3.2

Question 1

IDS

Answer 1

intrustion detection
logs or alerts on malicious activities

Question 2

IPS

Answer 2

logs alerts and takes an action to prevent the malicious activity

Question 3

NIDS

Answer 3

network based IDS
Monitors the traffic coming in and out of a network
stand alone device

Question 4

HIDS

Answer 4

Looks at suspicious network traffic going to or from a single or endpoint
host based IDS
piece of software on a server or endpoint

Question 5

WIDS

Answer 5

Detects attempts to cause a denial of a service on a wireless
network
Wireless IDS

Question 6

Signature-base IDS

Answer 6

Analyzes traffic based on defined signatures and can only
recognize attacks based on previously identified attacks in its database
cannot defend against zero day attacks

Question 7

Pattern Matching Signature based IDS

Answer 7

specific pattern of steps
NIDS or WIDS

Question 8

Stateful Matching Signature based IDS

Answer 8

known system baseline and reports any changes to that state
HIDS

Question 9

Anomaly based IDS

Answer 9

Analyzes traffic and compares it to a normal baseline of traffic to
determine whether a threat is occurring
can result in higher rate of false positives
Statistical
■ Protocol
■ Traffic
■ Rule or Heuristic
■ Application-based

Question 10

Network Appliance

Answer 10

A dedicated hardware device with pre-installed software for specific networking
service

Question 11

Load Balancers

Answer 11

Distribute network/application traffic across multiple servers
● Enhance server efficiency and prevent overload
● Ensure redundancy and reliability
● Perform continuous health checks
● Application Delivery Controllers (ADCs) offer advanced functionality
● Essential for high-demand environments and high-traffic websites

Question 12

Proxy Server

Answer 12

Act as intermediaries between clients and servers
-can store a copy of cached server info
● Provide content caching, requests filtering, and login management
● Enhance request speed and reduce bandwidth usage
● Add a security layer and enforce network utilization policies
● Protect against DDoS attacks
● Facilitate load balancing and user authentication
● Handle data encryption and ensure compliance with data sovereignty
laws

Question 13

Sensors

Answer 13

Monitor, detect, and analyze network traffic and data flow
● Identify unusual activities, security breaches, and performance issues
● Provide real-time insights for proactive network management
● Aid in performance monitoring and alerting
● Act as the first line of defense against cyber threat

Question 14

Jump Servers/Jump Box

Answer 14

Secure gateways for system administrators to access devices in different
security zones
● Control access and reduce the attack surface area
● Offer protection against downtime and data breaches
● Simplify logging and auditing
- very secure device

Question 15

ADC

Answer 15

advanced load balancer

Question 16

Port Security

Answer 16

A network switch feature that restricts device access to specific ports based on
MAC addresses

Question 17

Network switch

Answer 17

Networking devices that operate at Layer 2 of the OSI model
■ Use MAC addresses for traffic switching decisions through transparent bridging
■ Efficiently prevent collisions, operate in full duplex mode
■ Remember connected devices based on MAC addresses
■ Broadcast traffic only to intended receivers, increasing security
more secure then hubs because traffic only goes to intended receivers not everyone

Question 18

CAM table

Answer 18

a table on the switch that dtores mac addresses associated with switch ports
content addressable memory table
-can flood a switch with MAC addresses switch then starts acting like a hub

Question 19

Port Security implementation

Answer 19

Associate specific MAC addresses with interfaces
■ Prevent unauthorized devices from connecting
■ Can use Sticky MACs for easier setup (first connected laptop is admin and no other macs can connect)
■ Susceptible to MAC spoofing attacks
we can setup the network jack in the lobby of our office building to only accept information from specific mac addresses

Question 20

802/1x authentication

Answer 20

Provides port-based authentication for wired and wireless networks
■ Requires three roles
● Supplicant
● Authenticator
● Authentication server
■ Utilizes RADIUS or TACACS+ for actual authentication

Question 21

supplicant

Answer 21

device or user requesting access to your network

Question 22

authenticator

Answer 22

switch, wap etc

Question 23

authetication server

Answer 23

centralized authentication device either classified as a radius or tacas+ server

Question 24

RADIUS

Answer 24

cross platform

Question 25

TACACS+ c

Answer 25

cisco proprietary
supports all protocols

Question 26

EAP

Answer 26

extensible authentication protocol
a framework for various authentication methods
EAP-MD5
○ Uses simple passwords and the challenge handshake
authentication process to provide remote access authentication
○ One-way authentication process
○ Doesn’t provide mutual authentication
● EAP-TLS
○ Uses public key infrastructure with a digital certificate which is
installed on both the client and the server
○ Uses mutual authentication
● EAP-TTLS
○ REquires a digital certificate on the server, but not on the client
○ The client uses a password for authentication
● EAP-FAST
○ Uses protected access credential, instead of a certificate, to
establish mutual authentication
● PEAP
○ Supports mutual authentication using server certificates and
EAP-LEAP
○ Cisco proprietary and limited to Cisco devices

