S17-Network Segmentation

Question 1

Firewall

Answer 1

Uses a set of rules defining the types of traffic permitted or denied through the device

Question 2

T/F A firewall can’t perform Network Address translation (NAT) and Port address translation (PAT)

Answer 2

False, some physical Firewall hardware sitting at the edge of your network can preform NAT and PAT functions

Question 3

Packet-Filtering Firewall

Answer 3

Permits or denies traffic based on packet header

Question 4

Stateful Firewall

Answer 4

Inspects traffic as part of a session can recognizes where the traffic originated

Question 5

NextGen Firewall (NGFW)

Answer 5

combines basic firewall functions with advanced features like:
- deep packet inspection
- intrusion prevention
- application control
- Threat intelligence
- Layer 7 Inspection
to offer more robust protection against modern cyber threats. operates in L5, L6, L7

Question 6

Deep Packet inspection (DPI)

Answer 6

NGFWS examine the data within network packets, not just the headers, to detect and block malicious content

Question 7

intrusion Prevention System (IPS)

Answer 7

NGFWs actively monitor network traffic for suspicious activity and take steps to prevent or mitigate attacks.

Question 8

Application Control

Answer 8

NGFWs can identify and control which applications are allowed to access the network, reducing the risk of unauthorized applications

Question 9

Threat Intelligence

Answer 9

NGFWs often integrate with threat intelligence feeds, which provide information about the latest cyber threats, allowing them to better protect against them.

Question 10

Layer 7 Inspection

Answer 10

NGFWS can operate at the application layer (Layer 7), allowing them to inspect the contents of network traffic and block malicious requests or payloads.

Question 11

Access Control List (ACL)

Answer 11

List of permissions associated with a given system or network resource

Question 12

Unified Threat Management (UTM) Device

Answer 12

combines firewall, Router, intrusion detection/prevention system, anti-malware, and other features into a single device

Question 13

What are somethings you may want to block on your ACL?

Answer 13

• Requests from internal or private loopback addresses and multi Cast ranges
• incoming requests from local protocols
• Either block all Ipv6 traffic or allow it to authorized hosts/ports

Question 14

Explicit Deny

Answer 14

Blocks matching traffic

Question 15

Role-Based Access

Answer 15

Defines the privilege’s and responsibilities of admin users who control firewalls and their ACLs

Question 16

Trusted Zone/Inside Zone

Answer 16

Intranet or LAN

Question 17

Untrusted Zone/ Outside Zone

Answer 17

Internet or External network

Question 18

Screened Subnet

Answer 18

often referred to as a Demilitarized Zone (DMZ) or perimeter network, is a network configuration that isolates public-facing servers from the internal network.
- semi-trusted zone

Question 19

Internet-Facing Host

Answer 19

Any host that accepts inbound connections from the internet

Question 20

What things should be placed in the screened subnet?

Answer 20

Anything that receives inbound traffic from the internet:
- Email server
- Web server
- Remote access servers
- Proxy servers

Question 21

Bastion Host

Answer 21

Hosts or servers in the screened subnet which are not configured with any services that run on the local network

Question 22

Jumpbox

Answer 22

Hardened server that provides access to other hosts within the screened subnet

Question 23

How are action executed in an ACL?

Answer 23

IN a TOP - DOWN manner

Question 24

how are rules positioned in an ACL?

Answer 24

More Specific rules toward the top , more generic rules towards the bottom

Question 25

What key pieces of information are found in ACL rules?

Answer 25

- Traffic type - Traffic Source - Traffic Destination - Action against Traffic

Question 26

Content Filtering

Answer 26

Network Management practice that involves restricting access to certain content, websites, or applications based on specific criteria

Question 27

URL Filtering

Answer 27

Block access to specific websites based on URLs

Question 28

Keyword Filering

Answer 28

Scanning a webpage for keywords and blocking it from being displayed if any of the blocked keywords are detected

Question 29

Protocol/Port Filtering

Answer 29

blocking traffic based on protocol or port used

Question 30

Proxy Server

Answer 30

acts as an intermediary between a user's device and the internet, handling web requests on their behalf

Question 31

Web Proxy

Answer 31

Used to retrieve Webpages from the internet

Question 32

Reverse Proxy

Answer 32

Used by businesses to manage incoming internet traffic

Question 33

Transparent Proxy

Answer 33

Used by businesses to monitor and filter internet traffic

Question 34

why is a Proxy Server useful?

Answer 34

1- can filter out malicious traffic & prevent unauthorized access 2 - Can hide a user's IP address 3 - Block access to websites or types of content 4 - cache frequently accessed resources & improve performance

Question 35

Internet of Things (IoT)

Answer 35

global network of appliances and personal devices that have been equipped with sensors, software, and network connectivity

Question 36

Types of IoT devices

Answer 36

- Hub & Control systems - Smart Devices - Wearables - Sensors

Question 37

Hub & Control system (IoT)

Answer 37

Used as a central point of communication for many automation and control of IoT devices

Question 38

Smart Devices

Answer 38

IoT Endpoints that connect back to a central hub/Control system to provide automation or function

Question 39

Wearables

Answer 39

IoT devices that are designed as accessories that can be worn

Question 40

Sensors

Answer 40

IoT devices that measure factors like temperature, sound, light, humidity, pressure, proximity, motion, smoke, fire, heart rates, etc.

Question 41

Operational Technology (OT)

Answer 41

the hardware and software that monitor and control physical devices, processes, and infrastructure, often in industrial environment

Question 42

Industrial Control Systems (ICS)

Answer 42

. Systems that control and monitor industrial processes, by controlling machinery using embedded devices - single plant/system

Question 43

IT vs OT

Answer 43

IT: Focuses on managing data, information, and systems. OT: Focuses on controlling physical devices and processes.

