Security (V)

Question 1

VLAN Hopping

Answer 1

*Ability to send traffic from one VLAN into another, bypassing VLAN segmentation
*Sending packets to a port not usually accessible from an end system

Question 2

ARP Spoofing

Answer 2

Sending falsified ARP Messages over a local area network

Question 3

Spoofing

Answer 3

Occurs when an attacker masquerades as another person by falsifying their identity

Question 4

On-Path/Man-in-the-Middle (MITM) Attack

Answer 4

Occurs when an attacker puts themselves between the victim and the intended destination.

Question 5

Session Hijacking

Answer 5

Attacker guesses the session ID in use between a client and server and takes over the authenticated session.

Question 6

DNS Poisoning

Answer 6

An attacker manipulates known vulnerabilities within DNS to reroute traffic to a fake version of a site.

Question 7

Rogue DHCP Server

Answer 7

A DHCP server on a network which is not under the administrative control of the network admins

Question 8

TCP SYN Flood

Answer 8

Occurs when an attacker initiates multiple TCP sessions, but never completes them.

Question 9

Smurf Attack (ICMP Flood)

Answer 9

An attacker sends a ping to a subnet broadcast address with the source IP spoofed to that of the victim server.

Question 10

Purging/Sanitizing

Answer 10

Removes data which cannot be reconstructed using any known forensic techniques

Question 11

Clearing Technique

Answer 11

Removes data with a certain amount of assurance that it can’t be reconstructed.

Question 12

Access Control Vestibule (Mantrap)

Answer 12

An area between two doorways that holds people until they are identified and authenticated.

Question 13

Network Access Control (NAC)

Answer 13

Ensures a device is scanned to determine its current state of security prior to being allowed network access.

Question 14

Persistent Agent

Answer 14

A piece of software installed on a device requesting access to the network

Question 15

Non-Persistent Agent

Answer 15

Requires the users to connect to the network and go to a web-based captive portal to download an agent onto their devices.

Question 16

Zero-Day Vulnerability

Answer 16

A new vulnerability that no one knows about yet.

Question 17

Common Vulnerabilities and Exposures (CVE)

Answer 17

List of known vulnerabilities

Question 18

Posture Assessment

Answer 18

Assesses cyber risk posture and exposure to threats cause by misconfigurations and patching delays.

Question 19

Business Risk Assessment

Answer 19

Used to identify, understand, and evaluate potential hazards in the workplace

Question 20

Mandatory Access Control (MAC)

Answer 20

Access control policy where the computer system gets to decide who gets access to what objects

Question 21

Zero-Trust

Answer 21

A security framework that requires users to be authenticated and authorized before being granted access to applications and data.

Question 22

DMZ

Answer 22

A perimeter network that protects an organization’s internal local area network from untrusted traffic

Question 23

Screen Subnet

Answer 23

Subnet int the network architecture that uses a single firewall with three interfaces to connect three dissimilar networks

Question 24

Dual Control

Answer 24

Two people have to be present at the same time to do something

Question 25

Wireless Analyzer

Answer 25

Ensures you have the proper coverage and helps prevent overlap between wireless access point coverage zones and channels

Question 26

Protocol Analyzer

Answer 26

Used to capture and analyze signals and data traffic over a communication channel

Question 27

Logic Bomb

Answer 27

A specific type of malware that is tied to either a logical event or a specific time

Question 28

Firewall Zone

Answer 28

Firewall interface in which you can set up rules

Inside
Outside
DMZ

Question 29

Unified Threat Management (UTM) Device

Answer 29

Combines firewall, router, intrusion d/p system, anti-malware, and other features into a single device

Question 30

Three methods of intrusion detection

Answer 30

Signature-based
Policy-based
Anomaly-based

Question 31

Least Functionality

Answer 31

Configuring a device, server, or workstation to only provide essential services required by the user

Question 32

Dynamic ARP Inspection (DAI)

Answer 32

*Validates Address Resolution Protocol (ARP) packets
*Helps against ARP Poisoning

Question 33

Stateless Firewall/Packet-Filtering Firewall

Answer 33

*L3
*Does not preserve information about the connection
*Each packet is analyzed independently with no record of previously processed packets.
*Requires the least processing effort
*Can be vulnerable to attacks spread over a sequence of packets
*Filter on
-IP (source/dest)
-Protocol ID/type
-Port Number

Question 34

Stateful Inspection Firewalls

Answer 34

*L5
*Maintain stateful information about session
*Information is stored in a dynamically updated state table
*Once the connection has been allowed, the firewall allows traffic to pass unmonitored, in order to conserve processing effort.

Question 35

Stateful Firewall

Answer 35

Inspects traffic as part of a session and recognizes where the traffic originated

Question 36

NextGen Firewall (NGFW)

Answer 36

Third-generation firewall that conducts deep packet inspection and packet filtering

Question 37

What happens when IDS inspects a packet

Answer 37

• Evaluate the entire packet
• Check all the alert rules
• Log any matches it finds
• Allow it to continue onward to its destination.

Question 38

Aplication-aware Firewall

Answer 38

• Make decisions about what applications are allowed or blocked
• Inspecting the data contained within the packets

Question 39

Kerberos

Answer 39

• Authentication protocol
• Send data over insecure networks while using strong encryption

Question 40

Network-based anti-malware

Answer 40

• Can be installed as a rack-mounted, in-line network appliance
• Don’t have to install software on each client.
• Often come as part of a UTM

Question 41

WAF (Web Application Firewall)

Answer 41

Protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet.