Udemy Sections 12-14: Perimeter Security, Cloud Security, and Automation

Question 1

Security devices focused on the boundary between the LAN and the WAN in your organization’s network

Answer 1

Perimeter security

Question 2

A security solution that screens traffic between two portions of a network

Answer 2

Firewall

Question 3

A type of firewall that is run as a piece of software on a host or server

Answer 3

Software firewall

Question 4

A physical device that filters traffic going into a computer, network, or server

Answer 4

Hardware firewall

Question 5

One function out of many on a single device that filters traffic going into a computer, network, or server

Answer 5

Embedded firewall

Question 6

A method used by firewalls. They inspect each packet passing through the firewall and accepts or rejects it based on defined rules (configuration, ACLs)

Answer 6

Packet filtering

Question 7

A type of packet filtering where packets are accepted or rejected based on the IP address and port number requested.

Answer 7

Stateless packet filtering

Question 8

A type of packet filtering where the firewall keeps track of which internal requests use which port numbers, and use that information to examine the headers of inbound packets. If the headers of the IP packets match what the firewall was expecting to receive, it is allowed; If not, it is rejected.

This type of packet filtering all but eliminates IP spoofing.

Answer 8

Stateful packet filtering

Question 9

A type of filtering that filters traffic based upon the ports being utilized and the type of connection (TCP or UDP).

This type of filtering keeps track of which computer made a request by assigning each request a port number. If the incoming packet is not the response that the firewall expected on the port that it expected, it will reject the packet.

Answer 9

NAT filtering

Question 10

ALG stands for

Answer 10

Application-layer gateway
AKA application proxy gateway
AKA Layer 7 firewall

Question 11

A security solution that applies security mechanisms to specific applications, such as FTP or Telnet. It conducts an inspection based upon the application the incoming packet is destined for. It does NOT conduct these inspections based on port numbers; this firewall operates at Layer 7.

If a packet is destined for an application that it is protecting, it blocks it.

Answer 11

ALG (application-layer gateway)
AKA application proxy gateway
AKA Layer 7 firewall

Question 12

Application-specific translation agents that allow an application on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.

Answer 12

Application-level gateway
AKA application proxy gateway
AKA Layer 7 firewall

Question 13

A security policy domain defined for a web or application server

Answer 13

Realm

Question 14

A firewall that operates at the Session layer and only inspects the traffic during the establishment of the initial session over TCP or UDP.

After the session is established, the packets pass without any checks.

Answer 14

Circuit-level gateway

Question 15

A type of filtering where a firewall filters traffic based on MAC addresses

Answer 15

MAC filtering

Question 16

When traffic is allowed to enter or leave the network because there is an ACL rule that specifically allows it

Answer 16

Explicit allow

Question 17

Translate this firewall rule:

allow TCP 10.0.0.2 any port 80

Answer 17

The host with the IP address 10.0.0.2 can send packets to any other IP address as long as it is requesting it over port 80.

Question 18

When traffic is denied the ability to enter/leave the network because there is an ACL rule that specifically denies it

Answer 18

Explicit deny

Question 19

Translate this firewall rule:

deny TCP any any port 23

Answer 19

Prevents any device in the network from sending packets to any device outside of the network over port 23

Question 20

When traffic is denied the ability to enter or leave the network because there is no specific rule that allows it

Answer 20

Implicit deny

Question 21

Translate this firewall rule:

deny TCP any any port any

Answer 21

Any host inside the network can’t send TCP packets to any host outside the network no matter which port it goes through.

Question 22

What do firewalls do at Layer 3?

Answer 22

Block IP addresses

Layer 3 is the Network layer

Question 23

What do firewalls do at layer 4?

Answer 23

Block ports

Layer 4 is the Transport layer

Question 24

A type of firewall installed to protect your server by inspecting traffic being sent to and from your web application. It stands between the user and the web application to filter traffic.

