Network Security Definitions

Question 1

Define Least Privilege.

Answer 1

The practice of granting users the minimum necessary access rights to perform their job duties, preventing excessive permissions and reducing security risks.

Question 2

Define Patch Management.

Answer 2

The systematic process of identifying software vulnerabilities or bugs and applying patches (fixes) to operating systems or applications to improve security and performance.

Question 3

Define Endpoint Security.

Answer 3

Network security method where local security measures on every device (or endpoint) connected to a network are implemented (ie like antivirus, firewalls, and intrusion detection).

Goal: To protect each endpoint from threats and prevent them from becoming entry points for attackers into the network.

This includes protections like antivirus software, authentication and authorization mechanisms, local firewalls, and intrusion detection/prevention systems installed directly on each device to safeguard it independently from the broader network security controls.

Question 4

Define Media access control (MAC) filtering.

Answer 4

A network security method that restricts access by allowing only devices with approved physical (MAC) addresses to connect.

MAC filtering works by creating a list of approved MAC addresses—these are unique hardware identifiers assigned to each network device (like your laptop or phone). The network’s access point (like a router or switch) checks the MAC address of any device trying to connect. If the device’s MAC address is on the approved list, it’s allowed access; if not, it’s blocked.

This method limits network access strictly to known devices, helping prevent unauthorized devices from connecting, even if they know the network password. However, MAC addresses can be spoofed, so MAC filtering is often used alongside other security measures for stronger protection.

Question 5

Define Virtual Private Network (VPN).

Answer 5

Network security method:

Encrypts communications over public networks to provide secure remote access.

Question 6

Define Network Isolation/Segmentation.

Answer 6

Network security method:

Separates network traffic into segments to limit access and contain breaches.

Question 7

Define Firewalls.

Answer 7

Network security method:

Filter and monitor incoming/outgoing traffic based on rules to block malicious activity.

Question 8

Define Wi-Fi Protected Access (WPA).

Answer 8

Network security method:

Encrypts wireless network traffic to secure Wi-Fi connections.

Question 9

Define System Hardening.

Answer 9

Network security method:

Reduces attack surfaces by closing unused ports, removing unnecessary services, and enforcing strict permissions.

Question 10

Define Access Controls.

Answer 10

Network security method:

Implement policies like least privilege, zero trust, and multifactor authentication to control who can access what.

Question 11

Define Define Discretionary access control (DAC).

Answer 11

A security model where the data owner or creator has the authority to decide who can access their data or resources. The owner can grant or revoke permissions based on their own judgment, allowing them to control access flexibly.

In simple terms, with DAC, the person who owns the data gets to choose who else can see or use it, rather than having access controlled centrally by IT or based on fixed rules.

Question 12

Define Policy-Based Access Control (PBAC).

Answer 12

Access control model that combines user roles with dynamic policies made up of rules to manage and evaluate user access in real time. It looks at various factors about a user—like their identity, role, clearance level, operational need, and risk—to decide what access they should have.

PBAC is more flexible than simple rule-based controls because it allows organizations to analyze and adjust theoretical privileges based on actual privileges users hold. This makes it ideal for growing organizations with changing policies and complex access needs.

Question 13

Define Role-Based Access Control (RBAC).

Answer 13

A model that assigns access permissions based on a user’s job role within an organization. Instead of giving permissions to individuals, access is grouped by roles, and users get the permissions associated with their role. This helps ensure proper separation of duties and makes managing access easier, especially when people change positions.

Question 14

Define Risk-Based Access Control (RBAC) .

Answer 14

An access control model that adjusts permissions based on the level of risk associated with the asset being accessed, the identity of the user, their intentions, and the security risk between the user and the system.

In practice:
- High-risk assets require stricter controls (like multifactor authentication).
- Low-risk assets might only need basic controls (like a password).
- Access decisions dynamically consider the potential impact on security.

Question 15

What is a Turnkey system?

Answer 15

A system that is customized for a particular application and is fully functional without additional development work. The expression of “turnkey” is derived from the idea that a user can just turn a key and the system will be fully functional.

Question 16

What is an Electronic lockbox?

Answer 16

A digital system that uses web addresses to receive and process electronic payments or forms, streamlining payment collection and processing for organizations.

Question 17

What is an Electronic envelope?

Answer 17

A security mechanism that protects a message by combining data authentication and encryption to ensure confidentiality and integrity during transmission.

Question 18

What is a Digital Signature?

