112-51 Questions and Answers

A firewall is a software or a hardware device on a network or host that filters the incoming and outgoing traffic to prevent unauthorized access to private networks. A firewall can use various criteria, such as IP addresses, ports, protocols, or application rules, to allow or deny the traffic. A firewall can also perform other functions, such as logging, auditing, encryption, or proxy services.A firewall can be deployed at different levels of a network, such as network perimeter, network segment, or host level12.References:Network Defense Essentials - EC-Council Learning,Firewall (computing) - Wikipedia

anonymous proxy is a type of proxy that hides the user’s IP address and other identifying information from the web servers they access. An anonymous proxy acts as an intermediary between the user and the internet, and it modifies the HTTP headers to prevent the web servers from tracking the user’s location, browser, or device. An anonymous proxy can help the user bypass geo-restrictions, censorship, and online surveillance. However, an anonymous proxy does not encrypt the user’s traffic, and it may still leak some information to the proxy provider or other third parties. An anonymous proxy is the type of proxy employed by Mary in the above scenario, as she used a proxy tool that makes her online activity untraceable.References:

• What is a Proxy Server and How Does it Work?
• 13 Best Proxy Tools for PC [2024 Reviewed]- Section: Anonymous proxies
• The Fastest Free Proxy

Two-factor authentication (2FA) is a type of authentication that requires users to provide two or more forms of verification to access an online account. 2FA is a multi-layered security measure designed to prevent hackers from accessing user accounts using stolen or shared credentials. 2FA typically combines something the user knows (such as a password or PIN), something the user has (such as a phone or a token), and/or something the user is (such as a fingerprint or a face scan). In the above scenario, the banking application employs 2FA by asking Kevin to enter his registered credentials (something he knows) and an OTP sent to his mobile (something he has) before transferring the amount to Flora’s account.References:

• Improve Your Cybersecurity with Password MFA - Defense.com™
• What Is Two-Factor Authentication (2FA)? | Microsoft Security
• Selecting Secure Multi-factor Authentication Solutions

The IDS component that analyzes the traffic and reports if any suspicious activity is detected is the network sensor. A network sensor is a device or software application that is deployed at a strategic point or points within the network to monitor and capture the network traffic to and from all devices on the network. A network sensor can operate in one of two modes: promiscuous or inline. In promiscuous mode, the network sensor passively listens to the network traffic and copies the packets for analysis. In inline mode, the network sensor actively intercepts and filters the network traffic and can block or modify the packets based on predefined rules. A network sensor analyzes the network traffic using various detection methods, such as signature-based, anomaly-based, or reputation-based, and compares the traffic patterns with a database of attack signatures or a model of normal behavior. If the network sensor detects any suspicious or malicious activity, such as a reconnaissance scan, an unauthorized access attempt, or a denial-of-service attack, it generates an alert and reports it to the IDS manager or the operator.A network sensor can also integrate with a response system to take appropriate actions, such as logging, notifying, or blocking, in response to the detected activity123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-33 to 3-34
• Intrusion Detection System (IDS) - GeeksforGeeks, GeeksforGeeks, 2020
• Intrusion detection system - Wikipedia, Wikipedia, March 16, 2021

A private cloud is a cloud deployment model that is exclusively used by a single organization and is hosted either on-premises or off-premises by a third-party provider. A private cloud offers the highest level of security and control over the data and resources, as the organization can customize the cloud infrastructure and services according to its needs and policies. A private cloud also ensures better performance and availability, as the organization does not share the cloud resources with other users. A private cloud is suitable for organizations that have sensitive or confidential data, strict compliance requirements, or high demand for scalability and flexibility. A private cloud can help Kelly secure the corporate data and retain full control over the data in the above scenario.References:

• Private Cloud- Week 6: Virtualization and Cloud Computing
• Private Cloud vs Public Cloud vs Hybrid Cloud
• Private Cloud Security: Challenges and Best Practices

AES (Advanced Encryption Standard) is an iterated block cipher that works by repeating the defined steps multiple times and has a 128-bit block size, having key sizes of 128, 192, and 256 bits. AES is a symmetric-key algorithm that encrypts and decrypts data using the same secret key. AES operates on a 4x4 matrix of bytes called the state, which undergoes 10, 12, or 14 rounds of transformation depending on the key size. Each round consists of four steps: sub-bytes, shift-rows, mix-columns, and add-round-key. AES is widely used for securing data in various applications and platforms, such as web browsers, VPNs, wireless networks, and smart grids. AES is the algorithm that matches the description given in the question.References:

• AES- Week 4: Cryptography Techniques
• Advanced Encryption Standard (AES)- NIST
• AES Encryption and Decryption Online Tool- Code Beautify

A gateway is a component of IoT architecture that collects data from IoT devices and performs data pre-processing. A gateway acts as a bridge between the IoT devices and the cloud platform, and it can filter, aggregate, compress, encrypt, or transform the data before sending it to the cloud for storage and analysis. A gateway can also perform edge computing, which means processing the data locally and providing real-time feedback or actions. A gateway can support various communication protocols, such as WiFi, Bluetooth, Zigbee, or cellular, and it can enhance the security and reliability of the IoT system.A gateway is the component that matches the description given in the question123

One of the most basic and important security guidelines for laptop users is to always log off or lock the system when unattended. This prevents unauthorized access to the system and the data stored on it by anyone who might have physical access to the laptop. Logging off or locking the system requires a password or other authentication method to resume the session, which adds a layer of protection to the laptop. Johana failed to comply with this security guideline, as she left the system active with the project file open and went for a coffee break, allowing Bob to access her system and modify the project file.References:

