Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Advanced Network Security > Lesson 9 > Flashcards

Lesson 9 Flashcards

1
Q

_________ are used to look for certain things in the application - layer payload; they can be used to qualify a Layer 3/4 class map, which identifies the Layer 3 addresses, the protocol, and the port numbers of the application involved.

A

Application layer class maps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Application layer class maps fall under two categories: _____ and ______ .

A

inspection class maps

regular expressions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When using MPF, you can inspect at the application layer by using the ________ command and/or by using the _________ command .

A

class-map type inspect

policy-map type inspect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Advanced Protocol Inspection (aka ______________ )

A

deep packet inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

App layer attacks:

A


Blocking .exe attachments

Prohibiting peer-to-peer file sharing

Setting limits on URL lengths (buffer overflow)

Prohibiting file transfer as part of IM sessions

Protecting web services by ensuring XML schema is valid

Resetting a TCP session if a string is known to be malicious

Dropping sessions with packets that are out of order (SIP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

class-map type inspect =

A

used to match criteria specific to an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

policy-map type inspect =

A

used to define special actions for inspection application traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

class-map supported apps

A

dns, ftp, h323, http, im , and sip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The _________ parameter specifies that all the match commands must be matched to classify the traffic and associate a policy to it

A

match-all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the _________ parameter specifies that only one match command has to be matched; if you omit it, the parameter defaults to match-all .

A

match-any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Inspection Class Map config

A

fw1(config )# class-map type inspect http match-any EXAMINE- PUT-AND-POST
fw1( config-cmap )# match request method put
fw1( config-cmap )# match request method post

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

policy-map supported apps

A

dcerpc , dns, esmtp, ftp, gtp , h323, http, im , mgcp , netbios, radius - accounting, rtsp, sip, skinny, and snmp .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Policy Map Example

A

fw1(config )# policy - map type inspect http OUTPOL
fw1( config - pmap )# match request header length gt 512
fw1( config - pmap - c )# log
fw1( config - pmap - c )# exit
fw1( config - pmap )# match request header length gt 1024
fw1( config - pmap - c)# reset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Regular Expressions

A

fw1( config )# regex

fw1( config )# class-map type regex match-any
fw1( config - cmap )# match regex

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If the policy is applied _______ , actions are applied to traffic in the ingress direction only

A

globally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If the policy is applied to a ________ , actions are applied to all traffic bidirectionally . All traffic that enters or exits is affected if the traffic matches the class map for both directions.

A

specific interface

17
Q

QoS policing and priority queuing are always applied in the _____ direction, whether on a specific interface or globally .

A

egress

18
Q

To display statistics on the traffic being inspected on the ASA , use the ____________command

A

show service-policy

19
Q

The DNS Guard function

A

enforces one DNS response per query is enabled by default.

20
Q

________ is used to provide a way for DNS records to be trusted by whoever receives them.

A

DNSSEC

21
Q

The key component of DNSSEC is the use of ____________ to ensure that DNS records are authentic. DNSSEC not only allows a DNS server to prove the authenticity of the records it returns. It also allows the assertion of “non - existence of records ”.

A

public key cryptography

22
Q

With DNSSEC, many DNS packets will exceed____bytes

A

512 bytes and may approach 4096 bytes.

23
Q

(THis is for what?)
message - length maximum client auto
message - length maximum 512

A

the message - length maximum client auto command allows the firewall to reference the EDNS packets to properly set the message - length size. Non - DNSSEC traffic will still reference the message - length maximum 512 command to filter DNS packet size accordingly

24
Q

id - randomization

A

Enables id - randomization to generate unpredictable DNS transaction IDs in DNS messages and protect DNS servers and resolvers with poor randomization of DNS transaction IDs

25
Q

id - mismatch count 10 duration 2 action log

A

Enable id - mismatch to count DNS transaction ID mismatches within a specified period of time and generate a syslog when the defined threshold has been reached.

26
Q

match header - flag RD

drop

A

Check for DNS query messages with the recursion desired (RD) flag set in the DNS header and drop those packets to avoid being used as a recursive resolver

Advanced Network Security (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions