IS3220 CHAPTER 11 Flashcards Preview

IS3220 NETWORK SECURITY, FIREWALLS, & VPNS > IS3220 CHAPTER 11 > Flashcards

Flashcards in IS3220 CHAPTER 11 Deck (25):
1

The ability for a network or system user to remain unknown is called ___?
A number of tools and techniques provide this when connected to a network, although the underlying network protocols make true ___ very difficult.

ANONYMITY

2

Keeping information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like Social Security number, medical records, credit card number, cell phone number, etc., these concerns extend to any data that represents personally identifiable information (AKA PII). This is called ___?

PRIVACY

3

An industry term referring to any product that appears in a vendor's PowerPoint slide deck, but is not yet available in one of its products is called ___?

SLIDEWARE

4

A method of proving identity using two different authentication factors. These factors are something you know, something you have, or something you are. EX: a smart card (you have) with a PIN (something you know), a biometric device (something you are) or a proximity card (something you have) that activates a fingerprint reader (something you are. This is called ___?

TWO-FACTOR AUTHENTICATION

5

The technology and business processes used to identify, track, and mitigate known weaknesses on hosts within a computing environment is called ___?

VULNERABILITY MANAGEMENT

6

1. Which response contains the three most common VPN deployment architectures?

1. Bypass, encrypted, Open VPN
2. DMZ, Open VPN, internally connected
3. DMZ, Encrypted, Open VPN
4. Encrypted, Open VPN, internally connected
5. Bypass, DMZ, internally connected

Bypass, DMZ, internally connected

7

2. All the following are considered VPN management best practices except:

1. If one is good, two is better
2. Patch regularly
3. Permit split tunnelling
4. Do not allow employee-owned computers to connect
5. Review usage

Permit split tunnelling

8

3. Three of the threats common to both software and hardware VPNs include ___, ___, ___.

Three of the following:
Denial of service attack,
missing patches,
backdoor attack,
unpublished vulnerability in the code,
weak client security,
weak authentication,
weak encryption key section,
social engineering

9

4. The two different types of VPN commonly used for remote access VPN commonly used for remote access VPN are ___ and ___.

SSL, IPSec

10

5. Pick TWO advantages of using an open-source VPN solution instead of a commercial solution.

1. Low cost
2. Good Vendor support
3. Minimize installation and configuration time
4. Use existing hardware
5. Easier to troubleshoot

Low cost

Use existing hardware

11

6. The ability for a network or system user to remain unknown to adversaries is ___.

anonymity

12

7. Which of the following are benefits of using a commercial VPN instead of an open-source VPN solution? (More than one answer MAY be correct)

1. More costly
2. Less flexible
3. Product support
4. Requires higher skill set to deploy and support
5. Dedicated hardware

Product support

Dedicated hardware

13

8. A document that details the requirements for using the VPN is called a ___.

VPN policy

14

9. Which of the following are vulnerabilities common to both software and hardware VPN solutions? (Multiple answers may be correct)

1. Default password
2. Unpublished vulnerability in the code
3. Weak client security
4. Weak authentication
5. Blue Screen of Death

Unpublished vulnerability in the code
Weak client security
Weak authentication

15

10. Which of the following are components of a VPN Policy? (Multiple answers may be correct)

1. Introduction
2. Scope
3. VPN Configuration Settings
4. Definitions
5. Backup Strategy

Introduction

Scope

Definitions

16

11. Keeping information about a network or system user from being disclosed to unauthorized people is known as ___.

privacy

17

12. Recognizing that vulnerabilities will be found with both hardware and software VPNs, be sure to ___ frequently.

.patch/update

18

13. Which of the following are not VPN best practices? (Multiple answers may be correct)

1. Backup your configurations
2. Pick the solution that gets the best reviews
3. Don't permit split tunneling
4. Use vulnerability management
5. Secure your endpoints

Pick the solution that gets the best reviews

19

14. The best authentication method for client VPNs is ___.

two-factor or token/biometric

20

15. When protecting the availability of your VPN, it is a good practice to have ___ VPN gateways in your environment.

redundant

21

16. Which of the following are protocols that can be used for high availability with VPNs? (Multiple answers may be correct)
1. IPSec
2. IDES
3. HSRP
4. VRRP
5. SSL

HSRP

VRRP

22

17. If you want to verify that the VPN is on the network, what is the simplest tool you can use?

1. Snort
2. Ping
3. Traceroute
4. VPN Monitor
5. Syslog

Ping

23

18. When troubleshooting a VPN issue, which of the following are valid troubleshooting steps? (Multiple answers may be correct)
1. Don't panic
2. Gather the symptoms
3. Run the vulnerability scan
4. Review changes to the environment
5. Upgrade the VPN software

Don't panic

Gather the symptoms

Review changes to the environment

24

19. Your VPN policy should address which of the following topics? (Multiple answers may be correct)

1. Define authentication methods permitted
2. Define the VPN platform
3. Define required encryption levels for VPN connections
4. Define the troubleshooting process
5. Define how to respond to incidents

Define authentication methods permitted

Define required encryption levels for VPN connections

25

20. In addition to redundant VPNs, also make sure to have redundant ___ for your VPN to be truly available.

circuits