Networking

Question 1

A technique used to modify the destination IP address of incoming network traffic, often used in load balancing or routing.

Example: An organization uses this to redirect incoming traffic to different internal servers based on the destination IP.

Answer 1

DNAT (Destination Network Address Translation)

Question 2

A method of subnetting that allows different subnet masks to be used within the same network, providing more efficient IP address allocation.

Example: A company uses this to allocate smaller subnets for different departments, optimizing IP address use.

Answer 2

VLSM (Variable Length Subnet Mask)

Question 3

A high-performance routing technique that uses labels to direct data packets through a network, improving speed and efficiency, particularly for large-scale networks.

Example: used by service providers to create virtual private networks (VPNs) and ensure faster data transfer across their infrastructure.

Answer 3

MPLS (Multiprotocol Label Switching)

Question 4

A logical subgroup within a network, created to segment traffic, improve security, and reduce congestion, even if the devices are physically on different switches.

Answer 4

VLAN (Virtual Local Area Network)

Question 5

A list of permissions attached to an object that defines which users or systems can access that object and what actions they can perform.

Answer 5

ACL (Access Control List)

Question 6

A security method that requires users to provide two or more verification factors to gain access to a system, enhancing security.

Example: A user logs into their account using a password and then enters a one-time code sent to their phone.

Answer 6

MFA (Multi-Factor Authentication)

Question 7

A security solution that enforces policies for accessing a network, ensuring that devices meet security standards before being granted access

Answer 7

NAC (Network Access Control)

Question 8

A set of rules and guidelines that define acceptable use of an organization’s resources, including network, internet, and computer systems.

Answer 8

AUP (Acceptable Use Policy)

Question 9

A security solution designed to prevent unauthorized access, transfer, or loss of sensitive data by monitoring and controlling data flow.

Example: A file transfer is blocked because it contains sensitive information flagged by monitoring systems.

Answer 9

DLP (Data Loss Prevention)

Question 10

A network architecture that separates the control plane from the data plane, enabling dynamic and programmatic network configuration.

Example: Traffic is automatically rerouted during peak loads to maintain performance.

Answer 10

SDN (Software-Defined Networking)

Question 11

A Windows feature that allows individual files or folders to be encrypted to protect sensitive data from unauthorized access.

Example: A document is encrypted, ensuring it remains secure even if accessed by another user.

Answer 11

EFS (Encrypting File System)

Question 12

A security solution that protects users from web-based threats by filtering malicious traffic, enforcing policies, and monitoring activity.

Example: Access to a harmful website is blocked to prevent exposure to malware.

Answer 12

SWG (Secure Web Gateway)

Question 13

A security technology that monitors endpoint devices to detect, investigate, and respond to cybersecurity threats in real-time.

Example: Suspicious file activity is identified and flagged for investigation.

Answer 13

EDR (Endpoint Detection and Response)

Question 14

A physical device used to filter traffic between networks, often placed at the perimeter to protect internal systems from external threats.

Example: A standalone device is installed at the edge of a company’s network to block unauthorized incoming connections.

Answer 14

Hardware Firewall

Question 15

A software application installed on individual devices to monitor and control network traffic for that specific host.

Example: A device’s firewall blocks a connection attempt from a suspicious program.

Answer 15

Host-Based Firewall

Question 16

A type of firewall that acts as an intermediary between users and the internet, filtering traffic and preventing direct connections for added security.

Example: Requests to websites are routed through an intermediary to check for malicious content before allowing access.

Answer 16

Proxy Firewall

Question 17

A firewall deployed to protect an entire network by monitoring and controlling traffic at the network boundary.

Example: Rules are configured to block unauthorized access to sensitive internal servers.

Answer 17

Network-Based Firewall

Question 18

A firewall deployed to protect an entire network by monitoring and controlling traffic at the network boundary.

Example: Rules are configured to block unauthorized access to sensitive internal servers.

Answer 18

Personal Firewall

Question 19

A security system that monitors network traffic for suspicious activity or known threats and generates alerts for potential incidents.

Example: Suspicious network activity is detected, and an alert is sent to the security team for review.

Answer 19

NIDS (Network Intrusion Detection System)

Question 20

A security system that monitors a specific device or host for unusual or malicious activity, such as file changes or unauthorized access.

Example: File integrity changes are flagged on a server after a potential breach attempt.

Answer 20

HIDS (Host Intrusion Detection System)

Question 21

A security system that actively monitors network traffic and takes action to block or mitigate identified threats.

Example: A threat is detected on the network, and malicious packets are automatically dropped.

Answer 21

NIPS (Network Intrusion Prevention System)

Question 22

A security system that protects an individual host by detecting and preventing malicious activity on that device.

Example: An attempt to exploit a vulnerability is stopped before it can execute on the machine.

Answer 22

HIPS (Host Intrusion Prevention System)

Question 23

A contract between a service provider and a customer that defines the level of service expected, including performance metrics, uptime guarantees, and responsibilities.

Example: A document specifies that a cloud provider must maintain 99.9% uptime for hosted applications.

Answer 23

Service Level Agreement (SLA)

Question 24

A framework that outlines the shared security and operational responsibilities between a cloud provider and the customer.

Example: The provider ensures the physical security of servers, while the customer manages access control for their virtual machines.

Answer 24

Cloud Responsibility Matrix

Question 25

A broad contract that establishes the general terms and conditions governing a business relationship between two parties, often used before specific agreements are made.

Example: A company signs a document outlining terms for future engagements with a managed IT services provider.

Answer 25

Master Service Agreement (MSA)

Question 26

A cloud computing model that combines public and private cloud environments, allowing data and applications to move between them for greater flexibility and scalability.

Example: A company stores sensitive data in a private environment while using a public provider for less critical workloads.

Answer 26

Hybrid Cloud

Question 27

A cloud computing model that provides virtualized computing resources such as servers, storage, and networking on a pay-as-you-go basis.

Example: A company uses an online provider to deploy virtual servers instead of maintaining physical hardware.

Answer 27

IaaS (Infrastructure as a Service)

Question 28

A subset of artificial intelligence where systems learn and improve from data without being explicitly programmed.

Example: A program analyzes customer behavior data to predict future purchases.

Answer 28

ML (Machine Learning)

Question 29

A practice where infrastructure is provisioned and managed using code instead of manual processes, ensuring consistency and automation.

Example: A script is used to automatically deploy and configure servers in a cloud environment.

Answer 29

IaC (Infrastructure as Code)

Question 30

An organization that offers cloud computing services, such as storage, infrastructure, or software, to customers over the internet.

Example: A business uses an online provider to host its data and applications in a virtual environment.

Answer 30

CSP (Cloud Service Provider)

Question 31

A company that provides internet access to individuals and organizations through various technologies like DSL, fiber, or wireless.

Example: A home user connects to the internet through a service package purchased from a local provider.

Answer 31

ISP (Internet Service Provider)

Question 32

A third-party company that remotely manages and supports a customer’s IT infrastructure and end-user systems.

Example: An organization outsources its network monitoring and maintenance to a specialized provider.

Answer 32

MSP (Managed Service Provider)

Question 33

An entity that authenticates and manages user identities, often in a federated or single sign-on (SSO) system.

Example: A user logs into multiple applications with one set of credentials verified by an external service.

Answer 33

IdP (Identity Provider)

Question 34

The practice of dividing a network into smaller segments or zones to improve security and performance by limiting access and containing threats.

Example: Critical servers are placed in a separate segment to restrict access and minimize exposure to threats.

Answer 34

Network Segmentation

Question 35

A security measure where a system or network is physically isolated from other systems and networks to prevent unauthorized access or data transfer.

Example: Sensitive data is stored on a system with no internet connection, ensuring it cannot be remotely accessed.

Answer 35

Air Gap

Question 36

A method of securing communication cables by using physical barriers, such as conduits or shielding, to prevent tampering or eavesdropping.

Example: Fiber optic cables are enclosed in protective conduit to safeguard against physical access.

Answer 36

Protected Cable Distribution

Question 37

A network device that connects devices within a local area network (LAN) and forwards data based on MAC addresses.

Example: Data packets are directed to the appropriate device within the network, reducing unnecessary traffic.

Answer 37

Switch

Question 38

A logical subdivision of a physical network that isolates traffic and improves security and efficiency.

Example: Employees from different departments are placed in separate logical groups, even if they share the same physical hardware.

Answer 38

VLAN (Virtual Local Area Network)

Question 39

A network segment separated by two firewalls, designed to provide an additional layer of security for public-facing services like web servers.

