Udemy Sections 9-11: Application Security, Secure Software Development, and Network Design

Question 1

T/F: It is best practice to immediately upgrade to the newest browser when it comes out.

Answer 1

False

New browsers can have bugs and security issues. It is best practice to wait to upgrade until issues have been fixed.

Question 2

T/F: It is best practice to immediately download the newest patch when it comes out.

Answer 2

True

A patch means that there is a vulnerability that has been found and fixed through that patch.

Question 3

What two things should you take into consideration when choosing a browser?

Answer 3

Your OS
Your needs

Question 4

5 general security tips to secure your browser

Answer 4

Implement policies as an administrative control or technical control

Train your users

Use proxy servers to cache the website and reduce bandwidth usage

Use content filters to blacklist websites or categories of sites

Prevent malicious code by preventing ActiveX controls, Java applets, JavaScript, Flash, and other active content

Question 5

Text files placed on a client’s computer to store information about the user’s browsing habits, credentials, and other data

Answer 5

Cookies

Question 6

A type of cookie commonly used by spyware to gather details about users. Includes information about what websites the user goes to, for how long, and what types of things the users click on.

Answer 6

Tracking cookie

Question 7

A type of cookie used to keep track of users and their preferences, including what is in virtual shopping carts.

Being used as a way to maintain a connection and a session between the user and the server.

Answer 7

Session cookie

Question 8

Since the common populace doesn’t like cookies, what type of tracking are organizations switching to?

Answer 8

Server-side tracking

Question 9

A data file stored in your Windows user profile under the Flash folder inside of your AppData folder. It is created by visiting a website that runs a Flash application.

Answer 9

LSO (Locally Shared Object)
AKA Flash cookie

Question 10

What does LSO stand for?

Answer 10

Locally Shared Object

Question 11

What is replacing Adobe Flash?

Answer 11

HTML5

Question 12

Smaller browser extensions and plugins that provide additional functionality to the browser

Answer 12

Add-ons

Question 13

Why is it best practice to not use any additional extensions or add-ons with your browser?

Answer 13

More code always means more vulnerability risk.

Question 14

Browser configuration and settings for numerous options such as SSL/TLS settings, local storage/cache size, browsing history, etc.

Answer 14

Advanced security options

Question 15

Which version of SSL is deprecated?

Answer 15

SSL 3.0

Question 16

Which version of TLS is deprecated?

Answer 16

TLS 1.0

Question 17

The obvious first step to protect your documents from being viewed or modified. The Microsoft suite has this capability built-in.

Answer 17

Create a password for them

Question 18

What can you set your documents to if you want them to be viewed, but not modified by others?

Answer 18

Read only

Question 19

By default, should you enable or disable macros?

Answer 19

Disable

Question 20

What does MS Outlook use for email security?

Answer 20

Digital signatures

Question 21

The file type for a Microsoft Outlook data file (including archived emails)

Answer 21

.pst

Question 22

A Windows security component that prevents unauthorized access and avoids user error in the form of accidental changes.

It keeps every user besides the actual administrator account in a standard user mode. When an administrative action is taken, this triggers a pop-up to ask for credentials.

Answer 22

UAC (User Account Control)

Question 23

UAC stands for

Answer 23

User Account Control

Question 24

A cookie with this attribute is only sent to the server with an encrypted request over the HTTPS protocol. This keeps the contents of the cookie safe from MITM attacks.

Answer 24

Secure

Question 25

A cookie with this attribute is inaccessible to the JavaScript API; it’s only sent to the server.

Answer 25

HttpOnly

Question 26

This cookie attribute specify which hosts can receive a cookie.

Answer 26

Domain

Question 27

This cookie attribute indicates a URL path that must exist in the requested URL in order to send the cookie header.

Answer 27

Path

Question 28

This cookie attribute lets the servers specify whether/when cookies are sent with cross-site requests. This provides protection against CSRF attacks. This attribute has 2 variations: Strict and Lax.

