CCT 133: Practice CISSP Questions – Firewalls, NGFWs, Static Packet Filtering and More (D7.7.1)
Apr 18, 2024Unlock the secrets of cutting-edge cybersecurity as we navigate the revolutionary impact of drone technology in the insurance industry and delve into the critical components of network security essential for CISSP certification. Sean Gerber here, and I'm eager to guide you through the complex landscape of firewalls, from the fundamentals to next-generation marvels. We'll dissect packet filtering and the indispensable roles these digital gatekeepers play in safeguarding our networks. Prepare to emerge with a fortified understanding of these pivotal cybersecurity tools.
Embark on a journey through the latest advancements in firewall technologies, where we dissect the importance of Web Application Firewalls (WAFs) and their arsenal against web-based threats. We peel back the layers of circuit-level gateways, proxy servers, and the integrated prowess of next-generation firewalls, armed with AI and deep packet inspection. This episode is designed to be your companion in mastering Network Security for the CISSP exam, complete with a treasure trove of resources at CISSP Cyber Training. Whether you're a seasoned pro or a newcomer to the field, this deep dive will equip you with the knowledge to stand at the forefront of the cybersecurity battlefield.
TRANSCRIPT
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go cybersecurity knowledge.
Speaker 2:
All right, let's get started. Good morning it's Sean Gerber with CISSP Cyber Training, and hope you all are having a blessed day today. Today is CISSP question Thursday, so we are excited about going over some various CISSP questions, and today is going to be over domain seven of the CISSP and in this episode we're going to be talking about firewalls, next generation firewalls, packet filtering and so forth, because, as you all know, this is a follow-on to what we talk about on Monday, and on Monday we talked about next generation firewalls, packet filtering and so on. So bottom line is that we set this up so that on Mondays we have the podcast and then on Thursday, thursdays, we actually go over some of the questions. But before we go over some of the questions today, we're going to go over a article I saw in the InfoSec industry and this actually originally came out of the Wall Street Journal as it relates to US insurers use drone photo to deny home and insurance policies. Now, I don't know if you're aware of this you may or may not be but as it relates to the insurance industry, they are bidding very tight on giving out claim, paying out claims, and one of the interesting parts is it's a little bit on the cyber side, but not really sort of kind of is around the use of drones and supposedly State Farm is one of these companies that is using drones and what they're doing is they're going at, looking at different homes to determine are they a good risk or a bad risk. And the interesting part about all of this is that as they come in, they're sending their drones over the home, so they're looking if they have roofs are good, if their fences are bad, if they have other issues that in the past they just took the owner's word for it, whereas now they actually can get a drone fly over a person's home, get a better idea of what the actual risk is and because of that, they're not paying out certain claims, because in the case of the article they mentioned that there was a roof. So they flew over the top of this person's roof and this person said that their roof and had somebody come out and inspect it, saying it's got 10 years worth of life in it, and yet they obviously had a claim against it. Well, when State Farm flew their drone over it, they looked at the roof and said, yeah, no, there's no way. This roof was already on its last legs. It was already going to be going away, so we're going to deny the claim going away. So we're going to deny the claim. So it's just very interesting in how the fact that they're using technology, in this case drones, to overlook and look at people's insurance situation to determine whether or not they're actually going to pay a claim or not.
Speaker 2:
You're going to see more and more of this as time as people are going to use this type of technology both cybersecurity, drones, ai in ways that has not really been used in the past, and it's going to cause a lot of rift between how people operate and deal with these types of situations. So you, as a cybersecurity professional, are going to be asked in many ways of going what is your feeling about this? What about drone security? How do you understand the fact of the protection of drones? And you're going to be getting into all of these spaces that you would have never ever dealt with. I would have never even thought of probably five, six, seven years ago. In today's world you're going to be involved in because technology is going so fast for people that it's extremely hard to update and keep on top of things. I'm getting hit on a daily basis, almost sometimes hourly, it seems like asking questions about cybersecurity and what should they do. So as you get into the space, you're going to see real quick there's going to be great opportunities, but in some cases, it can almost be a little overwhelming that there's so much out there. Bottom line is they dropped this policy, they dropped the person, and therefore they lost out. Even when they went and appealed it, state Farm said no, talk to the hand, we're not going to work with you. So I thought that was a very interesting concept from State Farm in the fact that they were they're moving in this space as quickly as they are.
