Module 3: Part II Flashcards by Oliver Casey

Firewall

A n_____ s_______ d_____ that monitors t______ to and from your network

network security device; traffic;

How well did you know this?

Not at all

Perfectly

Port filtering

A f______ function that b____ or a_____ certain port numbers to limit u_______ c___________

firewall; blocks; allows; unwanted communication;

How well did you know this?

Not at all

Perfectly

Cloud-based firewalls

S______ f________ that are hosted by a c_____ s_______ p_______

Software firewalls; cloud service provider;

How well did you know this?

Not at all

Perfectly

Stateful

A class of f______ that keeps track of i_________ passing through it and proactively f_____ out t______

firewall; information; filters; threats;

How well did you know this?

Not at all

Perfectly

Stateless

A class of f_____ that operates based on p_________ rules and does not keep track of information from d___ p______

firewall; predefined; data packets;

How well did you know this?

Not at all

Perfectly

Benefits of Next Generation Firewalls (NGFWs)
- D___ p_____ inspection
- I________ p________
- T_____ i_________

Deep packet;
Intrusion protection;
Threat intelligence;

How well did you know this?

Not at all

Perfectly

Virtual Private Network (VPN)

A n______ s______ s______ that changes your p_____ _ _ address and hides your v_____ location so that you can keep your d___ private when you are using a p____ network like the i______

network security service; public IP; virtual; data; public; internet;

How well did you know this?

Not at all

Perfectly

Encapsulation

A process performed by a _ _ _ service that protects your data by wrapping s________ d___ in other d___ p______

VPN; sensitive data; data packets;

How well did you know this?

Not at all

Perfectly

Security zone

A segment of a n______ that p_____ the internal n______ from the i_______

network; protects; network; internet;

How well did you know this?

Not at all

Perfectly

Network segmentation

A s______ technique that d_____ the n______ into segments

security; divides; network;

How well did you know this?

Not at all

Perfectly

Uncontrolled zone

Any n______ outside of the o__________’s control

network; organization;

How well did you know this?

Not at all

Perfectly

Controlled zone

A subnet that protects the i______ n______ from the u__________ zone

internal network; uncontrolled;

How well did you know this?

Not at all

Perfectly

Areas in the controlled zone
- D____________ zone (DMZ)
- I______ network
- R________ zone

Demilitarized;
Internal;
Restricted;

How well did you know this?

Not at all

Perfectly

Subnetting

The subdivision of a n_____ into logical groups called s_____.
Divides up a network a______ r______ into smaller s_____ within the n______.
These smaller s______ form based on the _ _ addresses and network m___ of the d______ on the network

network; subnets;
address range; subnets; network;
subnets; IP; mask; devices;

How well did you know this?

Not at all

Perfectly

Classless Inter-Domain Routing (CIDR)

A method of assigning s_____ m____ to _ _ addresses to create a s_____.
C________ addressing replaces c_______ addressing.
Allows cybersecurity professionals to segment c_______ networks into smaller c_____

subnet masks; IP; subnet;
Classless; classful;
classful; chunks;

How well did you know this?

Not at all

Perfectly

Security benefits of subnetting

Allows network professionals and analysts to create a n______ within their own n______ without requesting another _ _ address.
Uses n______ b__________ more efficiently and improves n_______ p__________.

network; network; IP;
network bandwidth; network performance;

How well did you know this?

Not at all

Perfectly

Proxy server

A s_____ that fulfils the requests of a c_____ by forwarding them to other s_____

server; client; servers;

How well did you know this?

Not at all

Perfectly

Forward proxy server

R________ and r_____ a person’s a_____ to the internet

Regulates; restricts; access;

How well did you know this?

Not at all

Perfectly

Reverse proxy server

R_______ and r_____ the internet’s access to an i______ server

Regulates; restricts; internal;

How well did you know this?

Not at all

Perfectly

Network protocols:
1) C___________ protocols: Used to establish c__________ between s______
2) M__________ protocols: Used to troubleshoot n_______ i_____
3) S_______ protocols provide e_________ for data in t_____

Communication; connections; servers;
Management; network issues;
Security; encryption; transit;

How well did you know this?

Not at all

Perfectly

IPSec is commonly used in s___-t_-s___ VPNs to create an e________ t_____ between the p______ network and the r_____ network.

site-to-site; encrypted tunnel; primary; remote;

How well did you know this?

Not at all

Perfectly

One disadvantage of site-to-site VPNs is how c______ they can be to c______ and m_____ compared to r_____ VPNs

complex; configure; manage; remote;

How well did you know this?

Not at all

Perfectly

Choosing between IPSec and WireGuard depends on many factors, including:
- C________ s______
- C__________ with existing n______ i___________
- B______ or i___________ needs

Connection speeds;
Compatibility; network infrastructure;
Business; individual;

How well did you know this?

