Chapter 6

Question 1

a set of rules to permit or restrict data from flowing into or out of a network

Answer 1

access control list (ACL)

Question 2

a configuration in which all load balancers are always active

Answer 2

active-active

Question 3

a configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a “listening mode.”

Answer 3

active-passive

Question 4

a scheduling protocol that distributes the load based on which devices can handle the load more efficiently.

Answer 4

affinity

Question 5

a network access control (NAC) agent that is not installed on an endpoint device but is embedded within a microsoft windows active directory domain controller

Answer 5

agentless NAC

Question 6

the absence of any type of connection between devices.

Answer 6

air gap

Question 7

A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.

Answer 7

always-on VPN

Question 8

a monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.

Answer 8

anomaly monitoring

Question 9

A defense used to protect against IP spoofing that imitates another computer’s IP address.

Answer 9

antispoofing

Question 10

A special proxy server that “knows” the application protocols that is supports.

Answer 10

application/multipurpose proxy

Question 11

a firewall that functions at the OSI application layer

Answer 11

application-based firewall

Question 12

A monitoring technique used by an intrusion detection system (IDS) that uses the normal processes and actions as the standard and compares actions against it.

Answer 12

behavioral monitoring

Question 13

A hardware device or software that is used to join two separate computer networks to enable communication between them.

Answer 13

bridge

Question 14

A system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.

Answer 14

data loss prevention (DLP)

Question 15

A separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

Answer 15

demilitarized zone (DMZ)

Question 16

A network access control (NAC agent that disappears after reporting information to the NAC device.

Answer 16

dissolvable NAC agent

Question 17

A private network that can also be accessed by authorized external customers, vendors, and partners.

Answer 17

extranet

Question 18

the failure to raise an alarm when there is abnormal behavior

Answer 18

false negative

Question 19

alarm that is raised when there is no actual abnormal behavior.

Answer 19

false positive

Question 20

hardware or software that is designed to limit the spread of malware.

Answer 20

firewall

Question 21

A defense against a MAC flooding attack. see also port security.

Answer 21

flood guard

Question 22

a computer or an application program that intercepts user requests from the from the internal secure network and then processes those requests on behalf of the users.

Answer 22

forward proxy

Question 23

A VPN technology in which all traffic is sent to the VPN concentrator and is protected.

Answer 23

full tunnel

Question 24

A separate open network that anyone can access without prior authorization.

Answer 24

guest network

Question 25

A dedicated cryptographic processor that provides protection for cryptographic keys.

Answer 25

hardware security module (HSM)

Question 26

A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.

Answer 26

heuristic monitoring

Question 27

Reports sent by network access control (NAC) "agents" installed on devices to gather information and report back to the NAC device

Answer 27

host agent health checks

Question 28

A software firewall that runs as a program on a local computer to block or filter traffic coming into and out of the computer.

Answer 28

host-based firewall

Question 29

A software-based application that runs on a local host computer that can detect an attack as it occurs.

Answer 29

host-based intrusion detection system (HIDS)

Question 30

A technology that monitors a local system to immediately react to block a malicious attack.

Answer 30

host-based intrusion prevention system (HIPS)

Question 31

a more recent and advanced electronic email system for incoming mail.

Answer 31

IMAP ( internet mail access protocol)

Question 32

the principle of being always blocked by default.

Answer 32

implicit deny

Question 33

an intrusion detection system (IDS) implemented through the network itself by using network protocols and tools.

Answer 33

in-band IDS

Question 34

an intrusion detection system (IDS) that is directly connected to the network and monitors the flow of data as it occurs

Answer 34

inline IDS

Question 35

a private network that belongs to an organization that can only be accessed by approved internal users.

Answer 35

intranet

Question 36

a device that detects an attack as it occurs.

Answer 36

Intrusion detection system (IDS)

Question 37

a dedicated network device that can direct requests to different servers based on a variety of factors.

Answer 37

load balancer

Question 38

a means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA)

Answer 38

loop prevention

Question 39

A system that monitors emails for unwanted content and prevents these messages from being delivered.

Answer 39

mail gateway

Question 40

A device that converts media data from one format to another.