• Ten simple steps for keeping your laptop secure- Step 1: Require a password when logging in
• 6 Steps to Practice Strong Laptop Security- Step #1: Set complex passwords where it counts
• A Practical Guide to Securing Your Windows PC- Section: Lock your computer when you step away

Atomic-signature-based analysis is a type of attack signature analysis technique that uses a single characteristic or attribute of a packet header to identify malicious traffic. Atomic signatures are simple and fast to match, but they can also generate false positives or miss some attacks. Some examples of atomic signatures are source and destination IP addresses, port numbers, protocol types, and TCP flags. Atomic-signature-based analysis is the technique performed by Joseph in the above scenario, as he analyzed packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.References:

• [Understanding the Network Traffic Signatures] - Module 12: Network Traffic Monitoring
• Network Defense Essentials (NDE) | Coursera- Week 12: Network Traffic Monitoring
• [Network Defense Essentials Module 12 (Network Traffic Monitoring) - Quizlet] - Flashcards: What are Network Traffic Signatures?

The Sarbanes-Oxley Act (SOX) is a US law that was enacted in 2002 in response to the corporate scandals involving Enron, WorldCom, and others. The SOX aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures, such as financial statements, audit reports, and internal controls.The SOX also establishes the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing of public companies and imposes criminal penalties for fraud and non-compliance12.References:Network Defense Essentials - EC-Council Learning,Sarbanes-Oxley Act of 2002 (SOX) | U.S. Department of Labor

The type of cloud

The type of cloudservice requested by Cibel.org in the above scenario is Platform-as-a-service (PaaS). PaaS is a cloud-based service that delivers a range of developer tools and deployment capabilities. PaaS provides a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications. PaaS customers do not need to install, configure, or manage the underlying infrastructure, such as servers, storage, network, or operating system. Instead, they can focus on the application development and deployment process, using the tools and services provided by the cloud service provider. PaaS solutions support cloud-native development technologies, such as microservices, containers, Kubernetes, serverless computing, that enable developers to build once, then deploy and manage consistently across private cloud, public cloud and on-premises environments. PaaS also offers features such as scalability, availability, security, backup, and monitoring for the applications. PaaS is suitable for organizations that want to develop customized applications without investing in or maintaining the infrastructure123. References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-40 to 3-41
• What is PaaS? A Beginner’s Guide to Platform as a Service - G2, G2, February 19, 2020
• Cloud Service Models Explained: SaaS, IaaS, PaaS, FaaS - Jelvix, Jelvix, July 14, 2020

A sprinkler system is a type of fire-fighting system that uses a distribution piping system to suppress the fire. A sprinkler system consists of sprinkler heads that are connected to a water supply and activated by heat or smoke detectors. When a fire is detected, the sprinkler heads release water to extinguish the fire and prevent it from spreading.A sprinkler system can be wet, dry, pre-action, or deluge, depending on the type of water supply and activation mechanism12.References:Network Defense Essentials - EC-Council Learning,Essentials Of Fire Fighting, 7th Edition, Product Suite - IFSTA

A wireless repeater is a wireless network component that takes a signal from one access point and boosts its signal strength to create a new network. A wireless repeater can extend the range of a wireless network by repeating the signal from the original access point. This way, the wireless repeater can provide network connectivity to areas that are inaccessible to capture direct signals from the access point.In the scenario, Robert used a wireless repeater to provide network connectivity to all areas12.References:Network Defense Essentials - EC-Council Learning,Understanding the Wireless Network Components

A device-to-cloud model is a type of IoT communication model that connects the IoT devices directly to the cloud platform, where the data is stored, processed, and analyzed. The device-to-cloud model enables remote access, real-time monitoring, and scalability of IoT applications. The device-to-cloud model requires the IoT devices to have internet connectivity and cloud compatibility. In the above scenario, John used a device-to-cloud model to monitor his grandfather’s health condition, as he placed a smart wearable ECGon his grandfather’s wrist that sent the data to the cloud platform, where John could access it from his mobile phone and receive alerts periodically.References:

• Communication Models in IoT (Internet of Things)- Section: Device-to-Cloud Model
• IoT Communication Models - IoTbyHVM- Section: Device to Cloud Communication Model
• Logical Design of IoT | Communication Models | APIs | Functional Blocks- Section: Device-to-Cloud Communication Model

Orchestrators are tools that automate container deployment, administration, and scaling tasks. They allow you to reliably manage fleets of hundreds or thousands of containers in production environments. Orchestrators simplify container admin by letting you think in terms of application components instead of individual containers. They’re able to take control of all your app’s requirements, including config values, secrets, and network services. Orchestrators are the solution employed by Joseph in the above scenario, as he used an automated solution that converts images into containers, deploys them to the hosts, and further monitors container workflow from a single location.References:

• 13 Most Useful Container Orchestration Tools in 2024 - Spacelift
• Network Defense Essentials - CERT - EC-Council- Module 6: Virtualization and Cloud Computing

WPA2 (Wi-Fi Protected Access 2) is an encryption technology that secures wireless networks using the IEEE 802.11i standard. WPA2 uses a four-way handshake to authenticate the client and the access point, and to generate a pairwise transient key (PTK) for encrypting the data. The PTK is derived from the password pairwise master key (PMK), which is a shared secret between the client and the access point. The PMK can be obtained either by using a pre-shared key (PSK) or by using an 802.1X authentication server. In the above scenario, George performed password cracking on WPA2, as he used sniffing tools to capture the PMK associated with the handshake authentication process. Then, using the PMK, he was able to derive the PTK and decrypt the data exchanged between the client and the access point.References:

• WPA2- Wikipedia
• How WPA2-PSK encryption works?- Cryptography Stack Exchange
• WPA2 Encryption and Configuration Guide- Cisco Meraki Documentation