Network Segmentation

Question 1

What is a Firewall?

Answer 1

Common network security device that acts as a barrier to networks

Uses a set of rules to define permitted or denied traffic

Question 2

Types of Firewalls

Answer 2

• Software/Hardware Based
• Virtual/Physical devices
• Host/Network Based

Question 3

What functions can a Firewall perform?

Answer 3

• Performs Network Address Translation (NAT)
• Performs Port Address Translation (PAT)
• Can use one public IP and many private IPs

Question 4

What is a Packet Filtering Firewall?

Answer 4

Permits or denies traffic based on packet headers

this is all or nothing all or deny

Uses Access Control Lists (ACLs) for decision-making

Question 5

What is a Stateful Firewall?

Answer 5

Inspects traffic as part of a session

keeps track of what’s requested and let them in

Allows incoming traffic that corresponds to outgoing requests

BAD for phishing because users can request(click) on bad emails

Question 6

What is a Next-Generation Firewall (NGFW)?

Answer 6

Conducts deep packet inspection (DPI) for detailed traffic analysis

Operates at layers 5, 6, and 7 of the OSI model

Question 7

What are Access Control Lists (ACLs)?

Answer 7

Sets of rules assigned to routers or firewalls that permit or deny traffic

work from Top to Bottom

Based on IP/MAC address or port depending on device

Question 8

What is the difference between Explicit Allow and Explicit Deny in ACLs?

Answer 8

• Explicit Allow: Specified in ACLs using ‘permit’ statements
• Explicit Deny: Statement used to block specific types of traffic

Question 9

What is Implicit Deny in ACLs?

Answer 9

Statement automatically applied at the end of an ACL if no explicit deny statements are present

means anything that has not already been allowed should be denied EX: (Deny IP any any)

Blocks all traffic that is not explicitly permitted

Question 10

What are the Segmentation Zones?

Answer 10

• Trusted Zone
• Untrusted Zone
• Screened Subnet

Question 11

What is the purpose of a Jumpbox?

Answer 11

Provides a choke point for network security measures, enhancing protection for hosted servers

hardened server

1 server that can talk to screened subnet. only jump box can communicate from internal network to the screened subnet

Question 12

What is Content Filtering?

Answer 12

A network management practice that involves restricting access to certain content based on specific criteria

To conserve network bandwidth or comply with policies

Question 13

What are the techniques used in Content Filtering?

Answer 13

• URL Filtering - blocking based on URL (most common form - used in the workplace settings)
• Keyword Filtering - scanning for specific phrases or keywords (may over-block)
• Protocol or Port Filtering

Question 14

What is the Internet of Things (IoT)?

Answer 14

A global network of appliances and personal devices equipped with sensors and network connectivity

To report state and configuration data

Question 15

What are best practices for IoT security?

Answer 15

• Segregation of networks
• Ensure devices are properly secured
• Change default credentials
• Use encryption

Question 16

What is Operational Technology (OT)?

Answer 16

A communications network designed to implement an industrial control system
TECHNOLOGY THAT INTERACTS WITH THE REAL WORLD
AVAILABILITY = MOST IMPORTANT
SCADA

Deals with controlling machinery and processes in the physical world

Question 17

What is Supervisory Control and Data Acquisition (SCADA)?

Answer 17

A type of ICS used to manage large-scale, multi-site devices and equipment

MANY DIFFERENT ICS AND DCS

type of OT

Spread over a geographic region

Question 18

What is a Bring Your Own Device (BYOD) policy?

Answer 18

Policy allowing employees to use their personal devices for work purposes

Introduces vulnerabilities from personal devices

Question 19

What is Mobile Device Management (MDM)?

Answer 19

Centralized software for remote administration and configuration of devices

Question 20

What does Choose Your Own Device (CYOD) allow?

Answer 20

Employees choose from a selection of supported devices provided and managed by the organization

Question 21

Fill in the blank: A _______ is a hardened server that provides access to other hosts within the screen subnet.

Answer 21

Jumpbox

Question 22

What does CYOD stand for?

Answer 22

Choose Your Own Device

Question 23

What are the benefits of CYOD?

Answer 23

• Installation of MDM
• Enforcing technical policies
• Preventing data loss
• Controlling device features

Question 24

What must organizations decide on regarding mobile devices?

Answer 24

A mobile device security policy that suits their needs

Question 25

What is the Zero Trust concept?

Answer 25

A modern approach to cybersecurity due to sophisticated threats

Question 26

Why are traditional security strategies ineffective against modern threats?

Answer 26

Due to de-perimeterization

Question 27

What is de-perimeterization?

Answer 27

* Protecting systems and data using encryption * Secure protocols * Host-based protection

Question 28

What are the principles of Zero Trust?

Answer 28

* Trust nothing * Verify everything * Verify every device, user, and transaction regardless of origin

Question 29

What does the Zero Trust Architecture control plane do?

Answer 29

Defines, manages, and enforces access policies

Question 30

What is an Adaptive Identity in Zero Trust?

Answer 30

Real-time validation based on behavior, device, and location

Question 31

What is the purpose of Threat Scope Reduction?

Answer 31

Limiting user access to minimize attack surface

Question 32

What is Policy-driven Access Control?

Answer 32

Enforcing access based on roles and responsibilities

Question 33

What are Secured Zones in Zero Trust?

Answer 33

Isolated environments for sensitive data access

Question 34

What does a Policy Engine do?

