Updated Midterm Flashcards
1
Q
- When designing a network besides providing protection for network resources, describe the other two important concerns.
A
Dectection
IDS/IPS
Next Gen Firewall
Responding
network forensics
counter measure
2
Q
- Describe in detail what a stateful firewall uses to determine whether to allow a packet entrance back thru a firewall.
A
A firewall that tracks the TCP session. Specifically source/destination IP address, source/destination port, flags, and sequence numbers.
3
Q
- A third generation ___________ firewall is concerned with monitoring systems as DNS, web traffic, remote desktop, etc as the traffic moves through the firewall.
A
next gen
4
Q
- Besides supporting normal stateful firewall operations, name two services provided by a next generation firewall.
A
IDS
URL filtering
5
Q
- An example of a next generation firewall system is Cisco’s ________.
A
Firepower
6
Q
- If an ASA firewalls are assigned security levels between 0 and 100 and by default traffic to flow from a _________ interface to a __________ interface.
A
outside, inside
7
Q
- On a ASA firewall for the traffic to return back thru an interface a ________ rule must be configured.
A
NAT\ inspect rule
8
Q
- In order for outside traffic to enter into a lower security region on a ASA firewall a ________ must be created on the firewall.
A
security zone
9
Q
- You can configure a ________ port on an switch to collect all traffic moving thru an interface.
A
switch
10
Q
- Wireshark needs _______ in order to collect traffic from the network.
A
NIC interface
11
Q
- A __________ is the brains of wireshark and has the ability to converts binary information into intelligence.
A
dissector
12
Q
- In Wiresharks terms a _______ contains layer 3 information such as IP.
A
packet
13
Q
- In Wireshark terms a _______ contains layer 4 information such as port number.
A
segment
14
Q
- A _______ is designed to detect suspicious traffic.
A
IDS
15
Q
- Describe the three operations or functions SNORT can perform.
A
Packet Capture
Capture log packets going internally and externally
Packet Logging
Saves the network packets containing the traffic matching the IPS signature to the attack log
IDS
Monitors a network or systems for malicious activity or policy violations and sends a alert.
16
Q
- Describe what can be configured in the 2 main parts of a SNORT signature.
A
1) Header
Action | protocol | SRC | SRC Port | Direction | DST | DST port
2) Body
message content sid
17
Q
- In security onion ________ is normally used as the IDS systems to detect suspicious activity.
A
SNORT
18
Q
- In security onion _______ is used to collect information of flows, websites visited, etc
A
BRO
19
Q
- In security onion ________ can be used to display items seen in the logs of the previous 2 questions.
A
Sguil
20
Q
- _______________ is the process of using some method to determine the operating system of a server.
A
OS fingerprinting
21
Q
- _______________ is the process of using an automated tool to gather end user’s emails.
A
Email Havesting
22
Q
- ____________ will gain information such as A, AAAA, CNAME and SOA records.
A
DNS harvesting
23
Q
- When performing recon it is important to distinguish between _____ and physical servers.
A
virtual
24
Q
- When protecting resources, you need to treat internal resources different from _______ resources.
A
external
25
Q
- When protecting resources, you need to treat On-premises resources different from _______ resources.
A
Cloud
26
Q
- _________ is the most popular utility used to perform a port scan.
A
NMAP
27
Q
- __________ is a command utility which can be used to display network connections and ports open on a host.
A
Netstat
28
Q
- In an IDS a which is ___________ based will determine alerts based upon a predefined pattern.
A
signature
29
Q
- In a IDS a which is ________ pattern matching will compare traffic to a database of attack patterns.
A
pattern
30
Q
- __________ scanners are tools or utilities used to be probe and reveal weaknesses in a networks security.
A
vulnerability
31
Q
- _________ analysis looks at the entire packet including the payload.
A
packet
32
Q
- __________ analysis looks at information contained in the header of a packet
A
protocol
33
Q
- __________ analysis is technology developed by cisco which is sued to analyze IP traffic.
A
netflow
34
Q
- __________ analysis works with capturing 802.11 packets.
A
wireless
35
Q
- ___________ analysis looks for things which are not normal to flag suspicious activity.
A
anomaly
36
Q
- Name any two types or sources of data output which can be used by a security analyst.
A
firewall logs, packet capture
37
Q
- A __________ provides an automated tool for analyzing large amounts of data.
A
SIEM
38
Q
- The technology in the previous question can be Agent based and _________ based.
A
Agentless
39
Q
- The ____________ is a network logically separate from the intranet where resources which need access from the outside reside.
A
extranet
40
Q
- __________ can be implemented which restricts access of devices to certain systems.
A
isolation
41
Q
- A ________ can be used to access a secure network remotely thru a less secure network.
A
jump box
42
Q
- Draw a picture of how the technology in the previous question is deployed.
A
?
43
Q
- In Windows ____________ can be configured to provide security to users and the computers in an Active Directory environment .
A
group polices
44
Q
- A _________ can be configured to attract hackers and lure them into spending time attacking bogus resources while monitoring their behaviors.
A
honeypot
45
Q
- ____________ can be used from routers to restrict traffic between networks.
A
ACLs
46
Q
- A ________ is a router designed to accept and analyze attack traffic.
A
sinkhole
47
Q
- _______________ control is used to protect sensitive data by controlling access based upon the clearance level of the user or the sensitivity of the data.
A
Mandatory Access Controls
48
Q
- A ____________ control are put in place to substitute for a primary access control method and is mainly there to mitigate risk.
A
compensating
49
Q
- _____________ or management controls, are implemented to mange a organization’s assets.
A
Administrative
50
Q
- Network ____________ control is a service which exams the stat of an end point before allowing the endpoint access to the network.
A
access
51
Q
- ___________ is a protocol which provides authentication at layer 2.
A
802.1x
52
Q
- In a ________ pen test the testing team is given limited knowledge of the target system.
A
blind
53
Q
- ______________ can be used to determine how malware works.
A
decompsiton ?
54
Q
- ______________ looks at the technical impact and likelihood of a threat compromising a vulnerability.
A
risk evaluation
55
Q
- Name any two regulator legislations
A
Sarbanes oxley , HIPPA
56
Q
- When establishing scanning frequency name one consideration.
A
technical constraints
57
Q
- When configuring tools to perform scans according to specification, name one item to consider.
A
sensitivity level
58
Q
- Name two things to do after a scan is completed.
A
vulnerability feed, remedation
59
Q
- A _________ positive occurs when a alert if generated but there is no malicious activity.
A
false.
60
Q
- Name any two vulnerabilities or attacks against web servers.
A
XXS , SQL Injection
61
Q
- A ______ server is considered the holy grail of resources for an attacker.
A
database
62
Q
- Describe any two attacks against the network infrastructure.
A
Mac overflow, Doublet Tagging
63
Q
- _____________ elevation occurs when a normal user is able to escalate privileges to a domain administration.
A
priviledge
64
Q
- Name any two threats mentioned against mobile devices.
A
Insecure wifi, use of location services
65
Q
- A _______ provides remote or external devices access to remote network be building a virtual tunnel.
A
VPN
66
Q
- Name one protocol which can perform the action in the previous question.
A
L2TP
