12 Network security Flashcards

1
Q

What is Zero Trust in network security?

A

A security model that emphasizes strict access controls and does not trust any entity by default.

It includes Control Plane components like Adaptive identity, Threat scope reduction, Policy-driven access control, and Data Plane aspects like Implicit trust zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the components of Deception and disruption technology?

A
  • Honeypot
  • Honeynet
  • Honeyfile
  • Honeytoken

These technologies are designed to deceive attackers and disrupt their activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What types of network attacks are commonly identified?

A
  • Distributed denial-of-service (DDoS)
  • Domain Name System (DNS) attacks
  • Wireless attacks
  • On-path attacks
  • Credential replay attacks
  • Malicious code

Each type presents unique challenges and requires specific mitigation strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of segmentation in network security?

A

To divide a network into smaller segments to enhance security and control access.

This mitigates risk by limiting the spread of attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does an Access Control List (ACL) do?

A

It defines permissions for users and devices to access network resources.

ACLs are crucial for managing access controls in network environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Air-gapped network?

A

A network that is physically isolated from other networks to enhance security.

This isolation prevents unauthorized access and cyber attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the failure modes in network security?

A
  • Fail-open
  • Fail-closed

These modes determine how a system behaves during a failure, impacting security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of a Jump server?

A

To serve as a secure access point for administrative tasks in a network.

Jump servers minimize direct access to sensitive resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Web Application Firewall (WAF)?

A

A security device that monitors and filters HTTP traffic to and from a web application.

WAFs protect against common web attacks like SQL injection and cross-site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the types of firewalls mentioned?

A
  • Web application firewall (WAF)
  • Unified threat management (UTM)
  • Next-generation firewall (NGFW)
  • Layer 4/Layer 7 firewalls

Each firewall type offers different levels of protection and features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does VPN stand for?

A

Virtual Private Network.

VPNs create secure connections over untrusted networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of DNS filtering?

A

To block access to malicious domains and protect users from phishing and malware.

DNS filtering is a proactive security measure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the components of Email Security?

A
  • DMARC
  • DKIM
  • SPF
  • Gateway

These protocols help authenticate emails and prevent spoofing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is DLP in the context of network security?

A

Data Loss Prevention.

DLP technologies are used to prevent sensitive data from being lost, misused, or accessed by unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the significance of hardening targets?

A

To strengthen network devices against attacks by minimizing vulnerabilities.

Common targets include switches and routers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False: A proxy server can help in improving network security.

A

True.

Proxy servers can hide the IP addresses of users and filter traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Fill in the blank: The __________ is used to monitor network devices and can send alerts when issues arise.

A

Simple Network Management Protocol (SNMP) traps

SNMP is widely used for network management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are common indicators of malicious activity in networks?

A
  • On-path attacks
  • DNS attacks
  • Layer 2 attacks
  • DDoS
  • Credential replay attacks

Recognizing these indicators can help in early detection of security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the primary focus of the Security+ exam?

A

Implementing designs and explaining the importance of security concepts and components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does defense-in-depth refer to in security design?

A

Multiple controls designed to ensure that a failure in a single control is unlikely to cause a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How many layers are in the OSI model?

A

Seven layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are Layers 1–3 of the OSI model known as?

A

Media layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What do Layers 4–7 of the OSI model address?

A

Reliable data transmission, session management, encryption, and translation of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Define attack surface.

