Domain 3 (Security Architecture) Flashcards

Practice questions unofficial sources

1
Q

When computing resources are delivered to a remote customer over a network

A

Cloud computing (simple definition)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

A

Cloud computing (NIST definition)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This is the business that offers cloud computing services for sale to third parties

A

Cloud service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The consumers of cloud computing services who use the services as the infrastructure, platforms, and/or applications that help them run their own business

A

Cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Third-party companies who offer some product or service that interacts with the primary offerings of a cloud service provider

A

Cloud service partner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cloud service providers who offer a managed identity and access management service to cloud customers

A

Cloud access security broker (CASB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This adds more servers to the pool to meet increased user demand

A

Horizontal scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This adds more resources (such as CPU or memory) to existing servers to meet increased demand

A

Vertical scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This refers to both increasing and decreasing capacity as short-term needs fluctuate

A

Elasticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Paying only for what you consume

A

Measured Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Many different customers share use of the same computing resources

A

Multitenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Multitenancy cloud users don’t impact each other; one customer should never be able to see data belonging to another

A

Principle of Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sold capacity exceeds actual capacity; cloud providers can oversell because customer use varies at different times, different peaks

A

Oversubscription

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CPU and memory shared among users; in the physical environment they are shared among many different users and can be reassigned as needed

A

Resource pooling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vendors that provide security services for other organizations

A

Managed Security Service Providers (MSSPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This term may also describe Managed Security Service Providers when the service being performed has more of a software as a service feel; almost like a subcategory of MSSP but people blur the lines

A

Security as a Service (SECaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A category of security service that add a third party security layer to the interactions that users have with other cloud services

A

Cloud Access Security Brokers (CASBs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security service where the broker sits in between the users and the cloud service, monitoring requests and watching for potential violations of security policy, broker blocks requests if necessary

A

Network-Based CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Security service where the broker does not sit in the line of communication, uses API to interact with the cloud service. Broker may be unable to block requests, and the service entirely in the cloud

A

API-Based CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When the hypervisor runs directly on top of the hardware, and then hosts guest operating systems on top of that; the most common form of virtualization found in data centers

A

Type 1 Hypervisor (Bare Metal Hypervisor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In the past decade we have a shift in the computing landscape from the client/server model to _____ technology

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

_____ technology allows many virtual servers to make use of the same underlying hardware, easily shifting processing power to wherever it’s needed at the time

A

Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When the physical machine runs an operating system of its own and the hypervisor runs as a program on top of the operating system; commonly used on personal computers; virtual boxes and parallels

A

Type 2 hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In virtualization, the ___ tricks each guest into thinking it runs on its own dedicated hardware

A

Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An attack where the attacker breaks out of the guest system in a virtualized environment, trying to access the memory and storage of the other virtualized machines

A

VM escape attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Where there are large numbers of unused and abandoned virtual servers on the network, creating a security risk as they are not maintained

A

VM sprawl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Applies virtualization to desktop technology; provides network-based access to a desktop computing environment

A

Virtual Desktop Infrastructure (VDI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Storage that allocates a large chunk of storage for access as a disk volume managed by the operating system; large chunk of storage is partitioned into volumes; commonly used to create virtual disk drives for cloud servers

A

Block storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Storage that stores files as individual objects managed by the cloud service provider; used to maintain files for a website, build large data stores, etc.

A

Object Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Classes of block storage

A

magnetic drives or solid state drives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Classes of object storage

A

premium level of service that is available for immediate use, or archival storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

These allow you to directly connect VPCs to each other and to other cloud-based services without requiring that the traffic travel on the open internet

A

VPC endpoints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

SDN

A

Software Defined Networking

Allows you to automate your cloud networking in an infrastructure as code approach by integrating the cloud provider’s API into your operations stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

SDV

A

Software Defined Visibility

Allows you to use the provider’s API to gain visibility into network traffic through the use of virtual tapping, virtual net flow, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

VDI

A

Virtual Desktop Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

This streams applications to the user’s desktop

A

Application Virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Before the 1980’s the enterprise IT landscape was based on ___ technology

