Network Security Fundamentals

Question 1

Concerned with keeping data safe and private

Answer 1

Confidentiality

Question 2

Both the sender and receiver use the exact same key encrypt/decrypt the message

Answer 2

Symmetric Encryption

Question 3

Symmetric encryption faces a key distribution challenge, requiring secure sharing of the key among users that need it

Answer 3

Key Management

Question 4

Two different keys are used to give confidentiality, one for the sender, and one for the receiver

Answer 4

Asymmetric Encryption

Question 5

Encrypts information and facilitates key exchange using asymmetric encryption like RSA

Answer 5

Public Key Infrastructure (PKI)

Question 6

Symmetric - Used for faster data transfer

Asymmetric - Used for handshake and key exchange

Question 7

Ensures that the data was not modified in storage or in transit, verifying the original source

Answer 7

Integrity

Question 8

Running a string of data through an algorithm to create a hash or a hash digest that servers as a unique individual fingerprint for the data

Answer 8

Hashing

Question 9

Matching of the has sent and the hash received means there was integrity in the transmission

Question 10

Measures data accessibility

Answer 10

Availability

Question 11

Person or event that has the potential for impacting a valuable resource in a negative manner

Answer 11

Threat

Question 12

Quality or characteristic within a given resource or environment that might allow the threat to be realized

Answer 12

Vulnerability

Question 13

Any threat that originates within the organization itself

Answer 13

Internal Threat

Question 14

Any threat that could be people, like a hacker, it can be an event or environmental ocndition

Answer 14

External Threat

Question 15

Undesirable conditions or weaknesses that are in the general area surrounding the building where a network is run

Answer 15

Environmental Vulnerabilities

Question 16

Undesirable conditions or weaknesses in the buildings where a network is run

Answer 16

Physical Vulnerabilities

Question 17

Focuses on how the network and its systems are run from the perspective of an organization’s policies and procedures

Answer 17

Operational Vulnerabilities

Question 18

System-specific conditions that create security weaknesses | CVE or Zero-day

Answer 18

Technical Vulnerabilities

Question 19

List of publicly disclosed computer security weaknesses

Answer 19

Common Vulnerabilities and Exposures (CVE)

Question 20

Any weakness in the system design, implementation, software code, or a lack of preventive mechanisms within a network that is unknown at the time of publication

Answer 20

Zero-Day Vulnerability

Question 21

CVE - Knwon vulnerabilities

Zero-Day - Brand new vulnerability

Question 22

Piece of software code that takes advantage of a security flaw or vulnerability within a system or network

Answer 22

Exploit

Question 23

Identification, evaluation, and prioritization of risks to minimize, monitor, and control the vulnerability exploited by a threat

Answer 23

Risk Management

Question 24

Process that identifies potential hazards and analyzes what could happen if a hazard occurs

Answer 24

Risk Assessment

Question 25

Used to identify, assess, and implement key security controls within an application, system, or network

Answer 25

Security Risk Assessment

Question 26

Focused on the identification of the different threats to attack or cause harm to the systems or network

Answer 26

Threat Assessment

Question 27

Focused on identifying, quantifying, and prioritizing the risks and vulnerabilities in a system or network

Answer 27

Vulnerability Assessment

Question 28

Evaluates the security of a IT infrastructure by safely trying to exploit vulnerabilities within the system or network

Answer 28

Penetration Test

Question 29

Used to assess the organization's attack surface | define mission-critical components, identify strengths, weaknesses, and security issues, strengthen position, stay in control

Answer 29

Posture Assessment

Question 30

Used to identify, understand, and evaluate potential hazards in the workplace | Process Assessment & Vendor Assessment

Answer 30

Business Risk Assessment

Question 31

Disciplined examination of the processes used by the organization against a set of criteria

Answer 31

Process Assessment

Question 32

Assessment of a prospective vendor to determine if they can effectively meet the obligations and the need of the business

Answer 32

Vendor Assessment

Question 33

Geographic location where data is stored and processed | focused on risk assessments & risk management

Answer 33

Data Locality

Question 34

Set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure dnvironment

Answer 34

Payment Card Industry Data Security Standard (PCI DSS)

Question 35

When designing an enterprise network, ensure that it is designed to segment and protect cardholder data environments

Question 36

Regulation or law created by the European Union that is focused on data protection and privacy in the European Union and the European Economic Area

Answer 36

General Data Protection Regulation (GDPR)

Question 37

Auditing and compliance is not a one-time activity, it is an ongoing process

Answer 37

- Monitoring and auditing program - Regular audits - PCI DSS & GDPR - Employee training - Policies and procedures

Question 38

Ensures a device has had any unnecessary applications, services or ports disabled or removed from the host | only necessary services, monitoring software, maintenance schedule

Answer 38

Device Hardening

Question 39

Device Hardening

Answer 39

1. Check any network interfaces that provide connectivity to the LAN or WAN 2. Look at the list of service installed and running on the clients and servers 3. Look at the ports being used by different application service ports 4. Utilize disk encryption to harden endpoints 5. Review all accounts on the system Anything unused or unneeded should be disabled, deleted or blocked Life cycle of a device - EOL & EOS

Question 40

Practice or responding to a threat by destroying or deceiving a threat actor's capabilities

Answer 40

Active Defense

Question 40

Relies on either a magnetic strip, a chip card, or RFID

Answer 40

Badge Reader

Question 41

Host set up to lure attackers away from the actual network components

Answer 41

Honeypot

Question 42

Entire network setup to entice attacker

Answer 42

Honeynet

Question 43

Identification and publication of an attacker's methods, techniques, and tactics as useful threat intelligence

Answer 43

Attribution

Question 44

Often rely on obfuscation techniques to annoy the attackers | Bogus DNS entries, web servers with decoy directories, port triggering and spoofing

Answer 44

Annoyance Strategies

Question 45

Which of the following terms refers to a decoy computing system or network set up to lure attackers and gather information about their activities?

Answer 45

Honeynet