Securing Networks

Questions and Answers

Which of the following is a common vector for data loss?

• Encrypted external hard drives
• Secure cloud storage
• Proper access control
• Email/Webmail (correct)

What is the primary function of a worm in the context of network security threats?

• To automatically replicate and spread across the network (correct)
• To disguise itself as legitimate software
• To encrypt important files.
• To execute specific unwanted functions on a computer

In the context of network security, what does 'mitigation' refer to?

• The initial point of attack on a network.
• Actions taken to reduce the severity of a threat. (correct)
• The process of assessing potential risks.
• The process of identifying vulnerabilities.

Which of the following roles is primarily responsible for overseeing an organization's information security?

Chief Information Security Officer (CISO) (D)

What is the primary goal of reconnaissance attacks?

Gathering information about a target (D)

Which security measure is most effective in rendering packet sniffer attacks useless?

Data encryption (A)

Which of the following is a characteristic of a 'script kiddie'?

Using existing tools to perform attacks without deep understanding (D)

Which of the following describes the purpose of 'Control Plane Policing' (CoPP)?

Protecting the control plane by filtering traffic destined to the router itself (C)

What is the primary difference between a virus and a Trojan horse?

Viruses self-replicate; Trojan horses do not. (A)

In the context of network security, what does the acronym 'CIA' stand for?

Confidentiality, Integrity, Availability (B)

Which type of network is typically used to connect multiple sites across large geographical distances?

Wide Area Network (WAN) (A)

Which of the following network security domains involves ensuring that vendors meet security requirements?

Information systems acquisition, development, and maintenance (C)

Which type of attack involves an attacker impersonating a legitimate user to gain unauthorized access to a system or network?

Spoofing (C)

Among password, port redirection, man-in-the-middle, buffer overflow, IP, MAC and DHCP spoofing, which of the following isn't a type of Access Attack?

Buffer Overflow (C)

What mechanism is used to guarantee the 'integrity' aspect of the CIA triad?

Hashing algorithms (D)

What is the purpose of inoculating the network?

Mitigating Worms (D)

Which security measure is most effective in defending networks against distributed denial-of-service(DDOS) attacks?

Quality of Service - Traffic Policing (C)

Which of the following methods/resources is LEAST effective for protecting networks?

Ignoring physical access to systems (D)

If threat 'A' has a CVSS score of 7.5/5.5 and threat 'B' has a CVSS score of 5.0/3.7, what is the primary key difference between the two?

Threat 'A' should have a higher priority to resolve compared to threat 'B' (D)

Which of the following is the underlying action of both "authorizing actions" and "presenting legal notification"?

Making sure the user knows their access is being monitored (B)

According to the slides, explaining network security is a chapter objective.

True (A)

In data center perimeter security, electronic motion detectors are generally used for outside perimeter security.

False (B)

According to the course material, 'Risk' is not considered a common network security term.

False (B)

A network of infected hosts is called a botnet.

True (A)

According to the course material, continuous video surveillance only applies to inside perimeter security.

False (B)

An internal threat always originates from within the local network; external threats, from the Internet.

True (A)

A wireless router is commonly found in Campus Area Networks.

False (B)

In a Wide Area Network (WAN), a branch site connects directly to individual mobile workers.

False (B)

According to the slides, a denial-of-service attack attempts to disrupt services.

True (A)

A primary goal of access attacks is often to escalate access privileges.

True (A)

According to the material, 'Spearshading' is a type of social engineering attack.

False (B)

In the context of network security, 'tailgating' refers to the unauthorized following of someone into a restricted area.

True (A)

According to the slides, an example of 'something for something' is a type of social engineering.

True (A)

Black Hat hackers are generally known for disclosing vulnerabilities to vendors to patch them.

False (B)

According to the presentation slides, 'cyber terrorists' are an outdated category of hackers and are no longer relevant in the modern threat landscape.

False (B)

Exploiting a known vulnerability in an operating system would be categorized as 'hacking an operating system'.

