4. Network Security Flashcards
This ensures that information can only be accessed by those who are authorized.
Confidentiality
This ensures that data is accurate and has not been tampered with.
Integrity
This ensures that systems and data are accessible when needed.
Availability
This refers to protecting data while it’s being transmitted over a network.
Data in Transit
This refers to protecting stored data on hard drives, backups, or cloud storage.
Data at Rest
This is used to encrypt and verify data, often issued by a trusted authority.
Certificate
A system for managing encryption keys and digital certificates.
PKI (Public Key Infrastructure)
A certificate that is not signed by a certificate authority (CA), often used internally.
Self-Signed Certificate
This is the process of verifying a user’s identity.
Authentication
This uses two or more types of credentials (e.g., password + phone) to verify identity.
Multifactor Authentication (MFA)
This allows users to log in once and access multiple systems without re-entering credentials.
Single Sign-On (SSO)
A centralized AAA protocol commonly used for remote network access.
RADIUS
An open protocol used to access and manage directory information (usernames, groups, etc.).
LDAP
This XML-based protocol is used for exchanging authentication and authorization data between parties.
SAML
A Cisco-developed AAA protocol that provides detailed command control.
TACACS+
Uses time-based algorithms (like TOTP) for generating temporary access codes.
Time-Based Authentication
Determines what a user is allowed to do after authentication.
Authorization
The principle of giving users only the access they need to do their job.
Least Privilege
Access control based on job responsibilities or organizational roles.
Role-Based Access Control (RBAC)
A security method that restricts access based on physical location.
Geofencing
Physical devices that monitor activity visually.
Security Cameras
A physical access control method that requires a key or code.
Locks
A decoy system set up to attract attackers and detect intrusions.
Honeypot
A controlled network of honeypots used to observe attacker behavior.
Honeynet
A potential danger to systems or data.
Threat
A flaw or weakness that could be exploited by a threat.
Vulnerability
A specific method used to take advantage of a vulnerability.
Exploit
The likelihood and impact of a security incident.
Risk
Regulation that governs cardholder data security.
PCI DSS
EU regulation focused on personal data protection and privacy.
GDPR
Laws or policies that restrict where data must physically reside.
Data Locality
Segmenting a network to control access and reduce exposure.
Network Segmentation
Devices that often lack traditional security protections and should be isolated.
IoT / IIoT
Used in industrial settings to control and monitor infrastructure systems.
SCADA / ICS / OT
A network zone designated for temporary or untrusted users.
Guest Network
A policy that allows employees to use personal devices on corporate networks.
BYOD
Which part of the CIA triad ensures that only authorized users can access sensitive information?
A. Availability
B. Confidentiality
C. Integrity
D. Access Control
B. Confidentiality
What is the main goal of a honeypot in a network environment?
A. Encrypt traffic
B. Redirect real traffic
C. Detect and observe attacker behavior
D. Block malware downloads
C. Detect and observe attacker behavior
Which of the following best describes a self-signed certificate?
A. It is issued by a public certificate authority
B. It is encrypted with a third-party key
C. It is signed by the same entity that created it
D. It requires MFA to be validated
C. It is signed by the same entity that created it
Which access control method limits access based on a user’s job title or department?
A. Least privilege
B. Multifactor authentication
C. Role-based access control
D. Authorization
C. Role-based access control
What is the difference between a threat and a vulnerability?
A. Threats are known; vulnerabilities are theoretical
B. A threat is a risk rating; a vulnerability is a technique
C. A threat is potential harm; a vulnerability is a weakness
D. A vulnerability is external; a threat is internal
C. A threat is potential harm; a vulnerability is a weakness
What protocol is commonly used for centralized authentication and accounting on wireless or VPN access?
A. LDAP
B. TACACS+
C. RADIUS
D. SAML
C. RADIUS
Which of the following ensures that data has not been altered in transit?
A. Encryption
B. Availability
C. Integrity
D. Authentication
C. Integrity
What type of authentication uses an app like Google Authenticator to generate a one-time code?
