IS-231 Chapters 8-9 – Flashcards

A firewall typically involves a combination of hardware and software.​

​If multiple honeypots are connected to form a larger network, what term is used to describe the network?

The simplest type of firewall is a content filtering firewall.​

Most UNIX and Linux desktop operating systems provide a GUI application for easily viewing and filtering the information in system logs.

An attack that involves a person redirecting or capturing secure transmissions as they occur is known as what type of attack?

The term malware is derived from a combination of the words malicious and software.​

What characteristic of viruses make it possible for a virus to potentially change its characteristics (such as file size, and internal instructions) to avoid detection?

A type of intrusion detection that protects an entire network and is situated at the edge of the network or in a network's protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns.

​A program that runs independently and travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses.

A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network's overall security net.

A type of intrusion prevention that runs on a single computer, such as a client or server, to intercept and help prevent attacks against that one host.

A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network's security.

A type of intrusion detection that runs on a single computer, such as a client or server, to alert about attacks against that one host.

A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices.

A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users.​

A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack.

The process in which a person attempts to glean access for authentication information by posing as someone who needs that information is known as what option below?​

Different types of organizations have similar levels of network security risks.

Wireshark or any other monitoring software running on a single computer connected to a switch doesn't see all the traffic on a network, but only the traffic the switch sends to it, which includes broadcast traffic and traffic specifically addressed to the computer.​

A proxy that provides Internet clients access to services on its own network is known as what type of proxy?​

Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below?​

A highly available server is available what percentage of the time?​