Question 44

Supervisory Control and Data Acquisition (SCADA)

Answer 44

Type of ICS used to monitor and control industrial processes in real-time, often from a central location. - Different ICSs & DCSs interconnected in a WAN

Question 45

Distributed Control Systems (DCS)

Answer 45

Used to manage and control complex industrial processes, such as those in chemical plants and oil refineries - System consisting of Multiple interconnected ICSs

Question 46

Fieldbus

Answer 46

Digital serial data communication protocol used in OT networks to link different PLCs

Question 47

Programmable Logic Controller (PLC)

Answer 47

a specialized computer designed to control industrial processes.

Question 48

Human-Machine Interface (HMI)

Answer 48

A local control panel or software that runs on a computer

Question 49

Storage Segmentation

Answer 49

Clear separation between personal and company data on a single device

Question 50

Mobile Device Management

Answer 50

Centralized software solution for remote admin and config on mobile devices

Question 51

CYOD

Answer 51

"Choose your own device"

Question 52

Zero Trust Architecture (ZTA)

Answer 52

A security framework that operates on the principle of "never trust, always verify.

Question 53

What are the 2 planes in ZTA?

Answer 53

- Control Plane - Data Plane

Question 54

Control Plane (ZTA)

Answer 54

responsible for making access decisions and managing policies that govern how users and devices are authorized to access network resources. -

Question 55

Key elements on the Control Plane (ZTA)

Answer 55

- Adaptive Identity - Threat Scope Reduction - Policy-driven access control - Secured zones

Question 56

Adaptive Identity

Answer 56

Real-time validation that considers user behavior, Device, Location , Etc.

Question 57

Threat Scope reduction

Answer 57

Limit users' access to only work-related tasks

Question 58

Policy- Driven Access control

Answer 58

Developing, Managing, and enforcing user access policies based on their roles and responsibilities

Question 59

Secured Zones

Answer 59

Isolated Environments in a network for sensitive data

Question 60

Data Plane (ZTA)

Answer 60

handles the actual data traffic and application communication. Ensures that all communication is encrypted, monitored, and verified, adhering to the trust-none, always verify principle.

Question 61

Data Plane Vs Control Plane

Answer 61

Control Plane: - Layout of policies and procedures Data Plane: - Execution of Policies and procedures

Question 62

Data Plane key elements

Answer 62

- Subject Systems - Policy Engine - Policy Admin - Policy Enforcement Point

Question 63

Subject Systems

Answer 63

Individual or entity attempting to gain access

Question 64

Policy Engine

Answer 64

Cross-references the access requests with its predefined policies

Question 65

Policy Admin

Answer 65

Used to establish and manage the access policies

Question 66

Policy Enforcement Point

Answer 66

Where access decisions are executed

Question 67

What 2 components form the Backbone in a ZTA?

Answer 67

- The Policy Admin - The Policy Engine

Question 68

Full Tunnel VPN

Answer 68

Routes and Encrypts all network requests through the VPN connection back to the headquarters

Question 69

Half/Split Tunnel VPN

Answer 69

allows users to route only specific internet traffic through the VPN, while other traffic can bypass the VPN and connect directly to the internet

Question 70

Split Tunnel vs Full Tunnel

Answer 70

Full tunnel - Better Security Split Tunnel - Better Performance

Question 71

Clientless VPN

Answer 71

Creates a secure, remote-access VPN tunnel using a web browser without requiring a software or hardware client

Question 72

Site to site VPN

Answer 72

creates an encrypted tunnel between two or more networks, allowing them to communicate securely over the internet as if they were on the same network

Question 73

Client to Site/ Remote access VPN

Answer 73

enables a single user's device (like a laptop or phone) to securely connect to a company or organization's network

Question 74

Datagram Transport Layer Security (DTLS)

Answer 74

UDP-Based version of TLS

Question 75

Layer 2 Tunneling Protocol (L2TP)

Answer 75

a protocol used to create VPN connections by encapsulating data for secure transmission over public networks.

Question 76

L2TP drawbacks

Answer 76

Lacks Encryption and needs to be combined with another encryption layer

Question 77

Layer 2 Forwarding (L2F)

Answer 77

Tunneling protocol for the P2P protocol but lacks native security and encryption features

Question 78

Point-to-Point Tunneling Protocol (PPTP)

Answer 78

older vpn tunneling that Supports Dial-up networks but lacks native security features, unless used with windows

Question 79

Telnet

Answer 79

Uses port 23 - sends plain, text-based commands to remote devices

Question 80

Secure Shell (SSH)

Answer 80

Port 22 - Encrypts everything between a client and server

Question 81

Remote Desktop Protocol (RDP)

Answer 81

Port 3389 - Remote Access technology the features a GUI - Microsoft Protocol - not secure

Question 82

Remote Desktop Gateway (RDG)

Answer 82

Provides a secure connection using SSL/TLS protocols via RDP - used to secure RDP

Question 83

Virtual Network Computing (VNC)

Answer 83

Port 5900 - Designed for thin client Architectures and things like virtual desktop infrastructure (VDI) - works like RDP but is Cross-Platform

Question 84

Virtual Desktop Infrastructure (VDI)

Answer 84

Hosts a desktop environment on a centralized server through virtualization (DaaS) Desktop as a service

Question 85

In-Band Management

Answer 85

Managing devices through the use of Telnet or SSH protocols over the network

Question 86

Out-of-Band Management

Answer 86

Connecting to a configuring different network devices using an alternate path or management network

Question 87

Application Programming Interface (API)

Answer 87

Set of protocols and routines for building and interacting with software applications