Network Architecture and Segmentation Flashcards

1
Q

The practice of assigning an ID to assets to associate them with entries in an
inventory database

A

Asset Tag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process through which changes to the configuration of information systems
are monitored and controlled, as part of the organization’s overall configuration
management efforts

A

Change Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Document that lists the reason for a change and the procedures to implement
that change

A

Request for Change (RFC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Refers to the cabling, switch ports, router ports, and wireless access points that
supply cabled and wireless network access and connectivity

A

Physical Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A secure tunnel created between two endpoints connected via an unsecure
network, usually over the Internet
▪ IPSec
▪ Secure Shell (SSH)
▪ Transport Layer Security (TLS)

A

Virtual Private Network (VPN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

APIs and compatible hardware allowing for programmable network appliances
and systems
SDN creates more complex networks due to their size, scope, and ability to
rapidly change
▪ Control plane
▪ Data plane
▪ Management plane

A

Software-Defined Networking (SDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Makes decisions about how traffic should be prioritized and secured, and where it
should be switched

A

Control Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Handles the actual switching and routing of traffic and imposition of access
control lists (ACLs) for security

A

Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Monitors traffic conditions and network status
SDN applications are used to define policy decisions on the control plane

A

Management Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A type of network isolation that physically separates a network from all other
networks

A

System Isolation (Air Gap)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Each network segment has its own switch, and only devices connected to that
switch can communicate with each other

A

Physical Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Network segmentation that relies on VLANs to create equivalent segmentation
that would occur if you used physical switches

A

Virtual Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The main unit of a logically segmented network where the security configuration
is the same for all hosts within it

A

Zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A list of IP address and ports that are allowed or denied access to the network
segment or zone

A

Access Control Lists (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Any host that accepts inbound connections from the internet

A

internet-facing Host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A segment isolated from the rest of a private network by one or more firewalls
that accepts connections from the Internet over designated ports

A

Demilitarized Zone (DMZ)

17
Q

Hosts or servers in the DMZ which are not configured with any services that run
on the local network

A

Bastion Hosts

18
Q

A hardened server that provides access to other hosts within the DMZ

A

Jumpbox

19
Q

A host computer is installed with a hypervisor that can be used to install and
manage multiple guest operating systems or virtual machines (VMs)

A

Virtualization

20
Q

A virtualization implementation that separates the personal computing
environment from a user’s physical computer

A

Virtual Desktop Infrastructure (VDI)

21
Q

A type of virtualization applied by a host operating system to provision an isolated
execution environment for an application

A

Containerization

22
Q

A virtualized computer that allows for the installation and configuration of its own
operating system

A

Virtual Hosts

23
Q

An expansion of VMs being provisioned without proper change control
procedures

A

VM Sprawl

24
Q

Virtual hosts are interconnected using virtual switches, virtual routers, and other
virtualized networking equipment as part of the hypervisor

A

Virtual Networks

25
Q

Management application that is located either on the physical host that runs the
VMs or on a centralized platform that oversees VMs from multiple physical host

A

Management Interface

26
Q

The practice of responding to a threat by destroying or deceiving a threat actor’s
capabilities

A

Active Defense

27
Q

A host set up with the purpose of luring attackers away from the actual network
components and/or discovering attack strategies and weaknesses in the security
configuration

A

Honeypot

28
Q

An entire network setup to entice attackers

A

Honeynet

29
Q

Identification and publication of an attacker’s methods, techniques, and tactics as
useful threat intelligence

A

Attribution

30
Q

Use offensive or counterattacking techniques to identify the attacker and degrade
their capabilities

A

Hack Back