Network Architecture and Segmentation

Question 1

The practice of assigning an ID to assets to associate them with entries in an
inventory database

Answer 1

Asset Tag

Question 2

The process through which changes to the configuration of information systems
are monitored and controlled, as part of the organization’s overall configuration
management efforts

Answer 2

Change Management

Question 3

Document that lists the reason for a change and the procedures to implement
that change

Answer 3

Request for Change (RFC)

Question 4

Refers to the cabling, switch ports, router ports, and wireless access points that
supply cabled and wireless network access and connectivity

Answer 4

Physical Network

Question 5

A secure tunnel created between two endpoints connected via an unsecure
network, usually over the Internet
▪ IPSec
▪ Secure Shell (SSH)
▪ Transport Layer Security (TLS)

Answer 5

Virtual Private Network (VPN)

Question 6

APIs and compatible hardware allowing for programmable network appliances
and systems
SDN creates more complex networks due to their size, scope, and ability to
rapidly change
▪ Control plane
▪ Data plane
▪ Management plane

Answer 6

Software-Defined Networking (SDN)

Question 7

Makes decisions about how traffic should be prioritized and secured, and where it
should be switched

Answer 7

Control Plane

Question 8

Handles the actual switching and routing of traffic and imposition of access
control lists (ACLs) for security

Answer 8

Data Plane

Question 9

Monitors traffic conditions and network status
SDN applications are used to define policy decisions on the control plane

Answer 9

Management Plane

Question 10

A type of network isolation that physically separates a network from all other
networks

Answer 10

System Isolation (Air Gap)

Question 11

Each network segment has its own switch, and only devices connected to that
switch can communicate with each other

Answer 11

Physical Segmentation

Question 12

Network segmentation that relies on VLANs to create equivalent segmentation
that would occur if you used physical switches

Answer 12

Virtual Segmentation

Question 13

The main unit of a logically segmented network where the security configuration
is the same for all hosts within it

Answer 13

Zones

Question 14

A list of IP address and ports that are allowed or denied access to the network
segment or zone

Answer 14

Access Control Lists (ACL)

Question 15

Any host that accepts inbound connections from the internet

Answer 15

internet-facing Host

Question 16

A segment isolated from the rest of a private network by one or more firewalls
that accepts connections from the Internet over designated ports

Answer 16

Demilitarized Zone (DMZ)

Question 17

Hosts or servers in the DMZ which are not configured with any services that run
on the local network

Answer 17

Bastion Hosts

Question 18

A hardened server that provides access to other hosts within the DMZ

Answer 18

Jumpbox

Question 19

A host computer is installed with a hypervisor that can be used to install and
manage multiple guest operating systems or virtual machines (VMs)

Answer 19

Virtualization

Question 20

A virtualization implementation that separates the personal computing
environment from a user’s physical computer

Answer 20

Virtual Desktop Infrastructure (VDI)

Question 21

A type of virtualization applied by a host operating system to provision an isolated
execution environment for an application

Answer 21

Containerization

Question 22

A virtualized computer that allows for the installation and configuration of its own
operating system

Answer 22

Virtual Hosts

Question 23

An expansion of VMs being provisioned without proper change control
procedures

Answer 23

VM Sprawl

Question 24

Virtual hosts are interconnected using virtual switches, virtual routers, and other
virtualized networking equipment as part of the hypervisor

Answer 24

Virtual Networks

Question 25

Management application that is located either on the physical host that runs the
VMs or on a centralized platform that oversees VMs from multiple physical host

Answer 25

Management Interface

Question 26

The practice of responding to a threat by destroying or deceiving a threat actor’s
capabilities

Answer 26

Active Defense

Question 27

A host set up with the purpose of luring attackers away from the actual network
components and/or discovering attack strategies and weaknesses in the security
configuration

Answer 27

Honeypot

Question 28

An entire network setup to entice attackers

Answer 28

Honeynet

Question 29

Identification and publication of an attacker’s methods, techniques, and tactics as
useful threat intelligence

Answer 29

Attribution

Question 30

Use offensive or counterattacking techniques to identify the attacker and degrade
their capabilities

Answer 30

Hack Back