Computer security : security-components

One common capability of a SIEM is _____, which pulls together data from different devices into a single format and place, so it is easy to display, search, analyze, etc. A.Aggregation B.Automated triggers C.Time synchronization D.Automated alerting

A.Aggregation Combines several different items into one SIEM (Security Information and Event Management) system collects data from many different sources, such as: Firewalls Intrusion detection systems (IDS) Proxy servers Each of these technologies stores data in different formats, different databases, different reports SIEM pulls all this data together (aggregates) into a single format and place, so it is easy to display, search, analyze, etc

What NOT used in a router's ACL to deny or allow a packet? A.MAC address B.IP address C.protocol number D.port number

A.MAC address

What network device prevents hackers from hiding malware in an encrypted connection? This device is usually placed in the DMZ. A.SSL/TLS decryptors B.network tap C.SSL/TLS accelerators D.Media gateway

A.SSL/TLS decryptors

You are setting up a heuristic-based IDS to monitor network activity. Which of the following would you set up first? A.a baseline of the current network behavior B.a router C.a switch D.a database of known vulnerabilities and attack patterns

A.a baseline of the current network behavior

What kind of load balancer scheduling sends each new request to a server based on how active that server is? For this scheduling, the most active servers are sent the fewest requests and the least active servers are sent the most requests. A.active-active B.active-passive C.affinity D.round robin

A.active-active Active-active scheduling This type of scheduling takes into consideration how active the servers are More requests are sent to less active servers And less requests are sent to more active servers

What is an example of "security through obscurity"? A.disabling SSID broadcasting B.enabling WPA2 on all wireless devices C.doing a site survey D.limiting the range of the wireless APs

A.disabling SSID broadcasting We call this "security through obscurity," which is not really security

Your organization has a BYOD (bring your own device) policy. There is a higher security risk with connecting personal devices to your organization's private network. What type of technology will MOST likely reduce this security risk? A.dissolvable NAC agent B.IPsec tunnel mode C.IPsec transport D.permanent NAC agent

A.dissolvable NAC agent

Which of the following technologies is a switch that is configured to send a copy of all traffic to a single port? A.port mirror B.network tap C.sensor D.collector

A.port mirror Port mirror (mirror port) A switch that is configured to send a copy of all traffic to a single port (active device) Next, packets go to a sensor Better for networks with light traffic

What kind of load balancer scheduling sends each new request to a different server in order? Once all servers are sent a new request, the next request is sent to the first server again. A.round robin B.affinity C.active-active D.active-passive

A.round robin Round robin scheduling Each new request gets sent to a different server, in order First request to 1st server, second request to 2nd server, etc

What network devices connect different networks together? A.router B.hub C.proxy D.switch

A.router

A layer 3 switch is a combination of what two devices? A.switch and router B.router and proxy C.switch and hub D.hub and router

A.switch and router A switch that operates on layer 3 of the OSI (Open Systems Communication) model Uses IP (Internet Protocol) addresses to forward a packet Routers operate on layer 3 and use IP address to forward a packet Routers are sometimes called layer 3 devices A layer 3 switch combines a switch and router in the same physical device

Which IPsec protocol supports confidentiality, authentication, and integrity? A.UDP B.ESP C.VPN D.AH

B.ESP Provides authentication, data integrity, and encryption Because of the encryption, ESP used more than AH ESP include AHA

It is important that the SIEM event log data has this property, so that multiple copies of the same event are not stored in the event log. A.WORM B.Event deduplication C.Automated trigger D.Aggregation

B.Event deduplication

Which of the following technologies gathers network information from sensors? A.HIDS B.NIDS C.router D.switch

B.NIDS

Which protocol is used to prevent infinite loops from happening with the switches in a network? A.MAC B.RSTP (Rapid Spanning Tree Protocol) C.ACL D.reverse proxy

B.RSTP (Rapid Spanning Tree Protocol)

Which of the following is the BEST example of a false negative? A.a NIPS stops a DDoS attack B.a HIPS does not stop a DDoS attack C.a HIDS detects a DDoS attack D.a NIDS detects a DDoS attack

B.a HIPS does not stop a DDoS attack

What kind of load balancer scheduling sends each new request to a server based on how active that server is? For this scheduling, the most active servers are sent the fewest requests and the least active servers are sent the most requests. A.active-passive B.active-active C.affinity D.round robin

B.active-active

What kind of load balancer scheduling has idle servers that are not being used? If an active server fails, then one of the idle servers takes its place. A.round robin B.active-passive C.affinity D.active-active

B.active-passive

What network device forwards requests for services from clients? A.reverse proxy B.forward proxy C.switch D.hub

