Chapter 3 Flashcards
(260 cards)
1
Q
In a sniffing attack the attackers often use a:
A
protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext
2
Q
A denial-of-service (DoS) attack is a:
A
service attack from a single source that attempts to disrupt the services provided by another system.
3
Q
A distributed denial-of-server (DDoS) attack includes:
A
multiple computers attacking a single targer
4
Q
A poisoning attack attempts to:
A
corrupt the data stored in cache for temporary access to with different data
5
Q
Transmission Control Protocol (TCP) provides:
A
connection-oriented traffic (guaranteed delivery)
6
Q
Transmission Control Protocol (TCP) uses:
A
a three-way handshake process
7
Q
The TCP three-way handshake process is:
A
the client sends a SYN (synchronize) packet
the server responds with a SYN/ACK (synchronize/acknowledge) packet
the client completes the third part of the handshake with an ACK packet to establish the connection
8
Q
User Datagram Protocol (UDP) provides:
A
connectionless sessions (W/O a three-way handshake)
9
Q
The Internet Protocol (IP) identifies:
A
hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses
10
Q
Internet Control Message Protocol (ICMP) is used for:
A
testing basic connectivity and includes tools such as ping, pathping, and tracert
11
Q
Many DoS attacks use:
A
ICMP
12
Q
Because of how often ICMP is used in attacks:
A
it has become common to block ICMP at firewalls and routers, which disables a ping response
13
Q
Blocking ICMP prevents:
A
attackers from discovering devices in a network
14
Q
Address Resolution Protocol (ARP) resolves:
A
IPv4 addresses to media access control (MAC) addresses.
15
Q
Media Access Controls (MACs) are also called:
A
physical addresses, or hardware addresses
16
Q
Once a packet gets to a destination network it uses:
A
the MAC address to get it to the correct host
17
Q
TCP/IP uses the:
A
IP address to get a packet to a destination network
18
Q
Address Resolution Protocol (ARP) poisoning attacks use:
A
ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic
19
Q
Neighbor Discovery Protocol (NDP) performs:
A
autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway
20
Q
UDP is commonly used instead of TCP as the underlying protocol with:
A
voice and video streaming
21
Q
The Real-time Transport Protocol (RTP) delivers:
A
audio and video over IP networks. This includes VoIP, communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features
22
Q
The Secure Real-time Transport Protocol (SRTP) provides:
A
encryption, message authentication, and integrity for RTP
23
Q
Secure Real-time Transport Protocol (SRTP) helps:
A
protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions.
24
Q
Secure Real-time Transport Protocol (SRTP) protects against:
A
replay attacks
25
Secure Real-time Transport Protocol (SRTP) can be used for both:
unicast transmissions (such as one person calling another)
multicast transmissions where one person sends traffic to multiple recipients
26
In a replay attack:
an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data
27
Data-in-transit is:
any traffic sent over a network
28
File Transfer Protocol (FTP):
uploads and downloads large files to and from an FTP server
29
By default, File Transfer Protocol (FTP):
transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer
30
File Transfer Protocol (FTP) active mode uses:
TCP port 21 for control signals
TCP 20 for data
31
File Transfer Protocol (FTP) passive mode (also known as PASV) uses:
TCP port 21 for control signals
a random TCP port for data
32
If File Transfer Protocol (FTP) traffic is going through a firewall:
the random port is often blocked, so it is best to disable PASV in FTP clients
33
Trivial File Transfer Protocol (TFTP) uses:
UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices
34
Most administrators commonly disable Trivial File Transfer Protocol (TFTP) because:
TFTP is not an essential protocol on most networks
35
Secure Shell (SSH) encrypts:
traffic in transit and can be used to encrypt other protocols such as FTP
36
Telnet sends:
traffic over the network in cleartext
37
Administrators commonly use:
Secure Shell (SSH) to remotely administer systems
38
Secure Copy (SCP) is based:
on SSH and is used to copy encrypted files over a network
39
The Secure Sockets Layer (SSL) protocol was:
the primary method used to secure HTTP traffic as HTTPS
40
Secure Sockets Layer (SSL) can also encrypt:
other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP)
41
Secure Sockets Layer (SSL) is not recommended for use because:
it has been compromised
42
The Transport Layer Security (TLS) protocol is:
the designated replacement for SSL and should be used instead of SSL
43
Many protocols that support Transport Layer Security use:
STARTTLS
44
STARTTLS is:
a command used to upgrade an unencrypted connection on the same port as TLS
45
Internet Protocol security (IPsec) is used to:
encrypt IP traffic.
