Term
| Layer 5 of the OSI model is |
|
Definition
|
|
Term
| Layer 3 of the OSI model is |
|
Definition
|
|
Term
|
Definition
| a standard network device for connecting multiple Ethernet devices together by using twisted-pair copper or fiber-optic cables in order to make them function as a single network segment. |
|
|
Term
|
Definition
| a network device that can forward packets across computer networks. |
|
|
Term
|
Definition
| a technology that can help to evenly distribute work across a network. |
|
|
Term
| What does Stateful packet filtering do? |
|
Definition
| It keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions. |
|
|
Term
|
Definition
| a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user |
|
|
Term
| A reverse proxy does not ______ |
|
Definition
| serve clients, but instead routes incoming requests to the correct server. |
|
|
Term
|
Definition
| it encrypts all data that is transmitted between the remote device and the network. |
|
|
Term
|
Definition
| the end of the tunnel between VPN devices. |
|
|
Term
| A Web security gateway can |
|
Definition
| block malicious content in “real time” as it appears without first knowing the URL of a dangerous site. |
|
|
Term
| Signature- based monitoring is |
|
Definition
| Examining network traffic, activity, transactions, or behavior and looking for well-known patterns |
|
|
Term
| Each operation in a computing environment starts with ____ |
|
Definition
|
|
Term
|
Definition
| a technique that allows private IP addresses to be used on the public Internet |
|
|
Term
| What are Private IP addresses? |
|
Definition
| IP addresses that are not assigned to any specific user or organization. |
|
|
Term
|
Definition
| typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP). |
|
|
Term
| In order to allow untrusted outside users access to resources such as Web servers, most networks employ a ____ |
|
Definition
|
|
Term
| IP addresses are __-bit addresses |
|
Definition
|
|
Term
| Workgroup switches are ________ to the devices on a network |
|
Definition
|
|
Term
| A VLAN allows scattered users to ____ |
|
Definition
| be logically grouped together even though they may be attached to different switches. |
|
|
Term
| Remote access provides remote users with ______ |
|
Definition
| the same access and functionality as local users through a VPN or dial-up connection. |
|
|
Term
|
Definition
| The most common protocol suite used today for local area networks (LANs) as well as the Internet |
|
|
Term
| IP is the protocol that _______ |
|
Definition
| functions primarily at the Open Systems Interconnection (OSI) Network Layer. |
|
|
Term
|
Definition
| the main Transport Layer protocol that is responsible for establishing connections and the reliable data transport between devices. |
|
|
Term
|
Definition
|
|
Term
| SNMP agents are protected with |
|
Definition
| a password known as a community string in order to prevent unauthorized users from taking control over a device. |
|
|
Term
|
Definition
| a database, organized as a hierarchy or tree, of the name of each site on the Internet and its corresponding IP number. |
|
|
Term
| DNS poisoning can be prevented by _____ |
|
Definition
| using the latest editions of the DNS software known as BIND. |
|
|
Term
|
Definition
| the FTP control port used for passing FTP commands. |
|
|
Term
|
Definition
| packets across computer networks. |
|
|
Term
| Routers operate at the ______ Layer |
|
Definition
|
|
Term
| A flood guard is a feature that _____ |
|
Definition
| controls a device’s tolerance for unanswered service requests and helps to prevent a DoS attack. |
|
|
Term
| A DNS log can create what? |
|
Definition
| entries in a log for all queries that are received. |
|
|
Term
| Firewall logs can be used to do what? |
|
Definition
| determine whether new IP addresses are attempting to probe the network |
|
|
Term
| Broadcast storms can be prevented with |
|
Definition
|
|
Term
| It is possible to segment a network by _____ |
|
Definition
| physical devices grouped into logical units through a VLAN. |
|
|
Term
| IEEE 802.1x provides a greater degree of security by |
|
Definition
| implementing port-based authentication. |
|
|
Term
|
Definition
| a means of managing and presenting computer resources by function without regard to their physical layout or location. |
|
|
Term
| Server virtualization typically relies on what? |
|
Definition
| the kernel, which is software that runs on a physical computer to manage one or more virtual machine operating systems. |
|
|
Term
|
Definition
| a pay-per-use computing model in which customers pay only for the computing resources they need. |
|
|
Term
| In the Cloud Software as a Service model, the cloud computing vendor provides |
|
Definition
| access to the vendor’s software applications running on a cloud infrastructure. |
|
|
Term
| In the Cloud Infrastructure as a Service cloud computing model, the customer has |
|
Definition
| the highest level of control. |
|
|
Term
|
Definition
| a Personal Area Network technology designed for data communication over short distances. |
|
|
Term
| Most bluetooth devices use |
|
Definition
| a Class 2 radio that has a range of 33 feet. |
|
|
Term
| The IEEE 802.15.1-2005 Wireless Personal Area Network standard was based on |
|
Definition
| the bluetooth v1.2 specifications. |
|
|
Term
|
Definition
| Slave devices that are connected to the piconet and are sending transmissions |
|
|
Term
|
Definition
| A group of piconets in which connections exist between different |
|
|
Term
|
Definition
| an attack that sends unsolicited messages to Bluetooth-enabled devices. |
|
|
Term
|
Definition
| an attack that accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers. |
|
|
Term
|
Definition
| the “base station” for the wireless network |
|
|
Term
|
Definition
| an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks. |
|
|
Term
|
Definition
| an AP that is set up by an attacker. |
|
|
Term
| What does a device do when it receives a beacon frame from an AP? |
|
Definition
