Technologies And Tools Flashcards

1
Q

Layers of the OSI Model

A
Physical
Data
Network
Transport
Session
Presentation
Application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define IP

A

Internet Protocol, delivers packets across layer 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define TCP

A

Transmission Control Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TCP Flags

A

Syn opens connect
Fin terminates connect
Ack acknowledges request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define UDP

A

User Data Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Primary difference between UDP and TCP

A

UDP does not send acknowledge responses (one way comms)

TCP is connection oriented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNS Look Up Port Number

A

53 via UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FTP Port Number

A

21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SSH Port Number

A

22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RDP Port Number

A

3389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SMTP Port Number

A

25 Unencrypted

465 Encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

POP Port Number

A

110 Unencryted

995 Encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IMAP Port Number

A

143 Unencrypted

993 Encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HTTP Port Number

A

80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

HTTPS Port Number

A

443 with SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Purpose of a Switch

A

Create Networks on layers 2 and limited layer 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Purpose of Routers

A

Connect networks via ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Purpose of Bridges

A

Connect only two nets over layer 2 between MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Purpose of a Media Gateway

A

Translate between network types (i.e. 3G, 4G, LTE, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define a Stateful Firewall

A

Tracks outgoing communications to determine open connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Purpose of Explicit Deny Rule

A

To generate logs, implicit deny is not logged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Firewall Positioning

A

typically between router and internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Difference between a Forward Proxy and Reverse Proxy

A

Forward Proxy is on client’s side (i.e. a web browser)

Reverse Proxy is on a server’s side

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Purpose of a Transparent Proxy

