it security defense against the digital dark arts week 4 answers

Secure Network Architecture

1. Why is normalizing log data important in a centralized logging setup?

  • Log normalizing detects potential attacks.
  • Uniformly formatted logs are easier to store and analyze.
  • The data must be decrypted before sending it to the log server.
  • It’s difficult to analyze abnormal logs.

2. What type of attacks does a flood guard protect against? Check all that apply.

  • DDoS attacks
  • SYN floods
  • Man-in-the-middle attacks
  • Malware infections

3. What does DHCP Snooping protect against?

  • DDoS attacks
  • Rogue DHCP server attacks
  • Brute-force attacks
  • Data theft

4. What does Dynamic ARP Inspection protect against?

  • Malware infections
  • ARP poisoning attacks
  • Rogue DHCP server attacks
  • DDoS attacks

5. What does IP Source Guard protect against?

  • Brute-force attacks
  • Rogue DHCP server attacks
  • IP spoofing attacks
  • DDoS attacks

6. What does EAP-TLS use for mutual authentication of both the server and the client?

  • Digital certificates
  • Usernames and passwords
  • One-time passwords
  • Biometrics

7. Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

  • For protection for mobile devices, like laptops
  • For protection against man-in-the-middle attacks
  • For protection against DDoS attacks
  • For protection against compromised hosts on the same network

8. What are some weaknesses of the WEP scheme? Select all that apply.

  • Its poor key generation methods
  • Its small IV pool size
  • Its use of ASCII characters for passphrases
  • Its use of the RC4 stream cipher

9. What symmetric encryption algorithm does WPA2 use?

  • AES
  • DSA
  • DES
  • RSA

10. How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

  • Use a very long and complex passphrase.
  • Update firewall rules.
  • Implement lockout periods for incorrect attempts.
  • Disable WPS.

11. Select the most secure WiFi security configuration from below:

  • WPA enterprise
  • WPA2 personal
  • WEP 128 bit
  • WPA personal
  • None
  • WPA2 enterprise

12. What process authenticates clients to a network?

  • WPA2
  • HMAC-SHA1
  • TKIP
  • Four-way handshake

13. What does tcpdump do? Select all that apply.

  • Analyzes packets and provides a textual analysis
  • Captures packets
  • Generates packets
  • Encrypts your packets

14. What does wireshark do differently from tcpdump? Check all that apply.

  • It can capture packets and analyze them.
  • It understands more application-level protocols.
  • It has a graphical interface.
  • It can write packet captures to a file.

15. What factors should you consider when designing an IDS installation? Check all that apply.

  • Internet connection speed
  • Traffic bandwidth
  • OS types in use
  • Storage capacity

16. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

  • An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
  • An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
  • An IDS can detect malware activity on a network, but an IPS can’t
  • They are the same thing.

17. What factors would limit your ability to capture packets? Check all that apply.

  • Network interface not being in promiscuous or monitor mode
  • Anti-malware software
  • Encryption
  • Access to the traffic in question

18. What does tcpdump do?

  • Handles packet injection
  • Brute forces password databases
  • Generates DDoS attack traffic
  • Performs packet capture and analysis

19. What can protect your network from DoS attacks?

  • DHCP Snooping
  • Dynamic ARP Inspection
  • Flood Guard
  • IP Source Guard

20. What occurs after a Network Intrusion Detection System (NIDS) first detects an attack?

  • Triggers alerts
  • Shuts down
  • Blocks traffic
  • Disables network access

21. What does a Network Intrusion Prevention System (NIPS) do when it detects an attack?

  • It blocks the traffic.
  • It does nothing.
  • It triggers an alert.
  • It attacks back.

22. How do you protect against rogue DHCP server attacks?

  • IP Source Guard
  • Flood Guard
  • Dynamic ARP Inspection
  • DHCP Snooping

23. What underlying symmetric encryption cipher does WEP use?

  • RSA
  • AES
  • RC4
  • DES

24. What traffic would an implicit deny firewall rule block?

  • Outbound traffic only
  • Nothing unless blocked
  • Everything that is not explicitly permitted or allowed
  • Inbound traffic only

25. What allows you to take all packets from a specified port, port range, or an entire VLAN and mirror the packets to a specified switch port?

  • DHCP Snooping
  • Promiscuous Mode
  • Network hub
  • Port Mirroring

26. What kind of attack does IP Source Guard (IPSG) protect against?

  • IP Spoofing attacks
  • DoS attacks
  • ARP Man-in-the-middle attacks
  • Rogue DHCP Server attacks

27. What can be configured to allow secure remote connections to web applications without requiring a VPN?

  • Reverse proxy
  • RC4
  • NIDS
  • Web browser

27. What can be configured to allow secure remote connections to web applications without requiring a VPN?

  • Reverse proxy
  • RC4
  • NIDS
  • Web browser

Leave a Reply