Flashcards in IS3220 CHAPTER 1 Deck (116):
The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic is called ___?
A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and only supporting the intended function. Firewalls, routers, and switches are typical ___?
Anything you use in a business process to accomplish a business task is considered an ___?
This can be the action of a system that is recording user activity and system events into a log. It can also be the action of one who checks for compliance with security policies and other regulations and is called the act of ___?
Either an outside consultant or an internal member of the Information Technology staff. They perform security audits, confirms that the checking is sufficient, and investigates trails produced by system checks. In the case of regulatory compliance, they should be external and independent of the organization. This person/position is called ___?
The process of confirming the identity of a user. It is also know as logon and is called ___?
Defining what users are allowed and not allowed to do. This is also known as access control and is called ___?
When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If availability becomes compromised, a denial of service is taking place and is called ___?
This is any access method or pathway that circumvents access or authentication mechanisms or unauthorized access to a system is called ___?
A type of filtering in which all activities or entities are permitted except for those on a ___?
Any restriction on the performance of a system. Can be caused by a slower component or pathway with insufficient throughput. It causes other components of system to work slower than their optimum rate and is called ___?
Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider is called ___?
A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. It forwards only packets whose destination address is on the opposing network and is called ___?
Any activity necessary to meet an organization's long-term goals. These are assigned to employees and other authorized personnel via their job description and is called ___?
Specifically, this is a proxy server and is the retention of Internet content. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly and is called ___?
Similar to a bottleneck, but deliberately created within a network infrastructure. It is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur and is called ___?
This is a host on a network. It is the computer system, which supports user interaction with the network. Users employ this to access resources from the network. Users can also employ this generically as any hardware or software product to access a resource. This is called a ___?
A form of network where certain computers are designated as "servers" to host resources shared with the network. The remaining computers are designated as this to enable users to access shared resources. Most ___ employ directory services and single sign-on.
The security service of preventing access to resources by unauthorized users, while supporting access to authorized users is called ___?
A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one is called ___?
DEFENSE IN DEPTH
A type of perimeter network used to host resources designated as accessible by the public from the Internet is called ___?
DEMILITARIZED ZONE (DMZ)
A form of attack that attempts to compromise availability. These attacks are usually of two types: flaw exploitation and flooding and is called ___?
DENIAL OF SERVICE (DoS)
A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system and an essential service of large networks is called ___?
A client/server network managed by a directory service is called ___?
A network service that resolves FQDNs into their corresponding IP address. This is an essential service of most networks and their directory services and is called ___?
DOMAIN NAME SYSTEM (DNS)
Any planned or unplanned period when a network service or resource is not available. This can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize this through security and system management is called ___?
Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations is called ___?
The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also know as "tunneling." This allows for communications to cross intermediary networks that might be incompatible with the original protocol and is called ___?
The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties is called __?
An attack tool, method or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system is called ___?
A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to this requires the use of a virtual private network or VPN, especially when access originates from the Internet and is called ___?
The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering is called ___?
A network security device or host software that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device is called ___?
A complete Internet host name including a top level domain name, registered domain name, possibly one or more sub-domain names, and a host name and is called ___?
FULLY QUALIFIED DOMAIN NAME (FQDN)
A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as "crackers." This is called a ___?
The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice and is called ___?
The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings is called ___?
This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. Then disconnects one of the session's hosts. Impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the person takes over the session of the offline host, while the other host is unaware of the switch is called ___?
A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the network layer. This would include clients, servers, firewalls, proxies, and even routers. This excludes switches, bridges, and other physical devices such as repeaters and hubs and is called a ___?
A static file on every IP enabled host where FDQN to IP address resolutions can be hard coded and is called ___?
Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destination is called ___?
The security service of preventing unauthorized changes to data is called ___?
A security mechanism to detect unauthorized user activities, attacks, and network compromise. It can respond in a passive manner through alerts and logging or in an active manner by disconnecting session is called ___?
INTRUSION DETECTION SYSTEM (IDS)
A security mechanism to detect and prevent attempts to breach security is called ___?
INTRUSION PREVENTION SYSTEM (IPS)
IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. This provides tunnel mode and transport mode encrypted network layer connections between hosts and/or networks is called ___?
An essential part of security and an extension of the written security policy. This defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplished these assigned tasks is called ___?
A network confined to a limited geographic distance. Generally, this is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos is called ___?
LOCAL AREA NETWORK (LAN)
A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events is called __?
The act of creating or recording events into a log. It is similar to auditing and monitoring and is called ___?
Any software that was written with malicious intent. Administrators use antivirus and anti-malware scanners to detect and prevent malicious code from causing harm within a private network or computer is called ___?