Speaker 2:
So, all right, let's move into the CISSP cyber questions and let's get into your questions for this week. Okay, so these questions are over 7.7.1 of the CISSP exam. Now, before we get started just real quick on that, though, is that you can get all of these questions at cisspcybertrainingcom, and you can check out these pet questions as well in my blog post, and they're all available for you to be able to view and to be able to get access to them. Okay, so let's roll in to question one. What is the primary function of a traditional firewall? Yeah, what is the primary function of a traditional firewall? A to encrypt data packets, b to filter traffic based on pre-defined rules, c to authenticate user identities or D to monitor system performance. What is the primary function of a traditional firewall? Now, many of these pieces that we just talked about may be part of a firewall, but which one is the primary function, key word, and that is to filter traffic based on predefined rules.
Speaker 2:
Okay, so as you go into firewalls, you're going to have they're going to be inspecting the different packets that are coming in, and they're going to be inspecting the different packets that are coming in and they're going to be looking at these headers and they're going to enforce security rules based on what these headers will say. So it could be allowing, it could be blocking, it could just be monitoring and they could be looking at various aspects around IPs, ports and protocols. So that is the purpose of an overall traditional firewall, and you'll be getting into organizations where you may work out of and they may have lots of traditional firewalls, but or you may get into areas where they have something different, such as the next question, which would be a next generation firewall. So which of the following is unique to a next generation or NGFWs, compared to traditional firewalls. So next generation firewalls obviously are the next step and they're more expensive, but they do provide some level of value beyond just a traditional firewall. A application awareness, b stateful packet inspection, d static packet filtering or D basic access controls. Which of the feature is unique to a next generation firewall compared to a traditional firewall? And the answer is A they have application awareness. So when an application is connecting and communicating through a firewall, these next generation firewalls do understand that and they're able to manage and filter the traffic based on the application it's using. It could include ports and protocols, but it isn't just ports and protocols, it's more of the fact of what the application is using, from its the connection itself, and these work really well against the sophisticated type cyber threats and attacks.
Speaker 2:
Question three static packet filtering. I can't say that Static packet filtering firewalls are considered stateless because they again, static packet filtering firewalls are considered stateless because they A encrypt data packets, b inspect the state of the application layer or C treat the packet in isolation or D require user authentication. So static packet filtering are considered stateless. Because they C treat each packet in isolation. So static packets filtering firewalls. They do not maintain a record of any ongoing connection. So which means they treat each packet in isolation without considering the context of the overall packet itself. So, basically, how's the connection working? All of of those different aspects? It just looks at the packet. It doesn't look at what is it actually doing. The stateless operation can be a limitation, especially when you're dealing with complex threats that require an understanding of your state of your network Communications.
Speaker 2:
Question four which of the following is a limitation of static packet filtering? Which of the following is a limitation of static packet filtering? A high throughput, b efficient traffic processing, c simple rule configurations or d lack of deep packet inspection? Again, a limitation of static packet packet filtering is d lack of deep packet inspection. Just kind of like we talked about earlier is that, since it's not able to actually crack open the packet, it's not looking deep inside the packet. It only examines the header of each packet before it sends it on its way. That is a limitation of static packet filtering. It doesn't actually look at the embedded payload or any of those things. It doesn't actually look at the embedded payload or any of those things. Question five Application firewalls are particularly effective in securing A Web applications, b Email servers, c VPN connections or D Network perimeters.
Speaker 2:
Application firewalls are particularly effective in securing which and the answer is A Web applications, so an application firewall, which typically you'll hear from web applications. So an application firewall, typically you'll hear from the WAF a web application firewall. They're used in protecting specific applications such as web servers. They are very effective in securing applications from SQL attacks and cross-site scripting attacks. They do inspect the data at the application layer and enforce security policies that are relevant based on that specific layer. So that is a web application firewall. A WAF is typically what you'll hear.
