Módulo 05 - Network Architecture

Question 1

Define:
Network infraestructure

Answer 1

It’s the media, appliances and protocols that support connectivity.

Question 2

Acronym:
OSI

Answer 2

Open System Interconnection

Question 3

What are the OSI model layers?

Answer 3

1. Physical
2. Data-link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

For CompTIA, consider only 1, 2, 3, 4 and 7

Question 4

Acronym:
MAC

Answer 4

Media Access Control

Question 5

Define:
MAC Address

Answer 5

Layer 2 component, attached to the hosts.

Used as an identifier, and is a 48-bit string

Question 6

Types of node in a network

Answer 6

Intermediary nodes => Forward traffic of a network to other hosts
Host nodes => Initiates the communication in a network

Question 7

What are the OSI layers that refers to:
- Switches
- Routers
- Transport Protocols

Answer 7

• Layer 2, because it uses MAC addresses
• Layer 3, because it uses IP address
• Layer 4, because it uses network protocols such as TCP, or UDP

Question 8

In network terms, define what would be:
- Preventative controls
- Detective controls
- Preventative, detective, and corrective controls

Answer 8

• Placed at the border of a network, such as firewalls or Load Balancers
• Implemented to monitor the traffic, generates alerts in malicious traffic
• Installed on hosts, such EDR

Question 9

What is a passive security control?

Answer 9

A control that operates without requiring any client configuration

Question 10

What is an active security control?

Answer 10

A control requiring credentials, access permissions, and interaction with target hosts, often involving agent software or gateway configuration.

Question 11

What does “inline” mean for a security device?

Answer 11

A device deployed within the cable path, without requiring changes to IP or routing topology, and typically without MAC or IP addresses.

Question 12

What are two methods for deploying network traffic sniffing controls?

Answer 12

1. SPAN (switched port analyzer)/mirror port.
2. Test access point (TAP).

Question 13

What is a SPAN or mirror port?

Answer 13

A switch-configured port that copies frames from other ports for monitoring but may drop frames under heavy load.

Question 14

What is a TAP (test access point)?

Answer 14

A device inline with network cabling that physically copies signals to a monitor port without logic-based decisions.

Question 15

What is a fail-open and fail-close mode?

Answer 15

Fail-open is a failure state where access is not blocked, whether fail-close is where access is blocked

Question 16

Acronym:
SPAN

Answer 16

Switched Port Analyzer

Question 17

What is the difference between TAP and SPAN regarding reliability?

Answer 17

TAP reliably copies all frames, while SPAN may miss frames with errors or drop them under heavy load.

Question 18

Define:
Proxy server

Answer 18

Acts as an intermediary for clients, providing traffic management, anonymity, content filtering, and caching.

Question 19

Define:
Jump server

Answer 19

Hardened server controlling access to isolated systems, enhancing security.

Question 20

Define:
Load balancer

Answer 20

Distributes network traffic across servers, provides fault tolerance, and may include WAF for attack protection.

Question 21

List:
Types of load balancers

Answer 21

1. Layer 4 (Transport layer decisions).
2. Layer 7 (Application-level data decisions).

Question 22

Define:
Sensor

Answer 22

A packet sniffer used to capture traffic, often feeding an IDS for malicious traffic detection.

Question 23

Define:
IDS

Answer 23

Intrusion Detection System identifies threats without blocking traffic.

Question 24

Define:
All-in-one security appliance

Answer 24

Device combining functions like firewall, IDS, IPS, URL filtering, and spam filtering into one.

Question 25

Define:
Web filtering

Answer 25

Blocks malicious/inappropriate websites using criteria like URL, IP, or keywords.

Question 26

Define:
Content filtering server

Answer 26

Denies or allows website access based on allow/deny lists or content categories.

Question 27

List:
Web filtering approaches

Answer 27

Agent-based.
Centralized proxy.

