C836 Ch.10

Question 1

Security in network design

Answer 1

This method of security involves a well-configured and patched network, and incorporating elements such as network segmentation, choke points, and redundancy

Question 2

Network segmentation

Answer 2

The act of dividing a network into multiple smaller networks, each acting as its own small network (subnet)

Question 3

Choke points

Answer 3

Certain points in the network, such as routers, firewalls, or proxies, where we can inspect, filter, and control network traffic

Question 4

Redundancy

Answer 4

A method of security that involves designing a network to always have another route if something fails or loses connection

Question 5

Firewall

Answer 5

A mechanism for maintaining control over the traffic that flows into and out of our networks

Question 6

Packet filtering

Answer 6

A firewall technology that inspects the contents of each packet in network traffic individually and makes a gross determination (based on source and destination IP address, port number, and the protocol being used) of whether the traffic should be allowed to pass

Question 7

Stateful packet inspection

Answer 7

A firewall technology that functions on the same general principle as packet filtering firewalls, but is able to keep track of the traffic at a granular level. Has the ability to watch the traffic over a given connection

Question 8

Deep packet inspection

Answer 8

A firewall technology that can analyze the actual content of the traffic that is flowing through

Question 9

Proxy server

Answer 9

A specialized type of firewall that can serve as a choke point, log traffic for later inspection, and provide a layer of security for the devices behind it

Question 10

Demilitarized Zone (DMZ)

Answer 10

A combination of a network design feature and a protective device such as a firewall; often used for systems that need to be exposed to external networks but are connected to our network (such as a web server)

Question 11

Network intrusion detection system (NIDS)

Answer 11

A system that monitors the network to which it is connected for unauthorized activity

Question 12

Signature-based IDS

Answer 12

An intrusion detection system that maintains a database of signatures that might signal a particular type of attack and compares incoming traffic to those signatures

Question 13

Anomaly-based IDS

Answer 13

An intrusion detection system that takes a baseline of normal network traffic and activity and measures current traffic against this baseline to detect unusual events

Question 14

Bring your own device (BYOD)

Answer 14

A phrase that refers to an organization’s strategy and policies regarding the use of personal vs. corporate devices

Question 15

Mobile device management (MDM)

Answer 15

A solution that manages security elements for mobile devices in the workplace

Question 16

Kismet

Answer 16

A well-known Linux tool used to detect wireless access points

Question 17

NetStumbler

Answer 17

A Windows tool used to detect wireless access points

Question 18

Nmap

Answer 18

A well-known port scanner that can also search for hosts on a network, identify the operating systems those hosts are running, and detect the versions of the services running on any open ports

Question 19

Packet sniffer

Answer 19

Also known as a network or protocol analyzer, this type of tool can intercept traffic on a network

Question 20

Wireshark

Answer 20

A fully featured sniffer that is also a great tool for troubleshooting traffic; this well-known tool is used by many network operations and security teams

Question 21

Honeypot

Answer 21

A type of tool that deliberately displays vulnerabilities or attractive data so it can detect, monitor, and sometimes tamper with the activities of an attacker

Question 22

Hping3

Answer 22

A tool that can map the network topology and help locate firewall vulnerabilities