46
Internet Protocol security (IPsec) uses:
Tunnel mode to protect virtual private network (VPN) traffic and it also encapsulates and encrypts IP packet payloads
the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN
47
IPsec includes two main components:
Authentication Header (AH), identified by protocol ID number 51
Encapsulating Security Payload (ESP), identified by protocol ID number 50
48
Secure File Transfer Protocol (SFTP) is:
a secure implementation of FTP
an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format
49
SFTP transmit:
data using TCP port 22
50
File Transfer Protocol Secure (FTPS) is:
an extension of FTP and uses TLS to encrypt FTP traffic
51
What ports does FTPS use?
some implementations of FTPS use TCP ports 989 and 990
However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21)
52
A team at Google discovered a serious vulnerability with SSL that they nicknamed:
the POODLE attack (Padding Oracle on Downgraded Legacy Encryption)
53
Some common use cases related to email are:
send and receive email
send and receive secure email
manage email folders
54
Some common use cases for internal employees related to the web are:
to provide access to the Internet
provide secure access to the Internet
55
For organizations who host web servers the common use case is:
to provide access to web servers by external clients
56
Some common protocols used for email and web include:
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol v3 (POP3) and Secure POP
Internet Message Access Protocol version 4 (IMAP4) and Secure IMAP
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol Secure (HTTPS)
57
Simple Mail Transfer Protocol (SMTP) transfers:
emails between clients and SMTP servers
58
What ports do SMTP use?
TCP port 25
unofficially port 465 with SSL and port 587 with TLS
59
It is recommended the SMTP use:
STARTTLS to initialize a secure connection
60
Post Office Protocol v3 (POP3) transfers:
emails from servers down to clients
61
What port does POP3 use?
TCP port 110
62
Secure POP3 encrypts:
the transmission with SSL or TLS
63
What port does Secure POP3 use?
TCP port 995
64
STARTTLS recommends you create a secure connection for POP3 on port:
110
65
Internet Message Access Protocol version 4 (IMAP4) is used:
to store email on an email server
66
Internet Message Access Protocol version 4 (IMAP4) allows:
a user to organize and manage email in folders on the server
67
Hypertext Transfer Protocol (HTTP) transmits:
web traffic on the Internet and in intranets
68
Web servers use HTTP to:
transmit web pages to clients' web browsers
69
HTTP uses which port?
TCP port 80
70
Hypertext Markup Language (HTML) is:
the common language used to display the web pages
71
Hypertext Transfer Protocol Secure (HTTPS):
encrypts web traffic to ensure it is secure while in transmit
72
HTTPS is encrypted with either:
SSL or TLS
73
What port does HTTPS use?
TCP port 443
74
Network operating systems commonly use a:
directory service to streamline management and implement security
75
Microsoft Active Directory Domain Services (AD DS) provides:
the means for administrators to create user objects for each authorized user and computer objects for each authorized computer
76
Many Linux administrators use Netcat when:
connecting to remote systems for administration, and secure the Netcat transmissions with SSH
77
Administrators and clients often use Remote Desktop Protocol (RDP) to:
connect to other systems from remote location.
78
Remote Desktop Protocol (RDP) uses which ports?
TCP 3389 (most common)
UDP 3389
79
A common reason why users are unable to connect to systems with RDP is that:
port 3389 is blocked on a host-based or network firewall
80
Kerberos requires all systems to be:
synchronized and be within five minutes of each other
81
Network Time Protocol (NTP) is:
the most commonly used protocol for time synchronization, allowing systems to synchronize their time to within tens of milliseconds
82
What is the difference between NTP and SNTP?
NTP uses complex algorithms and queries multiple time servers to identify the most accurate time.