Answer 34

Cross-references access requests with predefined policies

Question 35

What is required for access in a Zero Trust environment?

Answer 35

Continuous verification regardless of location or origin

Question 36

What is a Virtual Private Network (VPN)?

Answer 36

Extends a private network across a public network for secure data transmission

Question 37

What are the types of VPNs?

Answer 37

* Site-to-Site VPN * Client-to-Site VPN * Clientless VPN

Question 38

What tunneling protocol is used for secure web browsing?

Answer 38

Transport Layer Security (TLS)

Question 39

What is the difference between Full Tunnel and Split Tunnel in VPN configuration?

Answer 39

* Full Tunnel: Routes and encrypts all traffic through the VPN * Split Tunnel: Divides traffic, encrypting only traffic bound for headquarters

Question 40

What is Layer 2 Tunneling Protocol (L2TP)?

Answer 40

An early VPN lacking security features like encryption by default

Question 41

What is the purpose of IP Security (IPsec)?

Answer 41

Provides authentication and encryption of packets for secure communication

Question 42

What does Telnet operate on?

Answer 42

Port 23

Question 43

What is the main security feature of Secure Shell (SSH)?

Answer 43

Encrypts data sent between client and server

Question 44

What is the Remote Desktop Protocol (RDP) used for?

Answer 44

Graphical interface remote connections

Question 45

What does Remote Desktop Gateway (RDG) do?

Answer 45

Creates secure connections to servers via RDP using SSL or TLS

Question 46

What is Virtual Network Computing (VNC)?

Answer 46

Allows remote access with a graphical interface, designed for thin client architectures

Question 47

What is the difference between In-Band and Out-of-Band Management?

Answer 47

* In-Band Management: Uses Telnet or SSH over the network * Out-of-Band Management: Uses a separate network for device configuration

Question 48

What is an Application Programming Interface (API)?

Answer 48

Set of protocols and routines for building and interacting with software applications

Question 49

What are the two common types of APIs mentioned?

Answer 49

* Representational State Transfer (REST) * Simple Object Access Protocol (SOAP)

Question 50

Unified Threat Management (UTM) System

Answer 50

■ Combines firewall, router, intrusion detection/prevention, malware solutions, and other security devices ■ Generally considered a border device with next-generation firewall capabilities ■ Available as physical, virtual, or cloud solutions

Question 51

What is the Trusted Zone in segmentation zones?

Answer 51

Local Area Network (LAN), also known as the Inside Zone, represents the corporate intranet ## Footnote The Trusted Zone is where internal corporate resources are located.

Question 52

What does the Untrusted Zone include?

Answer 52

Includes the internet and other external networks ## Footnote Traffic from the internet to the trusted zone is typically blocked, except for responses to specific requests.

Question 53

What is a Screened Subnet?

Answer 53

A semi-trusted zone between the trusted and untrusted zones containing devices like web servers and email servers Allows hosted servers like email and web servers to be accessible from both internal and external networks ● Without the screened subnet, servers hosted inside the network would be inaccessible or less useful to external users ## Footnote It has restricted access from the untrusted zone and is not fully trusted by the internal network.

Question 54

What traffic is allowed from the Trusted Zone to the Screened Subnet?

Answer 54

Traffic from internal to the screened subnet is allowed, but traffic is restricted ## Footnote Return traffic from screened subnet devices is allowed.

Question 55

What access do Screened Subnet devices have to the Untrusted Zone?

Answer 55

Screened subnet devices can access the internet freely ## Footnote Certain inbound ports need to be open for services like email and web hosting.

Question 56

Fill in the blank: The Local Area Network (LAN) is also known as the _______.

Answer 56

[Inside Zone]

Question 57

True or False: The Screened Subnet is fully trusted by the internal network.

Answer 57

False

Question 58

Internet-facing hosts

Answer 58

■ Hosts or servers that accept inbound connections from the internet ■ Example ● Web server on a screen subnet

Question 59

screened subnet

Answer 59

anything that someone needs access to should be placed here

Question 60

Bastion Host

Answer 60

● A host or server in the screen subnet that is not configured with services that run on the local network ● Example ○ Email server ○ Web server ○ Remote access server

Question 61

Proxy Servers

Answer 61

■ Act as intermediaries between a user's device and the internet ■ Manage internet traffic and can be used for various purposes, including content filtering

Question 62

What is a Web Proxy?

Answer 62

Retrieves web pages from the internet and can be used to bypass content filters ## Footnote Web proxies act as intermediaries between users and the internet.

Question 63

What is the primary function of a Reverse Proxy?

Answer 63

Manages incoming internet traffic to an organization, load balancing, improving security, and performance ## Footnote Reverse proxies can also serve cached content and handle SSL encryption.

Question 64

What does a Transparent Proxy do?

Answer 64

Monitors and filters internet traffic, blocking access to specific websites or content types, and enforcing company policies ## Footnote Transparent proxies do not require any configuration on client devices.

Question 65

Types of IoT devices

Answer 65

■ Building and Home Automation Systems ● Manage lighting, HVAC, water, and security systems ■ IP Video Systems ● Provide remote collaboration using video teleconference suites ■ Audio Visual Systems ● Stream live video productions and control multiple displays ■ Physical Access Control Systems ● Determine access into secure areas ○ Proximity readers ○ Access control systems ○ Biometric readers ■ Scientific and Industrial Equipment ● Found in hospitals, factories, and laboratories ● Allows centralized monitoring and management