Module 3 Flashcards

Mitigating Threats

1
Q

Security network organization to keep you informed-

A

SANS, Mitre, FIRST, SecurityNewsWire, ISC^2, and CIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does information security deal with?

A

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the CIA triad consist of?

A

Three components of information security: Confidentiality, Integrity, and Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who is responsible for maintaining data assurance for an organization and ensuring the integrity and confidentiality of information?

A

Network security professionals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

There are 14 network security domains specified but the ISO/IEC that serve as what?

A

A common basis for developing organizational security standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What provides as analogies for understanding approaches to network security?

A

The Security Onion and security Artichoke

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why are penetration tools used by security personnel?

A

To validate network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What allows the exchange of latest threat information?

A

Threat intelligence services like Cisco Talos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What might various tools, software, and services help with?

A

Mitigation of malware, reconnaissance, DoS and address spoofing attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the Cisco Network Foundation Protection framework (CoPP) provide?

A

Comprehensive guidelines for protecting the network infrastructure by addressing security at the control plane, management plane, and data plane (forwarding plane) of network devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Layer 2 security tools are integrated into the Cisco Catalyst switches?

A

Port security, DHCP snooping, DAI, and IPSG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What do the 14 network security domains do?

A

THey serve as a common basis for developing organizational security standards and effective security management practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can also help facilitate communication between organizations?

A

The 14 network security domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In networking, what do policies define?

A

They define the activities that are allowed on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What policies may be included in a security policy?

A

-Identification and authentication policy
-Password policies
-Acceptable use policy
-Remote access policy
-Network maintenance policy
-Incident handling procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What would a threat actor do with a Security Onion defense-in-depth approach?

A

They would have to peel away at the network’s defense layer by layer, similar to peeling an onion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How is a security policy a “living document”?

A

The document is regularly updated as technology, business, and employee requirements change

18
Q

Why has the Security Onion changed into the Security Artichoke?

A

The changing landscape of networking, such as the evolution of borderless networks

19
Q

What would a threat actor do with a Security Artichoke defense-in-depth approach?

A

The threat actor wouldn’t need to peel away each layer like the Security Onion. They would only need to remove certain “artichoke leaves”

20
Q

What has been developed to help validate the security of a network and its systems?

A

Network penetration testing tools

21
Q

What are the different types of penetration testing tools?

A

-Password crackers
-Wireless hacking tools
-Network scanning and hacking tools
-Packet crafting tools
-Packet sniffers
-Rootkit detectors
-Fuzzers to search for vulnerabilities
-Forensic tools
-Debuggers
-Hacking operating systems
-Encryption tools
-Vulnerability exploitation tools
-Vulnerability scanners

22
Q

What do threat intelligence services do?

A

They allow the exchange of threat information such as vulnerabilities, IOCs, and mitigation techniques
(ex. Cisco Talos Threat Intelligence Group)

23
Q

What are the best practices used for securing a network?

A

-Develop a written security policy
-Educate employees
-Control physical access to systems
-Use strong passwords and change them often
-Encrypt and password- protect sensitive data
-Implement security hardware and software
-Perform backups and test the backup files
-Shut down unnecessary services and ports
-keep patches up-to-date
-Perform security audits and tests

24
Q

What is the primary mean of mitigating virus and Trojan horse attacks?

A

Antivirus software

25
Q

Why must network security professionals be aware of major viruses and keep track of security updates regarding emerging viruses?

A

Antivirus software doesn’t prevent viruses from entering the network

26
Q

Which malware is more network based? Worms or viruses?

A

Worms are more network based

27
Q

What are the four phases used to respond to a worm attack?

A

-Containment
-Inoculation
-Quarantine
-Treatment

28
Q

What are Reconnaissance attacks?

A

They are typically the precursor to additional attacks, with the intent of gaining unauthorized access to a network or disrupting network functionality

29
Q

How can a network professional detect when a reconnaissance attack is underway?

A

By receiving notifications from pre-configured alarms

30
Q

How can Reconnaissance be mitigated?

A

-Implementing authentication to ensure proper access
-Use encryption to render packet sniffer attacks useless
-Use anti-sniffer tools to detect packet sniffer attacks
-Implement a switched infrastructure
-Use a firewall and IPS
-Encryption

31
Q

What are some techniques used for mitigating access attacks?

A

-Strong password security
-Principle of minimum trust
-Cryptography
-Applying operating system and application patches

32
Q

Historically, what were DoS attacks were sourced from?

A

They were sourced from spoofed addresses

33
Q

What does NFP do?

A

It logically divides routers and switches into three functional areas

34
Q

What areas does NFP divide?

A

-Control plane
-Management plane
-Data plane (forwarding plane)

35
Q

What features can secure the Control plane?

A

-Routing protocol authentication
-CoPP
-Route processor

36
Q

What does CoPP do?

A

It is designed to prevent unnecessary traffic from overwhelming the route processor

37
Q

What features can secure the Management plane?

A

-Login and password policy
-Present legal notification
-Ensure the data confidentiality
-RBAC
-Authorize actions
-enable management access reporting

38
Q

What features can secure the Data plane?

A

-ACLs
-Anti-spoofing mechanism
-Layer 2 security features

39
Q

How are ACLs used to secure data?

A

-Blocking unwanted traffic or users
-Reducing the chance of DoS attacks
-Mitigating spoofing attacks
-Providing bandwidth control
-Classifying traffic to protect the Management and Control planes

40
Q

How are ACLs used as an antispoofing mechanism?

A

By discarding traffic that has invalid source address

41
Q

What is uRPF?

A

Unicast Reverse Path Forwarding, is used to complement the antispoofing strategy with ACLs

42
Q

What Layer 2 security tools are integrated into the Cisco Catalyst switches?

A

-Port security
-DHCP snooping
-DAI
-IPSG