Test 1

Question 1

Which type of firewall will protect against a SYN flood attack?

Answer 1

Static firewall

Question 2

What type of firewall can protect from internal threats?

Answer 2

Host firewall

Question 3

What are 2 advantages and disadvantages of hardware firewalls?

Answer 3

+ fast throughput
+ out-of-the-box
- expensive
- difficult to upgrade

Question 4

What are 2 advantages and disadvantages of software firewalls?

Answer 4

+ cheap
+ less recovery time
- constant updates/patches
- stripped down OS without secure accounts

Question 5

What is a Firewall?

Answer 5

Can be hardware or software which protects the network against intrusion and is the most effective way to secure the network link (put a firewall between the local network and internet).

Question 6

What are some firewall best practices?

Answer 6

Principle of Least Privilege
Apply traffic rules and exceptions: untrusted/trusted hosts/ports/applications
Perform regular risk assessments
Ensure proper change management
Secure remote management
Defer to company policy

Question 7

What is Static Filtering?

Answer 7

A traditional firewall which has a very basic purpose: to control traffic entering in or exiting network interfaces.
Can be implemented on a single host and at/near a network gateway.

Question 8

How are packets evaluated in Static Filtering?

Answer 8

Each is evaluated one at a time with the following header information:
Protocol, Source IP, Destination IP, Source port (rarely), Destination port

Question 9

What is Stateful Filtering?

Answer 9

Packets belonging to active connections are allowed to pass through and connections are tracked in a state table.

Question 10

How are packets evaluated in Static Filtering?

Answer 10

When new packets arrive, their contents are compared to the state tables to determine whether they are denied or permitted.

Question 11

What is a Next Generation Firewall (NGFW)?

Answer 11

Same as traditional firewalls but can also filter based on applications, protocols and users and typically require more resources to do their job. They can be very expensive, depending on the hardware and licensing options that are chosen.

Question 12

What is Unified Threat Management?

Answer 12

The concept of having a single gateway device (NGFW) with a multitude of security controls.

Question 13

What are Web Application Firewalls (WAFs)?

Answer 13

Put in place to protect web applications, they inspect HTTP traffic going to and from web applications to detect and prevent attacks specific to web applications and can be considered a reverse proxy.

Question 14

What is the Zero Trust Security Model?

Answer 14

The Zero Trust Security Model removes the assumption of trust, and inspects all possible traffic. It monitors traffic flowing from NorthSouth and EastWest and is analogous with the approach: never trust, always verify. It protects internal resources from lateral attacks.

Question 15

What is TCP?

Answer 15

Transmission Control Protocol is connection oriented.
Connections begin with a three-way handshake.
Connections end with the session being terminated.

Question 16

What happens when you send a SYN to a closed port?

Answer 16

It will respond with a RST

Question 17

What happens when you send a SYN to a filtered port?

Answer 17

No response is received

Question 18

What happens when you send a SYN to an open port?

Answer 18

You will receive a SYN/ACK back

Question 19

What are some considerations when troubleshooting firewalls?

Answer 19

Can you replicate the problem?
Is the affected host online?
Is the affected service functioning?
Is it a routing problem?

Question 20

What is Netstat?

Answer 20

A command that can be used on both Windows and Linux to determine if a particular service is listening on a network interface.

Question 21

What is Nmap?

Answer 21

Network Mapper: a free open source tool that allows administrators (and attackers) to scan network devices to determine what ports are open and can be used to fingerprint services on open ports to determine specific service information such as web server type and version.

Question 22

What is Netfilter?

Answer 22

A packet filtering framework built into the Linux

kernel offering and uses kernel hooks at which packets can be inspected or manipulated.

Question 23

What is Iptables?

Answer 23

A standard firewall included in many Linux distributions which interfaces with the kernel-level netfilter hooks and is used to configure and view tables of packet filter rules. Nftables is a modern variant that may eventually become more popular than iptables.

Question 24

What are Iptables rules like?

Answer 24

Iptables rules are organized into chains. Chains are
collections of rules that a packet is checked against
sequentially.

Question 25

What is NAT?

Answer 25

Modifies network addresses in the IP headers of packets to allow remapping of one IP address space into another and allows hosts in a private network to transparently communicate with hosts on external networks.

Question 26

What is PAT?

Answer 26

Allows incoming sessions, that are initiated from an external host, to map a specific internal host and port.

Question 27

What are the default iptables chains?

Answer 27

INPUT – triggered after an incoming packet has been routed to the local system
OUTPUT – triggered by locally generated outbound traffic as it enters the network stack
FORWARD – triggered after an incoming packet has been routed and needs to be forwarded to another host

Question 28

What is the DHCP pattern?

Answer 28

Discover
Offer
Request
Acknowledge

Question 29

What is Packet Filter?

Answer 29

OpenBSD’s system for filtering TCP/IP traffic and doing NAT. It is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization.