Supporting And Troubleshooting Secure Networks

Question 1

Enforcing a security zone by separating a segment of the network from access by the rest of the network. This could be accomplished using firewalls or VPNs or VLANs. A physically separate network or host (with no cabling or wireless links to other networks) is referred to as air-gapped. Also referred to as Network Separation

Answer 1

Network Segmentation Enforcement

Question 2

Segment isolated from the rest of a private network by one or more fire alls that accepts connections from the Internet over designated ports.

Answer 2

Screened subnet

Question 3

Software or hardware device that protects a system or net park by blocking unwanted network traffic.

Answer 3

Firewall

Question 4

Server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.

Answer 4

Proxy server

Question 5

Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-reputable addresses internally.

Answer 5

Network Address Translation (NAT)

Question 6

Maps private host IP addresses onto a single public IP address. Each host is tracked by assigning it a random high TCP port for communications.

Answer 6

Port Address Translation (PAT)

Question 7

Security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attacks progress rather than eliminating it outright.

Answer 7

Defense in depth

Question 8

General term for the collected protocols policies and hardware that authenticate and authorize access to a network at the device level.

Answer 8

Network Access Control (NAC)

Question 9

Host, network or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration

Answer 9

Honeypot

Question 10

Security policy concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers

Answer 10

Separation of duties

Question 11

Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network.

Answer 11

Intrusion detection system (IDS)

Question 12

Security appliance or software that combines detection capabilities with functions that can actively block attacks.

Answer 12

Intrusion prevention system (IPS)

Question 13

Security framework and tools to facilitate use of personally winded devices to access corporate networks and data

Answer 13

Bring your on device (BYOD)