IS3220 CHAPTER 1 Flashcards Preview

IS3220 NETWORK SECURITY, FIREWALLS, & VPNS > IS3220 CHAPTER 1 > Flashcards

Flashcards in IS3220 CHAPTER 1 Deck (116):
1

The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic is called ___?

ACCESS CONTROL

2

A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and only supporting the intended function. Firewalls, routers, and switches are typical ___?

APPLIANCE

3

Anything you use in a business process to accomplish a business task is considered an ___?

ASSET

4

This can be the action of a system that is recording user activity and system events into a log. It can also be the action of one who checks for compliance with security policies and other regulations and is called the act of ___?

AUDITING

5

Either an outside consultant or an internal member of the Information Technology staff. They perform security audits, confirms that the checking is sufficient, and investigates trails produced by system checks. In the case of regulatory compliance, they should be external and independent of the organization. This person/position is called ___?

AUDITOR

6

The process of confirming the identity of a user. It is also know as logon and is called ___?

AUTHENTICATION

7

Defining what users are allowed and not allowed to do. This is also known as access control and is called ___?

AUTHORIZATION

8

When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If availability becomes compromised, a denial of service is taking place and is called ___?

AVAILABILITY

9

This is any access method or pathway that circumvents access or authentication mechanisms or unauthorized access to a system is called ___?

BACKDOOR

10

A type of filtering in which all activities or entities are permitted except for those on a ___?

BLACK LIST

11

Any restriction on the performance of a system. Can be caused by a slower component or pathway with insufficient throughput. It causes other components of system to work slower than their optimum rate and is called ___?

BOTTLENECK

12

Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider is called ___?

BREACH

13

A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. It forwards only packets whose destination address is on the opposing network and is called ___?

BRIDGE

14

Any activity necessary to meet an organization's long-term goals. These are assigned to employees and other authorized personnel via their job description and is called ___?

BUSINESS TASK

15

Specifically, this is a proxy server and is the retention of Internet content. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly and is called ___?

CACHING

16

Similar to a bottleneck, but deliberately created within a network infrastructure. It is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur and is called ___?

CHOKE POINT

17

This is a host on a network. It is the computer system, which supports user interaction with the network. Users employ this to access resources from the network. Users can also employ this generically as any hardware or software product to access a resource. This is called a ___?

CLIENT

18

A form of network where certain computers are designated as "servers" to host resources shared with the network. The remaining computers are designated as this to enable users to access shared resources. Most ___ employ directory services and single sign-on.

CLIENT/SERVER NETWORK

19

The security service of preventing access to resources by unauthorized users, while supporting access to authorized users is called ___?

CONFIDENTIALITY

20

A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one is called ___?

DEFENSE IN DEPTH

21

A type of perimeter network used to host resources designated as accessible by the public from the Internet is called ___?

DEMILITARIZED ZONE (DMZ)

22

A form of attack that attempts to compromise availability. These attacks are usually of two types: flaw exploitation and flooding and is called ___?

DENIAL OF SERVICE (DoS)

23

A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system and an essential service of large networks is called ___?

DIRECTORY SERVICES

24

A client/server network managed by a directory service is called ___?

DOMAIN

25

A network service that resolves FQDNs into their corresponding IP address. This is an essential service of most networks and their directory services and is called ___?

DOMAIN NAME SYSTEM (DNS)

26

Any planned or unplanned period when a network service or resource is not available. This can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize this through security and system management is called ___?

DOWNTIME

27

Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations is called ___?

EGRESS FILTERING

28

The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also know as "tunneling." This allows for communications to cross intermediary networks that might be incompatible with the original protocol and is called ___?

ENCAPSULATION

29

The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties is called __?

ENCRYPTION

30

An attack tool, method or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system is called ___?

EXPLOIT

31

A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to this requires the use of a virtual private network or VPN, especially when access originates from the Internet and is called ___?

EXTRANET

32

The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering is called ___?

FILTERING

33

A network security device or host software that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device is called ___?

FIREWALL

34

A complete Internet host name including a top level domain name, registered domain name, possibly one or more sub-domain names, and a host name and is called ___?

FULLY QUALIFIED DOMAIN NAME (FQDN)

35

A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as "crackers." This is called a ___?