Prevents XSS, SQL injection, and cookie poisoning

Answer 24

WAF (Web Application Firewall)

Question 25

WAF stands for

Answer 25

Web Application Firewall

Question 26

What type of firewall largely prevents XSS, cookie poisoning, and SQL injection?

Answer 26

WAF (Web Application Firewall)

Question 27

A device that acts as a middle man between a device and a remote server

Answer 27

Proxy server

Question 28

A type of proxy server that is used to secure a network by keeping its machines anonymous during web browsing

Answer 28

IP proxy

Question 29

A type of proxy server that attempts to serve client requests by delivering content from itself without actually contacting the remote server.

It does this by saving a copy of the results from previous requests and reusing the copy when the same requests happens.

Answer 29

Caching proxy

Question 30

The most common type of caching proxy

Answer 30

HTTP proxy

Question 31

Why are caching proxy not as effective as they used to be?

Answer 31

Because of the Web 2.0 structure giving each user customized information. For example, Facebook. Each person’s Facebook page looks extremely different.

Question 32

PAC stands for

Answer 32

Proxy Auto-Configuration file

Question 33

Files that contain configuration information to automatically configure a proxy server

Answer 33

PAC (Proxy Auto-Configuration) files

Question 34

T/F: It is best practice to configure proxy servers via the PAC files

Answer 34

False

Attackers can modify these files

Question 35

A type of proxy server used in organizations to prevent users from accessing prohibited websites and other content

Answer 35

Internet content filter

Question 36

A type of proxy server that is used as a go-between that scans devices for viruses, filters unwanted content, and performs data loss prevention functions.

Like an internet content filter, but with more functions.

Answer 36

Web security gateway

Question 37

A single computer (or file, group of files, or unused IP range) that might be considered attractive to an attacker

Answer 37

Honeypot

Question 38

A group of computers, servers, or networks used to attract an attacker

Answer 38

Honeynet

Question 39

What are honeypots used for?

Answer 39

Security research

Question 40

Systems designed to protect data by conducting content inspection of data being sent OUT of the network

Answer 40

DLP (Data Loss Prevention)

AKA ILP (Information Leak Prevention)

AKA EPS (Extrusion Prevention Systems)

Question 41

DLP stands for

Answer 41

Data Loss Prevention

Question 42

ILP stands for

Answer 42

Information Leak Protection

Question 43

EPS stands for

Answer 43

Extrusion Prevention Systems

Question 44

T/F: DLP, ILP, and EPS are all used interchangeably

Answer 44

True

Question 45

A security system that attempts to detect, log, and alert on malicious network activities

Answer 45

NIDS (Network Intrusion Detection System)

Question 46

NIDS stands for

Answer 46

Network Intrusion Detection System

Question 47

What mode are NIDS placed in so they can see all network traffic on a segment?

Answer 47

Promiscuous mode

Question 48

A system that attempts to remove, detain, or redirect malicious traffic

Answer 48

NIPS (Network Intrusion Prevention System)

Question 49

NIPS stands for

Answer 49

Network Intrusion Prevention System

Question 50

A term meaning that a device is directly in the path of incoming traffic

Answer 50

Inline

Question 51

Where should a NIPS be placed so that it is directly in the path of network traffic?

Answer 51

Inline

Question 52

A term meaning that if a NIPS fails, it allows all traffic through.

Answer 52

Fail open

Question 53

A term meaning that if a NIPS fails, it blocks all traffic

Answer 53

Fail shut

Question 54

Which is more secure: fail open or fail shut?

Answer 54

Fail shut

But it means that the network will essentially be shut down.

Question 55

What do most organizations choose to do when they are faced with the choice between having their NIPS fail open or fail shut?

Answer 55

They choose fail open.

This is because a fail shut would cause their network to go down. They choose to rely on other defensive layers when their NIPS fails, rather than take their whole network down.

Question 56

Software products that are used to capture packets, allow an administrator to analyze the packets, and help with troubleshooting by viewing patterns within the packet captures.

