• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/57

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

57 Cards in this Set

  • Front
  • Back

Bluesnarfing Attack

involves accessing data on a phone

Bluejacking

sending unsolicited messages to a phone.

IPsec uses:

Uses Internet Key Exchange (IKE) over port 500 to auth clients in the IPsec conversation.



IPsec can use auth header for auth and integrity or Encapsulating Security Payload (ESP) to encrypt the data and provide conf, auth, and itegrity, so it uses ESP in tunneling over VPN

L2TP and IPsec

L2TP does not encrypt the traffice so the AH (51) and ESP (50) of IPsec are used for auth and encryption.

Network Access Control

NAC includes methods, such as health agents, to inspect clients for health. NAC can restrict access of unhealthy clients to a remediation network. You can use NAC for VPN clients and for internal clients. MAC filtering is a form or NAC.

MAC Filtering

is a form or NAC. MAC filtering is not ideal on a wireless network because attackers can spoof the accepted MACs then gain access to the network.

IDS

is a detective control and detects activity after it occurs

HIDS

can detect attacks on local systems such as workstations and servers. HIDS protects local resources on the host such as OS files

NIDS

detects attacks on networks. Such as smurf attacks

Signature-Base IDS

uses signatures to detect known attacks

Anomaly-base (Heuristic or Behavior-based) IDS

requires a baseline and detects attacks based on anomalies or when traffic is outside expected boundaries.

IPS

similar to active IDS except it is placed inline with the traffic, and can stop attacks in progress. An IPS can actively monitor data streams, detect malicious content, and mitigate the effect of malicious activity.

WAP Footprint

The power level and antenna placement of a WAP affects the footprint. I can increase the footprint by increasing power levels and reduce the footprint by reducing power levels, or modify the footprint by modifying the placement of the antenna.

WEP

An older, insecure wireless protocol. It implemented RC4 incorrectly using a small initialization vector (IV). IV attacks can easily crack the encryption key.

WPA

Was an improvement over WEP, and WPA2 is a permanent improvement over WEP. WPA2 should be used whenever possible.`

WPA and WPA2

They support the older, compromised TKIP encryption, but the newer CCMP encryption based on AES is more secure.

WPA/WPA2 Personal Mode

uses a preshared key (PSK). It is easy to implement and is used in many smaller wireless networks.

WPA/WPA2 Enterprise

is more secure than personal mode since it adds authentication. It used an 802.1x auth server (often a RADIUS server) to provide auth.

MAC Filtering

Can be used to restrict the number of devices that are able to connect to the network, but an attacker can easily scan to see which MACs are being accepted then spoof one of them to gain access onto the network.

Disable the SSID

Prevents easy discovery of a WAP. However, an attacker with a wireless sniffer can easily determine the SSID even if SSID broadcasting is turned off.

Rogue Access Point

Attackers can use them to capture data on the network. Unauthed users can access my network from rogue access points. Also known as an Evil Twin. It uses the same SSID as an authed WAP.

Wireless Audits check ...

Power levels, antenna placement, wireless footprint, and encryption techniques. It will often include war driving techniques and can detect rogue APs.

Isolation Mode

WAPs in hotspots often use isolation mode to segment, or separate, wireless users from each other.

Protecting Mobile devices

Encrypting data, password protection, and remote wipe capabilities. Remote wipe will remove all data from the device.

VPNs

Provide remote access into a corporate or home network. Firewall ACLs will allow the VPN traffic through the firewall based on the tunneling protocol.

VPN Concentrator

Provide a secure remote connection to a large number of remote users.

IPsec

A common tunneling protocol used with VPNs. It can secure traffic in a site-to-site tunnel and from clients to the VPN. IPsec uses tunneling mode for VPNs. ESP (encapsulating security payload) encrypts VPN traffic and provides confidentiality, integrity, and authentication.



Firewalls identify IPsec ESP traffic via protocol ID 50, and AH traffic w/ protocol 51. IKE creates the security association for the IPsec tunnel and uses port 500

Other Tunneling Protocols

SSTP (SSL over port 443), L2TP (over port 1701), and PPTP (over port 1723)

NAC

inspects clients for specific health conditions and can redirect access to a remediation network for unhealthy clients.



NAC can be used along w/ VPN clients and with internal clients. MAC filtering is a form of NAC.

1. What can an admin use to detect malicious activity after it has occurred?



A. Firewall


B. Sniffer


C. Port Scanner


D. IDS

D. IDS

2. Of the following, what would show compromises on a local server?



A. HIDS


B. NIPS


C. Firewall


D. Protocol Analyzer

A. HIDS

3. Of the following, what represents the best choice for a system to detect attacks on a network, bun not block them.



A. NIDS


B. NIPS


C. HIDS


D. HIPS

A. NIDS

4. Your org. is using a NIDS. The NIDS vender regularly provides updates for the NIDS to detect known attacks. What type of NIDS is this?



A. Anomaly-based


B. Signature-based


C. Prevention-based


D. Honey-based

B. Sig-based

5. You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first?



A. Flood guards


B. Signatures


C. Baseline


D. Honeypot

C. Baseline

6. Of the following, what can you use to divert malicious attacks on your network away from valuable resources to relatively worthless resources?



