Understanding Devices and Infrastructure (Ch. 3)

Question 1

A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.

Answer 1

access control list (ACL)

Question 2

The point at which access to a network is accomplished, typically via wireless technology.

Answer 2

access point (AP)

Question 3

A response generated in real time.

Answer 3

active response

Question 4

A notification that an unusual condition exists and should be investigated.

Answer 4

alarm

Question 5

An indication that an unusual condition could exist and should be investigated.

Answer 5

alert

Question 6

An appliance that performs multiple functions.

Answer 6

all-in-one appliance

Question 7

The component or process that analyzes the data collected by the sensor.

Answer 7

analyzer

Question 8

Variations from normal operations.

Answer 8

anomalies

Question 9

An anomaly-detection intrusion detection system works by looking for deviations from a pattern of normal network traffic.

Answer 9

anomaly-detection IDS (AD-IDS)

Question 10

A freestanding device that operates in a largely self-contained manner.

Answer 10

appliance

Question 11

A device or software that recognizes application-specific commands and offers granular control over them.

Answer 11

application-level proxy

Question 12

An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.

Answer 12

Authentication Header (AH)

Question 13

A method of balancing loads and providing fault tolerance.

Answer 13

clustering

Question 14

Gap controls that fill in the coverage between other types of vulnerability mitigation techniques

Answer 14

compensating controls

Question 15

Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.

Answer 15

data loss prevention (DLP)

Question 16

An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).

Answer 16

Encapsulating Security Payload (ESP)

Question 17

The process of enclosing data in a packet.

Answer 17

encapsulation

Question 18

An event that should be flagged but isn’t.

Answer 18

false negative

Question 19

A flagged event that isn’t really an event and has been falsely triggered.

Answer 19

false positive

Question 20

A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.

Answer 20

firewall

Question 21

An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.

Answer 21

host-based IDS (HIDS)

Question 22

A software or appliance stand-alone used to enhance security and commonly used with PKI systems.

Answer 22

HSM (hardware security module)

Question 23

A condition that states that unless otherwise given, the permission will be denied.

Answer 23

implicit deny

Question 24

A set of protocols that enable encryption, authentication, and integrity over IP.

Answer 24

Internet Protocol Security (IPSec)

Question 25

Tools that identify attacks using defined rules or logic and are considered passive.

Answer 25

intrusion detection system (IDS)

Question 26

Tools that respond to attacks using defined rules or logic and are considered active.

Answer 26

intrusion prevention system (IPS)

Question 27

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement.

Answer 27

key management

Question 28

Dividing a load for greater efficiency of management among multiple devices.

Answer 28

load balancing

Question 29

The set of standards defined by the network for clients attempting to access it.

Answer 29

network access control (NAC)

Question 30

An intrusion prevention system that is network based.

Answer 30

network intrusion prevention system (NIPS)

Question 31

attaches the system to a point in the network where it can monitor and report on all network traffic.

Answer 31

network-based IDS (NIDS)

Question 32

A nonactive response, such as logging.

Answer 32

passive response

Question 33

A type of system that prevents direct communication between a client and a host by acting as an intermediary.

Answer 33

proxy

Question 34

A proxy server that also acts as a firewall, blocking network access from external networks.

Answer 34

proxy firewall

Question 35

A type of server that makes a single Internet connection and services requests on behalf of many users.

Answer 35

proxy server

Question 36

A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.

Answer 36

Secure Sockets Layer (SSL)

Question 37

provide real-time analysis of security alerts.

Answer 37

SIEM Security information and event management (SIEM)

Question 38

A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.

Answer 38

signature-based system

Question 39

An access point’s broadcasting of the network name.

Answer 39

SSID broadcast

Question 40

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.

Answer 40

stateful inspection

Question 41

A network device that can replace a router or hub in a local network and get data from a source to a destination. Switching allows for higher speeds.

Answer 41

switch