Answer 18

An encrypted electronic mark that verifies a message or document is from an authentic sender and hasn’t been altered. It uses a private key to sign and a public key to verify, ensuring authenticity and integrity but not controlling access or delivery.

Question 19

What is the difference between application-level programs and system-level systems?

Answer 19

Application-level programs serve users directly, while system-level programs control the computer’s fundamental operations.

Application-level programs:
User-focused software that performs specific tasks (e.g., browsers, word processors). They run on top of the operating system.

System-level programs:
Core software that manages hardware and system resources (e.g., operating system, device drivers). They operate closer to the hardware and support application programs.

Question 20

What does Need-to-Know mean as it relates to IT security?

Answer 20

Users are granted access only to the specific data or information necessary to perform their job tasks, limiting exposure to sensitive information. It focuses on restricting data access rather than broader system permissions.

Question 21

What is the difference between Need-to-Know and Least Privilege?

Answer 21

Need-to-Know = DATA access control

Least Privilege = SYSTEM access control

Question 22

What is a circuit-level gateway?

Answer 22

A firewall that verifies the source of data packets at the session layer but does not share IP addresses among devices.

Question 23

A firewall that verifies the source of data packets at the session layer but does not share IP addresses among devices is called?

Answer 23

Circuit-level gateway

Question 24

What is a network address translation firewall?

Answer 24

A device that allows multiple devices on a private network to share a single public IP address by masking their true private addresses.

Question 25

A device that allows multiple devices on a private network to share a single public IP address by masking their true private addresses is called?

Answer 25

Network address translation firewall

Question 26

What is an application-level gateway?

Answer 26

A firewall that inspects packets at the application layer but does not assign or share IP addresses among devices.

Question 27

A firewall that inspects packets at the application layer but does not assign or share IP addresses among devices is called?

Answer 27

Application-level gateway

Question 28

What is a software-defined wide-area network (SD-WAN) device?

Answer 28

A device that optimizes wide-area network connectivity using software but does not primarily share IP addresses among devices.

Question 29

A device that optimizes wide-area network connectivity is called?

Answer 29

Software-defined wide-area network (SD-WAN) device

Question 30

What is Tokenization?

Answer 30

Tokenization removes production data and replaces it with a surrogate value or token, which can be generated randomly, by hashing, or encryption, to protect sensitive data.

Question 31

A method that replaces sensitive data with surrogate values to protect financial information during transactions. What is this called?

Answer 31

Tokenization

Question 32

During the payment clearing process, a system replaces credit card numbers with random characters to secure the data. What method is being used?

Answer 32

Tokenization

Question 33

What is Symmetric Encryption?

Answer 33

Symmetric encryption uses a single shared key for both encrypting and decrypting data within a group.

Question 34

A method where the same key is used to encrypt and decrypt sensitive customer data, commonly used by banks. What is this called?

Answer 34

Symmetric Encryption

Question 35

A bank encrypts customer data using one key and decrypts it with the same key to secure time-sensitive transactions. What method is this?

Answer 35

Symmetric Encryption

Question 36

What is Asymmetric Encryption?

Answer 36

Asymmetric encryption uses a pair of keys—a public key to encrypt and a private key to decrypt, or vice versa—commonly used for digital signing and blockchain.

Question 37

A cryptographic method that uses a public key for encryption and a private key for decryption, often used in digital signatures. What is this?

Answer 37

Asymmetric Encryption

Question 38

When a company digitally signs a document using a private key and others verify it with a public key, which encryption method is being used?

Answer 38

Asymmetric Encryption

Question 39

What is Masking?

Answer 39

Masking disguises part of the data by replacing it with other characters while maintaining the data’s original structure.

Question 40

A technique that hides sensitive parts of data by replacing them with substitute characters but keeps the data format intact. What is this called?

Answer 40

Masking

Question 41

A customer service rep sees only the last four digits of a credit card number while the rest are replaced with Xs. What data protection method is this?

Answer 41

Masking

Question 42

Which of the six stages of a cyberattack this this describe? Attackers gather as much information as possible about the target IT system—like facility locations, network types, security measures, employee names, and management hierarchy. They also look for vulnerabilities such as open ports or unpatched software.

Answer 42

Reconnaissance

Question 43

Which of the six stages of a cyberattack this this describe? Using the information collected, attackers exploit vulnerabilities to gain unauthorized access to the system.

Answer 43

Gaining Access

Question 44

Which of the six stages of a cyberattack this this describe? Once inside, attackers try to increase their access level by obtaining credentials of users with higher privileges.

Answer 44

Escalation of Privileges

Question 45

Which of the six stages of a cyberattack this this describe? Attackers establish ways to stay in the system undetected for a long time, often by creating backdoors or alternative access points.

Answer 45

Maintaining Access

Question 46

Which of the six stages of a cyberattack this this describe? They carry out their objectives—stealing, modifying, or destroying data, disrupting operations, or disabling system access.

Answer 46

Network Exploitation and Exfiltration

Question 47

Which of the six stages of a cyberattack this this describe? Attackers conceal their entry and exit points by disabling audit logs, clearing or modifying logs, and removing any files or traces they created to avoid detection.

Answer 47

Covering Tracks

Question 48

What does zero-trust mean in terms of cybersecurity?

Answer 48

Zero trust means never trusting any user or device by default, assuming the network is always at risk. It requires continuous verification and authentication every time someone accesses the network or resources, not just once at login.

Question 49

What is the process of controlling network traffic so that it is either inaccessible or separated from outside communications or other segments within an organization’s own network to improve overall network security?

Answer 49

Network segmentation

Question 50

What is a comprehensive security approach that reduces risk by minimizing the number of access points (attack vectors) through which a company can be attacked, giving attackers fewer opportunities to infiltrate an IT system?

Answer 50

System hardening

Question 51

What is service set identifier (SSID) broadcasting?

Answer 51

The process by which a wireless access point transmits the name of a wireless network within its range, making the network visible to nearby wireless-enabled devices. Disabling SSID broadcasting stops this transmission, making the network less visible and enhancing wireless network security by reducing the chance of unauthorized access.

Question 52

What type of encryption does a VPN network use?

Answer 52

SYMMETRIC - Symmetric encryption uses a single shared key for both encrypting and decrypting data, which is ideal for the continuous data flow in VPN tunnels. - VPNs often establish the connection using asymmetric encryption initially (to securely exchange keys), but the actual data transmission relies on symmetric encryption for speed and efficiency.

Question 53

What type of data integrity check does this describe? Verifies that the data entered matches predefined appropriate values or reference data (e.g., ensuring a general ledger account number exists in the master chart of accounts).

Answer 53

Validity Check

Question 54

What type of data integrity check does this describe? Ensures that numeric data does not exceed predefined upper or lower ranges (e.g., quantity ordered cannot exceed 1000 units.

Answer 54

Limit Check

Question 55

What type of data integrity check does this describe? Confirms that a numeric value falls within a specified range (e.g., date of birth must be between 1900 and current year).

Answer 55

Range Check

Question 56

What type of data integrity check does this describe? Verifies that the data entered is of the correct type or format (e.g., numeric only, date format, text only).

Answer 56

Field Check

Question 57

What are protocols?

Answer 57

Sets of rules that govern how information is transmitted between devices on a network. - They define the format, timing, sequencing, and error checking of data communication. - Protocols ensure that devices with different hardware and software can communicate effectively. - Examples include TCP/IP (the foundation of the internet), HTTP (for web browsing), and FTP (for file transfers). In short, protocols are like the agreed-upon "languages" and procedures that devices use to talk to each other on a network.

Question 58

What is a network service?

Answer 58

A function or resource provided by a server or device on a network that supports communication, data sharing, or other network-related tasks for users or other devices. Examples include: - File sharing - Email services - Web hosting - Printing services - Domain name resolution (DNS) - Authentication and authorization services

Question 59

What is the OSI process?

Answer 59

Process by which data travels through networks.

Question 60

What is STRIDE?

Answer 60

A tool developed by Microsoft to help identify and assess security threats that can affect software applications and operating systems. It helps security teams think about different ways attackers might try to harm or exploit a system.

Question 61

What is a Data Loss Prevention (DLP) tool and what are the 3 types?

Answer 61

A tool designed to detect and prevent unauthorized attempts to transfer or leak sensitive information outside an organization. It monitors data in motion, at rest, and in use across multiple protocols, ports, and communication methods. - Cloud-Based - Network-Based - Endpoint-Based

Question 62

What is context-aware authentication?

Answer 62

A security technique that verifies a user's identity by considering additional contextual information beyond just a password or token. It uses data points such as: - The time of access - The geographic location of the user - The device or application used to access (e.g., desktop browser, mobile app) - The IP address or network location