IS3220 CHAPTER 2 Flashcards by Barbara Crable

This is a port or portal authentication. A mechanism commonly used by network devices, such as firewalls, routers, switches, and wireless access points, to perform authentication of users before allowing communication to continue across or through the device. The authentication can take place locally on the device or go to and authentications service, such as a credit card payment system, PKI, or directory service. This is called ___?

802.1x

How well did you know this?

Not at all

Perfectly

Malicious software programs distributed by hackers to take over control of victim’s computers. AKA bot or zombies. These are commonly used to construct botnets and are called ___?

AGENTS

How well did you know this?

Not at all

Perfectly

The calculation of the total loss potential across a year for a given asset and a specific threat. This is called ___?

ANNUALIZED LOSS EXPECTANCY (ALE)

How well did you know this?

Not at all

Perfectly

A probability prediction based on statistics and historical occurrences on the likelihood of how many times in the next year is a threat going to cause harm. This is called ___?

ANNUALIZED RATE OF OCCURRENCE (ARO)

How well did you know this?

Not at all

Perfectly

A hardened hardware firewall is called an ___?

APPLIANCE FIREWALL

How well did you know this?

Not at all

Perfectly

The top or seventh layer of the OSI model. This layer is responsible for enabling communications with host software, including the operating system. This layer is the interface between host software and the network protocol stack. the sub-protocols of this layer support specific applications or types of data and is called ___?

APPLICATION LAYER (LAYER 7)

How well did you know this?

Not at all

Perfectly

A type of firewall that filters on a specific application’s content and session information is called ___?

APPLICATION PROXY/FIREWALL/GATEWAY

How well did you know this?

Not at all

Perfectly

The cumulative value of an asset based on both tangible and intangible values. This supports the SLE calculation and is called ___?

ASSET VALUE (AV)

How well did you know this?

Not at all

Perfectly

A firewall positioned at the initial entry point where a network interfaces with the Internet. It serves as the first line of defense for the network. AKA a sacrificial host and is called ___?

BASTION HOST

How well did you know this?

Not at all

Perfectly

A description often applied to firewalls positioned on network zone transitions or gateway locations and is called ___?

BORDER SENTRY

How well did you know this?

Not at all

Perfectly

A network of zombie/bot/agent-comprised systems controlled by a hacker is called ___?

BOTNETS

How well did you know this?

Not at all

Perfectly

Malicious software programs distributed by hackers to take over control of victims’ computers. AKA agents or zombies. These are commonly used to construct botnets and are called ___?

BOTS

How well did you know this?

Not at all

Perfectly

A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. AKA session or a state and is called ___?

CIRCUIT

How well did you know this?

Not at all

Perfectly

A filtering device that allows or denies the initial creation of a circuit, session, or state, but performs no subsequent filtering on the circuit once established and is called ___?

CIRCUIT PROXY/FIREWALL

How well did you know this?

Not at all

Perfectly

A type of software product that is pre-compiled and whose source code is undisclosed is called ___?

CLOSED SOURCE

How well did you know this?

Not at all

Perfectly

A firewall product designed for larger networks. Usually a commercial firewall is a hardware device and is called ___?

COMMERCIAL FIREWALL

How well did you know this?

Not at all

Perfectly

A form of filtering that focuses on traffic content. Application proxies perform most of these and are called ___?

CONTENT FILTERING

How well did you know this?

Not at all

Perfectly

The final equation of risk analysis to assess the relative benefit of a countermeasure against the potential annual loss of a given asset exposed to a specific threat is called ___?

COST/BENEFIT

How well did you know this?

Not at all

Perfectly

The second layer of the OSI model responsible for physical addressing (MAC addresses) and supporting the network topology, such as Ethernet is called ___?

DATA LINK LAYER (LAYER 2)

How well did you know this?

Not at all

Perfectly

A form of auto-initian switch that triggers when the ongoing prevention mechanism fails. These often include firewalls and hand grenades. If the firewall stops functioning, the connection is severed. This is called ___?

DEAD-MAN SWITCH

How well did you know this?

Not at all

Perfectly

The action of processing the contents of a header, removing that header, and sending the remaining payload up to the appropriate protocol in the next higher layer in the OSI model is called ___?

DE-ENCAPSULATION

How well did you know this?

Not at all

Perfectly

A firewall that has two network interfaces. Each network interface is located in a uniques network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another and is called ___?

DUAL-HOMED FIREWALL

How well did you know this?

Not at all

Perfectly

The process of automatically created temporary filters. In most cases, the filters allow inbound responses to previous outbound requests. AKA stateful inspection. This is called ___?

DYNAMIC PACKET FILTERING

How well did you know this?

