Whats the recommended way to protect a WPA2 network check all that apply quizlet?

Why is normalizing log data important in a centralized logging setup?

Uniformly formatted logs are easier to store and analyze.

Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system.

What type of attacks does a flood guard protect against? Check all that apply.

DDoS attacks

SYN floods

A flood guard protects against attacks that overwhelm networking resources, like DoS attacks and SYN floods.

What does DHCP Snooping protect against?

Rogue DHCP server attacks

DHCP snooping is designed to guard against rogue DHCP attacks. The switch can be configured to transmit DHCP responses only when they come from the DHCP server's port.

What does Dynamic ARP Inspection protect against?

ARP poisoning attacks

Dynamic ARP inspection protects against ARP poisoning attacks by watching for ARP packets. If an ARP packet doesn't match the table of MAC address and IP address mappings generated by DHCP snooping, the packet will be dropped as invalid or malicious.

What does IP Source Guard protect against?

IP spoofing attacks

IP Source Guard prevents an attacker from spoofing an IP address on the network. It does this by matching assigned IP addresses to switch ports, and dropping unauthorized traffic.

What does EAP-TLS use for mutual authentication of both the server and the client?

Digital certificates

The client and server both present digital certificates, which allows both sides to authenticate the other, providing mutual authentication.

Why is it recommended to use both network-based and host-based firewalls? Check all that apply.

For protection against compromised hosts on the same network

For protection for mobile devices, like laptops

Using both network- and host-based firewalls provides protection from external and internal threats. This also protects hosts that move between trusted and untrusted networks, like mobile devices and laptops.

What are some weaknesses of the WEP scheme? Select all that apply.

Its use of the RC4 stream cipher

Its small IV pool size

The RC4 stream cipher had a number of design flaws and weaknesses. WEP also used a small IV value, causing frequent IV reuse. Lastly, the way that the encryption keys were generated was insecure.

What symmetric encryption algorithm does WPA2 use?

AES

WPA2 uses CCMP. This utilizes AES in counter mode, which turns a block cipher into a stream cipher.

How can you reduce the likelihood of WPS brute-force attacks? Check all that apply.

Disable WPS.

Implement lockout periods for incorrect attempts.

Ideally, you should disable WPS entirely if you can. If you need to use it, then you should use a lockout period to block connection attempts after a number of incorrect ones.

Select the most secure WiFi security configuration from below:

WPA2 enterprise

WPA2 Enterprise would offer the highest level of security for a WiFi network. It offers the best encryption options for protecting data from eavesdropping third parties, and does not suffer from the manageability or authentication issues that WPA2 Personal has with a shared key mechanism. WPA2 Enterprise used with TLS certificates for authentication is one of the best solutions available.

What process authenticates clients to a network?

Four-way handshake

This process is called the Four-Way Handshake, since it's made up of four exchanges of data between the client and AP. It's designed to allow an AP to confirm that the client has the correct pairwise master key, or pre-shared key in a WPA-PSK setup without disclosing the PMK.

What does tcpdump do? Select all that apply.

Analyzes packets and provides a textual analysis

Captures packets

Tcpdump is a popular, lightweight command line tool for capturing packets and analyzing network traffic.

What does wireshark do differently from tcpdump? Check all that apply.

It understands more application-level protocols.

It has a graphical interface.

tcpdump is a command line utility, while wireshark has a powerful graphical interface. While tcpdump understands some application-layer protocols, wireshark expands on this with a much larger complement of protocols understood.

What factors should you consider when designing an IDS installation? Check all that apply.

Storage capacity

Traffic bandwidth

It's important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet capture retention reasons.

What is the difference between an Intrusion Detection System and an Intrusion Prevention System?

An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.

An IDS only detects intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack traffic.

What factors would limit your ability to capture packets? Check all that apply.

Network interface not being in promiscuous or monitor mode

Access to the traffic in question

If your NIC isn't in monitor or promiscuous mode, it'll only capture packets sent by and sent to your host. In order to capture traffic, you need to be able to access the packets. So, being connected to a switch wouldn't allow you to capture other clients' traffic.

What does tcpdump do?

Performs packet capture and analysis

tcpdump captures and analyzes packets for you, interpreting the binary information contained in the packets and converting it into a human-readable format.

What can protect your network from DoS attacks?

Flood Guard

Flood guards provide protection from DoS attacks by blocking common flood attack traffic when it's detected.

What occurs after a Network Intrusion Detection System (NIDS) first detects an attack?

Triggers alerts

What does a Network Intrusion Prevention System (NIPS) do when it detects an attack?

It blocks the traffic.

An NIPS would make adjustments to firewall rules on the fly, and drop any malicious traffic detected.

How do you protect against rogue DHCP server attacks?

DHCP Snooping

DHCP snooping prevents rogue DHCP server attacks. It does this by creating a mapping of IP addresses to switch ports and keeping track of authoritative DHCP servers.

What underlying symmetric encryption cipher does WEP use?

RC4

WEP uses the RC4 stream cipher.

What traffic would an implicit deny firewall rule block?

Everything that is not explicitly permitted or allowed

Implicit deny means that everything is blocked, unless it's explicitly allowed.

What allows you to take all packets from a specified port, port range, or an entire VLAN and mirror the packets to a specified switch port?

Port Mirroring

What kind of attack does IP Source Guard (IPSG) protect against?

IP Spoofing attacks

IP Source Guard protects against IP spoofing. It does this by dynamically generating ACLs for each switch port, only permitting traffic for the mapped IP address for that port.

What can be configured to allow secure remote connections to web applications without requiring a VPN?

Reverse proxy

A reverse proxy can be used to allow remote access into a network.

What is the recommended way to protect a WPA2 network?

What symmetric encryption algorithm does WPA2 use?

What key lengths does WEP encryption support check all that apply 1 point?

What traffic would and implicit deny firewall rule block?