Other Questions

Question 1

What is ARP?

Answer 1

Address Resolution Protocol

Used to map IP network addresses to the MAC addresses used by a data link protocol

Question 2

Given the following network address: 192.168.1.0/25, what is the last usable IP address in this subnet?

Also explain why?

Answer 2

192.168.1.126

/25 means 128 IP addresses
Minus 2 for the network address and the broadcast address

Question 3

A network engineer needs to create subnets within a Class A network. The engineer decides to use a certain subnet mask. How many possible hosts are available per subnet if the subnet mask is 255.255.0.0?

Also explain why?

Answer 3

65534 possible hosts

Class A network with a subnet mask 255.255.0.0 means /16 subnet. This means there are 16 bits available for host addresses (32 total bits - 16 network bits = 16 host bits). The formula to calculate the number of hosts is 2^n - 2, where n is the number of host bits. In this case, 2^16 - 2 = 65536 - 2 = 65534 hosts. The ‘-2’ accounts for the network and broadcast addresses

Question 4

What is traffic shaping?

Answer 4

AKA Packet Shaping

A congestion management method that controls bandwidth usage by network traffic. It can be used to prioritize, limit, or guarantee bandwidth to specific traffic types to prevent network congestion

delaying certain packet types—based on their content—to ensure that other packets have a higher priority. This can help to ensure that latency is reduced for critical applications.

Question 5

Which topology provides the highest redundancy?

Answer 5

Mesh

Each network node is connected to every other node. If one connection fails, there are still multiple paths for data to take.

Question 6

What is the ‘dig’ command?

Answer 6

Domain Information Grouper

Used in Linux to troubleshoot DNS related issues. It can be used to pull up a wealth of DNS record information, which can help determine where a problem might lie.

Question 7

True or False:

The “ping” command uses the ICMP protocol to test network connectivity

Answer 7

True

The ping command does use the Internet Control Message Protocol (ICMP). It works by sending ICMP Echo Request packets to the target host and waiting for an Echo Reply, testing network connectivity and response time.

Question 8

What is IPSec?

Answer 8

Internet Protocol Security

Provides security at the network layer, including data encryption and secure communication between hosts

Question 9

What is CRC?

Answer 9

Cyclical Redundancy Check

These errors usually indicate a problem with the cabling or a faulty port, as they are generally related to physical layer issues

Question 10

nslookup

Answer 10

Command-line tool is best used to diagnose DNS servers. It can help find DNS details, like IP addresses of a particular computer, or the domain name and IP address of the DNS server for a particular organization.

Question 11

MPLS

Answer 11

Multiprotocol Label Switching

Uses label-switching routers and label-edge routers to forward packets.

MPLS is a protocol-agnostic routing technique designed to speed up and shape traffic flows across enterprise wide area and service provider networks

QoS

Question 12

SLA

Answer 12

Service Level Agreement

Define the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved

Question 13

APIPA

Answer 13

Automatic Private IP Addressing

-when a DHCP server can’t be contacted.

169.254.0.1 - 169.254.255.254

Question 14

Troubleshooting Methodology

Answer 14

Identify the problem
Establish a theory of probable cause
Test the theory to determine the cause
Establish Plan of Action
Implement Solution
Verifying full system functionality Document findings

Question 15

OSI Model Layers

Answer 15

Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer

Question 16

What is the purpose of the Time-to-Live (TTL) field in an IP packet?

Answer 16

The TTL field in an IP packet is decremented by one each time the packet passes through a router. If the TTL field reaches zero, the packet is discarded, preventing it from looping indefinitely around the network.

Question 17

What is the purpose of Spanning Tree Protocol (STP) in a local area network (LAN)?

Answer 17

Spanning Tree Protocol (STP) is a network protocol that prevents switching loops (also known as bridge loops), which can cause broadcast radiation, by creating a spanning tree within networks that have redundant paths.

Question 18

Port 53

Answer 18

DNS

(query and zone transfers)

Question 19

Port 443

Answer 19

HTTPS

Question 20

What is a typical function of a load balancer?

Answer 20

Load balancers distribute network traffic across multiple servers to ensure no single server becomes overwhelmed with too much traffic.

Question 21

OSPF

Answer 21

Open Shortest Path First

An interior gateway protocol used to exchange routing information within a single Autonomous System (AS).