A. IDS


B. Proxy server


C. Web app firewall


D. Honeypot

D. Honeypot

7. Of the following, what best describes the function of an IPS?



A. Detect attacks


B. Stop attacks in progress


C. Prevent attackers from attacking


D. Notify appropriate personnel of attacks

B. Stop attacks in progress. IPS can detect attacks as well. It isn't possible to stop attackers from attacking, but IPS can reduce the impact they have on the system.

8. Of the following, what provides active protection for an OS?



A. NIDS


B. NIPS


C. HIDS


D. HIPS

D. HIPS

9. Of the following, what most accurately describes a NIPS?



A. Detects and takes action against threats


B. Provides notification of threats


C. Detects and eliminates threats


D. Identifies zero day vulns

A. Detects and takes action against threats

10. You've recently completed a wifi audit and realize that the wifi signal from your company's WAP reaches the parking lot. What can you do to ensure that the signal doesn't reach outside of your building?



A. Increase the WAP's power level


B. Decrease the WAP's power level


C. Enable SSID broadcasting


D. Disable SSID broadcasting

B. Decrease the WAP's power level

11. Which of the following secure protocols did WEP implement incorrectly, allowing attackers to crack it?



A. SSL


B. RC4


C. CCMP


D. AES

B. RC4

CCMP

Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol. It is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and to address vulns presented in WEP.



Designed for wireless LAN products that implement the standards of IEEE 802.11i.

12. Your organization is designing an 802.11n network and wants to use the strongest security. What would you recommend?



A. FTPS


B. SSL


C. WEP


D. WPA2

D. WPA2

13. Which of the following auth mechanisms can provide centralized auth for a wireless network?



A. WPA2


B. RADIUS


C. Multifactor auth


D. Kerberos

B. RADIUS

RADIUS Protocol

Remote Auth Dial in User Service. Provides central authentication, authorization, and accounting. Was brought into the Internet Engineering Task Force (IETF) standards.



Can be used to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. It is a client/server protocol that runs the Application layer over UDP. Generally a background service.



Only the user's password is secured with the RADIUS traffic, but other info such as vlan membership or tunnel-group IDs are visible and could be useful to an attacker. It is recommended to use some other form of encryption such as IPsec.

14. You want to ensure that only specific wireless clients can access your wifi networks. Of the following choices, what provides the best solution?



A. MAC filtering


B. Content filtering


C. NAT


D. NIPS

A. MAC filtering

15. You recently completed a wifi audit of your company's wifi network. You've identified several unknown devices connected to the network and realize they are devices owned by company employees. What can you use to prevent these devices from connecting?



A. MAC filtering


B. Enable SSID broadcast


C. Enable isolation mode on the WAP


D. Reduce the power level of the WAP

A. MAC Filtering

Isolation Mode on Wifi Routers

Stops a wifi device from connecting to other wifi devices or wired devices on the same network. This can stop unwanted visitors from seeing or connecting to other computers on the network.

16. What can you do to prevent the easy discovery of a WAP?



A. Enable MAC filtering


B. Disable SSID broadcasting


C. Enable SSID broadcasting


D. Enable 802.1x authentication

B. Disable SSID broacast

17. While troubleshooting a problem with a WAP in your organization, you discover a rogue AP with the same SSID as the organization's WAP. What is this second AP?



A. IDS


B. War chalking


C. Evil twin


D. Packet sniffer

C. Evil twin

18. You want to identify the physical location of a rogue AP you discovered in the footprint of your company. What would you use?



A. Bluesnarfing


B. Bluejacking


C. War Chalking


D. War Driving

D. War Driving - the act of looking for wifi networks.

19. You are hosting a wifi hotspot, and you want to segment wifi users from each other. What should you use?



A. Personal Mode


B. Enterprise Mode


C. Isolation Mode


D. WEP

C. Isolation Mode

20. Which of the following best describes bluejacking?



A. It involves accessing data on a phone.


B. It involves checking a WAPs antenna placement, power levels, and encryption techniques.


C. It involves sending unsolicited messages to a phone.


D. It involves a rogue AP with the same SSID as your production AP.

C. It involves sending unsolicited sms to a phone.

21. Someone stole an executive's smartphone, and the phone includes sensitive data. What should you do to prevent the thief from reading the data?



A. Password Protect the phone


B. Encrypt the data on the phone


C. Use remote wipe


D. Track the location of the phone

C. Use remote wipe

22. You are deploying a remote access server for your organization. Employees will use this to access the network while on the road. Of the following, what must you configure?



A. NAC


B. ACLs


C. MACs


D. NAT-T

B. ACLs

23. Your organization is creating a site-to-site VPN tunnel between the main business location and remote office. What can it use to create the tunnel?



A. WAP2-Enterprise


B. RADIUS


C. NAC


D. IPsec

D. IPsec

24. You are planning to deploy a VPN with IPsec. Users will use the VPN to access corporate resources while they are on the road. How should you use IPsec?



A. With AH in tunneling mode


B. With AH in transport mode


C. With ESP in tunnel mode


D. With ESP in transport mode

C. With ESP in tunnel mode

25. An employee connects to the corporate network using a VPN. However, the client is not able to access internal resources, but instead receives a warning indication their system is not up to date w/ current patches. What is causing this behavior?



A. The VPN is using IPsec


B. The VPN is not using IPsec


C. NAC is disabled on the network and remediation must take place before the client can access internal resources.


D. NAC is enabled on the network and remediation must take place before the client can access internal resources.

D. NAC is enabled on the network and remediation must take place before the client can access internal resources.