Security+ SY0-301 Chapter 8 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Security failures can occur in two ways
answer
First, a failure can allow unauthorized users access to resources and data they are not authorized to use, compromising information security. Second, a failure can prevent a user from accessing resources and data the user is authorized to use.
question
Devices are needed to
answer
connect the clients and servers and to regulate the traffic between them
question
Devices come in many forms and with many functions
answer
from hubs and switches, to routers, wireless access points, and special-purpose devices such as virtual private network (VPN) devices. Each device has a specific network function and plays a role in maintaining network infrastructure security.
question
The workstation
answer
is the machine that sits on the desktop and is used every day for sending and reading e-mail, creating spreadsheets, writing reports in a word processing program, and playing games.
question
Even secure networks can fall prey to virus and worm contamination
answer
and infection has been known to come from commercial packages.
question
Out-of-date definitions can lead to a false sense of security
answer
and many of the most potent virus and worm attacks are the newest ones being developed.
question
A virus is
answer
a piece of software that must be introduced to the network and then executed on a machine. Workstations are the primary mode of entry for a virus into a network.
question
Although a lot of methods can be used to introduce a virus to a network
answer
the two most common are transfer of an infected file from another networked machine and from e-mail.
question
Apple Macintosh computers had very few examples of malicious software in the wild.
answer
As Mac has increased in market share, so has its exposure, and today a variety of Mac OS X malware steals files and passwords and is even used to take users' pictures with the computer's built-in webcam.
question
When the transferred file is executed
answer
the virus is propagated.
question
The practice of disabling or removing unnecessary devices and software from workstations is also a sensible precaution
answer
If a particular service, device, or account is not needed, disabling or removing it will prevent its unauthorized use by others.
question
The primary method of controlling the security impact of a workstation on a network is to reduce the available attack surface area.
answer
Turning off all services that are not needed or permitted by policy will reduce the number of vulnerabilities.
question
Servers
answer
are the computers in a network that host applications and data for everyone to share.
question
The key management issue behind running a secure server setup is to
answer
identify the specific needs of a server for its proper operation and enable only items necessary for those functions.
question
Some types of servers, such as e-mail servers, can require
answer
extensive antivirus protection because of the services they provide.
question
network interface card (NIC)
answer
is a card with a connector port for a particular type of network connection, either Ethernet or Token Ring. The most common network type in use for local area networks is the Ethernet protocol, and the most common connector is the RJ-45 connector.
question
The purpose of a NIC is to provide lower level protocol functionality from
answer
the OSI (Open System Interconnection) model. A NIC is the physical connection between a computer and the network.
question
NICs are serialized with a unique code, referred to as
answer
a Media Access Control address (MAC address). These are created by the manufacturer, with a portion being manufacturer and a portion being a serial number, guaranteeing uniqueness.
question
Hubs
answer
are networking equipment that connect devices using the same protocol at the physical layer of the OSI model.
question
All connections on a hub share a single collision domain,
answer
a small cluster in a network where collisions occur. As network traffic increases, it can become limited by collisions.
question
Bridges
answer
are networking equipment that connect devices using the same protocol at the physical layer of the OSI model. A bridge operates at the data link layer, filtering traffic based on MAC addresses.
question
Switches
answer
form the basis for connections in most Ethernet-based local area networks (LANs).
question
A switch has separate collision domains for each port.
answer
This means that for each port, two collision domains exist: one from the port to the client on the downstream side and one from the switch to the network upstream. When full duplex is employed, collisions are virtually eliminated from the two nodes, host and client.
question
Switches operate at the data link layer, while routers act at the network layer.
answer
For intranets, switches have become what routers are on the Internet.
question
A switch is usually a layer 2 device
answer
but layer 3 switches incorporate routing functionality.
question
Switches are commonly administered using
answer
the Simple Network Management Protocol (SNMP) and Telnet protocol, both of which have a serious weakness in that they send passwords across the network in clear text.