B.forward proxy

What network device will modify or filter requests? A.hub B.non-transparent proxy C.switch D.transparent proxy

B.non-transparent proxy

What network device filters and forwards packets being sent to a web server? A.hub B.reverse proxy C.forward proxy D.switch

B.reverse proxy Reverse proxy Filters and forwards packets being sent to a web server Protects a web server Drops malicious traffic Can be used to improve performance by caching web pages See next slide for another diagram

What network device is an OSI layer 3 device? A.switch B.router C.hub D.proxy server

B.router

Which of the following technologies is a device that collects and monitors traffic and sends the raw data to the NIDS? A.network tap B.sensor C.port mirror D.collector

B.sensor A device that collects and monitors traffic and sends the raw data to the NIDS

What is an SSID? A.a group of wireless network protocols B.the name of a wireless network C.an encryption standard for wireless communication D.a type of antenna used for wireless communication

B.the name of a wireless network

A _____ connects multiple networks together. It uses MAC addresses to direct packets to a network. A.Switch B.Router C.Bridge D.Mail gateway

C.Bridge

_____ is a hardware device or software that prevents the unauthorized transfer of data outside an organization. A.PHI B.PII C.DLP D.data exfiltration

C.DLP

You try to use your organization's VPN, but you are sent to a remediation network. What kind of technology is MOST likely being used? A.DLP B.SIEM C.NAC D.mail gateway

C.NAC NAC = a way to control the computers outside the private network Makes sure that they are healthy computers that meet certain conditions Is the computer is healthy, then is allowed on the private network

It is important that the devices from which SIEM is drawing data have this property, so that data from different devices can have the same time stamp, if the event happened at the same time across multiple devices. A.WORM B.Automated trigger C.Time synchronization D.Event deduplication

C.Time synchronization

Which of the following is the BEST example of a false positive? A.a HIPS does not stop a DDoS attack B.a NIPS stops a DDoS attack C.a HIDS sets off an alarm from a single ICMP packet D.a NIDS sets off an alarm after receiving 500 ICMP packets

C.a HIDS sets off an alarm from a single ICMP packet

What kind of firewalls run on a single computer? These are also called a host-based firewall. A.stateful B.network-based C.application-based D.ACL

C.application-based

A SIEM _____ has the task of collecting and analyzing event log data from many devices within the network. A.automated alert B.WORM C.correlation engine D.automated trigger

C.correlation engine Collects and analyzes event log data from many devices within the network Also called a "collector" (similar to The Collector from Marvel Comics) It pulls together data with similar attributes (qualities) Can detect patterns that could be potential malicious attacks Can raise alerts for system administrators Often use syslog (system log), which is a standard way to transfer logs between devices

Which of the following technologies is a dedicated device (a device that only has one function) that makes a copy of all traffic going through a network? A.collector B.sensor C.network tap D.port mirror

C.network tap A device that makes a copy of all traffic going over the network (passive device) Sends these packets to sensors Better for high-speed networks with large volumes of traffic

Your organization provides mobile devices to its employees which they can use to telecommute. Before connecting these mobile devices to the organization's private network over a VPN, what type of technology will MOST likely reduce the security risk of a potentially infected mobile device from spreading its infection over the organization's private network? A.IPsec transport mode B.dissolvable NAC agent C.permanent NAC agent D.IPsec tunnel mode

C.permanent NAC agent

Which of the following technologies is a switch that is configured to send a copy of all traffic to a single port? A.sensor B.collector C.port mirror D.network tap

C.port mirror

What network device filters and forwards packets being sent to a web server? A.forward proxy B.hub C.reverse proxy D.switch

C.reverse proxy Reverse proxy Filters and forwards packets being sent to a web server Protects a web server Drops malicious traffic Can be used to improve performance by caching web pages

Your organization's DMZ has been attacked by hackers taking advantage of a previously unknown weakness in the firewalls. What kind of attack is this? A.HIDS B.false positive C.zero day exploit D.false negative

C.zero day exploit

_____ is software, hardware, policies, and/or procedures that are used to prevent the unauthorized transfer of data outside an organization. A.PHI B.data exfiltration C.PII D.DLP

D.DLP

_____ is data that can be used to identify someone, such as name, social security number, date of birth, place of birth, etc. A.DLP B.PHI C.data exfiltration D.PII

D.PII Personally Identifiable Information

What network device can be used to provide encrypted connections? This device will free up the server from having to use the server's resources to provide the encryption calculations. A.Media gateway B.Bridge C.SSL/TLS decryptors D.SSL/TLS accelerators

