Module 19 - Technologies and protocols Flashcards
(33 cards)
Which logging standard allows devices from various vendors to send event messages to a centralized log server?
Syslog
Which type of attack might target syslog servers to conceal data exfiltration or tamper with detection logs?
Blocking log transmission
Which port must be open on a syslog server to receive log messages from clients?
UDP port 514
Which syslog implementation enhances security against exploits targeting traditional syslog?
syslog-ng
Which protocol ensures synchronized timestamps across network devices to support accurate event correlation?
NTP (Network Time Protocol)
Which port does NTP use to synchronize time across network devices?
UDP port 123
Which technique allows attackers to hide data in DNS queries to evade security measures?
DNS data Exfiltration
Which encoded formats are commonly used in malicious DNS subdomains to mask stolen data? (3)
Base64, Hex and 8-bit binary
Which DNS request behavior may indicate the presence of hidden exfiltration activities?
Long, random looking subdomains
Which type of DNS service can detect and block communications to known CnC or exploit domains?
Cisco Umbrella
Which web protocol transmits all data in plaintext, making it vulnerable to interception and alteration?
HTTP
Which log source can analysts examine to detect anomalies in DNS request lengths and subdomain patterns?
DNS proxy logs
Which method allows security appliances to inspect encrypted HTTPS traffic for threats?
SSL decryption and inspection
Which common attack involves inserting hidden malicious content in a webpage that redirects browsers to malware?
iFrame injection attack
Which protocol protects HTTP traffic during transmission by encrypting it with SSL/TLS?
HTTPS
Which email protocol is used to send data between mail servers and can be exploited for data exfiltration?
SMTP
Which email protocols are commonly used to download messages from a server and may deliver malware attachments?
POP3 and IMAP
Which protocol is used for diagnostic and control messages but can be exploited for mapping, DoS, or tunneling?
ICMP
Which exploit method uses crafted ICMP packets to covertly transfer data from a compromised system?
ICMP tunneling
Which network control mechanism filters traffic based on IPs, protocols, and ports but can create a false sense of security if overly relied upon?
ACLs
What are some ways attackers can bypass ACLs by manipulating protocol traffic?
By spoofing IP address
Which popular P2P application uses distributed ledger sharing and is commonly associated with cryptocurrency transactions?
Bitcoin
Which security solutions can address limitations of static ACL-based filtering by using behavior and context-based analysis?
Cisco AMP (advanced malware protection)
Which version of NAT allows many internal devices to share one public IP by assigning unique source port numbers?
PAT (Port address translation)
