SEC+ Chapter 5

Question 1

What is Network Architecture in enterprise networks?

Answer 1

Selection and placement of media, devices, protocols/services, and data assets.

Question 2

What are the three main components of Network Architecture?

Answer 2

Network Infrastructure, Network Applications, and Data Assets.

Question 3

Define Network Infrastructure.

Answer 3

Media, appliances, addressing/forwarding protocols that support basic connectivity.

Question 4

What are Network Applications?

Answer 4

Services running on the infrastructure to support business activities, such as processing invoices or sending emails.

Question 5

What are Data Assets in network architecture?

Answer 5

Information created, stored, and transferred as a result of business activities.

Question 6

What are the Secure Design Principles in network architecture?

Answer 6

Confidentiality, Integrity, Availability (CIA) to ensure secure business workflows by protecting these attributes.

Question 7

Describe the Email Provisioning Workflow example.

Answer 7

Client device accesses network via physical channel. User authenticates and is authorized to use the email application. Unauthorized users/devices are denied access. Email Mailbox Server stores data assets, accessible only by authorized clients, and must be highly available and fault-tolerant. Mail Transfer Server connects with untrusted Internet hosts, controls communication between untrusted and trusted networks, and enforces policy-based controls on data/software transfer.

Question 8

What is the OSI Model used for in network infrastructure?

Answer 8

A framework to analyze network infrastructure and services.

Question 9

What are the main Network Components?

Answer 9

Nodes (hosts and intermediary devices) and Links (physical media).

Question 10

Differentiate between LAN and WAN.

Answer 10

LAN (Local Area Network) covers a single site with limited geographic area, while WAN (Wide Area Network) spans metropolitan, country-wide, or global areas.

Question 11

What are Layer 2 and Layer 3 addressing and forwarding protocols?

Answer 11

Layer 2: MAC addresses, switches, broadcast domains. Layer 3: IP addresses, routers, separate subnets.

Question 12

How do switches function at Layer 2?

Answer 12

Forward frames based on MAC addresses and define broadcast domains within VLANs.

Question 13

What role do Wireless Access Points play in network infrastructure?

Answer 13

Bridge cabled networks with wireless hosts using MAC addressing similar to wired switches.

Question 14

What is the primary function of routers in Layer 3?

Answer 14

Forward packets based on IP addresses and act as default gateways for subnets.

Question 15

Compare TCP and UDP at Layer 4.

Answer 15

TCP: Provides reliable, connection-oriented communication. UDP: Offers unreliable, connectionless transfers.

Question 16

What are Application Protocols at Layer 7 used for?

Answer 16

Support client/server functionality, such as HTTP and SMTP.

Question 17

What is the role of DNS Servers at Layer 7?

Answer 17

Resolve Fully Qualified Domain Names (FQDNs) to IP addresses; they are infrastructure services, not user-level services.

Question 18

What is a Star Topology in network switching?

Answer 18

A topology with a central switch and radiating connections to hosts, simplifying management and expansion but creating a single point of failure.

Question 19

What are the three layers in a Hierarchical Network Design?

Answer 19

Access Layer, Distribution Layer, and Core Layer.

Question 20

What are the benefits of a Hierarchical Network Design?

Answer 20

Improved performance, scalability, and security through network segmentation.

Question 21

What is the purpose of Virtual LANs (VLANs)?

Answer 21

Logical segmentation of the network into separate broadcast domains for improved security and performance.

Question 22

How do VLANs enhance network security?

Answer 22

By isolating different types of devices and controlling traffic between VLANs through routing and firewall policies.

Question 23

What defines Security Zones in enterprise networks?

Answer 23

Segments mapped to subnets with specific security levels, including perimeter and internal zones.

Question 24

What is the Perimeter in Security Zones?

Answer 24

The boundary between trusted (internal) and untrusted (external) zones.

Question 25

Name the Internal Zones in Security Zones.

Answer 25

Database/File Systems, Client Devices, Public-Facing Servers, and Infrastructure Servers.

Question 26

What is Attack Surface in network architecture?

