2.1 Network Security

Question 1

UTM

Answer 1

-Unified Threat Management

incorporates the functions of multiple network and security appliances into a single appliance

Question 2

IDS/IPS

Answer 2

-Intrusion Detection System/Intrusion Protection System

Question 3

NIDS/NIPS

Answer 3

• Network Intrusion Detection System/ Network Intrusion Prevention System
• identifies/prevents intrusion attempts by examining network traffic, potentially looking at both the header and contents of packets being transmitted

Question 4

INE

Answer 4

• Inline Network Encryptor
• • Devices that encrypt sensitive information en route between sources and destinations across insecure networks like the internet and company WAN links

Question 5

NAC

Answer 5

• Network Access Control
• Improves network security by employing policies that mandate devices meet certain security minimums before granting network access

Question 6

SIEM

Answer 6

• Security Information and Event Management

- Utilities analyze and correlate logs and events from mulitple sources as well as provide real-time alerting features

Question 7

Switch

Answer 7

-network appliances that connect devices and workstations, servers, and printers together to form a network

Question 8

Firewall

Answer 8

-Network firewalls are devices that evaluate incoming and outgoing traffic to determine if the traffic should be allowed or denied entry across a network boundary

Question 9

Wireless Controller

Answer 9

• Network appliances or software solutions that enable administrators to centralize security configurations across multiple WAPs simultaneously

Question 10

Router

Answer 10

• Devices that connect networks to networks in order to forward traffic based on network addresses such as IP addresses

Question 11

Proxy Servers

Answer 11

-Hardware or software systems that act as connection intermediaries between internal clients and Internet resources

Question 12

Load Balancers

Answer 12

-Devices or programs that distribute traffic across a group of similar servers known as server farm or pol, in order to increase performance and availability

Question 13

HSM

Answer 13

• Hardware Security Modules
• Devices that provide key generation and safeguarding services, speed up specific cryptographic operations on platforms requiring strong authentication, and provide access control capabilities

Question 14

MicroSD HSM

Answer 14

-Tiny HSM cards that plug into the microSD ports of smart devices such as android smart phones and tablets.

Question 15

WAF

Answer 15

• Web Application Firewalls
• Specialize in the monitoring and filtering of unautherized and malicious traffic sent to and from web applications to provide them with protection against various internet threats

Question 16

Passive Vulnerability Scanners

Answer 16

analyze network traffic in order to non-intrusively discover vulnerabilities with organizational assets

Question 17

DAM

Answer 17

• Database activity monitors

- monitor the transations and other activity of database services

Question 18

VPN

Answer 18

• Virtual private network
• Offers security by tunneling data across a network through the use of technology that offers a secure means of transport

Question 19

IPSec

Answer 19

• Internet Port Security

- Suite of protocols for securing packets that traverse an IP network

Question 20

SSL/TLS

Answer 20

• Secure Sockets Layer is a protocol for securing communication sessions over IP networks
• Transport Layer Security more powerful and relevant successor

Question 21

SSH

Answer 21

• Secure Shell
• Protocol for obtaining a remote shell session with an operating system over a secured channel
• TCP Port 22

Question 22

RDP

Answer 22

• Remote Desktop Protocol

- provides a secure, graphical, remote access connection over a network between computers using TCP port 3389

Question 23

VNC

Answer 23

• Virtual Network Computing

- platform-independent graphical desktop sharing protocol that uses the Remote Frame Buffer (RFB) protocol

Question 24

VDI

Answer 24

• Virtual Desktop Infrastructure

- Involves the hosting of a desktop OS within a virtual network environment on a centralized server

Question 25

Reverse Proxy

Answer 25

-Servers that provide internet devices with access to servers behind an enterprise firewall

Question 26

802.1x

Answer 26

port-based network access control method that requires uers to authenticate prior to connecting to a wired or wireless network

Question 27

Mesh Networks

Answer 27

-Involve all devices being directly connected to all other network devices in order to increase path redundancy and availability of the network

Question 28

DLP

Answer 28

• Data Loss Prevention

- Monitors, detects, and prevents the logs of sensitive data.