A

The points at which an unauthorized user could gain access to a device or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is a key concern regarding device placement in network security?
Securing specific zones or network segments.
26
What are security zones?
Network segments that are separate from less secure zones through logical or physical means.
27
What is the concept of high availability (HA)?
The ability of a service or system to be consistently available without downtime.
28
What does the term 'fail-closed' mean?
A state where no traffic passes when a security device fails.
29
Fill in the blank: _______ is the idea of separating devices with no connection between them.
Physical isolation
30
What is logical segmentation commonly implemented with?
Virtual local area networks (VLANs).
31
What does SASE stand for?
Secure Access Service Edge.
32
True or False: Software-defined networking (SDN) allows for dynamic configuration of security zones.
True.
33
What is the purpose of reputation services?
To track IP addresses, domains, and hosts that engage in malicious activity.
34
What is the primary goal of network segmentation?
To apply controls or assist with functionality by dividing a network into logical or physical groupings.
35
What is a screened subnet commonly used for?
To contain web servers or other Internet-facing devices.
36
What does the term 'east-west' traffic refer to?
Traffic flow between systems in the same security zone.
37
Fill in the blank: _______ is when a protocol is selected based on its secure version.
Implementing secure protocols
38
What is the difference between fail-open and fail-closed?
Fail-open allows all traffic to pass; fail-closed blocks all traffic.
39
What is a common risk associated with using alternate ports for services?
Many port scans will still discover the service despite using alternate ports.
40
Define high availability (HA) design considerations.
Focus on reliability, elimination of single points of failure, and ability to detect and remediate failures.
41
What are common technologies used for network segmentation?
* VLANs * Screened subnets (DMZs) * Intranets * Extranets
42
What is the concept of Zero Trust networks?
Nobody is trusted, regardless of whether they are internal or external.
43
What is the purpose of a cloud access security broker (CASB)?
To enforce policies for cloud resources between service providers and consumers.
44
What does SD-WAN stand for?
Software-defined wide area network.
45
True or False: MPLS is commonly used in SD-WAN designs.
True.
46
What is the role of network taps?
To monitor or access traffic.
47
Fill in the blank: _______ is a method of providing logical segmentation using software.
Logical segmentation
48
What does the term 'east-west' traffic refer to in a datacenter?
Traffic flow between systems in the same security zone that moves left and right ## Footnote This terminology describes intrasystem communications.
49
What is the key principle of Zero Trust architecture?
There is no trust boundary and no network edge; each action is validated when requested ## Footnote Access is allowed only after policies are checked, including identity and security status.
50
What are the components of the Control Plane in Zero Trust?
* Adaptive identity * Threat scope reduction * Policy-driven access control * Policy Administrator ## Footnote These components work together to enforce security policies and decisions.
51
What role do Policy Engines play in Zero Trust?
They make policy decisions based on rules and external systems ## Footnote They utilize a trust algorithm to determine access to resources.
52
Define the term 'Policy Enforcement Point' in the context of Zero Trust.
A component that communicates with Policy Administrators to manage access requests ## Footnote It forwards requests from subjects and receives instructions about connections.
53
What is the difference between preadmission and postadmission checks in NAC?
* Preadmission: Checks occur before device connects to the network * Postadmission: Checks occur after device is connected ## Footnote Different checks are driven by security objectives.
54
What is the primary function of Network Access Control (NAC)?
To determine whether a system or device should be allowed to connect to a network ## Footnote NAC places devices into appropriate zones based on security checks.
55
What is 802.1X used for?
Authenticating devices connected to wired and wireless networks ## Footnote It employs centralized authentication using EAP.
56
What is the purpose of port security?
To limit the number of MAC addresses that can be used on a single port ## Footnote This helps prevent MAC address spoofing and CAM table overflows.
57
What does DHCP snooping do?
Prevents rogue DHCP servers from handing out IP addresses ## Footnote It drops messages from unauthorized DHCP servers.
58
What are the two major VPN technologies mentioned?
* IPSec VPNs * SSL VPNs ## Footnote IPSec operates at layer 3; SSL uses TLS and can be clientless.
59
True or False: A full-tunnel VPN sends all traffic through the VPN.
True ## Footnote In contrast, split-tunnel VPNs send only specific traffic through the VPN.
60
What is the main advantage of agent-based NAC solutions?
