Network Security Concepts & Solutions

Question 1

What is encryption?

Answer 1

The process of converting plaintext into ciphertext using a mathematical formula

Decryption requires running the data through the formula again with the same key.

Question 2

What are the two main parts of encryption?

Answer 2

• Key
• Cipher (formula)

The complexity of the formula and the length of the key determine the strength of the encryption.

Question 3

What types of data can be encrypted?

Answer 3

• Data at rest (stored)
• Data in motion (moving)

Different encryption types may be used for each type of data.

Question 4

What does authentication guarantee in encryption?

Answer 4

Authentication guarantees that the data comes from a verified source and has not been tampered with during transmission

This ensures that the data comes from a verified source.

Question 5

What is non-repudiation in the context of encryption?

Answer 5

Non-repudiation a critical component of network security, ensuring that a party involved in a digital transaction, or communication cannot deny the authenticity of their actions

It provides undeniable proof of the origin and integrity of data, preventing individuals from disavowing their participation in a communication or transaction.

Question 6

What is the difference between symmetric and asymmetric encryption?

Answer 6

• Symmetric: Same key for encryption and decryption
• Asymmetric: Two mathematically related keys (key pair)

Symmetric encryption is faster, while asymmetric encryption allows for secure key sharing.

Question 7

What is a key pair in asymmetric encryption?

Answer 7

• Public key
• Private key

The public key can be shared, while the private key must remain confidential.

Question 8

What is Identity Access Management (IAM)?

Answer 8

IAM a cybersecurity framework that ensures the right individuals and systems have the appropriate access to digital resources at the right time and for the right reasons

It governs how users are identified, authenticated, authorized, and audited within an organization’s IT environment

Question 9

What is the purpose of permissions management?

Answer 9

Permissions management determines user access to network resources

It specifies what users can view or change within the network.

Question 10

What is geofencing?

Answer 10

Geofencing the use of location-based technology, such as GPS, RFID, Wi-Fi, or cellular data to create a virtual boundary around a specific geographic location

It can use GPS, Wi-Fi, or RFID to send notifications when users enter or exit a designated area.

Question 11

What are bollards?

Answer 11

Bollards vertical posts typically made from materials such as metal, concrete, stone, wood, or plastic designed to serve as physical and visual barriers in various environments that block entry

They are pylons that can be temporary or permanent, and are placed strategically to prevent unauthorized access.

Question 12

What is an access control vestibule?

Answer 12

Access control vestibule a secured entryway with two doors, each controlled by access systems. It prevents unauthorized access and is effective in high-security situations

Think of it as a buffer zone—a space between two secure areas where access is controlled but not necessarily interlocked

Question 13

What is a mantrap?

Answer 13

Mantrap a A high-security interlock system with two interdependent doors; only one door can open at a time (interlocking mechanism)

Mantrap is like a security airlock—you must be fully authenticated and isolated before proceeding, and the system ensures only one person passes at a time.

Question 14

What is the Common Access Card (CAC)?

Answer 14

CAC a DoD smart ID card used by military personnel, civilian employees, and eligible contractors to securely access physical facilities and DoD computer networks.

It contains personal identifiers and can be read by electronic card readers.

Question 15

What is a honeypot?

Answer 15

A virtual trap designed to attract hackers

It helps understand hacker behaviors and techniques.

Question 16

What is the difference between a honeypot and a honeynet?

Answer 16

• Honeypot: A single system designed to attract attackers
• Honeynet: A collection of honeypots that simulate a legitimate network

Honeynets are used to gather more comprehensive data on attacker behavior.

Question 17

What is the CIA triad in network security?

Answer 17

• Confidentiality
• Integrity
• Availability

These are the core principles of information security.

Question 18

What is risk in the context of information systems?

Answer 18

Risk is the potential for loss or damage when a threat exploits a vulnerability in a system,

It relates to compromising the confidentiality, integrity, or availability of information.

Question 19

What factors determine the level of risk associated with an asset?

Answer 19

Risk level determined by:

• Impact of losing the asset and how it affects business continuity
• Likelihood of an adverse event occurring

If losing the asset has little effect, the risk is low; if it is vital, the risk is high.

Question 20

An exploit is defined as what?

Answer 20

Exploit method of taking advantage of a vulnerability

Exploits can be apps or snippets of code designed to perform malicious acts on a vulnerable system.

Question 21

What are two ways exploits can compromise systems?

Answer 21

• Vulnerabilities in operating systems and applications
• Misconfigured network devices

Every operating system or application has some sort of vulnerability.

Question 22

What is a zero-day exploit?

Answer 22

Zero-day exploit a cyberattack that targets a previously unknown software vulnerability—one that the vendor hasn’t had time to patch or even discover

These types of attacks are rare but can be complex and difficult to mitigate.

