Domain 4 Flashcards
What is a Network?
A group of interconnected devices that can communicate with each other.
What is a Firewall?
A security device or software that monitors and controls incoming and outgoing network traffic based on rules.
What is a Router?
A device that connects different networks and routes traffic between them.
What is a Switch?
A device that connects devices within a single network and forwards traffic based on MAC addresses.
What is a Proxy Server?
A server that acts as an intermediary for requests between clients and other servers.
What is a VPN (Virtual Private Network)?
A secure, encrypted connection over a less secure network, typically the Internet.
What is an Intrusion Detection System (IDS)?
A device or software that monitors network traffic for suspicious activity and alerts administrators.
What is an Intrusion Prevention System (IPS)?
A system that actively monitors and can take action to block or prevent detected threats.
What is Port Scanning?
The process of sending packets to specific ports on a host to discover open ports and services.
What is Malware?
Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
What is Phishing?
A social engineering attack that tricks individuals into revealing sensitive information.
What is a Man-in-the-Middle (MITM) Attack?
An attack where a malicious actor intercepts communication between two parties.
What is Denial of Service (DoS)?
An attack intended to shut down a network or service, making it inaccessible to users.
What is Distributed Denial of Service (DDoS)?
An attack that uses multiple compromised systems to flood a target with traffic.
What is a VLAN (Virtual Local Area Network)?
A logical segmentation of a network to improve management and security.
What is Encryption?
The process of converting information into a secure format to prevent unauthorized access.
What is Decryption?
The process of converting encrypted data back into its original form.
What is a DMZ (Demilitarized Zone)?
A physical or logical subnet that separates an internal network from untrusted external networks.
What is a Honeypot?
A decoy system or resource intended to attract attackers and study their methods.
What is a Wireless Access Point (WAP)?
A device that allows wireless devices to connect to a wired network.
What is Network Segmentation?
Dividing a network into multiple segments to enhance performance and security.
What is a Public Key?
A cryptographic key that can be shared openly and is used for encryption or verifying digital signatures.
What is a Private Key?
A cryptographic key kept secret and used for decryption or creating digital signatures.
What is a Certificate Authority (CA)?
An entity that issues digital certificates to verify identities online.
What is Secure Sockets Layer (SSL)?
A protocol for encrypting information over the internet (now replaced mostly by TLS).
What is Transport Layer Security (TLS)?
The successor to SSL, providing secure communication over a network.
What is WPA2 (Wi-Fi Protected Access 2)?
A security protocol used to secure wireless networks.
What is WPA3?
The latest and most secure Wi-Fi security standard.
What is MAC Address Filtering?
A method of network access control where only approved device MAC addresses can connect.
What is IP Spoofing?
An attack technique where the attacker sends packets with a forged source IP address.
What is an ARP Spoofing Attack?
A type of attack where an attacker sends fake ARP messages to a network to redirect traffic.
What is a Botnet?
A network of infected devices controlled remotely by an attacker.
What is a Security Information and Event Management (SIEM) System?
A tool that collects, analyzes, and manages security event data.
What is a Zero Trust Model?
A security concept where no device or user is trusted by default, even if inside the network.
What is the primary purpose of a firewall?
To block unauthorized access while permitting legitimate communication.
What is the difference between IDS and IPS?
IDS monitors and alerts; IPS monitors and actively blocks threats.
What is the benefit of network segmentation?
It limits the spread of attacks and improves network performance.
What is a brute force attack?
An attack that tries many passwords or keys until the correct one is found.
What does VPN encryption protect against?
Eavesdropping and data interception on insecure networks.
What is a common sign of a phishing attack?
An unexpected email asking for sensitive information or urging urgent action.
What is the purpose of a DMZ?
To expose external-facing services while protecting the internal network.
How does TLS differ from SSL?
TLS is the updated, more secure version of SSL.
Why is WPA3 stronger than WPA2?
It uses stronger encryption and protects against password guessing attacks.
What does SIEM provide to cybersecurity teams?
Centralized monitoring, analysis, and response to security events.
How can a honeypot help network security?
It distracts attackers and helps study their behavior.
What is the goal of a DDoS attack?
To overwhelm a system with traffic and cause a denial of service.
How does IP spoofing assist attackers?
It disguises their identity and may bypass security controls.
How can VLANs improve network security?
By isolating sensitive devices or traffic from the rest of the network.
What is the advantage of using a VPN for remote work?
It provides secure, encrypted access to organizational resources.
What are examples of wireless security best practices?
Use WPA3, disable WPS, change default settings, and use strong passwords.
How does Zero Trust protect an organization?
By verifying every access attempt regardless of location or device.
What is the role of a Certificate Authority (CA) in network security?
To issue trusted digital certificates verifying identities.
What is the risk of weak Wi-Fi passwords?
They allow unauthorized access to the network and potentially to internal systems.
What is a side effect of poor network segmentation?
A single breach can expose the entire network.
Why is encryption critical for wireless communications?
Wireless transmissions can be intercepted; encryption protects the data.
What action should you take during a suspected MITM attack?
Immediately disconnect and alert security personnel.
How can SIEM systems assist during an incident response?
They provide centralized data and alerts for quicker investigation and mitigation.
