Security Infrastructure

Question 1

What is port 21 used for?

Answer 1

FTP – TCP – used to transfer files between computers.

FTP 文件传输协议，用来在电脑之间传文件（像上传、下载）。

Question 2

What is port 22 used for?

Answer 2

SSH – TCP – used for secure remote login to servers.

SSH 安全远程登录协议，像用命令行远程控制服务器，很安全。

Question 3

What is port 23 used for?

Answer 3

Telnet – TCP – used for remote login, but not secure.

Telnet 远程登录协议，数据是明文的，很不安全，已经淘汰。

Question 4

What is port 25 used for?

Answer 4

SMTP – TCP – used to send emails.

SMTP 发送邮件用的协议，常用于发邮件服务器之间通信。

Question 5

What is port 53 used for?

Answer 5

DNS – TCP/UDP – used to turn website names into IP addresses.

DNS 域名解析，把网址（例如 google.com）转换成 IP 地址。

Question 6

What is port 80 used for?

Answer 6

HTTP – TCP – used for browsing regular (non-encrypted) websites.

HTTP 协议，用来打开普通网页（没有加密）。

Question 7

What is port 443 used for?

Answer 7

HTTPS – TCP – used for secure websites (encrypted).

HTTPS 是加密版的 HTTP，用来打开安全网页，比如银行网站。

Question 8

What is port 110 used for?

Answer 8

POP3 – TCP – used to receive email and download it to your device.

POP3 是旧版收邮件协议，收到邮件后就下载到本地。

Question 9

What is port 143 used for?

Answer 9

IMAP – TCP – used to read email without downloading it.

IMAP 是新版收邮件协议，邮件保存在服务器上，可以多设备同步。

Question 10

What is port 3389 used for?

Answer 10

RDP – TCP – used for remote desktop access to Windows systems.

RDP 是远程桌面协议，用来远程操作 Windows 电脑。

Question 11

What is a firewall?

Answer 11

A firewall is a device or software that controls network traffic based on rules.

防火墙是控制网络流量的设备或软件，根据规则允许或阻止连接。

Question 12

What is the main function of a firewall?

Answer 12

To block unauthorized access and allow safe traffic.

防止未经授权的访问，同时允许合法流量通过。

Question 13

What is a packet filtering firewall?

Answer 13

It checks IP addresses and port numbers, but not content.

它只检查 IP 和端口，不看数据内容，工作在第4层。

Question 14

What is a stateful firewall?

Answer 14

It tracks connection status and allows return traffic for valid sessions.

它会“记住连接”，允许合法请求返回的数据通过。

Question 15

What is a proxy firewall?

Answer 15

It makes requests on behalf of the user and filters traffic at the application layer.

它代表用户与外部通信，能看懂内容，过滤更精准。

Question 16

What is a Next-Generation Firewall (NGFW)?

Answer 16

It adds deep packet inspection, application control, and built-in IPS.

比普通防火墙更强大，可以检查数据内容、识别 App，还能防攻击。

Question 17

What is a Web Application Firewall (WAF)?

Answer 17

A firewall that protects websites from attacks like SQL injection and XSS.

专门保护网站，能防止 SQL 注入、跨站脚本等攻击。

Question 18

What is a screened subnet (DMZ)?

Answer 18

A separate network zone that hosts public services and isolates them from internal systems.

放网站服务器的“中间地带”，跟内网隔开，防止被入侵波及。

Question 19

What is the difference between Layer 4 and Layer 7 firewalls?

Answer 19

Layer 4 checks ports/protocols; Layer 7 checks app-level content like URLs.

第4层看端口和协议，第7层能看懂网页内容或App行为。

Question 20

What’s a key takeaway about firewalls?

Answer 20

Firewalls enforce rules to protect the network—some are basic, others are advanced with app awareness and attack prevention.

防火墙通过规则保护网络，有的简单，有的能识别应用甚至防攻击。

Question 21

What is an Access Control List (ACL)?

Answer 21

A set of rules used by firewalls to allow or deny traffic.

ACL 是一组防火墙规则，用来决定哪些流量可以通过，哪些要被拦。

Question 22

What are the common components of an ACL rule?