A

mainframe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

During the 1980s and 1990s the enterprise IT landscape was based on _____ technology

A

client-server model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

MSPs

A

Managed Service Providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

They offer information technology services to customers, a broader term

A

MSPs, Managed Service Providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

CASB

A

Cloud Access Security Broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

API

A

Application Programming Interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

This creates automated workflows for managing cloud environments; allows cloud administrators to quickly and easily create workloads, shift operations between environments, etc

A

Cloud Orchestration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

The idea that administrators should never build or manage resources using the command line or graphical interfaces, they should write code that performs those actions for them, as that code is then reusable

A

Infrastructure as Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A lightweight way to package up an entire application and make it portable so that it can easily move between hardware platforms; lightweight application virtualization; “the next evolution of virtualization”

A

Containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A design philosophy that encourages organizations to create discreet services that may be accessed by customers and other users in a black box fashion

A

Service-Oriented Architecture (SOA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A standards body for architecture

A

The Open Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A modern adaptation of SOA to the world of cloud enabled computing; fine grain services that provide small and discreet functions to other services

A

Microservices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

This is published by the ISO; lays out a common terminology framework that assists cloud service providers, customers, and partners in communicating about roles and responsibilities; a starting point for organizations

A

Cloud reference architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

ISO

A

International Organization for Standarization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Activities: Use cloud services, perform service trials, monitor services, administer security, provide billing and usage reports, handle problem reports, administer tenancies, perform business administration, select and purchase service, request audit reports

A

ISO cloud reference architecture customer activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Activities: Prepare systems and services, monitoring and administering services, managing assets, providing audit data, manage customer relationships, preform peering, ensure compliance, provide connectivity, etc.

A

ISO cloud reference architecture provider activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Activities: design create and maintain services, test services, perform audits, set up legal agreements, acquire and assess customers, assess the marketplace

A

ISO cloud reference architecture partner activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

The ISO cloud reference architecture aligns nicely with ____, which is designed to help cloud providers and customers understand the detailed security controls that may be used to achieve cloud security objectives

A

Cloud Security Alliance’s Cloud Controls Matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Cloud deployment model providing flexibility, scalability, agility, and cost-effectiveness of the cloud while not sharing computing resources with other organizations; organization builds and runs its own cloud infrastructure

A

Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Cloud deployment model using the multitenancy model, where cloud providers build massive infrastructures in their own data centers and then make those resources available to all users; physical hardware may be running workloads for many different customers at the same time

A

Public Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Cloud deployment model that uses a combination of public and private cloud computing, different clouds for different workloads likely depending on data sensitivity concerns

A

Hybrid Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Cloud deployment model not open to the general public, but are shared amongst several organizations that are related to each other in a common community

A

Community cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Security in the public cloud follows the ____ model.

A

Shared responsibility model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

XaaS

A

_____ as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Cloud services come in a variety of different categories and can be described using the term __

A

XaaS, _ as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Cloud service model where the public cloud provider delivers an entire application to the customers. Customer doesn’t worry about processing, storage, networking, and other infrastructure details; Providers get everything running for customers; usually accessed through a standard web browser

A

Software as a Service (SaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Cloud service model where customers purchase basic computing resources from vendors and put them together for customized IT solutions. Vendors might provide data storage, compute capacity, etc.

A

Infrastructure as a Service (IaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Cloud service model where vendors provide customers with a platform to run their own application code without worrying about server configuration. A middle ground between IaaS and SaaS; customer doesn’t worry about managing servers but is running their own code

A

Platform as a Service (PaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Three major IaaS vendors

A

Amazon Web Services, Microsoft Azure, Google Compute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Could be considered fourth goal of cybersecurity

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

This goal protects the confidentiality rights of individuals whose information we store, process, or transmit;

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Ensures effective oversight of cloud use in an organization; ensures cloud partners comply with security, legal, business, and other constraints

A

Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

An important component of governance; verifies that cloud service providers are fulfilling their security and operational obligations

A

Auditability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

This term describes how cloud providers serving regulated customers must support compliance efforts; providers are subject to things such as HIPAA just as on-premises computing is; organizations must make sure that their cloud providers allow them to remain compliant