Answer 28

SameSite

Question 29

SDLC stands for

Answer 29

Software Development Life Cycle

Question 30

An organized process of developing a secure application throughout the life of the project. Based on the Waterfall Model.

Answer 30

SDLC (Software Development Life Cycle)

Question 31

Phase 1 of the SDLC

Answer 31

Planning and analysis

The goals are determined, stakeholder needs are assessed, requirements are gathered, high-level planning is conducted.

Question 32

Phase 2 of the SDLC

Answer 32

Software/systems design

Application/system is defined, outlined, and diagramed in detail. Focus on the overarching inputs and outputs of each function that makes up the finalized software.

Question 33

Phase 3 of the SDLC

Answer 33

Implementation

Programmers code functions needed for the final product. Programmers perform basic debugging and testing to ensure it is functional.

Question 34

Phase 4 of the SDLC

Answer 34

Testing

The code is tested through a myriad of testing methodologies

Question 35

Phase 5 of the SDLC

Answer 35

Integration

The application/system is integrated into the larger network environment. This ensures that all the parts can interact effectively and correctly.

Question 36

Phase 6 of the SDLC

Answer 36

Deployment

Application/system is moved into the production environment where customers and end users can utilize it to perform their work.

Question 37

Phase 7 of the SDLC

Answer 37

Maintenance

Bugs and vulnerabilities are always found. Programmers roll out patches and updates. Also includes end user training on the new software/system.

Question 38

The 7 phases of the SDLC

Answer 38

Planning and analysis
Software/systems design
Implementation
Testing
Integration
Deployment
Maintenance

Question 39

The SDLC phase where programmers roll out patches and updates. Also includes end user training on the new software/system.

Answer 39

Phase 7: Maintenance

Question 40

The SDLC phase where the application/system is moved into the production environment where customers and end users can utilize it to perform their work.

Answer 40

Phase 6: Deployment

Question 41

The SDLC phase where the application/system is integrated into the larger network environment. This ensures that all the parts can interact effectively and correctly.

Answer 41

Phase 5: Integration

Question 42

The SDLC phase where the code is tested through a myriad of testing methodologies

Answer 42

Phase 4: Testing

Question 43

The SDLC phase where programmers code functions needed for the final product. Programmers perform basic debugging and testing to ensure it is functional.

Answer 43

Phase 3: Implementation

Question 44

The SDLC phase where the application/system is defined, outlined, and diagramed in detail. Focus on the overarching inputs and outputs of each function that makes up the finalized software.

Answer 44

Phase 2: Software/systems design

Question 45

The SDLC phase where the goals are determined, stakeholder needs are assessed, requirements are gathered, high-level planning is conducted.

Answer 45

Phase 1: Planning and analysis

Question 46

PSITIDM is an acronym (I created) for…

Answer 46

The 7 SDLC phases.

Planning and analysis
Software/systems design
Implementation
Testing
Integration
Deployment
Maintenance

Question 47

In the version Windows 10 v10.0.12425, which number is the major number?

Answer 47

10

Question 48

In the version Windows 10 v10.0.12425, which number is the minor number?

Answer 48

0

Question 49

In the version Windows 10 v10.0.12425, which number is the build number?

Answer 49

12425

Question 50

What is the additional phase that is only sometimes mentioned of the SDLC?

Answer 50

Phase 8: Retirement

Usually included with Phase 7: Maintenance, but not always

Question 51

Software development that is performed in time-boxed or small increments to allow more adaptivity to change

Answer 51

Agile

Question 52

DevOps stands for

Answer 52

Software development and IT operations

Question 53

A way of conducting business where software developers and IT operations personnel work closely together to speed up development and deployment of applications to deliver to the end user quicker.

It is best to include security personnel as well to ensure good security despite the quick deadline.

Answer 53

DevOps

Question 54

CIA stands for

Answer 54

Confidentiality
Integrity
Availability

Question 55

Most common way of ensuring Confidentiality

Answer 55

Encryption

Question 56

2 main ways of ensuring Integrity

Answer 56

Hash algorithms
Journaling and logging

Question 57

Most common way of ensuring Availability

Answer 57

Redundancy in the overall system design

Question 58

A structured representation of all the information that affects the security of an application. Involves using hypothetical scenarios, system diagrams, and testing to help secure systems and data.

Answer 58

Threat modeling

Question 59

What practice helps prioritize vulnerability identification and patching?

Answer 59

Threat modeling

Question 60

In the SDLC, when should you begin to think about security?

Answer 60

From the beginning: Planning and analysis and Implementation phases

Question 61

Users and processes should be run using the least amount of access necessary to perform a given function

Answer 61

Lease privilege

Question 62

The layering of security controls that is more effective and secure than relying on a single control

Answer 62

Defense in depth

Question 63

The idea that any input received from a user should undergo input validation prior to allowing it to be utilized by an application

Answer 63

Never trust user input

Question 64

Reducing the amount of code used by a program, eliminating unneeded functionality, and requiring authentication prior to running additional plugins is all called…

(Hint: It’s not hardening.)

Answer 64

Minimizing attack surface

Question 65

The idea that default installations should include secure configurations instead of requiring an administrator or user to add in additional security

Answer 65

Secure defaults

Question 66

Applications should be deployed using _____ to ensure the program is not changed prior to delivery to an end user

Answer 66

Code signing

Question 67

Code signing enables what?

Answer 67

Authenticity and integrity

Question 68

The idea that applications should be coded to properly conduct error handling for exceptions in order to fail securely instead of crashing

Answer 68

Fail securely

Question 69

SDK stands for

Answer 69

Software Development Kit

Question 70

This allows a programmer to reuse code from other programmers to save time and effort.

Answer 70

SDK (Software Development Kit)

Question 71

T/F: You should make sure SDKs come from trusted sources to ensure no malicious code is being added.

Answer 71

True

Question 72

Black-box, white-box, and gray-box testing are all forms of what kind of testing?

Answer 72

System testing

Question 73

Occurs when a tester is not provided with any information about the system/program prior to conducting the test

Answer 73

Black-box testing

Question 74

Occurs when a tester is provided full details of a system including the source code, diagrams, and user credentials in order to conduct the test

Answer 74

White-box testing

Question 75

Occurs when a tester is given some information of a system that they are going to test.

Answer 75

Gray-box testing

Question 76

An error that occurs while the computer is running

Answer 76

Run-time error

Question 77

An error that causes the computer to cease running due to a coding error

Answer 77

Syntax error

Question 78

Another word for error is

Answer 78

Exception

Question 79

An exception handling mechanism that provides control over what the application should do when faced with a runtime or syntax error.

Answer 79

SEH (Structured Exception Handling)

Question 80

SEH stands for

Answer 80

Structured Exception Handling

Question 81

A method used to verify that information received from a user matches a specific format or range of values

Answer 81

Input validation

Question 82

A type of code analysis where the source code of an application is reviewed manually or with automatic tools without running the code

Answer 82

Static analysis

Question 83

A type of code analysis that occurs when a program is tested while it is being executed or run

Answer 83

Dynamic analysis

Question 84

Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper input validation

Answer 84

Fuzzing
AKA fuzz test

Question 85

Code placed in computer programs to bypass normal authentication and other security mechanisms

Answer 85

Backdoors

Question 86

T/F: Backdoors are part of security best practice.

Answer 86

False

Backdoors are never good to use. They provide a vulnerability for an attacker to exploit.

Question 87

A method of accessing unauthorized directories by moving through the directory structure on a remote server.

Answer 87

Directory traversal

Question 88

Anytime you see ../ in a URL, what type of exploit is it?

Answer 88

Directory traversal

Question 89

Occurs when an attacker is able to execute or run commands on a victim computer

Answer 89

Arbitrary code execution

Question 90

Occurs when an attacker is able to execute or run commands on a remote computer

Answer 90

RCE (Remote Code Execution)

Question 91

RCE stands for

Answer 91

Remote Code Execution

Question 92

A vulnerability that allows RCE to occur has what classification under the CVSS?

