3.3 Secure Network Design

Question 1

Physical Separation

Answer 1

prevent a system from accessing the remote administration interface directly and require an airgap system to reach the private cloud

Question 2

Bastion Host

Answer 2

special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application. For example, a proxy server and all other services are removed or limited to reduce the threat to the computer

Question 3

WPA2

Answer 3

type of wireless encryption, but it will not create two different segmented networks on the same physical hardware

Question 4

JumpBox

Answer 4

a single point of entry for the administration of servers within the cloud is the best choice for this requirement. The jumpbox only runs the necessary administrative port and protocol (typically SSH). Administrators connect to the jumpbox then use the jumpbox to connect to the admin interface on the application server

Question 5

AirGap

Answer 5

network or single host computer with unique security requirements that may physically be separated from any other network

Question 6

VLAN

Answer 6

Virtual Local Area Network:
type of network segmentation configured in your network switches that prevent communications between different VLANs without using a router. This allows two virtually separated networks to exist on one physical network and separates the two virtual network’s data

Question 7

MAC Filtering

Answer 7

allow or deny a device from connecting to a network, but it will not create two network segments

Question 8

VPN

Answer 8

virtual private network (VPN) is a remote access capability to connect a trusted device over an untrusted network back to the corporate network