A

Regulatory Oversight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A principle stating that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed; storing data in multiple locations subjects it to multiple jurisdictions

A

Data Sovereignty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

The ability of the cloud infrastructure to withstand disruptive events

A

Resiliency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Using a redundant server to protect against the failure of a single server is an example of __

A

Resiliency

69
Q

How well a cloud service stand up to the demands that we place on it is described as ___

A

Performance

70
Q

Written agreements with vendors documenting vendor obligations

A

Service Level Agreements (SLAs)

71
Q

The idea that if something goes wrong operationally, technically, or financially, we can roll back operations to the original state prior to cloud transition

A

Reversibility

72
Q

The design principle saying that workloads should be designed with the ability to move between cloud vendors, workloads shouldn’t leverage vendor specific features

A

Portability

73
Q

Design principle asking if cloud solutions from different vendors are compatible to work together, can services integrate; Especially important for SaaS and PaaS products

A

Interoperability

74
Q

OSI model layer 1

A

Physical layer

75
Q

OSI model layer 2

A

Data link layer

76
Q

OSI model layer 3

A

Network layer

77
Q

OSI model layer 5

A

Session layer

77
Q

OSI model layer 4

A

Transport layer

78
Q

OSI model layer 6

A

Presentation layer

79
Q

OSI model layer 7

A

Application layer

80
Q

These serve as IaaS firewalls; similar to firewall rules and allow you to control the traffic that’s passed from the internet to your virtualized systems, even between systems operating in the virtual environments

A

Network Security Groups

81
Q

These are security control offered by cloud providers that tightly integrate with the provider’s service offerings; likely easy to use, but not work across multiple cloud platforms

A

Cloud-Native Controls

82
Q

These are security controls offered by third-party vendors that integrate with cloud providers through their API and may work across multiple cloud platforms; often more expensive

A

Third-Party Controls

83
Q

Policies that place limits on the actions that may be taken by users with direct access to your cloud environment

A

Resource Policy

84
Q

Tools that allow you to store encryption keys and other sensitive credentials in a manner that allows you and your applications to access them, but keeps them safe from prying eye; can be expensive; such as cloud hardware security modules

A

Secret Management

84
Q

This creates secure connections VPCs running in the cloud and VLANs on your local network, like cloud routers that provide strongly-encrypted connections; Links on-premises and cloud networks; An important control for organizations in a hybrid cloud environment

A

Transit Gateway

85
Q

TCP/IP

A

Transmission Control Protocol/Internet Protocol

86
Q

Two of the main protocols that make up all modern networks

A

TCP and IP

87
Q

Protocol responsible for routing information across networks, provides an addressing scheme that uniquely identifies computers on a network, delivers information in chunks (packets) from their source to the correct destination; a network layer protocol that supports transport layer protocols

A

Internet Protocol (IP)

88
Q

Two main transport layer protocols

A

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

89
Q

TCP

A

Transmission Control Protocol

90
Q

UDP

A

User Datagram Protocol

91
Q

Protocol responsible for the majoritiy of network traffic, a connection-oriented protocol, connection between systems is established before data is transferred; reliable and guarantees delivery through destination receipt acknowledgment ; widely used for critical applications

A

Transmission Control Protocol (TCP)

92
Q
A

User Datagram Protocol (UDP)

93
Q

TCP three way handshake flag that identifies packets that are requesting a new connection

94
Q

TCP three way handshake flag that identifies packets that are requesting the closure of an existing connection

95
Q

TCP three way handshake flag that acknowledges a SYN or FIN request

96
Q

TCP three way handshake

A

SYN, SYN/ACK, ACK

97
Q

Protocol that is not connection-oriented, systems send data off to each other without establishing connection, no acknowledgments when received so no guarantee of delivery; may be used for voice and video applications

A

User Datagram Protocol

98
Q

OSI model

A

Open Systems Interconnection model

99
Q

OSI layer that sends bits over the network using wires, radio waves, fiber optics, etc.