Answer 56

Protocol analyzer

Question 57

T/F: NIDS and NIPS can also perform protocol analyzer functions

Answer 57

True

Question 58

Examples of protocol analyzers

Answer 58

Wireshark, Network Monitor

Question 59

UTM stands for

Answer 59

Unified Threat Management

Question 60

A single device that acts as a combination of network security devices and technologies to provide more defense in depth within a single device

This device can act as a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN

Answer 60

UTM (Unified Threat Management) system

Question 61

NGFW stands for

Answer 61

Next Generation Firewall

Question 62

T/F: UTM systems are usually placed as the outermost device in a LAN, replacing a firewall

Answer 62

True

Question 63

T/F: UTM system and NGFW are used interchangeably

Answer 63

True

Question 64

A way of offering on-demand services that extend the traditional capabilities of a computer or network out into the internet

Answer 64

Cloud computing

Question 65

An IT framework that combines storage, computing, and networking into a single system that can reduce data center complexity and increase scalability. This framework relies on virtualization.

Answer 65

Hyperconvergence

Question 65

Allows a cloud provider to offer a full desktop OS to an end user from a centralized server

Answer 65

VDI (Virtual Desktop Infrastructure)

Question 65

VDI stands for

Answer 65

Virtual Desktop Infrastructure

Question 66

VDI desktops are non-persistent. What does this mean for security?

Answer 66

Even if an attacker compromises one of the virtual desktops, it can quickly be deleted, and the attacker is blocked out again. This destroys the ability for the attacker to be persistent on the desktop.

Question 67

A protected memory region that provides confidentiality for data and code execution. While the data is being processed and kept in memory, it is encrypted and isolated, thus protecting data from the OS and hypervisors.

Answer 67

Secure enclave

Question 68

A method of keeping data at rest confidential. When data on the volume is needed, a secure volume is mounted and decrypted to allow access. When the data is no longer needed, it is re-encrypted and is unmounted from the virtual server.

Answer 68

Secure volume

Question 69

4 different cloud types

Answer 69

Public
Private
Hybrid
Community

Question 70

A service provider makes resources available to the end users over the internet. The most common type of cloud architecture.

Answer 70

Public cloud

Question 71

A company creates its own cloud environment that only it can utilize as an internal enterprise resource. The organization is responsible for the design, implementation, and operation of the cloud resources and the servers that host them.

Answer 71

Private cloud

Question 72

A cloud solution that combines the benefits of both the public cloud and private cloud options. Some resources are developed and operated by the organization (like a private cloud), but the organization may also outsource some services to a service provider (like a public cloud).

Answer 72

Hybrid cloud

Question 73

T/F: Hybrid clouds must have strict guidelines regarding where sensitive data is stored.

Answer 73

True

Sensitive data should be stored on the organization’s private cloud portion of the hybrid cloud

Question 74

A cloud solution in which resources and costs are shared among several different organizations who have common service needs

Answer 74

Community cloud

Question 75

The 4 “as a Service” services

Answer 75

SaaS
IaaS
PaaS
SECaaS

Question 76

A third party provides all the hardware, OS, software, and applications needed for a complete service to be delivered

Answer 76

SaaS (Software as a Service)

Question 77

A third party provides all the hardware, OS, and backend software needed in order to develop your own software or service.

Answer 77

IaaS (Infrastructure as a Service)

Question 78

A third party provides your organization with the hardware and software needed for a specific service to operate.

Answer 78

PaaS (Platform as a Service)

Question 79

Of IaaS, PaaS, and SaaS, which provides the least amount of service?

Answer 79

IaaS

Question 80

Of IaaS, PaaS, and SaaS, which provides the most amount of service?

Answer 80

SaaS

Question 81

A service in which a third party provides everything your organization needs to run a server, including the power, space, cooling, network, firewalls, physical servers, and virtualization layer

Answer 81

IaaS

Question 82

A service in which a third party provides everything your organization needs to run a server, including the OS and infrastructure software (web server software, programming languages, etc)

Answer 82

PaaS

Question 83

A service in which a third party provides your organization with a hosted application service

Answer 83

SaaS

Question 84

A third party provides your organization with various types of security services without the need to maintain a cybersecurity staff. Also provides the organization’s IT staff with a simple security interface that they can use.