Not at all

Perfectly

The potential amount of harm from a specific threat stated as a percentage. Used in the calculation of SLE and is called ___?

EXPOSURE FACTOR (EF)

How well did you know this?

Not at all

Perfectly

A failure response resulting in a secured or safe level of access or communication is called ___? A failure response resulting in a secured or safe level of access communication is called ___? (2 answers)

FAIL-SAFE | FAIL-SECURE

The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on the content. Firewalls and other security components use this. This is called ___?

FILTERING

A network security device or host software that filters communications, usually network traffic, is based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. AKA a sentry device and is called ___?

FIREWALL

The collection of data at the Data Link layer (Layer 2) of the OSI model, defined by the Ethernet IEEE802.3 standard, that consists of a payload from the Network layer (Layer 3) to which an Ethernet header and footer have been attached is called ___?

FRAME

An entrance or exit point to a controlled space. A firewall is often positioned at the is of a network to block unwanted traffic and is called ___?

GATEWAY

The physical address assigned to a network interface by the manufacturer. AKA the MAC address is called ___?

HARDWARE ADDRESS

An appliance firewall. A hardened computer product that hosts firewall software exclusively is called ___?

HARDWARE FIREWALL

The additional data added to the front of a payload at each layer of the OSI model that includes layer-specific information is called ___?

HEADER

A software firewall installed on a client or server is called a ___?

HOST FIREWALL

These are not directly related to budgetary funds. They can include, but not limited to: research and development, marketing edge, competition value, first to market, intellectual property, public opinion, quality of service, name recognition, repeat customers, loyalty, honesty, dependability, assurance, reliability, trademarks, patents, privacy etc is called ___?

INTANGIBLE COST/VALUE

A commonly used protocol found in the Network layer (Layer 3). This rides as the payload of an IP packet. It supports network health and testing. commonly abused by hackers for flooding and probing attacks. This is called ___?

INTERNET CONTROL MESSAGE PROTOCOL (ICMP)

The temporary logical address assigned to hosts on a network. This is managed and controlled at the Network layer (Layer 3) of the OSI model and called ___?

IP ADDRESS

A temporarily assigned address given to a host. IP address is a common example of this. Most of these exist a the Network layer (Layer 3) of the OSI model. This is called ___?

LOGICAL ADDRESS

The physical address assigned to a network interface by the manufacturer. This is know as the Organizationally Unique Identifier (OUI) or vender ID, the last half is the unique serial number of the NIC and is called ___?

MAC ADDRESS

This is the third layer of the OSI model. This layer is responsible for logical address (IP addresses and routing traffic. This is called ___?

NETWORK LAYER (LAYER 3)

A type of software product that may or may not be pre-compiled and whose source code is freely disclosed and available for review and modification and is called ___?

OPEN SOURCE

This is a standard conceptual tool used to discuss protocols and their functions. It has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While this helps to discuss protocols, mow protocols are not in full compliance with it. This is called ___?

OPEN SYSTEM INTERCONNECTION REFERENCE MODEL (OSI MODEL)

The collection of data at the Network layer (Layer 3) of the OSI model. It consists of the payload from the Transport layer (Layer 4) above and the Network layer header. This is called ___?

PACKET

The non-header component of a PDU/segment/packet/frame. This is the data received from the layer above that includes the above layer's header and its ___.

PAYLOAD

Typically a software host firewall installed on a home computer or network client. This can also refer to SOHO hardware firewalls such as those found on DSL and cable modems and wireless access point. This is called ___?

PERSONAL FIREWALL

The hardware address assigned to a network interface by the manufacturer. AKA the MAC address is called ___?

PHYSICAL ADDRESS

The bottom or first layer of the OSI model. This layer converts data into transmitted bits over the physical network medium and is called ___?

PHYSICAL LAYER (LAYER 1)

The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (AKA reverse proxy and static NAT). This is called ___?

PORT FORWARDING

The addressing scheme used at the Transport layer (Layer 4) of the OSI model. There are 65,535 ports, each of which can in theory support a single simultaneous communication. This is called ___?

PORT NUMBER

A combination of several cryptographic components to create a real-world solution that provides secure communications, storage, and identification services. This is called ___?

PUBLIC KEY INFRASTRUCTURE (PKI)

The sixth layer of the OSI model translates the data received from host software into a format acceptable to the network. This layer also performs this task in reverse for data coming from the network to host software and is called ___?

PRESENTATION LAYER (LAYER 6)

The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (AKA a socket) to an internal resource server. AKA as port forwarding and static network address translation (NAT). This is called ___?

REVERSE PROXY

This is the process of examining values, threat levels, likelihoods, and total cost of compromise versus the value of the resource and the cost of the protection. This involves the use of values and calculations, such as AV, EF, SLE, ARO, ALE, and the cost/benefit equation. This is called ___?

