3.2 Given a scenario, implement secure network architecture concepts. Flashcards
DMZ
DeMilitarized Zone. A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.
Extranet
A network separate from your internal network. Used to segregate devices that present more of a threat. For instance allowing a vendor to contractor to connect to our network.
Bastion Host
host in a DMZ
Intranet
Our internal network. or website/servers available only from inside our network.
If Guest account is on the test the answer is
Kiosk
NAT
Network Address Translation - taking the private IP address of the internal computer, and translating it to a public IP address so that it can be routed across the Internet
Static NAT
One Public IP for One Private IP address. One-to-One
Dynamic Nat
Dynamic assigns and reassigns a public IP address to a public IP. You only have a public assigned when you are trying to reach the the internet. One-to-Many
Nat overload/PAT
NAT overload/ Port address translation - One public IP address and a high level port assigned to each private IP that tries to reach the internet. Many-to-One
WiMAX
entire city with internet
VLAN
Virtual Local Area Network - Network segmentation.
VLANs break up a network using this piece of equipment
A network switch
Virtualization
another way to segment a network. Create multiple virtual servers on a single Physical server
Air Gap
Devices literally not connected to the network. the device or LAN is physically separated and not connected to any other.
Site-to-Site VPN
A secure tunnel through an unsecure Internet