A

OSI Layer 1 Physical

100
Q

OSI Layer that transfers data between two nodes connected to the same physical network

A

OSI Layer 2 Data Link

100
Q

OSI Layer that creates connections between systems and transfers data in a reliable manner; TCP and UDP work here

A

OSI Layer 4 Transport

101
Q

OSI Layer that expands networks to many different nodes; where Internet Protocol works

A

OSI Layer 3 Network Layer

102
Q

OSI Layer that manages the exchange of communications between systems

A

OSI Layer 5 Session

103
Q

OSI Layer that translates data so that it may be transmitted on a network; it describes how to represent a character in terms of bits and performs encryption and decryption

A

OSI Layer 6 Presentation

104
Q

OSI Layer that determines how users interact with data using web browsers or other client applications

A

OSI Layer 7 Application

105
Q

The addressing scheme used by Internet Protocol

A

IP addresses

106
Q

IP address numbers can range from _ to _

107
Q

The IP address includes the __ and the __

A

network address and host address

108
Q

IP version using the dotted quad notation

109
Q

IPv4 uses __ bits

110
Q

IPv6 uses __ bits

111
Q

IP addresses that are manually assigned to systems by an administrator. They must be unique and within the appropriate range for the network; user is responsible for choosing a unique address; typically used for servers

A

Static IPs

112
Q

Protocol that allows the automatic assignment of IP addresses from an administrator-configured pool

A

Dynamic Host Configuration Protocol (DHCP)

113
Q

DNS

A

Domain Name System

114
Q

DNS functions over UDP port __

115
Q

This protocol adds a digital signature to DNS

A

DNSSEC protocol

116
Q

Attacks where attackers may attempt to insert false DNS records into intermediate DNS servers in an attempt to fool unsuspecting clients into accessing fake sites

A

DNS poisoning attacks

117
Q

These are particular locations on a system associated with a specific application; they guide traffic to the correct final destination

A

Network Ports

118
Q

Network ports are represented using a __ bit binary number

119
Q

The well-known ports;
these are reserved for common applications that are assigned by internet authorities

A

ports 0-1,023

120
Q

Web server port number

121
Q

Secure web server port number

122
Q

The registered ports; where application vendors may register their applications for use

A

Ports 1,024 - 49,151

123
Q

FTP File Transfer Protocol (FTP) port used to transfer data between systems

124
Q

Secure Shell Protocol (SSH) used for encrypted administrative connections to servers

125
Q

Remote Desktop Protocol (RDP) used for encrypted administrative connections to servers

126
Q

Windows systems ports used for network communications using the NetBIOS protocol

A

Ports 137, 138, 139

127
Q

Port used by all systems for DNS lookup

128
Q

Simple Mail Transfer Protocol (SMTP) port used to exchange email between servers

129
Q

Post Office Protocol (POP) port that allows clients to retrieve mail

130
Q

Internet Message Access Protocol (IMAP) port used to access mail

131
Q

Hypertext Transfer Protocol (HTTP) port used for unencrypted web communications

132
Q

Secure Hypertext Transfer Protocol (HTTPS) port used for encrypted web communications

133
Q

ICMP

A

Internet Control Message Protocol

134
Q

The housekeeping protocol of the internet that performs a variety of important administrative functions, such as the ping command

A

Internet Control Message Protocol (ICMP)

135
Q

This command is a basic network troubleshooting command; a system sends this command over the network and the receiving system will respond with an acknowledgement; uses the ICMP protocol

A

Ping command

136
Q

Packet that is sent to ask another system “are you there?” during the ping command

A

ICMP Echo request

137
Q

Packet that is sent to tell another system “I am here” during the ping command

A

ICMP Echo reply

138
Q

This command performs more detailed troubleshooting by showing you whether a system is alive on the network and showing the path over the network between the two systems; uses the ICMP protocol

A

Traceroute command

139
Q

These typically have three network interfaces to connect three different security zones together. One interface connects to the internet or other untrusted network, another to the Intranet,

A

Network Border Firewall

140
Q

The interface zone that connects to untrusted networks; is the interface between the protected networks and the outside world

A

Internet Zone

141
Q

The interface zone that connects to the organization’s intranet, the internal network where most systems reside