Not at all

Perfectly

WireGuard VPN

A h___-s____ VPN protocol, with a________ e_________, to p_____ users when they are accessing the i_______.
Designed to be s______ to set up and m______
Can be used for both s___-t_-s___ connection and c____-s_____ connections
It is o___ s_____, which makes it easier for users to d_____ and d____

high-speed; advanced encryption; protect; internet;
simple; maintain;
site-to-site; client-server;
open source; deploy; debug;

How well did you know this?

Not at all

Perfectly

IPSec VPN - Most VPN providers use IPSec to e_____ and a_________ data packets in order to establish s_____, e_________ connections. - Many o________ s______ support IPSec from VPN providers.

encrypt; authenticate; secure, encrypted; operating systems;

Common network intrusion attacks - M______ - S_______ - P_____ s_______ - P_____ f_______

Malware; Spoofing; Packet sniffing; Packet flooding;

Attacks can harm an organization by - Leaking v______ or c_________ information - Damaging an organization's r__________ - Impacting c_______ r_________ - Costing m____ and t___

valuable; confidential; reputation; customer retention; money; time;

Network interception attacks Work by i___________ n______ t______ and stealing v________ information or interfering with the t__________ in some way

intercepting network traffic; valuable; transmission;

Packet sniffing Where m________ a_____ can use h_______ or s______ tools to c______ and i______ data in transit.

malicious actors; hardware; software; capture; inspect;

Backdoors - W_________ intentionally left by programmers or network administrators that bypass normal a_____ c______ mechanisms. - Intended to help programmers conduct t____________ or a___________ tasks. - Backdoors can also be installed by a________ after they've compromised an organization to ensure they have persistent access.

Weaknesses; access control; troubleshooting; administrative; attackers;

DoS attack An attack that targets a n______ or s_____ and f_____ it with network t______

network; server; floods; traffic;

Network attacks - organizational impacts - F_______ - R_________ - P_____ s_____

Financial; Reputation; Public safety;

Internet Control Message Protocol (ICMP) An internet protocol used by d______ to tell each other about d___ t_________ errors across the n______

devices; data transmission; network;

Internet Control Message Protocol (ICMP) flood A type of _ _ _ attack performed by an a_______ r__________ sending _ _ _ _ packets to a n______ server

DoS; attacker repeatedly; ICMP; network;

Ping of Death A type of _ _ _ attack caused when a h_____ p____ a system by sending it an o_______ _ _ _ _ packet that is bigger than _ _ KB

DoS; hacker pings; oversized ICMP; 64;

A n_______ p_______ a______, sometimes called a packet sniffer or a packet analyzer, is a tool designed to c______ and a______ data traffic within a network

network protocol analyzer; capture; analyze;

tcpdump - A c______ - l___ network protocol a_______ - It uses little m______ and has a low _ _ _ usage - and uses the o___ - s_____ libpcap library. - It is t___ - b_____, meaning all commands in tcpdump are e_______ in the t_______

command-line; analyzer; memory; CPU; open-source; text-based; executed; terminal;

Some information you receive from a packet capture include: - T_________ - S_______ _ _ - S_______ p___ - D_________ _ _ - D_________ p___

Timestamp; Source IP; Source port; Destination IP; Destination port;

Botnet A collection of c________ i________ by m______ that are under the control of a single t____ a_____, known as the "b__-h_____"

computers infected; malware; threat actor; bot-herder;

What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?

Distributed Denial of Service (DDoS) attack

What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?

SYN flood attack;

Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server?

SYN flood attack; ICMP flood attack;

- The header of a data packet contains the s_____ and d________ _ _ a_________ for a data packet - The body may contain sensitive information such as c_____ c___ numbers, d_____ of b_____, or p_______ messages

source; destination IP addresses; credit card; dates; birth; personal;

Passive packet sniffing A type of attack where d___ p______ are r___ in t______

data packets; read; transit;

Active packet sniffing A type of attack where d___ p_____ are m_________ in t_____

data packets; manipulated; transit;

IP spoofing A network attack performed when an a_______ changes the s_____ _ _ of a data packet to i__________ an a_________ system and gain a_____ to a network

attacker; source IP; impersonate; authorized; access;

Common IP spoofing attacks - O_-p___ attack - R_____ attack - S____ attack

On-path; Replay; Smurf;

On-path attack An attack where a malicious actor places themselves in the m______ of an a_________ c__________ and i_______ or alters the d___ in transit

middle; authorized connection; intercepts; data;

Replay attack A network attack performed when a malicious actor i________ a data packet in transit and d_____ it or r______ it at another time

intercepts; delays; repeats;

Smurf attack A network attack performed when an attacker s_____ an a__________ user's _ _ address and f______ it with packets

sniffs; authorized; IP; floods;

- The device's N______ I_______ C___ (NIC) is a piece of h_______ that connects the device to a network. - The NIC reads the d___ t__________, and if it contains the device's _ _ _ address, it accepts the packet and sends it to the device to p_____ the i__________ based on the protocol.

