3.2

Question 1

3 ways to secure network connectivity

Answer 1

Application-level encryption
Network-level encryption (VPN, IPsec tunnels)
Secure the network cabling

Question 2

A data security method that encrypts data as it passes through an application and across multiple layers, including disk, file, and database. It’s considered a secure approach to enterprise data protection because it protects data before it leaves an application, regardless of where it’s used, moved, or stored.

Answer 2

Application-level encryption

Question 3

A configuration that allows data to continue to flow even after a system fails.

Answer 3

Fail-open

Question 4

A configuration that prevents data from flowing (no communication/network connection) after a system fails.

Answer 4

Fail-closed

Question 5

Devices that are critical to the function of the network. They perform packet forwarding, monitoring, and examining services.

ex. Firewall, IDS, IPS, antimalware, routers, switches.

Answer 5

Inline devices

Question 6

A type of monitoring that occurs when a monitoring tool is placed in the critical path of the network data. The traffic is monitored in real-time as it passes by.

Commonly used in IPS.

Answer 6

Active monitoring

AKA inline monitoring

Question 7

A type of monitoring where a copy of the network traffic is examined using a tap or port monitor. The data cannot be blocked in real-time in this configuration.

Commonly used in IDS. (Even though it’s still using an IPS. This is because it can’t block traffic in real-time.)

Answer 7

Passive monitoring

AKA out-of-band monitoring

Question 8

Why would an organization be uncomfortable with a real-time IPS?

Answer 8

It may cause some downtime to the network due to blocking legitimate traffic.

Question 9

A network switch or router feature that copies network packets from one port to another for analysis. The copied traffic is then sent to a monitoring device, such as an intrusion detection system or network analyzer.

Answer 9

Port mirroring

Question 10

SPAN stands for

Answer 10

Switched Port Analyzer

Question 11

A dedicated port on a switch that takes a mirrored copy of network traffic from within the switch to be sent to a destination.

Answer 11

SPAN

Question 12

A connection point in a network where real traffic is copied. The duplicate copies are then used for security analysis and monitoring.

Answer 12

Network TAP

Question 13

A highly-secured device on the inside of a network, but it is accessible from the outside. It limits access only to individuals that are authorized.

It is used to administer critical networks remotely.

Answer 13

Jump server

Question 14

A server that sits between the internal users and the internet. The internal devices connect to this server, and the server connects to the internet on the users’ behalf.

This allows the server to evaluate the packets, checking for malicious code, before giving it back to the user.

Answer 14

Proxy server

Question 15

3 functions of a proxy server

Answer 15

Caching responses - saves time and bandwidth

URL filtering - limits what websites are accessible

Content scanning - blocks malicious code

Question 16

2 types of proxy servers

Answer 16

Explicit
Transparent

Question 17

A type of proxy server that must be configured in the application/client OS so that the app/OS knows to communicate with it.

Answer 17

Explicit proxy server

Question 18

A type of proxy server that does not require any configuration for the application/client OS. It automatically makes request on a user’s behalf. The user has no idea that this proxy is in place.

Answer 18

Transparent proxy server

Question 19

Most proxies in use are ____ proxies

Answer 19

Application-level

Meaning they understand the way applications work

Question 20

True/False

Most application-level proxies only know how one application works (ex. HTTP)

Answer 20

False

While some proxies may only know one application, many of them are multipurpose proxies (ex. HTTP, HTTPS, FTP, etc.)

Question 21

This proxy server sends out user requests to the internet and then examines the responses before passing them along back to the users. It sits inside the internal network with the user.

This server can also act as a caching server. When two requests are identical, the server simply sends out the cached response. This limits the load on the network.

Answer 21

Internal proxy

AKA forward proxy

Question 22

This proxy server receives requests from the internet, examines them, passes them along to a web server, and then returns the response to the internet. It sits inside the internal network with the web server.

This server can also act as a caching server. When two requests have the same response, the server simply sends out the cached response. This limits the load on the web server.

Answer 22

Reverse proxy

Question 23

A third-party, uncontrolled proxy server that is often used to circumvent security controls. It is available for anyone on the internet to use.

Instead of using the proxy inside your internal network, you connect directly to this proxy which does the work. This is a security risk because you don’t know who controls this device. The person controlling it could listen to your requests, add advertisements, or even inject malicious code into responses.

