Security Fundamentals 98-367: Lesson 4
Network Access Protection (NAP)
A Microsoft solution that allows administrators a more powerful way to control access to network resources. NAP's controls are based on the client computer's identity and whether that computer complies with the configured network governance policies.
network firewall
A category of software firewall consists of applications that are installed on servers used to protect network segments from other network segments.
Honey net
A collection of honeypots used to present an attacker with an even more realistic attack environment.
Unified Threat Management (UTM)
A comprehensive security product that includes protection against multiple threats. A UTM product typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package.
intrusion detection systems (IDS)
A solution designed to detect unauthorized user activities, attacks, and network compromises.
DNS Security Extensions (DNSec)
Adds security provisions to DNS so that computers can verify they have been directed to proper servers.
WPA/WPA2
If you are setting up a WLAN in a corporate environment and you want to use 802.1x and a RADIUS server to secure the connections, you need to use _____ keys.
DNS spoofing
_____ occurs when an attacker is able to intercept a DNS request and respond to the request before the DNS server is able to.
DMZ (demilitarized zone)
A firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network like the Internet.
intrusion prevention systems (IPS)
A solution designed to detect unauthorized user activities, attacks, and network compromises that can also take action to prevent a breach from occurring.
firewall
A system that is designed to protect a computer or a computer network form network-based attacks. A _____ does this by filtering the data packets that are traversing the network.
padded cell
A system that waits for an IDS to detect an attacker and then transfers the attacker to a special host where he or she cannot do any damage to the production environment.
Honeypot
A trap for hackers
host firewall
A type of software firewall installed on a host and used to protect the host from network-based attacks.
personal firewall
A type of software firewall installed on a host and used to protect the host from network-based attacks.
honeypot
A(n) _____ can be deployed to distract an attacker from the critical systems on your network.
application-level firewall
Also known as proxy servers. Works by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, then enforcing correct application behavior.
DNS poisoning
An attack against the cached information on your DNS server
replay attack
An attack that records a stream of data, modifies it, and then resends it is known as a(n) _____ attack.
network sniffing
An attack that relies on access to a physical LAN segment is known as a(n) _____ attack.
Cross-site scripting
An attack that relies on having a user execute a malicious script embedded in a web page is which kind of attack? (Choose the best answer) -Man in the middle -Brute force -Cross-site scripting -SQL injection
Network
At which layer of the OSI model does routing occur?
stateful inspection
In addition to examining the header information of the packets traversing the firewall, a _____ firewall considers other factors when determining whether traffic should be permitted across the firewall. _____ also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
Secure Content Management (SCM)
Software protection against spyware, phishing, viruses and email spam.
Open Systems Interconnect (OSI)
The _____ model is a conceptual model, created by the International Organization for Standardization (ISO) to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as a model for a protocol, the _____ model is nonetheless the standard for discussing how networking works.
IPsec enforcement 802.1x enforcement VPN enforcement DHCP enforcement
The four mechanisms used by NAP to restrict network access and enforce policies are _____ , ______ , _____ , and _____.
spoofing
The misuse of a network protocol to perpetrate a hoax on a host or network device.
MAC address
The physical or hardware address burned into each NIC (for example, 96-4C-E5-48-78-C7)
ARP spoofing DNS spoofing IP address spoofing
The three common types of protocol spoofing are _____ , _____ , and _____.
static dynamic
The two common types of Network Address Translation are _____ and _____.
IPsec SSL/TLS
The two most common protocols you can use to create a VPN are _____ and _____.
software vulnerability attack
The type of attack that relies on a weakness in an operating system or an application is known as a(n) ______.
circuit-level firewall
Typically considered second-generation firewall technology. They work in a similar fashion to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model.
NAP controls what systems are permitted to connect to a network
What is the purpose of NAP? (Choose the best answer) -NAP translates private IP addresses to Internet-routable IP addresses. -NAP permits a firewall to perform deep inspection on packets -NAP provides a mechanism to perform network analysis on captured packets. -NAP controls what systems are permitted to connect to a network
Man in the middle attack
What type of attack relies on the attacker tricking the sending host into thinking his or her system is the receiving host, and the receiving host into thinking his or her system is the sending host? (Choose the best answer) -Replay attack -Brute force attack -Man in the middle attack -Cross-site scripting attack -SQL injection attack
Distance vector Link state
Which of the following are common types of routing protocols? (Choose all that apply) -Link vector -Dynamic link -Distance link -Distance vector -Link state
Remote Access Extranet connection
Which of the following are common uses for a VPN? -Remote Access -Server isolation -Intrusion detection -Extranet connection -Domain isolation
Health policy compliance Limited access mode Health state validation
Which of the following are components of Network Access Protection? (Choose all that apply) -MAC address compliance -Health policy compliance -Limited access mode -IP address mode -Health state validation
Physical Application Network
Which of the following are layers of the OSI model? (Choose all that apply) -Physical -Control -Application -Network -Encryption
Brute force attacks Dictionary attacks
Which of the following are password-based attacks? (Choose all that apply) -Replay attacks -Network sniffer attacks -Brute force attacks -Man in the middle attacks -Dictionary attacks
Packet filtering Application
Which of the following are valid firewall types? (Choose the best answer) -Virtual -Network -Packet filtering -IPsec -Application
Host operating syst Application Conflicts Stability
Which of the following elements and issues should be considered when deciding whether to use a software or hardware firewall? (Choose all that apply) -Host operating system -Application conflicts -Operating system version -Firewall service efficiency -Stability
IP address of the sending host IP address of the receiving host Data packet type
Which of the following pieces of information are typically examined by a stateful inspection firewall? -IP address of the sending host -IP address of the receiving host -IP address of the router -Data packet type -Data packet size
Windows 7 Home Windows XP Service Pack 2
Which of the following systems cannot participate in a NAP implementation? (Choose all that apply) -Windows 7 Home -Windows 7 Home Premium -Windows XP Service Pack 2 -Windows Vista Ultimate -Windows 7 Professional
DNSSEC
You are a network administrator, and you have just been put in charge of registering your company's domain name and setting up the DNS so that people on the Internet can get to your website. Here, _____ can be used to ensure that your DNS entries are not poisoned by an attacker.
Application
You are the Information Security Officer for a medium-sized manufacturing company, and your sales team has just deployed a new e-commerce application to allow for the direct sale of your products to your customers. To secure this application, you are deploying an application firewall. At what layer of the OSI model does this filtering occur? (Select all answers that apply) -Physical -Data link -Network -Presentation -Application
Data link
You have just purchased a new wireless access point for your small computer services company, and you want to ensure that only your systems are able to connect to the wireless network. To that end, you enable MAC address filtering and put the MAC addresses of all your computers in the permitted table. At what layer of the OSI model does this filtering occur?
