CISSP PRACTICE QUESTIONS – 20201026

Effective CISSP Questions

You intend to monitor, detect, and prevent unknown malicious traffic on your network. Which of the following is the best solution?
A. An appliance that authenticates devices to grant network access
B. A host that examines and filters network packets between zones
C. A device that imitates a legitimate server and behaves like “baiting” a suspect
D. A node that blocks traffic by comparing a sample of traffic against a known baseline


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. A node that blocks traffic by comparing a sample of traffic against a known baseline.

It’s not effective to detect unknown malicious traffic by signature-matching mechanisms or static/predefined firewall policies. Preventing unknown malicious traffic requires active actions; honeypots or padded cells are passive measures for monitoring and detecting intrusions.

Intrusion Prevention System

Anomaly-based IPS can block traffic by comparing a sample of traffic against a known baseline.

The detection method employed may be signature or anomaly-based. Predefined signatures are patterns of well-known network attacks. The IPS compares packet flows with the signature to see if there is a pattern match. Anomaly-based intrusion detection systems uses heuristics to identify threats, for instance comparing a sample of traffic against a known baseline.

Source: Check Point

Network Access Control (NAC)

Network Access Control (NAC) can be enforced by implementing an appliance that authenticates devices to grant network access. Network Access Control builds a known security context by authenticating devices or users for network access. It’s not effective for unknown malicious traffic because it won’t observe or inspect the network traffic. Blacklists or whitelists of MAC addresses and 802.1X authentication are common NAC mechanisms.

Firewall

A traditional firewall examines and filters network packets between zones based on predefined policies that won’t act on unknown malicious traffic effectively.

Next-generation firewalls (NGFW) can operate at the application level and support grouping resources into microsegments. If employed in a Zero Trust architecture, it prevents lateral movement and provides better visibility. Anomaly-based IPS can be implemented as one of its security features.

The following are NGFW features mentioned by Imperva:

  1. Blocking threats at the network edge
  2. Geolocation
  3. Reverse proxy/web gateway
  4. Intrusion Detection and Prevention Systems (IDS/IPS)

A next generation firewall (NGFW) provides capabilities beyond that of a stateful network firewall, technology that was first pioneered in 1994 by Check Point Software Technologies. A stateful firewall is a network security device that filters incoming and outgoing network traffic based upon Internet Protocol (IP) port and IP addresses. By intelligently inspecting the payload of some packets, new connection requests can be associated with existing legitimate connections. A next generation firewall adds additional features such as application control, integrated intrusion prevention (IPS) and often more advanced threat prevention capabilities like sandboxing.

Source: Check Point

Honeypot

A honeypot imitates a legitimate server and behaves like “baiting” a suspect. It’s good at detecting intrusion and monitoring attacker’s behavior, but acts passively and won’t prevent unknown malicious traffic.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您打算監視、偵測和阻止網絡上未知的惡意流量。 以下哪項是最佳解決方案?
A. 對設備進行身份驗證以授予網絡訪問權限的設備
B. 檢查和過濾區域之間的網絡數據包的主機
C. 模仿合法服務器並表現為“誘捕”可疑設備的設備
D. 通過將流量樣本與已知基准進行比較來阻止流量的節點

 

Leave a Reply