Module 6 - Network Security Infrastructure Flashcards by Amogelang Rapholo

Which system enforces an access control policy between internal and external networks by inspecting and filtering traffic?

A firewall

How well did you know this?

Not at all

Perfectly

What characteristic of firewalls ensures that they can withstand and operate during network-based attacks?

Firewalls are resistant to network attacks

How well did you know this?

Not at all

Perfectly

In a standard firewall setup, what happens to traffic that originates from the untrusted public network and targets the private network?

It is blocked by default

How well did you know this?

Not at all

Perfectly

In a private/public firewall model, what type of traffic is generally allowed if it originates from the trusted inside network?

Outbound traffic and return traffic associated with it

How well did you know this?

Not at all

Perfectly

Which component is the only transit point between an internal corporate network and external networks in a properly secured architecture?

A Firewall -{all traffic flows through it to enforce access control.}

How well did you know this?

Not at all

Perfectly

Which firewall type is most commonly used today due to its versatility and ability to track active connections?

A stateful firewall

How well did you know this?

Not at all

Perfectly

Which key role of firewalls ensures that traffic complies with defined security rules before entering or exiting a network?

Enforcing Access Control Policy

How well did you know this?

Not at all

Perfectly

What performance-related drawback can firewalls introduce to a network?

Slow network performance due to traffic filtering and inspection

How well did you know this?

Not at all

Perfectly

What tactic might attackers use to bypass firewalls by hiding unauthorized content inside seemingly safe data?

Tunnelling

How well did you know this?

Not at all

Perfectly

Which two interfaces typically define a basic firewall architecture, separating trusted and untrusted zones?

Inside interfaces (Private network) and Outside interfaces (Public interfaces)

How well did you know this?

Not at all

Perfectly

Which firewall design introduces a third interface used to host public-facing services separately from the private network?

A DMZ (Demilitarized zone) architecture

How well did you know this?

Not at all

Perfectly

Which traffic direction is typically blocked entirely in a DMZ firewall design for security reasons?

Traffic from the public network to private network

How well did you know this?

Not at all

Perfectly

Which firewall model allows grouping interfaces into logical units with similar policies for easier management?

A ZPF (Zone based Policy Firewall)

How well did you know this?

Not at all

Perfectly

Which special zone in a ZPF includes all IP addresses of the router itself?

A self zone -{it covers traffic to and from the router.}

How well did you know this?

Not at all

Perfectly

By default, how does a ZPF handle traffic directed to or from the self zone?

Traffic must be explicitly permitted

How well did you know this?

Not at all

Perfectly

Which firewall uses simple policy table lookups to permit or deny traffic?

A Packet filtering (stateless) firewall.

How well did you know this?

Not at all

Perfectly

Which firewall type filters traffic using only Layer 3 and Layer 4 information ?

A packet filtering (Stateless) firewall

How well did you know this?

Not at all

Perfectly

Which type of firewall can be used to block a specific application port, such as SMTP on port 25, from a certain device?

A packet filtering (stateless firewall)

How well did you know this?

Not at all

Perfectly

Which type of firewall maintains a state table to track active connections and makes decisions based on session context?

A stateful firewall

How well did you know this?

Not at all

Perfectly

Which two OSI layers are examined by stateful firewalls in addition to maintaining connection context?

Layer 4 and Layer 5

How well did you know this?

Not at all

Perfectly

Which type of firewall uses a proxy to relay client requests to external servers, effectively hiding the client’s identity?

An Application Gateway firewall (Proxy firewall)

How well did you know this?

Not at all

Perfectly

Which OSI layers are filtered by an application gateway firewall?

Layers 3, 4, 5 and 7

How well did you know this?

Not at all

Perfectly

Which firewall class adds intrusion prevention, application awareness, and future-proofing features beyond stateful filtering?

A NGFW (Next generation Firewall)

How well did you know this?

Not at all

Perfectly

Which firewall type intercepts all traffic between a client and server and performs filtering in software?

An Application gateway firewall (Proxy firewall)

How well did you know this?

Not at all

Perfectly

What type of firewall includes the ability to detect and block risky applications based on application awareness?

A NGFW (Next generation Firewall)

Which firewall type can incorporate new threat intelligence feeds over time to adapt to evolving threats?

A NGFW (Next Generation Firewall)

What term describes a firewall that is implemented as software on an individual device such as a PC or server?

A Host based Firewall

Which firewall type filters IP traffic transparently between two bridged interfaces without the endpoints knowing?

A transparent firewall

Which type of firewall can inspect traffic without being seen as a separate network hop by the endpoints?