Question 28

Define:
DNS filtering

Answer 28

Controls website access by managing domain name resolution, blocking malicious or unapproved sites.

Question 29

List:
DNS filtering benefits

Answer 29

Blocks phishing and malware sites.
Enforces acceptable use policies.
Protects all network devices, including IoT.

Question 30

Define:
Security Zone

Answer 30

Security zones are portions of the network or system that have specific security concerns or requirements.

Question 31

List:
Types of network

Answer 31

Wireless
Guest
Honeynet
Ad hoc

Question 32

List:
Security Zone Types

Answer 32

Screened subnets
Intranet
Extranet
Wireless

Question 33

Define:
Screened subnets

Answer 33

A perimeter network separating public-facing servers from internal resources to reduce exposure to threats.

DMZ

Question 34

Define:
Intranet

Answer 34

Internal LAN - Local Access Network

Question 35

Define:
Extranet

Answer 35

An extranet is a private LAN distinct from the intranet.

Often used to grant resource access to business partners.

Question 36

Define:
Honeypot

Answer 36

Decoy system designed to attract attackers, monitor their activity, and gather intelligence about their tactics.

Question 37

List:
Types of honeypots

Answer 37

Honeyfile
Honeyspot
Honeynet
Honeytoken

Question 38

Define:
Honeynet

Answer 38

A decoy network with multiple honeypots used to gather information about attacks and strengthen defenses.

Question 39

Define:
Honeyfile

Answer 39

A decoy file designed to lure attackers, trigger alarms, and gather intelligence when accessed.

Question 40

List:
Common types of honeyfiles

Answer 40

Information files (e.g., passwords.txt).
Application files (e.g., compilers).
Log files.
Intellectual property files.

Question 41

Define:
Honeytoken

Answer 41

False credentials or data used to distract attackers, trigger alerts, and gather intelligence.

Question 42

Define:
DNS sinkhole

Answer 42

A DNS record that redirects malicious traffic to a controlled IP address to block bots and prevent DDoS attacks.

Question 43

List:
Limitations of DNS sinkholes

Answer 43

The use of non-organizational DNS servers.

May restrict legitimate websites.

Question 44

Define:
Fake telemetry

Answer 44

Deceptive strategy returning spoofed data to network probes to mislead attackers and track their actions.

Question 45

List:
Benefits of fake telemetry

Answer 45

Distracts attackers.
Tracks techniques and tools used.
Tunes defenses like firewalls and intrusion detection systems.

Question 46

List:
Q: Key features of a screened subnet

Answer 46

Hosts public services (e.g., web, email, DNS, FTP).
Isolates internal resources from public systems.
Uses two firewalls for traffic control.

Question 47

Define:
Q: Bastion host

Answer 47

A hardened host exposed to attacks, often serving as a sacrificial host or firewall.

Question 48

Define:
Q: Screening router

Answer 48

The most external router using ACLs to filter packets, often doubling as a firewall.

Question 49

Define:
Q: Dual-homed gateway

Answer 49

A firewall with three interfaces connecting the internet, public subnet, and private network, with IP forwarding disabled.

Question 50

Define:
Q: Screened-host gateway

Answer 50

A gateway in the screened subnet requiring authentication to access its resources or the intranet.

Question 51

Define:
Q: Two-firewall screened subnet

Answer 51

A setup with two firewalls where the external firewall manages public access and the internal firewall protects private networks.

Question 52

List:
Q: Common practices for firewall packet filters in screened subnets

Answer 52

Close all ports by default.

Open only necessary ports.

Use a VPN server for internet access.

Question 53

Define:
Q: VPN server in a screened subnet

Answer 53

Allows internet users to authenticate and access private resources via the VPN, ensuring secure communication.

Question 54

Define:
Q: Packet filter

Answer 54

Firewall rule allowing or blocking traffic to and from specific resources based on packet attributes.

