3.2 Enterprise Infrastructure Security Principles

Question 1

Infrastructure Considerations
Security Zones:

Answer 1

Segmenting networks to isolate sensitive resources.
Device Placement: Strategic placement of devices to minimize risk.
Attack Surface: Identifying and mitigating potential attack vectors.
Failure Modes: Understanding device and system failures.

Question 2

Network Appliances
Firewalls

Answer 2

Filtering network traffic.
Intrusion Detection Systems (IDS): Monitoring network traffic for threats.
Intrusion Prevention Systems (IPS): Blocking attacks in real-time.
Load Balancers: Distributing network traffic.
Proxy Servers: Intermediary servers for filtering and caching.

Question 3

Port Security

Answer 3

IEEE 802.1X: Port-based network access control.
Extensible Authentication Protocol (EAP): Authentication framework.

Question 4

Virtual Private Networks (VPNs)
IPsec:

Answer 4

Protocol suite for securing IP communications.
Site-to-Site VPNs: Connecting remote sites securely.
Remote Access VPNs: Enabling remote access to networks.

Question 5

Transport Layer Security (TLS)
Encryption:

Answer 5

Protecting data in transit.
Authentication: Verifying the identity of the server.
Integrity: Ensuring data integrity.

Question 6

Software-Defined Wide Area Networks (SD-WAN)
Centralized Network Management:

Answer 6

Simplifying network management.
Dynamic Routing: Adapting to network changes.
Improved Performance: Optimizing network traffic.

Question 7

Secure Access Service Edge (SASE)
Unified Security Platform:

Answer 7

Combining network security and security services.
Cloud-Delivered Security: Providing security services from the cloud.
Zero-Trust Security Model: Enforcing strict access controls.