RISK ASSESSMENT

Performing risk assessment, and then acting on the results to reduce or mitigate risk. Often risk assessment establishes a new security policy and then aids in revising it over time. This is called ___?

RISK MANAGEMENT

The list of rules on a firewall (or router or switch) that determine what traffic is and is not allowed to cross the filtering device. Most rule sets employ a first-match-apply action process and is called ___?

RULE SET

A written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of concern appears in traffic. Also known as a filter or ACL and is called ___?

RULES

A firewall positioned at the initial entry point where a network interfaces with the Internet serving as the first line of defense for the network. AKA a bastion host and is called ___?

SACRIFICIAL HOST

A router that can perform basic static packet filtering services in addition to routing functions. This is the predecessor of modern firewalls and is called ___?

SCREENING ROUTER

A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. Netscape designed in 1997 for secure Web commerce, but it can encrypt any traffic above the Transport layer. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data and is called ___?

SECURE SOCKETS LAYER (SSL)

The collection of data at the Transport layer (Layer 4) of the OSI model. It consists of the payload from the Session layer (Layer 5) above and the Transport layer header. TCP segments are a common example. This is called ___?

SEGMENT

A logical connection between a client and a resource server. AKA a circuit or a state and is called ___?

SESSION

The fifth layer of the OSI model. This layer manages the communication channel, known as a session, between the endpoints of the network communication. A single transport layer connection between two systems can support multiple simultaneous sessions and is called ___?

SESSION LAYER (LAYER 5)

The calculation of the loss potential across a single incident for a given asset and a specific threat. This is called ___?

SINGLE LOSS EXPECTANCY (SLE)

The combination of an IP address and a port number as a complete address is called ___?

SOCKET

A host firewall installed on a client or server is called ___?

SOFTWARE FIREWALL

The falsification of information. Often this is the attempt to hide the true identity of a user or the true origin of a communication and is called ___?

SPOOFING

A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. AKA a session or a circuit and is called ___?

STATE

The process of automatically tracking sessions or states to allow inbound responses to previous outbound requests. AKA dynamic packet filtering and is called ___?

STATEFUL INSPECTION

The static coding of a translation pathway across a NAT service. AKA port forwarding and reverse proxy and is called ___?

STATIC NAT

A method of filtering using a static or fixed set of rules to filter network traffic. The rules can focus on source or destination IP address, source or destination port number. IP header protocol field value, ICMP types is called ___?

STATIC PACKET FILTERING

Costs or values directly related to budgetary funds. They can include, but are not limit to: purchase, licenses, maintenance, management, administration, support, utilities, training, troubleshooting, hardware, software, update/upgrades, etc. This is called ___?

TANGIBLE COST/VALUE

The connection-oriented protocol operating at the Transport layer (Layer 4) of the OSI model is called ___?

TRANSMISSION CONTROL PROTOCOL (TCP)

This layer of the OSI model formats and handles data transportation. This transportation is independent of and transparent to the application. This is called ___?

TRANSPORT LAYER (LAYER 4)

A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data. This is called ___?

TRANSPORT LAYER SECURITY (TLS)

A form of encryption AKA point-to-point or host-to-host encryption. This protects only the payload of traffic and leaves the header in plain-text original form. This is called ___?

TRANSPORT MODE ENCRYPTION

A firewall that has three network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic traversing from one segment to another. This is called ___?

TRIPLE-HOMED FIREWALL

A form of encryption AKA site-to-site LAN-to-LAN, gateway-to-gateway, host-to-LAN, and remote access encryption. This performs a complete encapsulation of the original traffic into a new tunneling protocol. The entire original header and payload are encrypted and a temporary link or tunnel header guides the data across the intermediary network and is called ___?

TUNNEL MODE ENCRYPTION

The connectionless protocol operating at the Transport layer (Layer 4) of OSI and is called ___?

USER DATAGRAM PROTOCOL (UDP)

Malicious software programs distributed by hackers to take over control of victims' computers. AKA bots or agents. These are commonly used to construct botnets and are called ___?

ZOMBIES

Any segment, subnet, network, or collection of networks that represent a certain level of risk. The higher the risk, the higher the security needed to protect against that risk. The less the risk of a zone, the lower the security needed because fewer threats exist or existing threats are less harmful. This is called ___?

ZONE OF RISK

Any segment, subnet, network, or collection of networks that represent a certain level of trust. Highly trusted zones require less security, while low trusted zones require more security. This is called ___?

