it security defense against the digital dark arts week 4 answers
Secure Network Architecture
1. Why is normalizing log data important in a centralized logging setup?
- Log normalizing detects potential attacks.
- Uniformly formatted logs are easier to store and analyze.
- The data must be decrypted before sending it to the log server.
- It’s difficult to analyze abnormal logs.
2. What type of attacks does a flood guard protect against? Check all that apply.
- DDoS attacks
- SYN floods
- Man-in-the-middle attacks
- Malware infections
3. What does DHCP Snooping protect against?
- DDoS attacks
- Rogue DHCP server attacks
- Brute-force attacks
- Data theft
4. What does Dynamic ARP Inspection protect against?
- Malware infections
- ARP poisoning attacks
- Rogue DHCP server attacks
- DDoS attacks
5. What does IP Source Guard protect against?
- Brute-force attacks
- Rogue DHCP server attacks
- IP spoofing attacks
- DDoS attacks
6. What does EAP-TLS use for mutual authentication of both the server and the client?
- Digital certificates
- Usernames and passwords
- One-time passwords
- Biometrics
7. Why is it recommended to use both network-based and host-based firewalls? Check all that apply.
- For protection for mobile devices, like laptops
- For protection against man-in-the-middle attacks
- For protection against DDoS attacks
- For protection against compromised hosts on the same network
8. What are some weaknesses of the WEP scheme? Select all that apply.
- Its poor key generation methods
- Its small IV pool size
- Its use of ASCII characters for passphrases
- Its use of the RC4 stream cipher
9. What symmetric encryption algorithm does WPA2 use?
- AES
- DSA
- DES
- RSA
10. How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.
- Use a very long and complex passphrase.
- Update firewall rules.
- Implement lockout periods for incorrect attempts.
- Disable WPS.
11. Select the most secure WiFi security configuration from below:
- WPA enterprise
- WPA2 personal
- WEP 128 bit
- WPA personal
- None
- WPA2 enterprise
12. What process authenticates clients to a network?
- WPA2
- HMAC-SHA1
- TKIP
- Four-way handshake
13. What does tcpdump do? Select all that apply.
- Analyzes packets and provides a textual analysis
- Captures packets
- Generates packets
- Encrypts your packets
14. What does wireshark do differently from tcpdump? Check all that apply.
- It can capture packets and analyze them.
- It understands more application-level protocols.
- It has a graphical interface.
- It can write packet captures to a file.
15. What factors should you consider when designing an IDS installation? Check all that apply.
- Internet connection speed
- Traffic bandwidth
- OS types in use
- Storage capacity
16. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?
- An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
- An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
- An IDS can detect malware activity on a network, but an IPS can’t
- They are the same thing.
17. What factors would limit your ability to capture packets? Check all that apply.
- Network interface not being in promiscuous or monitor mode
- Anti-malware software
- Encryption
- Access to the traffic in question
18. What does tcpdump do?
- Handles packet injection
- Brute forces password databases
- Generates DDoS attack traffic
- Performs packet capture and analysis
19. What can protect your network from DoS attacks?
- DHCP Snooping
- Dynamic ARP Inspection
- Flood Guard
- IP Source Guard
20. What occurs after a Network Intrusion Detection System (NIDS) first detects an attack?
- Triggers alerts
- Shuts down
- Blocks traffic
- Disables network access
21. What does a Network Intrusion Prevention System (NIPS) do when it detects an attack?
- It blocks the traffic.
- It does nothing.
- It triggers an alert.
- It attacks back.
22. How do you protect against rogue DHCP server attacks?
- IP Source Guard
- Flood Guard
- Dynamic ARP Inspection
- DHCP Snooping
23. What underlying symmetric encryption cipher does WEP use?
- RSA
- AES
- RC4
- DES
24. What traffic would an implicit deny firewall rule block?
- Outbound traffic only
- Nothing unless blocked
- Everything that is not explicitly permitted or allowed
- Inbound traffic only
25. What allows you to take all packets from a specified port, port range, or an entire VLAN and mirror the packets to a specified switch port?
- DHCP Snooping
- Promiscuous Mode
- Network hub
- Port Mirroring
26. What kind of attack does IP Source Guard (IPSG) protect against?
- IP Spoofing attacks
- DoS attacks
- ARP Man-in-the-middle attacks
- Rogue DHCP Server attacks
27. What can be configured to allow secure remote connections to web applications without requiring a VPN?
- Reverse proxy
- RC4
- NIDS
- Web browser
27. What can be configured to allow secure remote connections to web applications without requiring a VPN?
- Reverse proxy
- RC4
- NIDS
- Web browser