Question 23

What is social engineering in the context of network security?

Answer 23

Social engineering is using human behavior against individuals to compromise a system

Training is vital to protect the network from social engineering attacks.

Question 24

What does a threat refer to in information security?

Answer 24

An event that threatens to do harm

Harm can include unauthorized access, disruption, or damage to IT infrastructure.

Question 25

What does being **compliant** mean in the context of data security?

Answer 25

**Compliant** is adhering to standards created by industry and using best practices ## Footnote Compliance protects user data and ensures a reliable IT infrastructure.

Question 26

What is the purpose of a **compliance audit**?

Answer 26

**Compliant audit** evaluates whether an organization is adhering to external regulations, internal policies, and industry standards—ensuring legal, ethical, and operational accountability ## Footnote Compliance audits compare operations and practices to industry and regulatory requirements.

Question 27

What is the **Payment Card Industry Data Security Standard (PCI DSS)**?

Answer 27

**PCI DSS** a set of guidelines for creating a secure environment for processing, storage, and transmission of payment card information ## Footnote It addresses vulnerabilities in data security related to customer credit information.

Question 28

What is the primary importance of **network segmentation**?

Answer 28

**Network segmentation** prevents traffic from one data stream interfering with traffic from another data stream ## Footnote This is crucial for maintaining a secure and responsive network infrastructure.

Question 29

How can devices be assigned networks in **network segmentation**?

Answer 29

Devices are assigned to networks: * According to predefined criteria * By controlling communications between networks ## Footnote For example, guest devices may be restricted from accessing corporate traffic.

Question 30

What are the two ways to separate networks?

Answer 30

* Physically * Logically ## Footnote Physical separation involves separate wires and devices, while logical separation can use VLANs.

Question 31

What is **micro segmentation**?

Answer 31

**Micro segmentation** further isolates traffic from specific devices or applications ## Footnote It examines traffic based on application layer information.

Question 32

True or false: **Micro segmentation** allows all traffic to travel outside its connection.

Answer 32

FALSE ## Footnote Micro segmentation creates a completely private channel for specific traffic.

Question 33

What is a key advantage of **network segmentation**?

Answer 33

*Network segmentation improves security* ## Footnote If a device is compromised, it cannot affect other devices on separate networks.

Question 34

What is the purpose of **network access control (NAC)**?

Answer 34

**NAC** enforces security policies by controlling which users and devices can access a network, ensuring that only authenticated, authorized, and compliant endpoints are allowed in ## Footnote It includes concepts like port security, 802.1X, and MAC filtering.

Question 35

What is **port security**?

Answer 35

**Port security** a Layer 2 security feature implemented on switch ports to control access by filtering incoming frames/ingress traffic based on the MAC addresses of connected devices ## Footnote It helps prevent unauthorized access to the network.

Question 36

What does **802.1X** do?

Answer 36

Authenticates a user or system before allowing access to network resources ## Footnote It is commonly used for wireless connections.

Question 37

What is a **Human Machine Interface**?

Answer 37

A simple interface for controlling devices like Programmable Logic Controllers ## Footnote It allows users to send commands and receive telemetry.

Question 38

What is the role of **device hardening techniques**?

Answer 38

To secure devices by changing default settings and disabling unused ports and services ## Footnote Examples include changing default passwords and closing open ports.

Question 39

What is the recommended method for creating a secure connection in Linux?

Answer 39

Using **SSH** connections ## Footnote SSH provides an encrypted connection, unlike Telnet.

Question 40

What is the importance of **documenting configurations**?

Answer 40

Documenting configurations is essential for maintaining a reliable, consistent, and secure IT environment ## Footnote It ensures that all system components—such as hardware, software, network settings, and dependencies—are accurately recorded, enabling teams to reproduce, troubleshoot, and manage systems effectively across different environments

Question 41

What is the purpose of **MAC filtering** in network security?

Answer 41

To restrict network access based on allowed MAC addresses ## Footnote MAC filtering can be fooled by tools that spoof allowed MAC addresses.

Question 42

Which **WPA protocol** is recommended for wireless clients when implementing MAC filtering?

Answer 42

WPA3 ## Footnote WPA protocols provide extra protection and encryption to help prevent MAC spoofing.

Question 43

Name some additional security strategies that should be combined with **MAC filtering**.

Answer 43

* VPNs * Antivirus * Firewalls ## Footnote These are part of a complete, secure network access solution.

Question 44

What is **URL filtering**?

Answer 44

**URL filtering** a security technique that controls access to websites based on their URLs, allowing or blocking requests according to predefined rules. ## Footnote URL filtering helps manage web access and protect users from harmful sites.

Question 45

What is **content filtering**?