question
An additional problem is that switches are shipped with default passwords,
answer
and if these are not changed when the switch is set up, they offer an unlocked door to a hacker.
question
virtual local area networks (VLANs)
answer
"broadcast domain within a switched network," meaning that information is carried in broadcast mode only to devices within a VLAN.
question
Switches that allow multiple VLANs to be defined enable broadcast messages to be segregated into the specific VLANs.
answer
This configuration increases network segregation, increasing throughput and security.
question
Unused switch ports can be preconfigured into
answer
empty VLANs that do not connect to the rest of the network. This significantly increases security against unauthorized network connections.
question
Switches operate at level 2, and at this level there is no countdown mechanism to kill packets that get caught in loops or on paths that will never resolve
answer
To prevent loops, a technology called Spanning Trees is employed by virtually all switches, allows for multiple, redundant paths, while breaking loops to ensure a proper broadcast pattern.
question
Routers
answer
are network traffic management devices used to connect different network segments together. Routers operate at the network layer of the OSI model, routing traffic using the network address (typically an IP address) utilizing routing protocols to determine optimal routing paths across a network.
question
Routers form the backbone of the Internet
answer
moving traffic from network to network, inspecting packets from every communication as they move traffic in optimal paths.
question
Routers use access control lists (ACLs) as a method of
answer
deciding whether a packet is allowed to enter the network.
question
As with switches, it is important to ensure that the administrative password
answer
is never passed in the clear, only secure mechanisms are used to access the router, and all of the default passwords are reset to strong passwords.
question
he most assured point of access for router management control is
answer
via the serial control interface port. This allows access to the control aspects of the router without having to deal with traffic related issues.
question
A firewall can
answer
be hardware, software, or a combination whose purpose is to enforce a set of network security policies across network connections.
question
Security policies
answer
are rules that define what traffic is permissible and what traffic is to be blocked or denied.
question
At a minimum, the corporate connection to the Internet should pass through a firewall.
answer
This firewall should block all network traffic except that specifically authorized by the firm.
question
Firewalls are designed to block attacks before they reach a target machine.
answer
Common targets are web servers, e-mail servers, DNS servers, FTP services, and databases.
question
Firewalls enforce the established security policies through a variety of mechanisms, including the following:
answer
• Network Address Translation (NAT) • Basic packet filtering • Stateful packet filtering • ACLs • Application layer proxies
question
NAT is a technique used
answer
in IPv4 to link private IP addresses to public ones. Private IP addresses are sets of IP addresses that can be used by anyone and by definition are not routable across the Internet.
question
Basic packet filtering, the next most common firewall technique
answer
involves looking at packets, their ports, protocols, and source and destination addresses, and checking that information against the rules configured on the firewall.
question
Stateful means
answer
that the firewall maintains, or knows, the context of a conversation. In many cases, rules depend on the context of a specific communication connection.
question
A disadvantage of stateful monitoring is that
answer
it takes significant resources and processing to perform this type of monitoring, and this reduces efficiency and requires more robust and expensive hardware.
question
Some high-security firewalls also employ application layer proxies.
answer
Packets are not allowed to traverse the firewall, but data instead flows up to an application that in turn decides what to do with it.
question
Firewalls can be very effective in blocking a variety of flooding attacks
answer
including port floods, SYN floods, and ping floods.
question
The point of entry from a wireless device to a wired network is performed at a device called
answer
a wireless access point, it can support multiple concurrent devices accessing network resources through the network node they provide.
question
Modems
answer
is a shortened form of modulator/demodulator, covering the functions actually performed by the device as it converts analog signals to digital and viceversa.
question
A DSL modem provides a direct connection between
answer
a subscriber's computer and an Internet connection at the local telephone company's switching station.
question
The most common security device used in cable/DSL connections is
answer
a firewall.
question
Private branch exchanges (PBXs) are an extension of the public telephone network into a business.
