Network Security Fundamentals

Questions and Answers

Which of the following BEST describes the purpose of a network security policy?

• To identify all potential attackers.
• To encrypt all network traffic by default.
• To guarantee 100% network uptime.
• To serve as a framework for risk mitigation. (correct)

What security concept is represented by the 'security artichoke'?

• Defense in depth using layered security measures. (correct)
• Single-factor authentication.
• A method for encrypting data using a complex algorithm.
• A type of malware that self-replicates.

Which of these is NOT a listed domain of network security?

• Asset Management
• Brand Reputation (correct)
• Human Resources Security
• Risk Assessment

A company is implementing a Centralized Context-Aware Network Scanning Element. Which combination of parameters would provide the MOST granular and secure access control?

Device type, person's identity, application in use, location and time of access. (C)

An attacker successfully breached the outer layers of a 'security artichoke' but discovers that the core data is obfuscated using a combination of homomorphic encryption and a quantum key distribution (QKD) system. Although not explicitly mentioned as a layer, which principle has the system designers applied to ensure they remain secure?

Assume Breach (D)

In the context of network security, what is the primary function of a firewall?

To filter network traffic, blocking or allowing access based on defined rules. (A)

Which of the following is NOT typically considered a vector for data loss?

Proper Access Control (B)

What is the main purpose of a VPN (Virtual Private Network)?

To encrypt your online traffic to protect sensitive data. (C)

Which security measure primarily focuses on identifying and neutralizing malicious activities within a network?

IPS (Intrusion Prevention System) (B)

Consider the following scenario: A company implements a new security protocol that includes multi-factor authentication, end-to-end encryption, and continuous monitoring. However, employees frequently bypass these measures due to inconvenience, opting for simpler but less secure methods. Which of the following best describes the primary risk exposure despite the implemented protocols?

Human Factor Vulnerability (C)

Which of the following best describes the primary function of vulnerability brokers?

Facilitating the purchase and sale of information regarding software vulnerabilities. (D)

Which type of malware is characterized by its ability to self-replicate and spread through a network without requiring a host program?

Worm (B)

Which of the following is NOT a typical component of a worm?

Polymorphic engine (B)

Which network attack involves an attacker flooding a target system with SYN requests, overwhelming its resources and preventing legitimate connections?

SYN flood (D)

A security analyst discovers unusual network traffic consisting of numerous ICMP packets with spoofed source IP addresses being broadcast across the network. Which type of attack is most likely occurring?

Smurf attack (D)

A penetration tester is tasked with identifying vulnerabilities in a web application. They use a tool that automatically inputs a wide range of random data into the application's input fields, aiming to trigger unexpected errors or crashes. Which type of tool are they most likely using?

Fuzzer (B)

An advanced persistent threat (APT) group is suspected of targeting a high-profile organization. Intelligence suggests the group is using custom-developed malware that modifies the operating system kernel to conceal its presence and maintain long-term access. Which type of malware is MOST consistent with this behavior?

Rootkit (C)

Which type of network attack involves an attacker impersonating another machine by manipulating IP packets to gain unauthorized access?

IP Spoofing (B)

In a DDoS attack, what term is used to describe the network of compromised computers controlled by a hacker?

Botnet (A)

Which of the following BEST describes the primary goal of reconnaissance attacks?

To gather information about a target network's vulnerabilities. (A)

What is the main purpose of access attacks?

To retrieve data, gain unauthorized entry, and escalate privileges. (D)

Which of the following social engineering attacks involves a malicious actor offering something in exchange for sensitive information or access?

Something for Something (Trojan) (C)

A network security engineer is investigating a large spike in network traffic originating from multiple, seemingly legitimate IP addresses, ultimately causing service disruptions. Which type of attack is MOST likely occurring?

Distributed Denial of Service (DDoS) Attack (C)

Which of the following attack types leverages deception to trick individuals into divulging sensitive information, often through impersonation or fabricated scenarios?

Pretexting Attack (B)

Consider a scenario where an attacker modifies data in transit between two communicating parties without their knowledge. Which type of network attack is being executed?

Data Modification Attack (A)

A company's Chief Information Security Officer (CISO) is implementing controls to ensure that sensitive data is protected from unauthorized disclosure during transmission and storage. Which component of cryptography BEST aligns with this objective?

Confidentiality (D)

An attacker successfully exploits a vulnerability in a web server, allowing them to inject and execute arbitrary code. This leads to a complete compromise of the server and unauthorized access to sensitive data. Which of the following attack types most likely enabled this scenario?

Buffer Overflow (A)

Which scenario BEST exemplifies 'improper access control' as a vector for data loss?