Network Interface Card; hardware; data transmission; MAC; process; information;

An on-path attack is sometimes referred to as a m_______ - i_ - t__ - m_____ attack because the hacker is h_____ in the m______ of communications between the two trusted parties

meddler-in-the-middle; hiding; middle;

Denial of Service attack A class of attacks where the attacker prevents the c__________ system from performing l_________ activity or responding to l_________ traffic

compromised; legitimate; legitimate;

SYN flood attack A type of DoS attack that simulates a _ _ _ / _ _ connection and f_____ a server with _ _ _ packets

TCP/IP; floods; SYN;

Security hardening The process of s__________ a s______ to reduce its v__________ and a_____ surface

strengthening; system; vulnerability; attack;

Attack surface All the potential v___________ that a t____ actor could e_____

vulnerabilities; threat; exploit;

Penetration test A simulated attack that helps identify v___________ in s______, n______, w______, a__________ and processes

vulnerabilities; systems, networks, websites, applications;

Operating System (OS) The i_______ between computer h_______ and the u___

interface; hardware; user;

In network security, it is important to secure o________ s______ on each device in order to prevent the w_____ n_______ being compromised by one i________ _ _

operating systems; whole networks; insecure OS;

Patch update A s______ and o_______ s______ update that addresses security v___________ within a p_______ or product

software; operating system; vulnerabilities; program;

Baseline configuration (baseline image) A d_________ set of s_____________ within a s_____ that is used as a basis for f_____ builds, releases, and updates

document; specifications; system; future;

Multi-factor authentication (MFA) A security measure which requires a user to v_____ their i_____ in t__ or more ways to a_____ a s_____ or network

verify; identity; two; access; system;

Categories of multi-factor identification - Something you k___ - Something you h___ - Something u_____ about y__

know; have; unique; you;

Brute force attack A t____-a__-e____ process of discovering p______ i__________

trial-and-error; private information;

Types of brute force attacks - S______ b____ f____ attacks - D_________ attacks

Simple brute force; Dictionary;

Simple brute force attacks - When attackers try to g____ a user's l____ c__________

guess; login credentials;

Dictionary attacks - Attackers use a list of c_______ used p______ and stolen c_________ from previous b_____ to access a s______. - Attackers originally use a list of words from the d_______ to guess the p_______, before complex p________ rules became a common s_______ practice

commonly; passwords; credentials; breaches; system; dictionary; password; password; security;

Virtual Machines (VMs) - Software versions of p_____ c_________. - Provide an additional layer of s______ for an o__________ because they can be used to run c___ in an i_________ environment, preventing m_________ code from affecting the rest of the c_________ or s_______.

physical computers; security; organization; code; isolated; malicious; computer; system;

Sandbox environment - A type of t______ e_________ that allows you to execute s______ or p_______ separate from your network. - Commonly used for t______ p______, i_________ and a________ bugs, or detecting c____________ v__________.

testing environment; software; programs; testing patches, identifying; addressing; cybersecurity vulnerabilities;

Salting - Adds random characters to h_____ p________. - This i________ the l_____ and c__________ of h___ values, making them more secure.

hashed passwords; increases; length; complexity; hash;

Hashing - Converts information into a u_____ v____ that can then be used to determine its i_______. - It is a o__ - w__ f______, meaning it is impossible to d______ and obtain the original text.

unique value; integrity; one-way function; decrypt;

CAPTCHA - Stands for C_________ A__________ P_____ T_____ test to tell C________ and H______ A_____. - It asks users to complete a simple t___ that proves they are h____. - Helps prevent s_______ from trying to b____ f____ a password.

Completely Automated Public Turing; Computers; Humans Apart; test; human; software; brute force;

reCAPTCHA A free CAPTCHA service from Google that helps protect w______ from b___ and m_______ software

websites; bots; malicious;

Password policies - Organizations use password policies to standardize g___ p_______ p_______ throughout the b_______

good password practices; business;

Common security methods used to prevent brute force attacks - S_____ p________ - Enforcing t__-f_____ a___________ (2FA) - Monitoring l____ attempts - Requiring more f______ p_______ changes - Disallowing p______ p________ from being used - Limiting the number of l____ attempts

Strong passwords; two-factor authentication; frequent password; previous passwords; login;

Security hardening tasks include: - Making p____ updates - Disposing of h______ and s______ properly - Enforcing p_______ p_______

patch; hardware; software; password policies;

Network security hardening includes: - P___ f________ - N______ a______ privilege - E________

