Section 3.2

Question 1

What are security zones?

Answer 1

Security zones allows us to zone the devices in our network based on their use or access type.

Question 1

What is the Attack Surface?

Answer 1

Attack surface is the combination of potential openings into our surface. Different attack surfaces may be:
- application code
- authentication process
- open ports
- human error

Question 2

Explain IPS

Answer 2

Intrusion Prevention System watches network traffic and prevents intrusion through exploits to OS, application etc by different attack types such as buffer overflows, XSS, etc.

Question 3

Explain IDS

Answer 3

Intrusion Detection System sends an alert if an intrusion occurs in a system.

Question 4

What is a Fail-open mode?

Answer 4

When a system fails, data continues to flow

Question 5

What is a Fail-closed mode?

Answer 5

When a system fails, data does not flow.

Question 6

What is active monitoring solution?

Answer 6

System is connected inline and data can be blocked in real time as it passes by the IPS system. This is commonly used when real time monitoring and security is desired.

Question 7

What is a passive monitoring solution?

Answer 7

System sends a copy of the network traffic to the IPS to monitor the traffic, but since this is a copy of the data, the IPS cannot block traffic in real time. Mostly used when the system wants to be easier on blocking traffic in case the IPS blocks good traffic by accident.

Question 8

What is a jump server?

Answer 8

A jump server is a device in the inside of the network that is usually accessible from the outside.

Question 9

What is a proxy server?

Answer 9

A proxy server sits between the users and the external network. The proxy server receives the user requests and sends the request on their behalf to the external network.

Question 10

What is EAP?

Answer 10

Extensible Authentication Protocol (EAP) is an authentication framework that is part of port security.

EAP integrates with 802.1X which prevents access to the network until the authentication succeeds.

Question 11

What is NAC?

Answer 11

Port Based Network Access Control (NAC) is another way to say 802.1X, which means that you dont get access to the network until you authenticate.

Question 12

What is a UTM?

Answer 12

Unified Threat Management (UTM) device has features such as URL filtering, malware inspection, spam filters, firewall, IDS/IPS.

Question 13

What is NGFW?

Answer 13

Next-generation Firewall (NGFW) operate at OSI Layer 7 and are able to examine all traffic passing the network, determine what applications are being used based on the traffic type, and set controls based on specific services or applications.

Question 14

What is a WAF?

Answer 14

Web Application Firewall (WAF) monitors web based inputs such as HTTPS/HTTP and puts rules to allow or deny based on expected input.

Question 15

What is a VPN?

Answer 15

Virtual Private Network (VPN) encrypts all of the private data and sends it to its destination across the public network.

Question 16

What is SASE?

Answer 16

Secure Access Service Edge (SASE) is the next generation VPN which allows the secure connection to cloud services from different locations. SASE clients are installed on all devices and can communicate to the cloud by using the SASE infrastructure.

Question 17

What’s the best use of VPN?

Answer 17

VPN is mostly used for user access to a specific location.

Question 18

What is the best use of IPsec?

Answer 18

IPsec is mostly used for site to site access.

Question 19

What is the best use of SD-WAN?

Answer 19

SD-WAN manages the network connectivity to the cloud, without addressing security concerns.

Question 20

What is the best use of SASE?

Answer 20

SASE is mostly used for a complete network and security solution.