Question 22

BGP

Answer 22

Border Gateway Protocol

An exterior gateway protocol typically used to route traffic between different AS.

Question 23

Port 25

Answer 23

SMTP

Simple Mail Transfer Protocol

Question 24

Port 161

Answer 24

SNMP

System Network Management Protocol

Question 25

Which routing protocol uses the DUAL algorithm to build and maintain routing tables?

Answer 25

Enhanced Interior Gateway Routing Protocol (EIGRP) uses the Diffusing Update Algorithm (DUAL) to create and manage routing tables and ensure there are no routing loops.

Question 26

True or False:

A company implemented a VPN to secure remote access to its network. This solution alone will guarantee that data cannot be intercepted during transmission.

Answer 26

False

While a VPN does encrypt data for secure transmission, it alone does not guarantee that data cannot be intercepted. There are still potential vulnerabilities like a man-in-the-middle attack or malware on a user’s computer. Other security measures should be in place to ensure comprehensive network security.

Question 27

Port 20

Answer 27

FTP

Question 28

Port 21

Answer 28

FTP Secure

Question 29

Port 22

Answer 29

SSH

Question 30

Port 23

Answer 30

Telnet

Question 31

Port 67

Answer 31

DHCP Server

Question 32

Port 68

Answer 32

DHCP Client

Question 33

Port 69

Answer 33

Trivial File Transfer Protocol

Question 34

Port 80

Answer 34

HTTP

Question 35

Port 110

Answer 35

POP3

Question 36

Port 123

Answer 36

NTP (Network Time Protocol)

Question 37

Port 143

Answer 37

IMAP

Question 38

Port 161

Answer 38

SNMP

Question 39

Port 389

Answer 39

LDAP
Lightweight Directiroy Access Protocol

Question 40

Port 445

Answer 40

SMB
Server Message Block

Question 41

Port 514

Answer 41

Syslog

Question 42

Port 587

Answer 42

SMTP TLS

Question 43

Port 636

Answer 43

LDAPS

Question 44

Port 993

Answer 44

IMAP SSL

Question 45

Port 995

Answer 45

POP3 SSL

Question 46

Port 1433

Answer 46

SQL

Question 47

Port 1521

Answer 47

SQLNet

Question 48

Port 3306

Answer 48

MySQL

Question 49

Port 3389

Answer 49

RDP

Question 50

Port 5060/5061

Answer 50

Session Initiation Protocol

Question 51

802.11a

Answer 51

5GHz, 54Mbps

Question 52

802.11b

Answer 52

2.4GHz, 11Mbps
Frequency issues

Question 53

802.11g

Answer 53

2.4GHz, 54Mbps
Backwards compatible w/802.11b
Frequency issues

Question 54

802.11n

Answer 54

2.4GHz or 5GHz
600Mbps
40MHz channel
MIMO

Question 55

802.11ac

Answer 55

5GHz
160MHz
Eight MU-MIMO streams
7Gbps

Question 56

802.11ax

Answer 56

2.4GHz or 5GHz
20, 40, 80, and 160 MHz
1,201 Mbps
OFDMA

Question 57

What is ATM?

Answer 57

Asynchronous Transfer Mode

Question 58

What are SFP, SFP+ and QSFP?

Answer 58

Types of transceivers

SFP (Small Form-factor Pluggable)- Eletrical to Optical
SFP+(Enhanced

Question 59

True or False:
In modern Ethernet networks, a twisted-pair copper cable can have a TIA/EIA-568A standard on one end and TIA/EIA-568B standard on the opposite end forms

Answer 59

False

Question 60

Shielded Twisted-Pair (STP) cabling reduces what kind of interference?

Answer 60

Crosstalk and EMI

Question 61

What is the Three Way Handshake for TCP?

Answer 61

1- Client SYN
2- SYN/ACK
3- Client ACK

Question 62

On-path attack

Answer 62

Formerly man-in-the-middle attacks

a specific type of spoofing attack where a threat actor
compromises the connection between two hosts and transparently intercepts and
relays all communications between them. The threat actor might also have the
opportunity to modify the traffic before relaying it.

Question 63

DoS attack

Answer 63

Denial of Service

causes a service at a given host to fail or to
become unavailable to legitimate users. Resource exhaustion DoS attacks focus
on overloading a service by using up CPU, system RAM, disk space, or network
bandwidth. It is also possible for DoS attacks to exploit design failures or other
vulnerabilities in application software. A physical DoS attack might involve cutting
telephone lines or network cabling or switching off the power to a server.

