Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
Which of the following elements and issues should be considered when deciding whether to use a software or hardware firewall (choose all that apply)
a - stability b - firewall service efficiency c - operating system version d - application conflicts e - host OS |
a, d, and e
|
|
|
At which layer of the OSI model does routing occur?
1 - Physical 2 - Data link 3 - Network 4 - Trasport 5 - Session 6 - Presentation 7 - Application |
3 - Network
|
|
|
Which of the following pieces of information are typically examined by a stateful inspection firewall?
a - IP address of sending host b - IP address of receiving host c - IP address of router d - data packet size e - data packet type |
a,b, and e
|
|
|
What is the purpose of a NAP?
a - it translates private IP addresses to Internet-routable IP addresses b - it permits a firewall to perform deep inspection on packets c - it provides a mechanism to perform network analysis on captured packets d - it controls what systems are permitted to connect to a network. |
d pg 97 Network Address Protection helps the network admin ensure that the computers attached to the network are compliant with the organization's security policies by permitting the network to check each system before it connects.
|
|
|
An attack that relies on having a user execute a malicious script embedded in a web page is which kind of attack?
a - man-in-the-middle b - brute force c - cross-site scripting d - SQL injection |
c cross-site scripting, AKA XSS are by far the most common and dangerous current attack method employed against web users. They allow hackers to bypass web browser security measures by injecting malicious scripts into web pages and getting users to activate them.
|
|
|
You enable MAC address filtering on your WAP and put the MAC addresses of all your computers in the permitted table. On what layer of the OSI model does this filtering occur?
1 - Physical 2 - Data link 3 - Network 4 - Trasport 5 - Session 6 - Presentation 7 - Application |
2 - Data link
MAC address filtering - pg 126 |
|
|
At what layer of the OSI model would the filtering from an application firewall occur?
1 - Physical 2 - Data link 3 - Network 4 - Trasport 5 - Session 6 - Presentation 7 - Application |
7 - Application
|
|
|
Which of the following are components of NAP?
a - MAC address compliance b - health policy compliance c - limited access mode d - IP address mode e - health state validation |
b c and e
Network Access Protection makes sure that the computers attached to the network are compliant with the organization's security policies. In other words, computers must be full patched, running up-to-date antivirus software, and belong to the organization before being allowed to connect. pg 97-8 |
|
|
What type of attack relies on the attacker tricking the sending host into thinking his system is the receiving host and the receiving host into think his system is the sending host?
a - replay b - brute force c - man-in-the-middle d - cross-site scripting e - SQL injection |
c - man-in-the-middle attacks occur when the attacker breaks into the communication between the endpoints of a network connection. He can then intercept the data being transferred or even inject false information into the data stream. Wireless connections are especially vulnerable to this attack.
pg 122 |
|
|
Which of the following systems cannot participate in a NAP implementation
a - Windows 7 Home b - Windows 7 Home Premium c - Windows XP SP2 d - Windows Vista Ultimate e - Windows 7 Pro |
a and c
NAP (network access protection) requires a variety of components on the client and server to function. Chief among them is SHAs - system health validators, which run on the client side. Windows XP can run these, but it must be patched to Service Pack 3. If you want a secure network you gotta pay for it - Windows Home can't support SHAs apparently. |
|
|
Which of the following are common uses for a VPN?
a - remote access b - server isolation c - intrusion detection d - extranet connections e - domain isolation |
a and d
|
|
|
Which of the following are common types of routing protocols? (choose all that apply)
a - link vector b - dynamic link c - distance linnk d - distance vector e - link state |
d and e
|
|
|
On which layer of the OSI model are IP addresses specified?
1 - Physical 2 - Data link 3 - Network 4 - Trasport 5 - Session 6 - Presentation 7 - Application |
3 - Network layer. It also deals in routing (allowing data to select the best path).
pg 90 |
|
|
You are setting up your company's domain name and its DNS server so that people on the internet can get to your website. What can you use to make sure that your DNS entries are not poisoned by an attacker?
|
DNSSEC, or DNS Security Extensions. DNSSEC uses SSL to ensure that client-to-server communication is secure. This allows the DNS client to check that the server has a certificate to prove its identity as a valid DNS server.
The first step for an admin is to determine which zones of the network need to be secured with DNSSEC. In particular it should not be used on dynamic Active Directory DNS zones (possible with Server 2012). The rest of the process is extremely complex and involves several stages of implementation beyond the scope of this question. http://technet.microsoft.com/en-us/library/ee649178.aspx |
|
|
The two most common protocols you can use to create a VPN are
|
IPsec and SSL/TLS. IPsec has largely replaced PPTP (point-to-point tunneling protocol) as the dominant tunneling protocol. Another outdated tunneling protocol is L2TP, or layer 2 tunneling protocol.
pg 118 |
|
|
The three most common types of protocol spoofing are
|
1. ARP (address resolution protocol) spoofing - (AKA ARP poisoning) - the attacker modifies the ARP caches and takes over the IP address of the victim, thus allowing him to intercept data intended for the victim.
2. DNS spoofing, often preceeded by network sniffing. An attacker intercepts a DNS request and responds to it before the DNS server can. This allows the attacker to redirect URL requests to malicious websites. 3. IP address spoofing - an attacker spoofs an internal IP address from outside the firewall. If a firewall isn't configured correctly it will admit such an attacker to the internal network. pg 119-120 |
|
|
An attack that records a stream of data, modifies it, and then resends it is konwn as a(n) ________ attack.
|
replay
pg 122 |
|
|
The two common types of network address translation are
|
static and dynamic.
|