Answer 92

Critical

Question 93

An attack against a vulnerability that is unknown to the original developer/manufacturer.

Answer 93

Zero-day attack

Question 94

Occurs when a process stores outside the memory range allocated by the devleoper

Answer 94

Buffer overflow

Question 95

A temporary storage area that a program uses to store data

Answer 95

Buffer

Question 96

T/F: Over 85% of data breaches were caused by a buffer overflow

Answer 96

True

Question 97

Reserved area of memory where the program saves the return address when a function call instruction is received

Answer 97

Stack

Question 98

Occurs when an attacker places too much information into a stack or changes the value of the Return Pointer to overwrite the return address of the Pointer so it will point to a different place in a stack where they have placed their malicious code.

Answer 98

Buffer overflow

Question 99

Occurs when an attacker fills up a buffer with NOP so that the return address may hit a NOP and continue on until it finds the attacker’s code to run

Answer 99

Smash the Stack

Question 100

NOP stands for

Answer 100

Non-Operation Instruction

Question 101

A piece of code that tells a program to do nothing and to go to the next piece of instruction

Answer 101

NOP (Non-Operation Instruction)

Question 102

Occurs when a program goes from NOP to NOP until it hits a final return pointer, usually to malicious code.

Answer 102

NOP slide

Question 103

ASLR stands for

Answer 103

Address Space Layout Randomization

Question 104

A method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits. The attacker has difficulty guessing where the Return Pointer is in a stack.

Answer 104

ASLR (Address Space Layout Randomization)

Question 105

A security exploit that attempts to extract secrets from a chip or a system. This can be achieved by measuring or analyzing various physical parameters. Examples include supply current, execution time, and electromagnetic emission.

Answer 105

Side-channel attack

Question 106

An attack where the attacker attempts to put more data into memory than it is designed to hold

Answer 106

Buffer overflow

Question 107

Occurs when an attacker embeds malicious scripting commands into a trusted website. This allows the attacker to steal the victim’s cookies or steal other information from a victim’s web browser.

Answer 107

XSS (Cross-site scripting)

Question 108

In a XSS attack, is the victim the website, or the viewer?

Answer 108

The viewer

Question 109

This XSS attack attempts to get data provided by the attacker to be saved on the web server by the victim

Answer 109

Stored/persistent XSS

Question 110

This XSS attack attempts to have a non-persistent effect activated by a victim by clicking a link on the site

Answer 110

Reflected

Question 111

This XXS attack attempts to exploit the victim’s web browser.

Answer 111

DOM-based (Document Object Model)
AKA client-side XSS

Question 112

Part of a user’s web browser that is an API for web documents (HTML and XML). It defines the logical structure of documents and the way a document is accessed and manipulated.

Answer 112

DOM (Document Object Model)

Question 113

The process of ensuring that any data sent to a client is safe and won’t cause unintended consequences on the client side. It transforms user-supplied or untrusted data into a safe format that does not interfere with the intended functionality or appearance of a web page.

Answer 113

Output encoding

Question 114

The process that prevents malicious or inappropriate data from entering your system.

Answer 114

Input validation

Question 115

The 2 main ways to prevent XSS (as the website programmer)

Answer 115

Output encoding
Input validation

Question 116

2 main ways to protect yourself (as the end user) from XSS

Answer 116

Increasing security settings for cookie storage

Disabling scripting languages when browsing the web

Question 117

An attack that exploits the trust that a user’s web browser has in a website

Answer 117

XSS (cross-site scripting)

Question 118

An attack that exploits the trust that a website has in a user’s web browser

Answer 118

XSRF (cross-site request forgery)
AKA CSRF

Question 119

Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated

Answer 119

XSRF (cross-site request forgery)
AKA CSRF

Question 120

An attack in which an attacker sends a command to a web server through a user’s existing authenticated session.