Question 64

802.1x

Answer 64

Port-based Network Access Control (NAC)

Question 65

802.3ad

Answer 65

LACP / NIC Teaming
802.3ax

Question 66

802.3af

Answer 66

PoE

Question 67

802.1d

Answer 67

STP

Question 68

NDA

Answer 68

Non Disclosure Agreement

• Confidentiality agreement between parties
  – Information in the agreement should not be disclosed
• Protects confidential information
  – Trade secrets, business activities

Question 69

SLA

Answer 69

Service Level Agreement (SLA)
– Minimum terms for services provided
– Uptime, response time agreement, etc.
– Commonly used between customers and service
providers

Question 70

MOU

Answer 70

Memorandum of Understanding (MOU)
– Both sides agree on the contents of the memorandum
– Usually includes statements of confidentiality
– Informal letter of intent; not a signed contract

Question 71

AUP

Answer 71

Acceptable use Policy

What is acceptable use of company assets?
– Detailed documentation
– May be documented in the Rules of Behavior
* Covers many topics
– Internet use, telephones, computers,
mobile devices, etc.
* Used by an organization to limit legal liability
– If someone is dismissed, these are the
well-documented reasons why

Question 72

NAT

Answer 72

Network Address Translation

NAT is a service translating between
a private (or local) addressing scheme used by hosts on the LAN and a public (or
global) addressing scheme used by an Internet-facing device. NAT is configured
on a border device, such as a router, proxy server, or firewall. NAT is not a security
mechanism; security is provided by the router/firewallʼs ACL.

Question 73

Stateful firewall

Answer 73

. A stateful firewall operates at Layer 5 (Session)
of the OSI model. When a packet arrives, the firewall checks it to confirm whether it
belongs to an existing connection. If it does not, it applies the ordinary packet filtering
rules to determine whether to allow it. Once the connection has been allowed, the
firewall allows traffic to pass unmonitored, in order to conserve processing effort.

Question 74

Stateless firewall

Question 75

Netflow analyzer

Answer 75

Gather traffic statistics from all traffic flows
– Shared communication between devices
* NetFlow
– Standard collection method - Many products and options

Question 76

Spectrum analyzer

Answer 76

View the frequency spectrum
* Identify frequency conflicts

Wi-Fi

Question 77

Segmentation

Answer 77

Physical segmentation
* Separate devices
– Multiple units, separate infrastructure
Logical segmentation with VLANs
* Virtual Local Area Networks (VLANs)
– Separated logically instead of physically
– Cannot communicate between VLANs without
a Layer 3 device / router

Question 78

ICMP

Answer 78

Internet Control Message Protocol
– “Text messaging” for your network devices
* Another protocol carried by IP - Not used for data transfer
* Devices can request and reply to administrative requests
– Hey, are you there? / Yes, I’m right here.
* Devices can send messages when things don’t go well
– That network you’re trying to reach
is not reachable from here
– Your time-to-live expired, just letting you know

Question 79

Severity levels

Answer 79

0 - Emergency - The system is unusable
(kernel panic)
1 - Alert - A fault requiring immediate
remediation has occurred
2 - Critical - A fault that will require
immediate remediation is
likely to develop
3 - Error - A nonurgent fault has
developed
4 - Warning - A nonurgent fault is likely to
develop
5 - Notice - A state that could potentially
lead to an error condition
has developed
6 - Informational - A normal but reportable
event has occurred
7 - Debug - Verbose status conditions
used during development
and testing

Question 80

OTDR

Answer 80

Fiber

If a break
is identified in an installed cable, the location of the break can be found using an
optical time domain reflectometer (OTDR). This sends light pulses down the
cable and times how long it takes for any reflections to bounce back from the break.
A broken cable will need to be repaired (sp

Question 81

Out-of-band management

Answer 81

The console port is a physically out-of-band
management method; the link is limited to the attached device. When you are using
a browser-based management interface or a virtual terminal, the link can be made
out-of-band by connecting the port used for management access to physically
separate network infrastructure. Obviously, this is costly to implement, but out-ofband management is more secure and means that access to the device is preserved
when there are problems affecting the production network.

Question 82

in-band management

Answer 82

An in-band management link is one that shares traffic with other communications on the “production” network.

