Network Security

Question 1

Confidentiality

Answer 1

Prevents disclosure of information to unauthorized individuals

Question 2

Integrity

Answer 2

Ensuring that data has not been modified

Question 3

Availability

Answer 3

Information is accessible to authorized users

Question 4

CVE

Answer 4

Common Vulnerabilities and Exposures - a database containing known vulnerabilities

Question 5

Zero-Day Vulnerability

Answer 5

One that has never been detected or published

Question 6

Least privilege

Answer 6

Giving people just enough privileges to do their jobs.

Question 7

Role-based Access

Answer 7

Your access is based on your role in the organization. In Windows, use Groups to provide this type of access.

Question 8

Zero Trust

Answer 8

Everything must be verified. Nobody is trusted until authentication is provided by the user. Systems are constantly monitored.

Question 9

Network segmentation enforcement

Answer 9

Physical segmentation (using separate devices) or VLANs.

Question 10

Screened subnet

Answer 10

Formerly a “DMZ” - a separate subnet containing assets that outside users need access to.

Question 11

Separation of duties

Answer 11

Limit what a single person can do: split knowledge, etc.

Question 12

Network access Control

Answer 12

IEEE 802.1X - Port-based Network Access Control (NAC). The physical ports require authentication.

Question 13

Honeypot

Answer 13

Fake virtual systems put in place to lure attackers so they can be monitored.

Question 14

Multifactor authentication

Answer 14

Something you are
Something you have
Something you know
Somewhere you are
Something you do

Question 15

TACACS+

Answer 15

Remote authentication protocol. Released as an open standard in 1993.

Question 16

SSO

Question 17

RADIUS

Answer 17

Common AAA protocol; supported on wide variety of devices. Centralized authentication for users.

Question 18

LDAP

Answer 18

Protocol for reading/writing directories over an IP network. Can be used as authentication protocol.

Question 19

Kerberos

Answer 19

Network authentication protocol; authenticate once (SSO). Mutual authentication

Question 20

Local authentication

Answer 20

Credentials are stored locally on the machine you’re trying to access.

Question 21

802.1X

Answer 21

Port-based Network Access Control; no access to network until you authenticate.

Question 22

EAP

Answer 22

Extensible Authentication Protocol; an authentication framework that integrates with other systems.

Question 23

Threat Assessment

Answer 23

Research the threats and make decisions based on the information. Then invest in most appropriate protection.

Question 24

Vulnerability Assessment

Answer 24

Minimally invasive process to identify potential vulnerabilities (vulnerability scanner); test from outside and inside

Question 25

Penetration Testing

Answer 25

A simulated attack on a system.

Question 26

Posture Assessment

Answer 26

Checks if a BYOD device is trusted, healthy, clean, etc., and has proper apps installed and settings enabled.

Question 27

Risk Assessment

Answer 27

Identify assets that can be affected by an attack.

Question 28

SIEM

Answer 28

Security Information and Event Management - a log of security events and information.

Question 29

Denial of Service

Answer 29

When a particular service is forced to fail (usually by overloading it)

Question 30

On-Path Attack

Answer 30

(Formerly Man-in-the-middle attack). An attacker redirects traffic (for monitoring) which then gets passed to the destination.

Question 31

ARP Poisoning

Answer 31

An attacker can pretend to be a router by responding to ARP requests with its own MAC

Question 32

Switch spoofing

Answer 32

Switch ports can be configured as access port or trunk port. Automatic config of these can lead to an attacker plugging in a laptop and negotating trunk access.

Question 33

Double tagging

Answer 33

Packets are crafted with two VLAN tags. The first native VLAN tag is removed by one switch, and the second one is visible to a second switch. One-way traffic. To mitigate, don’t put devices on native VLAN.

Question 34

Rogue DHCP server

Answer 34

Non-authorized DHCP server handing out IP addresses. DHCP snooping can prevent this.

Question 35

Rogue access point

Answer 35

An unauthorized wireless access point can lead to unauthorized access to your network. 802.1X can prevent this.

Question 36

Wireless evil twin

Answer 36

A rogue AP that looks legitimate but is actually malicious. Encryption can prevent these from stealing information.

Question 37

Wireless deauthentication

Answer 37

Attackers can send specially crafted frames to disconnect clients, using 802.11 management frames.
802.11w encrypts management frames to mitigate this.

Question 38

Secure SNMP

Answer 38

SNMPv3 encrypts traffic, but not all devices support it.

Question 39

RA Guard

Answer 39

Router Advertisement (IPv6) Guard
Prevents attackers from pretending to be a router and sending RA messages.

Question 40

DAI

Answer 40

Dynamic ARP Inspection - can prevent on-path attacks by using DHCP snooping.

Question 41

Control plane policing

Answer 41

Can secure a device using the control plane by limiting the amount and type of traffic or preventing types of traffic (Telnet, for example) that is allowed.

Question 42

Port Isolation

Answer 42

Limits the access between devices on different interfaces on a switch (even if they’re on the same VLAN).

Question 43

MAC Filtering

Answer 43

Can block unwanted devices, but is easy to circumvent by spoofing MAC addresses.

Question 44

Wireless client isolation

Answer 44

Devices connected to the network can get on the Internet but not see each other

Question 45

EAP

Answer 45

Extensible Authentication Protocol - a framework that can be used for wireless authentication

Question 46

VPN Concentrator

Answer 46

Device that VPN clients connect to (often integrated into a firewall)

Question 47

Remote Desktop Protocols

Answer 47

RDP (Windows, but has clients for MacOS, Linux, etc.)
VNC

Question 48

Out of band management

Answer 48

“Direct” connection (serial/USB), console connection, etc.