Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
115 Cards in this Set
- Front
- Back
___ is the multi-pronged approach to network security.
|
DiD
|
|
A _____ consists of hardware or software that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network.
|
firewall
|
|
Two basic security functions that firewalls perform are _____ filtering and _____ proxy gateways.
|
packet / application
|
|
_____ firewall security features include logging access, authenticating users, caching data, and filtering content.
|
Advanced
|
|
Trojan horses enter the system through hidden openings called _____ _____.
|
back doors
|
|
The point at which one network connects to another network is called the network _____.
|
boundary
|
|
BlackICE Defender, Zone Alarm, and Tiny Personal Firewall are personal _____ programs.
|
firewall
|
|
A _____ host is a machine that has no unnecessary services running on it.
|
bastion
|
|
The SMTP protocol uses port __.
|
25
|
|
The POP3 protocol uses port ___.
|
110
|
|
The _____ -___ command will refresh the netstat display every 5 seconds.
|
netstat -an5
|
|
A _____ server will make high-level application connections on behalf of internal hosts.
|
proxy
|
|
_____ _____ number theft is the most harmful result to individuals of a hacker attack.
|
Credit card
|
|
The _____ process uses encryption to protect usernames and passwords.
|
authentication
|
|
Packet filtering occurs at the _____ layer of the OSI model.
|
transport
|
|
Encryption occurs at the _____ layer of the OSI model.
|
presentation
|
|
The SOCKS proxy server functions at the _____ layer of the OSI model.
|
session
|
|
NAT functions at the _____ layer of the OSI model.
|
network
|
|
_____ is another name for a packet.
|
Datagram
|
|
_____ packet filtering examines the data contained in a packet, and a memory of the state of the connection between the client and the server.
|
Stateful
|
|
The first thing that a _____ firewall does when a request packet arrives is to check a list of active connections.
|
stateful
|
|
The list of _____ _____ includes: TCP filtering, IP filtering, and ICMP.
|
filter rules
|
|
___ servers function as a network-level proxy.
|
NAT
|
|
An application layer gateway is also known as a _____ server.
|
proxy
|
|
The _____ address range is 169.254.0.0/16.
|
APIPA
|
|
The process of mapping a static public IP address to a private IP address of a computer on the local network is called __ _____ mapping.
|
IP address
|
|
Filtering, proxying, and logging are the core functions of all _____.
|
firewalls
|
|
The term _____ is used by vendors to describe expensive firewall products.
|
appliance
|
|
Email and web servers should be placed in the ___.
|
DMZ
|
|
A secure network located at the perimeter of another network
|
Service network
|
|
An attempt to put a false IP address into a packet header
|
IP spoofing
|
|
A device that connects and directs traffic between networks
|
Router
|
|
A review of system's operation to evaluate its performance
|
Audit
|
|
Acts as an innocent program until it is activated
|
Trojan horse
|
|
Describes a multilayered approach to network security
|
Defense in Depth
|
|
The point at which one network stops and another network begins
|
Network boundary
|
|
Programs that replicate themselves over a computer network
|
Worms
|
|
The part of a packet that contains information such as source IP address
|
Header
|
|
A network between two hosts over a public network
|
VPN
|
|
There are _____ steps to follow when building a security policy.
|
seven
|
|
Loss of _____ can take place when sensitive customer and financial information is compromised during a hack attack.
|
data
|
|
Loss of _____ occurs when sales people can't take orders and technicians cannot manage the system due to a hack attack.
|
productivity
|
|
A loss of _____ time occurs when employee resources have to be directed toward patching the security holes and preventing future attacks.
|
staff
|
|
SANS defines a _____ as "a document that outlines specific security or rules that must be met".
|
policy
|
|
Membership of a _____ team should include senior administrators, a member of the legal staff, a member of the IT department, and an editor or writer.
|
policy
|
|
The _____ security approach has a primary emphasis of restricting traffic between two networks to only a few authorized activities.
|
restrictive
|
|
The _____ security approach calls for traffic to flow freely between two networks except for communications using specified ports, services, or computers.
|
permissive
|
|
An _____ security stance is one where the primary emphasis is on making resources available.
|
open
|
|
A _____ security policy would specify basic packet filtering at the network perimeter but with a more strict approach.
|
cautious
|
|
A _____ security policy approach would completely disconnect the internal network from the Internet.
|
paranoid
|
|
An _____ approach to a security policy should include the installation of a stateless packet filter.
|
optimistic
|
|
The actual hardware devices that keep data flowing throughout the network are known as _____ assets.
|
physical
|
|
_____ assets are what most people think of when they think of a firewall.
|
Logical
|
|
_____ assets refer to the software that runs your system.
|
System
|
|
The process of recording which computers are accessing a network and what resources are being accessed is called _____.
|
auditing
|
|
The most common type of auditing is the auditing of _____ files.
|
log
|
|
Security auditing in Windows 2000 can be activated on individual folders as long as the disk that contains the folder is formatted in ____.
|
NTFS
|
|
_____ sharing is not a typical security risk.
|
File
|
|
The part of a security policy that includes E-mail and News is called _____ use.
|
acceptable
|
|
Of all of the Microsoft products only Windows 2000 and Windows XP allow for the use of _____ to protect communications.