HACKER

36

The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice and is called ___?

HACKING

37

The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings is called ___?

HARDENING

38

This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. Then disconnects one of the session's hosts. Impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the person takes over the session of the offline host, while the other host is unaware of the switch is called ___?

HIJACKING

39

A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the network layer. This would include clients, servers, firewalls, proxies, and even routers. This excludes switches, bridges, and other physical devices such as repeaters and hubs and is called a ___?

HOST

40

A static file on every IP enabled host where FDQN to IP address resolutions can be hard coded and is called ___?

HOSTS FILE

41

Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destination is called ___?

INGRESS FILTERING

42

The security service of preventing unauthorized changes to data is called ___?

INTEGRITY

43

A security mechanism to detect unauthorized user activities, attacks, and network compromise. It can respond in a passive manner through alerts and logging or in an active manner by disconnecting session is called ___?

INTRUSION DETECTION SYSTEM (IDS)

44

A security mechanism to detect and prevent attempts to breach security is called ___?

INTRUSION PREVENTION SYSTEM (IPS)

45

IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. This provides tunnel mode and transport mode encrypted network layer connections between hosts and/or networks is called ___?

IPSEC

46

An essential part of security and an extension of the written security policy. This defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplished these assigned tasks is called ___?

JOB DESCRIPTION

47

A network confined to a limited geographic distance. Generally, this is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos is called ___?

LOCAL AREA NETWORK (LAN)

48

A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events is called __?

LOG

49

The act of creating or recording events into a log. It is similar to auditing and monitoring and is called ___?

LOGGING

50

Any software that was written with malicious intent. Administrators use antivirus and anti-malware scanners to detect and prevent malicious code from causing harm within a private network or computer is called ___?

MALICIOUS CODE (OR MALWARE)

51

This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxies by the hacker. This allow the hacker to eavesdrop and manipulate the communications is called ___?

MAN-IN-THE-MIDDLE

52

The physical address assigned to a network interface by the manufacturer. This is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of this address is known as the Organizationally Unique Identifier or vender ID, the last half is the uniques serial number of the NIC and is called ___?

MEDIA ACCESS CONTROL (MAC) ADDRESS

53

The act of watching for abnormal or unwanted circumstances. Commonly used interchangeably with logging and auditing and is called ___?.

MONITOR OR MONITORING

54

A mechanism that limits access or admission to a network based on the security compliance of a host is called ___?

NETWORK ACCESS CONTROL (NAC)

55

A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal clients configuration. The primary purpose is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers. This is called ___?

NETWORK ADDRESS TRANSLATION (NAT)

56

The collection of security components assembled in a network to support secure internal and external communications. This depends on host security and operates to protect the network as a whole, rather than as individual systems and is called ___?

NETWORK SECURITY

57

Any device on the network that can act as the endpoint of a communication. this includes clients, servers, switches, routers, firewalls, and anything with a network interface that has a MAC address. This is called ___?

NODE

58

This is a standard conceptual tool used to discuss protocols and their functions. This model has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While this helps to discuss protocols, most protocols are not in full compliance with it. This is called ___?

OPEN SYSTEM INTERCONNECTION REFERENCE MODEL (OSI MODEL)

59

This is an extension of network address translation (NAT) that permits multiple devices on a local area network to be mapped to a single public IP address. This is called ___?

PORT ADDRESS TRANSLATION (PAT)

60

An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs) is called ___?

PERMISSIONS

61

This keeps information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cell phone numb, etc., this concerns extend to any data that represents personally identifiable information and is called ___?

PRIVACY

62

The ranges of IP addresses defined in RFC 1918 for use private networks that are not usable on the Internet is called ___?

PRIVATE IP ADDRESS

63

An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system is called ___?

PRIVILEGES

64

A network service that acts as a "middle man" between a client and server. It can hide the identity of the client, filter content, perform NAT services, and cache content. This is called ___?

PROXY

65

Any address that is valid for use on the Internet is called ___? This excludes specially reserved addresses such as loopback.

PUBLIC IP ADDRESS

66

The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure. This is called ___?

REDUNDANCY/REDUNDANT

67

A communications link that enable access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over this connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection. This is called ___?

REMOTE ACCESS

68

This accepts inbound connections from remote clients and is called ___?