SNTP does not
83
Network address allocation refers to:
allocating IP addresses to hosts within your network
84
Most networks use Dynamic Host Configuration Protocol (DHCP) to:
dynamically assign IP addresses to hosts
assign other TCP/IP information, such as subnet masks, default gateways, DNS server addresses, and much more
85
IPv4 uses:
32-bit IP addresses expressed in dotted decimal format
86
All Internet IP addresses are:
public IP addresses
87
All internal IP addresses are:
private IP addresses
88
Public IP addresses are:
tightly controlled
89
You can't just use any public IP address you must either:
purchase or rent it
90
Internet Service Providers (ISPs) purchase:
entire ranges of IP addresses and issue them to customers
91
Routers on the Internet include:
rules to drop any traffic that is coming from or going to a private IP address, so you cannot allocate private IP addresses on the Internet
92
RFC 1918 specifies the following private address ranges:
(10. x.y.z.) 10.0.0.0 through 10.255.255.255
(172. 16.y.z-172.31.y.z.) 172.16.0.0 through 172.31.255.255
(192. 168.y.z.) 192.168.0.0 through 192.168.255.255
93
The Internet Assigned Numbers Authority (IANA) assigned:
the last block of IPv4 addresses in February 2011
94
The Internet Engineering Task Force (IETF) created:
IPv6, which provides a significantly larger address space than IPv4
95
IPv6 uses:
128-bit IP addresses expressed in hexadecimal format
96
Each hexadecimal character is composed of:
4 bits
97
IPv6 are only allocated:
within private networks and not assigned to systems on the Internet
98
Unique local addresses start with the prefix of:
fc00
99
The primary purpose of Domain Name System (DNS) is:
for domain name resolution
100
Domain Name System (DNS) resolves:
host names to IP addresses
101
When the DNS server queries other DNS servers, it:
puts the answer in its cache so that it doesn't have to do the same query again
102
When clients receive answers from DNS servers, they:
store the answer in their cache so that they don't have to repeat the query
103
DNS servers host data in zones, which you can think of as:
databases
104
DNS zones include:
A
AAAA
PTR
MX
CNAME
SOA
105
DNS zone A:
is also called a host record
this record holds the host name and IPv4 address and is the most commonly used record in a DNS server
106
In a DNS zone a DNS client queries:
DNS with the name using a forward lookup request and DNS responds with the IPv4 address from this record
107
DNS zone AAAA record holds:
the host name and IPv6 address
108
DNS zone PTR:
also called a pointer record
is the opposite of an A record
109
In a DNS zone PTR a DNS client queries:
DNS with the IP address and responds with the name
110
DNS zone MX:
is also called mail exchange or mail exchanger
111
A DNS zone MS record:
identifies a mail server used for email
is linked to the A record or AAAA record of a mail server
112
DNS zone CNAME:
is also called canonical name, or alias
allows a single system to have multiple names associated with a single IP address
113
The start of authority (SOA) record includes:
information about the DNS zone and some of its settings
114
DNS clients use the Time to Live (TTL) setting to:
determine how long to cache DNS results
115
Time to Live (TTL) times are:
in seconds and lower times cause clients to renew the records more often
116
Most DNS servers on the Internet run:
Berkeley Internet Name Domain (BIND) software and run on Unix or Linux servers
117
Internal networks can use BIND, but in Microsoft networks, DNS servers commonly use:
the Microsoft DNS software
118
Occasionally, DNS servers share information with each other in a process known as a:
zone transfer
119
In most cases, a zone transfer only:
includes a small number of updated records
120
DNS servers use what port for zone transfers?
TCP port 53
121
DNS servers use what port for name resolution queries?
