Lecture 8b

Question 2

What is the purpose of security appliances?

Answer 2

They directly address security and work with networking device security features for layered security

Question 3

Name some common security appliances.

Answer 3

Firewalls Proxy servers Deception instruments Intrusion detection and prevention systems Network hardware security modules

Question 4

How does a firewall examine network traffic?

Answer 4

Uses bidirectional inspection to examine outgoing and incoming packets

Question 5

What are rule-based firewalls?

Answer 5

Firewalls that act based on specific predefined criteria or rules

Question 6

What is a policy-based firewall?

Answer 6

A firewall that uses generic policies rather than specific rules for more flexibility

Question 7

Can firewalls filter content or URLs?

Answer 7

Yes firewalls can apply content and URL filtering

Question 8

What is a rule-based firewall?

Answer 8

Uses specific predefined rules to allow or block traffic based on packet attributes

Question 9

What does a policy-based firewall use for traffic filtering?

Answer 9

Uses high-level policies like user roles or applications for more flexible filtering

Question 10

How does a stateless firewall operate?

Answer 10

Evaluates each packet independently without considering previous traffic

Question 11

What is the function of a stateful firewall?

Answer 11

Tracks active connections and makes decisions based on traffic state and context

Question 12

What is a hardware firewall?

Answer 12

A physical device dedicated to filtering traffic and protecting a network

Question 13

What is a software firewall?

Answer 13

A program installed on a device to monitor and control incoming and outgoing traffic

Question 14

What is a virtual firewall?

Answer 14

A software firewall deployed in virtual environments to secure virtual machines or cloud networks

Question 15

What is a forward proxy?

Answer 15

A device that intercepts user requests from an internal network and processes them on behalf of the user

Question 16

What is a reverse proxy?

Answer 16

Routes requests from an external network to the correct internal server

Question 17

How does a proxy server protect internal endpoints?

Answer 17

By hiding their IP addresses and intercepting malware before it reaches them

Question 18

What is the purpose of deception instruments in security?

Answer 18

To redirect threat actors away from valuable assets using honeypots and sinkholes

Question 19

What is a honeypot?

Answer 19

A computer with limited security used as bait to lure and study attackers

Question 20

What are two goals of using honeypots?

Answer 20

Deflect attackers to decoys and discover attacker behaviors and tools

Question 21

What is a sinkhole in network security?

Answer 21

A device designed to redirect unwanted traffic to deceive attackers into thinking their attack succeeded

Question 22

What is the difference between IDS and IPS?

Answer 22

IDS detects attacks IPS attempts to block attacks

Question 23

How does an inline IDS/IPS system work?

Answer 23

Connected directly to the network and monitors data flow

Question 24

How does a passive IDS system work?

Answer 24

Connected to a switch port receiving a copy of network traffic

Question 25

What are in-band and out-of-band management in IDS?

Answer 25

In-band uses network protocols Out-of-band uses an independent dedicated channel

Question 26

Name four IDS monitoring methodologies.

Answer 26

Anomaly based Signature based Behavior based Heuristic based

Question 27

What does anomaly-based monitoring compare?

Answer 27

Current behavior with a baseline of normal activity

Question 28

What does signature-based monitoring detect?

Answer 28

Known attack signature patterns

Question 29

What does behavior-based monitoring identify?

Answer 29

Abnormal actions by processes or programs

Question 30

What question does heuristic monitoring try to answer?

Answer 30

Will this do something harmful if allowed to execute

Question 31

What is a NIDS?

Answer 31

A network intrusion detection system that watches for network attacks

Question 32

What is a NIPS?

Answer 32

A network intrusion prevention system that detects and stops malicious activities

Question 33

What is a hardware security module (HSM)?

Answer 33

A removable external cryptographic device for key management and encryption

Question 34

Where are HSM devices commonly connected?

Answer 34

USB ports expansion cards or direct computer ports

Question 35

What cryptographic operations does an HSM perform?

Answer 35

Key management Key exchange Random number generation Key storage Symmetric and asymmetric encryption

Question 36

What are access control lists (ACL)?

Answer 36

Rules that grant or deny access to digital assets

Question 37

Name two types of ACLs.

