Updated Midterm Flashcards
1
Q
- When designing a network besides providing protection for network resources, describe the other two important concerns.
A
Dectection
IDS/IPS
Next Gen Firewall
Responding
network forensics
counter measure
2
Q
- Describe in detail what a stateful firewall uses to determine whether to allow a packet entrance back thru a firewall.
A
A firewall that tracks the TCP session. Specifically source/destination IP address, source/destination port, flags, and sequence numbers.
3
Q
- A third generation ___________ firewall is concerned with monitoring systems as DNS, web traffic, remote desktop, etc as the traffic moves through the firewall.
A
next gen
4
Q
- Besides supporting normal stateful firewall operations, name two services provided by a next generation firewall.
A
IDS
URL filtering
5
Q
- An example of a next generation firewall system is Cisco’s ________.
A
Firepower
6
Q
- If an ASA firewalls are assigned security levels between 0 and 100 and by default traffic to flow from a _________ interface to a __________ interface.
A
outside, inside
7
Q
- On a ASA firewall for the traffic to return back thru an interface a ________ rule must be configured.
A
NAT\ inspect rule
8
Q
- In order for outside traffic to enter into a lower security region on a ASA firewall a ________ must be created on the firewall.
A
security zone
9
Q
- You can configure a ________ port on an switch to collect all traffic moving thru an interface.
A
switch
10
Q
- Wireshark needs _______ in order to collect traffic from the network.
A
NIC interface
11
Q
- A __________ is the brains of wireshark and has the ability to converts binary information into intelligence.
A
dissector
12
Q
- In Wiresharks terms a _______ contains layer 3 information such as IP.
A
packet
13
Q
- In Wireshark terms a _______ contains layer 4 information such as port number.
A
segment
14
Q
- A _______ is designed to detect suspicious traffic.
A
IDS
15
Q
- Describe the three operations or functions SNORT can perform.
A
Packet Capture
Capture log packets going internally and externally
Packet Logging
Saves the network packets containing the traffic matching the IPS signature to the attack log
IDS
Monitors a network or systems for malicious activity or policy violations and sends a alert.
16
Q
- Describe what can be configured in the 2 main parts of a SNORT signature.
A
1) Header
Action | protocol | SRC | SRC Port | Direction | DST | DST port
2) Body
message content sid
17
Q
- In security onion ________ is normally used as the IDS systems to detect suspicious activity.
A
SNORT
18
Q
- In security onion _______ is used to collect information of flows, websites visited, etc
A
BRO
19
Q
- In security onion ________ can be used to display items seen in the logs of the previous 2 questions.
A
Sguil
20
Q
- _______________ is the process of using some method to determine the operating system of a server.
A
OS fingerprinting
21
Q
- _______________ is the process of using an automated tool to gather end user’s emails.
A
Email Havesting
22
Q
- ____________ will gain information such as A, AAAA, CNAME and SOA records.
A
DNS harvesting
23
Q
- When performing recon it is important to distinguish between _____ and physical servers.
A
virtual
24
Q
- When protecting resources, you need to treat internal resources different from _______ resources.
A
external
25
25. When protecting resources, you need to treat On-premises resources different from _______ resources.
Cloud
26
26. _________ is the most popular utility used to perform a port scan.
NMAP
27
27. __________ is a command utility which can be used to display network connections and ports open on a host.
Netstat
28
28. In an IDS a which is ___________ based will determine alerts based upon a predefined pattern.
signature
29
29. In a IDS a which is ________ pattern matching will compare traffic to a database of attack patterns.
pattern
30
30. __________ scanners are tools or utilities used to be probe and reveal weaknesses in a networks security.
vulnerability
31
31. _________ analysis looks at the entire packet including the payload.
packet
32
32. __________ analysis looks at information contained in the header of a packet
protocol
33
33. __________ analysis is technology developed by cisco which is sued to analyze IP traffic.
netflow
34
34. __________ analysis works with capturing 802.11 packets.
wireless
35
35. ___________ analysis looks for things which are not normal to flag suspicious activity.
anomaly
36
36. Name any two types or sources of data output which can be used by a security analyst.
firewall logs, packet capture
37
37. A __________ provides an automated tool for analyzing large amounts of data.
SIEM
38
38. The technology in the previous question can be Agent based and _________ based.
Agentless
39
39. The ____________ is a network logically separate from the intranet where resources which need access from the outside reside.
extranet
40
40. __________ can be implemented which restricts access of devices to certain systems.
isolation
41
41. A ________ can be used to access a secure network remotely thru a less secure network.
jump box
42
42. Draw a picture of how the technology in the previous question is deployed.
?
43
43. In Windows ____________ can be configured to provide security to users and the computers in an Active Directory environment .
group polices
44
44. A _________ can be configured to attract hackers and lure them into spending time attacking bogus resources while monitoring their behaviors.
honeypot
45
45. ____________ can be used from routers to restrict traffic between networks.
ACLs
46
46. A ________ is a router designed to accept and analyze attack traffic.
sinkhole
47
47. _______________ control is used to protect sensitive data by controlling access based upon the clearance level of the user or the sensitivity of the data.
Mandatory Access Controls
48
48. A ____________ control are put in place to substitute for a primary access control method and is mainly there to mitigate risk.
compensating
49
49. _____________ or management controls, are implemented to mange a organization's assets.
Administrative
50
50. Network ____________ control is a service which exams the stat of an end point before allowing the endpoint access to the network.
access
51
51. ___________ is a protocol which provides authentication at layer 2.
802.1x
52
52. In a ________ pen test the testing team is given limited knowledge of the target system.
blind
53
53. ______________ can be used to determine how malware works.
decompsiton ?
54
54. ______________ looks at the technical impact and likelihood of a threat compromising a vulnerability.
risk evaluation
55
55. Name any two regulator legislations
Sarbanes oxley , HIPPA
56
56. When establishing scanning frequency name one consideration.
technical constraints
57
57. When configuring tools to perform scans according to specification, name one item to consider.
sensitivity level
58
58. Name two things to do after a scan is completed.
vulnerability feed, remedation
59
59. A _________ positive occurs when a alert if generated but there is no malicious activity.
false.
60
60. Name any two vulnerabilities or attacks against web servers.
XXS , SQL Injection
61
61. A ______ server is considered the holy grail of resources for an attacker.
database
62
62. Describe any two attacks against the network infrastructure.
Mac overflow, Doublet Tagging
63
63. _____________ elevation occurs when a normal user is able to escalate privileges to a domain administration.
priviledge
64
64. Name any two threats mentioned against mobile devices.
Insecure wifi, use of location services
65
65. A _______ provides remote or external devices access to remote network be building a virtual tunnel.
VPN
66
66. Name one protocol which can perform the action in the previous question.
L2TP