Port filtering; Network access; Encryption;

Tasks performed as part of Network hardening - F______ r____ maintenance - N______ l__ analysis - P____ updates - S_____ backups

Firewall rules; Network log; Patch; Server;

Network log analysis The process of examining n______ l___ to identify events of i_______

network logs; interest;

Port filtering A f______ f_____ that b____ or a_____ certain port numbers to limit u_______ c__________

firewall function; blocks; allows; unwanted communication;

Intrusion Detection System - An application that m______ s______ a______ and a_____ on possible intrusions. - It alerts a__________ based on the signature of m________ traffic.

monitors system activity; alerts; administrators; malicious;

IDS systems often s____ data packets as they m___ across the n______ and a_____ them for the characteristics of known attacks.

sniff; move; network; analyze;

Limitations of IDS systems - They can only scan for k_____ attacks or obvious anomalies; n__ and s____________ attacks might not be caught. - Doesn't actually s___ the i________ traffic if it detects something is w____; this is up to the n______ a___________

known; new; sophisticated; stop; incoming; wrong; network administrator;

The IDS is placed b______ the firewall and b_____ entering the _ _ _, which allows the IDS to analyze d___ s_____ after network t_____ that is disallowed by the f______ has been filtered out.

behind; before; LAN; data streams; traffic; firewall;

Intrusion Prevention System (IPS) - An application that monitors s_____ a_______ and takes a_____ to stop the a______. - Offers more protection than an IDS because it actively s____ a________ when they are detected.

system activity; action; activity; stops anomalies;

Full packet capture devices - These devices allow you to r_____ and a______ all of the d___ that is t_________ over your n______. - They also aid in investigating a____ created by an _ _ _

record; analyze; data; transmitted; network; alerts; IDS;

Security teams can use _______ _________ and _____ ___________ ______ to examine network logs and identify events of interest

security information; event management (SIEM) tools;

A basic principle of port filtering is: - It allows p____ that are used by n_____ n______ o_________

ports; normal network operations;

Network Segmentation Involves creating i_______ s____ for different d_________ in an organization.

isolated subnets; departments;

Cloud security considerations - I______ a_____ m__________ (IAM) - C__________ - A_____ S______ - Z___-d__ attacks - V______ and t______ - S_____ of c_____ in the cloud

Identity access management; Configuration; Attack Surface; Zero-day; Visibility; tracking; Speed; change;

Identity access management (IAM) - A common problem that organizations face when using the c____ is the l_____ configuration of c____ u___ r____. - I________ risk by allowing u___________ u____ to have access to c______ c____ operations.

cloud; loose; cloud user roles; Increases; unauthorized users; critical cloud;

Configuration - The expanding cloud ecosystem introduces significant c_________ to n_______ m__________. - Each cloud service necessitates precise c___________ to uphold s______ and c_________ standards.

complexity; network management; configuration; security; compliance;

Attack surface - Every service or application on a n______ carries its own set or r____ and v____________, and i_________ an organization's overall a_____ s______. - An increased attack surface must be compensated for with i________ s_______ m_______.

network; risks; vulnerabilities; increases; attack surface; increased security measures;

Hypervisor - Abstracts the h___'s h_______ from the o________ s______ environment. - There are t__ t____ of h________

host hardware; operating software; two types; hypervisor;

- Type _ hypervisors run on the h_______ of the h___ c_______ - Type _ hypervisors operate on the s______ of the h___ c________

1; hardware; host computer; 2; software; host computer;

CSP's are responsible for m________ the h________ and other v____________ components

managing; hypervisor; virtualization;

Vulnerabilities in h________ or misconfigurations can lead to v_____ m______ e_______ (VM escapes)

hypervisors; virtual machine escapes;

VM escape An exploit where a m________ a____ gains access to the p______ h________, the h___ c________ and other VMs.

malicious actor; primary hypervisor; host computer;

Baselining - Baselining for c____ n______ and o________ cover how the c____ e__________ is configured and set up. - A baseline is a f____ r________ point. - This r________ point can be used to compare c_____ made to a c_____ e_________.

cloud networks; operations; cloud environment; fixed reference; reference; changes; cloud environment;

Cryptographic erasure - A method of e______ the e________ k__ for the e________ data. - When destroying data in the c____, more traditional methods of d___ d___________ are not as effective.

erasing; encryption key; encrypted; cloud; data destruction;

A key distinction between cloud and traditional network hardening is the use of a s_____ b_______ i____, which enables security analysts to prevent u__________ c_____ by comparing data in cloud servers to the baseline image.

server baseline image; unverified changes;

Who is responsible for ensuring the safety of cloud networks? - S_______ t___ - C_____ s______ p______ - I_________ u____

Security team; Cloud service provider; Individual users;

Module 3: Part II Flashcards

(103 cards)