With an in-band connection, better security can be implemented by using a VLAN
to isolate management traffic.

Question 83

LACP

Answer 83

(Link Aggregation Control Protocol)

Question 84

BPDU

Answer 84

Bridge Protocol Data Unit

STP info is packaged as BPDU multicast frames

Question 85

Port 3306

Answer 85

MySQL

Question 86

Straight-through cable

Answer 86

Patch cables - the most common Ethernet cable
* Connect workstations to network devices
– Workstation to switch
– Router to switch

Question 87

Crossover Cable

Answer 87

Connect MDI to MDI
* Connect MDI-X to MDI-X
* Auto-MDI-X is on most modern Ethernet devices
– Automatically decides to cross-over
* This is obviously not 568A on one side and 568B on the other
– 568A and 568B are cabling standards
– The TIA-568 standard does not define Ethernet (or other)
crossover cables

-Switch to switch
-Router to router
-Workstation to workstation
-Workstation to router

Question 88

Evil twin

Answer 88

Looks legitimate, but actually malicious
– The wireless version of phishing
* Configure an access point to look like an
existing network
– Same (or similar) SSID and security
settings/captive portal
* Overpower the existing access points
– May not require the same physical location
* WiFi hotspots (and users) are easy to fool
– And they’re wide open
* You encrypt your communication, right?
– Use HTTPS and a VPNPublic access to
public resources

Question 89

ARP

Answer 89

Address Resolution Protocol

Determine a MAC address based on an IP address

Question 90

OSPF

Answer 90

OSPF (Open Shortest Path First)
– Large, scalable routing protocol

It is a Link-state routing protocol
* Information passed between routers is related
to the current connectivity

Question 91

RIPv1

Answer 91

Routing Information Protocol

v1 - a classful protocol and uses inefficient broadcasts to communicate
updates over UDP port 520.

Question 92

VRRP

Answer 92

Virtual Router Redundancy Protocol

The default router isn’t real
– Devices use a virtual IP for the default gateway
– If a router disappears, another one takes its place
– Data continues to flow

Question 93

MIB

Answer 93

Management Information Base

holds statistics relating to the activity
of the device

Question 94

OID

Answer 94

Object Identifier

can be referenced by name or
number
– .iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).
snmp(11).snmpOutT

Question 95

TACACS+

Answer 95

Terminal Access Controller Access-Control System
– Remote authentication protocol
– Created to control access to dial-up lines to ARPANET

• TACACS+
  – The latest version of TACACS, not backwards compatible
  – More authentication requests and response codes

Question 96

Kerberos

Answer 96

Network authentication protocol

Authenticate once; SSO

Protect against on-path or replay attacks

Question 97

route command

Answer 97

Command to view device’s routing table
-Find out where packets will go

route print

Question 98

nslookup

Answer 98

Command to troubleshoot DNS name resolution

(d)nslookup

Dig is a similar command

Question 99

unicast

Answer 99

One station sending information to another station

1:1

only two systems

Question 100

multicast

Answer 100

Delivery of information to interested systems

Question 101

broadcast

Answer 101

Sending information to everyone at once

Not used in IPv6

Question 102

anycast

Answer 102

Single destination IP address has
multiple paths to two or more endpoints
– One-to-one-of-many
– Looks like any other unicast address
* Packets sent to an anycast address are delivered to the closest interface

Question 103

DNS Poisoning

Answer 103

Attack that compromises the name resolution process

Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker’s choosing.

Attacker will replace the valid IP address vor a trusted website with the attackers IP address. The attacker can then intercept all the packets directed to that IP address and bounce them to a real site, leaving the victim unaware of what is happening

Question 104

DMZ

Answer 104

Demilitarized Zone AKA Screened Subnet

Use of two firewalls placed on either side of the permieter network zone

Question 105

NAC

Answer 105

Network Access Control

802.1X
Port-based Network Access Control
No access until you authenticate

-Physical interfaces [connecting to the switch]

-EAP/RADIUS

-Enabling/disabling ports

Question 106

Throughput

Answer 106

Average data transfer rate achieved over a period of time

Question 107

Bandwidth

Answer 107

Frequency range measured in cycles per second or Hz

Also used to describe the amount of data that can be transferred, measured in bps

Question 108

RIPv2

Answer 108

Routing Information Protocol

v2 - supports classless addressing and uses more efficient multicast
transmissions over UDP port 520. It also supports authentication.