True (A)

According to the material, data modification is NOT classified as a network hacking attack.

False (B)

The primary purpose of a Trojan horse is to replicate itself across a network.

False (B)

According to the slides, implementing a non-switched infrastructure is a reconnaissance attack mitigation technique.

False (B)

A rootkit is a self-replicating type of malware that spreads across the network and leverages system vulnerabilities to infect other devices.

False (B)

Flashcards

What is a Virus?

A malicious software that executes a specific, unwanted, and often harmful function on a computer.

What is a Worm?

Malicious code that replicates itself to spread across a network from system to system.

What is a Trojan Horse?

A non-self-replicating type of malware that disguises itself as a legitimate application or file, often containing malicious code.

What is Tailgating?

Illegally entering premises or systems by following someone who has legitimate access.

What is Phishing?

An attempt to acquire sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communication.

What is Confidentiality?

Using encryption to scramble data, ensuring only authorized parties can decipher and read it.

What is Integrity?

Employing hashing algorithms to verify data remains unaltered, guaranteeing its reliability during operation.

What is Availability?

Implementing network hardening and backup systems ensures data accessibility when needed.

What is a Security Policy?

A set of rules outlining how a network and its resources are protected.

What is Risk Assessment?

Examining and minimizing potential risks to reduce impact on an organization.

Who is a Hacker?

A person who breaks into computer systems or networks, often without authorization.

What is Denial-of-Service?

An attempt to make a machine or network resource unavailable to its intended users.

Who are Black Hat Hackers?

Categories of hackers who break into systems for malicious purposes or personal gain.

Who are Grey Hat Hackers?

Categories of hackers who exploit vulnerabilities but disclose them rather than exploit them maliciously.

Who are White Hat Hackers?

Categories of hackers who exploit system vulnerabilities with permission.

What is Authentication?

Tools and processes used to verify the identity of network users, devices, or applications.

What is Access Control?

The defense practice to control who can access the network resources.

What is Threat

An action or event that could potentially cause damage or loss to a computer system or network.

What is Reconnaissance?

The act of gathering information about a target network or system to identify potential vulnerabilities.

What is Pretexting?

Pretending to be someone else to gain access to information or systems.

What is a Network Worm?

Malicious code that installs copies of itself and spreads across a network without user intervention.

What is a Botnet?

A network of infected computers controlled by a hacker, used to perform DDoS attacks.

Security Software Disabler

Security software that can be bypassed deliberately.

Network Eavesdropping

Illegally eavesdropping data transmitted over a network.

Data Modification

Altering or corrupting data as it is transmitted across a network.

IP Address Spoofing

Falsifying the source IP address in network packets to disguise the sender's identity.

Evil Twin Attack

Creating a false WI-FI hotspot that appears legitimate to steal user credentials.

Vulnerability Scanners

Programs designed to detect and analyze network vulnerabilities.

Principle of Minimum Trust

The principle of granting users only the minimum level of access needed.

Cryptography in Security

Using encryption to protect transmitted information.

What is Ransomware?

A type of malware that locks a user's computer or files and demands a ransom to restore access.

Study Notes

Network Security Professionals

• Common roles include; Chief Information Officer (CIO), Security Operations Manager, Chief Security Officer (CSO), Security Manager and Network Security Engineer.

Network Security Organizations

• Examples include; CERT, SANS, MITRE, FIRST, INFOSYSSEC, MS-ISAC.

Confidentiality, Integrity, Availability

• Availability involves assuring data is accessible with network hardening mechanisms and through the use of backup systems.
• Confidentiality involves using encryption to encrypt and hide data.
• Integrity involves using hashing algorithms to ensure data is unaltered during its operation.

Network Security Domains

• Network security domains to consider includes; risk assessment, security policy, and the organization of information security.
• Further domains; asset management, human resources security, and physical plus environmental security are items for consideration.
• Other domains are; communications and operations management, information systems acquisition, access control, and business continuity management and compliance.

Network Security Policy Objectives

• Network security policy objectives should address data, processes, mission, and critical systems.