Intro to Network Security sixth ed chapter 6

Term
1 / 99
1. Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend?
A. router
B. hub
C. virtual private network
D. SIEM device
Click the card to flip 👆
Terms in this set (99)
1. Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend?
A. router
B. hub
C. virtual private network
D. SIEM device
A. router
2. Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia?
A. A bridge will block packets between two different types of networks.
B. A bridge cannot be used on any Internet connection.
C. A bridge would block packets from reaching the Internet.
D. A bridge could permit access to the secure wired network from the unsecured wireless network
D. A bridge could permit access to the secure wired network from the unsecured wireless network
3. Which of these would NOT be a filtering mechanism found in a firewall ACL rule?
A. source address
B. direction
C. date
D. protocol
C. date
4. Which of the following devices can identify the application that send packets and then make decisions about filtering based on it?
A. Internet content filter
B. application-based firewall
C. reverse proxy
D. web security gateway
B. application-based firewall
5. Which function does an Internet content filter NOT perform?
A. intrusion detection
B. URL filtering
C. malware inspection
D. content inspection
A. intrusion detection
6. How does network address translation (NAT) improve security?
A. It filters based on protocol.
B. It discards unsolicited packets.
C. It masks the IP address of the NAT device.
D. NATs do not improve security.
B. It discards unsolicited packets.
7. Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say?
A. Once the MAC address table is full the switch functions like a network hub.
B. A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network.
C. In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic.
D. A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers.
A. Once the MAC address table is full the switch functions like a network hub.
8. Which device is easiest for an attacker to take advantage of to capture and analyze packets?
A. router
B. hub
C. switch
D. load balancer
B. hub
9. Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian?
A. Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address
B. Cause the device to enter a fail-open mode.
C. Record new MAC addresses up to a specific limit
D. Block the port entirely
B. Cause the device to enter a fail-open mode.
10. Which statement regarding a demilitarized zone (DMZ) is NOT true?
A. It can be configured to have one or two firewalls.
B. It typically includes an email or web server.
C. It provides an extra degree of security.
D. It contains servers that are used only by internal network users.
D. It contains servers that are used only by internal network users.
11. Which statement about network address translation (NAT) is true? A. It substitutes MAC addresses for IP addresses. B. It can be stateful or stateless. C. It can be found only on core routers. D. It removes private addresses when the packet leaves the network.D. It removes private addresses when the packet leaves the network.12. Which of these is NOT used in scheduling a load balancer? A. The IP address of the destination packet B. Data within the application message itself C. Round-robin D. AffinityA. The IP address of the destination packet13. In which of the following configurations are all the load balancers always active? A. Active-active B. Active-passive C. Passive-active-passive D. Active-load-passive-loadA. Active-active14. Which device intercepts internal user requests and then processes those requests on behalf of the users? A. Forward proxy server B. Reverse proxy server C. Host detection server D. Intrusion prevention deviceA. Forward proxy server15. Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose? A. Split tunnel B. Full tunnel C. Narrow tunnel D. Wide tunnelA. Split tunnel16. Which device watches for attacks and sounds an alert only when one occurs? A. firewall B. network intrusion detection system (NIDS) C. network intrusion prevention system (NIPS) D. proxy intrusion deviceB. network intrusion detection system (NIDS)17. Which of the following is a multipurpose security device? A. Hardware security module B. Unified Threat Management (UTM) C. Media gateway D. Intrusion Detection/Prevention (ID/P)B. Unified Threat Management (UTM)18. Which of the following CANNOT be used to hide information about the internal network? A. network address translation (NAT) B. a protocol analyzer C. a subnetter D. a proxy serverB. a protocol analyzer19. What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? A. A NIDS provides more valuable information about attacks. B. There is no difference; a NIDS and a NIPS are equal. C. A NIPS can take actions more quickly to combat an attack. D. A NIPS is much slower because it uses protocol analysis.C. A NIPS can take actions more quickly to combat an attack.20. Which is the most secure type of firewall? A. stateless packet filtering B. stateful packet filtering C. network intrusion detection system replay D. reverse proxy analysisB. stateful packet filteringA hardware device or software that is used to join two separate computer networks to enable communication between them.BridgeA device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.SwitchA means to mitigate broadcast storms using the IEEE 802.1d standard spanning-tree algorithm (STA).Loop PreventionA defense against a MAC flooding attack.Flood GuardA flood guard technology that restricts the number of incoming MAC addresses for a port.Port SecurityA device that can forward packets across computer networks.RouterA set of rules that acts like a "network filter" to permit or restrict data flowing into and out of the router network interfaces.Access Control List (ACL)Use of an ACL on a internet facing router, limiting traffic that imitates another computer's IP address.AntispoofingA dedicate network device that can help to evenly distribute work across a network.Load BalancerA scheduling protocol rotation that applies to all devices equally.Round-RobinA scheduling protocol that distributes the load based on which devices can handle the load more efficiently.AffinityA configuration in which the primary load balancer distributes the network traffic to the most suitable server while the secondary load balancer operates in a "listening mode".Active-PassiveA configuration in which all load balancers are always active.Active-ActiveAn IP address and a specific port number that can be used to reference different physical servers.Virtual IP (VIP)A computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the users.Forward ProxyA special proxy server that "knows" the application protocols that it supports. For example, an FTP proxy server implements the protocol FTP.Application/Multipurpose ProxyA proxy that routes requests coming from an external network to the correct internal server.Reverse ProxyA proxy that does not require any