Question 27

SD-WAN

Answer 27

software defined wide area network
a virtualized approach to managing and optimizing wide area network connections
Traditional WANs
○ Cannot efficiently integrate cloud services
● SD-WAN
○ Enables dynamic and efficient routing, improving visibility,
performance, and manageability
Ideal for enterprises with multiple branch offices moving towards
cloud-based services`

Question 28

SASE

Answer 28

(Secure Access Service Edge
A network architecture combining network security and WAN capabilities in a
single cloud-based service
-Utilizes software-defined networking (SDN) for security and networking
services from the cloud
Components
● Firewalls
● VPNs
● Zero-trust network access
● Cloud Access Security Brokers (CASBs)

Question 29

CASB

Question 30

VPN

Answer 30

virtual private network
extend private networks across public networks. Allow remote users to securely connect to an orgs network
its a tunnel across untrusted publicinternet

site to site
client to site
clientless

Question 31

site to site VPN

Answer 31

connects two SITES or OFFICES not just a single laptop cost effectively
slower but more secure
office in DC to california you could buy a fiber line for a direct connection 3k miles even low speed its very expensive you can instead use site to site vpn
its a tunnel from office to office

Question 32

client to site

Answer 32

connects a single host(laptop) to the central office
ideal for remote user access to the central network
options for ful tunnel or split tunnel configuraitons

Question 33

clientless

Answer 33

uses a web browser to establish a secure remote access vpn
uses https

Question 34

Full tunnel vpn

Answer 34

can be used with site to site or client to site
encrypts and routes all network connects back to central location
provides high security
you cant access a wireless printer in your home office because its not connected to the corporate network

Question 35

split tunnel vpn

Answer 35

can be used with site to site or client to site
divides traffic routing some through the vpn some directly through the internet
enhances performance
less secure

Question 36

TLS

Answer 36

transport layer security
provides encryption and security for data in transit
HTTPS
layers 5 6 and 7
encrypts your password and username when logging into udemy so its not in plaintext being passed over internet

Question 37

TCP

Answer 37

use transmission control protocol for secure connections between a client and a server
more overhead then udp

Question 38

DTLS

Answer 38

datagram transport layer security
a faster user datagram protocol based UDP based alternative of tls
ensures end user security and protects against eavesdropping in clientless VPN connections
faster then TLS

Question 39

IPSec

Answer 39

internet protocol security
A secure protocol suite for IP communication
■ Provides confidentiality, integrity, authentication, and anti-replay protection
■ Used for both site-to-site and client-to-site VPNs

most often used instead of a clientless tls vpn tunnel

Question 40

IPSec tunneling modes - transport

Answer 40

uses original IP header
client to site vpns
MTU maximum transmission unit size

Question 41

IPSec tunneling modes - tunneling mode

Answer 41

Adds a new header to encapsulate the entire packet
○ Ideal for site-to-site VPNs
○ May increase packet size and require jumbo frames
○ Provides confidentiality for both payload and header

Question 42

AH

Answer 42

authentication header
Offers connectionless data integrity and data origin authentication for IP
datagrams using cryptographic hashes as identification information

Question 43

ESP

Answer 43

Encapsulating Security Payload (
Provides confidentiality, integrity, and encryption
● Provides replay protection
● Encrypts the packet’s payload

Question 44

Security Zones

Answer 44

isolate devices with similar security requirements

Question 45

screened subnets

Answer 45

act as buffer zones between internal and external network
hosts public facing services protecting core internal networks
DMZ

Question 46

Attack Surface

Answer 46

Refers to points where unauthorized access or data extraction can occur
■ A larger attack surface increases the risk of vulnerabilities
■ Identify and mitigate vulnerabilities to reduce the attack surface
■ Regularly assess and minimize the attack surface for network security

Question 47

Fail open

Answer 47

Allows traffic to pass during a failure, maintaining connectivity but
reducing security

Question 48

Fail closed

Answer 48

Blocks all traffic during a failure, prioritizing security over connectivit

Question 49

Defense in Depth

Answer 49

Utilize multiple layers of security to ensure robust protection even if one control fails

Question 50

Risk based approach

Answer 50

Prioritize controls based on potential risks and vulnerabilities specific to
the infrastructure

Question 51

Lifecycle management

Answer 51

Regularly review, update, and retire controls to adapt to the evolving threat landscape

Question 52

Open Design Principle

Answer 52

Ensure transparency and accountability through rigorous testing and
scrutiny of controls

Question 53

Benchmarking

Answer 53

Compare your organization’s processes and security metrics with industry
best practices

Question 54

best practices security infrastructure

Answer 54

Align with Frameworks
● Utilize established frameworks (e.g., NIST, ISO) to ensure comprehensive
and tested methodologies
■ Customize Frameworks
● Tailor framework controls to your organization’s unique risk profile and
business operations
■ Stakeholder Engagement and Training
● Engage all relevant stakeholders in the decision-making process, and
conduct regular training to keep the workforce updated on security
controls and threats