3.3 - Given a scenario, implement secure network designs. Flashcards

1
Q

Load balancing

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Active/active
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Active/passive
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Scheduling
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Virtual IP
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Persistence
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network segmentation

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

VLAN

A

Virtual local area network

Chapple 365
Gibson 93
Weiss 342-345

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Screened subnet (previously
    known as demilitarized zone)
A

Chapple
Gibson
Weiss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • East-west traffic
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  • Extranet
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Intranet
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Zero Trust
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virtual private network (VPN)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Always-on
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Split tunnel vs. full tunnel
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  • Remote access vs. site-to-site
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  • IPSec
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  • SSL/TLS
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  • HTML5
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  • Layer 2 tunneling protocol (L2TP)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Out-of-band management

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Port security

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Port security - Broadcast storm prevention

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  • Bridge Protocol Data Unit (BPDU) guard
26
Q
  • Loop prevention
27
Q
  • Dynamic Host Configuration
    Protocol (DHCP) snooping
28
Q
  • Media access control (MAC) filtering
29
Q

Jump servers

A

Access secure network zones
– Provides an access mechanism
to a protected network

Highly-secured device
– Hardened and monitored

SSH / Tunnel / VPN to
the jump server
– RDP, SSH, or jump from there

A significant security concern
– Compromise to the
jump server is
a significant breach

30
Q

Network appliances - Proxy servers

31
Q

Proxy servers - Forward

32
Q

Proxy servers - Reverse

33
Q

Network appliances - Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS)

34
Q

Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - - Signature-based

35
Q

Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Heuristic/behavior

36
Q

Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Anomaly

37
Q

Network-based intrusion detection
system (NIDS)/network-based intrusion prevention system (NIPS) - Inline vs. passive

38
Q
  • HSM
A

Hardware Security Module (HSM)
* High-end cryptographic hardware
– Plug-in card or separate hardware device
* Key backup
– Secured storage
* Cryptographic accelerators
– Offload that CPU overhead
from other devices
* Used in large environments Clusters, redundant power

39
Q
  • Sensors
40
Q
  • Collectors
41
Q
  • Aggregators
42
Q

Firewalls

43
Q

Web application firewall (WAF)

A

-work at app layer
-sits in front of web serv. > receives all net. traffic headed to the serv.
> scrutinizes input headed to app/performing input validation b4 passing input to web serv.
-prevent mal. traffic from reaching web serv. + acts as part of layered defense against web app vulns.

45
Q
  • Stateful
46
Q
  • Stateless
47
Q
  • Unified threat management (UTM)
48
Q
  • Network address translation (NAT) gateway
49
Q
  • Content/URL filter
50
Q
  • Open-source vs. proprietary
51
Q
  • Hardware vs. software
52
Q
  • Appliance vs. host-based vs. virtual
53
Q

ACL

A

Access control lists (ACLs)
– Allow or disallow traffic based on tuples
– Groupings of categories
– Source IP, Destination IP, port number, time of day,
application, etc.

54
Q

Route security

55
Q

Quality of service (QoS)

56
Q

Implications of IPv6

57
Q

Port spanning/port mirroring

58
Q

Port spanning/port mirroring - Port taps

59
Q

Monitoring services

60
Q

File integrity monitors