Answer 23

Open proxy

Question 24

An invisible network device or service that breaks up traffic into smaller chunks for multiple servers to process.

This improves efficiency, provides fault tolerance, and dynamically changes how much traffic is assigned to what server in order to get the best performance.

Answer 24

Load balancer

Question 25

The process of a dynamic routing protocol noticing and reacting to a topology change in order to shift to a stable state - for example, one of the devices failing. This is used in fault tolerance and load balancing.

Answer 25

Convergence

Question 26

A load balancing configuration where all of the servers connected to the load balancer are all active and being used by the load balancer.

Answer 26

Active/active load balancing

Question 27

A load balancing configuration where some servers are active and being used by the load balancer, while some other servers are on standby, waiting to be used when an active server fails.

Answer 27

Active/passive load balancing

Question 28

5 additional functions of a load balancer

Answer 28

TCP offload
SSL offload
Caching
Prioritization - some apps/protocols get information faster
Content switching

Question 29

A function of a load balancer that allows it to have a single connection to all servers, instead of having to repeatedly set up and tear down TCP sessions for each server. This improves response time.

Answer 29

TCP offload

Question 30

A function of a load balancer that allows it to decrypt traffic before sending it to the servers, and then encrypting the traffic again to send a response. (ex. HTTPS to HTTP and vice versa)

This passes the traffic to the backend servers in cleartext.

Answer 30

SSL offload

AKA SSL termination

Question 31

SSL offload is AKA

Answer 31

SSL termination

Question 32

A function of a load balancer that enables it to direct client request to the best-suited server based on the content of the request. This boosts reliability, scalability, and performance of applications.

Answer 32

Content switching

Question 33

Network devices and services that examine traffic for anomalies. They often note this activity in logs (ex. web server access logs, firewall logs, authentication logs, database transaction logs, email logs, etc.)

Answer 33

Sensors

Question 34

A central database that collects logs from multiple sensors and devices.

This could be a proprietary console that only works with a certain type of device, or it could be something that can collect data from many different types of devices (ex. SIEM)

Answer 34

Collectors

Question 35

True/False

Port security only works on wireless networks

Answer 35

False

Port security works on both wireless and wired networks, though it’s more common for wireless

Question 36

An authentication framework that allows manufacturers to create their own authentication methods according to their standards.

It integrates with 802.1X, which prevents access to a network until authentication succeeds.

Answer 36

EAP

Question 37

EAP stands for

Answer 37

Extensible Authentication Protocol

Question 38

NAC stands for

Answer 38

Port-based Network Access Control

Question 39

IEEE 802.1X is AKA

Answer 39

NAC

Question 40

What is the IEEE standard that prevents a user from accessing a network until authentication succeeds?

Answer 40

802.1X

Question 41

How do EAP and 802.1X work together?

Answer 41

You provide your login credentials via EAP, and then 802.1X allows your access into the network.

Question 42

What other authentication databases and protocols do EAP and 802.1X often work in conjunction with? (4)

Answer 42

RADIUS
LDAP
TACACS+
Kerberos
etc…

Question 43

The client in an 802.1X/EAP transaction

Answer 43

Supplicant

Question 44

The device that provides network access in an 802.1X/EAP transaction. Until authentication is complete, it blocks access.

It sits between the supplicant and the authentication server.

Answer 44

Authenticator

Question 45

The device that validates client credentials in an 802.1X/EAP transaction

Answer 45

Authentication server

Question 46

A device/service that controls the flow of traffic including inbound and outbound data, controls inappropriate content, and protects against malware.

Answer 46

Firewall

Question 47

Difference between traditional firewall and NGFW

Answer 47

The traditional firewall operates at OSI layer 4

The NGFW operates at OSI layer 7, the application layer, which means it can control traffic based on what application is being used to access a resource, or what application is being accessed.

Question 47

A layer 3 device is AKA

Answer 47

Router

Question 48

True/False

Most firewalls can be layer 3 devices (routers), meaning they sit at the edge of the network. This functionality includes NAT and routing protocols.

Answer 48

True

Question 49

UTM stands for

Answer 49

Unified Threat Management

Question 50

What layer does the NGFW work on?