A

Intranet zone

142
Q

Segments for endpoint network, wireless network, guest network, data center networks

A

Intranet Zone segments

143
Q

The interface zone that is a network where you can place systems that must accept connections from the outside world, such as a mail server; also referred to as a DMZ

A

Screened Subnet zone

144
Q

A security philosophy where systems do not gain privileges based solely on their network location

A

Zero Trust

145
Q

Special purpose networks that are special intranet segments that are accessible by outside parties

146
Q

Special purpose networks that are decoy networks designed to attract attackers; they appear lucrative to attackers but don’t really contain any sensitive information

147
Q

Special purpose network that spring up whenever someone sets up a wired or wireless network outside of your standard security design; often planned to be temporary, can be a security risk as they might not have the usual security controls

A

Ad Hoc Network

148
Q

This is network traffic between systems in the same data center

A

East-West traffic

149
Q

This is network traffic between systems in the data center and systems located on the internet

A

North-South traffic

150
Q

These allow us to logically group together related systems regardless of where they exist on the network; they extend the broadcast domain, allowing users on the same VLAN to directly connect to each other as if they were connected to the same switch

A

Virtual LANS (VLANs)

151
Q

This allows you to monitor network traffic by duplicating all of the traffic from a single switch port; ideal for monitoring traffic to or from a single device

A

Port Mirrors

152
Q

These are hardware devices used to aggregate inbound network connections from employees and other users who require remote access

A

VPN concentrators

153
Q

These handle the tough cryptographic work of setting up an TLS connection on behalf of a web server, allowing the web server to focus on delivering web content; they are designed to boost service performance; in the DMZ

A

SSL Accelerators

154
Q

These allocate the load of inbound user requests among a pool of servers, allowing the organization to scale a service quickly; in the DMZ

A

Load Balancers

155
Q

SDN

A

Software Defined Networking

156
Q

This is a technology that allows network administrators to treat the functionality and implementation details of a network as separate and distinct functions

A

Software Defined Networking (SDN)

157
Q

This is responsible for the routing and switching decisions that determine how data flows around a network; determines how network devices interact with each other

A

The control plane

158
Q

This consists of the mechanics of moving packets around in a network; it carries out the instructions of the control plane

A

The data plane

159
Q

Devices that network engineers use to connect devices to networks; contain a large number of network ports; normally hidden away in wiring closets

160
Q

Devices that contain radios that send and receive network signals to mobile devices; this device is wired back to the switch, but other devices connect to it wirelessly; uses radio-based wireless networks

A

Wireless Access Points (WAPs)

161
Q

Switches operate at level __ of the OSI model, where they work with MAC addresses only

A

Level 2
(sometimes 3)

162
Q

Switches sometimes operate at level __ of the OSI model, where they can interpret IP addresses; has some of the function of routers at this level

163
Q

Device that connects networks together by serving as a central aggregation point for network traffic heading to or from a large network; they connect networks to each other, making intelligent packet routing decisions; uses access control lists

164
Q

Devices that connect two networks together, uses MAC addresses

165
Q

These devices analyze all attempts to connect to systems on a network and determining whether the request should be allowed or denied; often at the network perimeter in between routers and the internet

166
Q

A technique that is an older version, they evaluate each packet separately; is inefficient and doesn’t allow the device to make decisions

A

Stateless Firewall

167
Q

A modern technique that allows users to keep track of established connections; doesn’t have to reevaluate every incoming packet as it knows they are from the same origin

A

Stateful Inspection

168
Q

Stateful inspection uses layer __ of the OSI model

169
Q

Rule stating that if a firewall receives traffic not explicitly allowed by a firewall rule, then that traffic must be blocked

A

Implicit Deny (default deny)

170
Q

These firewalls incorporate contextual information into their decision-making; devices capable of incorporating some contextual information into their decision-making process; work at all levels of the OSI model

A

Next-generation firewalls (NGFWs)

aka layer 7 firewalls

171
Q

Devices that inspect HTTP requests made to a web server and watch for any signs of a potential attack occurring against the application

A

Web Application Firewall (WAFs)

172
Q

A deployment model

A

Hardware WAF

173
Q

A deployment model