Answer 26

Points where threat actors can access the network, including Layer 1/2 (physical connections, MAC addresses), Layer 3 (IP addressing, routing), and Layer 4/7 (ports, application protocols).

Question 27

What are the two types of Attack Surfaces?

Answer 27

External/Public Attack Surface and Internal/Private Attack Surface.

Question 28

What is Defense in Depth in network security?

Answer 28

Implementing multiple layers of security controls to protect against different threats.

Question 29

What are common weaknesses in network attack surfaces?

Answer 29

Single Points of Failure, Complex Dependencies, Prioritizing Availability Over Security, Lack of Documentation, Overdependence on Perimeter Security.

Question 30

What is Port Security in network security?

Answer 30

Prevents unauthorized devices from connecting to the network through methods like physical security, MAC filtering, and IEEE 802.1X.

Question 31

What is IEEE 802.1X used for in port security?

Answer 31

Port-based Network Access Control requiring device authentication using EAP and RADIUS protocols.

Question 32

What are Air-Gapped Networks?

Answer 32

Networks completely isolated from other networks, including the Internet, used in highly secure environments.

Question 33

What are Secure Administrative Workstations (SAW)?

Answer 33

Dedicated systems with minimal attack surfaces for administrative tasks to reduce the risk of credential theft.

Question 34

What factors should be considered in Network Architecture Design?

Answer 34

Costs, Compute and Responsiveness, Scalability and Ease of Deployment, Availability, Resilience and Ease of Recovery, Power, Patch Availability, Risk Transference.

Question 35

Compare On-Premises and Cloud Networking.

Answer 35

On-Premises: Greater control and customization but high capital costs, low scalability, and complex recovery procedures. Cloud Networking: Scalability, flexibility, often better resilience but with ongoing costs and dependency on service providers.

Question 36

What is Zone-Based Network Security Architecture?

Answer 36

Ensures traffic between and within zones complies with access control policies, enforcing segmentation and monitoring traffic.

Question 37

What is the principle of Defense in Depth in device placement?

Answer 37

Implementing multiple layers of security controls across the OSI model to enhance protection.

Question 38

What are the three types of security controls based on their function?

Answer 38

Preventive Controls, Detective Controls, Corrective Controls.

Question 39

Where are Preventive Controls typically placed?

Answer 39

At network segment or zone borders, such as firewalls and load balancers.

Question 40

What are Detective Controls and where are they placed?

Answer 40

Controls that monitor internal traffic and alert on malicious activity, typically placed within the perimeter (e.g., Intrusion Detection Systems - IDS).

Question 41

What are examples of Preventive, Detective, and Corrective Controls on individual hosts?

Answer 41

Host firewalls, antivirus software, and data loss prevention systems.

Question 42

Differentiate between Active and Passive Controls.

Answer 42

Passive Controls: Do not require client or agent configuration (e.g., traffic mirroring, TAPs). Active Controls: Require configuration and interaction with hosts (e.g., firewalls, intrusion prevention systems).

Question 43

What is Inline Deployment of security devices?

Answer 43

Devices are part of the cable path, processing all traffic, allowing active blocking or allowing of traffic.

Question 44

What is Tap/Monitor Deployment of security devices?

Answer 44

Devices passively copy traffic without being in the direct path, allowing monitoring without impacting traffic flow.

Question 45

Explain Fail-Open and Fail-Closed modes.

Answer 45

Fail-Open: Preserves network access during a failure but poses a security risk if exploited. Fail-Closed: Blocks access during a failure, maintaining security but potentially causing downtime.

Question 46

What is a Firewall in network security?

Answer 46

A preventive control that enforces access policies on traffic entering and exiting network zones.

Question 47

What are the types of Firewalls based on their operation layers?

Answer 47

Packet Filtering Firewalls, Layer 4 (Transport Layer) Firewalls, and Layer 7 (Application Layer) Firewalls.

Question 48

How do Packet Filtering Firewalls function?

Answer 48

Inspect IP headers and enforce ACLs based on IP addresses, protocols, and ports by accepting, dropping, or rejecting packets.

Question 49

What are the different appliance types for Firewalls?

Answer 49

Routed (Layer 3), Bridged (Layer 2), and Inline (Layer 1).

Question 50

What features do Layer 4 Firewalls offer?

Answer 50

Stateful inspection and session tracking based on transport layer information like TCP/UDP sessions.

Question 51

What features do Layer 7 Firewalls offer?

Answer 51

Deep packet inspection and application-aware filtering based on application protocols.

Question 52

What are Forward Proxy Servers used for?

Answer 52

Manage outbound traffic from clients to the Internet, providing traffic management, caching, and enhanced security.

Question 53

What are Reverse Proxy Servers used for?

Answer 53

Manage inbound traffic from the Internet to internal servers, offering load balancing, security, and SSL termination.

Question 54

What is the function of Intrusion Detection Systems (IDS)?

Answer 54

Monitor network or system traffic for malicious activity and generate alerts or log entries without blocking traffic.

Question 55

How do Intrusion Prevention Systems (IPS) differ from IDS?

Answer 55

IPS not only detect but also actively block or mitigate malicious traffic by actions like blocking source IPs or resetting connections.

Question 56

What are Next-Generation Firewalls (NGFW)?

Answer 56

Firewalls with Layer 7 application awareness, deep packet inspection, integrated IPS, and SSL/TLS inspection for enhanced security.

Question 57

What is Unified Threat Management (UTM)?

Answer 57

A consolidated security solution integrating multiple security functions like firewall, antivirus, IPS, spam filtering, VPN, and data loss prevention.

Question 58

What are the advantages and disadvantages of UTM?

Answer 58

Advantages: Simplified management and cost-effective for SMBs. Disadvantages: Potential single point of failure and performance bottlenecks.

Question 59

What is the purpose of Load Balancers in network architecture?

Answer 59

Distribute client requests across multiple server nodes to ensure scalability and availability.

Question 60

Differentiate between Layer 4 and Layer 7 Load Balancers.

Answer 60

Layer 4: Forward traffic based on IP addresses and TCP/UDP ports with lower latency. Layer 7: Forward traffic based on application-layer data like URLs and content types for advanced routing decisions.

Question 61

What are common Scheduling Algorithms used by Load Balancers?

Answer 61

Round Robin, Least Connections, and Response Time.

Question 62

What are Source IP Affinity and Session Persistence in Load Balancing?

Answer 62

Source IP Affinity: Sticks a client to a specific server based on IP address. Session Persistence: Maintains client-server sessions using cookies or other methods.

Question 63

What is a Web Application Firewall (WAF)?

Answer 63

A firewall that protects web applications by filtering and monitoring HTTP/HTTPS traffic against attacks like SQL injection and cross-site scripting (XSS).

Question 64

How are WAFs deployed?

Answer 64

As appliances positioned in front of web servers or as software plugins integrated into web server platforms.

Question 65

What are the benefits of implementing WAFs?

Answer 65

Enhanced security against application-specific attacks and detailed logging for threat analysis.

Question 66

What is Remote Access Architecture?

Answer 66

Users connect to the network through intermediate networks rather than direct cabled or wireless connections.

Question 67

What are the main Topologies in Remote Access Architecture?

Answer 67

Client-to-Site VPN (Telecommuter Model), Site-to-Site VPN, and Host-to-Host Tunnel.

Question 68

Describe Client-to-Site VPN.

Answer 68

Allows remote users to connect to the corporate network via a secure tunnel using VPN clients and gateways with protocols like TLS and IPsec.

Question 69

Describe Site-to-Site VPN.

Answer 69

Connects two or more private networks securely over the Internet automatically without needing client configuration at individual hosts, typically using IPsec.

Question 70

What is a Host-to-Host Tunnel?

Answer 70

Secures traffic between two specific computers without trusting the intermediary network.

Question 71

What is the primary purpose of Virtual Private Networks (VPNs)?

Answer 71

To securely transmit data over untrusted networks by creating encrypted tunnels.

Question 72

What are the main VPN Protocols?

Answer 72

Transport Layer Security (TLS) and Internet Protocol Security (IPsec).