Speaker 2:
Question six circuit level firewalls are commonly used. In which scenario? Circuit level firewalls are commonly used in which scenario? A protecting against DDoS attacks. C filtering URLs based on content. C securing remote access through VPNs. Or D inspecting encrypted traffic. Again, circuit-level firewalls are commonly used. In which scenario? And the answer is C securing remote access through VPNs. Okay, circuit-level firewalls are often used in a VPN scenario to ensure secure remote access. Circuit-level firewalls are often used in a VPN scenario to ensure secure remote access and they basically operate at the session layer and establish that two-way communication, obviously validating the session, between both parties, and they also can be used for verifying the session initiation protocol in a VPN connection. So again, when you're dealing with a circuit-level, think of it as a VPN-type connection, circuit level. Think of it as a VPN type connection.
Speaker 2:
Question seven proxy servers enhance security by A acting as intermediaries between users and internet, c encrypting all data packets, d performing antivirus scans on endpoints or. D implementing two-factor authentication. Proxy servers enhance security by and? The answer is A acting as the intermediary between the users and the internet. Proxies do this through anonymity See, I get these big $10 words, don't get them. Anonymity right, the anonymous ways and they basically cache the content and ensure the security is enabled. They will filter and evaluate internet traffic on behalf of the users. You look at them as a proxy. They're just acting as an intermediate between you. They go in between you, they pass the information to them, they pass the information on. That is the purpose of a proxy.
Speaker 2:
Question eight URL filtering is essential for A decrypting ssl traffic, c preventing access to malicious sites, c into intrusion prevention or. D application layer inspection. So url filtering is essential for and the answer is b preventing access to malicious sites. Url filtering is a key tool obviously for keeping people away from going to sites. That URL filtering is a key tool, obviously, for keeping people away from going to sites that they should not from a malicious standpoint. Obviously, the URL right. It does allow organizations to block or allow content based on the categories that they may have, and it allows for compliance and then corporate policies to meet the needs of the company. So, as an example, if you have a URL that is wwwbadguycom, the URL filtering will say well, I know that badguycom is typically a bad site, so I will not allow you to it. That is what they call by URL filtering. Now, obviously it's much more complicated than that, but that's basically the sense of it.
Speaker 2:
Which of the following is a benefit of next generation firewalls over traditional firewalls? We talked about limitations. So what is a benefit? A lower complexity. B integrated security functions. C stateless operation or D single security function. So which of the following is a benefit of a next generation firewall over a traditional firewall? And the answer is B integrated security functions. So what they mean by that is that a lot of cases, ai is now being added into these and next generation firewalls, so to allow for security, they also can continue ipss, which is your intrusion, perfect prevention systems, deep packet inspection, antivirus, anti-spam, so and so forth. They can do a lot of different things with the next generation firewall. It's not just a dummy packet router, I mean. I know that being very generic, but they are a very powerful system that can do many different things. The problem with these systems is that they're great and they're powerful, but now you've got to have someone who understands the use of it to get the maximum amount of product out of it.
Speaker 2:
Question 10, ssl inspection, a feature of next generation firewalls, is important because it increases network throughput, b allows for user authentication, c reduces the need for proxy servers or. D detects threats in an encrypted traffic. Ssl inspection, a feature of next generation firewall walls, is important because it d detects the threats of incoming or encrypted traffic. So ssl inspection obviously is a critical feature of next generation firewalls and you can see these in various other appliances that are out there. But they will allow to decrypt the SSL traffic that's coming in and connecting on its own way, and it looks for hidden threats. Encrypted traffic is a really key factor and many bad guys will use encrypted traffic to hide their actions. So that's something that you need to be considerate of. I'm actually working on a project that's dealing with encrypted traffic right now. It's pretty impressive and you learn a lot, right? So it's a lot of cool stuff that you deal with.