Answer 37

Filesystem ACLs and Networking ACLs

Question 38

What do router ACLs do?

Answer 38

Restrict vulnerable protocols and limit incoming network traffic

Question 39

What is a VPN?

Answer 39

A technology that enables secure use of an unsecured public network

Question 40

What are two common VPN types?

Answer 40

Remote access VPN and Site-to-site VPN

Question 41

What is a full tunnel VPN?

Answer 41

Sends all traffic to the VPN concentrator for protection

Question 42

What is a split tunnel VPN?

Answer 42

Routes only some traffic over VPN other traffic goes directly to the Internet

Question 43

Name common VPN protocols.

Answer 43

IPsec and SSL

Question 44

What is network access control (NAC)?

Answer 44

A system that checks device state before allowing network access

Question 45

What happens to devices that fail NAC checks?

Answer 45

They connect only to a quarantine network for security fixes

Question 46

What is the difference between permanent and dissolvable NAC agents?

Answer 46

Permanent stay on device Dissolvable report info then disappear

Question 47

How can NAC integrate with Active Directory?

Answer 47

Using agentless NAC that scans devices via AD

Question 48

What is data loss prevention (DLP)?

Answer 48

A system to recognize and protect critical data by enforcing usage policies

Question 49

How do DLP systems inspect data?

Answer 49

Using content inspection of transactions within approved contexts

Question 50

What happens when a DLP policy violation is detected?

Answer 50

The DLP agent reports it back to the DLP server

Question 51

What is port security?

Answer 51

Preventing unauthorized access to network devices through physical ports

Question 52

What is route security?

Answer 52

Trustworthiness of packets sent through routers preventing false route info

Question 53

How is broadcast storm prevention achieved?

Answer 53

By using loop prevention with the IEEE 802.1d spanning-tree protocol STP

Question 54

What does STP do?

Answer 54

Creates a hierarchical tree layout to prevent network loops

Question 55

What do file integrity monitors do?

Answer 55

Check files for unauthorized changes to detect malware and maintain compliance

Question 56

What is Quality of Service (QoS)?

Answer 56

Network technology that prioritizes bandwidth and resources for important traffic

Question 57

How does a network administrator use QoS?

Answer 57

Assigns order of packet handling and bandwidth for applications called traffic shaping

Question 58

What is network segmentation?

Answer 58

Dividing a network into logical groups to isolate sensitive data

Question 59

What is a VLAN?

Answer 59

A virtual LAN that segments devices into isolated logical groups

Question 60

What is a DMZ in network design?

Answer 60

A separate network outside a secure perimeter for untrusted outside users

Question 61

What is a jump box?

Answer 61

A minimal admin server that connects different security zones with restricted access

Question 62

What is load balancing?

Answer 62

Distributing network work evenly among devices to prevent overload

Question 63

Name advantages of load balancing.

Answer 63

Reduces overload optimizes bandwidth and enhances security

Question 64

How can load balancers improve security?

Answer 64

Detect and stop attacks hide error pages and remove server info

Question 65

What is the difference between stateless and stateful packet filtering?

Answer 65

Stateless checks packets independently Stateful tracks connection state and context

Question 66

Name three specialized firewall appliances.

Answer 66

Web application firewall WAF Next generation firewall NGFW Unified threat management UTM device

Question 67

What does a forward proxy do?

Answer 67

Intercepts internal user requests and processes them on behalf of the user

Question 68

What is the function of an intrusion detection system IDS?

Answer 68

Detects attacks as they occur

Question 69

What does an intrusion prevention system IPS do?

Answer 69

Attempts to block attacks

Question 70

What operations does a network hardware security module perform?

Answer 70

Cryptographic operations like key management key exchange and encryption

Question 71

What does an access control list ACL do?

Answer 71

Contains rules to allow or deny access to digital assets

Question 72

What does network access control NAC examine?

Answer 72

The current state of a device before network connection

Question 73

What is the purpose of data loss prevention DLP?

Answer 73

To recognize and protect critical organizational data

Question 74

How is broadcast storm prevention achieved?

Answer 74

Using spanning tree protocol STP IEEE 802.1d standard