Question 55

Define:
Q: Firewall

Answer 55

A device or software that monitors, filters, and controls network traffic to protect internal networks from external threats.

Question 56

List:
Q: Types of firewalls

Answer 56

Host-based.
Network-based.
Web application firewall (WAF).
Next-generation firewall (NGFW).
Unified threat management (UTM).
Stateless.
Stateful.
Layer 4.
Layer 7.

Question 57

Define:
Q: Host-based firewall

Answer 57

Software firewall installed on a single host to protect it from unauthorized traffic, especially in public networks.

Question 58

Define:
Q: Network-based firewall

Answer 58

Hardware firewall that inspects traffic flowing between networks, typically placed at the network perimeter.

Question 59

Define:
Q: Web application firewall (WAF)

Answer 59

A firewall protecting web servers and databases from code injection and denial-of-service attacks using application-aware rules.

Question 60

List:
Q: Features of a next-generation firewall (NGFW)

Answer 60

Layer 7 application-aware filtering.

Intrusion prevention system (IPS).

Layer 4 inspection

Cloud networking integration.

Directory integration RBAC policies

Question 61

Define:
Q: Unified threat management (UTM)

Answer 61

A device combining multiple security controls, such as firewall, antivirus, VPN, and content filtering, into one appliance.

Question 62

Define:
Q: Stateless firewall

Answer 62

A basic packet-filtering firewall that does not track session information, analyzing each packet independently.

Question 63

Define:
Q: Stateful firewall

Answer 63

Tracks session information, storing it in a state table, and applies filtering rules to new or unknown connections.

Question 64

Define:
Q: Layer 4 firewall

Answer 64

Inspects transport layer traffic, tracking TCP/UDP sessions and blocking anomalies like session hijacking attempts.

Question 65

Define:
Q: Layer 7 firewall

Answer 65

Inspects application layer traffic, ensuring protocol-port matches and detecting patterns in headers and payloads.

Question 66

List:
Q: Downsides of UTM firewalls

Answer 66

Single point of failure.

Latency under heavy loads.

Lower performance.

Question 67

Define:
Q: VPN (Virtual Private Network)

Answer 67

A remote-access connection using encryption to securely send data over untrusted networks.

Question 68

Acronym:
Q: VPN

Answer 68

(Virtual Private Network)

Question 69

List:
Q: VPN tunnel types

Answer 69

Full tunnel (routes all traffic through the VPN).
Split tunnel (routes specific traffic through the VPN).

Question 70

List:
VPN Types

Answer 70

Host-to-host VPN
Site-to-site VPN
Remote-access VPN
Always-on VPN

Question 71

Define:
Q: Host-to-host VPN

Answer 71

A VPN connection established between two individual hosts with encryption software configured on both.

Question 72

Define:
Q: Site-to-site VPN

Answer 72

A VPN connection between routers at the edge of two sites, enabling encrypted communication without host awareness.

Question 73

Define:
Q: Remote-access VPN

Answer 73

A VPN using a server (VPN concentrator) to connect multiple individual hosts to a private network.

Question 74

Define:
Q: Always-on VPN

Answer 74

A VPN configuration where all traffic is tunneled continuously, whether the user is remote or on the LAN.

Question 75

List:
Q: Types of VPN protocols

Answer 75

Carrier Protocol (e.g., IP).
Tunneling Protocol (e.g., PPTP, L2TP).
Passenger Protocol (transmitted data).

Question 76

Define:
Q: VPN concentrator

Answer 76

An advanced router/server that creates and maintains secure VPN connections for multiple users.

Question 77

Acronym:
Q: IPsec

Answer 77

Internet Protocol Security

Question 78

Define:
Q: Internet Protocol Security (IPsec)

Answer 78

A VPN protocol operating at OSI layer 3, providing encryption and authentication for secure communication.

Question 79

List:
Q: Core protocols in IPsec

Answer 79

Authentication Header (AH) – ensures integrity but does not encrypt payloads.