A transparent firewall

Which network security systems are deployed at network entry and exit points to detect and respond to malicious traffic?

IDS & IPS (Intrusion Detection and Intrusion Prevention Systems)

What kind of firewall setup combines features from multiple firewall types into one system?

A hybrid firewall

Which OSI layer is specifically targeted by proxy firewalls but is not filtered by stateless or purely stateful firewalls?

Layer 7 ( Application layer)

What type of detection pattern consists of a single packet matching a known malicious signature?

An atomic signature pattern

Which system is considered more scalable and actively blocks malicious traffic: IDS or IPS?

IPS

Which system sends alerts but allows traffic through, rather than actively blocking it?

IDS

What term describes the act of an IPS discarding malicious traffic before it can cause harm?

Killing it (sending it to the bit bucket)

What type of pattern detection relies on analyzing multiple packets to identify an attack?

An composite signature pattern

Where is logging information sent after malicious traffic is detected and blocked by an IPS?

A Network security management console

Which IPS type offers operating system and application-level protection for a single host?

HIPS (Host based intrusion Prevention systems

What mechanism does an IPS use to detect known types of misuse or attacks in traffic?

Signatures

Which type of intrusion prevention system runs software on individual devices to protect their internal processes and OS?

HIPS (Host based Intrusion Prevention System)

What kind of IPS implementation enables real-time response by immediately discarding malicious packets?

An In-line IPS

Which IPS type must be installed on every endpoint and must support the host’s operating system to be effective?

HIPS (Host Based Intrusion prevention system)

Which system is deployed offline and does not affect latency, jitter, or traffic flow?

IDS

Which system drops malicious packets in real time, potentially stopping the attack?

IPS

Which system, if overloaded or malfunctioning, may introduce latency and jitter into the network?

IPS

Which IPS type uses sensors placed at strategic network points to monitor and respond to activity in real time?

Network based intrusion prevention systems

Which Cisco solution provides advanced malware analysis and protection throughout the entire attack continuum—before, during, and after an attack?

Cisco AMP (Advanced Malware Protection)

Which Cisco security solution uses Talos threat intelligence to correlate and detect malware threats in real time across a global network?

Cisco AMP (Advanced Malware Protection)

Which Cisco gateway solution automatically blocks risky websites and tests unknown ones before granting user access?

Cisco WSA (Web Security Appliance)

Which Cisco product protects web traffic within the network but requires additional solutions to secure remote users at public Wi-Fi?

Cisco WSA (Web Security Appliance)

Which cloud-based Cisco service works with WSA to provide full malware protection for remote employees?

Cisco CWS (Cloud Web Security)

Which appliance provides email threat mitigation and includes features like spam filtering, outbound message control, and malware defense?

Cisco ESA (Email Security Applicance)

Which system uses a combination of outer-layer and inner-layer filtering to block unwanted email effectively?

Cisco ESA (Email Security Appliance)

Which security mechanism uses packet header information to determine whether to forward or drop traffic on a network device?

An ACL (Access Control Lists)

Which configuration can limit unnecessary traffic such as video streams to improve network performance according to policy?

ACLs (Access Control Lists) configured to block certain traffic types

Which ACL type permits or denies packets based only on the source IPv4 address?

A Standard ACL (Access Control List)

Which ACL type allows filtering based on protocol, source/destination IP addresses, and TCP/UDP ports?

Extended ACLs (Access Control Lists)

Which ACL type does not consider the destination IP or any port information when filtering traffic?

A standard ACL (Access Control List)

Which ACL identifier type does not reveal the purpose of the ACL, though it helps determine ACL type?

A Numbered ACL

Which ACL identifier type provides context for the ACL's function and is easier to manage?

A Named ACL

Which ACL feature allows traffic filtering messages to be logged when matches occur?

ACL logging

Which feature logs a message when a packet matches a permit or deny condition in an ACL?

ACL logging

Which ACL application ensures that only return traffic from an existing session is allowed into the network?

ACLs filtering for established TCP sessions using RST/ACK bits.

Which ACL configuration is best suited for smaller networks with homogenous traffic where the ACL purpose is easily inferred?

Numbered ACLs

What does a standard ACL evaluate to determine whether to permit or deny a packet?

The source IPv4 Address

Which protocol allows administrators to manage and monitor devices like routers, switches, and servers across an IP network?

SNMP (Simple Network Management Protocol)

Which SNMP system component runs management software and issues get/set requests to monitored devices?

A SNMP (Simple Network Management Protocol) Manager

Which SNMP component resides on monitored devices and maintains operational data?

