Chapter 3.2

Question 1

Split Tunnel

Answer 1

Split tunnel is means of encrypting connection on demand for VPN’s. It will only encrypt outbound traffic to private IP addresses.

In a split tunnel VPN, administrators decide where traffic is routed. A split tunnel can decipher whether traffic goes to a private network or not.

Question 2

Always On

Answer 2

Always on VPNs allow for a continued connection between the geographically separated servers and the employee.

Question 3

UTM

Answer 3

Unified threat management (UTM) combines multiple security controls to provide a more robust security strategy and minimize the management of these devices.

Question 4

Site-to-site

Answer 4

A site to site Virtual Private Network (VPN) connects multiple networks versus one. Remote users can access both locations as if they were onsite without noticing the location separation.

Question 5

SSL accelator

Answer 5

A Secure Socket Layer (SSL) Accelerator is designed to offload tasks from servers allowing network load to be distributed. It can provide a seamless service to consumers of network applications while balancing out session requests.

Question 6

SSL decryptor

Answer 6

An SSL decryptor provides protection from malicious threats over secure connections and would be placed in the DMZ.

Question 7

DMZ

Answer 7

The Demilitarized Zone (DMZ) is between the two firewalls providing a layer of protection for the internet facing servers. It is an area of a network that is designed for public and company use. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.

Question 8

ad hoc

Answer 8

An Ad Hoc zone is created when two or more wireless devices connect to one another creating an on-demand network.

Question 9

Guest

Answer 9

A guest network is a wireless network used to provide non-employees or guests with internet access. This access is limited to certain functions, such as internet surfing and email.

Question 10

Normalization

Answer 10

Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables. A database is considered normalized when it conforms to the first three forms of normalization.

Question 11

firewall

Answer 11

A firewall filters traffic. It can be used for a single host or between networks. It regulates both inbound and outbound traffic, providing a layer of security inbound and out. Firewalls can be configured with Access Control Lists (ACL).

Firewalls allow the network administrator to divide the network into different network segments known as zones

Question 12

load balancing

Answer 12

Load balancers can equalize the traffic load between servers eliminating unscheduled downtimes. Load balancing uses multiple servers to support a single service. Load balancing can ensure system availability.

Question 13

RAID

Answer 13

Redundant Array of Inexpensive Disks (RAID) provide increased system availability and fault tolerance for disks.

Question 14

Clustering

Answer 14

Clustering provides for high availability for servers and can remove the single point of failure. Clustering is similar to load balancing, but is more costly than RAID implementations.

Question 15

single point of failure

Answer 15

A single point of failure is a critical component of a system that in the event it fails, the whole system can crash.

Question 16

sensors

Answer 16

Sensors gather information to determine if the data being passed is malicious or not. The internet facing sensor will see all traffic and determine its intent. The sensor behind the firewall will only see filtered traffic. The sensors send findings to the NIDS console.

Question 17

Correlation engine

Answer 17

A correlation engine is part of a Security Information and Event Manager (SIEM). It captures and examines logged events to alert administrators of potential threats on a network.

Question 18

proxy

Answer 18

A proxy is a device that acts on behalf of another service. A proxy examines the data and makes rule-based decisions about whether the request should be forwarded or refused.

Question 19

bridge

Answer 19

A bridge is used to connect multiple networks.

Question 20

aggregation switch

Answer 20

An aggregation switch can connect multiple subnets to reduce the number of active ports. When aggregating subnets, the subnets are connected to the switch versus the router.

Question 21

wireless

Answer 21

The wireless topology is used to extend a wired local area network through the use of an antenna

Question 22

static code analyzers

Answer 22

A static code analyzer examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development, for continued code quality checks, or once the code is in its finalization stages.

Question 23

airgap

Answer 23

An airgap is an isolated system not physically connected to other systems.

Question 24

static NAT

Answer 24

NAT is a protocol that alters public IP addresses to private IP addresses, to camouflage resources from the internet. Static NAT uses a one-to-one approach for disguising IP’s.

Question 25

Dynamic NAT

Answer 25

Dynamic Network address translation (NAT) uses multiple IP addresses to map one private IP to many public IP’s, disguising them from the internet. It chooses which IP to use based on the load presented.

Question 26

IPsec

Answer 26

Internet Protocol Security (IPSEC) is used to provide data authentication, integrity, and confidentiality between two points at the IP level. It is not compatible with NAT.

Question 27

subnet

Answer 27

A subnet is a division of an internet protocol range. It is not an appliance.

Question 28

switch

Answer 28

A switch is a device used to connect network devices.

Question 29

VPN concentrator

Answer 29

A Virtual Private Network (VPN) concentrator incorporates the most advanced encryption and authentication techniques to securely connect and access a private network through the public internet.

Question 30

SDN

Answer 30

A Software Defined Network (SDN) separates data and controls planes in a network. It uses virtualization to route traffic to its intended destination.

Question 31

remote access VPN

Answer 31

Remote access Virtual Private Network (VPN) allows an authorized user to connect to an internal network from a remote location. Software on the remote device creates an encrypted tunnel to a VPN concentrator on the internal company network.

Question 32

SSH

Answer 32

Secure Shell (SSH) encrypts moving traffic. While it can provide a secure connection for a remote user, it does not allow a user to connect to the company site while remote.

Question 33

port mirror

Answer 33

A port mirror is used to monitor network traffic. It forwards a copy of each packet from one switch port to another. aka TAP

Question 34

tunneling

Answer 34

Tunneling is a method of moving data in transit from one network to another. It encapsulates information, providing a private network to communicate through a public network.

Question 35

CASB

Answer 35

A Cloud Access Security Broker (CASB) is a part of security as a service, and monitors network traffic between a company’s network and cloud provider, enforcing security policies.

Question 36

Honeynet

Answer 36

A honeynet is a group of honeypots that mimic the functionality of a network. Once the honeynet has been penetrated by the attacker, administrators can observe the actions and gather information on the event

Question 37

honeypot

Answer 37

A honeypot is a server that is intentionally left open or available, so that an attacker will be drawn to it versus a live network.

Question 38

VLAN

Answer 38

A Virtual Local Area Network (VLAN) separates traffic between users, using a switch.

A Virtual Local Area Network (VLAN) is a logical group of network devices on the same LAN, despite their geographical distribution. It can divide the devices logically on the data link layer and group users according to departments.

Question 39

extranet

Answer 39

An extranet is a zone created to allow authorized users access to company assets separate from the intranet.

More specifically for business partners/vendors