Answer 120

XSRF (cross-site request forgery)
AKA CSRF

Question 121

4 ways to prevent XSRF (as the website programmer)

Answer 121

Require tokens (captcha)

Encryption

XML file scanning (scan any XML files sent to the server)

Cookie verification (require users to submit their cookies twice for verification)

Question 122

An attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

Answer 122

SQL injection

Question 123

An attack that involves the insertion of additional information or code through data input from a client to an application

Answer 123

Injection attack

Question 124

The 4 most common languages used in injection attacks

Answer 124

SQL
HTML
XML
LDAP

Question 125

Which language is by far the most commonly used in injection attacks?

Answer 125

SQL

Question 126

What key is used before code to treat the code as executable even if it is written in quotes?

Answer 126

` (called escape character, backquote, etc.)

Question 127

How to prevent SQL injection (as a website programmer)

Answer 127

Input validation
Least privilege

Question 128

What is the number one best thing you can do to prevent any type of injection attack?

Answer 128

Input validation

Question 129

Anytime you see `OR 1=1 what type of attack is it? What should you do to prevent it?

Answer 129

SQL injection
Input validation

Question 130

XML data submitted without encryption or input validation is vulnerable to what 3 attacks?

Answer 130

Spoofing
Request forgery
Injection of arbitrary code

Question 131

A type of attack where XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it

Answer 131

XML bomb
AKA Billion Laughs attack

Question 132

A way of representing data within an XML document without using the data itself

Answer 132

XML entity

Question 133

An attack that embeds a request for a local resource

Answer 133

XXE (XML eXternal Entity) attack

Question 134

An XXE attack is similar to what type of attack?

Answer 134

File inclusion

Question 135

A type of vulnerability that allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application.

Answer 135

File inclusion vulnerability

Question 136

<?xml version=”1.0” encoding=”ISO-8859-1”?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM “file:///etc/shadow” >]>

<foo>&xxe;</foo>

This is an example of what type of attack?

Answer 136

XXE (XML eXternal Entity)

Note the inclusion of the file file:///etc/shadow. The attacker is trying to do a file inclusion through XML, which is an XXE attack.

Question 137

Best way to keep XML vulnerabilities from being exploited?

Answer 137

Input validation

Question 138

T/F: XML vulnerability, XML exploitation, and XML injection all mean the same thing

Answer 138

True

Question 139

Easily defineable traits different between XML and JavaScript/HTML?

Answer 139

HTML and JavaScript have defined tags.

In XML, you can make the tags say anything you want.

Question 140

Tags that say <font> or <image> are using what type of language?</image></font>

Answer 140

HTML

Question 141

Tags that say <question> <id> <type> <element> <entity> are using what type of language?</entity></element></type></id></question>

Answer 141

XML

Question 142

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer

Answer 142

Race condition

Question 143

A vulnerability found where multiple threats are attempting to write a variable or object at the same memory location

Answer 143

Race condition

Question 144

A software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing it points to

Answer 144

Dereferencing

Question 145

Dirty COW is a type of what kind of exploit?

Answer 145

Race condition exploit

COW stands for Copy On Write
Allowed attackers to write to a file where they were only supposed to have read access

Question 146

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource

Answer 146

TOCTOU (Time of Check to Time of Use)
AKA TOCTTOU
AKA TOC/TOU

Question 147

TOCTOU stands for

Answer 147

Time of Check to Time of Use

Question 148

Difference between a race condition and TOCTOU vulnerability?

Answer 148

The race condition is when two processes attempt to access a resource at the same time.

TOCTOU is caused by a race condition, and it involves a piece of data changing between the time a process checks a piece of information and the time it uses the information.

Question 149

2 ways to prevent a TOCTOU vulnerability

Answer 149

Develop applications to process things in parallel rather than sequentially if possible

Implement a locking mechanism to provide an app or user exclusive access to a resource

Question 150

Vulnerabilities often arise from what?

Answer 150

General design of code

Question 151

Any code that is used or invoked outside the main program development process

Answer 151

Insecure components

Question 152

Code reuse
Third-party library
SDK (Software Development Kit)

These are all examples of outside code being brought in. What are they called? And what do they bring in?