A SNMP (Simple Network Management Protocol) Agent

Which database on an SNMP agent stores the device’s statistics and operational parameters?

A MIB (Management Information Base)

Which SNMP action allows a manager to retrieve information from an agent?

The "get" action

Which SNMP operation is used by the manager to change settings on a monitored device?

The "set" action

Which SNMP feature allows agents to send unsolicited alerts to managers?

traps

Which layer of the OSI model does SNMP operate at?

Layer 7 (Application Layer)

Which Cisco technology collects statistics on IP packet flows for traffic analysis and monitoring?

Netflow

Which data destination receives flow statistics collected by NetFlow?

A Netflow collector

Which four fields used by original NetFlow help uniquely identify a connection between two applications?

Source and Destination port, Source and Destination IP address

Which NetFlow field provides quality-of-service markings from the IP header?

ToS (Type of Service)

Which tool captures packets entering and exiting a device's NIC, often used for network monitoring and troubleshooting?

A packet analyzer

Which switch feature allows duplication of selected traffic and sending it to a monitoring port?

Port Mirroring

Which protocol allows devices to send detailed event messages to a centralized logging server?

Syslog

What is the primary benefit of a syslog server in a network infrastructure?

Centralized collection and management of system messages

Which two general methods are available to configure time on network devices?

Manual configuration or using NTP (Network Time Protocol)

Which protocol allows devices to synchronize their clocks with a time server?

NTP (Network Time Protocol)

What is a group of NTP clients synchronizing time from a single source called?

NTP Hierarchy or NTP synchronized group

Which two types of time sources can NTP servers synchronize with?

A private primary clock or Public NTP server

What hierarchical system does NTP use to organize time sources?

Stratum levels

What do we call the number that shows how far away a device is from the original time source?

A stratum number

What is a stratum 0 device in NTP?

The authoritative time-keeping device (atomic clock)

Which stratum level is directly connected to a stratum 0 device?

Stratum 1

What role do stratum 1 devices play in NTP networks?

They act as the primary NTP (Network Time Protocol) servers.

What does a stratum value of 16 indicate about an NTP device?

The device is unsynchronized

What is the maximum valid stratum number in an NTP system?

Stratum 15

Which devices are typically stratum 2 or higher in an enterprise NTP topology?

NTP clients and intermediary devices

Which AAA component defines what resources an authenticated user can access and what actions they can perform?

Authorization

Which AAA component is responsible for verifying a user's identity before granting access?

Authentication

Which AAA component logs user activity, including accessed resources and duration of access?

Accounting

Which AAA process would determine that a user can only access serverXYZ using SSH?

Authorization

Which protocol combines authentication and authorization, making it less modular than its alternative?

RADIUS

Which AAA process would record that a user accessed serverXYZ using SSH for 15 minutes?

Accounting

Which benefit does AAA provide to network access management?

Provides centralized control of user access and permissions

Which protocol uses TCP, encrypts the entire packet, and is considered more secure?

TACACS+

Which authentication protocol encrypts only the password and uses UDP as its transport protocol?

RADIUS

Which AAA protocol is mostly supported by Cisco devices?

TACACS+

Which AAA protocol allows per-user or per-group router command authorization?

TACACS+

Which challenge/response mechanism does TACACS+ use for authentication?

Bidirectional challenge and response like CHAP

Which protocol offers more extensive accounting capabilities?

RADIUS

Which AAA protocol is better suited for high compatibility across various vendors and devices?

RADIUS

Which network type allows secure communication over a public network using virtual connections instead of physical ones?

A VPN (Virtual Private Network)

What protocol suite provides authentication, integrity, access control, and confidentiality for secure IP communications?

IPsec

Which AAA protocol offers more customization of security features but limited accounting?

TACACS+

Which VPN tunneling protocol developed by Cisco can encapsulate multiple network layer protocol types?

GRE (Generic Routing Encapsulating)

Which VPN protocol supports both authentication and encryption, unlike earlier tunneling protocols like GRE?

IPsec

What early tunneling protocol did not include authentication or encryption but created IP tunnels between routers?

GRE (Generic Routing Encapsulation)

Which VPN protocol allows any-to-any connectivity between multiple sites using labels instead of IP addresses?

MPLS (Multiprotocol layer switching)

Which suite of protocols is backed by the IETF to support secure IP-based communications?

IPsec

Which layer of the OSI model do GRE and IPsec VPNs operate at?

Layer 3

Module 6 - Network Security Infrastructure Flashcards

(117 cards)