Chapter 3:Understanding Devices and Infrastructure

Question 1

TCP/IP Layers

Answer 1

4) Application
3) Transport
2) Internet
1) Network Interface

Question 2

Antiquated Protocols

Answer 2

Protocols once needed but now serve no purpose

Question 3

IPv4 address length

Answer 3

32-bits

Question 4

IPv6 address length

Answer 4

128-bits

Question 5

Command to show active ports

Answer 5

netstat -a

Question 6

Windows Socket (Winsock) API

Answer 6

A Microsoft API used to interact with TCP/IP.

Question 7

Internet Small Computer Systems Interface (iSCSI)

Answer 7

A protocol that enables the creation of storage area networks (SANs) and is used in sending storage-related commands over IP networks.

Question 8

Fibre Channel

Answer 8

A high-speed networking technology designed to work like iSCSI but for fiber only. Cannot work across large networks.

Question 9

Security Benefit of VLANs

Answer 9

Allow users with similar data sensitivity levels to be segmented together

Question 10

Security Benefit of Tunneling

Answer 10

Sensitive data can be encapsulated into other packets and sent directly from one network to its destination

Question 11

Point-to-Point Tunneling Protocol (PPTP)

Answer 11

• Encapsulates and encrypts PPP packets

- Weakness is that the negotiation between the two points in done in the clear

Question 12

Layer 2 Forwarding (L2F)

Answer 12

• Tunneling protocol used primarily for dial-up

- No encryption

Question 13

Layer 2 Tunneling Protocol (L2TP)

Answer 13

• Hybrid of PPTP and L2F

- Not encrypted by default, but can use IPSec for security needs

Question 14

Secure Shell (SSH)

Answer 14

-Uses encryption to establish a secure connection between two systems

Question 15

IPSec

Answer 15

A set of protocols that enable encryption, authentication, and integrity over IP.

Question 16

IPSec Transport vs. Tunneling Mode

Answer 16

Transport encrypts only the payload whereas tunneling also encrypts everything

Question 17

RAS

Answer 17

Remote Access Services

Question 18

The Private IP Addresses

Answer 18

10. 0.0.0-10.255.255.255
11. 16.0.0-172.31.255.255
12. 168.0.0-192.168.255.255

Question 19

Telephony

Answer 19

Telephone technology combined with information technology

Question 20

Biggest Security Problem with VoIP

Answer 20

If VoIP and data are on the same line then they are both vulnerable to a private branch exchange (PBX) attack

Question 21

Appliances

Answer 21

Freestanding devices that operate in a largely self-contained manner.

Question 22

Packet Filter

Answer 22

• Passes or blocks traffic to specific addresses based on the type of application.
• Decides based on addressing info, not actual content

Question 23

Proxy Firewall

Answer 23

• Examines data and makes rule-based decisions about whether the data should pass through
• Hides IP addresses

Question 24

Dual-Homed Firewall

Answer 24

A firewall using two NICs, one connected to the outside network and one connecting to the internal network

Question 25

Multihomed

Answer 25

More than one IP address

Question 26

Application-Level Proxy

Answer 26

Reads the individual commands of the protocols that are being served.

Question 27

Circuit-Level Proxy

Answer 27

Creates a circuit between the client and the server and doesn’t deal with the contents of the packets.

Question 28

Stateless Firewalls

Answer 28

Make decisions based on the data that comes in and not based on any complex decisions

Question 29

Stateful Packet Inspection (SPI)

Answer 29

Remembers where the packet came from and where the next one should come from.

Question 30

Border Router

Answer 30

A router used to translate from LAN framing to WAN framing.

Question 31

Web Security Gateway

Answer 31

A proxy server with web protection software built in

Question 32

Activity (IDS)

Answer 32

An element of a data source that is of interest to the IDS.

Question 33

Administrator (IDS)

Answer 33

The person responsible for setting the security policy, and for making decisions about the IDS.

Question 34

Data Source (IDS)

Answer 34

The raw info that the IDS uses to detect suspicious activity.
Audit files, system logs, etc.

Question 35

Manager (IDS)

Answer 35

The component that the operator uses to manage the IDS.

Question 36

Sensor (IDS)

Answer 36

The IDS component that collects data from the data source and passes it to the analyzer

Question 37

Behavior-Based IDS

Answer 37

Looks for variations in behavior such as unusually high traffic, policy violations, etc.

Question 38

Signature-Based IDS

Answer 38

Focused on evaluating attacks based on attack signatures and audit trails.

Question 39

Misuse-Detection IDS (MD-IDS)

Answer 39

Another name for signature-based IDS

Question 40

Attack Signature

Answer 40

A generally established method of attacking a system

Question 41

Anomaly-Detection IDS (AD-IDS)

Answer 41

Looks for things outside of the ordinary

behavior based falls under this category

Question 42

Heuristic IDS

Answer 42

Uses algorithms to analyze the traffic passing through the network

Question 43

Passive Responses

Answer 43

Logging, Notification, and Shunning

Question 44

Shunning

Answer 44

Ignoring an attack because you know it will not be able to hurt you

Question 45

Active Response

Answer 45

Takes action based on an attack or threat

Question 46

Deception Active Response

Answer 46

Fools the attacker into thinking they are succeeding, while actually redirecting it to a honeypot and monitoring it

Question 47

/var/log/faillog

Answer 47

List of users’ failed authentication attempts

Question 48

/var/log/lastlog

Answer 48

List of users and when they last logged in

Question 49

/var/log/messages

Answer 49

Could contain login-related entries

Question 50

/var/log/wtmp

Answer 50

List of users who have authenticated

Question 51

All-in-one-Appliance

Answer 51

• Appliances that provide a good foundation of security including URL filtering, content inspection, or malware inspection.
• Also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW)

Question 52

Web Application Firewall (WAF)

Answer 52

• A real-time appliance that applies a set of rules to block traffic to and from web servers and to try to prevent attacks.
• Specific to web-based servers.

Question 53

Application -Aware Device

Answer 53

One that has the ability to respond to traffic based on what is there.

Question 54

PPP

Answer 54

• Widely used for dial-up connections

- Should not be used for a WAN VPN connection