Part 2 Flashcards
(151 cards)
1
Q
What are networking devices that forward, filter, and flood packets between networks?
A
Routers
2
Q
What is the feasibility of a path?
A
Cost
3
Q
What is the first line of defense for the network?
A
Routers
4
Q
What measures the distance based on number of networks a packet transverses?
A
Hop
5
Q
What measures amount of bits per second capacity of each link in packet’s path?
A
Bandwidth
6
Q
What measures amount of microseconds that the routers within the path take to process, queue, and transmit packets?
A
Delay
7
Q
What measures the amount of attached links, link failures, errors, and lost packets, within the path?
A
Reliability
8
Q
What exchange routing information from WAN to WAN?
A
Exterior Gateway Protocols
9
Q
What is a link state routing protocol that calculates the shortest path to all destinations by lowest cost?
A
OSPF
10
Q
What determines the path by using a combination of distance, or cost of reaching a destination, and the vector (interface that the traffic from which it will be forwarded) distance uses hop count as metric variable work by having each node share routing table information with its neighbors
A
Distance Vector Protocols
11
Q
What is the original distance vector routing protocol used on smaller networks 15 hops or less?
A
Routing Information Protocol (RIP)
12
Q
What is an upgraded version of the original distance vector protocol that includes additional information carried in RIP messages and the addition of security measures?
A
RIP version 2
13
Q
What is the most commkn hybrid protocol?
A
EIGRP - Enhanced Intererior Gateway Protocol
14
Q
What is a Exterior Gateway Protcol that provides interdomian routing between autonomous systems (ASs)?
A
Border Gateway Protocol (BGP)
15
Q
What is an EXEC command used to display information about open Telnet or rlogin connections?
A
Show sessions
16
Q
What are three modes for Port Security?
A
Protect mode
Restrict mode
Shutdown mode
17
Q
What is propriety protocol that can only be used with other cisco routers and switches?
A
Cisco Discovery Protocol CDP
18
Q
What allows ping and is vulnerable to DDOS attacks?
A
ICMP
19
Q
What allows router to inform hosts of subnet mask information for a particular network segment?
A
ICMP Mask Reply
Most cisco routers are set by default to not send ICMP mask replies but explicitly using this setting in the config file alleviates doubt and makes auditing the router easier
No ip mask-reply
20
Q
What are 4 default TCP and UDP services enabled (Small servers)?
A
Echo
Chargen
Discard
Daytime
No service tcp-small-services
No service udp-small-services
21
Q
What ensures timely detection of connection failures by monitoring TCP sessions and helps prevent DOS attacks that are aimed at maxing out available VTP lines with fraudlent sessions?
A
Keep alives
Service tcp-keepalives -in
Enables this service
22
Q
Where can I find router config help commands
A
Share drive routeracl.txt
23
Q
What kind of ACLs are used in the fleet?
A
Extended
24
Q
What are a group of statrments that define the handling of network packets?
A
ACLs
25
What do ACLs consist of?
Entering the inbound router
Being relayed through the router
Exiting the outbound router interface
26
What provides packet filtering for routers and firewalls to protect internal networks from internet and unprotected networks?
ACLs
27
What are parsed in sequential or logical form in order from top to bottom?
ACLs
28
What mode is an ACL created in?
Global Configuration Mode
29
What type of ACL is placed closest to the source of traffic?
Extended
30
What type of ACL is placed closest to the target?
Standard
31
What range is a Standard ACL?
1-99
| 1300-1999
32
What range is an extended ACL?
100-199
| 2000-2699
33
What are the classes of networks?
```
A - 1-126
B - 128-191
C - 192-223
D - 224-239
E - 240-255
```
34
What is the inverse of a subnet mask?
Wild card which indicates what part of the network is available.
35
How many TNOSCs are there?
3
Yokosuka
Naples
Bahrain
36
How many Local Network Service Centers (LNSCs)?
11
| Asia and Europe
37
What services does the FLTNOC provide?
```
Email
Web Cache
Domain Name Service
File Transfer Protocol
Back Up and Restore
Noc to Noc N2N fail over
DISN Defense Information Security Network
```
38
Severity code 1 for securing virtualization means what?