Answer 22

Source IP, destination IP, port, and action (allow/deny).

来源 IP、目标 IP、端口号、允许或拒绝的动作。

Question 23

Why is rule order important in ACLs?

Answer 23

The firewall checks rules top-down and stops at the first match.

规则是从上往下执行的，遇到匹配的就不再继续查了。

Question 24

What is the best practice for ACL rule order?

Answer 24

Put specific rules first and general “deny all” last.

越具体的规则越往上放，最底下一般是“全部拒绝”。

Question 25

What does “implicit deny” mean in firewalls?

Answer 25

If no rules match, traffic is denied by default. ## Footnote 如果没有匹配到规则，默认就拒绝这条流量（不需要你手动写）。

Question 26

How can ACLs be configured?

Answer 26

Using either a web interface (GUI) or command line (CLI). ## Footnote 可以通过图形界面（像网页）或命令行界面来配置。

Question 27

What’s the purpose of logging in firewall configuration?

Answer 27

To track blocked traffic and troubleshoot issues. ## Footnote 记录被拦的流量，方便排错和安全审计。

Question 28

What happens if multiple ACL rules match a packet?

Answer 28

Only the first matching rule is applied. ## Footnote 只执行第一条匹配到的规则，后面的忽略。

Question 29

What is a “deny all” rule used for?

Answer 29

To block all traffic that wasn’t explicitly allowed. ## Footnote 拦住所有没有被允许的流量，是最后的安全底线。

Question 30

What’s a key takeaway about firewall rule configuration?

Answer 30

Rule order matters a lot—firewall rules are like traffic signs, one mistake can block everything. ## Footnote 规则顺序特别重要，像路标一样，顺序错了可能全网都不通。

Question 31

What is an IDS?

Answer 31

IDS (Intrusion Detection System) detects suspicious traffic and sends alerts. ## Footnote IDS 是入侵“检测”系统，发现可疑流量后会报警，但不会拦。

Question 32

What is an IPS?

Answer 32

IPS (Intrusion Prevention System) detects and blocks malicious traffic. ## Footnote IPS 是入侵“防御”系统，发现威胁后会直接阻止它进入。

Question 33

What’s the difference between IDS and IPS?

Answer 33

IDS only alerts; IPS alerts and blocks. ## Footnote IDS 只报警，IPS 会拦截。一个是观察者，一个是战斗者。

Question 34

What are the main types of IDS?

Answer 34

NIDS (Network), HIDS (Host), WIDS (Wireless). ## Footnote 网络型 IDS（NIDS）、主机型（HIDS）、无线型（WIDS）。

Question 35

What does a NIDS monitor?

Answer 35

Traffic across the whole network. ## Footnote NIDS 监控整个网络的流量，像个“交通摄像头”。

Question 36

What does a HIDS monitor?

Answer 36

Activity on a specific computer or server. ## Footnote HIDS 监控某台设备内部的行为，比如文件被改、进程异常等。

Question 37

What is signature-based detection?

Answer 37

It looks for known attack patterns. ## Footnote 它靠数据库识别“已知攻击”，像查杀毒软件的病毒库。

Question 38

What is anomaly-based detection?

Answer 38

It detects behavior that’s different from normal patterns. ## Footnote 它通过比较“平时行为”和“现在行为”发现异常。

Question 39

How is an IDS usually deployed?

Answer 39

In passive mode—traffic is mirrored to it for monitoring. ## Footnote IDS 是旁路监听，复制一份流量来看，不影响原始通道。

Question 40

What’s the key takeaway about IDS and IPS?

Answer 40

IDS watches and alerts; IPS steps in to block—use both for layered defense. ## Footnote IDS 是眼睛，IPS 是盾牌，配合使用最安全。

Question 41

What is a load balancer?

Answer 41

It distributes traffic across multiple servers to prevent overload. ## Footnote 它把访问请求平均分配给多台服务器，防止某台被挤爆。

Question 42

What does a proxy server do?

Answer 42

It forwards requests on behalf of users and can filter or cache content. ## Footnote 它代替用户发请求，可做内容过滤、加速、隐藏 IP。

Question 43

What is a jump server (jump box)?

