Módulo 05 - Network Architecture Flashcards
Módulo 05 (130 cards)
1
Q
Define:
Network infraestructure
A
It’s the media, appliances and protocols that support connectivity.
2
Q
Acronym:
OSI
A
Open System Interconnection
3
Q
What are the OSI model layers?
A
- Physical
- Data-link
- Network
- Transport
- Session
- Presentation
- Application
For CompTIA, consider only 1, 2, 3, 4 and 7
4
Q
Acronym:
MAC
A
Media Access Control
5
Q
Define:
MAC Address
A
Layer 2 component, attached to the hosts.
Used as an identifier, and is a 48-bit string
6
Q
Types of node in a network
A
Intermediary nodes => Forward traffic of a network to other hosts
Host nodes => Initiates the communication in a network
7
Q
What are the OSI layers that refers to:
- Switches
- Routers
- Transport Protocols
A
- Layer 2, because it uses MAC addresses
- Layer 3, because it uses IP address
- Layer 4, because it uses network protocols such as TCP, or UDP
8
Q
In network terms, define what would be:
- Preventative controls
- Detective controls
- Preventative, detective, and corrective controls
A
- Placed at the border of a network, such as firewalls or Load Balancers
- Implemented to monitor the traffic, generates alerts in malicious traffic
- Installed on hosts, such EDR
9
Q
What is a passive security control?
A
A control that operates without requiring any client configuration
10
Q
What is an active security control?
A
A control requiring credentials, access permissions, and interaction with target hosts, often involving agent software or gateway configuration.
11
Q
What does “inline” mean for a security device?
A
A device deployed within the cable path, without requiring changes to IP or routing topology, and typically without MAC or IP addresses.
12
Q
What are two methods for deploying network traffic sniffing controls?
A
- SPAN (switched port analyzer)/mirror port.
- Test access point (TAP).
13
Q
What is a SPAN or mirror port?
A
A switch-configured port that copies frames from other ports for monitoring but may drop frames under heavy load.
14
Q
What is a TAP (test access point)?
A
A device inline with network cabling that physically copies signals to a monitor port without logic-based decisions.
15
Q
What is a fail-open and fail-close mode?
A
Fail-open is a failure state where access is not blocked, whether fail-close is where access is blocked
16
Q
Acronym:
SPAN
A
Switched Port Analyzer
17
Q
What is the difference between TAP and SPAN regarding reliability?
A
TAP reliably copies all frames, while SPAN may miss frames with errors or drop them under heavy load.
18
Q
Define:
Proxy server
A
Acts as an intermediary for clients, providing traffic management, anonymity, content filtering, and caching.
19
Q
Define:
Jump server
A
Hardened server controlling access to isolated systems, enhancing security.
20
Q
Define:
Load balancer
A
Distributes network traffic across servers, provides fault tolerance, and may include WAF for attack protection.
21
Q
List:
Types of load balancers
A
- Layer 4 (Transport layer decisions).
- Layer 7 (Application-level data decisions).
22
Q
Define:
Sensor
A
A packet sniffer used to capture traffic, often feeding an IDS for malicious traffic detection.
23
Q
Define:
IDS
A
Intrusion Detection System identifies threats without blocking traffic.
24
Q
Define:
All-in-one security appliance
A
Device combining functions like firewall, IDS, IPS, URL filtering, and spam filtering into one.
25
Define:
Web filtering
Blocks malicious/inappropriate websites using criteria like URL, IP, or keywords.
26
Define:
Content filtering server
Denies or allows website access based on allow/deny lists or content categories.
27
List:
Web filtering approaches
Agent-based.
Centralized proxy.
28
Define:
DNS filtering
Controls website access by managing domain name resolution, blocking malicious or unapproved sites.
29
List:
DNS filtering benefits
Blocks phishing and malware sites.
Enforces acceptable use policies.
Protects all network devices, including IoT.
30
Define:
Security Zone
Security zones are portions of the network or system that have specific security concerns or requirements.
31
List:
Types of network
Wireless
Guest
Honeynet
Ad hoc
32
List:
Security Zone Types
Screened subnets
Intranet
Extranet
Wireless
33
Define:
Screened subnets
A perimeter network separating public-facing servers from internal resources to reduce exposure to threats.