Answer 84

SECaaS

Question 85

Pro of SECaaS

Answer 85

When the service provider updates their virus signature database, all of their customers instantly get updated antimalware

Question 86

Con of SECaaS

Answer 86

It is heavily reliant on good internet connection. If your host is offline, it may be vulnerable

Question 87

What 3 advantages does cloud-based vulnerability scanning have over traditional vulnerability scanning?

Answer 87

You have the option of scanning either internally or externally. Externally, meaning you scan from outside your network, provides you with an attacker’s perspective.

Installation and maintenance costs are much lower.

Equipment is always kept up-to-date.

Question 88

What is the one big disadvantage of cloud-based vulnerability scanning?

Answer 88

Your vulnerability data may be stored on the cloud provider’s server

Question 89

A security technique that utilizes separate virtual networks to allow security professionals to test suspicious or malicious files

Answer 89

Sandboxing

Question 90

An organizational process that ensures that authorized people (and no one else) have access to the technology resources they need to perform their job functions.

It ensures greater control of user access by identifying, authenticating, and authorizing users, while prohibiting unauthorized ones.

Answer 90

IAM (Identity and Access Management)
AKA IdM (Identity Management)

Question 91

A method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails.

Answer 91

Failover

Question 92

The act of removing user access to resources

Answer 92

Deprovisioning

Question 93

What may be left behind after deprovisioning?

Answer 93

Data remnants

Question 94

How to prevent data remnants in a cloud server?

Answer 94

Data should always be encrypted when placed in the cloud server, including the virtual hard disk files for the hosted virtual servers

Question 95

Servers used to store, transfer, migrate, synchronize, and archive files for your organization

Answer 95

File servers

Question 96

T/F: Any computer can act as a file server

Answer 96

True

Question 97

A software program used to send and receive email

Answer 97

Email server

Question 98

Which type of server are most commonly attacked, and thus need much more hardening and security measures?

Answer 98

Email server

Question 99

Computer software and underlying hardware that accepts request via HTTP and stores and delivers the content for a website, including application data.

Answer 99

Web server

Question 100

Where should web servers be placed in your organization?

Answer 100

DMZ

Question 101

A specialized type of file server that is used to host files for distribution across the web. Can be setup for anonymous login or be secured with a username and password.

Answer 101

FTP server

Question 102

Difference between file servers and FTP servers?

Answer 102

File servers are only accessible within the business’ internal network

FTP servers store files on a remote server, and files are uploaded via the internet

Question 103

What connection should FTP servers be configured to require? Why?

Answer 103

TLS

If your FTP server requires login credentials, you need to make sure they are protected during transmission. FTP is a plaintext protocol.

Question 104

A server that acts as a central repository of all the user accounts and their associated passwords for the network

For Windows, this is Active Directory

For Linux, this is equivalent to an LDAP server

Answer 104

Domain controller

Question 105

Which type of server is targeted for privilege escalation and lateral movement? Why?

Answer 105

Domain controller

It contains user accounts and their login credentials for the network

Question 106

A type of attack against Active Directory that exploits a vulnerability in the Kerberos ticket granting system to generate a “skeleton key” for all devices in the domain.

Answer 106

Golden ticket attack

Question 107

A protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. It works on the basis of tickets.

Answer 107

Kerberos

Question 108

Which protocol does Active Directory rely on?

Answer 108

Kerberos

Question 109

2 ways to prevent the golden ticket attack

Answer 109

Ensure that AD controller is up-to-date on patches

Harden AD controller

Question 110

Which is more risky security-wise: A cloud-based infrastructure, or local private company intranet?

