Section 3

Question 1

What are firewalls

Answer 1

a barrier that intercepts and inspects traffic moving from one area of the network to another and either allows it or denies it

Question 2

What is a packet filter

Answer 2

a firewall that operates at Layers 3 and 4 of the OSI network model. That equates to the IP address L3 and the TCP or UDP port number L4. denies or allows based on:

Protocol (typically IP)
Source IP Address
Destination IP Address
Source TCP or UDP port number
Destination TCP or UDP port number

These firewalls are only concerned with the address label (header) of the packets and perform no level of inspection on the contents of the packet (the payload).

Question 3

What is a circuit-level gateway

Answer 3

a device that operates as a middleman between two or more systems to help conceal the true identity of the client and server. The gateway may change the IP address and the TCP/UDP port number of the traffic to allow two networks to communicate that otherwise could not (for example, your home network and the internet).

Question 4

What are stateful inspection firewalls

Answer 4

A stateful firewall tracks the state of network connections, and uses this information to automatically permit response traffic from an already allowed session to flow back to the sender. This reduces the need for creating individual rules for each connection and each direction of traffic flow. Instead, you only need a rule that allows the initial establishment of a session.
They works at L3, L4, and L5 of the OSI model

Question 5

What do the 2 different VLAN port modes do

Answer 5

access mode (untagged) ports are used by servers and workstations and are assigned to a single VLAN

Trunk mode (tagging) ports are used for the ports which interconnect multiple switched or routers and carry the traffic of multiple VLANs

Question 6

What is port redirection

Answer 6

network administrators redirect a commonly known port number such as TCP port 80, which runs HTTP, to a less expected port number such as TCP port 8080, in hopes of obscuring or hiding the fact that the computer is running a web server.

Question 7

What is an SQL Injection attack and what is a possible security solution

Answer 7

Layer 7 attack where code is injected into a server. To mitigate, use a reverse proxy system that is able to scan the incoming packet for malicious behavior instead of simply forwarding the malicious payload to the destination. An IPS will also work.

Question 8

What is an Man-in-the-middle attack and what is a possible security solution

Answer 8

Layer 6 where attacker is able to see everything the victim does without encryption. Many of these attacks can be mitigated using an Application-layer proxy or an IPS, though training the users about fake security certificates is equally important.

Question 9

What is an RPC attack and what is a possible security solution

Answer 9

Layer 5 attack that allows attacker to execute functions and procedures on other computers. with regular operating system and application patching, you can mitigate most of these attacks.

Question 10

What is a Port scanner and what is a possible security solution

Answer 10

Layer 4 attacks which allows the attacker to scan the victim’s computer for open ports that they could later attack. A packet-filtering firewall is an appropriate defense against port scanners.

Question 11

What is an Ping sweep attack and what is a possible security solution

Answer 11

Layer 3 attack sends pings to a large number of IP addresses to detect which computers are online and may, therefore, be susceptible to other attacks. Fortunately, these attacks can be easily mitigated by using a packet-filtering firewall.

Question 12

What is VLAN hopping and what is a possible security solution

Answer 12

Layer 2 attacks which an attacker can join a network that would normally not be available to them. The good news is that this attack can be mitigated by following the switch vendor’s recommendations for VLAN configuration, as well as by designating all computer switch ports as access mode instead of trunk mode.

Question 13

What is an Wiretapping and what is a possible security solution

Answer 13

Layer 1 threat which involves tampering with the physical cables of a victim’s network. Copper-based wiring, such as Category 6 cabling, is susceptible to electronic sniffing or listening devices because the electrons flowing through the cables create a perceptible electromagnetic field (EMF). Physical security will protect against this attack

Question 14

What is symmetric key encryption

Answer 14

also known as private key encryption, uses the same key to encrypt the data as it does to decrypt the data, meaning that when used for data transmission, both sender and receiver need the same key

Question 15

What does a key management system (KMS) do

Answer 15

generates a key to encrypt data, and then generates a master key to encrypt the key stored with the data. The master key does not leave the KMS

Question 16

How is the master key of a KMS protected

Answer 16

by encrypting the master key with another key, and then encrypting it again with another key through the key encryption hierarchy

Question 17

What is asymmetric key encryption

Answer 17

uses PKI to encrypt and decrypt. Retrieve the receiver’s public key, encrypt the message, and then the receiver can decrypt with their private key

Question 18

How is a key pair generated

Answer 18

created using an algorithm that enables one key to decrypt ciphertext that the other key has encrypted. Once the pair is created, the public key is published to a public repository, whereas the private key is kept secret by the owner of the key.

Question 19

What is end-to-end encryption

Answer 19

when the data is both encrypted in transit and at rest

Question 20

How does SSL/TLS encryption work in an example of a client sending a request to a server

Answer 20

Operates at layer 6. First starts off with the server sending the client a digital certificate to verify authenticity. Then, the client sends a pre-master secret which is used to generate the symmetric key, and then encrypts it with the server’s public key and sends it. The server decrypts it, and the same symmetric key is generated. Asymmetric encryption has done it’s job by protecting over an insecure network, and now symmetric encryption for each message is in use since it is more efficient.