UDP port 53
122
DNS poisoning or DNS cache poisoning occurs when:
attackers modify the DNS cache with a bogus IP address
123
One of the primary methods of preventing DNS cache poisoning is with:
Domain Name System Security Extensions (DNSSEC)
124
Domain Name System Security Extensions (DNSSEC) is:
a suite of extensions to DNS that provides validation for DNS responses
125
Domain Name System Security Extensions (DNSSEC) adds:
a digital signature to each record that provides data integrity
126
If a DNS server receives a Domain Name System Security Extensions (DNSSEC)-enabled response with digitally signed records:
the DNS server knows that the response is valid
127
Technicians use the nslookup (name server lookup) command to:
troubleshoot problems related to DNS
verify that a DNS server can resolve specific host names or fully qualified domain names (FQDNs) to IP addresses
128
A fully qualified domain name (FQDN) includes:
the host name and the domain name
129
The dig command-line tool has:
replaced the nslookup tool on Linux systems
130
You can use the dig command to:
query DNS servers to verify that the DNS server is reachable and to verify that the DNS server can resolve names to IP addresses
131
Ports are:
logical numbers used by TCP/IP to identify what server or application should handle data received by a system
132
Both TCP and UDP use:
ports with a total of 65,536 (0 to 65,635)
133
Administrators open ports on:
firewalls and routers to allow the associated protocol into or out of a network
134
The Internet Assigned Numbers Authority (IANA) divided the ports into three ranges, as follows:
Well-known ports: 0-1023
Registered ports: 1024-49,151
Dynamic and private ports 49,152-65,535
135
Well-known ports:
0-1023
commonly used protocols
136
Registered ports:
1034-49,151
are for companies as a convenience to the IT community
can be used by a single company for a proprietary use or multiple companies for a specific standard
137
Dynamic and private ports:
49,152-65,535
are available for use by any applications who commonly use these ports to temporarily map an application to a port. These temporary port mappings are often called ephemeral ports, indicating that they are short lived
138
Combining the IP Address and the Port description:
At any moment, a computer could be receiving dozens of packets
Each of theses packets includes a destination IP address and a destination port
TCP/IP uses the IP address to get the packet to the computer
The computer then uses the port number to get the packet to the correct service, protocol, or application that can process it
139
The server's IP address is used to:
get the requesting packet from your computer to the server. The server gets the response packets back to your computer using your IP address
140
Popular web servers on the Internet include:
Apache and Internet Information Services (IIS)
141
Apache is:
free and runs on Unix, Linux, and Microsoft systems
142
Internet Information Services (IIS) is included in:
Microsoft Server products
143
When the web server received a packet with a destination port of 80:
the server sends the packet to the web server application (Apaches or IIS) that processes it and sends back a response
144
TCP/IP works with the client OS to:
maintain a table of client-side ports. This table associates port numbers with different applications that are expecting return traffic
145
Client-side ports start at:
port 49,152 and increment up to 65,535
146
Client Ports description
When you use your web browser to request a page from a site, your system will record an unused client port number such as 49,152 in an internal table to handle the return traffic
When the web server returns the web page, it includes the client port as a destination port
When the client receives web page packets with a destination port of 49,152, it sends these packets to the web browser application
The browser processes the packets and displays the page
147
Ports and protocol numbers are:
not the same thing
148
Many protocols aren't identified by:
the port number
149
Any device with an IP address is a:
host, client, or node
150
A common use case for a switch is:
to connect hosts together within a network
151
A common use case for a router is to:
connect multiple networks together to create larger and larger networks
152
The primary methods IPv4 uses when addressing TCP/IP traffic are:
Unicast
Broadcast
153
Unicast traffic is:
one-to-one traffic
154
Broadcast traffic is:
one-to-all traffic
155
A switch can:
learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal switched connections when two computers communicate with each other
156
What is a security benefit of a switch?
If an attacker installs a protocol analyzer on a computer attached to another port, the protocol analyzer would not capture unicast traffic going to other ports. Unlike a hub where the unicast traffic goes to all ports on a hub
157
Port security limits:
the computers that can connect to physical ports on a switch
158
At the most basic level of port security, administrators can:
disable unused ports
159
MAC address filtering is another example of:
port security
160
In MAC address filtering you can manually:
configure each port to accept traffic only from a specific MAC address
161
Using the monitoring port of a switch allows you to see:
all traffic in or out of the switch
162
Physical security protects a switch by:
keeping it in a secure area such as in a locked wiring closet
163
A switching loop or bridge loop problem occurs when:
a user connects two ports of a switch together with a cable.
the switch then continuously sends and resends unicast transmissions through the switch. This disables the switch and degrades performance of the overall network
164
What do many network administrators have installed and enabled for loop prevention?
Spanning Tree Protocol (STP)
Rapid STP (RSTP)
165
A MAC flood attack attempts to:
overload a switch with different MAC addresses with each physical port
166
In a MAC flood attack, an attacker:
sends a large amount of traffic with spoofed MAC addresses to the same port
167
At some point in a MAC flood attack, the switch:
runs out of memory to store all the MAC addresses and enters a fail-open state. The switch begins to operate as a simple hub
168
A flood guard protects against:
MAC flood attacks by limiting the amount of memory used to store MAC addresses for each port or setting the maximum number of MACs supports by a port
169
A flood guard typically sends a:
Simple Network Management Protocol (SNMP) trap or error message in response to the alert
170
A flood guard can either:
disable the port or restrict updates for the port
171
A router connects:
multiple network segments together into a single network and routes traffic between the segments
172
Because routers don't pass broadcasts, they:
effectively reduce traffic on any single segment
173
Segments separated by routers are sometimes referred to as:
broadcast domains
174
If a network has too many computers on a single segment, broadcasts can result in:
excessive collisions and reduce network performance
175
Most routers are:
physical devices, and physical routers are the most efficient
176
Other than physical routers, it's possible to add:
routing software to computers with more than one NIC
177
Access control lists (ACLs) are:
rules implemented on a router (and on firewalls) to identify what traffic is allowed and what traffic is denied
178
Router ACLs provide:
basic packet filtering
179
Router ACLs filter packets based on:
IP addresses
ports
some protocols, such as ICMP or IPsec, based on the protocol identifiers
180
What are some protocol identifiers?