configuration on the user's computer.Transparent ProxyHardware or software that is designed to limit the spread of malware.FirewallA software firewall that runs as a program on the local computer to block or filter traffic coming into and out of the computer.Host-Based FirewallThe principle of being always blocked by default.Implicit DenyA firewall that functions at the OSI Network layer (Layer 3).Network-Based FirewallA firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator.Stateless Packet FilteringA firewall that keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.Stateful Packet FilteringOperates at a higher level by identifying the applications that send packets though the firewall and then make decisions about the applications instead of filtering packets based on granular rule settings like the destination port or protocol.Application-Based FirewallA firewall that filters by examining the applications using HTTP.Web Application FirewallA technology that enables use of an unsecured public network as if it were a secure private network.Virtual Private Network (VPN)A user-to-LAN VPN connection used by remote users.Remote Access VPNA VPN connection in which multiple sites can connect to other sites over the Internet.Site-to-Site VPNA VPN that allows the user to always stay connected instead of connecting and disconnecting from it.Always-on VPNsA device that aggregates hundreds or thousands of VPN connections.VPN concentratorA VPN technology in which all traffic is sent to the VPN concentrator and is protected.Full TunnelA VPN technology in which only some traffic is sent to the VPN concentrator and is protected while other traffic directly accesses the Internet.Split TunnelingAn earlier email system that handles outgoing mail.Simple Mail Transfer Protocol (SMTP)An earlier mail system responsible for incoming mail.Post Office Protocol (POP)A more recent and advanced electronic email system for incoming mail.IMAP (Internet Mail Access Protocol)A system that monitors emails for unwanted content and prevents these messages from being delivered.Mail GatewayA device that detects an attack as it occurs.Intrusion Detection System (IDS)An intrusion detection system (IDS) that is directly connected to the network and monitors the flow of data as it occurs.Inline IDSAn intrusion detection system (IDS) that is connected to a port on a switch in which data is fed to it.Passive IDSAn intrusion detection system (IDS) implemented through the network itself by using network protocols and tools.In-Band IDSAn intrusion detection system (IDS) that uses an independent and dedicated channel to reach the device.Out-of-Band IDSA monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised.Anomaly MonitoringAlarm that is raised when there is no actual abnormal behavior.False PositivesThe failure to raise an alarm when there is abnormal behavior.False NegativeA monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.Signature-Based MonitoringA monitoring technique used by an intrusion detection system (IDS) that uses the normal processes and actions as the standard and compares actions against it.Behavioral MonitoringA monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists.Heuristic MonitoringA software-based application that runs on a local host computer that can detect an attack as it occurs.Host-Based Intrusion Detection System (HIDS)A technology that watches for attacks on the network and reports back to a central device.Network Intrusion Detection System (NIDS)A technology that monitors network traffic to immediately react to block a malicious attack.Network Intrusion Prevention System (NIPS)A technology that monitors a local system to immediately react to block a malicious attack.Host-Based Intrusion Prevention System (HIPS)A product that consolidates real-time monitoring and management of security information with analysis and reporting of security events.Security and Information Event Management (SIEM)A SIEM feature that combines data from multiple data sources (network security devices, servers, software applications, etc.) to build a comprehensive picture of attacks.SIEM AggregationA SIEM feature that searches the data acquired through SIEM aggregation to look for common characteristics, such as multiple attacks coming from a specific source.SIEM CorrelationA SIEM feature that can inform security personnel of critical issues that need immediate attention.SIEM Automated Alerting and TriggersA SIEM feature that can show the order of the events.SIEM Time SynchronizationA SIEM feature that can help filter the multiple alerts into a single alarm.SIEM Event DuplicationA SIEM feature that records events to be retained for future analysis and to show that the enterprise has complied with regulations.SIEM LogsA dedicated cryptographic processor that provides protection for cryptographic keys.Hardware Security ModuleA separate device that decrypts SSL traffic.SSL DecryptorA separate hardware card that inserts into a web server that contains one or more co-processors to handle SSL/TLS processing.SSL/TLS AcceleratorA device that converts media data from one format to another.Media GatewayAn integrated device that combines several security functions.Unified Threat Management (UTM)A separate network that rests outside the secure network perimeter: untrusted outside users can access It, but cannot enter the secure network.Demilitarized Zone (DMZ)A technique that allows private IP addresses to be used on the public Internet.Network Address Translation (NAT)A private network that belongs to an organization that can only be accessed by approved internal users.IntranetA private network that can also be accessed by authorized external customers, vendors, and partners.ExtranetA separate open network that anyone can access without prior authorization.Guest NetworkIsolating the network so that it is not accessible by outsiders.Physical Network SegregationThe absence of any type of connection between devices.Air GapA technology that allows scattered users to be logically grouped together even though they may be attached to different switches.Virtual LAN (VLAN)A technique that examines the current state of a system or network device before it can connect to the network.Network Access Control (NAC)Reports sent by network access control (NAC) "agents" installed on devices to gather information and report back to the NAC device.Host Agent Health ChecksA network access control (NAC) agent that resides on end devices until uninstalled.Permanent NAC AgentA network access control (NAC) agent that disappears after reporting information to the NAC device.Dissolvable NAC AgentA network access control (NAC) agent that is not installed on an endpoint device but is embedded within a Microsoft Windows Active Directory domain controller.Agentless NACA system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.Data Loss Prevention (DLP)A data loss prevention (DLP) technique for blocking the copying of files to a USB flash drive.USB Blocking