Flashcards and Answers – chapter 6
Unlock all answers in this set
Unlock answersquestion
IP addresses are ____-bit addresses.
answer
32
question
Network hardware that provides multiple security functions
answer
all in one network security appliance
question
A monitoring technique used by an IDS that creates a baseline of normal activities and compares actions against the baseline. Whenever a significant deviation from this baseline occurs an alarm is raised
answer
anomaly based monitoring
question
The attacker sends a forged ARP packet to the source device, substituting the attacker's computer MAC address
answer
ARP poisoning
question
A reference set of data against which operational data is compared
answer
Baseline
question
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it
answer
behavior based monitoring
question
frames sent to all devices
answer
broadcast
question
temporary storage area
answer
cache
question
reside at the top of the hierarchy and carry traffic between switches
answer
Core switches
question
A separate network that rests outside the secure network perimeter; untrusted outside users can access it but cannot enter the secure network
answer
demilitarized zone
question
A(n) ____ is the end of the tunnel between VPN devices.
answer
endpoint
question
alarms that are raised when there is no actual abnormal behavior
answer
false positives
question
What is another name for a packet filter?
answer
Firewall
question
A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists
answer
heuristic monitoring
question
a program that is run on a local system to filter traffic
answer
host based software firewall
question
A software-based application that runs on a local host computer that can detect an attack as it occurs
answer
host intrusion detection system
question
a standard network device for connecting multiple Ethernet devices together using twisted pair copper or fiber optic cables in order to make them function as a single network segment
answer
hub
question
combine or integrate multipurpose security appliances with a traditional network device such as a switch or router
answer
integrated network security hardware
question
monitor Internet traffic and block access to preselected Web sites and files
answer
Internet content filters
question
A device designed to be active security; it can detect an attack as it occurs
answer
intrusion detection system
question
Load balancing that is used for distributing HTTP requests received through port 80
answer
IP spraying
question
A hardware load balancer
answer
Layer 4-7 router
question
A device that can direct requests to different servers based on a variety of factors, such as the number of server connections, the server's processor utilization, and overall performance of the server
answer
load balancer
question
a technology that can help to evenly distribute work across a network
answer
load balancing
question
If two devices have the same MAC address, a switch may send frames to each device; an attacker can change the MAC address on their device to match the target device's MAC address
answer
MAC address impersonation
question
An attacker can overflow the switch's address table with fake MAC addresses, forcing it to act like a hub, sending packets to all devices
answer
MAC flooding
question
an entry in the DNS that identifies the mail server responsible for handling that domain name
answer
MX record
question
Layer 3 of the OSI model is the ____ layer.
answer
Network
question
A technique that examines the current state of a system or network device before it is allowed to connect to the network
answer
network access control
question
A technique that allows private IP addresses to be used on the public Internet
answer
network address translation
question
A technology that watches for attacks on the network and reports back to a central device
answer
network intrusion detection system
question
A technology that monitors network traffic to immediately react to block a malicious attack
answer
network intrusion prevention system
question
a separate device that can be installed between two network devices to monitor traffic
answer
network tap
question
illustrates how a network device prepares data for delivery over the network to another device, and how data is to be handled when it is received
answer
OSI model
question
____ is typically used on home routers that allow multiple users to share one IP address received from an Internet service provider (ISP).
answer
PAT
question
A technique that gives each packet the same IP address but a different TCP port number
answer
port address translation
question
An attacker connects his device to the switch's mirror port
answer
Port mirroring
question
responsible for handling incoming mail on port 110
answer
Post Office Protocol
question
IP addresses that are not assigned to any specific user or organization
answer
Private IP address
question
A computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user
answer
proxy server
question
any combination of hardware and software that enables remote users to access a local internal network
answer
remote access
question
A computer or an application program that routes incoming requests to the correct server
answer
reverse proxy
question
A device that can forward packets across computer networks
answer
router
question
rules set by an administrator that tell the firewall precisely what action to take with each packet that comes through it
answer
rule based firewall
question
Layer 5 of the OSI model is the ____ layer.
answer
Session
question
allows the administrator to create sets of related parameters that together define one aspect of the device's operation
answer
settings based firewall
question
A monitoring technique used by an IDS that examines network traffic to look for well-known patterns and compares the activities against a predefined signature
answer
signature based monitoring
question
handles outgoing mail on port 25
answer
Simple Mail Transfer Protocol
question
multiple sites can connect to other sites over the internet
answer
site to site VPN
question
___ keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.
answer
stateful packet filtering
question
packets filtered by a firewall that looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator
answer
stateless packet filtering
question
A firewall using ____ is the most secure type of firewall
answer
stateless packet filtering
question
Allows an IP address to be split anywhere within its 32 bits
answer
Subnet Addressing
question
A technique that uses IP addresses to divide a network into network, subnet and host
answer
subnetting
question
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices
answer
switch
question
an instruction that interrupts the program being executed and requests a service from the operating system
answer
system call
question
frames intended for a specific device
answer
unicast
question
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches
answer
virtual LAN
question
a user-to-LAN connection used by remote users
answer
virtual private dial up network
question
a technology to use an unsecured public network, such as the Internet, like a secure private network
answer
virtual private network
question
A(n) ____ encrypts all data that is transmitted between the remote device and the network.
answer
VPN
question
A device that aggregates hundreds or thousands of VPN connections
answer
VPN concentrator
question
A special type of firewall that looks more deeply into packets that carry HTTP traffic
answer
Web application firewall
question
A device that can block malicious content in "real time" as it appears (without first knowing the URL of a dangerous site)
answer
Web security gateway
question
connected directly to the devices on the network
answer
workgroup switches
question
True or False: Workgroup switches must work faster than core switches.
answer
FALSE
question
True or False: The OSI model breaks networking steps down into a series of six layers.
answer
FALSE
question
True and False: Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.
answer
TRUE
question
True or False: A basic level of security can be achieved through using the security features found in network hardware.
answer
TRUE
question
True or False: Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.
answer
TRUE