|
IPSec
|
|
E-mail virus infections, employees giving out passwords, and brute force attacks can breach even the most elaborate _____ setup.
|
firewall
|
|
_____ access policy is the name for the part of the security policy that spells out how employees dial into the office network to access files.
|
Remote
|
|
_____ policy is the part of a security policy that determines how you manage private and public keys.
|
Key
|
|
The development of a security policy typically takes only _-_ weeks.
|
1-2
|
|
The _____ priority for users/workers on a network is getting access to the information that they need.
|
top
|
|
If possible, a security policy should be kept to no longer than _ pages.
|
5
|
|
A device that routes requests for information based on response time
|
Load balancing switch
|
|
Hardware or software designed to detect unauthorized network access
|
IDS
|
|
Instructs employees on an overall security policy
|
Security User Awareness program
|
|
Breaching a firewall-protected network by flooding it with traffic
|
Brute force attack
|
|
The process of recording computer and resource access
|
Auditing
|
|
Unix-based protocol that enables secure access to a remote computer
|
Secure shell
|
|
Two firewalls enclosed by two load balancing switches
|
Firewall sandwich
|
|
Rules governing acceptable use of computing resources
|
Security policy
|
|
A set of security standards developed by the IETF
|
IPSec
|
|
The most important configuration file on your firewall is the _____ file.
|
rules
|
|
A deny all approach will block _____ by default and only specifically allow those services you need on a case-by-case basis.
|
everything
|
|
If you follow a _____ approach to security, you should set up a stateful instead of a stateless packet filter.
|
“cautious”
|
|
If you follow a ______ approach to security, set up application proxy gateways that forward requests on behalf of internal users.
|
“strict”
|
|
A firewall needs to be _____ so that it can grow with the network it protects.
|
scalable
|
|
A _____ host needs to have sufficient processor speed and memory to handle the network's present traffic and increased traffic as the network grows.
|
bastion
|
|
A _____ resource is defined as a software- or hardware-related item that is indispensable to the operation of the device or program.
|
critical
|
|
Many _____ systems perform IP forwarding, as do routers.
|
operating
|
|
A _____-_____ host is a client computer that is connected to the Internet and hosts firewall software.
|
dual-homed
|
|
A _____ firewall monitors outbound rather than inbound traffic.
|
reverse
|
|
A DMZ screened _____ is a network of publicly accessible servers that is connected to the firewall but is outside the internal network being protected.
|
subnet
|
|
If you are a victim of a port scanning attack, you should review your firewall _____ and block access from the "bad" IP addresses.
|
logs
|
|
If you are a victim of a harmful e-mail attachments attack, you should use software that _____ Port 25 for SMTP traffic.
|
scans
|
|
A _____ router filters traffic to individual computers within the internal network.
|
screening
|
|
A router determines where packets should go through an interface and which should be blocked based on a set of rules called an _____ _____ _____.
|
access control list
|
|
A _____-_____ host is a fancy term for a computer that has two network interfaces.
|
dual-homed
|
|
A _____ host is sometimes called a dual-homed gateway or bastion host.
|
screened
|
|
A ___ is a network that sits outside the internal network but is connected to the firewall and provides publicly available servers.
|
DMZ
|
|
You create a _____ subnet by adding servers that permit public services and combining them to the firewall's subnet.
|
screened
|
|
A subnet that is attached to the firewall and contained in the DMZ is called a _____ network.
|
service
|
|
The firewall in a DMZ screened subnet is sometimes called a _____-_____ firewall.
|
tri-homed
|
|
The DNS server in the DMZ needs only list a limited number of _____ IP addresses.
|
public
|
|
A _____ server is a server that creates a secure tunnel connection.
|
tunnel
|
|
The arrangement of a DMZ enclosed by two firewalls is sometimes called a _____-_____ firewall.
|
tri-homed
|
|
One advantage to setting up a DMZ with two _____ is you can control where traffic goes in the three networks.
|
firewalls
|
|
IPSec and Kerberos are _____ with NAT.
|
incompatible
|
|
If you want a failover firewall, both models must be _____ so that they can be configured for seamless operation.
|
compatible
|
|
The _____ ___ _____ Firewall uses state update packets to pass data about the state of the current connections between the primary and the failover firewall.
|
Cisco PIX Failover
|
|
A _____ firewall is a device that monitors information going out of a network rather than trying to block what is coming in.
|
reverse
|
|
A ___ router converts publicly accessible IP addresses to private ones and vice versa.
|
NAT
|
|
A workstation with an internal interface and an external Internet interface
|
Dual-homed host
|
|
Network exposed to an external network but partially protected by a firewall
|
screened subnet
|
|
Enables VPN clients to connect to it based on their IP addresses
|
Tunnel server
|
|
Has three interfaces connecting it to the external network, DMZ, and protected LAN
|
Three-pronged firewall
|
|
Designed to maintain connections in case a primary firewall stops working
|
Failover firewall
|
|
Screened subnet connected to a firewall at the edge of a protected network
|
Perimeter network
|
|
Backup services are provided by maintaining copies of connection states
|
Stateful failover
|
|
The use of two firewalls to set up three separate networks
|
Tri-homed firewall
|
|
Inspects and monitors traffic leaving a local network
|
Reverse firewall
|
|
Filters traffic passing between one network to another
|
Screening router
|