answer
PBXs are computer-based switching equipment designed to connect telephones into the local phone system.
question
Remote Access Service (RAS)
answer
is a portion of the Windows OS that allows the connection between a client and a server via a dial-up telephone connection.
question
VPN
answer
is a construct used to provide a secure communication channel between users across public networks such as the Internet.
question
Intrusion detection systems (IDSs)
answer
are designed to detect, log, and respond to unauthorized network or host use, both in real time and after the fact.
question
Network Access Control
answer
Managing the endpoints on a case-by-case basis as they connect is a security methodology
question
SNMP was developed to perform
answer
to enable a central monitoring and control center to maintain, configure, and repair network devices, such as switches and routers, as well as other network services such as firewalls, IDSs, and remote access servers.
question
network operations center (NOC)
answer
allows operators to observe and interact with the network, using the self-reporting and in some cases self-healing nature of network devices to ensure efficient network operation.
question
Virtualization
answer
is the creation of virtual systems rather than actual hardware and software. The separation of the hardware and software enables increased flexibility in the enterprise.
question
Mobile Devices
answer
These devices add several challenges for network administrators. When they synchronize their data with that on a workstation or server, the opportunity exists for viruses and malicious code to be introduced to the network.
question
The base of communications between devices is the physical layer of the OSI model. Four common methods are used to connect equipment at the physical layer
answer
• Coaxial cable • Twisted-pair cable • Fiber-optics • Wireless
question
Coaxial Cable
answer
is similar to satellite or cable services, coax was used from machine to machine in early Ethernet implementations at 10 Mbps.
question
UTP/STP Shielded twisted-pair/Unshielded twisted-pair
answer
Twisted-pair wires have all but completely replaced coaxial cables in Ethernet networks. Twisted-pair wires use the same technology used by the phone company for the movement of electrical signals. Single pairs of twisted wires reduce electrical crosstalk and electromagnetic interference.
question
Twisted-pair lines are categorized by the level of data transmission they can support
answer
• Category 3 (Cat 3) minimum for voice and 10 Mbps Ethernet • Category 5 (Cat 5/Cat5e) for 100 Mbps Fast Ethernet; Cat 5e is an enhanced version of the Cat 5 specification to address Far End Crosstalk • Category 6 (Cat 6) for Gigabit Ethernet
question
Fiber-optic cable uses beams
answer
of laser light to connect devices over a thin glass wire. The biggest advantage to fiber is its bandwidth, with transmission capabilities into the terabits per second range.
question
The high cost of connections to fiber and the higher cost of fiber per foot also make
answer
it less attractive for the final mile in public networks where users are connected to the public switching systems.
question
Unguided media is a phrase used
answer
to cover all transmission media not guided by wire, fiber, or other constraints; it includes radio frequency (RF), infrared (IR), and microwave methods.
question
Infrared (IR)
answer
can also be used to connect devices in a network configuration, but it is slow compared to other wireless technologies.
question
RF/Microwave
answer
RF waves are a common method of communicating in a wireless world. Point-to-point microwave links have been installed by many network providers to carry communications over long distances and rough terrain.
question
A sniffer can
answer
record all the network traffic, and this data can be mined for accounts, passwords, and traffic content, all of which can be useful to an unauthorized user.
question
One starting point for many intrusions
answer
is the insertion of an unauthorized sniffer into the network, with the fruits of its labors driving the remaining unauthorized activities.
question
war-driving
answer
involves using a laptop and software to find wireless networks from outside the premises. A typical use of wardriving is to locate a wireless network with poor (or no) security and obtain free Internet access, but other uses can be more devastating.
question
Magnetic media
answer
Common forms include hard drives, floppy disks, zip disks, and magnetic tape.
question
One of the latest advances is full drive encryption built into the drive hardware
answer
Using a key that is controlled, through a Trusted Platform Module (TPM) interface for instance, this technology protects the data if the drive itself is lost or stolen.