Answer 45

**Content filtering** a security technique used to monitor, restrict, or block access to specific types of digital content based on predefined rules ## Footnote Content filtering is often built into firewalls and is essential for network security.

Question 46

What is the main focus of the **Key Management Concepts**?

Answer 46

The main focus is to recognize how key management ensures the security of cryptographic keys ## Footnote Cryptographic keys are vital for encryption, decryption, and user authentication.

Question 47

True or false: **Encryption keys** are not crucial for an organization's security.

Answer 47

FALSE ## Footnote Compromised encryption keys can allow unauthorized access to sensitive information.

Question 48

What is a significant drawback of **asymmetric encryption**?

Answer 48

A drawback is that it's processor intensive and slower than symmetric ## Footnote Asymmetric encryption involves more complex computations.

Question 49

What is the role of the **private key** in asymmetric encryption?

Answer 49

**Private key** in *asymmetric encryption* the private key plays the critical role of securely decrypting data and generating digital signatures ## Footnote The private key is essential for decrypting messages encrypted with the public key.

Question 50

What is the purpose of **key rotation**?

Answer 50

Key rotation periodically changes keys to protect against compromise ## Footnote Old data is decrypted with the old key and re-encrypted with the new key.

Question 51

What happens to data encrypted with a **revoked key**?

Answer 51

The data can never be accessed ## Footnote Revoked keys must be tracked to prevent accidental use.

Question 52

What is the concept of **separation of duties** in key management?

Answer 52

The concept has different individuals responsible for different steps in the key management process ## Footnote This reduces the risk of a single point of failure or compromise.

Question 53

What is **Trusted Platform Module** (TPM)?

Answer 53

**TPM** a specialized hardware chip or embedded module that provides secure cryptographic functions to protect sensitive data, ensure system integrity, and enable trusted computing

Question 54

What is a **Hardware Security Module** (HSM)?

Answer 54

**HSM** a physical computing device designed to safeguard and manage cryptographic keys and perform cryptographic operations, such as encryption, decryption, digital signing, and authentication ## Footnote HSMs provide a high level of security for key management.

Question 55

What is the **Principle of Least Privilege** in key management?

Answer 55

**PoLP** ensures a users' access to keys should be limited to only what is necessary for them to perform their work ## Footnote This principle helps minimize potential security breaches.

Question 56

What is part of a **comprehensive network security plan**?

Answer 56

* Controlling access to data at rest * Controlling access to network resources * Implementing network security rules ## Footnote These elements are essential for protecting network integrity and data security.

Question 57

What do **access control lists** (ACLs) do?

Answer 57

**ACLs** rule-based filters used in networking and operating systems to control the flow of traffic or access to resources based on defined criteria such as IP addresses, protocols, ports, or user identities. ## Footnote ACLs are crucial for managing user permissions and network traffic.

Question 58

Where are **Network ACLs** located?

Answer 58

**Network ACLs** are typically located at key points **within a network infrastructure** to manage and filter traffic ## Footnote They are commonly placed on edge routers that border the public internet, acting as a first line of defense by filtering traffic before it reaches internal networks

Question 59

True or false: **Access control lists** can prevent unwanted users from accessing resources.

Answer 59

TRUE ## Footnote ACLs are designed to restrict access based on defined rules.

Question 60

What are the two types of **access control lists (ACLs)?**

Answer 60

* **Filesystem** ACLs * **Network** ACLs ## Footnote Each type serves different purposes in managing access to resources.

Question 61

Where are **Filesystem ACLs** located?

Answer 61

**Filesystem ACLs** are located on storage devices, such as file servers or database servers ## Footnote They determine user access levels to stored data.

Question 62

What is the role of a **tripled-homed firewall**?

Answer 62

**Tripled-homed firewall** uses a single firewall with *three network interfaces* to isolate and control traffic between the **internet**, a **DMZ**, and an **internal network**. ## Footnote It enhances security by controlling traffic flow between trusted, DMZ, and untrusted networks.

Question 63

What are some common types of **filters?**

Answer 63

* DNS filters * Proxy filters * Email filters * Search engine filters * Internet and web filters ## Footnote Each type serves to manage and control different aspects of network traffic.

Question 64

What is a **security zone**?

Answer 64

**Security zone** a network where users and devices share a common security stance ## Footnote Security zones help protect corporate networks while allowing external access.

Question 65

What are the **three typical zones** in a network configuration?

Answer 65

* Trusted network * Untrusted network * Demilitarized Zone (DMZ) ## Footnote These zones help isolate and manage traffic between different network segments.

Question 66

What is a **Bastion host**?

Answer 66

A public-facing server located in the DMZ ## Footnote Bastion hosts accept incoming connections and help protect the internal network.