Example: A web server accessible from the internet is isolated to prevent attackers from reaching internal systems.

Answer 39

Screened Subnet

Question 40

A network device that forwards data packets between networks based on IP addresses and provides inter-network communication.

Example: Traffic between a home network and the internet is managed and directed appropriately.

Answer 40

Router

Question 41

A cloud computing model where software applications are delivered over the internet on a subscription basis, eliminating the need for local installation or maintenance.

Example: A user accesses an email platform through a web browser without needing to install any software.

Answer 41

SaaS (Software as a Service)

Question 42

A technology that allows users to access a virtualized desktop environment hosted on a central server, enabling remote access to desktop systems.

Example: Employees access their desktop work environments from home using a secure remote connection.

Answer 42

VDI (Virtual Desktop Infrastructure)

Question 43

A protocol used to monitor and manage devices on a network, such as routers, switches, and servers, by collecting data and issuing commands.

Example: A network administrator uses SNMP to gather performance metrics from network routers to ensure optimal operation.

Answer 43

SNMP (Simple Network Management Protocol)

Question 44

A computing model where data processing occurs closer to the data source or “edge” of the network, reducing latency and improving speed for real-time applications.

Example: A smart camera processes video locally instead of sending it to a central server, reducing delays.

Answer 44

Edge Computing

Question 45

A lightweight virtualization method that allows applications and their dependencies to be packaged together in isolated units called containers, making them portable across different environments.

Example: A developer packages an app with its dependencies into a container for deployment on any cloud platform.

Answer 45

Containerization

Question 46

A technology that creates virtual versions of physical resources, such as servers, storage, and networks, allowing multiple virtual machines to run on a single physical host.

Example: A single server hosts multiple virtual machines, each running its own operating system and applications.

Answer 46

Virtualization

Question 47

A model of delivering computing services (such as servers, storage, databases, and software) over the internet, allowing on-demand access to resources without maintaining physical infrastructure.

Example: A company uses cloud storage to back up its data, eliminating the need for physical servers.

Answer 47

Cloud Computing

Question 48

A technique where multiple computers or servers are linked together to work as a single system, improving performance, scalability, and fault tolerance.

Example: A website is hosted on a cluster of servers to ensure continuous uptime even if one server fails.

Answer 48

Clustering

Question 49

A technology that allows a single physical processor core to act as two logical processors, improving parallel processing and overall performance.

Example: A processor runs multiple threads simultaneously, improving multitasking capabilities.

Answer 49

Hyperthreading

Question 50

The ability of an operating system to execute multiple tasks or processes at the same time, typically by rapidly switching between them.

Example: A user listens to music while browsing the web, with both processes running simultaneously.

Answer 50

Multitasking

Question 51

A system used to monitor and control industrial processes, such as manufacturing, energy, and water treatment, often using real-time data and automation.

Example: A plant’s temperature control system is managed by an ICS to ensure optimal production conditions.

Answer 51

ICS (Industrial Control System)

Question 52

A small, localized network typically used to connect devices within a close proximity, such as smartphones, laptops, and wearables.

Example: A smartphone is connected to a wireless headset via Bluetooth, forming a PAN.

Answer 52

PAN (Personal Area Network)

Question 53

A network of interconnected devices and objects that communicate and exchange data with each other over the internet, enabling automation and remote monitoring.

Example: A smart thermostat adjusts the temperature of a home based on data from sensors and user preferences.

Answer 53

IoT (Internet of Things)

Question 54

An integrated circuit that combines multiple components of a computer or electronic system, such as a processor, memory, and input/output interfaces, onto a single chip.

Example: A smartphone uses this to integrates the CPU, GPU, and wireless communication components for efficient operation.

Answer 54

SoC (System on a Chip)

Question 55

A ruggedized computer used in industrial settings to automate and control machinery and processes, such as assembly lines or robotic arms.

Example: used to control the operation of a conveyor belt in a manufacturing plant.

Answer 55

PLC (Programmable Logic Controller)

Question 56

A system used for monitoring and controlling industrial processes, typically through real-time data collection and analysis, to manage operations like water treatment, energy, or manufacturing.

Example: monitors the pressure and flow of water in a city’s pipeline system.

Answer 56

SCADA (Supervisory Control and Data Acquisition)

Question 57

A user interface that allows operators to interact with and control machines or systems, often used in conjunction with PLCs or SCADA systems for monitoring and control purposes.

Example: An operator uses an this touchscreen to adjust settings on an automated production line.

Answer 57

HMI (Human-Machine Interface)

Question 58

A software application that allows users to create, manage, and modify digital content, typically for websites, without needing technical knowledge.

Example: A website owner uses a CMS to add new blog posts and update the site’s layout.

Answer 58

CMS (Content Management System)

Question 59

An operating system designed to manage hardware resources and execute tasks within a guaranteed time frame, essential for systems that require precise timing.

Example: An RTOS is used in embedded systems like medical devices or automotive control systems, where timely responses are critical.

Answer 59

RTOS (Real-Time Operating System)

Question 60

A specialized computing system designed to perform dedicated functions within a larger device, often with real-time computing constraints.

Example: A microwave oven uses an embedded system to control heating cycles and user settings.

Answer 60

Embedded System

Question 61

A design approach aimed at ensuring a system or service remains operational and accessible with minimal downtime, even in the event of failures.

Example: A website is hosted on a cluster of servers to ensure continuous availability even if one server fails.

Answer 61

High Availability (HA)

Question 62

A system design that ensures operations continue safely or revert to a safe state in the event of a failure.

Example: A machine automatically shuts down when a critical component fails to prevent harm or damage.

Answer 62

Fail-Safe

Question 63

A system design where, upon failure, access or connections are terminated to prevent unauthorized actions or risks.

Example: A door lock system automatically closes and locks if a security breach is detected.

Answer 63

Fail-Close

Question 64

A system design where, upon failure, access or connections are opened to allow continued operations or minimize disruption.

Example: A fire suppression system allows a valve to open if the control system fails, letting the water flow to the sprinklers.

Answer 64

Fail-Open

Question 65

A system design where, upon failure, security mechanisms remain active to ensure protection from threats.

Example: A fail-secure door lock stays locked during a power failure to prevent unauthorized access.

Answer 65

Fail-Secure

Question 66

A hardware device used to monitor network traffic by creating a copy of the data flow for analysis without interrupting the actual network traffic.

Answer 66

Network Tap

Question 67

A network port configured to carry traffic from multiple VLANs, typically used between switches or between a switch and a router.

Answer 67

Trunk Port

Question 68

A method of copying network traffic from one port on a switch to another port for monitoring or analysis, often used in network security or troubleshooting.

Answer 68

Port Mirroring

Question 69

A server used by attackers to remotely control compromised systems or networks, often part of a botnet or malware operation.

Answer 69

C2 Server (Command and Control Server)

Question 70

A server that integrates various communication services such as voice, video, messaging, and conferencing into a single platform for businesses.

Answer 70

UC Server (Unified Communications Server)

Question 71

A networking device that connects and filters traffic between two or more network segments, allowing them to communicate as one network.

Example: Data from one network segment is forwarded to another segment, enabling communication between devices on both sides.

Answer 71

Bridge

Question 72

A computer or software that provides services, resources, or data to other computers (clients) over a network.

Example: A system processes requests and delivers content like files or web pages to users across a network.

Answer 72

Server

Question 73

A file that provides a browser with instructions on how to automatically choose a proxy server based on the URL requested.

Answer 73

PAC (Proxy Auto-Configuration)

Question 74

A service that automatically updates the DNS records for a domain name when the IP address of the host changes, often used with dynamic IP addresses.

Example: A home network automatically updates its DNS records when the ISP assigns a new dynamic IP address.

Answer 74

DDNS (Dynamic Domain Name System)

Question 75

A framework for integrating authentication methods into an operating system or application, allowing administrators to configure how users are authenticated.

Answer 75

PAM (Pluggable Authentication Module)

Question 76

A technique used to map private IP addresses to a public IP address, enabling multiple devices on a private network to share a single public IP address.

Answer 76

NAT (Network Address Translation)

Question 77

A security solution that combines multiple security features, such as firewall, antivirus, and intrusion prevention, into a single device for streamlined management.

Example: A business uses this to manage firewall protection, content filtering, and intrusion detection from one platform.

Answer 77

UTM (Unified Threat Management)

Question 78

A framework that allows centralized management and security of all endpoints in an organization, including desktops, laptops, mobile devices, and IoT devices.

Example: Administrators use a single platform to apply security policies to employee devices across the organization.

Answer 78

UEM (Unified Endpoint Management)

Question 79

A system designed to detect unauthorized access or malicious activity on wireless networks by monitoring and analyzing wireless traffic.

Example: A monitoring tool detects an unknown device attempting to connect to a secure wireless network.

Answer 79

WIDS (Wireless Intrusion Detection System)

Question 80

An advanced firewall that integrates traditional firewall functions with additional features such as application awareness, intrusion prevention, and deep packet inspection.

Example: A system inspects traffic at the application layer to block unauthorized access while identifying threats.

Answer 80

NGFW (Next-Generation Firewall)

Question 81

A firewall designed to protect web applications by filtering and monitoring HTTP requests to prevent attacks such as SQL injection or cross-site scripting.

Example: A layer analyzes incoming web traffic to block malicious payloads targeting an online store.

Answer 81

WAF (Web Application Firewall)

Question 82

A device or software that distributes incoming network traffic across multiple servers to ensure no single server becomes overloaded, improving performance and reliability.

Example: Traffic to a website is evenly distributed across several servers to handle high volumes of requests.

Answer 82

Load Balancer

Question 83

A server in a network that manages user authentication, security policies, and access to resources in a Windows domain environment.

Example: A system verifies user credentials to grant access to shared files and applications in an organization.

Answer 83

Domain Controller

Question 84

A standard for authenticating and controlling user access to a network by requiring credentials before allowing connection to the LAN or WLAN.

Example: A secure network requires a user to authenticate with a username and password before gaining access.

Answer 84

IEEE 802.1X (Port-Based Network Access Control)

Question 85

A wireless networking standard that provides high-speed Wi-Fi with support for 5 GHz frequency, increased throughput, and multi-user MIMO (MU-MIMO).

Example: A wireless access point delivers fast internet speeds for multiple devices streaming video simultaneously.

Answer 85

IEEE 802.11ac (Wi-Fi 5)

Question 86

A standard for preventing loops in a network by dynamically disabling redundant paths and ensuring a loop-free topology.

Example: A protocol disables one of two redundant links between switches to avoid broadcast storms.

Answer 86

IEEE 802.1D (Spanning Tree Protocol)

Question 87

A general term used to reference all wireless networking standards within the IEEE 802.11 family, including Wi-Fi technologies like 802.11n, 802.11ac, and others.

Example: A network supports multiple wireless standards to ensure compatibility with a wide range of devices.

Answer 87

IEEE 802.11x (Wi-Fi Family)

Question 88

A flexible authentication framework used in network access control that supports multiple authentication methods, such as passwords, certificates, and tokens.

Answer 88

EAP (Extensible Authentication Protocol)

Question 89

An EAP method that creates an encrypted TLS tunnel to secure the authentication process, protecting credentials like usernames and passwords.

Answer 89

PEAP (Protected Extensible Authentication Protocol)

Question 90

A proprietary authentication protocol developed by Cisco that uses dynamic WEP keys but is considered insecure due to vulnerabilities.

Answer 90

LEAP (Lightweight Extensible Authentication Protocol)

Question 91

An EAP method developed by Cisco that provides fast and secure authentication without requiring certificates by using a Protected Access Credential (PAC).

Answer 91

EAP-FAST (EAP-Flexible Authentication via Secure Tunneling)

Question 92

An EAP method that uses certificates for both client and server to establish mutual authentication and secure connections.

Answer 92

EAP-TLS (EAP-Transport Layer Security)

Question 93

An EAP method that uses a TLS tunnel to secure the authentication process while supporting legacy authentication protocols like PAP and CHAP.

Answer 93

EAP-TTLS (EAP-Tunneled Transport Layer Security)

Question 94

Transmits raw data bits over a physical medium.

Answer 94

Physical Layer (Layer 1)

Question 95

Handles error detection, correction, and framing.

Answer 95

Data Link Layer (Layer 2)

Question 96

Manages routing and addressing of data packets.

Answer 96

Network Layer (Layer 3)

Question 97

Ensures reliable data transfer with error recovery.

Answer 97

Transport Layer (Layer 4)

Question 98

Manages sessions between devices.

Answer 98

Session Layer (Layer 5)

Question 99

Translates data formats and ensures encryption.

Answer 99

Presentation Layer (Layer 6)

Question 100

Provides end-user services and network applications.

Answer 100

Application Layer (Layer 7)

Question 101

A service that allows users to remotely access a network or system over a secure connection, typically using VPNs or other remote access protocols.

Example: An employee connects to their company’s internal network from home to access shared files securely.

Answer 101

RAS (Remote Access Service)

Question 102

A VPN configuration where only some of the traffic is routed through the secure VPN connection, while other traffic accesses the internet directly.

Example: Corporate traffic is routed through the VPN, but personal browsing uses the local internet connection.

Answer 102

VPN Split Tunnel

Question 103

A VPN configuration where all network traffic, including internet and internal resources, is routed through the secure VPN connection, providing full encryption.

Example: All traffic, including web browsing and internal communications, is sent through the VPN to ensure complete security.

Answer 103

VPN Full Tunnel

Question 104

The unique name assigned to a wireless network to identify it, allowing devices to connect to the correct network.

Example: A user selects the correct network name from a list of nearby Wi-Fi options to connect to their home router.

Answer 104

SSID (Service Set Identifier)

Question 105

A protocol used for centralized authentication, authorization, and accounting of users accessing network devices, providing secure communication by encrypting the entire payload.

Example: A network administrator logs into a router, and their credentials are verified through a central server using this protocol.

Answer 105

TACACS+ (Terminal Access Controller Access Control System Plus)

Question 106

A protocol used for centralized authentication, authorization, and accounting (AAA) of users accessing network services, encrypting only the user’s password during transmission.

Example: A corporate Wi-Fi network verifies user credentials through a central authentication server before granting access.

Answer 106

RADIUS (Remote Authentication Dial-In User Service)

Question 107

A type of HTTP cookie that is only sent over encrypted HTTPS connections, ensuring that the cookie data is not exposed to attackers through unsecured channels.

Answer 107

Secure cookie

Question 108

A database used for managing the components of a network, storing information about devices and their statuses, which can be queried by network management systems.

Answer 108

MIB (Management Information Base)

Question 109

A high-capacity network switch used within data centers to connect servers, storage devices, and other networking equipment, enabling efficient data traffic management.

Answer 109

DCS (Data Center Switch)

Question 110

A system that monitors and manages network infrastructure, including devices like routers, switches, and firewalls, to ensure optimal performance and security.

Answer 110

NMS (Network Management System)

Question 111

A device that connects a digital line (such as a T1 or T3) to a network, converting signals between different transmission formats. It often works alongside a CSU for managing the connection.

Answer 111

DSU (Data Service Unit)

Question 112

A globally unique identifier used to reference objects in network management protocols like SNMP or X.500, helping systems identify and manage objects in a network.

Answer 112

OID (Object Identifier)

Question 113

A device that connects the user equipment (like a router or PBX) to a digital transmission line (such as T1 or T3), providing line conditioning and managing error correction.

Answer 113

CSU (Channel Service Unit)

Question 114

A 24-bit identifier assigned by IEEE to organizations to create unique MAC addresses for network devices. The OUI forms the first part of a MAC address.

Answer 114

OUI (Organizationally Unique Identifier)

Question 115

A network protocol developed by Cisco for collecting and analyzing IP traffic data, allowing network administrators to monitor traffic patterns, usage, and performance across networks.

Answer 115

Netflow

Question 116

A web page that users are redirected to when they first access a network, typically for authentication or accepting terms before gaining access to the network.

Answer 116

Captive Portal

Question 117

A network segment that isolates potentially compromised or untrusted devices to prevent them from interacting with the rest of the network until they are verified or cleaned.

Answer 117

Quarantine Network

Question 118

A private network that allows controlled access to specific users from outside the organization, typically for sharing data or collaborating with business partners.

Answer 118

Extranet

Question 119

A subnet in a network architecture that is protected by a firewall, often used to host services that need to be accessible from both the internal network and the internet, like a web server.

Answer 119

Screened Subnet

Question 120

A method of web filtering that uses a software agent installed on the client device to monitor and control web traffic based on predefined policies, such as blocking access to malicious or inappropriate sites.

Answer 120

Agent-based Web Filtering

Question 121

A security module for the Linux kernel that provides a mechanism for supporting access control security policies, including mandatory access control (MAC), which restricts how processes can interact with each other and with files.

Answer 121

SELinux (Security-Enhanced Linux)