Question 109

Physical segmentation

Answer 109

Separate devices; separate infrastructures

Question 110

Screened subnet

Answer 110

Previously DMZ

Don’t want the internet to have direct access to your internal network

The screened subnet holds all necessary information for the internet

Question 111

Separation of duties

Answer 111

Split knowledge
-No one person has all of the details [One person has half of a safe combination]

Dual Control
-Two people must be present to perform the business function [two keys to open a safe]

Question 112

Honeypot

Answer 112

Attract attackers

Create a virtual world and once they’re connected, log all of their attempts to get around the security to gain more info about what the attackers are doing on your network

Question 113

RADIUS

Answer 113

Remote Authentication Dial-in User Service

Centralize authentication for users
– Routers, switches, firewalls
– Server authentication
– Remote VPN access, 802.1X network access

Question 114

EAP

Answer 114

Extensible Authentication Protocol (EAP) – An authentication framework
* Many different ways to authenticate based on
RFC standards
– Manufacturers can build their own EAP methods
* EAP integrates with 802.1X
– Prevents access to the network until the
authentication succeeds

Question 115

Posture assessment

Answer 115

Device related

Before connecting to the network, perform a health check – Is it a trusted device?
– Is it running anti-virus? Which one? Is it updated?
– Are the corporate applications installed?
– Is it a mobile device? Is the disk encrypted?
– The type of device doesn’t matter - Windows, Mac,
Linux, iOS, Android

Question 116

SIEM

Answer 116

Security Information and Event Management
– Logging of security events and information
* Security alerts
– Real-time information
* Log aggregation and long-term storage
– Usually includes advanced reporting features
* Data correlation
– Link diverse data types
* Forensic analysis
– Gather details after an event

Question 117

VLAN hopping

Answer 117

“Hop” to another VLAN - this shouldn’t happen

Switch spoofing
* Some switches support automatic configuration – Is the switch port for a device, or is it a trunk?
* There’s no authentication required – Pretend to be a switch
– Send trunk negotiation
* Now you’ve got a trunk link to a switch
– Send and receive from any configured VLAN
* Switch administrators should disable trunk negotiation – Administratively configure trunk interfaces and
device/access interfaces

Double tagging
* Craft a packet that includes two VLAN tags
– Takes advantage of the “native” VLAN configuration
* The first native VLAN tag is removed by the first switch
– The second “fake” tag is now visible to the second switch – Packet is forwarded to the target
* This is a one-way trip
– Responses don’t have a way back to the source host
* Don’t put any devices on the native VLAN – Change the native VLAN ID
– Force tagging of the native VLAN

Question 118

Ephmeral port

Answer 118

temporary port numbers
– Ports 1,024 through 65,535
– Determined in real-time by the clients

Question 119

Non-ephemeral ports

Answer 119

permanent port numbers
– Ports 0 through 1,023
– Usually on a server or service

Question 120

Netstat

Answer 120

allows you to check the
state of ports on the local host

Question 121

Nmap

Answer 121

Network mapper - find network devices
* Port scan - Find devices and identify open ports
* Operating system scan
– Discover the OS without logging in to a device
* Service scan

Question 122

Scope

Answer 122

Range of addresses and options configured for a single subnet

Question 123

Default gateway

Answer 123

IP address of router

Question 124

DHCP Reservation

Answer 124

mapping of a MAC address or interface ID to a specific IP address within the DHCP server’s address pool

AKA Static or fixed address assignment

Question 125

DHCP Relay

Answer 125

Configuration of a router
to forward DHCP traffic where the client
and server are in different subnets.

Question 126

IP Helper

Answer 126

Command set in a router
OS to support DHCP relay and other
broadcast forwarding functionality.

Question 127

SLAAC

Answer 127

Stateless Address Autoconfiguration

IPv6

Automatically configure an IP address
without a DHCP server

Question 128

FQDN

Answer 128

Unique label specified in a DNS
hierarchy to identify a particular host
within a subdomain within a top-level
domain.

Question 129

Iterative lookup

Answer 129

When a name server responds to a query with either the requested record or the address of a name server at a lower level in the hierarchy that is authoritative

DNS query type whereby a server responds with
information from its own data store only

Question 130

Recursive lookup

Answer 130

DNS query type whereby a server submits additional
queries to other servers to obtain the requested information.