Encapsulating Security Payload (ESP) – encrypts payloads and provides integrity.

Question 80

List:
Q: IPsec modes

Answer 80

Transport mode in IPsec
Tunnel mode in IPsec

Question 81

Define:
Q: Transport mode in IPsec

Answer 81

Encrypts only the payload of packets, leaving headers unencrypted for private network communication.

Question 82

Define:
Q: Tunnel mode in IPsec

Answer 82

Encrypts the entire IP packet (header and payload) for secure site-to-site VPN communication.

Question 83

Define:
Q: SASE (Secure Access Service Edge)

Answer 83

A cloud-based security architecture combining WAN technologies with advanced security features under a zero-trust model.

Question 84

List:
Q: Security features of SASE

Answer 84

Identity and Access Management (IAM).
Zero-trust security model.
Intrusion prevention.
Malware protection.
Content filtering.

Question 85

Define:
Q: SD-WAN

Answer 85

Software-Defined Wide Area Network that connects branch offices and datacenters with enhanced encryption and traffic management.

Question 86

List:
Q: Advantages of SD-WAN

Answer 86

Encrypts data across the network.
Segments traffic based on priority.
Centralizes security policy management.
Intelligently routes traffic based on applications.

Question 87

Define:
Q: Network Access Control (NAC)

Answer 87

A system that authenticates users and devices, enforces security policies, and ensures compliance before granting network access.

Question 88

List:
Q: What does NAC evaluate before granting access?

Answer 88

Operating system version.
Patch level.
Antivirus status.
Presence of security software.

Question 89

List:
Q: Attributes used by NAC to restrict access

Answer 89

User profile.
Device type.
Location.
Other attributes.

Question 90

Define:
Q: Dynamic VLAN assignment

Answer 90

A NAC feature assigning VLANs based on user identity, device type, location, or health checks.

Question 91

Define:
Q: Quarantine VLAN

Answer 91

A VLAN isolating non-compliant devices to limit potential network damage.

Question 92

Define:
Q: Zero-trust security in NAC

Answer 92

A model requiring devices to pass authentication and authorization before network access is granted.

Question 93

List:
Q: Two stages of the NAC process

Answer 93

Authentication.
Authorization.

Question 94

Define:
Q: Agent-based NAC

Answer 94

A NAC method using software agents on devices to assess compliance and provide detailed status information.

Question 95

Define:
Q: Agentless NAC

Answer 95

A NAC method evaluating devices through network scans or DHCP fingerprinting without requiring installed agents.

Question 96

List:
Q: Examples of NAC scanning techniques

Answer 96

Vulnerability scanners (e.g., Nessus, OpenVAS).

Windows Management Instrumentation (WMI) queries.

Log parsers.

Question 97

Define:
Q: Automatic remediation in NAC

Answer 97

A feature allowing NAC to resolve compliance issues, such as updating software or adjusting settings.

Question 98

Define:
Q: BYOD (Bring Your Own Device) in NAC

Answer 98

A policy where NAC secures personal devices connecting to the internal network.

Question 99

Define:
Q: Privilege escalation

Answer 99

Exploiting a bug or flaw to access system resources or privileges not intended for the user.

Question 100

Define:
Q: Backdoor

Answer 100

An unprotected access method, often added during development or by attackers, to bypass security controls.

Question 101

Define:
Q: Zero-day vulnerability

Answer 101

A previously unknown flaw exploited before developers can patch it, posing significant and unpredictable risks.

Question 102

Define:
Q: Responsible disclosure

Answer 102

The process of privately informing vendors about vulnerabilities so they can patch them before public disclosure.

Question 103

Define:
Q: Zero-day exploit

Answer 103

An attack or malware taking advantage of a zero-day vulnerability.

Question 104

Define:
Q: Vulnerability scanning

Answer 104

A process to identify misconfigurations and missing patches in software and systems, supporting application and network security.