Someone or something has immediate access to the machine
39
Severity code 2 for securing vitualization means what?
There is a high potential of allowing access to an intruder
40
Severity code 3 for securing virtual infrastructure means what?
Information has been found that there is a potential leading to a comprimise
41
Where is NCDOC based?
Suffolk
42
What is the Navy's Cyber Security Service Provider?
NCDOC
43
What manages the roll up of sensory data throughout the fleet including ships, submarimes, and other shore activities?
NCDOC
44
What provides CND for secure DISN connectivity?
NCDOC
45
What partitions the server's physical resources?
VMKernel Resource Manager
46
What is refered to as a hypervisor?
Virtual Machine Monitor
47
What is the core vSphere OS?
VMKernel
48
What is INFOCON 1?
Security baseline must be re established every 15 days and off line drills conducted every 15 days
49
What is INFOCON 2?
Security baseline must be re established every 30 days and off line drills conducted every 15 days
50
What is INFOCON 3?
Security baseline must be re established every 60 days and off line drills conducted every 30 days
51
What is INFOCON 4?
Security baseline must be re established every 90 days and off line drills conducted every 60 days
52
What is INFOCON 5?
Normal operations
53
What does RADIUS protocol stand for?
```
Remote
Access
Dial
In
User
Service
```
protocols sent to AAA server for log generation
54
What are Audit trials used for?
Evidence and non repudiation
55
What checks the source address of routed IP packets and compares it against the statement defining the ACL?
Standard ACL
56
What gives permit or deny access for entire protocol suite (e.g. IP) based on network(s), subnet, or host addresses?
Standard ACL
57
What is aethod used to reduce the number of entries in an ACL and can create ACL and apply to all 16 IP subnets but must be in sequential order?
ACL summarizarion
58
What is used to handle synchronization of time and ensures captured logs are accurate?
Network Time Protocol - NTP
59
What are three types of logs on Cisco routers?
AAA
SNMP
System
60
What are the severuty codes for Cisco Logs?
```
0- emergency
1-alerts
2-critical
3-errors
4-warnings
5-notifications
6-informational
7-debugging
```
61
What are the 5 different ways you can view logs?
```
Console logging
Terminal line logging
Buffered logging
Syslog logging
SNMP Trap Logging
```
62
Cisco routers timestamp must be explicitly turned on
/etc/syslog.conf
1 set
Set host
#service timestamp log date msec local show time-zone
63
What is a routers first line of defense?
Physical security
Remote access should be limited to authenticated logins or disabled. If you have disabled remote logins, the connection should be refused.
64
What are the two types of Firewall policies?
Hardware
| Software
65
What is the most common and effective way to implemement a security domain (protected domain)?
Place a firewall at the boundary
66
What type of firewalls are layer 2 and function at the Network Access layers and monitor Network layer traffic also called "bridging" because it acts as a filtering bridge between data link and network layers?
Transparent firewalls
67
What type of firewalls operate on the Application layer of the TCP/IP model session layer on the osi model where traffic flows from the internal host to the circuit level firewall before it is permitted or denied?
Circuit Layer Firewall
68
What type of firewall is based on packet header at the Network and Transport layer?
Stateless firewall
69
What type of firewall keeps track of individual connections by maintaining a state table for each connection?
Stateful firewall
70
What allows all traffic to pass through except if its explicitly blocked?
Permissive
71
What restricts all traffic unless its explicitly allowed?
Restrictive
72
What is a networks first line of defense to protect against external threats for an organizations network, that filters and forwards traffic?
Firewalls
73
What filters information based on network, transport, and application layers and can monitor and filter application data based on a list of accessed websites and can provide detailed logging including "when", "what", and "who" data
Application Layer Gateway (Proxy Servers)
74
What is the Juniper OS called?
Junos
| Powers most Juniper Network routing and switching appliances similar to unix and linux
75
What are permission sets referred to as?
User Login Classes
76
What are 4 predefined classes and their permission bit sets?
