CompTIA Security+ Chapter 4: Network Security

Questions and Answers

What is a key component of a high-availability network?

Vulnerability scanning (correct)

Firewall configuration

Single sign-on

Network segmentation

Why is a bastion host the most secure method for providing administrative access to internal resources?

It does not require strong authentication and encryption

It provides multiple points of control and defense

It minimizes the traffic allowed through the security boundary (correct)

It allows all types of traffic through the security boundary

What is the primary purpose of a bastion host?

To block all incoming and outgoing traffic

To provide weak authentication and encryption

To allow all types of traffic through the security boundary

To provide a single point of control and defense (correct)

What type of server is a bastion host?

Special-purpose server

Where is a bastion host typically placed?

On the edge of the network

What type of traffic can a bastion host be configured to allow?

Only certain types of traffic, such as SSH or HTTP

What type of security software can a bastion host run?

Firewalls and intrusion detection systems

What is the purpose of logging all activities on a bastion host?

For auditing purposes

What type of data can endpoint logs provide for security analysts?

Processes running on the device, network connections, and files accessed

What is the primary function of a content filter?

To block or allow access to web content based on predefined rules or categories

What would be the solution to users being unable to access a website due to a content filter?

Updating the categorization in the content filter

What type of information can endpoint logs record about executable files?

Name, path, size, hash, signature, and permissions

What is the purpose of a web filter?

To block or allow access to web content based on predefined rules or categories

Why would a content filter block a website?

If it is categorized incorrectly

What would a web filter scan a URL for?

Strings and keywords

What can endpoint logs provide information about?

Processes running on the device, network connections, and files accessed

What is a compensating control in security?

A security measure that reduces the likelihood or impact of an attack

What is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system?

Bug bounty

What is the purpose of a host-based firewall?

To monitor and filter incoming and outgoing network traffic on a single host

What is required for an organization to properly manage its restore process in the event of system failure?

Disaster Recovery Plan (DRP)

What type of attack involves using text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information?

Smishing

What is the term used to describe the use of unauthorized or unapproved IT resources within an organization?

Shadow IT

What is a disaster recovery plan (DRP)?

A set of policies and procedures to restore normal operations in the event of system failure

What is the main goal of a bug bounty program?

All of the above

What is likely occurring if an internal system is sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?

A worm is propagating across the network

What is the purpose of a compensating control in a legacy Linux system?

To reduce the likelihood or impact of an attack

What is the term used to describe a type of phishing attack that uses voice calls?

Vishing

What is the risk of using unauthorized or unapproved IT resources within an organization?

Risk to security posture, data integrity, and regulatory compliance

What is a characteristic of a legacy Linux system?

It may not be compatible with the latest security updates or patches

What is the primary goal of a disaster recovery plan (DRP)?

To restore normal operations in the event of system failure

What is the term used to describe a type of attack that involves tricking victims into clicking on malicious links or providing personal information?

Phishing

What is the benefit of using a bug bounty program?

All of the above

What is the primary purpose of the chain of custody process?

To document and preserve the integrity of evidence

What type of security controls are designed to protect human life and physical assets from harm or damage?

Safety controls

What should safety controls be set up to do in case of a failure?

Fail open

What is the severity of the vulnerability reported in the vulnerability scanning report?

High

What is the result of the test performed by the security analyst using the nmap command?

The Telnet server supports encryption

What can be concluded about the reported vulnerability based on the test result?

Compensating controls exist

What is the primary purpose of vulnerability scanning?

To identify vulnerabilities in a system

What type of security control should be set up to fail closed in case of a failure?

Logical security controls

Study Notes

High-Availability Network

• A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Secure Access to Internal Resources

• A bastion host is a special-purpose server that provides secure access to internal resources while minimizing traffic allowed through the security boundary.
• A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
• It can be configured to allow only certain types of traffic and block all other traffic.
• It can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.

Compensating Control

• A compensating control is a security measure that mitigates the risk of a vulnerability or weakness that cannot be resolved by the primary control.
• It does not prevent or eliminate the vulnerability or weakness, but reduces the likelihood or impact of an attack.
• Example: A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is a compensating control.

Disaster Recovery Plan

• A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore normal operations of an organization in the event of a system failure, natural disaster, or other emergency.

Bug Bounty Program

• A bug bounty program is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system.
• It is used by companies to improve their security posture and incentivize ethical hacking.

Smishing Attack

• Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.

Shadow IT

• Shadow IT refers to the use of unauthorized or unapproved IT resources within an organization.
• Example: A marketing department setting up its own project management software without telling the appropriate departments.

Endpoint Log

• An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone.
• It can provide valuable data for security analysts, such as the processes running on the device, the network connections established, the files accessed or modified, and the user actions performed.

Content Filter

• A content filter is a device or software that blocks or allows access to web content based on predefined rules or categories.
• Example: A content filter blocking a new retail website because it is mistakenly categorized as gambling.

Chain of Custody

• Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response.
• It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored.

Safety Controls

• Safety controls are security controls that are designed to protect human life and physical assets from harm or damage.
• Example: Safety controls should be designed to fail open in case of an emergency.

Vulnerability Scanning Report

• A vulnerability scanning report provides information about potential vulnerabilities in a system or network.
• Example: A report showing an open Telnet port with a high severity vulnerability, but further testing reveals that the Telnet server supports encryption, making it a false positive.

Description

Learn about the importance of risk assessment, threat intelligence, and penetration testing in ensuring a high-availability network. This chapter covers the key concepts of network security architecture and design.