Week 1

Question 1

what are the 5 weaknesses of a network design

Answer 1

Single point failure
Complex dependencies
Availability over confidentiality and integrity
Lack of documentation and change control
Overdependency on perimeter security

Question 2

What’s the difference between physical and logical topology?

Answer 2

Physical: Real layout (cables/devices)

Logical: Data flow paths (VLANs/IP routes)

Question 3

What is a zone in networking?

Answer 3

A zone is an isolated network segment with similar security needs.

Question 4

How is traffic managed between zones?

Answer 4

It’s filtered and controlled by a firewall.

Question 5

What are the 3 main types of network zones?

Answer 5

Intranet (Private)

Extranet (Partner Access)

Internet (Public)

Question 6

What are access blocks in enterprise architecture?

Answer 6

Host groups based on roles, grouped into zones for control and security.

Question 7

What is a DMZ (Demilitarized Zone) in networking?

Answer 7

A DMZ isolates Internet-facing hosts from the internal network for added security.

Question 8

Should internal communication pass through the DMZ?

Answer 8

No – direct communication through the DMZ should not be allowed

Question 9

How should communication to/from the DMZ be handled?

Answer 9

Use proxies to rebuild and filter packets before forwarding.

Question 10

What are bastion or jumpbox hosts?

Answer 10

Special-purpose servers in the DMZ

Not fully trusted by the internal network

Run minimal services

No local account credentials

Question 12

What is a screened subnet?

Answer 12

A network setup that uses two firewalls to protect the DMZ—one on each side.

Question 13

What does the edge firewall do?

Answer 13

Sits between Internet and DMZ

Allows only permitted traffic to DMZ

Also called the screening firewall/router

Question 14

What does the internal firewall do?

Answer 14

Sits between DMZ and LAN

Filters traffic from DMZ to internal network

Also called the choke firewall

Question 15

What is a choke point?

Answer 15

A narrow, controlled gateway that makes monitoring and access control easier.

Question 16

What is a triple-homed firewall?

Answer 16

A single router or firewall with three network interfaces:

One for Public/Internet

One for the DMZ

One for the LAN

Question 17

How does a triple-homed firewall control traffic?

Answer 17

It uses routing and filtering rules to control what traffic can pass between:

Internet ↔ DMZ

DMZ ↔ LAN

Internet ↔ LAN (usually blocked)

Question 18

What does a triple-homed firewall achieve?

Answer 18

It provides the same level of separation and control as a screened subnet but uses just one device instead of two firewalls.

Question 19

Why might small networks not use a full DMZ setup?

Answer 19

Due to limited budget or technical expertise.

Question 20

What can smaller networks use instead of a DMZ?

Answer 20

A dual-homed proxy/gateway server, acting as a screened host.

Question 21

What is a dual-homed gateway?

Answer 21

A system with two network interfaces (NICs):

One connected to the Internet (untrusted)

One connected to the internal network (trusted)

Question 22

What is the purpose of a dual-homed gateway?

Answer 22

To securely control access between the internal network and the Internet.

Question 23

What does a forward proxy server do?

Answer 23

It opens connections to the Internet on behalf of internal clients.

Question 24

What can a forward proxy server include?

Answer 24

Application-specific filters (e.g., web filtering)

User authentication

Can be transparent (hidden from users) or non-transparent (visible)

Question 25

What is a common use of a reverse proxy?

Answer 25

It opens connections to internal servers on behalf of external clients.

Question 26

What is a common use of a reverse proxy?

Answer 26

To protect internal web servers, balance load, or cache content for faster delivery.

Question 27

cyber attackers strategize their way to infiltrate an ­organization’s network and exfiltrate data, what are the series of stages that comprise the attack lifecycle

Answer 27

Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Act on Objective

Question 28

What happens in Stage 1: Reconnaissance?

Answer 28

Attackers gather info on targets (e.g., via phishing, LinkedIn, network scans).

Question 29

What happens in Stage 2: Weaponization?

Answer 29

Malware is created to exploit found vulnerabilities. Happens outside the network.

Question 30

What happens in Stage 3: Delivery?

Answer 30

Malware is sent—via email, fake files, or malicious websites.

Question 31

What happens in Stage 4: Exploitation?

Answer 31

Malware runs on the device, exploiting a vulnerability to gain access.

Question 32

What happens in Stage 5: Installation?

Answer 32

Malware installs a backdoor or rootkit for long-term access

Question 33

What happens in Stage 6: Command & Control (C2)?

Answer 33

Attacker communicates with infected device, sending commands and updates.

Question 34

What happens in Stage 7: Act on Objectives?

Answer 34

The attacker steals data, causes damage, or uses the device to reach a bigger target.

Question 35

What is a Next-Generation Firewall (NGFW)?

Answer 35

An advanced security device that combines multiple security features for better protection, visibility, and control over network traffic. (eg PaloAlto)

Question 36

What do packet filtering firewalls enforce?

Answer 36

A network access control list (ACL) to decide whether to allow, block, or log packets.

Question 37

What do they inspect in a packet?

Answer 37

Source/Destination IP Protocol type (TCP, UDP, ICMP, etc.) Source/Destination ports Direction: Inbound, outbound, or both

Question 38

*Are packet filtering firewalls stateful or stateless?

Answer 38

Stateless – they don’t remember previous packets or sessions.

Question 39

What is a downside of being stateless?

Answer 39

Least processing Vulnerable to attacks spread across multiple packets (e.g., session hijacking)

Question 40

What is a benefit of packet filtering firewalls?

Answer 40

They use minimal processing, making them fast and efficient.

Question 41

What do stateful firewalls use to track connections?

Answer 41

A state table that stores connection info.

Question 42

Which OSI layers do stateful firewalls operate at?

Answer 42

Layer 4 (Transport): Tracks sessions like TCP/UDP Layer 7 (Application): Validates protocols and filters traffic

Question 43

How are stateful firewalls better than stateless ones?

Answer 43

They remember session info, allowing smarter and more secure traffic control.

Question 44

What is the purpose of a Firewall Access Control List (ACL)?

Answer 44

To control traffic flow by allowing or denying packets based on set rules.

Question 45

What principle do ACLs follow?

Answer 45

The principle of least access (or least privilege) – only allow necessary traffic.

Question 46

Why is least access important?

Answer 46

It reduces the attack surface by blocking unnecessary or risky traffic.

Question 47

What does "Single-Pass" mean in Palo Alto’s architecture?

Answer 47

Each packet is processed once for classification, scanning, and policy enforcement.

Question 48

What is Parallel Processing in this architecture?

Answer 48

Uses dedicated hardware engines to handle different tasks simultaneously.

Question 49

How are planes organized in this architecture?

Answer 49

Data plane: Handles traffic Control plane: Manages configuration & updates

Question 50

What is the Control Plane used for?

Answer 50

Configuration Logging Reporting (Runs on its own CPU, RAM, and storage)

Question 51

What is Signature Matching used for?

Answer 51

Detects threats by matching against: Vulnerability exploits (IPS) Viruses, spyware Sensitive data like credit card and SSN

Question 52

What is the Security Processing function?

Answer 52

Uses parallel hardware to speed up complex security functions

Question 53

What is the role of Network Processing?

Answer 53

Manages packet-level tasks with hardware acceleration

Question 54

What is the core principle of Zero Trust Architecture?

Answer 54

Never trust, always verify — no traffic is trusted by default.

Question 55

What traffic is inspected in Zero Trust?

Answer 55

Inbound traffic Outbound traffic Internal traffic (within the network)