IP addresses and networks
Logical Ports
Protocol numbers
181
Implicit deny indicates:
that all traffic that isn't explicitly allowed is implicitly denied
182
Implicit deny is:
the last rule in the ACL
Some devices automatically apply the implicit deny rule as the last rule
Other devices require an administrator to place the rule at the end of the ACL manually
183
Syntax of an implicit deny rule varies on different systems, but it might be something like:
DENY ANY ANY
DENY ALL ALL
184
Attackers often use spoofing to:
impersonate or masquerade as someone or something else
185
In the context of routers, an attacker will spoof:
the source IP address by replacing the actual source IP address with a different one
186
You can implement antispoofing on a router by:
modifying the access list to allow or block IP addresses
187
A network bridge connects:
multiple networks together and can be used instead of a router in some situations
188
A bridge directs traffic based on:
the destination MAC address
189
An aggregation switch connects:
multiple switches together in a network and then connects to the router to reduce the number of ports used in the router
190
Aggregate simply means that:
you are creating something larger from smaller elements
191
If you replace the bridge with a switch, the switch is an:
aggregation switch
192
A firewall filters:
incoming and outgoing traffic for a single host or between networks
193
A firewall can ensure:
only specific types of traffic are allowed into a network or host, and only specific types of traffic are allowed out of a network or host
194
Host-based firewall monitors:
traffic going in and out of a single host, such as a server or a workstation, and can prevent intrusions into the computer via the NIC
195
Personal firewalls provide:
valuable protection for systems against unwanted intrusions
196
It's especially important to use personal firewalls when:
accessing the Internet in a public place
197
Connecting to a public Wi-Fi hot spot without the personal firewall enabled is:
risky, and never recommended
198
An application-based firewall is:
typically software running on a system
199
A network-based firewall would have:
two or more network interface cards (NICs) and all traffic passes through the firewall.
200
Stateless firewalls use:
rules implemented as ACLs to identify allowed and blocked traffic
201
Although rules within ACLs look a little different depending on what hardware you're using, they generally take the following format:
Permission Protocol Source Destination Port
Permission (you'll typically see this as PERMIT or ALLOW)
Protocol (you'll typically see TCP or UDP)
Source (traffic comes from a source IP address)
Destination (traffic is addressed to a destination IP address)
Port or protocol (you'll typically see the well-known port such as port 80 for HTTP)
202
Stateful firewall inspects:
traffic and makes decisions based on the context, or state, of the traffic
203
Stateful firewall keeps track of:
established sessions and inspects traffic based on its state within a session.
204
A common security issue with stateless firewalls is:
misconfigured ACLs
205
A web application firewall (WAF) is:
a firewall specifically designed to protect a web application, which is commonly hosted on a web server
206
A web application fire can be a:
stand-alone appliance, or software added to another device
207
Most networks have Internet connectivity, but it's rare to connect a network directly to the Internet. Two terms that are relevant here are:
Intranet
Extranet
208
An intranet is:
an internal network people use to communicate and share content with each other
209
An extranet is:
part of a network that can be accessed by authorized entities from outside the network
210
A demilitarized zone (DMZ) is a:
buffered zone between a private network and the Internet
211
A demilitarized zone (DMZ) provides a:
layer of protection for these Internet-facing servers, while allowing clients to connect to them
212
Network Address Translation (NAT) is a:
protocol that translates public IP addresses to private IP addresses and private addresses back to public
213
What is Port Address Translation (PAT)?
a commonly used form of NAT is network address and port translation
214
Some of the benefits of Network Address Translation (NAT) include:
Public IP addresses don't need to be purchased for all clients
NAT hides internal computers from the Internet
Static NAT
Dynamic NAT
215
Static NAT uses:
a single public IP address in a one-to-one mapping. It maps a private IP address with a single public IP address
216
Dynamic NAT uses:
multiple public IP addresses in a one-to-many mapping.