Question 21

What is IPsec

Answer 21

encryption solution that secures IP network traffic at Layer 3 of the OSI model. Commonly used to create VPN tunnels. Mostly for site-to-site configurations but can be used for client-to-server. By terminating the encryption on a network device instead of a client computer or server, the computers are freed from the burden of encrypting and decrypting their traffic when communicating across the tunnel.

Question 22

What is IPsec composed of

Answer 22

Authentication Header (AH) protocol, which provides data integrity for the connection, the encapsulating security payload (ESP), which provides encryption for the connection, and the security associations (SA), which define the algorithms to be used and the key exchange method.

Question 23

What type of encryption is best for larger data transfers and speed

Answer 23

symmetric key algorithms

Question 24

What is a data encryption key (DEK)

Answer 24

the key used to encrypt and decrypt your data. stored in the KMS

Question 25

What is a key encryption key (KEK)

Answer 25

an asymmetric encryption key that encrypts the DEK for protection and the KMS will grant access to the DEK based on the validity of the KEK

Question 26

What is federated identity management

Answer 26

an authentication service that allows you to use identity servers such as google, facebook, twitter, etc. instead of making a new username and password on a site. When logging in for example, google servers will send the federated identity token to the site for the user.

Question 27

What is identity and access management (IAM)

Answer 27

allows an organization to oversee user access and permissions to its resources to ensure better security across its cloud applications and services.

Question 28

What is an extranet

Answer 28

a secured region of your private network where firewalls are configured to carefully inspect traffic entering and leaving the network, and on occasion, intrusion prevention systems (IPS) are implemented within the extranet to mitigate any server-to-server attacks within the extranet.

Question 29

What are service accounts

Answer 29

for an application when it needs to access resources within a cloud provider or other server. Instead of username and password it uses the service account and API key.

Question 30

What is 3DES

Answer 30

symmetric encryption algorithm that uses DES 3 times in a row. 56-bit encryption

Question 31

What is AES

Answer 31

symmetric encryption that uses a 128-bit, 192-bit, or 256-bit key.

Question 32

What are the pros and cons of longer keys in encryption

Answer 32

the longer the key the harder it is to crack but requires more computing power to encrypt the data

Question 33

What is AES-NI

Answer 33

(AES New Instructions). These instructions allow the CPU to process AES encryption at very fast speeds, potentially upward of 10 GB per second. This, in turn, allows a computer to encrypt its wireless network traffic using AES and then transmit it at native wireless speeds with minimal, if any, effect on performance.

Question 34

What is WEP

Answer 34

the bit length of the encryption key is either 40-bit or 104-bit, both of which can be compromised in under a day using brute force methods on standard workstation hardware. all packets have the same encryption key

Question 35

What is WPA

Answer 35

uses TKIP. Unlike WEP where all packets on the network are encrypted using the same encryption key, TKIP gives WPA a significant security boost by generating a new 128-bit encryption key for every packet sent on the network.

Question 36

What is WPA2

Answer 36

uses CCMP which is part of the AES encryption standard

Question 37

What is WPA3

Answer 37

increases the minimum AES key length to 192-bits for enterprise connections. uses SAE instead of PSK for the initial key exchange

Question 38

What is SAE

Answer 38

in PSK, the device sends the hashed version of the password to the router for authentication which can be intercepted by attackers and used to guess the password. In SAE, the device and the router use elliptic curve math equations to communicate the password without exchanging anything.

Question 39

What is ad-hoc wireless mode

Answer 39

where wireless communication is performed in a P2P fashion and does not involve a WAP

Question 40

What is infrastructure wireless mode

Answer 40

where all devices connect to the WAP which acts as a switch

Question 41

how does 802.1x grant network access

Answer 41

1. The client requests access to the network via a WAP or a wired Ethernet switch and then provides credentials for the network access.
2. The WAP or switch forwards the network access request to a special authentication server running remote authentication dial-in user service (RADIUS) or EAP, which then validates the credentials and determines the user’s authorization based on policies defined by a network administrator.
3. If the credentials are validated and the user is authorized, the WAP or switch grants network access to the user.
4. If the user is not authenticated properly or does not have the authorization to access that network, the WAP or switch will block network access to the user.

Question 42

What is a Deauth attack

Answer 42

a DoS attack where the attacker can force any client (or even every client) off of the network.

Question 43

What is a rogue WAP

Answer 43

attacker sets up an illegitimate wireless network using their own WAP and may even share their own cellular data to create an internet hotspot. The attacker usually opens this network without any security or authentication so as to entice people in a hurry to connect to the attacker’s rogue WAP.

Question 44

What is authentication, authorization, and accounting (AAA)

Answer 44

the process of granting or denying access to data and network resources as well as verifying that the security controls are working properly.

Question 45

What is Authentication

Answer 45

the process of confirming a person’s identity

Question 46

What is Authorization

Answer 46

determining what the user has access to

Question 47

What is Accounting

Answer 47

includes verifying the correct access control settings on data files, providing a forensic trail after a security breach to determine how the attacker got in (to harden defenses for the future) and what they accessed (for damage control and potential changes to permissions in the future).

Question 48

Why should you change default passwords

Answer 48

because almost all default passwords for brands can be found online