A

Also called “In-line, intercepting, or forced” proxy

Intercepts connection between client and server without modifying requests and responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Load Balancer Modes
Round-Robin Scheduling | Session Persistance
26
VPN Types
Site-to-site | Remote Access
27
VPN Endpoints
Firewalls Routers Servers VPN Concentrators (for high volume)
28
VPN Modes
Full Tunnel | Split Tunnel
29
IPsec Functions
``` Adds security to TCP/IP via: Internet Key Exchange (IKE) Encapsulating Sec Payload (ESP) for Confidentiality Authentication Header (AH) *Not compatible for dynamic NAT ```
30
Define NIDS
Network Intrusion Detection System
31
Define NIPS
Network Intrusion Prevention System
32
Define HIPS
Host Intrusion Prevention System
33
Define HIDS
Host Intrusion Detection System
34
Detection Methods
Signature Based | Anomaly/Behavior/Heuristic Based
35
Define OAuth
Federated SSO for web authorization
36
Define Open ID Connect
Authentication protocol for OAuth
37
Firewall Rule Configuration Errors
Shadowed Rules Promiscuous Rules Orphaned Rules
38
Define a Shadow Rule
Rule never reached due to placement order
39
Define a Promiscuous Rule
Overly broad permissions
40
Define an Orphaned Rule
Rule built for decommissioned networks or systems
41
Types of Flooding Attacks
SYN flood | MAC flood
42
Define STP and Purpose
Spanning Tree Protocol, prever loops in IP/MAC addressing
43
Network Monitoring Modes
Full Packet Capture | Net Flow Data
44
Information in Net Flow Data
Source and Destination IP/Ports Time Amount of Data
45
SNMP PDU Types
``` GetRequest SetRequest GetNextRequest GetBulkRequest Response Trap InformRequest ```
46
Storage Network Types
Network Attached Storage (NAS), file servers | Storage Area Network (SAN), raw disks
47
802.11 Network speed and frequency
2 Mbps on 2.4 GHz
48
802.11b Network speed and frequency
11 Mbps on 2.4 GHz
49
802.11g Network speed and frequency
22 Mbps on 2.4 GHz
50
802.11n Network speed and frequency
600 Mbps on 2.4/5 GHz
51
802.11ac Network Speeds
1 Gbps
52
Wireless Authentication Methods
Pre-shared Keys | Enterprise Authentication
53
Pre-Shared Key Types
Hexadecimal String | Passwords
54
Enterprise Authentication Types
LEAP EAP PEAP
55
LEAP Algorithm Types
MS-CHAP (insecure)
56
EAP Algorithm Types
TLS TTLS MD5 (Insecure) FAST
57
Define PEAP
EAP tunneled in encrypted TLS
58
Wireless Antennae Types
Omni-Directional Directional Beam forming (Virtual Directional)
59
WAP HW Types
Fat; contain hardware and software | Thin; contain hardware only, configured via wireless controller
60
Define WORM
Write Once Read Many, permanent logs sent to SIEMs
61
Define NTP
Network Time Protocol, sync devices to centralized time server
62
DLP Environments
Host Network Cloud
63
DLP Methods
Pattern matching | Watermarking
64
802.1x Protocol Components
Supplicant Switch/Authenticator Server
65
NAC/NAP Postures
Persistent Agent Dissolvable Agentless
66
Purpose of Protocol Analyzers
Packet sniffing; monitor network traffic and sort by protocol
67
Purpose of Network Scanners
Detect active systems | OS Fingerprinting
68
Common Command Line Networking Prompts
``` Ping Traceroute/tracert Ifconfig/ipconfig Arp Netstat/ss Nc Dig/nslookup ```
69
Ping Command Function
Check remote system accessibility over ICMP
70
Traceroute/tracert Command Function
Determine network path to destination | Devices listed as *** do not self-identify
71
Ifconfig/ipconfig Command Function
View or change configuration
72
Arp Command Function
View ARP cache on local network
73
Netstat/ss Command Function
View all active network connections; - a (listening and non-listening sockets) - l (listening sockets) - s (statistics for each protocol) - i (table of network interfaces)
74
Nc Command Function
Send and receive raw code over network | Not available on windows
75
Dig/nslookup Command Function
Correlate IP addresses and domain names over DNS
76
Telnet Secure Alternative
SSH
77
FTP Secure Alternative
SFTP
78
HTTP Secure Alternative
HTTPS using SSL
79
Network Level Additional Protection Measures
VPN | SSH Tunneling
80
Types of Certificate Errors
Expired Mismatched Names Untrusted CA Revoked
81
Request for Change (RFC) Components
``` Description Impact Risks Mitigation Users Schedule Affected Systems ```
82
Difference between Configuration and Change Management
Configuration Management is for specific products | Change Management is for systems and processes
83
OS Security Issues
Baseline Settings Patch Management System Hardening
84
Application Control Methods
White Listing | Black Listing
85
Mobile Networking Methods
``` Cellular WiFi SAT Comms NFC Bluetooth ANT Infrared USB ```
86
MDM Solutions/Uses
Configuration Management Prevent user modifications Revoke access/remote wipe Application Control
87
Define Containerization
Separate memory allocation for secure/unsecured or business/personal
88
Define geolocation
Track location information
89
Purpose of Geofencing
Alert when leaving area | Limit access to specific area
90
MDM Solutions Circumvention
Side loading | Jailbreaking
91
Mobile Deployment Methods
BYOD CYOD COPE COBO
92
SNMPv1 and 2 Vulnerability
Plain Text Authentication
93
WPS Brute Force Protection
Disable WPS | Update firmware
94
WEP Encryption
RC4
95
WPA Encryption
TKIP
96
WPA2 Encryption
AES: CBC-MAC for integrity CCMP for key rotation
97
IV Role
Build decryption table | Compute RC4 key stream
98
Define EFS
Encryption File System, allows for encryption of individual files or folders
99
Define ANT
Adaptive Network Topology | Proprietary tech used primarily for sports and health
100
Private IP Address Ranges
10. 0.0.1-10.255.255.255 172. 16.0.1-172.31.255.255 192. 168.0.1-192.168.255.255
101
Benefits of Immutable Systems
