Network Security & Infrastructure Flashcards

Net+ N10-009

1
Q

ARP Spoofing

A

Occurs when an attacker sends falsified ARP messages, linking their MAC address with a legitimate IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ARP Poisoning

A

Corrupts ARP cache by associating attacker’s MAC with IP addresses of LAN devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DNS Poisoning

A

When fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Double Tagging

A

A method where the attacker tries to reach a different VLAN using vulnerabilities in the trunk port configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Switch Spoofing

A

Occurs when an attacker attempts to use the Dynamic Trunking Protocol (DTP) to negotiate a trunk port with a switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

On-Path Attack

A

An attack where the penetration tester places their workstation between two hosts to capture, monitor, and relay communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Rogue Devices

A

Unauthorized devices or services on a network that allows unauthorized individuals to connect to that network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Replay Attack

A

Occurs when an attacker captures valid data and repeats it either immediately or with a delay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SSL Stripping

A

Redirecting HTTPS requests to HTTP to capture unencrypted data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Relay Attack

A

Attacker becomes a proxy between two hosts, intercepting and potentially modifying communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Network Taps

A

Physical device that is attached to cabling to record packets passing over the network segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Discretionary Access Control (DAC)

A

Access control method where owners of resources determine access permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Mandatory Access Control (MAC)

A

Access control policy where the computer system determines access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Need-to-Know Principle

A

Users must have both the necessary clearance level and a need to know to access information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Power Users

A

A user group with permissions between regular users and administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Role-Based Access Control (RBAC)

A

Access control model based on defining roles for job functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Role-Based Groups

A

-Grouping users based on their job functions
-Assigning permissions to groups rather than individual users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

SAML (Security Assertion Markup Language)

A

Exchanging authentication and authorization data between an identity provider and a service provider, enabling single sign-on (SSO) for users across different applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Diffie-Hellman Key Exchange

A

Allows two systems that do not know each other to be able to exchange keys and trust each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Transport Mode

A

-Uses original IP header
-Suitable for client-to-site VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Kerberos

A

Uses secret-key cryptography and a trusted third party to provide secure, mutual authentication between clients and servers over an insecure network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Authentication Header (AH)

A

Provides data integrity and origin authentication, but not confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Tunneling Mode

A

-Encapsulates the entire packet
-Suitable for site-to-site VPNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Encapsulating Security Payload (ESP)

A

Provides authentication, integrity, replay protection, and confidentiality of the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Wildcard Certificate
Allows multiple subdomains to use the same public key certificate
26
Single-Sided Certificate
-Authenticates only the server to the user -Requires no certificate from the user
27
Dual-Sided Certificate
-Requires both server and user to validate each other using certificates -Offers higher security but requiring more processing power
28
Root of Trust
Validates certificates in a chain from a trusted root certificate authority, ensuring trustworthiness
29
Certificate Authority (CA)
-Issues digital certificates -Contains CA details, serial number, issue/expiry dates, and version
30
Registration Authority (RA)
31
Certificate Revocation List (CRL)
32
Certificate Signing Request (CSR)
33
Key Recovery Agents
34
Key Escrow Agents
35
Packet Filtering Firewall
36
Stateful Firewall
37
Stateless Firewall
38
Next-Generation Firewall (NGFW)
39
Trusted Zone
40
Unified Threat Management (UTM) System
41
Explicit Allow
42
Explicit Deny
43
Implicit Deny
44
Untrusted Zone
45
Screened Subnet
46
Internet Facing Hosts
47
Bastion Host
48
Jumpbox
49
Web Proxy
50
Reverse Proxy
51
SAN Field
52
AES (Advanced Encryption Standard)
53
EAPOL (Extensible Authentication Protocol over LAN)
54
DNSSEC (Domain Name System Security Extensions)
55
SSL (Secure Sockets Layer)
56
WAN (Wide Area Network)
57
WLAN (Wireless Land Area Network)
58
MAN (Metropolitan Area Network)
59
Peer to Peer LAN
60
Client Server
61
CAN (Campus Area Network)
62
OSPF (Open Shortest Path First)
63
ACL (Access Control List)
64
IAM (Identity and Access Management)
65
API (Application Programming Interface)
66
SMB (Server Message Block)
67
SVI (Switch Virtual Interface)
68
MAC (Media Access Control)
69
CAM (Content-addressable Memory)
70
ZTA (Zero Trust Architecture)
71
Connector Types
SC, LC, ST, RJ45
72
SC
73
LC
74
ST
75
RJ45
76
PDU
77
Power Load Management
78
RPO (Recovery Point Objective)
79
Malware
80
RTO (Recovery Time Objective)
81
MTD (Maximum Tolerable Downtime)
82
attenuation
83
address pool exhaustion
84
Congestion
85
interference
86
bottlenecking
87
Scalability
88
Elasticity
89
Multitenancy
90
GRE (Generic Routing Encapsulation)
91
Star (hub and spoke) Topology
92
Mesh Topology
93
Hybrid Network Topology
94
Spine-Leaf Architecture
95
point-to-point connection
96
Core (Three-tier architecture)
97
Least privilege access
98
SASE (Secure Access Service Edge)
99
VIP (virtual IP address)
100
TTL (Time to Live)
Wait's until data traversing a number of hops, or wait until a certain amount of time elapses to stop or drop a packet.