IDS / Firewalls / Honeypots

Question 1

What is a Stateful Firewall?

Answer 1

A firewall that always keeps track of the state of network connections.

Question 2

What is a Stateless Firewall?

Answer 2

A firewall that makes use of data packet’s source, destination, and other parameters to figure out whether the data presents a threat.

Question 3

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Answer 3

Passive

Question 4

You are working at the service desk as a network security technician and just received the following email from an end-user who believes a phishing campaign is being attempted.
*****
From: user@diontraining.com
To: abuse@diontraining.com
Subject: You won a free iPhone!
Dear Susan,
You have won a brand new iPhone!
Just click the following link to provide your address so we can ship it out to you this afternoon: (http://www.freephone.io:8080/winner.php)
*********
What should you do to prevent any other employees from accessing the link in the email above while still allowing them access to any other webpages at the domain freephone.io?

A. Add DENY IP ANY ANY EQ 8080 to the IPS filter

B. Add DENY TCP http://www.freephone.io ANY EQ 8080 to the firewall ACL

C. Add http://www.freephone.io:8080/winner.php to the browser’s group policy block list

D. Add http://www.freephone.io:8080/winner.php to the load balancer

Answer 4

C. Add http://www.freephone.io:8080/winner.php to the browser’s group policy block list

Question 5

What is the effective IDS evasion method called where the attacker sends large amount of packets to the target IDS that generates alerts, which enables the attack to hide the real traffic?

Answer 5

False Positive Generation

Question 6

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Answer 6

Firewalking

Question 7

In IPSEC, what is the purpose of AH tunnel mode?

Answer 7

Provides authentication and integrity, but does not encrypt the packets.

Question 8

In IPSEC, what is the purpose of ESP Transport Mode?

Answer 8

Encryption of packets to ensure security and confidentiality.

Question 9

What is a Remote Access Policy?

Answer 9

Serves as a guide for remote users connecting to the network, including via VPN.

Question 10

What is Access Control Policy?

Answer 10

Set of policies, instructions, and restrictions who can access what data.

Question 11

What does a VLAN do?

Answer 11

It groups collection of device connections from different LANs.

Question 12

What is meant by single homed network?

Answer 12

Single connection to the ISP

Question 13

What is meant by dual homed networks?

Answer 13

Two links out towards the ISP

Question 14

What is meant by Multi-homed network?

Answer 14

Having at least two links out towards two ISPs

Question 15

4 different types of honeypots?

Answer 15

1. Pure
2. High-Interaction
3. Mid-Interaction
4. Low-Interaction

Question 16

Which type of access control is used on a router or firewall to limit network activity?

Answer 16

Rule-based