Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
|
A type of intrusion prevention that runs on a single computer, such as a client or server, to intercept and help prevent attacks against that one host. |
HIPS (host-based intrusion prevention system) |
|
|
A type of intrusion detection that protects an entire network and is situated at the edge of the network or in a network's protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns. |
NIDS (network-based intrusion detection system) |
|
|
A program that runs independently and travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses. |
worm |
|
|
A type of intrusion detection that runs on a single computer, such as a client or server, to alert about attacks against that one host. |
HIDS (host-based intrusion detection system) |
|
|
A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network's overall security net. |
backdoor |
|
|
A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users. |
virus |
|
|
A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices. |
proxy service |
|
|
A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack. |
smurf attack |
|
|
A specification created by the NSA to define protection standards against RF emanation, which when implemented are called EmSec (emission security). |
TEMPEST |
|
|
A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network's security. |
acceptable use policy (AUP) |
|
|
An attack in which hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts is known as what option below? |
banner-grabbing attack |
|
|
An attack that involves a person redirecting or capturing secure transmissions as they occur is known as what type of attack? |
man-in-the-middle attack |
|
|
A proxy that provides Internet clients access to services on its own network is known as what type of proxy? |
reverse proxy |
|
|
A reflective attack can be increased in intensity by combining it with what type of attack? |
amplification attack |
|
|
A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below? |
SIEM system |
|
|
At what layer of the OSI model do firewalls operate? |
Network |
|
|
Botnets often make use of what chat protocol in order to receive commands? |
IRC |
|
|
If multiple honeypots are connected to form a larger network, what term is used to describe the network? |
honeynet |
|
|
In ACL statements, the any keyword is equivalent to using what wildcard mask below? |
0.0.0.0 |
|
|
Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below? |
worms |
|
|
The process in which a person attempts to glean access for authentication information by posing as someone who needs that information is known as what option below? |
phishing |
|
|
What characteristic of viruses make it possible for a virus to potentially change its characteristics (such as file size, and internal instructions) to avoid detection? |
polymorphism |
|
|
What feature on some network switches can be used to detect faked arp messages? |
dynamic ARP inspection |
|
|
What kind of attack involves a flood of broadcast ping messages, with the originating source address being spoofed to appear as a host on the network?
|
smurf attack |
|
|
What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it's just part of the wire? |
virtual wire mode |
|
|
What two options below are IDS implementations used to provide additional security on a network? |
HIDS, NIDS |
|
|
What two terms describe a network of compromised computers that are then used to perform coordinated DDoS attacks without their owners' knowledge or consent? |
botnet, zombie army |
|
|
What two types of agents are used to check compliance with network security policies? |
dissolvable agent, persistent agent |
|
|
What type of virus are dormant until a specific condition is met, such as the changing of a file or a match of the current date? |
logic bomb |
|
|
Which option below is a standard created by the NSA that defines protections against radio frequency emanations? |
TEMPEST |
|
|
Which software below combines known scanning techniques and exploits to allow for hybrid exploits? |
metasploit |
|
|
Which software below serves as the firewall for Linux systems? |
iptables |
|
|
Which two terms can be used to describe a decoy system that is purposely vulnerable for the sake of attracting attackers? |
honeypot, lure |
|
|
Which two viruses below are examples of boot sector viruses? |
Michelangelo, Stoned |
|
|
Which virus below combines polymorphism and stealth techniques to create a very destructive virus? |
Natas |
|
|
A firewall typically involves a combination of hardware and software. |
True |
|
|
A SOHO wireless router typically acts as a firewall and may include packet filtering options. |
True |
|
|
Different types of organizations have similar levels of network security risks. |
False |
|
|
The simplest type of firewall is a content filtering firewall. |
False |
|
|
The term malware is derived from a combination of the words malicious and software. |
True |
|
|
A __________ form is a document that is used to ensure that employees are aware of the fact that their use of company equipment and accounts will be monitored and reviewed as needed for security purposes. |
consent to monitoring |
|
|
A _________ on a device attempts to alter management interfaces within the hardware to the point where the device is irreparable. |
physical attack |
|
|
Networks that use __________, such as T-1 or DSL connections to the Internet, are vulnerable to eavesdropping at a building' s demarc (demarcation point), at a remote switching facility, or in a central office. |
leased public lines |
|
|
The _________ proxy server software is available for use on the UNIX / Linux platform. |
SQUID |
|
|
The ________ utility is a Windows console that is used to control what users do and how the system can be used. |
gpedit.msc |