Question 29

Deep Packet Inspection

Answer 29

• Occurs when application-level and next-generation firewalls scan and analyze the header, state, and data portions of packets before allowing or dropping them

Question 30

Data Flow Enforcement

Answer 30

-Refers to the secured and controlled flow of data within a device, between devices within a network, and across other networks.

Question 31

Network Flow

Answer 31

-A sequence of packets transferred from a sending host to one or more recieving hosts.

Question 32

S/Flow

Answer 32

-Method for monitoring traffic in switched and routed networks

Question 33

Data Flow Diagrams

Answer 33

-graphically represent the data flow that occurs between computer systems on a network

Question 34

Configuration Baselining

Answer 34

-Allows us to document what normal and acceptable levels or performance are

Question 35

Configuration Lockdown

Answer 35

-Seals the configuration into our network devices to prevent unauthorized changes

Question 36

Change monitoring

Answer 36

• Checks for signs of failed/successful attempts at modifying our network configuration baselines

Question 37

Software defined networking

Answer 37

Centralizes the configuration and control of network devices

Question 38

Alert Fatigue

Answer 38

-Occurs when administrators stop paying attention to alerts due to too many false positives

Question 39

Transport Security

Answer 39

-TLS and SSL provide confidentiality and integrity for application layer protocols such as HTTP, SNMP, and SIP

Question 40

Trunking security

Answer 40

• Helps mitigate various switch attacks, including switch spoofing and double-tagging attacks

Question 41

Port Security

Answer 41

-Provides assurances that only approved devices are permitted to communicate on its ports

Question 42

Route Protection

Answer 42

-Ensures routing table contents, transmissions, and router configurations are protected from unauthorized access and modifications

Question 43

DDoS Protection

Answer 43

-Botnet attacks system that renders its services unusable

Question 44

Remotely Triggered Black Hole

Answer 44

• RTBH

- Drops traffic before it gets to its destination

Question 45

DMZ

Answer 45

-Perimeter networks that simultaneously protect the internal network while providing secured access to edge resources

Question 46

Separation of Critical Assets

Answer 46

-Provides strongest level of isolation to the most critical assets

Question 47

Network Segmentation

Answer 47

-Creates layers of security between the organization’s critical or sensitive assets and the outside environment from which attacks can be launched

Question 48

Quarantine/Remediation

Answer 48

-clients that are not compliant with network access control policies are quarantined into a restricted network where they seek remediation for their deficiencies

Question 49

Persistent agent

Answer 49

-Resides on the client after connections are severed

Question 50

Agent Software

Answer 50

-Runs on NAC clients in order to perform authentication and compliance checking prior to connecting to an organization

Question 51

Non-persistent Agent

Answer 51

disappear from a client after a connection is ended

Question 52

Agent vs Agentless

Answer 52

• Agents are commonly used on trusted devices that reside within or external networks
• Agentless clients are common for devices that are not owned by the organization

Question 53

SoC

Answer 53

• System on a chip

- Electronic devices that combine the functions of CPUs, memory, and other hardware onto a single circuit board

Question 54

Building/home automation equipment

Answer 54

Centralized management systems that manage and monitor facilities and environmental technologies

Question 55

IP Video

Answer 55

IP-based cameras provide video surveillance of critical areas and systems

Question 56

HVAC controllers

Answer 56

Centrally controls the heating and cooling temperatures for the enterprise

Question 57

Sensors

Answer 57

-Allows technologies to understand environmental measurements and when changes occur

Question 58

Physical Access control systems

Answer 58

Controls access to areas using

• Proximity readers
• Biormetric readers
• Mantraps

Question 59

A/V systems

Answer 59

Audio/Video systems connected to the network pose security vulnerabilities

Question 60

Scientific/Industrial Equipment

Answer 60

Devices connected to the network that pose security vulnerabilities

Question 61

SCADA

Answer 61

• Supervisory Control and Data Acquisition

- Industrial control system