Vocabulary
Firewalls
Intrusion Detection
Linux Commands
Firewall Features
Questions from the Test
100
A Software or Hardware-based network security system that allows or denies network traffic according to a set of rules
What is a Firewall
100
This type of Firewall is installed on the edge of a private network or network segment
What is a Network-based Firewall
100
A device or software that monitors, logs and detects security breaches, but takes no action to stop or prevent them
What is Intrusion Detection Systems or IDS
100
Lists all the current rules
What is : sudo iptables -L
100
Helps prevent attackers from discovering a network through ICMP echo request
What is Block Ping to WAN
100
How many network interfaces does a dual-homed gateway typically have?
What is Three
200
Firewalls use filtering rules which are used to identify allowed and blocked traffic. These are called?
What are Access Control List (ACL)
200
This type of Firewall is installed onto a single computer
What is a Host-Based Firewall
200
A device that monitors, logs, and reacts to stop or prevent security breaches
What is a Intrusion Prevention System (IPS)
200
Clears all the current rules
What is : sudo iptables -F
200
Prevents the response to port scans from the WAN. This protects against port floods
What is Stealth Mode
200
Which of the following combines several layers of security services and network functions into one piece of hardware?
What is Unified Threat Management (UTM)
300
An appliance, also known as an all-in-one appliance, that combines several layers of security and networking services into one solution
What is UTM
300
This makes decisions about the traffic to allow based on virtual circuits or sessions
What is a Circuit-level Gateway
300
What are the TWO (2) detection methods used by IDS systems
What are Signature based and Anamoly Based
300
Saves changes to the iptables on Ubontu systems.
What is : sudo /sbin/iptables-save
300
Blocks the sending of incomplete IP packets
What are Fragmented Packets
300
Based on the diagram, which type of proxy server is handling the clients request
What is Reverse Proxy Server
400
A buffer network that is located between a private network and an untrusted network
What is a Screened Subnet
400
What are the 3 Iptable chain commands
What are Input, Forward, and Output
400
This type of IDS implementation monitors systems data on an INDIVIDUAL host such as a server. It analyzes changes made to the operating system files, software applications adn logs
What is Host-Based intrusion detection system or HIDS
400
Drops all incoming traffic
What is : sudo iptables -A INPUT -j DROP
400
Monitors the rate of SYN packets during a configuration period to help prevent flood
What is SYN Flood Detect Rate/Echo storm detect rate
400
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
What is Host-based IDS
500
This is a router that is most external to the network and closest to the internet. It uses ACLs to filter packets as a form of security
What is a Screened Router
500
What are the two ways you can use a "deny"
What are Implicit Deny and Explicit Deny
500
A pyshical device or sensor that triggers an alarm. Can alert of trespassers and can be easily added to existing networks
What is Perimeter Intrusion Detection Systems (PIDs)
500
Blocks all connections associated with the IP address of 192.168.0.254
What is : sudo iptables -A INPUT -s 192.168.0.254 -j DROP
500
Drops all invalid TCP packets
What is TCP Flood
500
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated or stopped the traffic?
What is False Positive