Answer 50

Application layer (7)

Question 51

NGFW is AKA

Answer 51

Application layer gateway
Stateful multilayer inspection device
Deep packet inspection

Question 52

UTM is AKA

Answer 52

Web security gateway

All-in-one security appliance

Question 53

Features of UTM devices (reasons why it’s called all-in-one security appliance) (8)

Answer 53

URL filtering/content inspection
Malware inspection
Spam filter
CSU/DSU functionality
Router/switch functionality
IDS/IPS
Bandwidth shaper
VPN endpoint

Question 54

What is a challenge when using a UTM?

Answer 54

Most UTMs only operate at Layer 4–they only look at port numbers–so using all of its features can cause performance issues

Question 55

True/False

NGFWs can examine ALL traffic traversing the network and can perform a full packet decode of every packet in the network. (They can see the sender, the receiver, the application used, the ports used, etc.)

Answer 55

True

Question 56

True/False

A NGFW can have a knowledge base of known vulnerabilities for different applications to be incorporated into its firewall capabilities, effectively turning it into an IPS.

Answer 56

True

Question 57

NGFWs can control website traffic by ____.

Answer 57

Category

ex. Gambling, education, gaming, etc.

Question 58

A type of firewall that applies rules to HTTP/HTTPS conversations. It analyzes inputs into web based applications, and either allows or disallows the traffic depending on what the input is.

It can block injection attacks.

Answer 58

WAF

Question 59

WAF stands for

Answer 59

Web Application Firewall

Question 60

WAF is commonly used alongside a ____

Answer 60

NGFW

Question 61

WAFs can block ____ attacks.

Answer 61

Injection

Question 62

A hardware networking device that manages multiple encrypted VPN tunnels within a business network.

It stands between the remote user and the internal corporate network. It decrypts the VPN-encrypted packets from the remote user, and sends the packets in cleartext to the corporate network.

This device is often integrated into a firewall.

Answer 62

VPN concentrator

Question 63

Name the VPN:

Can be run from a browser or from a lightweight VPN client

Used for remote access communication from a SINGLE device.

Can be configured to be always-on; every time your computer starts up, so does the VPN

No requirement to use a certain type of credential (digital certificates, shared passwords); use the credentials you normally use

Uses port TCP 443 to encrypt data with SSL/TLS. Because it uses ports well-known for encrypted data, it has almost no issues with firewalls.

Answer 63

SSL/TLS VPN

AKA Remote access VPN

Question 64

Name the VPN:

Used to connect different corporate branches to each other

Firewalls act as the VPN concentrators - there is no VPN software on the clients themselves

Answer 64

IPsec VPN

AKA site-to-site VPN

Question 65

SSL/TLS VPN is AKA

Answer 65

Remote access VPN

Question 66

IPsec VPN is AKA

Answer 66

Site-to-site VPN

Question 67

SD-WAN stands for

Answer 67

Software Defined Networking in a Wide Area Network

Question 68

A new form of WAN that is built specifically for cloud-based apps.

Instead of having all users communicating to a set of internal datacenter servers, and from there to the cloud app–this technology allows WANs to be flexible enough to allow users to connect directly to cloud applications.

Answer 68

SD-WAN

Question 69

SASE stands for

Answer 69

Secure Access Server Edge

Question 70

A cloud-based network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions (firewalls, CASBs, secure web gateways, and zero trust network access).

Rather than every client having to go through a VPN concentrator or firewall, this software is directly installed on every client. This way, each client can connect securely and directly to any cloud through this VPN. The client can then connect to any cloud-based services they need, even if they are in different clouds, without the need of a VPN concentrator.

A “next generation” VPN

Answer 70

SASE

Question 71

The VPN used for user access to an internal network

Answer 71

SSL/TLS VPN

Question 72

The VPN used for site-to-site access

Answer 72

IPsec tunnels

Question 73

A networking technology that gives WANs the flexibility to enable user access to clouds without having to go through a central internal datacenter server.

This technology does not adequately address cloud security concerns.

Answer 73

SD-WAN

Question 74

This requires significant planning and implementation in order to carry out correctly.

A complete network and security solution that allows clients to access clouds without having to go through a VPN concentrator. It securely sends packets through the Internet to any cloud the user needs.

Answer 74

SASE