Domain 3: Given a scenario, apply security principles to secure enterprise infrastructure

Question 1

Device Placement

Answer 1

Device placement in a network determines the strategic positioning of security, connectivity, and traffic management elements and serves as the blueprint for a network’s functionality and security.

Question 2

Security Zone

Answer 2

Security zones, in essence, are distinct segments or partitions within a network.

Question 3

Single Point of Failure

Answer 3

When you are deploying network appliances, ensure that you are not reliant on a single device lest it fail and take your entire network down with it. Look at building in resilience.

Question 4

Fail Closed

Answer 4

fail-closed, which is a failure mode in which the security system defaults to a closed or blocked state when it encounters a problem or malfunction and is one of two options

Question 5

Fail open

Answer 5

, a security system (such as a firewall or an access control mechanism) defaults to an open state when it encounters an issue or failure. Fail-open situations create a significant security vulnerability, as they permit unrestricted access

Question 6

Active devices

Answer 6

Active devices are a proactive force within your network security arsenal.

Question 7

Passive devices

Answer 7

Passive devices are observers. They monitor network traffic, analyze patterns, and provide insights into potential threats and vulnerabilitie

Question 8

Inline

Answer 8

Inline devices are placed directly in the data path of network traffic. They actively process traffic as it flows through the network, making real-time decisions about whether to allow or block data packets.

Question 9

Tap and monitor

Answer 9

Tap or monitor devices, as the name suggests, do not interfere with the flow of network traffic. Instead, they “tap” into the traffic and duplicate it for analysis or monitoring purposes

Question 10

Web page caching

Answer 10

To reduce bandwidth usage and increase browsing speed, a proxy server can cache frequently accessed web pages. This means that instead of fetching the same content repeatedly from external servers, the proxy server stores a copy locally

Question 11

Reverse Proxy

Answer 11

The flow of traffic from a reverse proxy is incoming traffic from the internet coming into your company network. The reverse proxy is placed in a boundary network called the screened subnet. It performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.

Question 12

Load balancer

Answer 12

As its name suggests, a network load balancer is a device that is used to balance the load when there is a high volume of traffic coming into the company’s network or web server.

Question 13

Affinity

Answer 13

In this method, the Layer 4 load balancer distributes the load according to a preset affinity, meaning that the web server to which the request is sent is determined by the requester’s IP address. In other words, the request will always be sent to that same web server every time a request is submitted by that address (or others with the matching affinity)

Question 14

DNS round robin

Answer 14

: In this method, when the request comes in, the load balancer contacts the DNS server and rotates the request in ascending numerical order, starting with the lowest IP address first. It rotates around Web 1, Web 2, and Web 3, and then keeps the sequence going by going back to Web 1 on a rotational basis. It cannot detect the status of the server and may therefore forward a request to a server that is down for maintenance.

Question 15

Sticky MAC

Answer 15

Sticky MAC addresses simplify the port security process by storing the MAC addresses of authorized devices. When a device connects to a port, its MAC address is recorded and associated with that port.

Question 16

Extensible Authentication Protocol (EAP):

Answer 16

EAP enhances the security concepts of 802.1x by ensuring that authentication processes are standardized and interoperable across various network devices and platforms. EAP allows organizations to choose from various authentication methods, such as EAP-TLS (TLS stands for Transport Layer Security), EAP-PEAP (PEAP stands for Protected Extensible Authentication Protocol), and EAP-MD5.

Question 17

UTM Firewall

Answer 17

: UTM is a firewall that can provide malware inspection, DLP, content filtering, and URL filtering. UTM is the go-to when you need an all-in-one security solution to simplify your defense strategy.

Question 18

RDP

Answer 18

a Microsoft product that allows you to run a secure remote access session on a Windows desktop or server

Question 19

Tunneling

Answer 19

Tunneling is a networking technique used to secure and encrypt data as it travels over potentially untrusted networks, ensuring the privacy, integrity, and safe passage of information. It uses network protocols to encrypt a secure “tunnel” through a public network.