REMOTE ACCESS SERVER (RAS)

69

The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance and is called ___?

REMOTE CONTROL

70

This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on the network at a later time. This often focuses on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access and is called ___?

REPLAY ATTACK

71

Any data item or service available on a computer or network accessible by a user to perform a task is called ___?

RESOURCES

72

A document that defines or describes computer and networking technologies. This exists for hardware, populating systems, protocols, security services, and much more. This is called ___?

RFC (REQUEST FOR COMMENT)

73

IP addresses that, by convention, are not routed outside a private or closed network.
Class A 10.0.0.0-10.255.255.255;
Class B 172.16.0.0-172.31.255.255;
Class C 192.168.0.0-192.168.255.255
is known as ___?

RFC 1918 ADDRESSES

74

The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. This is a combination of an asset's value, exposure level, and rate of occurrence of the threat. This is called ___?

RISK

75

A collection of tasks and responsibilities defined by a security policy or description for an individual essential productivity, or security position is called ___?

ROLES/JOB ROLES

76

A network device responsible for directing traffic towards its stated destination along the known current available path is called a ___?

ROUTER

77

Sets of stated purposes or targets for network security activity. First part include confidentiality, integrity, and availability. Second part are generally more oriented towards achieving or maintaing the goals, such as ensuring the confidentiality of resource. These are called ___?

SECURITY GOALS & SECURITY OBJECTIVES

78

The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rest with ___?

SENIOR MANAGEMENT

79

A host on a network. This is the computer system that hosts resources accessed by users from clients and is called __?

SERVER

80

Any element of a system or network infrastructure, which is the primary or only pathway through which a process occur. The compromise of such an element could result in system failure. Network design should avoid this by including redundancy and defense in depth. This is called ___?

SINGLE POINT OF FAILURE

81

A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. This is called ___?

SINGLE SIGN-ON (SSO)

82

A software utility or hardware device that captures network communications for investigation and analysis. Also know as packet analyzer, network analyzer, and protocol analyzer and is called ___?

SNIFFER

83

Any small network, workgroup, or client/server, deployed by a small business, home based or just a family network at home is called ___?

SOHO (SMALL OFFICE, HOME OFFICE NETWORK)

84

A device, which provides network segmentation through hardware. Across this, temporary dedicated electronic communication pathways are created between the endpoints of a session. This pathway prevents collisions. Additionally, it allows the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions. This is called ___?

SWITCH

85

This is short for telecommunication company or corporation. Used to refer to any company that sells or leases WAN connection service whether wired or wireless and is called ___?

TELCO

86

A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which stimulates remote control. A terminal service system can support multiple simultaneous connection. When this is in use, the client workstation converts to a thin client status. All operations of storage and processing then take place on the ___.

TERMINAL SERVER/SERVICES/SESSION

87

A legacy terminal concept used to control mainframes. These had no local processing or storage capability. These simulate these limitations and perform all operations on the terminal server, remote control server, or ___.

THIN CLIENT

88

Any potential harm to a resource or node on the network. threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally. This is called ___?

THREAT

89

Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, this is the confidence that other users will act in accordance with the organization's security rules and not attempt to violate stability, privacy, or integrity of the network and its resources. This is called ___?

TRUST

90

The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol is called ___?

TUNNELING

91

A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. This allows for cheap long distance connections established over the Internet. This is called ___?

VIRTUAL PRIVATE NETWORK (VPN)

92

A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security management aims to discover and eliminate such ___.

VULNERABILITY

93

A type of filtering concept where the network denies all activities except for those on this. This is called ___?

WHITE LIST

94

A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members. All members are on equal footing because they can manage their own local resources and users and this is called a ___?

WORKGROUP

95

New and previous unknown attacks for which there are no current specific defenses. This refers to the newness of an exploit, which may be known in the hacker community for days or weeks. This is called ___?

ZERO DAY EXPLOITS

96

The process of purging a storage device by writing zeros to all addressable locations on the device. This contains no data remnants that other users could potentially recover and is called ___?