question
Several types of magnetic tape are in use today
answer
ranging from quarter inch to digital linear tape (DLT) and digital audiotape (DAT).
question
Optical media involve the use of
answer
a laser to read data stored on a physical device.
question
The advent of large capacity USB sticks has enabled users to
answer
build entire systems, OSs, and tools onto them to ensure security and veracity of the OS and tools.
question
Cloud computing is a common term used to
answer
describe computer services provided over a network. These computing services are computing, storage, applications and services that are offered via the Internet Protocol.
question
Clouds can be created by many entities
answer
internal and external to an organization.
question
Software as a service
answer
acts as software on demand, where the software runs from the cloud
question
Platform as a service
answer
is a marketing term used to describe the offering of a computing platform in the cloud.
question
Infrastructure as a service
answer
is a term used to describe cloud-based systems that are delivered as a virtual platform for computing.
question
A key characteristic of a network is its layout, or topology
answer
A proper network topology takes security into consideration and assists in "building security" into the network.
question
Security Zones
answer
Different zones are designed to provide layers of defense, with the outermost layers providing basic protection and the innermost layers providing the highest level of protection.
question
DMZ in a computer network is used to
answer
acts as a buffer zone between the Internet, where no controls exist, and the inner secure network, where an organization has security policies in place.
question
The idea behind the use of the DMZ topology is to
answer
force an outside user to make at least one hop in the DMZ before he can access information inside the trusted network.
question
The term World Wide Web (WWW) is frequently used synonymously to
answer
represent the Internet, but the WWW is actually just one set of services available via the Internet.
question
Intranet is a term used to
answer
describe a network that has the same functionality as the Internet for users but lies completely inside the trusted area of a network and is under the security control of the system and network administrators. Typically referred to as campus or corporate networks, intranets are used every day in companies around the world.
question
Content on intranet web servers is not available over the Internet to untrusted users.
answer
This layer of security offers a significant amount of control and regulation, allowing users to fulfill business functionality while ensuring security.
question
Should users inside the intranet require access to information from the Internet
answer
a proxy server can be used to mask the requestor's location.
question
An extranet is an extension of
answer
a selected portion of a company's intranet to external partners. This allows a business to share information with customers, suppliers, partners, and other trusted groups while using a common set of Internet protocols to facilitate operations.
question
The use of the term extranet implies
answer
both privacy and security. Privacy is required for many communications, and security is needed to prevent unauthorized use and events from occurring.
question
Data and voice communications have coexisted in enterprises for decades
answer
Recent connections inside the enterprise of Voice over IP and traditional PBX solutions increase both functionality and security risks.
question
Trunking is the process of
answer
spanning a single VLAN across multiple switches. A trunkbased connection between switches allows packets from a single VLAN to travel between switches.
question
VLANs are used to divide
answer
a single network into multiple subnets based on functionality.
question
Network Address Translation (NAT) uses
answer
two sets of IP addresses for resources- one for internal use and another for external (Internet) use.
question
NAT is used to translate between the two addressing schemes and is typically performed at a firewall or router
answer
This permits enterprises to use the nonroutable private IP address space internally and reduces the number of external IP addresses used across the Internet.
question
Three sets of IP addresses are defined as nonroutable
answer
• Class A 10.0.0.0 - 10.255.255.255 • Class B 172.16.0.0 - 172.31.255.255 • Class C 192.168.0.0 - 192.168.255.255
question
NAT is one of the methods used for enforcing perimeter security by
answer
forcing users to access resources through defined pathways such as firewalls and gateway servers.
question
Tunneling is a method of
answer
packaging packets so that they can traverse a network in a secure, confidential manner. Tunneling involves encapsulating packets within packets, enabling dissimilar protocols to coexist in a single communication stream. It also can provide significant measures of security and confidentiality through encryption and encapsulation methods.