A. Biometric
B. Role-based
C. Time-based
D. SAML
C. Time-based
Which regulation applies to the handling of payment card data?
A. HIPAA
B. PCI DSS
C. GDPR
D. NIST 800-53
B. PCI DSS
What’s the primary risk of allowing BYOD on a corporate network?
A. Power consumption
B. Encryption speed
C. Loss of control over unmanaged devices
D. Excessive camera use
C. Loss of control over unmanaged devices
This attack overwhelms a service or system to make it unavailable to legitimate users.
Denial-of-Service (DoS)
A coordinated DoS attack using multiple systems to flood a target simultaneously.
Distributed Denial-of-Service (DDoS)
This switch attack tricks the network into allowing traffic from one VLAN to another.
VLAN Hopping
An attack that floods a switch’s MAC address table, forcing it to act like a hub.
MAC Flooding
Sends false ARP replies to poison the ARP cache and redirect traffic.
ARP Poisoning
Forging ARP replies to impersonate another device on the network.
ARP Spoofing
Injects false DNS data into a DNS resolver’s cache to redirect users to malicious sites.
DNS Poisoning
A type of DNS attack where fake responses are sent to redirect users to a malicious site.
DNS Spoofing
Unauthorized network devices placed to intercept, disrupt, or impersonate services.
Rogue Device
A fake DHCP server that assigns incorrect IP settings, often used in MITM attacks.
Rogue DHCP Server
A malicious access point that mimics a legitimate AP to trick users into connecting.
Evil Twin
An attacker secretly intercepts or alters communication between two parties.
On-Path Attack
Any attack that manipulates or tricks humans into compromising security.
Social Engineering
An attempt to trick users into revealing sensitive information through fake emails or websites.
Phishing
Physically retrieving discarded sensitive information from trash bins.
Dumpster Diving
Spying over someone’s shoulder to see passwords or other sensitive information.
Shoulder Surfing
Following someone into a restricted area without proper access.
Tailgating
Any software intended to harm, exploit, or disrupt systems.
Malware
Which type of attack floods a system with traffic from multiple sources to make it unavailable?
A. On-path attack
B. DoS
C. ARP spoofing
D. DDoS
D. DDoS
What kind of attack involves sending fake ARP responses to redirect network traffic?
A. DNS poisoning
B. VLAN hopping
C. ARP spoofing
D. Evil twin
C. ARP spoofing
Which attack causes a switch to flood all ports by overwhelming its MAC table?
A. MAC flooding
B. ARP poisoning
C. DNS spoofing
D. Tailgating
A. MAC flooding
What is a rogue DHCP server typically used for?
A. Encrypt network traffic
B. Bypass DNS
C. Assign incorrect IP settings
D. Block MAC addresses
C. Assign incorrect IP settings
Which of the following tricks users into revealing sensitive info through fake websites or emails?
A. Shoulder surfing
B. Phishing
C. Dumpster diving
D. Evil twin
B. Phishing
Which physical attack involves entering a restricted area by following someone else in?
A. Tailgating
B. Shoulder surfing
C. VLAN hopping
D. On-path attack
A. Tailgating
Which type of malware disguises itself as legitimate software but performs malicious actions?
A. Worm
B. Virus
C. Trojan
D. Rootkit
C. Trojan
What is the goal of DNS spoofing?
A. Destroy DNS servers
B. Assign fake IP addresses
C. Redirect users to malicious sites
D. Prevent ARP traffic
C. Redirect users to malicious sites
Which attack sets up a fake wireless network to mimic a real access point?
A. On-path attack
B. Rogue DHCP
C. Evil twin
D. ARP spoofing
C. Evil twin
Which social engineering method involves watching someone type a password in public?
A. Tailgating
B. Phishing
C. Dumpster diving
D. Shoulder surfing
D. Shoulder surfing
This practice reduces attack surface by disabling unnecessary services or ports.
Device Hardening
A basic step in hardening that eliminates common vulnerabilities in default settings.
Change Default Passwords
Controls access to the network based on authentication and device posture.
Network Access Control (NAC)
Restricts access to switch ports by limiting allowed MAC addresses.