D.SSL/TLS accelerators TLS replace SSL (Secure Sockets Layer), but the name SSL is still often used All soft drinks are called "Coke" in the South, even if it's not a Coca-Cola (originated in 1886 by an Atlanta pharmacist) Provides encryption for protocols such as HTTPS (Hypertext Transfer Protocol Secure) Encryption protocols usually take lots of time and resources, so using an dedicated hardware device frees up CPU power and RAM from a Web server, or other device it is assisting Hardware device should be close to the Web server, or whatever device it is assisting

What do we call a private network that is run over a public network? A.HTTPS B.IPS C.SSH D.VPN

D.VPN Virtual Private Network Private network within a public network Access systems from remote locations Example #1: servers in another room accessed from administrator's desktop computer Example #2: accessing files on a server at work from a laptop at home

What is a device that connects wireless clients to a wired network? A.SIEM B.load balancer C.mail gateway D.WAP

D.WAP

A SIEM event log typically has this property, so that the data, once stored, will not be overwritten or changed. A.Aggregation B.Automated trigger C.Event deduplication D.WORM

D.WORM

What is the IEEE 802.11 standard? A.a type of antenna used for wireless communication B.an encryption standard for wireless communication C.the name of a wireless network D.a group of wireless network protocols

D.a group of wireless network protocols A group of wireless network protocols Increasing channel width = can transfer more data through the channel Increasing channel width = decrease the radio transmission distance 20 MHz channel can have more distance between devices than a 40 MHz channel Increasing channel width = increase possibility of interference Can overlap with other wireless devices 2.4 GHz band has more technologies on this band Bluetooth devices, microwave ovens, cordless phones

What kind of load balancer scheduling has idle servers that are not being used? If an active server fails, then one of the idle servers takes its place. A.round robin B.affinity C.active-active D.active-passive

D.active-passive In this case, we have standby servers Some servers are working hard Other servers are idle, on standby If one of the active servers fails, then a standby server takes over The load balancer will detect the failed server, and send traffic to a standby server

_____ is unauthorized transfer of data outside an organization. A.PII B.DLP C.PHI D.data exfiltration

D.data exfiltration Unauthorized transfer of data outside an organization Attackers from outside can use malware Malicious insiders can transfer data

Which rule should we include at the end of an ACL in a stateless firewall? In other words, what should the last rule be in an ACL? A.deny ip 10.0.0.0 0.255.255.255 any B.permit TCP any any eq 80 C.permit TCP any any eq 443 D.deny any any

D.deny any any

What is one way a router reduce IP spoofing? A.block traffic on port 80 B.block encrypted traffic C.deny ICMP packets, such as the ping command D.deny private IP addresses

D.deny private IP addresses

Some coworkers in your organization complain that they cannot access the wireless network in certain parts of the building. What action would you recommend for your organization? A.triple the power of all the wireless APs in the organization B.disabling SSID broadcasting C.enable MAC filtering D.doing a site survey

D.doing a site survey Site survey Checking the wireless coverage areas Look for potential security issues, such as too much noise, other devices on same frequency range, etc

What device is used to filter traffic? A.hub B.switch C.IDS D.firewall

D.firewall

What network device forwards requests for services from clients? A.hub B.reverse proxy C.switch D.forward proxy

D.forward proxy Also called simply "proxy server" Forwards requests for services from clients Often used with HTTP or HTTPS packets Caching (pronounced "kashing") content to improve performance Two people might access the same web page, so if the web page is cached, access will be quicker for the second person Can filter content Located between Internet and intranet

What network device is an OSI layer 3 device? A.hub B.switch C.proxy server D.router

D.router

What network device is an OSI layer 2 device? A.router B.proxy server C.hub D.switch

D.switch

What type of AP is managed by a single controller? This type of AP is usually for large networks in organizations with many AP devices to be managed. A.fat WAP B.WPA2 C.WPA D.thin WAP

D.thin WAP Controller-based WAP Controller manages all the thin WAPs Much easier for administrators to manage many WAPs Less expensive per unit than fat WAP Usually for large organizations Example protocols used to manage thin WAPs Cisco's LWAPP (Lightweight Access Point Protocol) Open standard CAPWAP (Control And Provisioning of Wireless Access Points)

A load balancer has one IP address, while each of the servers that it uses has a different IP address. What do we call the load balancer's IP address? A.ARP (Address Resolution Protocol) B.private IP address C.IP address spoofing D.virtual IP address

D.virtual IP address Virtual IPs Used by a software-based load balancer to send packets with the virtual IP address of the web site to the private IP address of the various servers The web site has a virtual IP address Each server has its own, private IP address