1. Why is normalizing log data important in a centralized logging setup?
Answers
·
Log normalizing detects potential
attacks.
·
Uniformly formatted logs
are easier to store and analyze.
·
The data must be decrypted before
sending it to the log server.
·
It’s difficult to analyze abnormal
logs.
2. What type of attacks
does a flood guard protect against? Check all that apply.
Answers
·
DDoS attacks
·
SYN floods
·
Man-in-the-middle attacks
·
Malware infections
Explanation: A security system known as a flood guard is one that is
intended to safeguard against a wide variety of flooding-related threats. It
helps to prevent the system or network from being overloaded with an excessive
amount of traffic or requests. The deployment of flood guards is an essential
component of network security that must be carried out in order to guarantee
the availability and dependability of services in the face of intentional
flooding assaults.
3. What does DHCP
Snooping protect against?
Answers
·
DDoS attacks
·
Rogue DHCP server attacks
·
Brute-force attacks
·
Data theft
Explanation: A network may be protected against malicious DHCP (Dynamic
Host Configuration Protocol) servers by using a security feature called DHCP
Snooping. Rogue DHCP servers may introduce vulnerabilities into a network by
providing clients with network configuration information that is either
inaccurate or malicious. This kind of attack may be avoided with the assistance
of DHCP Snooping, which validates DHCP servers.
4. What does Dynamic ARP
Inspection protect against?
Answers
·
Malware infections
·
ARP poisoning attacks
·
Rogue DHCP server attacks
·
DDoS attacks
Explanation: ARP (Address Resolution Protocol) spoofing attacks may be
avoided with the use of a security feature known as Dynamic ARP Inspection, or
DAI for short. Sending bogus ARP packets is part of the process known as ARP
spoofing. This technique is used to disguise an attacker's MAC address by
making it seem to come from the IP address of a valid network device.
Validating ARP packets inside a network is one of the ways in which DAI
contributes to the prevention of attacks of this kind.
5. What does IP Source
Guard protect against?
Answers
·
Brute-force attacks
·
Rogue DHCP server attacks
·
IP spoofing attacks
·
DDoS attacks
Explanation: IP
Source Guard is a feature of a security system that guards a network against
assaults that include IP address spoofing. An attacker may conduct a variety of
assaults against a network by using a technique known as IP address spoofing.
This technique includes the attacker faking the source IP address of packets in
order to trick the network. By guaranteeing that only legitimate and approved
IP addresses are permitted on the network, IP Source Guard contributes to the
prevention of assaults of this kind.
6. What does EAP-TLS use
for mutual authentication of both the server and the client?
Answers
·
Digital certificates
·
Usernames and passwords
·
One-time passwords
·
Biometrics
Explanation: The Extensible Authentication Protocol with Transport Layer
Security, often known as EAP-TLS, is a protocol that utilizes digital
certificates for the purpose of performing mutual authentication between the
client and the server.Because each party (server and client) owns a distinct
certificate that is signed by a reliable certificate authority (CA), the usage
of digital certificates in EAP-TLS offers a high degree of security for mutual
authentication. This is because EAP-TLS makes use of digital certificates. This
facilitates the establishment of a communication channel that is both safe and
encrypted between the client and the server.
7. Why is it recommended
to use both network-based and host-based firewalls? Check all that apply.
Answers
·
For protection for mobile
devices, like laptops
·
For protection against
man-in-the-middle attacks
·
For protection against DDoS attacks
· For protection against compromised hosts on the same network
8. What are some
weaknesses of the WEP scheme? Select all that apply.
Answers
·
Its poor key generation
methods
·
Its small IV pool size
·
Its use of ASCII characters for
passphrases
·
Its use of the RC4 stream
cipher
Explanation: Because of these flaws, the WEP encryption protocol is
regarded as being very unsafe, and its usage is severely discouraged. The
weaknesses of the WEP security protocol have inspired the development of more
recent Wi-Fi security protocols such as WPA (Wi-Fi Protected Access) and
WPA2/WPA3, which together provide wireless networks a higher level of
protection.
9. What symmetric
encryption algorithm does WPA2 use?
Answers
·
AES
·
DSA
·
DES
·
RSA
Explanation: The Advanced Encryption Standard (AES) is the primary
technique that is used for symmetric encryption in WPA2, also known as Wi-Fi
Protected Access 2. In particular, the Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol (CCMP) is used by WPA2 in order to ensure
both the secrecy and integrity of transmitted data.
The Advanced Encryption Standard (AES) is a symmetric
encryption algorithm that is well renowned for its high level of security. The
incorporation of AES into WPA2 increases the overall security of Wi-Fi networks
by providing strong encryption for wireless communications. It took the place
of the Temporal Key Integrity Protocol (TKIP), which was used in the first
version of WPA (Wi-Fi Protected Access) and was considered to be less secure.