Answer 40

media gateway

Question 41

A technique that examines the current state of a system or network device before it can connect to the network.

Answer 41

network access control (NAC)

Question 42

a technique that allows private IP addresses to be used on the public internet.

Answer 42

network address translation (NAT)

Question 43

A technology that watches for attacks on the network and reports back to a central device.

Answer 43

network intrusion detection system (NIDS)

Question 44

A technology that monitors network traffic to immediately react to block a malicious attack.

Answer 44

prevention system (NIPS)

Question 45

a firewall that functions at the OSI network layer (Layer 3)

Answer 45

network-based firewall

Question 46

An intrusion detection system (IDS) that uses an independent and dedicated channel to reach the device.

Answer 46

out-of-band IDS

Question 47

An intrusion detection system (IDS) that is connected to a port on a switch in which data is fed to it.

Answer 47

passive IDS

Question 48

A network access control (NAC) agent that resides on end devices until uninstalled.

Answer 48

permanent NAC agent

Question 49

Isolating the network so that it is not accessible by outsiders.

Answer 49

physical network segregation

Question 50

a flood guard technology that restricts the number of incoming MAC addresses for a port

Answer 50

port security

Question 51

an earlier mail system responsible for incoming mail.

Answer 51

post office protocol (POP)

Question 52

A user-to-LAN VPN connection used by remote users.

Answer 52

remote access VPN

Question 53

A proxy that routes requests coming from an external network to the correct internal server.

Answer 53

reverse proxy

Question 54

a scheduling protocol rotation that applies to all devices equally

Answer 54

round-robin

Question 55

a device that can forward packets across computer networks.

Answer 55

router

Question 56

A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.

Answer 56

security and information event management (SIEM)

Question 57

a SIEM feature that combines data from multiple data sources (network security devices, servers, software applications, etc.) to build a comprehensive picture of attacks.

Answer 57

SIEM aggregation

Question 58

A SIEM feature that can inform security personnel of critical issures that need immediate attention.

Answer 58

SIEM automated alerting and triggers

Question 59

A SIEM feature that searches the data acquired through SIEM aggregation to look for common characteristics, such as multiple attacks coming from a specific source.

Answer 59

SIEM correlation

Question 60

A SIEM feature that can help filter the multiple alerts into a single alarm.

Answer 60

SIEM event duplication

Question 61

A SIEM feature that records events to be retrained for future analysis and to show that the enterprise has complied with regulations.

Answer 61

SIEM logs

Question 62

A SIEM feature that can show the order of the events.

Answer 62

SIEM time synchronization

Question 63

A monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.

Answer 63

signature-based monitoring

Question 64

an earlier email system that handles outgoing mail.

Answer 64

simple mail transfer protocol (SMTP)

Question 65

A VPN connection in which multiple sites can connect to others sites over the internet

Answer 65

site-to-site VPN

Question 66

a VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly access the internet.

Answer 66

split tunneling

Question 67

a spearate device that decrypts SSL traffic

Answer 67

SSL decryptor

Question 68

a separate hardware card thatinserts into a web server that contains one or more co-processors to andle SSL/TLS processing

Answer 68

SSL/TLS accelerator

Question 69

a firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions

Answer 69

stateful packet filtering

Question 70

a firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administraitor

Answer 70

stateless packet filtering

Question 71

a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.

Answer 71

switch

Question 72

a proxy that does not require any configurathion on the user's comuter

Answer 72

transparent proxy

Question 73

an integrated device that combines several security functions

Answer 73

Unified Threat management (UTM)

Question 74

a data loss prevention (DLP) technique for blocking the copying of files to a USB flash drive

Answer 74

USB blocking

Question 75

An IP address and a specific port number that can be used to reference different physical servers.

Answer 75

virtual IP (VIP)

Question 76

a technology that allows scattered users to be logically grouped together ever though they may be attached to different switches.

Answer 76

virtual LAN (VLAN)

Question 77

A technology that enables use of an unsecured public network as if it were a secure private network.

Answer 77

virtual private network (VPN)

Question 78

a device that aggregates hundreds of thousands of VPN connections.

Answer 78

VPN conentrator

Question 79

a firewall that filters by examining the applications using HTTP.

Answer 79

web application firewall