4.5

Question 1

Types of firewalls

Answer 1

Web App
unified threat management
next generation

Question 2

Port

Answer 2

logical communication endpoints on a computer or server

Question 3

Inbound port

Answer 3

listens for connections

Question 4

outbound port

Answer 4

used to connect to a server

Question 5

Port classification

Answer 5

Well known (0-1023)
registered (1024-49151)
dynamic and private

Question 6

Protocols

Answer 6

rules governing device communication and data exchange

Question 7

screened subnet

Answer 7

aka dual homed host
its a dmz and its a logical separated network area between internal network and internet

Question 8

Types of firewalls

Answer 8

packet filtering
proxy
stateful
kernel proxy

Question 9

packet filtering firewall

Answer 9

fastest because its only checking packet acts similar to a router
cannot prevent ip spoofing due to limited insepction
operates at layer 4 (transport layer)

Question 10

stateful firewall

Answer 10

tracks connections and requests allowing return traffic for outbound requests
operates at layer 4 (transport layer)

Question 11

Proxy firewall

Answer 11

makes connections on behalf of endpoints enhancing security
- very secure
- acts as an intermidiary
- operaties on app layer or session layer - 5

Question 12

kernel proxy

Answer 12

full packet inspection at every layer
minimal impact on network performance
placed close to every system thy protect

Question 13

NGFW

Answer 13

next generation firewall
- application aware (distinguishes different types of traffic)
-conducts deep packet analysis
-operates fast

Question 14

UTM

Answer 14

unified threat management firewall
-combines multiple securty functions in a single device
- functions can include firewall, intrusion prevention, antivirus, and more
-single point of failure protection

Question 15

WAF

Answer 15

web app firewall
–http traffic
-prevents SQL injections etc

Question 16

In line WAF

Answer 16

live attack prevention
device sits between the network firewall and the web servers

Question 17

Out of band WAF

Answer 17

device receives a mirrored copy of web server traffic

Question 18

ACL

Answer 18

access control list
- essential for securing networks from unwanted traffic
consist of permit and deny statements often based on port numbers
the
place most specific rules at the top and generic at the bottom

Question 19

ACL key pieces of information

Answer 19

type of traffic
source of traffic
destination of traffic
action to take against traffic

Question 20

Hardware based firewall

Answer 20

a dedicated network security device that filers and controls network traffic at the hardware level
commonly used to protect an entire network or subnet

Question 21

Software firewall

Answer 21

a firewall that runs as a software app on inidividual devices

Question 22

NAC

Answer 22

network access control
-used to protect networks from both known and unknown devices by scanning devices to assess their security status before granting network access
-can be a applied as a hardware or a software solution

Question 23

Persistent Agents

Answer 23

installed on devices in a corporate environment where the org conrtrols and owns the device software

Question 24

non-persistent agents

Answer 24

common in environments with personal devices where users connect to a web based app and download an agent for scanning. It deletes itself after inspection

Question 25

802.1x standard

Answer 25

port based network access control mechanism based on IEEE 802.1x standard modern NAC solutions build on this

Question 26

Rule based Access Control

Answer 26

NAC can use rule based methods like -time based factors -location based -role based -rule based (implement complex admission policies with logicial statements)

Question 27

WEb filtering

Answer 27

Web filtering or content filtering is used to control or restrict the content users can access on the internet ■ Crucial for businesses, educational institutions, and parents to ensure safe and productive internet use

Question 28

Types of web filtering

Answer 28

agent based centralized proxy URL scanning content categorization block rules reputation based filtering

Question 29

Agent based web filtering

Answer 29

involves installing an agent on each device monitors and enforces web usage policies effective for remote and mobile workers

Question 30

Centralized proxy

Answer 30

uses a proxy server as an intermediary between an organization’s end users and the Internet ● Evaluates and controls web requests based on policies ● If the request does not conform with the policies, the request is simply blocked or denied

Question 31

URL scanning

Answer 31

Analyzes website URLs to check for matches in a database of known malicious websites

Question 32

Content Categorization

Answer 32

Classifies websites into categories (e.g., social media, adult content) and blocks or allows categories based on policies

Question 33

Block rules

Answer 33

Specific guidelines set by organizations to prevent access to certain websites or categories, often used to address security threats

Question 34

Reputation based filtering

Answer 34

Blocks or allows websites based on a reputation score determined by third-party services, considering factors like hosting malware or phish