Answer 152

Insecure components
Vulnerabilities

Question 153

Caused by any program that doesn’t properly record or log detailed enough information for an analyst to perform their job

Answer 153

Insufficient logging and monitoring

Question 154

Describes any program that uses ineffective credentials or configurations, or one in which the defaults have not been changed for security

Answer 154

Weak or default configurations

Question 155

2 best practices to secure configuration?

Answer 155

Utilize scripted installations
Use baseline configuration templates

Question 156

An attack in which the attacker takes over a web user’s session by obtaining the session ID and masquerading as the authorized user.

Answer 156

Session hijacking

Question 157

The insertion of malicious data, which has not been validated, into a HTTP response header.

Answer 157

Header manipulation

Question 158

The model used to explain network communications between a host and remote device over a LAN or WAN

Answer 158

OSI Model

Question 159

Please Do Not Throw Sausage Pizza Away stands for

Answer 159

The 7 layers of the OSI model

Physical
Data link
Network
Transport
Session
Presentation
Application

Question 160

What are the data units at the Physical layer?

Answer 160

Bits

Question 161

The OSI layer that represents the actual network cables and radio waves used to carry data over a network

Answer 161

Layer 1: Physical layer

Question 162

The OSI layer that describes how a connection is established, maintained, and transferred over the physical layer and uses physical addressing (MAC addresses)

Answer 162

Layer 2: Data link layer

Question 163

What are the data units at the Data link layer?

Answer 163

Frames

Question 164

The OSI layer that uses logical address to route or switch information between hosts, the network, and the internetworks

Answer 164

Layer 3: Network Layer

Question 165

What are the data units at the Network layer?

Answer 165

Packets

Question 166

The OSI layer that manages and ensures transmission of the packets occurs from a host to a destination using either TCP or UDP

Answer 166

Layer 4: Transport layer

Question 167

An example of a connectionful protocol

Answer 167

TCP

Question 168

An example of a connectionless protocol

Answer 168

UDP

Question 169

What are the data units at the Transport layer?

Answer 169

Segments (TCP)
Datagrams (UDP)

Question 170

The OSI layer that manages the establishment, termination, and synchronization of a session over the network

Answer 170

Layer 5: Session layer

Question 171

The OSI layer that translates the information into a format that the sender and receiver both understand

Answer 171

Layer 6: Presentation layer

Question 172

The OSI layer from which the message is created, formed, and originated. Consists of high-level protocols like HTTP, SMTP, and FTP

Answer 172

Layer 7: Application layer

Question 173

The attempt to overwhelm the limited switch memory set aside to store the MAC addresses for each port

Answer 173

MAC flooding

Question 174

Switch memory set aside to store the MAC addresses for each port

Answer 174

CAM (Content Addressable Memory) table

Question 175

CAM stands for

Answer 175

Content Addressable Memory

Question 176

What it’s called when, due to MAC flooding, a switch begins to act like a hub

Answer 176

Fail-open

Question 177

Occurs when an attacker masks their own MAC address to pretend they have the MAC address of another device

Answer 177

MAC spoofing

Question 178

MAC spoofing is used in conjunction to what other type of attack?

Answer 178

ARP spoofing

Question 179

Switches are vulnerable to what 3 type of attacks?

Answer 179

MAC spoofing
MAC flooding
Physical tampering

Question 180

Occurs when an attacker attempts to gain physical access to a device in order to modify it

Answer 180

Physical tampering

Question 181

The device used to connect two or more networks to form an internetwork

Answer 181

Router

Question 182

What layer of the OSI model do routers operate?

Answer 182

Layer 3: Network

They make their decisions based on IP addresses

Question 183

What layer of the OSI model do switches operate?

Answer 183

Layer 2: Data link

They make their decisions based on MAC addresses

Question 184

What kind of request does a router perform to find the destination host in the destination network?

Answer 184

ARP request

Question 185

An ordered set of rules that a router uses to decide whether to permit or deny traffic based upon given characteristics.

