4.1 Basic Network Security

Question 1

Data in Transit

Answer 1

Data actively moving across a network (e.g., email, web traffic). Protected via TLS or IPsec encryption.

Question 2

Data at Rest

Answer 2

Data stored on physical media (e.g., SSDs, databases). Protected via Full Disk Encryption (FDE) or file-level encryption.

Question 3

PKI (Public Key Infrastructure)

Answer 3

A system of digital certificates and Certificate Authorities (CA) that verify the identity of users and devices.

Question 4

Self-Signed Certificate

Answer 4

A certificate signed by the same entity it identifies; cost-effective for internal testing but triggers browser warnings for public users.

Question 5

MFA (Multifactor Authentication)

Answer 5

Security requiring 2+ factors: Something you KNOW (password), something you HAVE (token), or something you ARE (biometrics).

Question 6

SSO (Single Sign-On)

Answer 6

An authentication method allowing a user to log in once and access multiple related but independent software systems.

Question 7

RADIUS

Answer 7

A common AAA protocol used for network access (VPN, Wi-Fi). Encrypts only the password; uses UDP.

Question 8

TACACS+

Answer 8

A Cisco-derived AAA protocol used for device administration. Encrypts the entire packet; uses TCP; separates AAA functions.

Question 9

LDAP (Lightweight Directory Access Protocol)

Answer 9

The standard protocol used to query and modify information in directory service providers like Active Directory.

Question 10

SAML (Security Assertion Markup Language)

Answer 10

An XML-based standard for exchanging authentication and authorization data between an Identity Provider and a Service Provider (used for Web SSO).

Question 11

Least Privilege

Answer 11

The security principle of providing a user only the minimum level of access necessary to perform their job functions.

Question 12

Role-Based Access Control (RBAC)

Answer 12

Assigning permissions based on a user’s job function (Role) rather than their individual identity.

Question 13

Geofencing

Answer 13

Using GPS or IP location to create a virtual geographic boundary; can trigger alerts or block access if a device leaves the area.

Question 14

Honeypot vs. Honeynet

Answer 14

A Honeypot is a single decoy system; a Honeynet is an entire network of decoys used to study attacker behavior.

Question 15

CIA Triad

Answer 15

The core goals of security: Confidentiality (secrecy), Integrity (accuracy/no tampering), and Availability (uptime/access).

Question 16

Risk vs. Vulnerability vs. Exploit

Answer 16

Vulnerability is a weakness; Exploit is the method of using that weakness; Risk is the potential for loss/damage.

Question 17

PCI DSS / GDPR

Answer 17

PCI DSS: Standards for protecting credit card data. GDPR: Strict EU regulations regarding personal data privacy and locality.

Question 18

OT / SCADA / ICS

Answer 18

Industrial systems that control physical infrastructure (power, water). Requires strict segmentation from the IT network.

Question 19

Network Segmentation

Answer 19

Isolating different types of traffic (IoT, Guest, BYOD, Production) using VLANs and firewalls to prevent lateral movement of threats.