217
Network segregation provides:
basic separation
218
Network segmentation refers to:
putting traffic on different segments
219
Network isolation indicates:
the systems are completely separate
220
Physical isolation ensures:
that a network isn't connected to any other network
221
Supervisory control and data acquisition (SCADA) systems are typically:
industrial control systems within a large facilities such as power plants or water treatment facilities
222
An airgap is:
a metaphor for physical isolation, indicating that there is a gap of air between an isolated system and other systems
223
Administrators use subnetting to:
divide larger IP address ranges into smaller ranges
224
A Layer 2 switch uses:
the destination MAC address within packets to determine the destination port
225
A Layer 2 switch forwards:
broadcast traffic to all ports on the switch
226
A Layer 3 switch mimics:
the behavior of a router and allows network administrators to create virtual local area network (VLAN)
227
A virtual local area network (VLAN) uses:
a switch to group several different computers into a virtual network
228
A single Layer 3 switch can create:
multiple VLANs to separate the computers based on logical needs rather than physical location
229
A media gateway is a:
device that converts data from the format used on one network to the format used on another network
230
Many networks use proxy servers to:
forward requests for services (such as HTTP or HTTPS) from clients
231
Proxy servers can:
improve performance by caching content and some proxy servers can restrict user's access to inappropriate web sites by filtering content
232
The proxy server increases:
the performance of Internet requests by caching each result received from the Internet
233
Cache simply means:
"temporary storage"
234
Cache could be:
a dedicated area of RAM, or, in some situations, it could be an area on a high-performance disk subsystem
235
A transparent proxy will:
accept and forward request without modifying them
236
A nontransparent proxy server can:
modify or filter requests
237
A URL filter examines:
the requested URL and chooses to allow the request or deny the request
238
A reverse proxy accepts:
requests from the Internet, typically for a single web server
239
The reverse proxy server can be used for:
a single web server or a web farm of multiple servers
240
When used with a web farm a reverse proxy server can act as a:
load balancer
241
You would place the load balancer in the:
DMZ to accept the requests and it then forwards the requests to different servers in the web farm using a load-balancing algorithm
242
An application proxy is used for:
specific applications and it accepts requests, forwards the requests to the appropriate server, and then sends the response to the original requestor
243
Unified threat management (UTM) is a:
single solution that combines multiple security controls
244
The overall goal of Unified threat management (UTM) is:
to provide better security, while also simplifying management requirements
245
A United threat management (UTM) device will reduce:
the workload of administrators without sacrificing security
246
A United threat management (UTM) security appliances combine:
the features of multiple security solutions into a single appliance
247
A United threat management (UTM) security appliances include multiple capabilities, including:
URL filtering
Malware inspection
Content inspection
DDoS mitigator
248
Content inspection includes:
a combination of different content filters
can also include a spam filter to inspect incoming email and reject spam
can also block specific types of transmissions, such as streaming audio and video, and specific types of files such as Zip files
249
Content inspection monitors:
incoming data streams and attempts to block any malicious content
250
DDoS mitigator attempts tp:
detect DDoS attacks and block them
251
A common security issue with A United threat management (UTM) is:
a misconfigured content filter
252
It's common to place A United threat management (UTM) appliances at:
the network border, between the Internet and the intranet (or the private network)
253
A mail gateway is a:
server that examines all incoming and outgoing email and attempts to reduce risks associated with email
254
Administrators locate a mail gateway between:
the email server and the Internet and configure it for their purposes
255
Mail gateways often include:
data loss prevention (DLP) capabilities
256
Mail gateways examine:
outgoing email looking for confidential or sensitive information and block them
257
What are the common use cases that you can implement with switches:
Prevent switching loops
Block flood attacks
Prevent unauthorized users from connecting to unused ports
Provide increased segmentation of user computers
258
Simple Network Management Protocol version 3 (SNMPv3) monitors:
and manages network devices, such as routers or switches
259
Simple Network Management Protocol version 3 (SNMPv3) modifies:
the configuration of the devices or have network devices report status back to a central network management system
260
What are the common use cases that you can implement with routers:
Prevent IP address spoofing
Provide secure management of routers
