3.2 Implement secure network architecture concepts

Question 1

Zones/topologies

Answer 1

A network specification that determines the network’s overall layout, signaling, and dataflow patterns.

Question 2

DMZ

Answer 2

(Demilitarized Zone) A small section of a private network that is located behind one firewall or between two firewalls and made available for public access.

Question 3

Extranet

Answer 3

A private network that provides some access to outside parties, particularly vendors, partners, and select customers.

ex. Sharepoint

Question 4

Intranet

Answer 4

A private network that is only accessible by the organization’s own personnel.

Question 5

Honeynets

Answer 5

An entire dummy network used to lure attackers.

Question 6

NAT

Answer 6

(Network Address Translation) A simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.

Question 7

Ad hoc network

Answer 7

A type of wireless network where connected devices communicate directly with each other instead of over an established medium.

Question 8

Segregation/segmentation

Answer 8

A situation where hosts on one network segment are prevented from or restricted in communicating with hosts on other segments.

Question 9

Logical (VLAN)

Answer 9

(Virtual local are network) A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate.

Question 10

Virtualization

Answer 10

The process of creating a simulation of computing environment, where the virtualized system can simulate the hardware, operating system, and applications of a typical computer without being a separate physical computer.

Question 11

Air Gaps

Answer 11

A type of network isolation that physically separates a network from all other networks.

Question 12

Tunneling/VPN

Answer 12

The practice of encapsulating data from one protocol for safe transfer over another network such as the Internet.

Question 13

Site-to-site VPN

Answer 13

Connects two or more local networks, each of which runs a VPN gateway

Question 14

Remote access

Answer 14

A server configured to process remote connections.

Question 15

Collectors

Answer 15

SIEM software features that store and interpret logs from different types of systems.

Question 16

Proxies

Answer 16

A device that acts on behalf of one end of a network connection when communicating with the other end of the connection.

Question 17

Firewalls

Answer 17

A software or hardware device that protects a system or network by blocking unwanted network traffic.

Question 18

VPN concentrators

Answer 18

A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.

Question 19

SSL/TLS accelerators

Answer 19

A hardware device with a SPECIALIST CHIPSET dedicated to public key encryption calculations.

Question 20

Load balancers

Answer 20

A type of switch or router that distributes client requests between different resources, such as communications links or similarly configured servers. This provides fault tolerance and improves throughput.

Question 21

DDoS mitigator

Answer 21

Counteracting a DDoS attack with the following techniques: Clustering services, Blackhole, Sinkhole routing

Question 22

Aggregation switches

Answer 22

Similar to a Layer 3 switch (which keeps traffic moving between VLANs). Used for large enterprise or service providers.

Question 23

Taps and port mirror

Answer 23

A powered device that copies network traffic and identifies malicious traffic.

Question 24

SDN

Answer 24

(Software Defined Networking) A software application for defining policy decision on the control plane.