ZEROIZATION

97

1. An outsider needs access to a resource hosted in your extranet. The outside is a stranger to you, but one of your largest distributors vouches for them. If you allow them access to the resource, this is know as implementing what?
1. DMZ
2. virtualization
3. trusted third party
4. remote control
5. encapsulation

Trusted third party

98

2. Which of the following are common security objectives?

1. Non-repudiation
2. confidentiality
3. Integrity
4. availability
5. All the above

Non-repudiation
Confidentiality
Integrity
Availability

ALL CORRECT

99

3. What is an asset?

1. Anything used in a business task
2. Only objects of monetary value
3. A business process
4. Job descriptions
5. Security policy

Anything used in a business task

100

4. What is the benefit of learning to think like a hacker?

1. Exploiting weaknesses in targets
2. Protecting vulnerabilities before they are compromised
3. Committing crimes without getting caught
4. Increase in salary
5. Better network design

Protecting vulnerabilities before they are compromised

101

5. What is the most important part of an effective security goal?

1. That it is inexpensive
2. That it is possible with currently deployed technologies
3. That it is written down
4. That it is approved by all personnel
5. That it is a green initiative

That it is written down

102

6. What is true about every security component or device?

1. They are all interoperable
2. The are all compatible with both IPv4 and IPv6
3. They always enforce confidentiality, integrity, and availability
4. They are sold with pre-defined security plans
5. They all have flaws or limitations

They all have flaws or limitations

103

7. Who is responsible for network security?

1. Senior management
2. IT and security staff
3. End users
4. Everyone
5. Consultants

Consultants

104

8. What is a distinguishing feature between workgroups and client/server networks? (Or, what feature is common to one of these but not both?)
1. DNS
2. Centralized authentication
3. List of shared resources
4. User accounts
5. Encryption

Centralized authentication

105

9. Remote control is to thin clients as remote access is to ___?
1. NAC
2. VPN
3. DNS
4. IPS
5. ACL

VPN

106

10. What two terms are closely associated with VPNs?

1. Tunneling and encapsulation
2. Bridging and filtering
3. Path and network management
4. Encapsulation and decapsulation
5. Port forwarding and port blocking

Tunneling and encapsulation

107

11. What is a difference between a DMZ and an extranet?

1. VPN required for access
2. Hosted resources
3. External user access
4. Border or boundary network
5. Isolation from the private LAN

VPN required for access

108

12. What is the primary security concern with wireless connections?
1. Encrypted traffic
2. Support for IPv6
3. Speed of connection
4. Filtering of content
5. Signal propagation

Signal propagation

109

13. What are two elements of network design that have the greatest risk of causing a SoS?
1. Directory service
2. Single point of failure
3. Bottlenecks
4. Both 1 and 2
5. Both 2 and 3

Single point of failure
Bottlenecks

110

14. For what type of threat are there no current defenses?

1. Information leakage
2. Flooding
3. Buffer overflow
4. Zero day
5. Hardware failure

Zero day

111

15. Which of the following is true regarding a layer 2 address and layer 3 address?

1. MAC address is at layer 2 and is routable
2. Layer 2 address contains a network number
3. Layer 2 address can be filtered with MAC address filtering
4. Network layer address is at layer 3 and routable
5. Both 3 and 4

Layer 2 address can be filtered with MAC address filtering &
Network layer address is at layer 3 and routable

112

16. Which of the following are NOT benefits of IPv6?

1. Native communication encryption
2. RFC 1918 address
3. Simplified routing
4. Large address space
5. Smaller packet header

RFC 1918 address

113

17. What is the most common default security stance employed on firewalls?

1. Allowing by default
2. Custom configuring of access based on user account
3. Caching Internet content
4. Denying by default, allowing by exception
5. Using best available path

Denying by default, allowing by exception

114

18. What is egress filtering?

1. Investigating packets as they enter a subnet
2. Allowing by default, allowing by exception
3. Examining traffic as it leaves a network
4. Prioritizing access based on job description
5. Allowing all outbound communications without restriction

Examining traffic as it leaves a network

115

19. Which of the following is NOT a feature of a proxy server?

1. Caching Internet content
2. Filtering content
3. Hiding the identity of a requester
4. Offering NAT services
5. MAC address filtering

MAC address filtering

116

20. Which of the following is allowed under NAC if a host is lacking a security patch?

1. Access to the Internet
2. Access to email
3. Access to Web-based technical support
4. Access to file servers
5. Access to remediation servers

Access to remediation servers