| the device sends a frame known as an association request frame to the AP. |
|
|
Term
| The SSID can generally be |
|
Definition
| any alphanumeric string from 2 to 32 characters. |
|
|
Term
|
Definition
| detect any changes in a packet, whether accidental or intentional |
|
|
Term
|
Definition
| the encryption protocol standard for WPA2 |
|
|
Term
|
Definition
| a framework for transporting authentication protocols instead of the authentication protocol itself. |
|
|
Term
| EAP request packets are issued by |
|
Definition
|
|
Term
|
Definition
| a field that indicates the function of the packet and an identifier field used to match requests and responses |
|
|
Term
|
Definition
| mutual authentication used for WLAN encryption using Cisco client software. |
|
|
Term
|
Definition
| a more flexible EAP scheme because it creates an encrypted channel between the client and the authentication server. |
|
|
Term
| Rogue access points are serious threats to network security because |
|
Definition
| they allow attackers to intercept the RF signal and bypass network security to attack the network or capture sensitive data. |
|
|
Term
|
Definition
| a single access point to service different types of users. |
|
|
Term
|
Definition
| A user or a process functioning on behalf of the user that attempts to access an |
|
|
Term
|
Definition
| the action that is taken by the subject over the object. |
|
|
Term
| An access control model is |
|
Definition
| a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications. |
|
|
Term
| Mandatory Access Control is |
|
Definition
| the most restrictive access control model. |
|
|
Term
| In the UAC dialog boxes, the color gray indicates |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Role Based Access Control is |
|
Definition
| considered a more “real world” access control than the other models because the access is based on a user’s job function within an organization. |
|
|
Term
| Rule Based Access Control is |
|
Definition
| often used for managing user access to one or more systems. |
|
|
Term
| A user under Role Based Access Control can be assigned |
|
Definition
|
|
Term
| Separation of duties requires ____ |
|
Definition
| that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals. |
|
|
Term
|
Definition
| a set of permissions that are attached to an object. |
|
|
Term
|
Definition
| user accounts that remain active after an employee has left an organization. |
|
|
Term
| Account expiration indicates when |
|
Definition
| an account is no longer active. |
|
|
Term
| A user accessing a computer system |
|
Definition
| present credentials or identification when logging on to the system. |
|
|
Term
|
Definition
| suitable for what are called “high-volume service control applications” such as dial-in access to a corporate network. |
|
|
Term
| During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates |
|
Definition
| a data packet from this information called the authentication request. |
|
|
Term
|
Definition
| an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users. |
|
|
Term
|
Definition
| an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server |
|
|
Term
| Entries in the DIB are arranged in a tree structure called |
|
Definition
|
|
Term
| The X.500 standard defines a protocol for a client application to access an X.500 directory called |
|
Definition
|
|
Term
| LDAP injection attacks may allow an attacker to |
|
Definition
| construct LDAP statements based on user input statements |
|
|
Term
|
Definition
| a secret combination of letters, numbers, and/or characters that only the user should know. |
|
|
Term
| The weakness of passwords |
|
Definition
|
|
Term
|
Definition
| also capture transmissions that contain passwords |
|
|
Term
|
Definition
| the set of letters, symbols, and characters that make up the password |
|
|
Term
| Due to the limitations of online guessing, most password attacks today use ___ |
|
Definition
|
|
Term
|
Definition
| where every possible combination of letters, numbers, and characters is used to create encrypted passwords. |
|
|
Term
|
Definition
| slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters such as @, $, !, or %. |
|
|
Term
| Although brute force and dictionary attacks were once the primary tools used by attackers to crack an encrypted password, today attackers usually prefer |
|
Definition
|
|
Term
| To create a rainbow table, each chain begins with |
|
Definition
| an initial password that is encrypted. |
|
|
Term
|
Definition
| use fingerprints or other unique characteristics of a person’s face, hands, or eyes (irises and retinas) to authenticate a user. |
|
|
Term
|
Definition
| the time it takes for a key to be pressed and then released. |
|
|
Term
| Speech recognition accepts |
|
Definition
| spoken words for input as if they had been typed on the keyboard |
|
|
Term
| If a user typically accesses his bank’s Web site from his home computer on nights and weekends, then this information can be used to |
|
Definition
| establish a computer footprint of typical access. |
|
|
Term
|
Definition
| related to the perception, thought process, and understanding of the user. |
|
|
Term
| It is predicted that cognitive biometrics could become |
|
Definition
| a key element in authentication in the future. |
|
|
Term
|
Definition
| using a single authentication credential that is shared across multiple networks. |
|
|
Term
|
Definition
| reducing the number of usernames and passwords that users must memorize |
|
|
Term
| Windows Live ID was originally designed as |
|
Definition
| a federated identity management system that would be used by a wide variety of Web servers. |
|
|
Term
| Microsoft is Windows CardSpace is |
|
Definition
| a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy. |
|
|
Term
|
Definition
| share resources stored on one site with a second site without forwarding their authentication credentials to the other site. |
|
|
Term
|
Definition
| an operating system that has been reengineered so that it is designed to be secure from the ground up. |
|
|