Operator -clear, network, reset, trace, view
Read only - view
Super-user and superuser -all
Unauthorized - none
77
What mode allows the administrator to view and edit configuation changes?
Configuration mode
78
Root>edit system
Root@# set host-name vella
Root@#commit
Vella@#
Changing router name juniper
79
What is an older network protocol that ensures loop free topology for any bridged ethernet local area network
Spanning tree protocol
Rstp
Vstp
80
How often does NCDOC release IP block lists and dns black hole lists
Quarterly
81
What commands do you use to troubleshoot router connectivity problems network layer
Nslook up
| Dig
82
Where are the routers startup config file stored?
Onboard nvram
83
What are 3 critera for each request?
1. Source and destination burb
2. Source and destination network object
3. Type of connection agent
84
What is a juniper firewall product that provides deep inspection of traffic at network and application layers
Netscreen
85
What system offers self defense fot computer networks by implementing security to allow, deny, and filter network traffic?
Macafee Firewall Enterprise
86
What are two types of policies
Intra zone traffic traverse
| Inter zone traffic ttaverse between different zones
87
What is a highly scalable ranging the low range model through content filtering
Pix 500 series firewall
88
Once macAfee is installed it is a component of HIPS
Host based security scan
Hbss
Yes.
89
Ship networks have ISA server zone to act as proxy server functions as a immediary between interior and exterior networks
Proxy Servers
90
Firewalls rules:
Allow by default
Deny by default
Permits all services unless explicitly denied
| Denies all services unless permitted
91
When explicit internal or external ip addresses / ports or entire protocols are to be blocked a denial exception rule is created and not relying on deny by default rule
Yes
92
What contains specific information including IPs, DOAs, protocols?
ISA firewall policies
*System created rules cannot be disabled *
93
What are initially implemented during installation and configuration of the isa server?
ISA firewall rules
*Any changes must be put forth by a FAM or SPAWAR *
94
What exist at outer boundaries of the network and are therefore vulnerable to attack?
Firewalls
95
What blocks, deflects, and mitigates attacks before they make it to the LAN?
Firewalls
96
What do we call people who use readily available tools from the internet?
Script kiddies
97
What are 3 ways to find unnecessary running programs or services?
Netstat -a
TCP utility program that is used to display network port connection status
Nessus - approved navy scanning tool which can perform an external port scan to identify active or listening ports
Isof-ia
A public domian program which lists all open files and their resource usage
98
System admins conduct pen testing to ensure there are no holes in the firewall by
Ensuring rules and rule sets adhere to Navy security policy and they are in proper sequence
Conduct a port scan to verify that all unnnecessary ports and services are disabled
99
What provides evidence, problem diagnosis, security information, intrustion detection, audits and response to critical events and troubleshooting?
Logging
100
```
What contains basic information such as:
Service/ application
Port
Protocol - the protocol used for the communication
Destination and source IP
```
Log files
101
What operates based on a set of configuarable rules most general rules most specific at top "allow"
Top down
HIPS
102
What are 3 types of iSA server logs?
Packet filtering log- dropped packets
Firewall log- traffic handled, ip, ports, protocols
Web Proxy Log- primary log used, web usage pull trend
103
What provides administrators a log of configuration changes made to the isa server?
When reviewing alerts you must perform log anaysis to determine if an actual event has occured
ISA Server Change Tracking
104
What is useful for determining what is communicating over the internet and how it is being accessed?
Application Usage Log
105
What provides an overall picture of traffic flowing through the ISA server?
Traffic and utilization reports
106
What draws from all service logs, packet filter, web proxy, and firewall service?
Security Reports
107
What could indicate unauthorized traffic is being passed and host might be infected?
If a user shows up high on dropped packets often
108
AAA framework provides access to assets in a controlled manner by 3 ways:
Authentication
Authroization
Accounting
109
What is typically a human but can be an application or service?
User
110
How does AAA assign accountability
GUID SSID assigned user serialized security identifier to track an account
111
What are framework services that provide for distribution control tracking and destruction of pki?
