IT Security: Defense against the digital dark arts questions and answers with complete solutions

Why is normalizing log data important in a centralized logging setup? Uniformly formatted logs are easier to store and analyze. Logs from various systems may be formatted differently. Normalizing logs is the practice of reformatting the logs into a common format, allowing for easier storage and lookups in a centralized logging system. What type of attacks does a flood guard protect against? Check all that apply. DDoS Attack SYN Floods. A flood guard protects against attacks that overwhelm networking resources, like DoS attacks and SYN floods. What does DHCP Snooping protect against? Rogue DHCP Server Attack. DHCP snooping is designed to guard against rogue DHCP attacks. The switch can be configured to transmit DHCP responses only when they come from the DHCP server's port. What does Dynamic ARP Inspection protect against? ARP Poisoning Attack. Dynamic ARP inspection protects against ARP poisoning attacks by watching for ARP packets. If an ARP packet doesn't match the table of MAC address and IP address mappings generated by DHCP snooping, the packet will be dropped as invalid or malicious. What does IP Source Guard protect against? IP Spoofing Attack. IP Source Guard prevents an attacker from spoofing an IP address on the network. It does this by matching assigned IP addresses to switch ports, and dropping unauthorized traffic. What does EAP-TLS use for mutual authentication of both the server and the client? Digital Certificate. he client and server both present digital certificates, which allows both sides to authenticate the other, providing mutual authentication.Why is it recommended to use both network-based and host-based firewalls? Check all that apply. For protection against compromised hosts on the same network. For protection for mobile device, like laptops