Lower IT Complexity | Easy to Troubleshoot
102
Purpose of Collectors
Receive sensory input
103
DNSSEC Key Distribution Steps between Servers
Sign a zone Share DNS folder Import DNSSEC key
104
APT Threat Prevention
Restrict administrative privileges Application whitelisting Patch updates for applications, OS, firmware for systems and network devices
105
Define a Null Ciphers
Simple form of steganography hiding a message in a larger message or mass of characters requiring a cipher to decrypt (also called a concealment cipher)
106
Define a Visual Semagram
Form of steganography hiding a message in an image (real or digital)
107
Define a Text Semagram
Form of steganography hiding a message in a text based on text characteristics
108
LDAP Protocol Methods
SSL (layer 5) | TLS (layer 4-7?)
109
Common Banner Grabbing Tools
``` Telnet Wget cURL NMAP Nc DMitry ```
110
Define a Credentialed Scan
Scan conducted from an account on the network
111
WYOD Protections
EMM Remote wipe | Ability to disable bluetooth connectivity
112
Access Point Setup Features
``` MAC Filtering Encryption Algorithm Key length Default Passwords Maximum users ```
113
Meaning of DEP Value of 0
Always off
114
Meaning of DEP Value of 1
Always on
115
Meaning of DEP Value of 2
On for windows binary files
116
Meaning of DEP Value of 3
On for all programs and services
117
Define DEP
Data Execution Prevention
118
802.11a speed and frequency
5 Mbps on 2.4 GHz
119
Types of Vulnerability Scanner Tools
Nessus Retina Vulnerability Assessment Scanner Microsoft Baseline Security Analyzer (MBSA)
120
MBSA Scan Features
``` Open Ports Active IP Addresses Running applications/services Missing critical patches Default user account which have not been disabled Default, blank, or common passwords ```
121
Define OVAL
Open Vulnerability and Assessment Language; international standard for testing, analyzing, and reporting the security vulnerabilities of a system
122
MDM Location Tracking Accuracy (Most to least)
GPS Wi-Fi Triangulation Cell phone tower triangulation IP Address resolution
123
Define MEM and purpose
Mobile Endpoint Managment; automate asset tracking and inventory control process
124
Define a Trunk port
A member of all VLANs defined on a switch for carrying traffic between switches
125
Define Windows Intune
Windows RT tablet management solution
126
Windows Intune Features
Admin Portal: Remote wipe and password changes Account Portal: Manage subscriptions, users, groups and domains Company Portal: End user manager their own accounts and enroll devices
127
Difference between Application Aware Firewall, IDS/IPS, and Proxy
Firewall: enforce security rules IDS/IPS: analyze network packets Proxy: Improve performance and content filtering
128
IPsec NAP Enforcement Method
Issued certificates prior to network connection
129
Switch and WAP Access Control Method
MAC address filtering
130
Least Secure Location for Omni-Directional Antennae
Against a perimeter wall/window
131
DTP Vulnerability
potential for unauthorized devices to modify configuration information
132
Define DTP
Data Trunking Protocol; automatically detects ports that are trunk ports and negotiate the trunking protocol between devices
133
VLAN Creation Hardware
A Switch, switch port is used to identify which VLAN a device belongs to
134
Define a NIC
Network Interface Controller, by default only accepts frames addressed to that specific NIC
135
Purpose of a Network Hub
Sends packets to all device ports
136
Define Network Bonding
Logically groups two or more network adapters for a single network connection
137
Explain Network Communication Security Setting Configuration
Managed by a GPO computer policy
138
Define User Rights
Special category of computer policies that identify maintenance tasks and the users/groups who can perform said actions
139
NAC/NAP Components
Health validation, 802.1x authentication, IPsec enforcement
140
GPO Application Order
Local Group Policy, GPO's linked to the site, GPO's linked to the user/computer domain, GPO's linked to the organizational unit (OU) from highest to lowest
141
DLP Monitoring States
Data in use on endpoints, Data in motion transmitted over a network, Data at rest on a storage medium, Data transmitted to/from cloud-based systems
142
Key Exchange Protocols
TLS: DH or RSA SSL: KEA or RSA IPsec: IKE
143
Define IDEA
International Data Encryption Algorithm, symmetric-key block cipher
144
SSH Algorithms
IDEA (default) Blowfish DES
145
Explain the purpose of Firewall Logs
Identify traffic allowed or denied through the firewall (servers running specific services, device communicating via specific ports, etc.)
146
Explain the purpose of Systems Logs
Record OS, system, and HW events (logons, logon attempts, user rights, etc.)
147
Explain the purpose of Application Logs
Record actions performed by applications
148
Explain the purpose of Performance Logs
Record information about system resources (network connections, processors, memory, disks, and network utilization)
149
Archived Logs Primary Considerations
Disk space required Backup requirements on the server Time stamping Integrity of the logs
150
Application Level Audit Components
Logon/Logon Attempts User Name Start/End Time of access Activities performed
151
Purpose of Promiscuous Mode (p-mode)
Visibility for packet sniffers viewing captured frames sent to a NIC
152
Purpose of a Throughput Tester
Measure the amount of data that can be transferred through a network (aka bandwidth)
153
Linux TCP Port Scan Command
nmap -sT
154
Linux UDP Port Scan Command
nmap -sU
155
Purpose of TPM
Generate and store cryptographic keys | Generate hash values of system components
156
Linux server Installed Software RPM Package List Command
yum list installed