MALICIOUS CODE (OR MALWARE)
This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxies by the hacker. This allow the hacker to eavesdrop and manipulate the communications is called ___?
The physical address assigned to a network interface by the manufacturer. This is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of this address is known as the Organizationally Unique Identifier or vender ID, the last half is the uniques serial number of the NIC and is called ___?
MEDIA ACCESS CONTROL (MAC) ADDRESS
The act of watching for abnormal or unwanted circumstances. Commonly used interchangeably with logging and auditing and is called ___?.
MONITOR OR MONITORING
A mechanism that limits access or admission to a network based on the security compliance of a host is called ___?
NETWORK ACCESS CONTROL (NAC)
A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal clients configuration. The primary purpose is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers. This is called ___?
NETWORK ADDRESS TRANSLATION (NAT)
The collection of security components assembled in a network to support secure internal and external communications. This depends on host security and operates to protect the network as a whole, rather than as individual systems and is called ___?
Any device on the network that can act as the endpoint of a communication. this includes clients, servers, switches, routers, firewalls, and anything with a network interface that has a MAC address. This is called ___?
This is a standard conceptual tool used to discuss protocols and their functions. This model has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While this helps to discuss protocols, most protocols are not in full compliance with it. This is called ___?
OPEN SYSTEM INTERCONNECTION REFERENCE MODEL (OSI MODEL)
This is an extension of network address translation (NAT) that permits multiple devices on a local area network to be mapped to a single public IP address. This is called ___?
PORT ADDRESS TRANSLATION (PAT)
An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs) is called ___?
This keeps information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cell phone numb, etc., this concerns extend to any data that represents personally identifiable information and is called ___?
The ranges of IP addresses defined in RFC 1918 for use private networks that are not usable on the Internet is called ___?
PRIVATE IP ADDRESS
An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system is called ___?
A network service that acts as a "middle man" between a client and server. It can hide the identity of the client, filter content, perform NAT services, and cache content. This is called ___?
Any address that is valid for use on the Internet is called ___? This excludes specially reserved addresses such as loopback.
PUBLIC IP ADDRESS
The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure. This is called ___?
A communications link that enable access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over this connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection. This is called ___?
This accepts inbound connections from remote clients and is called ___?
REMOTE ACCESS SERVER (RAS)
The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance and is called ___?
This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on the network at a later time. This often focuses on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access and is called ___?
Any data item or service available on a computer or network accessible by a user to perform a task is called ___?
A document that defines or describes computer and networking technologies. This exists for hardware, populating systems, protocols, security services, and much more. This is called ___?
RFC (REQUEST FOR COMMENT)
IP addresses that, by convention, are not routed outside a private or closed network.
Class A 10.0.0.0-10.255.255.255;
Class B 172.16.0.0-172.31.255.255;
Class C 192.168.0.0-192.168.255.255
is known as ___?
RFC 1918 ADDRESSES
The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. This is a combination of an asset's value, exposure level, and rate of occurrence of the threat. This is called ___?
A collection of tasks and responsibilities defined by a security policy or description for an individual essential productivity, or security position is called ___?
A network device responsible for directing traffic towards its stated destination along the known current available path is called a ___?
Sets of stated purposes or targets for network security activity. First part include confidentiality, integrity, and availability. Second part are generally more oriented towards achieving or maintaing the goals, such as ensuring the confidentiality of resource. These are called ___?
SECURITY GOALS & SECURITY OBJECTIVES
The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rest with ___?
A host on a network. This is the computer system that hosts resources accessed by users from clients and is called __?
Any element of a system or network infrastructure, which is the primary or only pathway through which a process occur. The compromise of such an element could result in system failure. Network design should avoid this by including redundancy and defense in depth. This is called ___?
SINGLE POINT OF FAILURE
A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. This is called ___?
SINGLE SIGN-ON (SSO)
A software utility or hardware device that captures network communications for investigation and analysis. Also know as packet analyzer, network analyzer, and protocol analyzer and is called ___?
Any small network, workgroup, or client/server, deployed by a small business, home based or just a family network at home is called ___?
SOHO (SMALL OFFICE, HOME OFFICE NETWORK)
A device, which provides network segmentation through hardware. Across this, temporary dedicated electronic communication pathways are created between the endpoints of a session. This pathway prevents collisions. Additionally, it allows the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions. This is called ___?
This is short for telecommunication company or corporation. Used to refer to any company that sells or leases WAN connection service whether wired or wireless and is called ___?
A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which stimulates remote control. A terminal service system can support multiple simultaneous connection. When this is in use, the client workstation converts to a thin client status. All operations of storage and processing then take place on the ___.
