Monitoring and Diagnosing Networks

Question 1

demilitarized zone (DMZ)

Answer 1

A network segment between two firewalls. Allows separation of public and private information on a network

Question 2

DMZ

Answer 2

demilitarized zone

Question 3

Honeypot

Answer 3

A fake system designed to divert attackers from your real system. Often has much more monitoring and logging to gather information on possible threats

Question 4

Honeynet

Answer 4

A network that functions the same as a honeypot

Question 5

Information security management system (ISMS)

Answer 5

A broad term that applies to a wide range of systems used to manage information security

Question 6

ISMS

Answer 6

information security management systems

Question 7

Intrusion detection system (IDS)

Answer 7

A system that monitors the network for possible intrusions and logs that activity

Question 8

IDS

Answer 8

intrusion detection system

Question 9

Intrusion prevention system (IPS)

Answer 9

A system that monitors the network for possible intrusions and logs that activity, then blocks the suspicious traffic

Question 10

IPS

Answer 10

intrusion prevention system

Question 11

Personally identifiable information (PII)

Answer 11

Any information that could identify a particular individual

Question 12

PII

Answer 12

personally identifiable information

Question 13

Software-defined network (SDN)

Answer 13

The entire network, including all security devices, is virtualized

Question 14

SDN

Answer 14

software-defined network

Question 15

Stateful packet inspection (SPI)

Answer 15

A firewall that examines each packet and remembers the recent previous packets

Question 16

SPI

Answer 16

stateful packet inspection

Question 17

ISO

Answer 17

International Organization for Standardization

Question 18

NERC

Answer 18

North American Electric Reliability Corporation

Question 19

NIST

Answer 19

National Institute of Standards and Technology

Question 20

Six phases of the IT security life cycle, according to NIST

Answer 20

1. Initiation
2. Assessment
3. Solution
4. Implementation
5. Operations
6. Closeout

Question 21

ISA/IEC-62443

Answer 21

Series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACSs)

Question 22

IACSs

Answer 22

industrial automation and control systems

Question 23

Payment Card Industry Data Security Standard (PCI-DSS)

Answer 23

Security standards used by Visa, Mastercard, American Express, and Discover

Question 24

PCI-DSS

Answer 24

payment card industry data security standard

Question 25

Three types of zones

Answer 25

- Secure zone - General work zone - Low security zone

Question 26

The three choices of wireless protection protocol (list from least secure to most secure)

Answer 26

WEP, WPA, WPA2

Question 27

Defense in depth

Answer 27

Security should be extended throughout the network, not just the perimeter; utilizes network segmentation

Question 28

Virtual local area network (VLAN)

Answer 28

A set of ports on a switch are configured to behave like a separate network

Question 29

VLAN

Answer 29

virtual local area network

Question 30

air-gap

Answer 30

When one or more systems are literally not connected to a network

Question 31

Control Diversity

Answer 31

Addressing a particular security concern with more than a single control or a single vendor

Question 32

Vendor Diversity

Answer 32

Utilizing several vendors to scan for threats and malware

Question 33

Types of controls

Answer 33

- Administrative - Technical - Physical

Question 34

Virtual private network (VPN)

Answer 34

A private network connection that occurs through a public network. Typically uses a tunneling protocol.

Question 35

VPN

Answer 35

virtual private network

Question 36

VPN concentrator

Answer 36

A hardware device used to create remote access VPNs. It creates encrypted tunnel sessions between hosts

Question 37

Where should you place a firewall in your network?

Answer 37

At the perimeter and every junction of a network zone

Question 38

Correlation engine

Answer 38

Applications that look at firewall logs and attempt to correlate the entries to understand possible attacks

Question 39

What security devices are best suited to be placed on the perimeter of the network?

Answer 39

- VPN concentrators - Proxies - DDos mitigator

Question 40

What devices are best placed in the network?

Answer 40

- Load balancers - Port mirroring - Network aggregation switches

Question 41

Firewall

Answer 41

One of the first lines of defense in a network. The basic purpose is to isolate one network from another

Question 42

Appliances

Answer 42

Freestanding devices that operate in a largely self-contained manner

Question 43

Three types of firewalls

Answer 43

- Packet filter - Proxy firewall - Stateful packet inspection firewall

Question 44

Packet filter firewall

Answer 44

Decides whether to pass a packet along based on its addressing information; the data of packet is not analyzed

Question 45

Proxy firewall

Answer 45

An intermediary between your network and any other network; examines data and makes rule-based decisions on whether it should be forwarded

Question 46

dual-homed firewall

Answer 46

A proxy firewall that uses two network interface cards (NICs), with one connected to the outside network and one connected to the internal network

Question 47

NIC

Answer 47

network interface card

Question 48

On what do stateless firewalls base their decisions?

Answer 48

The data that comes in the current packet

Question 49

On what does stateful packet inspection (SPI) filtering base its decision?

Answer 49

The entire conversation between client and server, using data from the current packet and all previous packets

Question 50

SPI

Answer 50

stateful packet inspection

Question 51

How do IPSs most ofter react to an intrusion that has been detected?

Answer 51

Blocks communication from the offending IP address. False positives tend to have an impact on this approach.

Question 52

FDE

Answer 52

full disk encryption

Question 53

self-encrypting drive (SED)

Answer 53

A drive with a controller chip built into it that automatically encrypts the drive

Question 54

SED

Answer 54

self-encrypting drive

Question 55

Media encryption key (MED)

Answer 55

The encryption key used in SEDs

Question 56

MED

Answer 56

media encryption key

Question 57

Key encryption key (KEK)

Answer 57

Used to lock or unlock a SED

Question 58

KEK

Answer 58

key encryption key

Question 59

Trusted platform modules (TPMs)

Answer 59

Dedicated processors that use cryptographic keys to perform a variety of tasks

Question 60

TPM

Answer 60

trusted platform module

Question 61

Hardware security modules (HSMs)

Answer 61

Devices that handle digital keys; can be used to facilitate encryption and authentification via digital signatures

Question 62

HSM

Answer 62

hardware security module

Question 63

Secure boot

Answer 63

A process where the BIOS or UEFI makes a cryptographic hash of the operating system boot loader. Used to prevent rootkits and boot sector viruses

Question 64

Root of trust (RoT)

Answer 64

A security process that must begin with some unchangeable hardware identity

Question 65

RoT

Answer 65

root of trust

Question 66

Faraday cage

Answer 66

Used to prevent or mitigate the effects of an EMI or EMP

Question 67

Recommended process for patch management

Answer 67

1. Read the description of the patch 2. Deploy the patch on a test system 3. Roll it out to a small number of live systems

Question 68

Principle of 'least functionality'

Answer 68

similar to 'least privilege'; a system should be configured and capable of doing only what it is intended to do and no more

Question 69

Application blacklisting

Answer 69

The process of listing blocked applications

Question 70

Application whitelisting

Answer 70

Listing of only the applications which can be downloaded

Question 71

Development environment

Answer 71

The environment in which the application is developed

Question 72

Test environment

Answer 72

Mimics a live environment and network to allow addressing of security issues

Question 73

Staging

Answer 73

Rolling out new software to sections of the network individually

Question 74

Sandbox

Answer 74

A test environment that is completely isolated from the network

Question 75

Secure baseline

Answer 75

The base requirements to meet for an application or software to be considered “secure enough” by an organization

Question 76

Integrity measurement

Answer 76

Monitoring a system to make sure it does not deviate from the secure baseline