Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
Function of the JCOR network
|
Used to train cyber warriors in as realistic environment as possible without being on an operational network
|
|
Concepts of defense-in-depth
|
Having multiple devices and/or solutions to implement security and manage/mitigate risk
|
|
Describe AF DMZ concept
|
Everything between the external and internal router
|
|
Describe split DNS
|
Split DNS is running on both the internal and external burbs of the firewall.
|
|
Trace the DNS flow
|
User machine, DCI, Firewall internal burb, firewall external burb, external DSN server, root DNS servers
|
|
Describe UNWT architecture
|
Tries to mirror the AF network and services to include the AF boundary protection suite with minimal equipment
|
|
Describe basic operation of Cisco switch
|
Determines what port to be sent out by MAC address, OSI layer 2 device, keeps MAC tables for each port
|
|
VLANs
|
Logistical grouping of ports, single broadcast domain. With TCP/IP - they equate to networks or subnets and it can be used to get traffic between VLANs
|
|
Describe switch defense
|
After determining the MAC address of the suspect machine - traffic from the machine can be dropped at the switch by using the appropriate command
|
|
Process to locate a networked device
|
Ping it to determine MAC address before doing an ARP lookup.
|
|
Basic operation of Cisco routers
|
Routers determine the best path for traffic by the IP address
|
|
Basic operation of Active Directory Users and Computers snap-in
|
Used to manage users information on the system to include their username/password and groups they belong to
|
|
DHCP snap-in
|
Manages the DNS service and database
|
|
Event Viewer
|
Views system log file
|
|
NBTSTAT
|
netbios over tcp information
|
|
NETSTAT
|
Displays what connections exist on a computer
|
|
PING
|
Send and echo packet to determine if a machine is operational on the network
|
|
IPCONFIG
|
Displays IP information on the machine
|
|
ARP
|
Displays IP to MAC information on the network
|
|
NSLOOKUP
|
Queries DNS information on the machine
|
|
TRACERT
|
Path from your machine to the remote computer
|
|
Function of DC1 server
|
Active Directory, domain security policies, DNS, & DHCP services
|
|
Function of EXCH server
|
MS exchange service, SMTP, & MAPI mail services
|
|
Function of NETD server
|
Provides ITA management
|
|
Function of the SAVGW server
|
SMTP antivirus protection
|
|
EXT-DNS server function
|
Provides master external DNS service
|
|
Function of the WWW server
|
Provides local base web services
|
|
Purpose of Firewall
|
Device and/or software that inspects traffic and permits/denies with a set of rules & policies
|
|
Proxy
|
Keeps the payload and rewrites headers
|
|
Purpose of HIDS/ITA
|
Detects intrusion attempts on host computers
|
|
Purpose of ASIM/CIDDS
|
Approved network intrusion detection system
|
|
ASIM/CIDDS components
|
ASIM listens and reports to CIDDS. CIDDS is the database.
|
|
Protocol abuse
|
Misusing the set of rules governing communication between computing endpoints.
|
|
Examples of protocol abuse
|
DNS exfiltration, Botnet C&C, Tunneling.
|
|
Definition of tunneling
|
Technology establishing a connection that transfers data by encapsulating the payload into the carrying network protocol
|