Module 9: Infrastructure Security

Question 1

What are Mitigation Principles?

Answer 1

Methods used to reduce vulnerability and prevent security breaches.

Question 2

What is Gap Analysis?

Answer 2

Evaluating an organization’s security posture against desired industry standards.

Question 3

What is Segmentation?

Answer 3

The process of dividing a network into multiple subnets.

Question 4

What is Isolation?

Answer 4

Keeping instances of attack surfaces separate so it can only affect itself.

Question 5

What is Least Privilege?

Answer 5

Granting the minimum level of access needed to perform tasks.

Question 6

What is Configuration Enforcement?(Related to Security Measures)

Answer 6

Applying security measures to reduce vulnerabilities.

Question 7

What is Decommissioning?

Answer 7

Remove a service from a live production environment.

Question 8

What is the Removal of unnecessary software?(Related to Attack Vectors)

Answer 8

Deleting non-essential software to eliminate an attack vector.

Question 9

What are the Selection of Effective Controls? (Related to Countermeasures)

Answer 9

The process of choosing countermeasures to reduce an asset’s risk to exploits.

Question 10

What is Device Placement?

Answer 10

Physically locating a device in a secure location.

Question 11

What are the benefits of using standard networking devices with hardware designed for security?

Answer 11

It creates a layered security approach and makes it harder for attackers to access that network.

Question 12

What is Hardening Targets?

Answer 12

Configuring and securing a device to prevent attacks.

Question 13

What does OSI stand for?

Answer 13

Open Systems Interconnection Model

Question 14

What does PDU stand for?

Answer 14

Protocol Data Units.

Question 15

What is a Switch?

Answer 15

Connects multiple devices to a Local Area Network.

Question 16

What layer does a Switch operate at?

Answer 16

The Data Link Layer
The second layer

Question 17

How do Switches manage MAC Addresses?

Answer 17

By dynamically creating and maintaining the MAC Address table.

Question 18

What is a Hub?

Answer 18

An early network device that connected multiple devices within a LAN. It operated at the physical layer (Layer 1)

Question 19

What is a MAC Flooding Attack?

Answer 19

When a Threat Actor floods a Switch with spoofed Ethernet packets

Question 20

What is Port Security?

Answer 20

Limiting the amount of MAC addresses that can be learned on a Network Switch Port.

Question 21

What is a Router?

Answer 21

Forwards data packets across networks to their destinations.

Question 22

What layer does a Router operate at?

Answer 22

A Router operates at the Network Layer (Layer 3 in the OSI Model).

Question 23

What is a Server?

Answer 23

Software or Hardware that distributes resources and services upon request.

Question 24

What is a Load Balancer?

Answer 24

A device that helps evenly distribute work across a network.

Question 25

What two categories are Load Balancers grouped into?

Answer 25

Layer 4(Transport Layer) Load Balancers & Layer 7(Application Layer)

Question 26

What is a Firewall?

Answer 26

Monitors incoming and outgoing traffic.