Question 20

NGFW

Answer 20

The NGFW is a powerhouse in network security, operating at Layer 7 with the added advantage of harnessing cloud-powered threat intelligence. The NGFW delivers advanced protection across both on-premises and cloud environments, facilitates TLS, and has deep packet filtering and intrusion prevention capabilities. What sets the NGFW apart is its ability to maintain robust security on site, utilizing advanced behavioral analysis and user behavior monitoring. These proactive measures ensure the early detection and mitigation of potential insider threats to protect sensitive data from compromise.

Question 21

Layer 4 firewall

Answer 21

A Layer 4 firewall (often referred to as a “stateless firewall”) is the gatekeeper of network traffic, entrusted with the straightforward yet critical mission of basic packet filtering. It’s primarily focused on determining whether incoming or outgoing packets should be permitted based on predefined rules

Question 22

Layer 7 firewall

Answer 22

A Layer 7 firewall, also known as an application firewall, inspects network traffic at the application layer, enabling deep packet inspection to identify and control specific applications, user activities, and content, enhancing security and control in modern networks

Question 23

Stateful Firewall

Answer 23

A stateful firewall is a kind of firewall that keeps track and monitors the state of active network connections while analyzing incoming traffic and looking for potential traffic and data risks.

Question 24

Stateless Firewall

Answer 24

A stateless firewall is one that doesn’t store information about the current state of a network connection. Instead, it evaluates each packet individually and attempts to determine whether it is authorized or unauthorized based on the data that it contains.

Question 25

IPsec

Answer 25

IPSec can be used to create a secure session between a client computer and a server

Question 26

Ipsec Packet has

Answer 26

An IPSec packet is formed of two different portions:
Authenticated Header (AH): This feature consists of either SHA-1 or MD5 hashing algorithms, which provide data integrity to ensure the packet has not been tampered with in transit.
Encapsulated Security Payload (ESP): ESP is the part of the IPSec packet in which the data is stored and encrypted using symmetric encryption via DES, 3DES, or AES. It comprises several key elements:
Header: ESP adds an additional header to the IP packet. The header contains information necessary for the proper processing of the packet during transmission and reception.
Payload data: This is the actual data that is being transmitted and can be any type of network traffic, such as email, web browsing, or file transfers.
ESP trailer (optional): This is an optional component that may be added to the end of the payload data for padding or integrity checks.

Question 27

Internet Key Exchange (IKE)

Answer 27

When an IPSec tunnel is created, the Diffie-Hellman (DH) key exchange protocol should be used in conjunction with VPN concentrators to establish a shared secret key between two parties (typically a remote client and the VPN concentrator)

Question 28

IPsec tunnel mode

Answer 28

This is the mode in which a user creates a VPN session from a remote location. During tunnel mode, the AH and ESP are both encrypted. Authentication methods include certificates, Kerberos authentication, and pre-shared keys.

Question 29

IPsec Always on mode

Answer 29

This mode is applied during the creation of a site-to-site VPN, the purpose of which is to build a point-to-point connection between two sites in possession of their own VPNs. The session is set to always on to ensure the connection is available all the time. While a site-to-site VPN is active, both the AH and the ESP are encrypted.

Question 30

Ipsec tunnel mode

Answer 30

This is the mode in which a user creates a VPN session from a remote location. During tunnel mode, the AH and ESP are both encrypted. Authentication methods include certificates, Kerberos authentication, and pre-shared keys

Question 31

Software defined network

Answer 31

an automated, programmatic approach to managing enterprise network connectivity and circuit costs. It extends software-defined networking (SDN) into an application that businesses can use to quickly create a smart hybrid WAN.

Question 32

Secure Access service edge.

Answer 32

Secure Access Service Edge (SASE) blends robust security with cloud agility, offering centralized end-to-end protection and simplified access, regardless of user location. This innovative network architecture combines WAN technologies and cloud-based security under a zero-trust model, incorporating Identity and Access Management (IAM) and a suite of threat prevention features such as intrusion prevention and content filtering.

Question 33

Parallel processing

Answer 33

Parallel processing is a method in computing of running two or more processors (CPUs) to handle separate parts of an overall task

Question 34

TLS process

Answer 34

TLS uses certificates for authentication, ensuring a firm handshake of security. Once the encrypted tunnel is created, the authentication credentials are sent to a RADIUS server.

Question 35

Load Balancing

Answer 35

Load balancing is the process of distributing traffic among multiple servers to improve a service or application’s performance and reliability.