An unauthorized individual gains access to a privileged email account and exfiltrates confidential information. (C)

In a Campus Area Network (CAN), which of the following components is primarily responsible for authenticating users and controlling their access privileges?

AAA Server (B)

A company wants to allow employees to use their own mobile devices (BYOD), but also wants to ensure data security. Which of the following is NOT a critical MDM (Mobile Device Management) function for this?

Network Segmentation (B)

An organization has implemented biometric access controls, continuous video surveillance and security traps within its data center. What type of security measures are these?

Internal perimeter security (C)

A network security architect is designing a defense-in-depth strategy for a data center. Which of the following combinations of security measures would BEST mitigate the risk of a multi-vector attack targeting both physical and virtual assets?

Segmenting the network using virtual firewalls, combined with host-based intrusion detection systems (HIDS) on all virtual machines, and regular vulnerability scanning. (B)

Which activity is MOST characteristic of state-sponsored hackers?

Developing and deploying malware for espionage and strategic advantage. (B)

Which of the following tools is specifically designed to discover weaknesses in a system by bombarding it with random or malformed data?

Fuzzer (A)

If a malicious actor secretly intercepts and alters communication between two parties, which type of network attack has occurred?

Man-in-the-Middle (B)

Which type of malware disguises itself as legitimate software but contains hidden functions that perform malicious actions?

Trojan Horse (C)

Which of the following is a primary component of a worm's functionality?

Exploiting vulnerabilities to propagate across a network (A)

Which network attack involves overwhelming a target system with a flood of connection requests to exhaust its resources?

SYN Flood (B)

A network administrator detects a surge of ICMP packets with spoofed source IPs flooding the network. Filtering these packets is difficult because they originate from a large number of seemingly legitimate addresses. Which attack is MOST likely occurring, considering the amplification effect?

Smurf attack (C)

In the context of network security, what is the primary role of hashing algorithms in ensuring data integrity?

Verifying that data remains unaltered during operation or transmission. (A)

Which of the following actions contributes MOST directly to ensuring network availability?

Utilizing network hardening and backup systems. (B)

A company is developing a new network security policy. Which of the following questions is MOST crucial to ask during the policy's formulation?

What processes, data, or information systems are critical to our business mission? (C)

An attacker successfully compromises several layers of a 'security artichoke' but encounters a defense mechanism utilizing a combination of biometric authentication, steganography, and a one-time pad (OTP) for critical data. Which security principle BEST encompasses this scenario?

Defense in depth. (C)

A security architect is designing a Centralized Context-Aware Network Scanning Element. They aim to create a dynamic security policy that adapts based on a complex interplay of environmental and behavioral factors. Which of the following combinations of parameters would provide the MOST granular and adaptive access control?

Type of device, person's identity, application in use, location and the real-time threat intelligence feed score of the destination server's URL. (D)

Which of the following BEST describes the primary difference between a Denial of Service (DoS) attack and a Distributed Denial of Service (DDoS) attack?

A DoS attack originates from a single compromised device, while a DDoS attack originates from multiple compromised devices. (B)

Which of the following BEST describes the purpose of reconnaissance attacks?

To gather information about a target system or network to identify potential vulnerabilities. (A)

What is the primary objective of access attacks?

To gain unauthorized entry to a system or network and potentially escalate privileges. (C)

Which of the following attack types involves deceiving individuals into divulging sensitive information through impersonation or fabricated scenarios?

Social Engineering (A)

A network security analyst observes a large number of TCP SYN packets being sent to a target server from multiple unique IP addresses in a short period. The server becomes unresponsive to legitimate connection attempts. Which type of attack is MOST likely occurring?

Distributed Denial-of-Service (DDoS) Attack (C)

Which of the following access attacks involves an attacker intercepting communication between two systems and potentially altering the data being transmitted?

Man-in-the-middle (C)

An attacker spoofs the IP address of a trusted server on the internal network to gain unauthorized access to a database. Which type of attack is this?

IP spoofing (B)

Which cybersecurity role is MOST responsible for setting the strategic direction for an organization's security posture and overseeing all security efforts?

Chief Information Security Officer (CISO) (D)

A security architect is designing a system that requires strong confidentiality. Which cryptographic component would be MOST relevant to achieving this goal?

Encryption algorithms to protect data from unauthorized access. (B)

Flashcards

Threat

Something that can cause damage or danger.

Vulnerability

A weakness that can be exploited.

Mitigation

Action taken to reduce the chance of an attack.

Risk

A possibility that something bad will happen.

ASA Firewall function

ASA Firewall (Adaptive security Appliance) filters network traffic.

Data Integrity

Ensures data is unaltered during operation using hashing algorithms.

Data Availability

Assures data is accessible, guaranteed by network hardening and backups.

Security Artichoke

A structured approach using many security layers, like an artichoke's leaves, for defense.

