Network Security & Infrastructure

Question 1

ARP Spoofing

Answer 1

Occurs when an attacker sends falsified ARP messages, linking their MAC address with a legitimate IP

Question 2

ARP Poisoning

Answer 2

Corrupts ARP cache by associating attacker’s MAC with IP addresses of LAN devices

Question 3

DNS Poisoning

Answer 3

When fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Question 4

Double Tagging

Answer 4

A method where the attacker tries to reach a different VLAN using vulnerabilities in the trunk port configuration

Question 5

Switch Spoofing

Answer 5

Occurs when an attacker attempts to use the Dynamic Trunking Protocol (DTP) to negotiate a trunk port with a switch

Question 6

On-Path Attack

Answer 6

An attack where the penetration tester places their workstation between two hosts to capture, monitor, and relay communications

Question 7

Rogue Devices

Answer 7

Unauthorized devices or services on a network that allows unauthorized individuals to connect to that network

Question 8

Replay Attack

Answer 8

Occurs when an attacker captures valid data and repeats it either immediately or with a delay

Question 9

SSL Stripping

Answer 9

Redirecting HTTPS requests to HTTP to capture unencrypted data

Question 10

Relay Attack

Answer 10

Attacker becomes a proxy between two hosts, intercepting and potentially modifying communications

Question 11

Network Taps

Answer 11

Physical device that is attached to cabling to record packets passing over the network segment

Question 12

Discretionary Access Control (DAC)

Answer 12

Access control method where owners of resources determine access permissions

Question 13

Mandatory Access Control (MAC)

Answer 13

Access control policy where the computer system determines access

Question 14

Need-to-Know Principle

Answer 14

Users must have both the necessary clearance level and a need to know to access information

Question 15

Power Users

Answer 15

A user group with permissions between regular users and administrators

Question 16

Role-Based Access Control (RBAC)

Answer 16

Access control model based on defining roles for job functions

Question 17

Role-Based Groups

Answer 17

-Grouping users based on their job functions
-Assigning permissions to groups rather than individual users

Question 18

SAML (Security Assertion Markup Language)

Answer 18

Exchanging authentication and authorization data between an identity provider and a service provider, enabling single sign-on (SSO) for users across different applications.

Question 19

Diffie-Hellman Key Exchange

Answer 19

Allows two systems that do not know each other to be able to exchange keys and trust each other

Question 20

Transport Mode

Answer 20

-Uses original IP header
-Suitable for client-to-site VPNs

Question 21

Kerberos

Answer 21

Uses secret-key cryptography and a trusted third party to provide secure, mutual authentication between clients and servers over an insecure network.

Question 22

Authentication Header (AH)

Answer 22

Provides data integrity and origin authentication, but not confidentiality

Question 23

Tunneling Mode

Answer 23

-Encapsulates the entire packet
-Suitable for site-to-site VPNs

Question 24

Encapsulating Security Payload (ESP)

Answer 24

Provides authentication, integrity, replay protection, and confidentiality of the data

Question 25

Wildcard Certificate

Answer 25

Allows multiple subdomains to use the same public key certificate

Question 26

Single-Sided Certificate

Answer 26

-Authenticates only the server to the user -Requires no certificate from the user

Question 27

Dual-Sided Certificate

Answer 27

-Requires both server and user to validate each other using certificates -Offers higher security but requiring more processing power

Question 28

Root of Trust

Answer 28

Validates certificates in a chain from a trusted root certificate authority, ensuring trustworthiness

Question 29

Certificate Authority (CA)

Answer 29

-Issues digital certificates -Contains CA details, serial number, issue/expiry dates, and version

Question 30

Registration Authority (RA)

Question 31

Certificate Revocation List (CRL)

Question 32

Certificate Signing Request (CSR)

Question 33

Key Recovery Agents

Question 34

Key Escrow Agents

Question 35

Packet Filtering Firewall

Question 36

Stateful Firewall

Question 37

Stateless Firewall

Question 38

Next-Generation Firewall (NGFW)

Question 39

Trusted Zone

Question 40

Unified Threat Management (UTM) System

Question 41

Explicit Allow

Question 42

Explicit Deny

Question 43

Implicit Deny

Question 44

Untrusted Zone

Question 45

Screened Subnet

Question 46

Internet Facing Hosts

Question 47

Bastion Host

Question 48

Jumpbox

Question 49

Web Proxy

Question 50

Reverse Proxy

Question 51

SAN Field

Question 52

AES (Advanced Encryption Standard)

Question 53

EAPOL (Extensible Authentication Protocol over LAN)

Question 54

DNSSEC (Domain Name System Security Extensions)

Question 55

SSL (Secure Sockets Layer)

Question 56

WAN (Wide Area Network)

Question 57

WLAN (Wireless Land Area Network)

Question 58

MAN (Metropolitan Area Network)

Question 59

Peer to Peer LAN

Question 60

Client Server

Question 61

CAN (Campus Area Network)

Question 62

OSPF (Open Shortest Path First)

Question 63

ACL (Access Control List)

Question 64

IAM (Identity and Access Management)

Question 65

API (Application Programming Interface)

Question 66

SMB (Server Message Block)

Question 67

SVI (Switch Virtual Interface)

Question 68

MAC (Media Access Control)

Question 69

CAM (Content-addressable Memory)

Question 70

ZTA (Zero Trust Architecture)

Question 71

Connector Types

Answer 71

SC, LC, ST, RJ45

Question 72

SC

Question 73

LC

Question 74

ST

Question 75

RJ45

Question 76

PDU

Question 77

Power Load Management

Question 78

RPO (Recovery Point Objective)

Question 79

Malware

Question 80

RTO (Recovery Time Objective)

Question 81

MTD (Maximum Tolerable Downtime)

Question 82

attenuation

Question 83

address pool exhaustion

Question 84

Congestion

Question 85

interference

Question 86

bottlenecking

Question 87

Scalability

Question 88

Elasticity

Question 89

Multitenancy

Question 90

GRE (Generic Routing Encapsulation)

Question 91

Star (hub and spoke) Topology

Question 92

Mesh Topology

Question 93

Hybrid Network Topology

Question 94

Spine-Leaf Architecture

Question 95

point-to-point connection

Question 96

Core (Three-tier architecture)

Question 97

Least privilege access

Question 98

SASE (Secure Access Service Edge)

Question 99

VIP (virtual IP address)

Question 100

TTL (Time to Live)

Answer 100

Wait's until data traversing a number of hops, or wait until a certain amount of time elapses to stop or drop a packet.