Answer 43

A secure gateway used by admins to access internal systems. ## Footnote 管理员登录服务器前必须先通过的中转机，提高安全性和审计能力。

Question 44

What does a network sensor do?

Answer 44

It monitors and analyzes traffic to detect unusual activity. ## Footnote 它用来“监听”流量，发现异常行为，是 IDS 的好搭档。

Question 45

What’s the purpose of a proxy cache?

Answer 45

It saves copies of frequently accessed content to speed up requests. ## Footnote 缓存常访问的网页或文件，提高访问速度，节省带宽。

Question 46

What is the difference between a load balancer and a proxy?

Answer 46

Load balancer splits traffic across servers; proxy forwards client requests. ## Footnote 负载均衡器分发“服务端”，代理服务器代替“客户端”。

Question 47

How do sensors help in cybersecurity?

Answer 47

They provide real-time traffic data to IDS/IPS for threat detection. ## Footnote 它把实时流量送给 IDS/IPS 检查，用来发现攻击或异常。

Question 48

What is an Application Delivery Controller (ADC)?

Answer 48

An advanced load balancer with security, compression, and optimization features. ## Footnote 增强版负载均衡器，还能加速、加密、防攻击。

Question 49

What’s a key benefit of using a jump server?

Answer 49

It controls and logs admin access, reducing attack surface. ## Footnote 集中控制管理员登录，减少攻击面，还能记录操作。

Question 50

What’s the key takeaway about network appliances?

Answer 50

Each appliance has a unique job—together, they make networks faster, safer, and more manageable. ## Footnote 每个设备都各司其职，组合使用能让网络更快、更安全、更好管理。

Question 51

What is port security?

Answer 51

A switch feature that restricts which devices can connect based on MAC address. ## Footnote 交换机上的一种安全功能，根据 MAC 地址限制谁能接入网络。

Question 52

Why is port security important?

Answer 52

It prevents unauthorized devices from connecting to the internal network. ## Footnote 防止外人插网线就进来，保护内部网络不被随意访问。

Question 53

What does a switch use to identify devices?

Answer 53

MAC address – the unique hardware address of each network device. ## Footnote MAC 地址，每台设备都有唯一编号，交换机靠它来识别。

Question 54

What is sticky MAC?

Answer 54

The switch automatically learns the MAC and locks it to the port. ## Footnote 交换机会自动“记住”第一个接入的 MAC，并把它绑定在端口上。

Question 55

What happens when an unauthorized device connects?

Answer 55

The switch can shut the port, restrict traffic, or just alert (based on config). ## Footnote 交换机会根据设置选择：关掉端口、报警、或只拒绝该设备。

Question 56

What is MAC spoofing?

Answer 56

When a device pretends to use another device’s MAC address to bypass security. ## Footnote 伪装成别人的 MAC 地址，试图混进网络，是一种攻击手段。

Question 57

What is 802.1X used for?

Answer 57

It provides authentication before network access is allowed. ## Footnote 它是一种端口级认证，必须先验证身份才能连接网络。

Question 58

What are the three roles in 802.1X?

Answer 58

Supplicant (user), Authenticator (switch), Authentication Server (RADIUS). ## Footnote 用户端（请求者）、交换机（验证者）、认证服务器（RADIUS）。

Question 59

What is the difference between RADIUS and TACACS+?

Answer 59

RADIUS is faster and works for many platforms; TACACS+ offers more control and is Cisco-specific. ## Footnote RADIUS 快、跨平台；TACACS+ 更细致、更安全，但偏 Cisco。

Question 60

What’s the key takeaway about port security?

Answer 60

It protects the physical entry point of your network—combine it with 802.1X for best results. ## Footnote 它是网络的“第一道门禁”，配合 802.1X 认证效果更强大。

Question 61

What is the purpose of a VPN?

Answer 61

It creates an encrypted tunnel over the internet to keep data safe. ## Footnote 它在公共网络上建立“加密隧道”，让你的数据传输更安全。

Question 62

What is the difference between full tunnel and split tunnel VPN?