Port Security
An IEEE standard for port-based network access control using authentication protocols.
802.1X
Allows or blocks devices from connecting based on their physical MAC addresses.
MAC Filtering
The process of securely generating, storing, distributing, and revoking cryptographic keys.
Key Management
Defines what traffic is allowed or denied at a router or firewall level.
Access Control List (ACL)
Blocks access to specific websites by matching the URL against a rule list.
URL Filtering
Blocks access to certain types of data or content based on category or pattern.
Content Filtering
Network area where traffic is considered safe, such as an internal LAN.
Trusted Zone
Network area considered outside the organization, such as the internet.
Untrusted Zone
A network segment (often a DMZ) that separates trusted and untrusted zones to provide layered defense.
Screened Subnet
A foundational step in securing a device, this involves disabling unused ports, services, and interfaces to reduce the attack surface.
Device Hardening
Attackers often target default credentials—changing these immediately is a critical first line of defense.
Change Default Passwords
Used to control which users or devices can access the network, this security system often checks endpoint compliance.
Network Access Control (NAC)
Prevents unauthorized devices from accessing a network switch by limiting each port to specific MAC addresses.
Port Security
A secure authentication framework used to validate users or devices before granting network access—commonly used in enterprise networks with RADIUS.
802.1X
Allows or denies network access based on the device’s unique hardware address—useful for basic filtering but not spoof-proof.
MAC Filtering
Centrally manages encryption keys for secure communications—ensures key generation, renewal, revocation, and storage are all properly handled.
Key Management
Used in firewalls and routers, this defines rules to allow or block traffic based on IP address, protocol, port, or other criteria.
Access Control List (ACL)
Blocks user access to specific websites based on full or partial matches of the URL—can be applied at the firewall, proxy, or DNS level.
URL Filtering
Analyzes content (e.g., files, emails, downloads) to block inappropriate, dangerous, or restricted material—may use keywords or pattern matching.
Content Filtering
Network segment where devices are assumed to be trustworthy—typically includes internal users and systems.
Trusted Zone
Any external or unknown part of the network—like the internet—where threats are presumed.
Untrusted Zone
Also called a DMZ, this isolated segment sits between the trusted and untrusted networks, hosting systems like web servers or proxies to reduce risk.
Screened Subnet
Which of the following is a key part of device hardening?
A. Enabling all ports
B. Setting public passwords
C. Disabling unused services
D. Opening firewall rules
C. Disabling unused services
What is the purpose of 802.1X?
A. Encrypt wireless traffic
B. Block malware downloads
C. Authenticate devices before granting network access
D. Assign MAC addresses to hosts
C. Authenticate devices before granting network access
Which access control method uses hardware addresses to determine who can connect?
A. URL filtering
B. Port security
C. MAC filtering
D. Key management
C. MAC filtering
What security technique limits which websites users can visit based on full or partial matches?
A. ACL
B. URL filtering
C. Content filtering
D. 802.1X
B. URL filtering
A screened subnet is most commonly used to:
A. Extend wireless access outdoors
B. Encrypt user traffic
C. Host public-facing services while protecting internal systems
D. Authenticate internal users
C. Host public-facing services while protecting internal systems
Which of the following allows or denies network traffic based on rules about IPs, ports, or protocols?
A. Key management
B. Access control list (ACL)
C. Content filtering
D. DHCP snooping
B. Access control list (ACL)
A network zone that includes your internal LAN and trusted devices is called a:
A. DMZ
B. Untrusted zone
C. Trusted zone
D. Rogue network
C. Trusted zone
Which technique ensures encryption keys are securely created, stored, and distributed?
A. Device hardening
B. PKI
C. Key management
D. SSL
C. Key management
Which network control checks endpoint health and grants or denies access accordingly?
A. 802.1X
B. NAC
C. SSO
D. VLAN hopping
B. NAC
Changing default credentials on routers and switches helps prevent:
A. Content filtering
B. Unauthorized access via known credentials
C. DNS poisoning
D. Key expiration
B. Unauthorized access via known credentials