Answer 110

Cloud-based infrastructure

If you don’t configure the cloud just right, you could introduce security vulnerabilities

Question 111

A private network segment made available to a single cloud consumer within a public cloud

Answer 111

VPC (Virtual Private Cloud)

Question 112

VPC stands for

Answer 112

Virtual Private Cloud

Question 113

Which “as a Service” product is VPC?

Answer 113

IaaS

This means you need to do all administrative work for it also. Configuring IP address space, routing, load management, software installation, etc.

Question 114

T/F: VPCs are as secure as private clouds

Answer 114

False

You are sharing devices with a public cloud. Also, there may be data remnants.

Question 115

Occurs when an organization is forced to continue using a produce or service regardless of quality because switching away is not practical.

Answer 115

Vendor lock-in

Question 116

Enterprise management software designed to mediate access to cloud services by users across all types of devices. Helps with authentication and access control.

Includes these services:
SSO
Malware and rogue device detection
Monitor/audit user activity
Mitigate data exfiltration

Answer 116

CASB (Cloud Access Security Broker)

Question 117

CASB stands for

Answer 117

Cloud Access Security Broker

Question 118

An unauthorized, malicious node on a network

Answer 118

Rogue device

Question 119

A security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy

You must go through the proxy to leave your local network

Answer 119

Forward proxy

Question 120

A security appliance or host positioned at the cloud network edge that directs traffic to the cloud network if the contents of that traffic comply with policy

You must go through the proxy to get into the cloud network.

Answer 120

Reverse proxy

Question 121

A method that uses the broker’s connection between the cloud service and the cloud consumer. Any updates to a user’s authorization is communicated through the API to/from the cloud and broker.

Answer 121

API (Application Programming Interface)

Question 122

API stands for

Answer 122

Application Programming Interface

Question 123

A library of programming utilities used to enable software developers to access functions of another application

Answer 123

API (Application Programming Interface)

Question 124

A tool to transfer data to/from a server using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, FILE)

Used to test APIs

Answer 124

curl

Question 125

FaaS stands for

Answer 125

Function as a Service

Question 126

A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language

Basically, it allows you to run and make applications without having a server

Answer 126

FaaS (Function as a Service)

Question 127

A software architecture that runs functions (or microservices) within virtualized runtime containers in a cloud rather than on dedicated server instances

Answer 127

Serverless

Question 128

In serverless, everything is developed as a collection of what?

Answer 128

Functions and microservices

Question 129

3 biggest advantages to serverless architecture

Answer 129

No patching
No administration
No file system monitoring

Question 130

An API must be used over what kind of channel?

Answer 130

Encrypted

Question 131

Mechanisms that protect an API from a DoS attack

Answer 131

Throttling/rate-limiting

Question 132

A technique used to control the amount of traffic that an API can handle. Shapes API access by smoothing spikes in traffic.

Answer 132

Throttling

Question 133

A technique to limit network traffic to prevent users from exhausting system resources. Provides a hard limit on API access.

Answer 133

Rate-limiting

Question 134

T/F: You should hardcode/embed a key into the source code

Answer 134

False

If you embed your key, an attacker can access it and do damange.

Question 135

What security weakness is inherent to SaaS?

Answer 135

SaaS does not supply access to log files or monitoring tools

Question 136

A cloud storage container used in AWS

Answer 136

Bucket

Question 137

A cloud storage container used in Microsoft Azure

Answer 137

Blob

Question 138

T/F: Buckets and blobs mean the same thing in regard to cloud storage

Answer 138

True

Question 139

A content delivery network policy that instructs the browser to treat requests from nominated domains as safe

Answer 139

CORS (Cross Origin Resource Sharing) policy

Question 140

CORS stands for

Answer 140

Cross Origin Resource Sharing

Question 141

A cloud deployment model where the consumer uses multiple public cloud services

Answer 141

Multi-cloud

Question 142

The automation of multiple steps in a deployment process

Answer 142

Orchestration

Question 143

What is the automation of automations?