Answer 185

ACL (Access Control List)

Question 186

ACL stands for

Answer 186

Access Control List

Question 187

Most networks are segmented into 3 separate zones. What are they?

Answer 187

LAN
DMZ
WAN

Question 188

T/F: The tunnels used in HTTPS connections are a type of VPN

Answer 188

True

Question 189

A network segment that is focused on providing controlled access to publicly available servers that are hosted within your organizational network. It also separates the LAN from publicly accessed resources.

Answer 189

DMZ (Demilitarized Zone)

Question 190

A specialized type of DMZ that is created for your partner organizations to access over a WAN

Answer 190

Extranet

Question 191

A type of private network that is used when only one company is involved

Answer 191

Intranet

Question 192

Any host that accepts inbound connections from the internet

Answer 192

Internet-facing host

Question 193

What is the relationship between a LAN, DMZ, and WAN (the internet)?

Answer 193

The DMZ is the only network segment that is internet-facing, meaning that the resources in it are open and waiting for a connection. The DMZ holds publicly-accessed resources.

The internet would not be able to connect with machines in the LAN; they are NOT internet-facing. They have access to the internet, but since they are not waiting for a connection from the internet, they aren’t internet-facing.

Question 194

A network segment isolated from the rest of the private network by one or more firewalls that accepts connections from the Internet over designated ports

Answer 194

DMZ (Demilitarized zone)

Question 195

DMZ stands for

Answer 195

Demilitarized zone

Question 196

T/F: Everything behind the DMZ (the machines in the LAN) is invisible to the outside network

Answer 196

True

Question 197

T/F: Because systems inside the DMZ are internet-facing and thus not fully trusted, you should do your best to harden them.

Answer 197

True

Question 198

A host or server in the DMZ which are not configured with any services that run on the local network

Answer 198

Bastion host

Question 199

T/F: Every host inside a DMZ should be a bastion host

Answer 199

True

Bastion hosts are more easily hardened.

Question 200

A hardened server in the internal network that provides access to other hosts within the DMZ

Answer 200

Jumpbox

Question 201

Since hosts in the DMZ are not fully trusted, what type of internal network resource is used to configure hosts in the DMZ?

Answer 201

Jumpbox

They are extremely hardened and secure, so the risk is very small for attackers to infiltrate a jumpbox and pivot into the internal network

Question 202

A security technique in which devices are scanned to determine their current state of security prior to being allowed access onto a given network. While the devices are being scanned, they are placed into a virtual holding area.

Answer 202

NAC (Network Access Control)

Question 203

NAC stands for

Answer 203

Network Access Control

Question 204

What happens to a device if it passes the NAC examination?

Answer 204

It is allowed into the network

Question 205

What happens to a device if it fails the NAC examination

Answer 205

It is placed into digital quarantine where it awaits remediation

It may receive AV updates, patches, etc., but it can’t communicate with the rest of the network. Once it meets requirements, it’s allowed into the network.

Question 206

A piece of software that is installed on the device requesting access to the network. Works well in a corporate environment.

Answer 206

Persistent agent

Question 207

Software that NAC uses to scan devices before allowing them into the network

Answer 207

Persistent and Non-persistent agents

Question 208

A piece of software that scans a device remotely or is installed and subsequently removed after the scan

Answer 208

Non-persistent agent

Question 209

What does IEEE 802.1x define?

Answer 209

Port-based NAC mechanism

Question 210

When an attacker moves from VLAN to VLAN

Answer 210

VLAN hopping

Question 211

When an attacker configures their device to pretend it is a switch and uses it to negotiate a trunk link to break out of a VLAN

Answer 211

Switch spoofing

Question 212

The physical links between switches or between switches and routers

Answer 212

Trunk links

Question 213

4 ways to prevent switch spoofing?