DMZ
34
Define:
Intranet
Internal LAN - Local Access Network
35
Define:
Extranet
An extranet is a private LAN distinct from the intranet.
Often used to grant resource access to business partners.
36
Define:
Honeypot
Decoy system designed to attract attackers, monitor their activity, and gather intelligence about their tactics.
37
List:
Types of honeypots
Honeyfile
Honeyspot
Honeynet
Honeytoken
38
Define:
Honeynet
A decoy network with multiple honeypots used to gather information about attacks and strengthen defenses.
39
Define:
Honeyfile
A decoy file designed to lure attackers, trigger alarms, and gather intelligence when accessed.
40
List:
Common types of honeyfiles
Information files (e.g., passwords.txt).
Application files (e.g., compilers).
Log files.
Intellectual property files.
41
Define:
Honeytoken
False credentials or data used to distract attackers, trigger alerts, and gather intelligence.
42
Define:
DNS sinkhole
A DNS record that redirects malicious traffic to a controlled IP address to block bots and prevent DDoS attacks.
43
List:
Limitations of DNS sinkholes
The use of non-organizational DNS servers.
May restrict legitimate websites.
44
Define:
Fake telemetry
Deceptive strategy returning spoofed data to network probes to mislead attackers and track their actions.
45
List:
Benefits of fake telemetry
Distracts attackers.
Tracks techniques and tools used.
Tunes defenses like firewalls and intrusion detection systems.
46
List:
Q: Key features of a screened subnet
Hosts public services (e.g., web, email, DNS, FTP).
Isolates internal resources from public systems.
Uses two firewalls for traffic control.
47
Define:
Q: Bastion host
A hardened host exposed to attacks, often serving as a sacrificial host or firewall.
48
Define:
Q: Screening router
The most external router using ACLs to filter packets, often doubling as a firewall.
49
Define:
Q: Dual-homed gateway
A firewall with three interfaces connecting the internet, public subnet, and private network, with IP forwarding disabled.
50
Define:
Q: Screened-host gateway
A gateway in the screened subnet requiring authentication to access its resources or the intranet.
51
Define:
Q: Two-firewall screened subnet
A setup with two firewalls where the external firewall manages public access and the internal firewall protects private networks.
52
List:
Q: Common practices for firewall packet filters in screened subnets
Close all ports by default.
Open only necessary ports.
Use a VPN server for internet access.
53
Define:
Q: VPN server in a screened subnet
Allows internet users to authenticate and access private resources via the VPN, ensuring secure communication.
54
Define:
Q: Packet filter
Firewall rule allowing or blocking traffic to and from specific resources based on packet attributes.
55
Define:
Q: Firewall
A device or software that monitors, filters, and controls network traffic to protect internal networks from external threats.
56
List:
Q: Types of firewalls
Host-based.
Network-based.
Web application firewall (WAF).
Next-generation firewall (NGFW).
Unified threat management (UTM).
Stateless.
Stateful.
Layer 4.
Layer 7.
57
Define:
Q: Host-based firewall
Software firewall installed on a single host to protect it from unauthorized traffic, especially in public networks.
58
Define:
Q: Network-based firewall
Hardware firewall that inspects traffic flowing between networks, typically placed at the network perimeter.
59
Define:
Q: Web application firewall (WAF)
A firewall protecting web servers and databases from code injection and denial-of-service attacks using application-aware rules.
60
List:
Q: Features of a next-generation firewall (NGFW)
Layer 7 application-aware filtering.
Intrusion prevention system (IPS).
Layer 4 inspection
Cloud networking integration.
Directory integration RBAC policies
61
Define:
Q: Unified threat management (UTM)
A device combining multiple security controls, such as firewall, antivirus, VPN, and content filtering, into one appliance.
62
Define:
Q: Stateless firewall
A basic packet-filtering firewall that does not track session information, analyzing each packet independently.
63
Define:
Q: Stateful firewall
Tracks session information, storing it in a state table, and applies filtering rules to new or unknown connections.
64
Define:
Q: Layer 4 firewall
Inspects transport layer traffic, tracking TCP/UDP sessions and blocking anomalies like session hijacking attempts.
