CompTIA Security+ Chapter 4: Network Security

Questions and Answers

What is a key component of a high-availability network?

• Vulnerability scanning (correct)
• Firewall configuration
• Single sign-on
• Network segmentation

Why is a bastion host the most secure method for providing administrative access to internal resources?

• It does not require strong authentication and encryption
• It provides multiple points of control and defense
• It minimizes the traffic allowed through the security boundary (correct)
• It allows all types of traffic through the security boundary

What is the primary purpose of a bastion host?

• To block all incoming and outgoing traffic
• To provide weak authentication and encryption
• To allow all types of traffic through the security boundary
• To provide a single point of control and defense (correct)

What type of server is a bastion host?

Special-purpose server (D)

Where is a bastion host typically placed?

On the edge of the network (D)

What type of traffic can a bastion host be configured to allow?

Only certain types of traffic, such as SSH or HTTP (B)

What type of security software can a bastion host run?

Firewalls and intrusion detection systems (C)

What is the purpose of logging all activities on a bastion host?

For auditing purposes (A)

What type of data can endpoint logs provide for security analysts?

Processes running on the device, network connections, and files accessed (D)

What is the primary function of a content filter?

To block or allow access to web content based on predefined rules or categories (D)

What would be the solution to users being unable to access a website due to a content filter?

Updating the categorization in the content filter (A)

What type of information can endpoint logs record about executable files?

Name, path, size, hash, signature, and permissions (A)

What is the purpose of a web filter?

To block or allow access to web content based on predefined rules or categories (B)

Why would a content filter block a website?

If it is categorized incorrectly (A)

What would a web filter scan a URL for?

Strings and keywords (B)

What can endpoint logs provide information about?

Processes running on the device, network connections, and files accessed (A)

What is a compensating control in security?

A security measure that reduces the likelihood or impact of an attack (A)

What is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system?

Bug bounty (C)

What is the purpose of a host-based firewall?

To monitor and filter incoming and outgoing network traffic on a single host (C)

What is required for an organization to properly manage its restore process in the event of system failure?

Disaster Recovery Plan (DRP) (C)

What type of attack involves using text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information?

Smishing (A)

What is the term used to describe the use of unauthorized or unapproved IT resources within an organization?

Shadow IT (D)

What is a disaster recovery plan (DRP)?

A set of policies and procedures to restore normal operations in the event of system failure (C)

What is the main goal of a bug bounty program?

All of the above (D)

What is likely occurring if an internal system is sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours?

A worm is propagating across the network (C)

What is the purpose of a compensating control in a legacy Linux system?

To reduce the likelihood or impact of an attack (A)

What is the term used to describe a type of phishing attack that uses voice calls?

Vishing (C)

What is the risk of using unauthorized or unapproved IT resources within an organization?

Risk to security posture, data integrity, and regulatory compliance (A)

What is a characteristic of a legacy Linux system?

It may not be compatible with the latest security updates or patches (D)

What is the primary goal of a disaster recovery plan (DRP)?

To restore normal operations in the event of system failure (D)

What is the term used to describe a type of attack that involves tricking victims into clicking on malicious links or providing personal information?

Phishing (B)

What is the benefit of using a bug bounty program?

All of the above (D)

What is the primary purpose of the chain of custody process?

To document and preserve the integrity of evidence (B)

What type of security controls are designed to protect human life and physical assets from harm or damage?

Safety controls (C)

What should safety controls be set up to do in case of a failure?

Fail open (D)

What is the severity of the vulnerability reported in the vulnerability scanning report?

High (A)

What is the result of the test performed by the security analyst using the nmap command?

The Telnet server supports encryption (B)

What can be concluded about the reported vulnerability based on the test result?

Compensating controls exist (C)

What is the primary purpose of vulnerability scanning?

To identify vulnerabilities in a system (A)

What type of security control should be set up to fail closed in case of a failure?

Logical security controls (D)

Flashcards

What is a bastion host?

A special-purpose server that provides secure access to internal resources while minimizing traffic allowed through the security boundary.

What is a Disaster Recovery Plan (DRP)?

A set of policies and procedures for restoring normal operations after a system failure, natural disaster, or other emergency.

What is a compensating control?

A security measure that reduces risk when a primary control cannot be implemented.

What is a bug bounty program?

A program that rewards security researchers for finding and reporting vulnerabilities in an application or system.

What is smishing?

A phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.

What is shadow IT?

The use of unauthorized or unapproved IT resources within an organization.

What is an endpoint log?

A file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone.

What is a content filter?

A device or software that blocks or allows access to web content based on predefined rules or categories.

What is chain of custody?

The process of documenting and preserving the integrity of evidence collected during an incident response.

What are safety controls?

Security controls that are designed to protect human life and physical assets from harm or damage.

What is a vulnerability scanning report?

A report that provides information about potential vulnerabilities in a system or network.

How to secure a high-availability network?

A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Give an example of a compensating control.

A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is a compensating control.

What are some aspects of chain of custody?

It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored.

What is the importance of safety control design?

Example : A safety control designed to protect against fire should be designed to fail open to allow safe evacuation.

Give an example of a vulnerability scanning report.

A report showing an open Telnet port with a high severity vulnerability, but further testing reveals that the Telnet server supports encryption, making it a false positive.

What should be a core part of a risk assessment process?

It should establish what needs to be protected and outline the risks that could affect those assets or systems.

What is ethical hacking?

Ethical hacking is a process of finding vulnerabilities in systems in a controlled and ethical manner to improve the security of the system.

Study Notes

High-Availability Network

• A high-availability network should have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate weaknesses or gaps in network security.

Secure Access to Internal Resources

• A bastion host is a special-purpose server that provides secure access to internal resources while minimizing traffic allowed through the security boundary.
• A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.
• It can be configured to allow only certain types of traffic and block all other traffic.
• It can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic.

Compensating Control

• A compensating control is a security measure that mitigates the risk of a vulnerability or weakness that cannot be resolved by the primary control.
• It does not prevent or eliminate the vulnerability or weakness, but reduces the likelihood or impact of an attack.
• Example: A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is a compensating control.

Disaster Recovery Plan

• A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore normal operations of an organization in the event of a system failure, natural disaster, or other emergency.

Bug Bounty Program

• A bug bounty program is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system.
• It is used by companies to improve their security posture and incentivize ethical hacking.

Smishing Attack

• Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information.

Shadow IT

• Shadow IT refers to the use of unauthorized or unapproved IT resources within an organization.
• Example: A marketing department setting up its own project management software without telling the appropriate departments.

Endpoint Log

• An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone.
• It can provide valuable data for security analysts, such as the processes running on the device, the network connections established, the files accessed or modified, and the user actions performed.

Content Filter

• A content filter is a device or software that blocks or allows access to web content based on predefined rules or categories.
• Example: A content filter blocking a new retail website because it is mistakenly categorized as gambling.

Chain of Custody

• Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response.
• It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored.

Safety Controls

• Safety controls are security controls that are designed to protect human life and physical assets from harm or damage.
• Example: Safety controls should be designed to fail open in case of an emergency.

Vulnerability Scanning Report

• A vulnerability scanning report provides information about potential vulnerabilities in a system or network.
• Example: A report showing an open Telnet port with a high severity vulnerability, but further testing reveals that the Telnet server supports encryption, making it a false positive.

Description

Learn about the importance of risk assessment, threat intelligence, and penetration testing in ensuring a high-availability network. This chapter covers the key concepts of network security architecture and design.