A legacy terminal concept used to control mainframes. These had no local processing or storage capability. These simulate these limitations and perform all operations on the terminal server, remote control server, or ___.
Any potential harm to a resource or node on the network. threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally. This is called ___?
Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, this is the confidence that other users will act in accordance with the organization's security rules and not attempt to violate stability, privacy, or integrity of the network and its resources. This is called ___?
The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol is called ___?
A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. This allows for cheap long distance connections established over the Internet. This is called ___?
VIRTUAL PRIVATE NETWORK (VPN)
A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security management aims to discover and eliminate such ___.
A type of filtering concept where the network denies all activities except for those on this. This is called ___?
A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members. All members are on equal footing because they can manage their own local resources and users and this is called a ___?
New and previous unknown attacks for which there are no current specific defenses. This refers to the newness of an exploit, which may be known in the hacker community for days or weeks. This is called ___?
ZERO DAY EXPLOITS
The process of purging a storage device by writing zeros to all addressable locations on the device. This contains no data remnants that other users could potentially recover and is called ___?
1. An outsider needs access to a resource hosted in your extranet. The outside is a stranger to you, but one of your largest distributors vouches for them. If you allow them access to the resource, this is know as implementing what?
3. trusted third party
4. remote control
Trusted third party
2. Which of the following are common security objectives?
5. All the above
3. What is an asset?
1. Anything used in a business task
2. Only objects of monetary value
3. A business process
4. Job descriptions
5. Security policy
Anything used in a business task
4. What is the benefit of learning to think like a hacker?
1. Exploiting weaknesses in targets
2. Protecting vulnerabilities before they are compromised
3. Committing crimes without getting caught
4. Increase in salary
5. Better network design
Protecting vulnerabilities before they are compromised
5. What is the most important part of an effective security goal?
1. That it is inexpensive
2. That it is possible with currently deployed technologies
3. That it is written down
4. That it is approved by all personnel
5. That it is a green initiative
That it is written down
6. What is true about every security component or device?
1. They are all interoperable
2. The are all compatible with both IPv4 and IPv6
3. They always enforce confidentiality, integrity, and availability
4. They are sold with pre-defined security plans
5. They all have flaws or limitations
They all have flaws or limitations
7. Who is responsible for network security?
1. Senior management
2. IT and security staff
3. End users
8. What is a distinguishing feature between workgroups and client/server networks? (Or, what feature is common to one of these but not both?)
2. Centralized authentication
3. List of shared resources
4. User accounts
9. Remote control is to thin clients as remote access is to ___?
10. What two terms are closely associated with VPNs?
1. Tunneling and encapsulation
2. Bridging and filtering
3. Path and network management
4. Encapsulation and decapsulation
5. Port forwarding and port blocking
Tunneling and encapsulation
11. What is a difference between a DMZ and an extranet?
1. VPN required for access
2. Hosted resources
3. External user access
4. Border or boundary network
5. Isolation from the private LAN
VPN required for access
12. What is the primary security concern with wireless connections?
1. Encrypted traffic
2. Support for IPv6
3. Speed of connection
4. Filtering of content
5. Signal propagation
13. What are two elements of network design that have the greatest risk of causing a SoS?
1. Directory service
2. Single point of failure
4. Both 1 and 2
5. Both 2 and 3
Single point of failure
14. For what type of threat are there no current defenses?
1. Information leakage
3. Buffer overflow
4. Zero day
5. Hardware failure
15. Which of the following is true regarding a layer 2 address and layer 3 address?
1. MAC address is at layer 2 and is routable
2. Layer 2 address contains a network number
3. Layer 2 address can be filtered with MAC address filtering
4. Network layer address is at layer 3 and routable
5. Both 3 and 4
Layer 2 address can be filtered with MAC address filtering &
Network layer address is at layer 3 and routable
16. Which of the following are NOT benefits of IPv6?
1. Native communication encryption
2. RFC 1918 address
3. Simplified routing
4. Large address space
5. Smaller packet header
RFC 1918 address
17. What is the most common default security stance employed on firewalls?
1. Allowing by default
2. Custom configuring of access based on user account
3. Caching Internet content
4. Denying by default, allowing by exception
5. Using best available path
Denying by default, allowing by exception
18. What is egress filtering?
1. Investigating packets as they enter a subnet
2. Allowing by default, allowing by exception
3. Examining traffic as it leaves a network
4. Prioritizing access based on job description
5. Allowing all outbound communications without restriction
Examining traffic as it leaves a network
19. Which of the following is NOT a feature of a proxy server?
1. Caching Internet content
2. Filtering content
3. Hiding the identity of a requester
4. Offering NAT services
5. MAC address filtering
MAC address filtering