NCVI
112
Navy
NCVI, Cisco ACS, Microsoft IAS
113
What is a public key or digital signature electronic document that contains a users identity, a public key, a validity period and issuing security authority in the Navys case a DOD Certificate Authority
What is a credential / certificate
114
What is the process of determining whether an already identified and authenicated user is allowed to access information resources in a specific way
CA
| Raduis
115
Microsoft IAS server
Provides the RADIUS solution required to authenicate users on both the cisco routers and alcatel switch infrastructure
IAS will leverage the COMPOSE Domain Active Directory database for user validation
Impersonation- run as administrator
116
What is when a user is who they claim to be?
Authentication
117
What is evidence given by a user attempting to verify an identity?
Credential
118
What is the process of providing an entity's user identification to the security system?
Identification
119
What is a CA
Party in authentication process that stores the user credentials and provides the mechansizm
120
In defualt state also sends conplete username and password in clear txt
Pop3
121
3 types of proof
Knowledge
Possession
Inheritance
122
Whats also called a security database?
Security Authority
123
What is an electronic document that uses a digital signature to bind a public key with an identity?
Certificate
124
What is an organization or system that creates, distributes, stores, and validates digitally created signatures and identity information about machines, individuals, and services?
CA
125
Downfalls of 3 factor identification?
Cost, reducing accountability
126
What is the process by which both requestor and target entity must fully identify themselves before communication or access is allowed?
Mutual Authentication
| Online banking
127
3 types of role based security modern access control
MAC
RBAC
DAC
128
What is a group that a user is assigned
Role
129
If what fills up, and the system is unable to record the monitoring info for unauthorized activities it should not continue operating but should default to safe/secure posture pending proper retrieval / storage / archive of audit data
Audit log
130
What should be reviewed weekly at a minimum per secnav m 52101.1 chapter 2
Audit trail logs or summary reports
131
Why do we need two Intel Security Firewall Enterprise units
Load balancing
| High availability
132
How can you access FECC
Only from authorized SOC workstations
133
System Audit logging must be enabled where?
In the devices global configuration and in each virtual domain
134
What is an enterprise class management tool for creating and applying security policies across multiple firewalls?
Intel Security FECC
135
A VPN protocol that allows for both authentication and encryption of IP packets
IP Sec Policy
136
What can create host to host and site to site VPNs, allowing for secure communications over an encrypted medium?
IP Sec Policy
137
What is a robust encryption that uses policy to determine "interesting" traffic
IP Sec Policy
138
What traffic does not traverse IPSEC Tunnels
Broadcast
139
What is hosted on a seperate physical DELL server running RHEL 6
LRS
| Log retention server
140
What cannot easily provide Quality of Service for video and voice communications or multi gigabit speeds due to processing requirements?
VPNs
141
What is a solution for secure network connectivity between NCDOC, ONE NET, and IT21 using Internet Protocol Secure Virtual Private Network?
Global Out of Bound OMG
142
What is used to copy logs and changes to log files from the LogLogic applicance to the LRS?
RSYNC
RSYNC is an open protocol widely supported across many platforms. The protocol only copies changes which greatly minimizes the amount of data travelling over the network.
143
What wireless IEEE authentication framework was originally for wired networks and provides port based network access?
802.11x series
144
What functions in 2 layers
Base layer TKIP
Countermode CBC MAC (CCMP) and allows data privacy integrity and authentication?
WPA2
802.11i
Surpasses previously mentioned wpa standards and utilizes Authentication Encryption Standard (AES)
145
What is an encryption and authentication standard utilizing dynamic encryption by key generation?
WPA
146
What does not provide an authentication method or mechanism?
WEP
147
What has these two benifits:
Only the trusted systems can resolve all internal system names
External users can resolve only information that external sites require for specific reasons
Split DNS
148
What allows the service to run as a dedicated user instead of the root or super user account?
Chuser
149
What associates to access points by SSID not by IP or MAC Address of the access point?
Wireless Devices
150
What have multiple advantages such as ease of installation, configuration, flexibility, scalability and mobility?
WLANs
151
What type of attack uses a MAC of an unauthorized device is changed to the MAC of a legitimate wireless device allowing it to bypass MAC filtering?
Impersonation Attack