ZONE OF TRUST

1. What is another term for the individual rules in a firewall rule set? 1. States 2. Exceptions 3. Policies 4. Referrals 5. Sentries

Exceptions

2. which of the following is NOT associated with a firewall? 1. Fail-secure 2. Sentry device 3. Fail-open 4. Choke point 5. Filtering service

Fail-open

3. A firewall is designed to allow what type of traffic to traverse its interfaces? 1. Authorized 2. Non-benign 3. Unknown 4. Abnormal 5. Malicious

Authorized

4. What is the first step in deploying a firewall? 1. Determining the filtering process 2. Defining rules 3. Selecting a security stance 4. Purchasing a license 5. Writing a security policy

Writing a security policy

5. Which of the following is the best description of a firewall? 1. An authentication service 2. A remote access server 3. Resource host 4. A sentry device 5. Malicious code scanner

A sentry device

6. A border firewall cannot protect against which of the following? 1. Flooding attacks 2. Inside attacking another internal target 3. Protocol abuses 4. Unauthorized inbound service requests 5. Port scans

Inside attacking another internal target

7. All of the following are mistakes in firewall security EXCEPT: 1. Managing security poorly 2. Deploying too many firewalls 3. Using firewalls to provide filtering for networks and hosts 4. Not writing a security policy 5. Failing to keep current with updates and patches

Using firewalls to provide filtering for networks and hosts

8. What is the primary reason a firewall is an essential security product? 1. Low cost of deployment 2. Threats exist 3. High ROI 4. Native protocol encryption 5. Interoperability

Threats exist

9. What technique determines if firewall is the best countermeasure choice for a particular threat against a specific asset? 1. Conducting a risk assessment 2. Reading blogs 3. Buying the least expensive option 4. Only using open-source products 5. Using products from a single vendor

Conducting a risk assessment

10. Which of the following is NOT a common zone of risk? 1. An extranet 2. A DMZ 3. A private LAN 4. The Internet 5. Department subnets

Department subnets

11. Which of the following statements is true? 1. A firewall can be deployed as a bastion host 2. Firewalls protect resources 3. Firewalls are often the first line of defense for a network 4. Firewalls are part of an overall security strategy 5. All the above

A firewall can be deployed as a bastion host Firewalls protect resources Firewalls are often the first line of defense for a network Firewalls are part of an overall security strategy ALL

12. When a one way or sieve firewall protecting you network allows external initiations of communications to occur over a specific socket, this is known as: 1. Static NAT 2. Traffic forwarding 3. Port forwarding 4. Reverse proxy 5. All the above

Static NAT Traffic forward Port forwarding Reverse proxy ALL

13. What is ingress filtering? 1. Restricting traffic to a specific subnet 2. Preventing traffic from leaving a network 3. Limiting host activities to that host 4. Monitoring traffic on its way inbound 5. Blocking access to external resource sockets

Monitoring traffic on its way inbound

14. Content filtering can focus on the following aspects of traffic EXCEPT: 1. Source or destination IP address 2. Keywords in the payload 3. URLs 4. File extensions 5. Domain names

Source or destination IP address

15. Which of the following will prevent firewall filtering from blocking malicious content? 1. Speed of the network 2. User permissions 3. Not being positioned at a choke point 4. Encrypted traffic 5. Cable type

Encrypted traffic

16. Which of the following is NOT a valid method for determining whether a source address is spoofed? 1. Compare against a use table 2. Verify the route of reception 3. Check the DHCP logs 4. Check against RFC 1918 5. Perform ingress filtering

Check against RFC 1918

17. what form of filtering focuses on source or destination IP address and requires separate rules for inbound and outbound communications? 1. Stateful inspection 2. Static packet filtering 3. Application proxy 4. Circuit proxy 5. Dynamic packet filtering

Static packet filtering

18. Dynamic packet filtering is alson known as: 1. Static packet filtering 2. Application proxy 3. Stateful inspection 4. Circuit proxy 5. Deep packet inspection

Stateful inspection

19. What method of filtering automatically keeps track of sessions on a limited timeout basis to allow responses to queries to reach internal clients? 1. Deep packet inspection 2. Static packet filtering 3. Application proxy 4. Dynamic packet filtering 5. Circuit proxy

Dynamic packet filtering

20. what form of filtering allows communications regardless of content once the session is established? 1. Dynamic packet filtering 2. Circuit proxy 3. Stateful inspection 4. Application proxy 5. Deep packet inspection

Circuit proxy

21. What type of firewall requires the presence of a host operating system? 1. Appliance firewall 2. Personal firewall 3. Software firewall 4. Commercial firewall 5. Screening router

Software firewall

22.

23. What activity performed by a triple homed firewall cannot be performed by a dual homed firewall? 1. Filter content 2. Physically isolate 3. Support NAT proxy services 4. Be deployed as an appliance 5. Route traffic from the Internet to either an intranet or DMZ

Route traffic from the Internet to either an intranet or DMZ