When compared to its predecessors, the usage of AES-CCMP in WPA2 is seen as a
substantial enhancement in terms of the level of security it provides.
10. How can you reduce
the likelihood of WPS brute-force attacks? Check all that apply.
Answers
·
Use a very long and complex
passphrase.
·
Update firewall rules.
·
Implement lockout periods
for incorrect attempts.
·
Disable WPS.
Explanation: Implementing security measures to defend against
unauthorized efforts to guess or break the WPS PIN is one way to reduce the
possibility of WPS (Wi-Fi Protected Setup) brute-force attacks. This is done as
part of the process of reducing the risk of WPS (Wi-Fi Protected Setup)
brute-force attacks. The use of a combination of these security measures
improves the safety of WPS and lowers the likelihood that an unsuccessful
brute-force attack would be attempted.
11. Select the most
secure WiFi security configuration from below:
Answers
·
WPA enterprise
·
WPA2 personal
·
WEP 128 bit
·
WPA personal
·
None
· WPA2 enterprise
12. What process
authenticates clients to a network?
Answers
·
WPA2
·
HMAC-SHA1
·
TKIP
· Four-way handshake
13. What does tcpdump
do? Select all that apply.
Answers
·
Analyzes packets and
provides a textual analysis
·
Captures packets
·
Generates packets
·
Encrypts your packets
Explanation: Tcpdump is a sophisticated tool that is often used by
developers, network administrators, and security experts for the purpose of
debugging, monitoring, and analyzing network traffic. During the process of
gathering and analyzing network traffic, it provides flexibility and
granularity.
14. What does wireshark
do differently from tcpdump? Check all that apply.
Answers
·
It can capture packets and analyze
them.
·
It understands more
application-level protocols.
·
It has a graphical
interface.
·
It can write packet captures to a
file.
Explanation: Wireshark has a graphical user interface, which enables
users to visually view recorded packets in an approach that is friendlier to
newcomers to the software. Tcpdump, on the other hand, is an application that
is run from the command line and does not have a graphical user interface.
The display of packets in Wireshark is colorized, which
makes it much simpler to identify between the several protocols and packet
kinds. The readability of the various sorts of packets is improved by the use
of colors that are distinct from one another. Tcpdump presents data in a simple
text format without any colorization of the packets it examines.
15. What factors should
you consider when designing an IDS installation? Check all that apply.
Answers
·
Internet connection speed
·
Traffic bandwidth
·
OS types in use
·
Storage capacity
Explanation: In order to guarantee that an Intrusion Detection System
(IDS) installation is designed properly and can effectively identify and react
to security occurrences, considerable attention has to be given to a variety of
elements throughout the design process.
It is important to have a solid understanding of the
organization's network topology, which includes the positioning of vital
resources, subnets, and network segments. Determine the locations where to
strategically put IDS sensors in order to monitor the relevant traffic.
Conduct an investigation on the kinds of network traffic
that should be anticipated in the setting, including the typical patterns and
protocols. Having this insight is beneficial when it comes to establishing
proper detection rules and thresholds.
Determine which essential assets and systems need more
monitoring and protection, then rank them in order of importance. Put the
emphasis of your intrusion detection system (IDS) on the places that would
suffer the greatest damage in the event of a security breach.
16. What is the
difference between an Intrusion Detection System and an Intrusion Prevention
System?
Answers
·
An IDS can actively block attack
traffic, while an IPS can only alert on detected attack traffic.
·
An IDS can alert on
detected attack traffic, but an IPS can actively block attack traffic.
·
An IDS can detect malware activity on
a network, but an IPS can’t
·
They are the same thing.
Explanation: Both
an Intrusion Detection System, also known as an IDS, and an Intrusion
Prevention System, also known as an IPS, are examples of cybersecurity
technologies that are intended to prevent intrusions.
17. What factors would
limit your ability to capture packets? Check all that apply.
Answers
·
Network interface not
being in promiscuous or monitor mode
·
Anti-malware software
·
Encryption
· Access to the traffic in question
18. What does tcpdump
do?
Answers
·
Handles packet injection
·
Brute forces password databases
·
Generates DDoS attack traffic
·
Performs packet capture
and analysis
Explanation: Oh,
the tcpdump tool! It's like having access to the networking version of Sherlock
Holmes. On a network, it actively searches for and seizes data packets. You may
use it to examine what's occurring in the data stream, solve issues, or simply
satisfy your natural interest about it.
19. What can protect
your network from DoS attacks?
Answers
·
DHCP Snooping
·
Dynamic ARP Inspection
·
Flood Guard
· IP Source Guard
20. What occurs after a
Network Intrusion Detection System (NIDS) first detects an attack?
Answers
·
Triggers alerts
·
Shuts down
·
Blocks traffic
· Disables network access
21. What does a Network
Intrusion Prevention System (NIPS) do when it detects an attack?
Answers
·
It blocks the traffic.