Answer 143

Orchestration

Question 144

3 types of orchestration

Answer 144

Resource orchestration

Workload orchestration

Service orchestration

Question 145

A type of orchestration that provisions and allocates resources within a cloud environment

Answer 145

Resource orchestration

Question 146

A type of orchestration that manages applications and other cloud workloads that need to be performed, and has the components to create the product you need. It manages things that are working together.

Answer 146

Workload orchestration

Question 147

A type of orchestration used to deploy services within the cloud environment

Answer 147

Service orchestration

Question 148

CI stands for

Answer 148

Continuous integration

Question 149

CD stands for

Question 150

A software development method where code updates are tested and committed to a development or build server/code repository rapidly

Answer 150

CI (Continuous Integration)

Question 151

How do software developers working from a data repository prevent too many divergences?

Answer 151

CI (Continuous Integration)

Question 152

A software development method where application and platform requirements are frequently tested and validated for immediate availability

Answer 152

CD (Continuous Delivery)

Question 153

CD stands for

Answer 153

Continuous Delivery

OR

Continuous Deployment

(THESE MEAN DIFFERENT THINGS)

Question 154

T/F: You must be doing CI before you can do CD

Answer 154

True

Question 155

CI/CD stands for

Answer 155

Continuous Integration / Continuous Delivery

OR

Continuous Integration / Continuous Deployment

Question 156

A software development method were application and platform updates are committed to production rapidly

Answer 156

CD (Continuous Deployment)

Question 157

Difference between continuous delivery and continuous deployment

Answer 157

Continuous delivery focuses on automated testing of code in order to get it ready for release

Continuous deployment focuses on automated testing AND release of code in order to get it into the production environment more quickly

Question 158

An organizational culture shift that combines software development and systems operations by referring to the practice of integrating the two disciplines within a company

Answer 158

DevOps

Question 159

Difference between software development and systems operations?

Answer 159

Developers work toward the goal by writing code that’s secure, effective, and easy for others to review

Operators ensure the final product meets the quality threshold by providing and monitoring and maintaining of systems

Question 160

The problem with DevOps

Answer 160

Software was being pushed out so fast that it had problems with security compliance or government regulation compliance

Question 161

A combination of software development, security operations, and systems operations by integrating each discipline with the others

Answer 161

DevSecOps

Question 162

A concept meaning to consider security early in the beginning of a project

Answer 162

Shift-left

Question 163

IaC stands for

Answer 163

Infrastructure as Code

Question 164

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration

Answer 164

IaC (Infrastructure as Code)

Question 165

T/F: Since IaC pushes out software development faster, it’s generally less secure

Answer 165

False

Through the use of scripts, security templates, and security policies, it is often more secure because less code is left to human error.

Question 166

Any system that is different in its configuration compared to a standard template within an IaC architecture

Answer 166

Snowflake system

Question 167

Snowflake systems cause what 2 kinds of issues?

Answer 167

Security issues

Inefficiencies in IT support

Question 168

A property of IaC that an automation or orchestration action always produces the same result, regardless of the component’s previous state

Answer 168

Idempotence

Question 169

A script inside of an orchestration is called

Answer 169

Runbook

Question 170

AI stands for

Answer 170

Artificial intelligence

Question 171

ML stands for

Answer 171

Machine learning

Question 172

The science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention

Answer 172

AI (artificial intelligence)

Question 173

A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions

Answer 173

ML (machine learning)

Question 174

T/F: Machine learning is only as good as the datasets used to train it

Answer 174

True

Question 175

An architecture of input, hidden, and output layers that can perform algorithmic analysis of a dataset to achieve outcome objectives

The pathways being created as a result of ML

Answer 175

ANN (Artificial Neural Network)

Question 176

ANN stands for

Answer 176

Artificial Neural Network

Question 177

A refinement of ML that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions

Answer 177

Deep learning

Question 178

Difference between ML and deep learning

Answer 178

Deep learning does not require a human to manually identify features of a dataset. You just give it the data and let it go.