Greater ability to determine the security state of a machine ## Footnote They validate patch levels and security settings before admitting a system.
61
What is the role of the Policy Administrator in Zero Trust?
To execute decisions made by the Policy Engine ## Footnote They establish or remove communication paths between subjects and resources.
62
Fill in the blank: The _______ allows a subject to connect through a Policy Enforcement Point.
untrusted system ## Footnote This connection enables trusted transactions to enterprise resources.
63
What is the typical use of site-to-site VPNs?
To extend an organization's network and are frequently always-on VPNs. ## Footnote They automatically attempt to reconnect if a failure occurs.
64
How do remote-access VPNs differ from site-to-site VPNs?
Remote-access VPNs are used in an as-needed mode by remote workers. ## Footnote Workers activate the VPN only when connecting to specific resources.
65
What is a full-tunnel VPN?
A VPN that sends all network traffic through the VPN tunnel. ## Footnote This keeps traffic secure when using untrusted networks.
66
What is a split-tunnel VPN?
A VPN that only sends traffic intended for systems on the remote trusted network through the VPN tunnel. ## Footnote It uses less bandwidth but leaves other traffic unprotected.
67
What are NAC, 802.1X, and VPN used for?
They all play roles in securing networks and network traffic. ## Footnote Familiarity with each is important for exams.
68
What are network appliances?
Special-purpose hardware devices, virtual machine and cloud-based software appliances, and hybrid models. ## Footnote They are used in network design.
69
What advantages do hardware appliances offer?
Purpose-built for high-speed traffic handling capabilities and other specific functions. ## Footnote They are typically more efficient than general-purpose devices.
70
What factors to consider when choosing a network appliance?
Environment, capabilities needed, existing infrastructure, upgradability, support, and cost. ## Footnote Choosing a DNS appliance requires careful consideration.
71
What are the two types of proxy servers?
* Forward proxies * Reverse proxies ## Footnote Forward proxies anonymize client requests while reverse proxies aid in load balancing.
72
What is the purpose of jump servers?
To securely operate in security zones with different security levels. ## Footnote They provide access with necessary administrative tools.
73
What do load balancers do?
Distribute traffic to multiple systems, provide redundancy, and ease upgrades and patching. ## Footnote They help manage web service infrastructures.
74
What are the two major modes of operation for load balancers?
* Active/active * Active/passive ## Footnote Active/active systems share load while active/passive systems activate backups when needed.
75
What is persistence in load balancing?
Ensures that a client and a server continue to communicate throughout the duration of a session. ## Footnote This provides a smoother experience for the client.
76
What is the difference between Layer 4 and Layer 7 devices?
Layer 4 devices operate at the transport layer, while Layer 7 devices interact with application layer traffic. ## Footnote This distinction impacts application security.
77
What is a next-generation firewall (NGFW)?
A firewall that interacts with traffic at both layer 4 and layer 7, providing application awareness. ## Footnote NGFWs can stop application attacks and monitor unexpected traffic.
78
What are the two detection methods used by intrusion detection and prevention systems?
* Signature-based detection * Anomaly-based detection ## Footnote Signature-based relies on known patterns, while anomaly-based detects unusual behavior.
79
What is the difference between inline and tap network devices?
* Inline devices interact with traffic but may cause outages if they fail. * Tap devices replicate traffic for inspection without interrupting it. ## Footnote Taps are safer but offer less interaction with traffic.
80
What are stateful firewalls?
Firewalls that track the state of active connections and allow traffic based on the state of the conversation. ## Footnote They provide more context for security decisions.
81
What are unified threat management (UTM) devices?
Devices that include a range of capabilities such as firewall, IDS/IPS, and data loss prevention. ## Footnote They are often deployed for an 'out of the box' solution.
82
What is the purpose of web application firewalls (WAFs)?
To intercept, analyze, and apply rules to web traffic. ## Footnote They protect against attacks targeting web applications.
83
Fill in the blank: A _______ solution is used to prevent data loss from a network.
[data loss prevention (DLP)] ## Footnote DLP solutions often pair agents with filtering capabilities.
84
What is the primary function of a UTM device?
To provide a wide range of security functionalities and manage multiple security devices through a single interface ## Footnote UTM stands for Unified Threat Management.
85
What is a web application firewall (WAF)?
A security device designed to intercept, analyze, and apply rules to web traffic ## Footnote WAFs help to block attacks in real time and can modify traffic to remove dangerous elements.
86
What elements are typically included in a firewall rule?
Source, ports and protocols, allow/deny statement, destination IP addresses, host or hosts ## Footnote Example rule: ALLOW TCP port ANY from 10.0.10.0/24 to 10.1.1.68/32 to TCP port 80.
87
What is a screened subnet?
A network setup using three interfaces on a firewall to separate untrusted, secured, and public areas ## Footnote Often referred to as a DMZ.
88
Define Access Control Lists (ACLs).
Rules that either permit or deny actions on network devices ## Footnote ACLs can be simple or complex and are similar to firewall rules.
89
What is the basic format for Cisco's IP-based ACLs?
access-list access-list-number dynamic name {permit|deny} [protocol] {source source-wildcard|any} {destination destination-wildcard|any} ## Footnote ACLs allow for detailed control over network traffic.
90
What is a honeypot?
A system intentionally configured to appear vulnerable for research on attacker techniques ## Footnote Honeypots are monitored to document attacker actions.
91
What is the purpose of honeyfiles?
To serve as intrusion detection by containing detectable data in areas attackers are likely to visit ## Footnote If accessed, it indicates a potential breach.
92
What are honeytokens?
Attractive data used to track unauthorized access or transfer attempts ## Footnote They can be found in databases or files and help identify breaches.
93
What is the role of Domain Name System Security Extensions (DNSSEC)?
To provide authentication of DNS data to validate queries ## Footnote DNSSEC helps close security gaps in the DNS protocol.
94
What are the three major methods of email protection outlined in the Security+ exam?
* DKIM * SPF * DMARC ## Footnote Each method has a specific role in verifying email authenticity.
95
What does DKIM do?
Adds a signature to emails to verify they are from the claimed domain ## Footnote It helps ensure message integrity.
96
What is SPF in email security?
An authentication technique that publishes a list of authorized email servers ## Footnote SPF records help prevent spoofing.
97
What does DMARC stand for?
Domain-based Message Authentication Reporting and Conformance ## Footnote DMARC uses SPF and DKIM to validate email authenticity.
98
What is the key concept of ephemeral keys in TLS?
Each connection receives a unique, temporary key to ensure perfect forward secrecy ## Footnote This protects past and future communications even if a key is compromised.
99
What is the Simple Network Management Protocol (SNMP) used for?
To monitor and manage network devices ## Footnote SNMP uses a management information base (MIB) for device information.
100
What is an SNMP trap?
A message sent from an SNMP agent to a manager to notify of an error or event ## Footnote Traps allow for proactive management of network devices.
101
What is the significance of monitoring services and systems?
Ensures that organizational services are online and functioning as expected ## Footnote Monitoring is crucial for maintaining service availability.
102
What is the primary function of monitoring services and systems?
To ensure that an organization's services are online and accessible ## Footnote Monitoring includes checking service responses and validating service functionality.
103
What is the simplest level of service monitoring?
Validating whether a service port is open and responding ## Footnote This basic functionality helps identify significant issues like service failures.
104
What does the next level of monitoring require?
Interaction with the service and understanding of valid responses ## Footnote This includes validating performance and response times.
105
What does the final level of monitoring systems look for?
Indicators of likely failure ## Footnote It uses a broad range of data to identify pending problems.
106
Where are service monitoring tools commonly integrated?
Operations monitoring tools, SIEM devices, and organizational management platforms ## Footnote These tools help provide insight into ongoing issues for security administrators.
107
What is the role of a file integrity monitor?
To detect changes in configuration files and restore them to normal ## Footnote It reports on unexpected changes in the system.
108
What is a well-known file integrity monitoring tool?
Tripwire ## Footnote Tripwire has both commercial and open-source versions.
109
How do file integrity monitoring tools like Tripwire work?
They create a signature or fingerprint for a file and monitor for changes ## Footnote They focus on unexpected and unintended changes.
110
What is a key challenge when using file integrity monitors?
They can be noisy and require careful setup and maintenance ## Footnote Files change frequently, making monitoring complex.
111
What is meant by hardening network devices?
Securing them to keep them safe from attacks ## Footnote Hardening guidelines exist for many device operating systems.
112
Who provides hardening guidelines for network devices?
The Center for Internet Security (CIS) and device manufacturers ## Footnote These guidelines help follow industry best practices.
113
What is an important step in hardening network devices?
Protecting their management console ## Footnote This often involves using isolated VLANs and access via jump servers or VPN.
114
Why is physical security critical for network devices?
To secure network closets and monitor access ## Footnote Electronic access mechanisms help track who accesses secured spaces.
115
True or False: Securing the services a network provides is not important for the Security+ exam.
False ## Footnote It is a key element in the exam outline.
116
Fill in the blank: File integrity monitoring helps to track _______.
[changes] ## Footnote It is essential for maintaining system integrity.
117
What is the primary purpose of secure protocols in network security?
To ensure that a system or network breach does not result in additional exposure of network traffic. ## Footnote Secure protocols are essential in a defense-in-depth strategy.
118
Which secure version of the Session Initiation Protocol is used for secure voice and video communications?
SIPS ## Footnote SIPS is the secure version of SIP.
119
What is the secure version of the Network Time Protocol called?
NTS ## Footnote NTS relies on TLS for authentication.
120
Name three secure protocols used for email communication.
* IMAPS * POPS * S/MIME ## Footnote These protocols ensure secure email retrieval and transmission.
121
What has largely replaced File Transfer Protocol (FTP)?
* HTTPS file transfers * SFTP * FTPS ## Footnote The choice depends on organizational preferences.
122
What does LDAPS stand for?
Lightweight Directory Access Protocol Secure ## Footnote LDAPS is the secure version of LDAP.
123
Which protocol is used for secure remote shell access?
SSH ## Footnote SSH has replaced telnet for secure remote access.
124
True or False: DNSSEC provides confidentiality for DNS information.
False ## Footnote DNSSEC focuses on ensuring that DNS information is not modified but does not provide confidentiality.
125
What does SNMPv3 improve upon compared to previous versions?
Authentication, message integrity validation, and confidentiality via encryption. ## Footnote Only the authPriv level uses encryption.
126
Fill in the blank: Hypertext Transfer Protocol over SSL/TLS is commonly referred to as _______.
HTTPS ## Footnote HTTPS relies on TLS for security.
127
What is the secure version of the Real-Time Protocol called?
SRTP ## Footnote SRTP provides security for audio and video streams.
128
What does S/MIME provide for email messages?
Encryption and signing of MIME data ## Footnote It ensures authentication, integrity, nonrepudiation, and confidentiality.
129
What is the main function of IPSec?
To encrypt and authenticate IP traffic. ## Footnote IPSec is a suite of security protocols.
130
What are the two main components of IPSec that focus on security?
* Authentication Header (AH) * Encapsulating Security Payload (ESP) ## Footnote AH ensures data integrity, while ESP provides encryption.
131
What does ISAKMP define in relation to IPSec?
How to authenticate the system and manage security associations. ## Footnote ISAKMP is crucial for key exchange and authentication.
132
What is the original port for HTTP?
TCP 80 ## Footnote The secure version, HTTPS, uses TCP 443.
133
List two protocols used for secure email authentication.
* DKIM * DMARC ## Footnote These protocols help improve email security and reduce spam.
134
Fill in the blank: The secure version of FTP that uses TLS is called _______.
FTPS ## Footnote FTPS can operate in explicit or implicit mode.
135
What is the main advantage of SFTP over FTPS?
Easier to get through firewalls ## Footnote SFTP uses only the SSH port.
136
Which protocol is used to secure VPN connections?
IPSec ## Footnote IPSec is often used in tunnel mode for VPNs.
137
What is an on-path attack also known as?
Man-in-the-middle (MitM) attack ## Footnote An on-path attack involves relaying traffic through a system controlled by an attacker.
138
What can an attacker do during an on-path attack?
Eavesdrop or alter communications ## Footnote This allows attackers to read and modify data being transmitted.
139
What is SSL stripping?
An attack that removes TLS encryption to read traffic intended for a trusted endpoint ## Footnote SSL stripping takes advantage of the transition from HTTP to HTTPS.
140
What are the three phases of an SSL stripping attack?
* User sends an HTTP request * Server responds with a redirect to HTTPS * User sends an HTTPS request for the page ## Footnote Each phase is critical for the success of the attack.
141
How can you stop SSL stripping attacks?
* Configure systems to expect certificates from known authorities * Use HTTP Strict Transport Security (HSTS) * Require HTTPS throughout the site * Use browser plug-ins like HTTPS Everywhere ## Footnote These strategies help mitigate the risk of SSL stripping.
142
What is a browser-based on-path attack?
An attack relying on a Trojan inserted into a user's browser ## Footnote This type of attack can bypass TLS encryption and access authenticated sessions.
143
What are common indicators of on-path attacks?
Changed network gateways or routes ## Footnote Sophisticated attackers may compromise network switches or routers.
144
What is domain hijacking?
Changing the registration of a domain to intercept traffic ## Footnote This can be done through technical means or social engineering.
145
What is DNS poisoning?
