Answer 82

Cisco ESA (Email Security Appliance)
Cisco WSA (Web Security Appliance)
Policies and education related to staff

Question 83

How does an IPS detect DDoS attacks?

Answer 83

Through anomaly-based inspections of traffic

Question 84

Can geographic dispersion of an organizations service help mitigate a DDoS attack?

Answer 84

Yes

Question 85

What does uRPF stand for and what it is used to guard against?

Answer 85

Unicast Reverse Path Forwarding
Used to guard against spoofed IP Addresses

Question 86

Traffic should be _____________ and _____________ if it passes over an untrusted network

Answer 86

Authenticated and encrypted

Question 87

What can guard against password attacks?

Answer 87

MFA
Staff Education
Strong Password Policies

Question 88

What are several ways to prevent Man in the Middle Attacks?

Answer 88

Dynamic ARP Inspection

Question 89

What type of device can defend against deeper reconnaissance which uses port and vulnerability scanners?

Answer 89

An IPS

Question 90

What does a Cisco ESA stand for?

Answer 90

Email Security Appliance

Question 91

What does Cisco WSA stand for?

Answer 91

Web Security Appliance