·
It does nothing.
·
It triggers an alert.
·
It attacks back.
Explanation: In its most basic form, NIPS is concerned not only with
detecting intrusions but also with actively preventing such intrusions from
inflicting damage. It is the watchdog of the digital sphere, keeping constant
vigilance and standing ready to repel any attacks from the internet.
22. How do you protect
against rogue DHCP server attacks?
Answers
·
IP Source Guard
·
Flood Guard
·
Dynamic ARP Inspection
·
DHCP Snooping
Explanation: This is analogous to having reliable court attendants who
keep an eye on which DHCP servers are authorized to distribute content to
clients. Your network switches should have DHCP snooping enabled so that they
will only let DHCP answers to come from authorized servers.
23. What underlying
symmetric encryption cipher does WEP use?
Answers
·
RSA
·
AES
·
RC4
·
DES
Explanation: The Wired Equivalent Privacy protocol, often known as WEP,
employs the RC4 stream cipher as its underlying symmetric encryption method.
This protocol is no longer used since it is seen to be unsafe and has become
outdated. The RC4 stream cipher is a symmetric key stream cipher, which means
that it encrypts and decrypts data using the same key.
However, it is essential to keep in mind that WEP is riddled with substantial security flaws, and thus, its use in contemporary Wi-Fi networks is not encouraged. Its encryption may be cracked with relative ease, and as a result, more secure solutions such as WPA (Wi-Fi Protected Access) and WPA2 have been created to compensate for these flaws.
24. What traffic would
an implicit deny firewall rule block?
Answers
·
Outbound traffic only
·
Nothing unless blocked
·
Everything that is not
explicitly permitted or allowed
·
Inbound traffic only
Explanation: The implicit refuse rule in a firewall is sometimes
referred to as "the silent guardian." It acts as an unsung hero that,
by default, prevents traffic from being permitted unless it is specifically
approved. If a firewall contains an implicit deny rule at the very end of its
rule set, then it will prevent any traffic that does not meet any of the
explicit allow rules that came before it from passing through.
To put it another way, it's the same as telling someone,
"Unless I've specifically said you can come in, you're not getting past
the gate." Therefore, the implicit deny rule will cause the firewall to
reject any traffic that does not comply with the requirements specified in the
rules for the firewall. It provides an additional degree of protection to
ensure that only authorized traffic passes through the area.
25. What allows you to
take all packets from a specified port, port range, or an entire VLAN and
mirror the packets to a specified switch port?
Answers
·
DHCP Snooping
·
Promiscuous Mode
·
Network hub
·
Port Mirroring
Explanation: Oh, you're referring about port mirroring or the Switched
Port Analyzer, right? It's just like having a closed-circuit television camera
monitoring the traffic on your network! You can duplicate or mirror the
packets that are sent from a particular port, port range, or even an entire
VLAN by using port mirroring and sending them to another switch port that has
been specifically selected.
When doing network analysis, monitoring, or
troubleshooting, this comes in helpful. It would be the same as having a copy
of all the letters written and received in the kingdom forwarded to a hidden
room for review.
To configure port mirroring, you will normally
need to visit the settings of your switch and choose the source (the location
from which you want to copy the packets) and the destination (the location to
which you want to transmit the mirrored packets).
It is a strong tool that network managers may use to
maintain a vigilant check on the traffic without interfering with the usual data flow.
26. What kind of attack
does IP Source Guard (IPSG) protect against?
Answers
·
IP Spoofing attacks
·
DoS attacks
·
ARP Man-in-the-middle attacks
·
Rogue DHCP Server attacks
Explanation: IP Source Guard (IPSG) operates like a watchful guard tasked with defending the kingdom from the introduction of
imposter messengers. It protects especially against attacks that involve
impersonating IP addresses.
When conducting an attack using IP address spoofing,
hostile actors would intentionally falsify the source IP address of their
packets to trick the network. It is the same as mailing letters to
people with a fictitious return address to deceive them. IPSG
contributes to preventing this issue by checking to see if the IP
addresses included inside the incoming packets on a network are identical to
the allowed IP addresses connected to the particular ports.
IPSG helps to protect the network's integrity by acting in
this manner, which prevents potential attackers from pretending to be someone
else on the network. To protect the integrity of the network and guarantee that
data packets are only accepted from trusted origins, this critical layer of
protection is essential.
27. What can be configured to allow
secure remote connections to web applications without requiring a VPN?
Answers
· Reverse
proxy
· RC4
· NIDS
· Web
browser
Explanation: Make it mandatory for all of your online apps to utilize HTTPS. SSL/TLS protocols give an extra degree of security by encrypting the data that is sent between the user's device and the web server. This helps to avoid eavesdropping. Put in place multi-factor authentication for an additional degree of protection. To access the online apps, users would need more than simply a password. Typically, users would require a combination of something they know (password) and something they have (for example, a code from a mobile app).
