Module 13 Network Protection Systems
True or False: A benchmark is an industry consensus of best practices for writing access lists. True or false?
False
True or False: A router using a distance-vector routing protocol sends only new information to other routers on the network. True or false?
False
True or False: Anomaly detectors use a database of known attack signatures to function. True or false?
False
Which type of IDS can send an access list to a router or firewall when an intrusion is detected on a network?
active system
True or False: A hardware firewall has its own operating system.
True
True or False: A standard IP access list can't filter IP packets based on a destination address. True or false?
True
True or False: Like other anti-malware applications, you need to update the signatures of a program to make it effective in protecting your system against malware.
True
Which of the following describes a team of professionals whose job is to detect and respond to security incidents?
Which type of routing protocol advertises only new paths to other routers on the network?
Unified Threat Management (UTM)
A single device that combines many network protection functions, such as those performed by routers, firewalls, intrusion detection and prevention systems, VPNs, web-filtering systems, and malware detection and filtering systems.
demilitarized zone (DMZ)
A small network containing resources that sits between the Internet and the internal network, sometimes referred to as a "perimeter network." It's used when a company wants to make resources available to Internet users yet keep the company's internal network secure.
A stateful packet inspection firewall keeps track of network connections by using which of the following?
A state table
Anomaly-based IDS
A type of IDS that sends alerts on network traffic varying from a set baseline.
drive-by downloads
A type of attack in which website visitors download and install malicious code or software without their knowledge.
After the installation of ZoneAlarm, what must you do before you use it?
- Configure the proxy server - Stop the firewall service - Modify its configuration file - Update the signatures - Configure it to run in stealth mode ?????
Which of the following describes the main purpose of a firewall? (Choose all that apply.)
- Control traffic entering and leaving a network - Protect internal network segments - Prevent command and control data from being initiated from inside the network.
A honeypot might be used in a network for which of the following reasons?
- Lure or entrap hackers so that law enforcement can be informed - Gather information on new attacks and threats - Distract hackers from attacking legitimate network resources
Which of the following are features of the ZoneAlarm firewall?
- Two-way firewall - Private browsing - Identity protection - Online backup
Network Address Translation (NAT)
A basic security feature of a firewall used to hide the internal network from outsiders. Internal private IP addresses are mapped to public external IP addresses to hide the internal infrastructure from unauthorized personnel.
Security Information and Event Management (SIEM)
A class of technology that supports threat detection, compliance, and security incident management through the collection and analysis of security events.
Security Operations Center (SOC)
A command center facility for a team of information technology (IT) professionals with expertise in cybersecurity who monitor, analyze, and protect an organization from cyber-attacks.
honeypot
A computer placed on the network perimeter that contains information or data intended to lure hackers and distract them from legitimate network resources.
security appliance
A device that combines multiple network protection functions, such as those performed by a router, a firewall, and an IPS, on the same piece of hardware.
Network-based IDSs/IPSs
A device that monitors traffic on network segments and alerts security administrators of suspicious activity.
state table
A file created by a stateful packet filter that contains information on network connections. See also stateful packet filter.
stateless packet filters
A filter on routers that handles each packet separately, so it is not resistant to spoofing or DoS attacks.
Stateful packet filters
A filter on routers that records session-specific information in a file about network connections, including the ports a client uses.
application-aware firewall
A firewall that inspects network traffic at a higher level in the OSI model than a traditional stateful packet inspection firewall does.
Intrusion detection systems (IDSs)
A hardware device or software that monitors network traffic and sends alerts so that security administrators can identify attacks in progress and stop them.
Firewalls
A hardware device or software used to control traffic entering and leaving an internal network.
IP access lists
A list of IP addresses, subnets, or networks that are allowed or denied access through a router's interface.
privileged mode
A mode on Cisco routers that allows administrators to perform full router configuration tasks; also called enable mode.
Intrusion prevention systems (IPSs)
A network-based or host-based device or software that goes beyond monitoring traffic and sending alerts to block malicious activity they detect.
path-vector routing protocol
A protocol that uses dynamically updated paths or routing tables to transmit packets from one autonomous network to another.
distance-vector routing protocol
A routing protocol that passes the routing table (containing all possible paths) to all routers on the network. If a router learns one new path, it sends the entire routing table again, which isn't as efficient as a link-state routing protocol.
link-state routing protocol
A routing protocol that uses link-state advertisements to send topology changes or new paths to other routers on the network. This method is efficient because only new information is sent, not the entire routing table.
Active systems
An IDS or IPS that logs events, sends out alerts, and can interoperate with routers and firewalls.
passive systems
An IDS that does not take any action to stop or prevent a security event.
web application firewall (WAF)
An application-awareness firewall that protects web applications by detecting specific threats that target web applications and acting to protect them.
network protection system
Any system designed specifically to protect networks or network devices from attacks; includes routers, firewalls, web filters, network-based and host-based IPSs and IDSs, and honeypots.
A firewall that blocks a Telnet session from leaving the network over TCP port 443 uses which of the following?
Application layer inspection
indicators of compromise
Artifacts, left behind by attackers, that indicate that a system or network has been compromised.
In most instances, which of the following is a pre-requisite to download the updates to ZoneAlarm?
Configure the proxy server
Web filters can prevent which type of malicious activity?
Drive-by download
Which type of routing protocol advertises only new paths to other routers on the network?
Link-state routing protocol
Firewalls use which of the following to hide the internal network topology from outside users?
NAT
A DMZ is also referred to as which of the following?
Perimeter network
Which of the following Cisco components stores a router's running configuration, routing tables, and buffers?
RAM
If a Cisco router's flash memory becomes corrupted, the router can boot from which of the following components?
ROM
Which of the following describes a tool that collects logs and alerts from multiple devices for security analysis?
Security Information and Event Management (SIEM)
Host-based IDSs/IPSs
Software used to protect a critical network server or database server. The software is installed on the system you're attempting to protect, just like installing antivirus software on a desktop system.
user mode
The default method on a Cisco router, used to perform basic troubleshooting tests and list information stored on the router. In this mode, no changes can be made to the router's configuration.