Question 131

SOA

Answer 131

Start of Authority Records

Identifies the primary authoritative name server that maintains complete resource records for the zone

Question 132

NS

Answer 132

Name Server Records

List the name servers for a domain - NS records point to the name of the server

Question 133

A vs AAAA

Answer 133

Address records

IPv4 host name vs IPv6 host name

Question 134

CNAME

Answer 134

Canonical Name Record

Alias for an existing address record

Question 135

MX

Answer 135

Mail Exchange Record

Used to identify an email server for the domain

Question 136

SRV

Answer 136

Service Record

contains the service name and port on which a particular application is hosted

• Find a specific service
  – Where is the Windows Domain Controller? Where is the instant messaging server? Where is the VoIP controller?

Question 137

TXT

Answer 137

Text Record

Used to store any free-form text that may be needed to support other network services

Used as part of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)

SPF
– Prevent mail spoofing
– Mail servers check that incoming mail
really did come from an authorized host

DKIM
– Digitally sign your outgoing mail
– Validated by the mail server,
not usually seen by the end user
– Put your public key in the DKIM TXT record

Question 138

PTR

Answer 138

Pointer Record

The reverse of an A or AAAA record – Added to a reverse map zone file

Question 139

Forward lookup vs reverse lookup

Answer 139

Forward lookup:
– Provide the DNS server with an FQDN
– DNS server provides an IP address

Reverse Lookup
– Provide the DNS server with an IP address
– The DNS server provides an FQDN

Question 140

Zone transfer

Answer 140

Mechanism by which a secondary name server obtains a read-only copy of zone records from the
primary server.

Question 141

Internal DNS

Answer 141

managed on internal servers
– Configured and maintained by the local team
– Contains DNS information about internal devices – DNS service on Windows Server

Question 142

External DNS

Answer 142

Records that Internet clients must be able to access

– Often Managed by a third-party
– Does not have internal device information – Google DNS, Quad9

Question 143

SMB

Answer 143

Server Message Block protocol

Allows a host to share its directories/files and printers to make them available for other machines to use

SMBv3 supports message encryption

Question 144

SIP

Answer 144

Session Initiation Protocol

Ports 5060 and 5061

Question 145

Syslog severity levels

Answer 145

0 - Emergency - The system is unusable (kernel panic)
1 - Alert - A fault requiring immediate remediation has occurred
2 - Critical - A fault that will require
immediate remediation is likely to develop
3 - Error - A nonurgent fault has developed
4 - Warning - A nonurgent fault is likely to develop
5 - Notice - A state that could potentially lead to an error condition has developed
6 - Informational - A normal but reportable event has occurred
7 - Debug Verbose status conditions used during development and testing

Question 146

Latency

Answer 146

the time it takes for a transmission to reach the recipient,
measured in milliseconds (ms)

Question 147

Jitter

Answer 147

a variation in the delay (latency)

the time between frames

Question 148

Posture Assessment

Answer 148

Process for
verifying compliance with a health policy
by using host health checks

Question 149

Zero-day

Answer 149

A vulnerability that is exploited before the developer
knows about it or can release a patch

Question 150

Vulnerability Assessment

Answer 150

an evaluation of a system’s security and ability to
meet compliance requirements based on the configuration state of the system

determines if the current configuration
matches the ideal configuration (the baseline)

Question 151

CVE

Answer 151

Common Vulnerabilities and Exposures

dictionary of vulnerabilities in
published operating systems and applications software

Question 152

SIEM

Answer 152

Security Information and Event Management (SIEM)

Solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications

Question 153

penetration testing

Answer 153

uses authorized hacking
techniques to discover exploitable weaknesses in the target’s security systems

Question 154

Least privilege

Answer 154

a user is granted sufficient rights to perform his or
her job and no more

Question 155

Role-based access

Answer 155

Administrators provide access based on the role
of the user

Question 156

Zero trust

Answer 156

Security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed

Everything must be verified
– Nothing is trusted
– Multifactor authentication, encryption, system
permissions, additional firewalls, monitoring and
analytics, etc.

Question 157

ACL

Question 158

IAM

Question 159

Authentication factors

Answer 159

Something you know
something you have
something you are
something you do
somewhere you are

Question 160

EAP

Question 161

LDAP