Week 4

Question 1

Network hardening

Answer 1

The process of securing a network by reducing its potential vulnerabilities through configuration changes and taking specific steps

Question 2

Implicit deny

Answer 2

A network security concept where anything not explicitly permitted or allowed should be denied

Question 3

Analyzing logs

Answer 3

The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them

Question 4

Correlation analysis

Answer 4

The process of taking log data from different systems and matching events across the systems

Question 5

Splunk

Answer 5

A popular and powerful logs analysis system

Question 6

Flood guards

Answer 6

Provide protection against DoS attacks

A good flood guard, especially if you are the sole IT person in your company, is Failed to Ban

Question 7

DHCP snooping

Answer 7

A way to prevent Rouge DHCP Server Attacks. It’s a switch capability (not all switches have this feature) that monitors DHCP traffic, track IP assignments, and map them to hosts connected to switch ports

Question 8

What does DAI do on enterprise switches?

Answer 8

It detects forged gratuitous ARP packets and drops them using the help of the DHCP table from the DHCP snooping feature ; it enforces great limiting of ARP packets per port to prevent ARP scanning

Question 9

IPSG

Answer 9

Uses the snoop to dynamically create ACLs for each switchboard. This drops packets that don’t match the IP address for the port based on the DHCP snooping table

Question 10

EAP-TLS

Answer 10

An authentication type supported by EAP that uses TLS to provide mutual authentication of both the client and the authenticating server

Question 11

Host based firewall

Answer 11

Can protect mobile devices like laptops from being compromised in potentially malicious environments like airport Wi-Fi. They also protect other hosts from being compromised by a corrupt device on the network, which is something network firewalls may not be able to help defend against

Question 12

Packet sniffing (packet capture)

Answer 12

The process of intercepting network packets in their entirety for analysis

Question 13

Promiscuous mode

Answer 13

A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode

Question 14

Port mirroring

Answer 14

Allows the switch to take all packets from a specified port, port range, or entire VLAN and mirror the packets to a specified switch port

Question 15

Monitor mode

Answer 15

Allows us to scan across channels to see all wireless traffic being sent by APs and clients

Question 16

Tcpdump

Answer 16

A popular lightweight command line based utility that you can use to capture and analyze packets

Question 17

IDS/IPS

Answer 17

Operate by monitoring network traffic and analysing it

Question 18

Network intrusion detection system (NIDS)

Answer 18

The detection system would deployed somewhere on a network where it can monitor traffic for a network segment or subnet