Question 35

DNS filtering

Answer 35

DNS filtering (Domain Name System filtering) blocks access to specific websites by preventing the translation of domain names to their IP addresses -Users' devices request domain name translation from DNS servers; if the domain is on the block list, the server withholds the IP address to prevent access ■ Commonly used to enforce internet usage policies, block inappropriate content, and protect against malicious websites ■ Often employed by schools, universities, and organizations to ensure safe and educational internet usage

Question 36

DKIM

Answer 36

domainkeys identified mail -Allows the receiver to verify the source and integrity of an email by adding a digital signature to the email headers ● The recipient server validates the DKIM signature using the sender's public cryptographic key in the domain's DNS records ● Benefits ○ Email authentication ○ Protection against email spoofing ○ Improved email deliverability ○ Enhanced reputation score

Question 37

SPF

Answer 37

sender policy framework Prevents sender address forgery by verifying the sender's IP against authorized IPs listed in the sender's domain DNS records ● A receiving server checks if the sender's IP is authorized in the SPF recor

Question 38

DMARC

Answer 38

domain based message authentication reporting and conformance DMARC detects and prevents email spoofing by setting policies for email sending and handling failures ● DMARC can work with DKIM, SPF, or both ● Implementation helps protect against ○ Business email compromise attacks ○ Phishing ○ Scams ○ Cyber threats

Question 39

Email gateway protocol configuration

Answer 39

Email gateways serve as entry and exit points for emails, facilitating secure and efficient email transmission ● They use SMTP (Simple Mail Transfer Protocol) to send and receive emails ● Email gateways handle email routing, email security, policy enforcement, and email encryption

Question 40

Email gateway deployment options

Answer 40

on premiscloud based hybrid

Question 41

spam filtering

Answer 41

Spam filtering detects and prevents unwanted and unsolicited emails from reaching users' inboxes ■ Techniques ● Content analysis ● Bayesian filtering ● DNS-based sinkhole list ● Email filtering rules

Question 42

EDR

Answer 42

end point detection and response Category of security tools that monitor endpoint and network events and record the information in a central databas

Question 43

how endpoint detection works

Answer 43

Data Collection ● Collects data from endpoints (devices that are physically on the endpoint of a network) ○ System processes ○ Registry changes ○ Memory usage ○ Network traffic patterns ■ Data Consolidation ● Sends collected data to a centralized security solution or database ■ Threat Detection ● Analyzes data using techniques like signature-based and behavioral-based detection to identify threats ■ Alerts and Threat Response ● Takes actions such as creating alerts or performing threat response actions when threats are detected ■ Threat Investigation ● Provides tools for security teams to investigate threats, including detailed timelines and forensic data ■ Remediation ● Removing malicious files ● Reversing changes ● Restoring systems to their normal state

Question 44

FIM

Answer 44

file integrity monitoring Validates the integrity of operating system and application software files by comparing their current state with a known, good baseline ■ Identifies changes to ● Binary files ● System and Application Files ● Configuration and Parameter Files ■ Monitors critical system files for changes using agents and hash digests, triggering alerts when unauthorized changes occur

Question 45

XDR

Answer 45

extended detection and response ecurity strategy that integrates multiple protection technologies into a single platform ■ Improves detection accuracy and simplified incident response ■ Correlates data across multiple security layers to detect threats faster, including ● email ● endpoint ● server ● cloud workloads ● network ○ Difference between EDR and XDR ■ EDR is focused on the endpoints to detect and respond to potential threats ■ XDR is more comprehensive solution because it focuses on endpoints, but also on networks, cloud, and email to detect and respond to potential threats ● It integrates multiple protection technologies

Question 46

UBA

Answer 46

user behavior analytics advanced security strategy that uses big data and machine learning to analyze behaviors for detecting security threats

Question 47

UEBA

Answer 47

User and Entity Behavior Analytics (UEBA) ■ Technology similar to UBA but extends the monitoring of entities like routers, servers, and endpoints in addition to user accounts

Question 48

Secure protocols

Answer 48

Choose secure protocols to protect data in transit from unauthorized access ● Examples include HTTP vs. HTTPS, FTP vs. SFTP, Telnet vs. SSH

Question 49

Telnet

Answer 49

app layer protocol that allows one computer to log onto another computer that is part of the same network transmits in plaintext use ssh instead of

Question 50

TCP

Answer 50

TCP (Transmission Control Protocol) ● Connection-oriented, ensuring data delivery without errors ● Ideal for applications where data accuracy is crucial, like web and email servers ● Uses acknowledgments, retransmission, and sequencing for data integrity

Question 51

UDP

Answer 51

Connectionless and faster, but doesn't guarantee data delivery ● Suitable for applications prioritizing speed over accuracy, like streaming video or gaming