65
Define:
Q: Layer 7 firewall
Inspects application layer traffic, ensuring protocol-port matches and detecting patterns in headers and payloads.
66
List:
Q: Downsides of UTM firewalls
Single point of failure.
Latency under heavy loads.
Lower performance.
67
Define:
Q: VPN (Virtual Private Network)
A remote-access connection using encryption to securely send data over untrusted networks.
68
Acronym:
Q: VPN
(Virtual Private Network)
69
List:
Q: VPN tunnel types
Full tunnel (routes all traffic through the VPN).
Split tunnel (routes specific traffic through the VPN).
70
List:
VPN Types
Host-to-host VPN
Site-to-site VPN
Remote-access VPN
Always-on VPN
71
Define:
Q: Host-to-host VPN
A VPN connection established between two individual hosts with encryption software configured on both.
72
Define:
Q: Site-to-site VPN
A VPN connection between routers at the edge of two sites, enabling encrypted communication without host awareness.
73
Define:
Q: Remote-access VPN
A VPN using a server (VPN concentrator) to connect multiple individual hosts to a private network.
74
Define:
Q: Always-on VPN
A VPN configuration where all traffic is tunneled continuously, whether the user is remote or on the LAN.
75
List:
Q: Types of VPN protocols
Carrier Protocol (e.g., IP).
Tunneling Protocol (e.g., PPTP, L2TP).
Passenger Protocol (transmitted data).
76
Define:
Q: VPN concentrator
An advanced router/server that creates and maintains secure VPN connections for multiple users.
77
Acronym:
Q: IPsec
Internet Protocol Security
78
Define:
Q: Internet Protocol Security (IPsec)
A VPN protocol operating at OSI layer 3, providing encryption and authentication for secure communication.
79
List:
Q: Core protocols in IPsec
Authentication Header (AH) – ensures integrity but does not encrypt payloads.
Encapsulating Security Payload (ESP) – encrypts payloads and provides integrity.
80
List:
Q: IPsec modes
Transport mode in IPsec
Tunnel mode in IPsec
81
Define:
Q: Transport mode in IPsec
Encrypts only the payload of packets, leaving headers unencrypted for private network communication.
82
Define:
Q: Tunnel mode in IPsec
Encrypts the entire IP packet (header and payload) for secure site-to-site VPN communication.
83
Define:
Q: SASE (Secure Access Service Edge)
A cloud-based security architecture combining WAN technologies with advanced security features under a zero-trust model.
84
List:
Q: Security features of SASE
Identity and Access Management (IAM).
Zero-trust security model.
Intrusion prevention.
Malware protection.
Content filtering.
85
Define:
Q: SD-WAN
Software-Defined Wide Area Network that connects branch offices and datacenters with enhanced encryption and traffic management.
86
List:
Q: Advantages of SD-WAN
Encrypts data across the network.
Segments traffic based on priority.
Centralizes security policy management.
Intelligently routes traffic based on applications.
87
Define:
Q: Network Access Control (NAC)
A system that authenticates users and devices, enforces security policies, and ensures compliance before granting network access.
88
List:
Q: What does NAC evaluate before granting access?
Operating system version.
Patch level.
Antivirus status.
Presence of security software.
89
List:
Q: Attributes used by NAC to restrict access
User profile.
Device type.
Location.
Other attributes.
90
Define:
Q: Dynamic VLAN assignment
A NAC feature assigning VLANs based on user identity, device type, location, or health checks.
91
Define:
Q: Quarantine VLAN
A VLAN isolating non-compliant devices to limit potential network damage.
92
Define:
Q: Zero-trust security in NAC
A model requiring devices to pass authentication and authorization before network access is granted.
93
List:
Q: Two stages of the NAC process
Authentication.
Authorization.
94
Define:
Q: Agent-based NAC
A NAC method using software agents on devices to assess compliance and provide detailed status information.
95
Define:
Q: Agentless NAC
A NAC method evaluating devices through network scans or DHCP fingerprinting without requiring installed agents.
96
List:
Q: Examples of NAC scanning techniques
Vulnerability scanners (e.g., Nessus, OpenVAS).
Windows Management Instrumentation (WMI) queries.
Log parsers.