Answer 62

Full: all traffic goes through VPN. Split: only work traffic goes through VPN. ## Footnote 全隧道：所有流量都走 VPN；分隧道：只有公司流量走 VPN，其它走本地。

Question 63

What is IPSec used for?

Answer 63

It encrypts and authenticates IP traffic, often used in VPNs. ## Footnote IP 层的加密协议，常用于 VPN，保护数据不被篡改或偷看。

Question 64

What’s the difference between Transport Mode and Tunnel Mode in IPSec?

Answer 64

Transport: encrypts only the data. Tunnel: encrypts entire packet. ## Footnote 传输模式只加密数据部分；隧道模式把整个包都包起来再发，常用于站点对站点。

Question 65

What is ESP in IPSec?

Answer 65

Encapsulating Security Payload – encrypts and authenticates packets. ## Footnote ESP 是用来加密和验证数据包的核心组件。

Question 66

What is TLS used for?

Answer 66

TLS encrypts data at the transport layer (like HTTPS). ## Footnote TLS 是传输层加密协议，比如你打开 https 网站就用了 TLS。

Question 67

What is DTLS and when is it used?

Answer 67

Datagram TLS – like TLS but for UDP, used in video calls or VoIP. ## Footnote UDP 版的 TLS，常用于视频会议、语音聊天等需要速度的应用。

Question 68

What are site-to-site and client-to-site VPNs?

Answer 68

Site-to-site connects two networks; client-to-site connects a user to the office. ## Footnote 站点对站点是公司与公司之间；客户端对站点是个人远程连公司。

Question 69

What does a clientless VPN use?

Answer 69

It uses a web browser (via HTTPS) to access resources—no software needed. ## Footnote 不需要安装软件，用浏览器登录就能访问公司资源。

Question 70

What’s the key takeaway about secure communication?

Answer 70

Encrypt data in transit, choose VPN and protocols based on risk and use case. ## Footnote 数据传输时一定要加密，选对 VPN 模式和协议，才能安全又高效。

Question 71

What is SD-WAN?

Answer 71

Software-Defined Wide Area Network – it manages WAN connections using software. ## Footnote 软件定义广域网，用软件来控制和优化公司各地之间的网络连接。

Question 72

Why do companies use SD-WAN?

Answer 72

To improve performance, flexibility, and security for branch connections. ## Footnote 它让分公司连总部更快、更稳、更安全，还能省网络成本。

Question 73

How is SD-WAN different from traditional WAN?

Answer 73

Traditional WAN is hardware-based; SD-WAN is software-controlled and cloud-friendly. ## Footnote 传统 WAN 靠硬件配置；SD-WAN 全靠软件控制，更适合连接云服务。

Question 74

What is SASE?

Answer 74

Secure Access Service Edge – combines network and security services in the cloud. ## Footnote 安全接入边缘，把网络功能和安全功能放到云端的一体化解决方案。

Question 75

What does SASE include?

Answer 75

It includes VPN, firewall, zero trust access, and cloud security tools. ## Footnote 包含 VPN、防火墙、零信任访问、云访问控制等一整套安全服务。

Question 76

Why is SASE important for modern businesses?

Answer 76

Because users work from anywhere and access cloud apps—it keeps everything secure. ## Footnote 因为员工在任何地方办公、用云服务，SASE 能统一加密、认证、防攻击。

Question 77

What are the benefits of SD-WAN?

Answer 77

It’s cost-effective, boosts app performance, and simplifies WAN management. ## Footnote 省钱、提速、好管理，非常适合有分支机构的公司。

Question 78

Which cloud providers support SASE-like services?

Answer 78

AWS, Azure, and Google Cloud all offer virtual networking and security tools. ## Footnote AWS、Azure、Google Cloud 都有虚拟网络 + 云安全组合服务。

Question 79

Is SD-WAN or SASE better?

Answer 79

They work together—SD-WAN for connection, SASE for security. ## Footnote 它们是搭档，SD-WAN 解决“怎么连”，SASE 负责“连了怎么保护”。

Question 80

What’s the key takeaway about SD-WAN and SASE?

Answer 80

SD-WAN connects branches efficiently, SASE makes those connections secure and cloud-ready. ## Footnote SD-WAN 负责连接各地网络，SASE 让这些连接更安全、更适应云时代。

Question 81

Why is device placement important in network design?