Question 73

What is Transport Layer Security (TLS) used for in VPNs?

Answer 73

Commonly used for client-to-site VPNs, providing encrypted tunnels with mutual authentication using digital certificates.

Question 74

What is Internet Protocol Security (IPsec) used for in VPNs?

Answer 74

Commonly used for site-to-site VPNs and remote access, providing data integrity and confidentiality through AH and ESP protocols in Transport or Tunnel modes.

Question 75

What are the two modes of IPsec?

Answer 75

Transport Mode (secures communication between hosts by encrypting only the payload) and Tunnel Mode (secures communication between networks by encrypting the entire IP packet).

Question 76

What is Internet Key Exchange (IKE)?

Answer 76

A protocol used to establish security associations for IPsec, involving two phases: authentication and key exchange (Phase I) and negotiation of encryption and hashing algorithms (Phase II).

Question 77

What are the differences between IKEv1 and IKEv2?

Answer 77

IKEv1: Designed for site-to-site and host-to-host VPNs, requires additional protocols for remote access. IKEv2: Supports EAP authentication, simpler setup, NAT traversal, and MOBIKE for multihoming.

Question 78

What are the types of Remote Desktop Access?

Answer 78

Command Line Access (e.g., SSH) and Graphical Access (e.g., RDP, TeamViewer, VNC, HTML5 VPNs).

Question 79

What are the Security Considerations for Remote Desktop Access?

Answer 79

Encryption, strong authentication (including MFA), and access control measures like jump servers and restricted access.

Question 80

What is Secure Shell (SSH) used for?

Answer 80

Secure remote access to command-line interfaces.

Question 81

What are the components of SSH?

Answer 81

Host Key

Question 82

What are the types of Desktop Access?

Answer 82

Command Line Access (e.g., SSH) and Graphical Access (e.g., RDP, TeamViewer, VNC, HTML5 VPNs).

Question 83

What are the components of SSH?

Answer 83

Host Key (public/private key pair) and Client Authentication Methods (Username/Password, Public Key Authentication, Kerberos).

Question 84

What are the Best Practices for SSH?

Answer 84

Regularly update and manage public keys, remove compromised keys, disable password authentication if using key-based methods.

Question 85

What are Jump Servers in SSH configurations?

Answer 85

Centralized servers that control access to other servers, reducing the attack surface by limiting direct access to sensitive systems.

Question 86

What is Out-of-Band Management (OOB)?

Answer 86

Management traffic is separated from regular network traffic using methods like serial consoles, dedicated management VLANs, or separate physical networks.

Question 87

What are the advantages and challenges of Air-Gapped Networks?

Answer 87

Advantages: High security and minimal attack surface. Challenges: Complex management, secure media handling, and manual updates.

Question 88

What are the purposes of Secure Administrative Workstations (SAW)?

Answer 88

Dedicated systems with minimal attack surfaces for administrative tasks to reduce the risk of credential theft and unauthorized access.

Question 89

What are the key factors to consider in Secure Communications Architecture?

Answer 89

Costs, Compute and Responsiveness, Scalability and Ease of Deployment, Availability, Resilience and Ease of Recovery, Power, Patch Availability, Risk Transference.

Question 90

Compare On-Premises and Cloud Networking in the context of Secure Communications.

Answer 90

On-Premises: Greater control and customization but high capital costs, limited scalability, and complex disaster recovery. Cloud Networking: Scalability, flexibility, often better resilience but with ongoing costs and dependency on service providers.

Question 91

What is a Host Key in SSH?

Answer 91

A public/private key pair that uniquely identifies the SSH server.

Question 92

What are the Client Authentication Methods in SSH?

Answer 92

Username/Password, Public Key Authentication, and Kerberos using GSSAPI.

Question 93

What are the Best Practices for Managing SSH Keys?

Answer 93

Regularly update and manage public keys, remove compromised keys, and disable password authentication if using key-based methods.

Question 94

What are Advanced Configurations in SSH?

Answer 94

Implementing Jump Servers and Out-of-Band Management to centralize and secure access to multiple hosts.