Providing false DNS responses to redirect traffic ## Footnote This can involve pretending to be an authoritative DNS server.
146
What does DNSSEC do?
Validates the origin of DNS information and ensures responses are unmodified ## Footnote This helps prevent DNS attacks like DNS poisoning.
147
What is URL redirection in the context of DNS attacks?
Inserting alternate IP addresses into a system's hosts file ## Footnote This can mislead systems during DNS lookups.
148
What are credential replay attacks?
Capturing and re-sending valid network data ## Footnote Most commonly, this involves re-sending authentication hashes.
149
What is a common indicator of replay attacks?
On-path attack indicators like modified gateways or routes ## Footnote These changes can signify an ongoing replay attack.
150
What are common examples of malicious code?
* Worms * Backdoors * Viruses * Trojans * Ransomware ## Footnote These can spread via network connections.
151
What is a distributed denial-of-service (DDoS) attack?
An attack conducted from multiple locations, networks, or systems ## Footnote DDoS attacks are difficult to stop and hard to detect.
152
What are the two major categories of network DDoS attacks?
* Volume-based * Protocol-based ## Footnote Each category targets different aspects of network traffic.
153
What is a UDP flood?
A volume-based DDoS attack that sends massive amounts of UDP traffic ## Footnote UDP floods exploit the lack of a handshake protocol.
154
What is a SYN flood?
A protocol-based DDoS attack that sends SYN packets without completing the handshake ## Footnote This consumes TCP stack resources on the target.
155
What is an amplified denial-of-service attack?
An attack that uses small queries to generate large responses from legitimate services ## Footnote This type of attack amplifies the amount of traffic directed at the target.
156
What is a reflected denial-of-service attack?
An attack where the spoofed IP address causes a legitimate service to conduct the attack ## Footnote This makes it difficult to identify the actual attacker.
157
What is the final element to know for the exam regarding network attacks?
Familiarity with secure protocols and common network attacks ## Footnote Understanding how to identify, prevent, and respond to these attacks is crucial.
158
What must security professionals understand about secure networks?
How secure networks are designed ## Footnote This includes infrastructure considerations, connectivity requirements, and security zones.
159
What factors are included in infrastructure considerations for security professionals?
The organization's attack surface, device placement, and security zones ## Footnote These factors help in establishing a secure network design.
160
What connectivity requirements need to be accounted for in network design?
Speed and latency ## Footnote Additionally, failure modes need to be determined for devices.
161
What are the two types of failure modes for devices in a secure network?
* Fail open to maintain access * Fail closed to ensure security
162
What concepts help create barriers to attacks and exploits?
* Physical isolation * Air-gapping * Logical segmentation
163
What do high-availability design concepts ensure?
Systems remain online despite issues or disasters
164
What is the purpose of secure protocols in network security?
To keep data secure in transit
165
What is a characteristic of software-defined networks?
They rely on the ability to be controlled by software
166
What do SD-WANs manage?
Connectivity outside of the local organization
167
What does SASE help protect?
Devices regardless of their location
168
What model does zero trust concepts promote?
A continuous validation and authorization model
169
What technologies help control access to networks?
* Network access control (NAC) * 802.1X * Port security
170
What do VPNs provide?
Secure remote access and protect organizational data in transit
171
What are security tools often available as?
Security appliances and devices
172
What is the function of secure access via jump boxes?
Allows administrators to safely cross security boundaries
173
Name three network capabilities provided by load balancers, proxy servers, and web filters.
* Load balancing * Proxy services * Web filtering
174
What security functionalities do firewalls, IDS, IPS devices, and DLP tools provide?
Focused security functionality
175
What should be included in security and device management design options?
* Out-of-band management techniques * Access control lists * Quality-of-service functionality * Routing protocol security options * DNS security configurations * Broad use of TLS and TLS-enabled services * SNMP and monitoring tools * Honeynets and honeypots
176
What is important about using secure protocols and services?
Understanding limitations and implementation requirements
177
What happens once attackers are in a network?
They will attempt to gain access to network traffic
178
What options are part of the secure network design toolkit?
* Secure email * Secure FTP * Secure HTTP * Secure Shell
179
What types of attacks need to be identified in network security?
* On-path attacks * DNS attacks * Credential replay * Distributed denial-of-service attacks
180
What do identifiable characteristics of attacks include?
Traffic patterns and switch behavior