Term
| What is a completely disconnected (isolated) system? |
|
Definition
|
|
Term
What are the following?:
oSingle points of failure
oComplex dependencies
oAvailability over confidentiality and integrity
oLack of documentation and change control
oOverdependence on perimeter security |
|
Definition
| Problems that arise from weaknesses in the network design / architecture |
|
|
Term
| What is an example of a perimeter security device? |
|
Definition
|
|
Term
What are the following?:
•Access
•Email mailbox server
•Mail transfer server |
|
Definition
|
|
Term
| What are containers for hosts that have the same security requirements and manage and filter traffic between each other? |
|
Definition
|
|
Term
| What are physical and logical network designs? |
|
Definition
|
|
Term
What are the following?:
oPrivate network (intranet)
oExtranet
oInternet / guest |
|
Definition
|
|
Term
| What is a private file sharing network within a firm? |
|
Definition
|
|
Term
| What is a private Intranet that connects more than one firm? |
|
Definition
|
|
Term
| What isolates hosts that are Internet-facing? |
|
Definition
| Demilitarized Zones (DMZ) |
|
|
Term
| Different types of DMZ should be used for what? |
|
Definition
|
|
Term
| Communications through the DMZ should what? |
|
Definition
| Not be allowed or closely filtered. |
|
|
Term
| DMZ should ideally use proxies to what? |
|
Definition
| Rebuild packets for forwarding. |
|
|
Term
| For zones to work , network traffic must be what? |
|
Definition
|
|
Term
| What is a network location where the hosts are free to communicate? |
|
Definition
|
|
Term
| Segments can be established using what? |
|
Definition
| Virtual LANs (VLAN) and Subnets |
|
|
Term
| Traffic between segments is controlled by what? |
|
Definition
|
|
Term
| What is isolating VMs running on the same hardware? |
|
Definition
|
|
Term
| What makes logical divisions in the network and can be mapped to VLANs, physical boundaries, other logical boundaries – whatever the network design requires? |
|
Definition
|
|
Term
| Address Resolution Protocol |
|
Definition
|
|
Term
What are the following?:
•Disable unused ports
•Secure the switch's management console
•Use a secure interface
•Disable unused management console access methods
•Restrict the hosts that can be used to access the management console
•Install the latest firmware updates
•Configure the SNMP interface |
|
Definition
| Techniques to Harden A Switch |
|
|
Term
| What is a special purpose computer on a network specifically designed and configured to withstand attacks? |
|
Definition
|
|
Term
| What data can you get from an SNMP Interface? |
|
Definition
| You can monitor data going over switches. |
|
|
Term
| What is a single port switch that filters traffic? |
|
Definition
|
|
Term
| How can you secure a Bridge? |
|
Definition
| Put a permission table on it, put it over a VLAN, etc. |
|
|
Term
| Bridges (switches) self-organize into a hierarchy from a root bridge using what? |
|
Definition
| Bridge Protocol Data Units (BPDU) |
|
|
Term
What are the following?:
oPort fast
oBPDU guard |
|
Definition
| Methods to prevent loops between switches |
|
|
Term
| What does Bridge Protocol Data Units (BPDU) do? |
|
Definition
| Block ports that would cause loops. |
|
|
Term
| What is a port that can only be accessed by a specific device? |
|
Definition
|
|
Term
What are the following?:
oSecure switch hardware
oPhysically disconnect unused ports
oDisable unused ports via management interface |
|
Definition
|
|
Term
What are the following?:
•Visual inspection of ports / switches
•Network mapping / host discovery
•Wireless monitoring
•Network monitoring – identify unauthorized protocols
•Network Access Control (NAC) and intrusion detection – identify unapproved hosts |
|
Definition
| Rouge Machine Detection Methods |
|
|
Term
| What enforces device “health policies” in addition to authentication? |
|
Definition
| Network Access Control (NAC) |
|
|
Term
| What is a VLAN or firewalled subnet (DMZ) granting limited access to network resources? |
|
Definition
|
|
Term
| What is another type of restricted network, usually based on a captive portal? |
|
Definition
|
|
Term
|
Definition
| An agent who scans for vulnerabilities. |
|
|
Term
| Agentless Posture Assessment |
|
Definition
| A program scans for vulnerabilities. |
|
|
Term
| What reveals the presence of a router and which dynamic routing and management protocols it is running? |
|
Definition
|
|
Term
| What is redirecting traffic to routing loops or blackholes or overloading the router? |
|
Definition
|
|
Term
| What can be used maliciously to spoof IP addresses and bypass router / firewall filters? |
|
Definition
|
|
Term
| What allows for someone to spoof their IP easily? |
|
Definition
|
|
Term
| What are private or reserved IP ranges? |
|
Definition
|
|
Term
| What are unallocated public address ranges or allocated but unassigned ranges? |
|
Definition
|
|
Term
| What is to translate from an local addressing scheme to a global one? |
|
Definition
| Network Address Translation (NAT) |
|
|
Term
| Usually private IP address ranges used on LAN to public IP address(es) assigned to what? |
|
Definition
| Router’s external interface(s) |
|
|
Term
| Static NAT means a 1:1 mapping between what? |
|
Definition
| Inside local (10.0.0.101) and inside global (85.234.150.160). |
|
|
Term
| Addresses on other side of NAT router are what? |
|
Definition
| “Outside global” and “Outside local”. |
|
|
Term
| What defines policy decisions on the control plane? |
|
Definition
| Software Defined Networking (SDN) application |
|
|
Term
|
Definition
| It prevents IP addresses from outside the nation from entering (from other countries). |
|
|
Term
|
Definition
| Prevents mobile devices from accessing a network if they are outside of a physical location. |
|
|