Answer 81

Proper placement ensures fast, secure, and efficient communication. ## Footnote 合理摆放能提高速度、增强安全、防止瓶颈或盲点。

Question 82

What is a screened subnet (DMZ)?

Answer 82

It separates public-facing servers from internal systems to reduce risk. ## Footnote 放网站、邮件等服务的“中间地带”，防止外部攻击波及内网。

Question 83

What is an attack surface?

Answer 83

All the places where an attacker can try to get in. ## Footnote 攻击者可能入侵的所有入口，总之越多越危险。

Question 84

How can we reduce the attack surface?

Answer 84

Disable unused services, restrict access, and close unneeded ports. ## Footnote 关掉没用的服务、端口和权限，做到最小开放。

Question 85

What are common connectivity types?

Answer 85

Wired (stable), Wireless (flexible), VPN (remote access), Cloud links. ## Footnote 有线稳、无线灵、VPN 安全远程、云连接灵活但要加密。

Question 86

What is the difference between active and passive devices?

Answer 86

Active devices can take action (e.g. IPS); passive only monitor (e.g. IDS). ## Footnote 主动设备能“动手”（拦截），被动设备只观察不干预。

Question 87

What does inline vs tap mean?

Answer 87

Inline = traffic must pass through. Tap = monitor copy only. ## Footnote Inline 是“主路”拦截，Tap 是“旁路”偷窥，不会影响流量。

Question 88

What is a fail-open vs fail-closed device?

Answer 88

Fail-open lets traffic through if device fails; fail-closed blocks all. ## Footnote Fail-Open：设备挂了就放行（保可用）；Fail-Closed：挂了就拦（保安全）。

Question 89

When would you choose fail-closed?

Answer 89

When security is more important than uptime, like in banks. ## Footnote 比如银行、政府，宁愿停运也不能让攻击流入。

Question 90

Key takeaway of infrastructure considerations?

Answer 90

Network design must balance performance, risk, and security by placing devices smartly. ## Footnote 设计网络时要合理布置设备，才能在速度、安全和稳定之间找到最佳平衡。

Question 91

What does “least privilege” mean?

Answer 91

Give users only the access they absolutely need—no more. ## Footnote 只给用户完成工作所需的最低权限，越少越安全。

Question 92

What is “defense in depth”?

Answer 92

Use multiple layers of security, so if one fails, others still protect. ## Footnote 像套娃一样多层保护，就算一层失效，还有其它层挡住攻击。

Question 93

What does a risk-based approach mean?

Answer 93

Focus on protecting the most important or vulnerable assets first. ## Footnote 优先保护最容易被攻击、最关键的系统或数据。

Question 94

What is lifecycle management of controls?

Answer 94

Regularly update, review, and retire controls as things change. ## Footnote 控制措施不是一设就完，要定期评估、更新或淘汰。

Question 95

What is the “open design principle”?

Answer 95

Security should be transparent and testable—not based on secrecy. ## Footnote 安全设计应该可以公开验证，而不是靠“藏着掖着”来安全。

Question 96

What’s the first step in selecting controls?

Answer 96

Assess the current state—know your assets, gaps, and risks. ## Footnote 先搞清楚你有什么系统，有什么漏洞，有多大风险。

Question 97

Why is stakeholder involvement important in security planning?

Answer 97

So controls match business needs and get supported. ## Footnote 安全方案得让业务配合，否则再强也推不动。

Question 98

What is benchmarking in security control selection?

Answer 98

Compare with industry standards like NIST or ISO. ## Footnote 对照 NIST、ISO 等标准，看看有没有遗漏或不达标的地方。

Question 99

What types of controls exist?

Answer 99

Technical (firewall), Administrative (policy), Physical (locks). ## Footnote 技术控制（如防火墙）、管理控制（如策略）、物理控制（如门禁）。

Question 100

Key takeaway of selecting infrastructure controls?

Answer 100

Use a structured, risk-aware, and flexible method to choose layered protections. ## Footnote 用有逻辑、懂风险、能调整的方法搭建多层次的安全体系。