3.2 Given a scenario, implement secure network architecture concepts. Flashcards

1
Q

DMZ

A

DeMilitarized Zone. A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Extranet

A

A network separate from your internal network. Used to segregate devices that present more of a threat. For instance allowing a vendor to contractor to connect to our network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Bastion Host

A

host in a DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Intranet

A

Our internal network. or website/servers available only from inside our network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If Guest account is on the test the answer is

A

Kiosk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NAT

A

Network Address Translation - taking the private IP address of the internal computer, and translating it to a public IP address so that it can be routed across the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Static NAT

A

One Public IP for One Private IP address. One-to-One

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Dynamic Nat

A

Dynamic assigns and reassigns a public IP address to a public IP. You only have a public assigned when you are trying to reach the the internet. One-to-Many

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Nat overload/PAT

A

NAT overload/ Port address translation - One public IP address and a high level port assigned to each private IP that tries to reach the internet. Many-to-One

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

WiMAX

A

entire city with internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

VLAN

A

Virtual Local Area Network - Network segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VLANs break up a network using this piece of equipment

A

A network switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virtualization

A

another way to segment a network. Create multiple virtual servers on a single Physical server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Air Gap

A

Devices literally not connected to the network. the device or LAN is physically separated and not connected to any other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Site-to-Site VPN

A

A secure tunnel through an unsecure Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Remote Access VPN

A

Allows you to access the Ft Hood network, while you are TDY or from home.

17
Q

TACACS+

A

Cisco Proprietary - AAA service

18
Q

KERBEROS

A

Microsoft - AAA service= uses Tickets

19
Q

RADIUS

A

Open source AAA service

20
Q

4 types of VPN tunnels

A

IPSEC - most secure & most common
SSL - costs money. can use a web browser.
L2TP - layer 2 tunnel protocol - Cisco Proprietary
PPTP - Point-to-Point tunnel protocol - Microsoft Proprietary

21
Q

L2TP uses what?

A

L2TP uses IPSEC

22
Q

__________ are needed in every network segment in order for an IDS or IPS to detect or Prevent malicious traffic

A

Sensors

23
Q

SSL accelerator

A

Takes some work off the CPU by handling the encryption decryption.

24
Q

Port Mirroring

A

Used to copy traffic from one network segment to another network segment. SPAN is the Cisco Proprietary method of doing this.

25
Q

Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?

A. Intranet
B. DMZ
C. Extranet
D. Ad Hoc Network

A

B. DMZ

26
Q

Which version of NAT allows all connected devices to access the internet?

A. Port Address Translation
B. Static Network Address Translation
C. Dynamic Network Address Translation
D. Virtual Local Area Network

A

A. Port Address Translation

27
Q

Which of the following would allow you to analyze an attack and then apply new security controls to the rest of the enterprise?

A. IPS
B. VPN Concentrator
C. Intranet
D. Honeynet

A

D. Honeynet