Answer 213

Disable DTP (Dynamic Trunking Protocol) on all switches

Avoid default VLAN names

Explicitly forward frames

Place all unplugged ports into an unused VLAN

Question 214

DTP stands for

Answer 214

Dynamic Trunking Protocol

Question 215

A security protocol that allows two switches to negotiate whether to form a trunk link or not

Answer 215

DTP (Dynamic Trunking Protocol)

Question 216

When an attacker adds an additional VLAN tag to create an outer and inner tag

Answer 216

Double tagging

Question 217

How to prevent double tagging?

Answer 217

Move all ports out of the default VLAN group

Question 218

The act of creating subnetworks logically through the manipulation of IP addresses

Answer 218

Subnetting

Question 219

What security practice can:

Compartmentalize a network
Efficiently use IP addresses
Reduce broadcast traffic
Reduce collisions

Answer 219

Subnetting

Question 220

Occurs when two or more devices attempt to transmit data over a network at the same time

Answer 220

Network collision

Question 221

The process of changing an IP address while it transits across a router

Answer 221

NAT (Network Address Translation)

Question 222

NAT stands for

Answer 222

Network Address Translation

Question 223

What is used to hide internal network IPs?

Answer 223

NAT (Network Address Translation)

Question 224

Used when a router keeps track of requests from internal hosts by assigning them random high number ports for each request. The router uses a single public IP address that is used for every private IP address in the internal network. The router keeps track of which private IP is sending each request by assigning the port number.

Answer 224

PAT (Port Address Translation)

Question 225

The most common type of NAT

Answer 225

PAT (Port Address Translation)

Question 226

Which class of private IP addresses has the ranges:
10.0.0.0 - 10.255.255.255

Answer 226

Class A

Question 227

Which class of private IP addresses has the ranges:
172.16.0.0 - 172.31.255.255

Answer 227

Class B

Question 228

Which class of private IP addresses has the ranges:
192.168.0.0 - 192.168.255.255

Answer 228

Class C

Question 229

The loopback address in a TCP/IP network

Answer 229

127.0.0.1

Question 230

The term used to describe a device that provides voice communication to users

Answer 230

Telephony

Question 231

A device that could modulate digital information into an analog signal for transmission over a standard dial-up phone line

Answer 231

Modem

Question 232

When an attacker begins dialing random phone numbers to see whether a modem answers on the other side.

Servers used to have dial-up modems to allow remote technicians to dial into the server and make changes. This could be exploited by an attacker using this method.

Answer 232

War dialing

Question 233

How to protect dial-up resources from war dialing?

Answer 233

Using the callback feature

Question 234

A feature when a caller calls a dial-up server. The server hangs up and, if the server recognizes the phone number, it will call the number back and initiate the connection.

Answer 234

Callback feature

Question 235

Internal phone system used in large organizations. It runs all the internal phone lines for the company.

Answer 235

PBX (Private Branch Exchange)

Question 236

PBX stands for

Answer 236

Private Branch Exchange

Question 237

Why would an attacker try to exploit a PBX system?

Answer 237

Free long-distance phone calls

Question 238

Digital phone service provided by software or hardware services over a data network

Answer 238

VoIP (Voice over Internet Protocol)

Question 239

VoIP stands for

Answer 239

Voice over Internet Protocol

Question 240

What is replacing PBX systems?

Answer 240

VoIP

Question 241

What is the difference between a regular desk phone and an IP phone?

Answer 241

It takes a network cable instead of a phone cable

Question 242

What is the biggest concern for VoIP? Why?

Answer 242

QoS (Quality of service)

VoIP takes up a lot of bandwidth

Question 243

QoS stands for

Answer 243

Quality of Service

Question 244

A security software solution that can control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

Answer 244

NAC (Network Access Control)

Question 245

T/F: A jumpbox is only used for configuration purposes

Answer 245

False

A jumpbox can be used in any situation in which communication is needed between trusted and untrusted devices/networks.

For example, if you need to connect vulnerable laptops to a secure network, you would implement a jumpbox system between them.

Question 246

T/F: NAC is used only for security compliance purposes

Answer 246

False

NAC also enforces policies that allow where users can go on the network and what they can do