Speaker 2:
Identity services in next generation firewalls enable what? A faster packet filtering. B simplified rule configurations. C granular control based on user identity, rule configurations C granular control based on user identity. Or D basic access controls. Again, question 11, identity services in next generation firewalls enable C granular control based on user identity, right? So identity services in the next generation firewalls provide a very granular based control for the user's identity, and this allows the creation of security policies that are tailored specifically to a group or users and help enhancing the overall system itself. So it's great that it has that identity capability built into it.
Speaker 2:
Question 12, the integration of what technology in next generation firewalls helps in real-time anomaly detection? The integration of what technology in next-generation firewalls helps in real-time anomaly detection and the? But I'm going to tell you the answer just yet. The question, the answers are blockchain, quantum computing, artificial intelligence or virtual reality. So the integration of what technology in next-generation firewalls helps in real-time anomaly detection? And the answer is C artificial intelligence. Obviously, with the ability of AI built into these different firewalls, you can look for real-time anomaly detection, which is one of the biggest problems we have in firewalls is looking for the bad guys, and how that can be is coming from that perspective. We would hack in the ultimate goals to hide in the chaff, to hide in the noise. Well, next generation firewalls with AI, the goal is that they will help alleviate some of that and be able to dig that out.
Speaker 2:
Question 13, what is the role of a firewall in regulatory compliance? A it meets data protection and privacy requirements. B it ensures all data is encrypted. C it provides a user-friendly interface. Or D it's increasing network speed. So what is the role of firewalls in regulatory compliance? And the answer is A meeting data protection and privacy requirements. One of the big issues you deal with firewalls is they do help you meet those privacy requirements and data protection requirements put onto you by companies, and so therefore, it's an important factor in this overall plan is that you want to have these requirements set up and organized to protect companies and organizations.
Speaker 2:
Question 14, which of the following is not a recorded activity by firewalls? A traffic details. B security incidents. C user activities or. D employee attendance. So which of the following is not a recorded activity by a firewall? And the answer is D employee attendance. Obviously you can pull up if someone's logging in off of firewalls, but that doesn't really tell you much at all, so you can't really tell if they are actually attending work or not. They could just be logging in and walking away. But I mean you could. If you got into it you could determine whether they're actually doing something. But the challenge is you have better things to worry about than that. If you're looking at employees and if they're doing their work over a firewall, then one, you better find some new employees and just not worry about it. Or two you've got too much time on your hands.
Speaker 2:
Question 15. Next generation firewalls maintain performance by A Limiting the number of security functions. B Designing to handle multiple security functions. C Using static packet filtering or. D Disabling application awareness. Question is next generation firewalls maintain performance by and the answer is B designing to handle. They're designed to handle multiple security functions at any one time, from deep packet inspection to AI aspects to IPS aspects. They all can handle many security different functions.
Speaker 2:
Now again, one thing to think about with next-generation firewalls they are all not equal. Some are much better than others. So be careful what you purchase and what your expectations are. If your expectations are super high and you go with a cheap version, you're expected you will probably be, unfortunately, unhappy. So it's not. They're not cheap, especially for good ones. They are not cheap at all. So just keep that in the back of your mind. Ok, thank you so much for joining me today.
Speaker 2:
If you want any of these CISSP questions, head on over to CISSPcybertrainingcom. You go over there to CISSPcybertrainingcom. You can have access to these questions. You can have access to this video. It's all available for you there.
Speaker 2:
Okay, if you want to purchase one of the products I have and you can get access to all my questions, they're available to you at cisspcybertrainingcom. Again, it's a great place If you're looking to do this on the cheap and trying to just go through it. I never had this at all. This is an amazing opportunity for you at the site of CISSP Cyber Training because when I studied for the test and failed it the first time, I didn't have these tools available to me. I created these for you so that if you really want to just work on it on your own pace, it's there and available. However, if you want a plan that you want to get it done, I have a blueprint. I have all the questions, I have all the podcasts that are all collated and ready for you to help you get this thing done on the fastest way possible. Again, go to CISSP Cyber Training and I'm here to give you what you need to be successful in your cybersecurity career. All right, have a wonderful day and we will catch you on the flip side, See ya.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!