Artichoke of Attack

An attack that breaks through security layers to find weakly protected sensitive data.

Mitigating Malware

Stopping or reducing the damage from malicious software using tools like antivirus and firewalls.

Vulnerability Brokers

Individuals who discover and report security vulnerabilities in software or hardware, often for compensation.

Penetration Testing Tools

Tools used by penetration testers to identify and exploit vulnerabilities in systems.

Eavesdropping (Network)

Secretly listening to network communications.

Malware

Software designed to disrupt, damage, or gain unauthorized access to a computer system.

Virus (Malware)

Malware that replicates by attaching itself to other programs.

Trojan Horse (Malware)

Non-self-replicating malware that contains unexpected, additional functionality.

Data Manipulation (Attack)

Changing data illegitimately to suit a specific malicious objective.

DOS (Denial of Service)

A single device overwhelms a network or server, causing disruption.

DDOS (Distributed Denial of Service)

Multiple compromised devices (zombies) attack a network, causing widespread disruption.

IP Spoofing

Gaining unauthorized access by disguising your IP address as a trusted source.

Zombies (computing)

Systems infected by hackers and used to perform malicious tasks.

Reconnaissance Attacks

Initial information gathering activities performed to understand the network before an attack.

SYN Flood

Flooding a target with SYN packets to overwhelm and crash the system.

Data Modification

Altering data in transit to compromise integrity.

Trust Exploitation

Attack that exploits intermediary trust to gain access.

Baiting (Social Engineering)

Luring victims by offering something desirable to install malware.

Denial of Service (DOS)

Overwhelming a network to disrupt access

Firewall

A network security device or software that filters traffic to protect a network from unauthorized access.

VPN (Virtual Private Network)

A service that encrypts internet traffic to protect privacy, especially on public Wi-Fi.

Data Center - Outside Perimeter Security

A method of defense using on-site security officers, surveillance, and alarms.

Data Center - Inside Perimeter Security

A method of defense using motion detectors, security traps, video surveillance, and biometric sensors.

Script Kiddies

Unskilled attackers who use readily available hacking tools.

Hacktivists

Individuals or groups who use hacking to promote a political agenda or social change.

Cyber Criminals

Individuals involved in digitally enabled crime, often for financial gain.

State-Sponsored Hackers

Groups of hackers, often associated with governments, who perform cyber attacks for national interests.

Packet Sniffers

A tool that captures network packets to analyze data transmission.

Man-in-the-Middle (Network)

An attack where an attacker intercepts communication between two parties.

Spyware

Software used to secretly monitor and collect information about a user's activities.

Smurf Attack

A DDOS attack that overwhelms a network with ICMP echo requests.

Network Security Policy

Used for mitigation.

Network Security Domains

1.Risk assessment 2.Security policy 3.Organization of information security 4.Asset management 5.Human resources security 6.Physical and environmental security 7.Communications and operations management 8.Information systems acquisition, development, and maintenance 9.Access control 10.Information security incident management 11.Business continuity management 12.Compliance

Key Questions for Security Policy

1.What do you have that others want? 2.What processes, data, or information systems are critical to you, your company, or your organization? 3.What would stop your company or organization from doing business or fulfilling its mission?

SecureX Product Families

1.Server Edge and Branch 2.Secure Email and Web 3.Secure Mobility 4.Secure Access 5.Secure Data Center and Virtualization

Security Policy Parameters

1.Type of device being used for access 2.Person’s identity 3.Application in use 4.Location 5.Time of access

Zombies (Network)

Compromised systems controlled by hackers to perform malicious activities.

Port Scan

Scanning IP addresses to identify active services and open ports.

Access Attacks

Attempt to gain access to a system, network, or data.

Buffer Overflow

Exploiting vulnerabilities in software through overflowing a buffer.

Spoofing (Network)

Gaining unauthorized access by manipulating IP, MAC, or DHCP addresses.

Social Engineering Attacks

Attacks which manipulate individuals into divulging confidential information.

Pretexting (Social Engineering)

Creating a false scenario to trick someone into giving information

Top-Level Security Roles

CIO or CISO

Network Security Organizations

Professional groups sharing security information and best practices.

Study Notes

Cisco Security Intelligence Operations (SIO)

• Leverages researchers, analysts, and developers to provide global intelligence.
• Employs applied mitigation bulletins delivered through ISPs, partners, and sensors.
• Utilizes various security appliances, including ScanSafe, IPS, ASA, ESA, WSA, and Cisco AnyConnect.

Description

Explore network security policies, the 'security artichoke' concept, and key security domains. Learn about access control, defense in depth, firewalls, and VPNs. Discover data loss vectors and security measures focused on identity.