97
Define:
Q: Automatic remediation in NAC
A feature allowing NAC to resolve compliance issues, such as updating software or adjusting settings.
98
Define:
Q: BYOD (Bring Your Own Device) in NAC
A policy where NAC secures personal devices connecting to the internal network.
99
Define:
Q: Privilege escalation
Exploiting a bug or flaw to access system resources or privileges not intended for the user.
100
Define:
Q: Backdoor
An unprotected access method, often added during development or by attackers, to bypass security controls.
101
Define:
Q: Zero-day vulnerability
A previously unknown flaw exploited before developers can patch it, posing significant and unpredictable risks.
102
Define:
Q: Responsible disclosure
The process of privately informing vendors about vulnerabilities so they can patch them before public disclosure.
103
Define:
Q: Zero-day exploit
An attack or malware taking advantage of a zero-day vulnerability.
104
Define:
Q: Vulnerability scanning
A process to identify misconfigurations and missing patches in software and systems, supporting application and network security.
105
List:
Q: Popular vulnerability scanning tools
OpenVAS.
Nessus.
106
Define:
Q: Application vulnerability scanning
A specialized method to detect software-specific weaknesses using static and dynamic analysis.
107
Define:
Q: Package monitoring
Tracking and assessing third-party software packages, libraries, and dependencies for known vulnerabilities.
108
List:
Q: Tools for package monitoring
Software Composition Analysis (SCA) tools.
National Vulnerability Database (NVD).
Vendor-specific advisories.
109
Define:
Q: Software Bill of Materials (SBOM)
A detailed inventory of software components, libraries, and dependencies used for managing supply chain risks.
110
List:
Q: Steps for managing networking software
Write usage policies.
Prevent software installation.
Block firewall ports used by software.
Application control solutions.
111
Define:
Q: Application control solution
A tool that inspects packet contents to identify and manage network applications using application signatures.
112
List:
Q: Actions for applications not on the allow list
Flagged (allowed but logged).
Blocked (denied, session dropped).
Tarpitted (silently dropped, appearing unresponsive).
113
Define:
Q: Tarpitting applications
A technique to keep connections alive while silently dropping application data to delay malicious traffic.
114
Define:
Q: Challenges with firewalls for application control
Firewalls may not inspect packet contents
Circumvent ACLs by reconfiguring applications to use open ports.
115
Define:
MAC flooding
Network attack that overloads a switch MAC table, causing it to broadcast like a hub
116
Define:
ARP poisoning/spoofing
The attacker associates his MAC address to the victim's IP, enabling traffic interception and modification
117
Define:
MAC spoofing
Changing a source MAC address to bypass security mechanisms
118
Define:
DTP - Dynamic Trunking Protocol
A protocol for automatic trunk port negotiation that is insecure and should be disabled on access ports
119
List:
The steps in hardening a switch
1. Change default credentials.
2. Disable unnecessary services.
3. Use secure management protocols (e.g., SSH, HTTPS).
4. Implement ACLs.
5. Enable logging and monitoring.
6. Configure port security.
7. Enforce strong password policies.
8. Physically secure equipment.
120
Acronym:
TCP and UDP
Transmission Control Protocol
User Datagram Protocol
121
Define:
TCP - Transmission Control Protocol
A connection-oriented protocol ensuring reliability, ordering, and error-checking for data transmission.
122
Define:
UDP - User Datagram Protocol
A connectionless protocol suited for real-time applications like video streaming and gaming, prioritizing speed over reliability
123
Define:
Tarpitted application traffic
Silently dropping application data while keeping the connection alive to delay attackers
124
Port:
HTTP and HTTPS
80 and 443
125
Protocol for port:
80 and 443
HTTP and HTTPS
126
List:
Physical security for routers
Locked rooms
CCTV
Access logs
127
Define:
Typical configuration for an anti-spoofing rule
Block inbound packets with internal IP address
128
Define:
Segmentation
Dividing a network into segments to isolate systems, limit attack spread, and enhance data protection
129
List:
Benefits of network segmentation
1. Limits attack spread.
2. Enhances data privacy.
3. Allows granular access control.
4. Increases detection and response time for threats.
130
Define:
Device isolation
Segregating devices restrict interaction and prevent lateral threat movement within a network.