Question 105

List:
Q: Popular vulnerability scanning tools

Answer 105

OpenVAS.
Nessus.

Question 106

Define:
Q: Application vulnerability scanning

Answer 106

A specialized method to detect software-specific weaknesses using static and dynamic analysis.

Question 107

Define:
Q: Package monitoring

Answer 107

Tracking and assessing third-party software packages, libraries, and dependencies for known vulnerabilities.

Question 108

List:
Q: Tools for package monitoring

Answer 108

Software Composition Analysis (SCA) tools.
National Vulnerability Database (NVD).
Vendor-specific advisories.

Question 109

Define:
Q: Software Bill of Materials (SBOM)

Answer 109

A detailed inventory of software components, libraries, and dependencies used for managing supply chain risks.

Question 110

List:
Q: Steps for managing networking software

Answer 110

Write usage policies.

Prevent software installation.

Block firewall ports used by software.

Application control solutions.

Question 111

Define:
Q: Application control solution

Answer 111

A tool that inspects packet contents to identify and manage network applications using application signatures.

Question 112

List:
Q: Actions for applications not on the allow list

Answer 112

Flagged (allowed but logged).
Blocked (denied, session dropped).
Tarpitted (silently dropped, appearing unresponsive).

Question 113

Define:
Q: Tarpitting applications

Answer 113

A technique to keep connections alive while silently dropping application data to delay malicious traffic.

Question 114

Define:
Q: Challenges with firewalls for application control

Answer 114

Firewalls may not inspect packet contents

Circumvent ACLs by reconfiguring applications to use open ports.

Question 115

Define:
MAC flooding

Answer 115

Network attack that overloads a switch MAC table, causing it to broadcast like a hub

Question 116

Define:
ARP poisoning/spoofing

Answer 116

The attacker associates his MAC address to the victim’s IP, enabling traffic interception and modification

Question 117

Define:
MAC spoofing

Answer 117

Changing a source MAC address to bypass security mechanisms

Question 118

Define:
DTP - Dynamic Trunking Protocol

Answer 118

A protocol for automatic trunk port negotiation that is insecure and should be disabled on access ports

Question 119

List:
The steps in hardening a switch

Answer 119

1. Change default credentials.
2. Disable unnecessary services.
3. Use secure management protocols (e.g., SSH, HTTPS).
4. Implement ACLs.
5. Enable logging and monitoring.
6. Configure port security.
7. Enforce strong password policies.
8. Physically secure equipment.

Question 120

Acronym:
TCP and UDP

Answer 120

Transmission Control Protocol

User Datagram Protocol

Question 121

Define:
TCP - Transmission Control Protocol

Answer 121

A connection-oriented protocol ensuring reliability, ordering, and error-checking for data transmission.

Question 122

Define:
UDP - User Datagram Protocol

Answer 122

A connectionless protocol suited for real-time applications like video streaming and gaming, prioritizing speed over reliability

Question 123

Define:
Tarpitted application traffic

Answer 123

Silently dropping application data while keeping the connection alive to delay attackers

Question 124

Port:
HTTP and HTTPS

Answer 124

80 and 443

Question 125

Protocol for port:
80 and 443

Answer 125

HTTP and HTTPS

Question 126

List:
Physical security for routers

Answer 126

Locked rooms
CCTV
Access logs

Question 127

Define:
Typical configuration for an anti-spoofing rule

Answer 127

Block inbound packets with internal IP address

Question 128

Define:
Segmentation

Answer 128

Dividing a network into segments to isolate systems, limit attack spread, and enhance data protection

Question 129

List:
Benefits of network segmentation

Answer 129

1. Limits attack spread.
2. Enhances data privacy.
3. Allows granular access control.
4. Increases detection and response time for threats.

Question 130

Define:
Device isolation

Answer 130

Segregating devices restrict interaction and prevent lateral threat movement within a network.