CASP lesson 4

Question 1

forward traffic between subnets by inspecting IP addresses and so
operate at layer 3 of the OSI model.

Answer 1

routers

Question 2

a special purpose device, or appliance, containing
specialized software allowing the configuration of traffic management rules.

Answer 2

load balancer

Question 3

attacks attempt to disrupt the normal flow of traffic
of a server or service by overwhelming the target with traffic.

Answer 3

Distributed Denial-of-Service (DDoS)

Question 4

can be used to reduce the amount of throughput available to the
server or service being attacked. This approach protects the attack from consuming
all available bandwidth and impacting other servers and services on the network.

Answer 4

Rate Limiting

Question 5

provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.

Answer 5

Web Application Firewall (WAF)

Question 6

provides effective protection of web applications
by inspecting traffic for signs of malicious activity through the use of sophisticated
rules designed to identify attacks such as CSRF, XSS, SQLi, and many others, and
prevents these attacks from reaching the target.

Answer 6

Web Application Firewall (WAF)

Question 7

essentially takes all the traffic
intended for an endpoint and essentially drops it. This approach drops both
legitimate and malicious traffic.

Answer 7

Blackhole Routing

Question 8

provide DDoS protection as a service and using this
approach requires updating DNS to point traffic to the service provider in order for
it to be inspected prior to it reaching the intended service.

Answer 8

Cloud Service Providers

Question 9

provides special purpose devices and
software designed to identify and protect against this type of attack.

Answer 9

DDoS Mitigation Software/Appliance

Question 10

a device or virtual appliance
which provides multiple security services in a single solution

Answer 10

unified threat management (UTM)

Question 11

Type of proxy provides for protocol-specific outbound traffic.

Answer 11

forward proxy

Question 12

The main benefit of a _____ is that client computers connect to a specified point
on the perimeter network for web access.

Answer 12

proxy

Question 13

A _______________ proxy means that the client must be configured with the
proxy server address and port number to use it. The port on which the proxy
server accepts client connections is often configured as port 8080.

Answer 13

non-transparent

Question 14

A_______________proxy (or forced or intercepting) intercepts client traffic without
the client having to be reconfigured. A transparent proxy must be implemented
on a switch or router or other in-line network appliance.

Answer 14

transparent

Question 15

A ___________ script allows a client to configure proxy settings without
user intervention. The ____________ protocol allows browsers to
locate a PAC file.

Answer 15

proxy autoconfiguration (PAC); Web Proxy Autodiscovery (WPAD)

Question 16

A ______________ is a system put in-line of traffic destined to a specific host or group
of hosts.

Answer 16

Reverse

Question 17

A _________________ works as a shield and is designed to protect web
applications from attacks such as SQL injection, cross-site scripting (XSS), crosssite
request forgery (XSRF), file inclusion, directory traversal, and a myriad of
other common web-application attacks.

Answer 17

web application firewall

Question 18

A separate host, or virtual machine, configured to perform
WAF functions. This is the most costly option to acquire and maintain but
provides the greatest flexibility and performance.

Answer 18

Network-based

Question 19

Software that runs on the same host as the web application server.
It is inexpensive to acquire and maintain but complicates the configuration of
the web application and can require considerable computational resources. A
very popular and widely implemented host-based WAF is __________, which
is Apache licensed free software and compatible with a wide variety of platforms.

Answer 19

Host-based; Modsecurity

Question 20

WAF functionality provided by a service provider and delivered
via a cloud platform. Less expensive than a network-based WAF, cloudbased
WAF is a unique option in that it offers access to expertly configured
WAF protection with minimal installation effort and very low maintenance
requirements.

Answer 20

Cloud-based

Question 21

An ________________ provides a mechanism allowing software interfaces to be detached
from the main application.

Answer 21

API gateway

Question 22

When it is necessary to simply expose an API service externally, such as to the
internet, an ____________________ may be more applicable
as it can isolate the service and allow processing and firewall-like inspection of the
traffic. An _____________________ does not offer the same extensibility as an API Gateway but
offers similar protections.

Answer 22

eXtensible Markup Language (XML) gateway

Question 23

There are several ways in which a DNS server can be exploited, but a common attack involves
entering false information into the DNS server’s cache, sometimes referred to as
______________.

Answer 23

DNS Spoofing or DNS Poisoning

Question 24

Traditional DNS has no inherent way to verify the
data in its cache, and so the data stored in the cache remains in place until its _______________ expires or the data is manually cleared

Answer 24

time
to live (TTL)

Question 25

To extend traditional DNS with DNSSEC functionality, the authoritative DNS server
for a zone must create a “package” of resource records called a _________________ digitally signed using its ______________.

Answer 25

Resource Record
Set (RRset); Zone Signing Key

Question 26

The zone signing key is also signed using a ___________________.

Answer 26

Key Signing Key

Question 27

vpns..______ is used to establish the
tunnel, and ________ is used to perform encryption.

Answer 27

l2tp. IPsec

Question 28

Common VPN protocols

Answer 28

OpenVPN
* L2TP/IPSec
* IKEv2/IPSec
* WireGuard
* SSTP
* IPSec
* PPTP

Question 29

To protect a network by limiting access to only trusted devices,_______________________allows the creation of policies designed to evaluate connected
devices and determine whether to allow them access to a network environment.

Answer 29

Network Access
Control (NAC)

Question 30

comparing observed traffic to known attacks which are
defined by a signature

Answer 30

Signature-based

Question 31

Anomaly-based comparing observed traffic to typical protocol activity, such
as amount, or volume, of a particular protocol or typical characteristics of a
protocol’s operation

Answer 31

Anomaly-based

Question 32

comparing observed traffic to the traffic obtained during a
learning period whereby the NIDS determines typical network traffic patterns
and volumes within a specific setting. Anything that deviates from the patterns
determined during the learning period is flagged as suspicious.

Answer 32

Behavior-based