1
Q
Uses a set of rule defining the types of traffic permitted or denied through the device | Software/Hardware, virtual/physical, host-based/network-based
A
Firewall
2
Q
Permits or denies traffic based on packet header
A
Packet-Filtering Firewall
3
Q
Inspects traffic as part of a session and recognizes where the traffic originated
A
Stateful Firewall
4
Q
Combine ACLs and permit and deny statements of a packet-filtering firewall with stateful firewall capabilities for security
A
5
Q
Conducts deep packet inspection and packet filtering
A
NextGen Firewall (NGFW)
6
Q
Set of rules applied to router interfaces that permit or deny certain traffic
A
Access Control List (ACL)
7
Q
Switch - MAC address
Router - IP address
Firewall - IP address or port
A
8
Q
Combines firewall, router, intrusion detection/prevention system, anti-malware, and other features into a single device
A
Unified Threat Management (UTM) Device
9
Q
Permit or Deny
Layer 4 Protocol
Source IP
Destination IP
Destination Port
ACL number & Direction of Traffic
A
10
Q
List of permissions associated with a given system or network resource
A
Access Control List (ACL)
11
Q
- Block request from internal or private loopback addresses and multicast IP ranges
- Block incoming requests from protocols that should only be used locally
- Block all IPv6 traffic or allow it only to authorized hosts and ports
A
12
Q
Blocks matching traffic
A
Explicit Deny
13
Q
Blocks traffic to anything not explicitly specified
A
Implicit Deny
14
Q
Defines the privileges and responsibilities of administrative users who control firewall and their ACLs
A
Role-Based Access
15
Q
- What is an ACL?
A
A: A list of permissions that controls what traffic is allowed or denied for a system or network resource.
16
Q
- Where can ACLs be applied?
A
A: Routers, Layer 3 switches, and firewalls (any packet-filtering device).
17
Q
- How are ACLs processed?
A
A: Top to bottom — the first matching rule is applied.
18
Q
- Rule order best practice
A
A: Put specific rules at the top and generic rules at the bottom.
19
Q
- Example of specific vs generic rule
A
A: Blocking SSH for one IP = specific (top). Blocking all IPs using port 110 = more generic (middle). Blocking all traffic = most generic (bottom).
20
Q
- What types of traffic should be blocked if coming from the Internet?
A
A: Traffic with private, loopback, multicast, or experimental source IP ranges (because they are spoofed).
21
Q
- Which protocols should be blocked at the firewall when entering the network?
A
A: Protocols used only locally, such as ICMP, DHCP, OSPF, SMB, and similar.
22
Q
- IPv6 security recommendation
A
A: Either block all IPv6 or allow only authorized hosts/ports, because many systems run IPv6 by default.
23
Q
- What is a wildcard mask in Cisco ACLs?
A
A: A reverse subnet mask; 0 = match, 255 = ignore (opposite of normal subnet mask).
24
Q
- Meaning of “eq www” in a Cisco ACL
A
A: “www” refers to port 80 (HTTP).
25
12. What does “permit” mean in an ACL?
A: Allow the specified traffic (IP, protocol, port).
26
13. What is an implicit deny?
A: The final hidden rule that blocks anything not explicitly allowed (often written as deny ip any any).
27
14. What is an explicit deny?
A: A specific rule added to block certain traffic (ex: blocking 8.8.8.8 with a deny rule).
28
15. What is role-based access?
A: Assigning admin permissions based on job roles, controlling who can modify firewalls, ACLs, or switch configurations.
29
16. Example of role-based access difference
A: Firewall admin can modify ACLs; switch technician can only manage ports (enable/disable, port security).
30
17. Why is implicit deny important for security?
A: It ensures only explicitly allowed traffic gets through; everything else is automatically blocked.
31
18. What does “deny ip any any” accomplish?
A: Blocks all traffic unless an earlier rule permits it.
32
Intranet or the local area network
Trusted Zone/Inside Zone
33
Internet or external network
Untrusted Zone/Outside Zone
34
Connects devices that should have some restricted access from the untrusted or outside zone
Screened Subnet
35
Any host that accepts inbound connections from the Internet
Internet-facing Host
36
Segment that is isolated from the rest of the private network by one or more firewalls that accepts connections from the Internet over designated ports
Screened Subet
37
Hosts or servers in the screened subnet which are not configured with any services that run on the local netwokr
Bastion Hosts
38
Hardened server that provides access to other hosts within the screened subnet
Jumpbox
39
Method that can block access to specific websites based on URLs | implemented through browser settings, proxy servers, firewall rules, or dedicated filtering software
URL Filtering
40
Involves scanning a requested webpage for specific keywords,
then blocking it from being displayed if any of the blocked keywords are detected
Keyword Filtering
41
Types of network traffic can be blocked based on the protocol based on the protocol or port used
Protocol/Port Filtering
42
Powerful tool that can be used to manage Internet traffic by acting as an intermediary between a user's device and the Internet itself
Proxy Server
43
Used to retrieve webpages from the Internet
Web Proxy
44
Used by businesses to manage incoming Internet traffic
Reverse Proxy
45
Used by businesses to monitor and filter Internet traffic
Transparent Proxy
46
Benefits of proxy server:
1. Filter out malicious traffic and prevent unauthorized access to sensitive information
2. Hid a user's IP address on websites and other Internet services to track online activity
3. Block access to specific websites or types of content
4. Used to cache frequently accessed resources and can improve performance
47
Global network of appliances and personal devices that have been equipped with sensors, softwre, and network connectivity to report state and configuration data | segregation of IoT devices is important for the business network's security
Internet of Things (IoT)
48
Used as a central point of communication for many automation and control of IoT devices
Hub and Control System
49
IoT endpoints that connect back to a central hub or control system to provide automation or function
Smart Devices
50
IoT devices that are designed as accessories that can be worn
Wearables
51
Measures things like temperature, sound, light, humidity, pressure, proximity, motion, smoke, fire, heart rates, and other
Sensors
52
Things to consider when connecting IoT devices to your network
Understand endpoints
Track and manage devices
Patch vulnerabilities
Conduct test and evaluation
change default credentials
Use encryption protocols
Segment IoT devices
53
Technology that interacts with the real world
Operational Technology (OT)
54
Provides the mechanisms for workflow and process automation by controlling machinery using embedded devices | Multiple ICSs can create a distributed control system (DCS)
Industrial Control System (ICS)
55
Digital serial data communication protocol used in OT networks to link different PLCs
Fieldbus
56
Types of digital computer used in industrial settings that enables automation and assembly lines, autonomous field operations, robotics, and other applications
Programmable Logic Controller (PLC)
57
Can be a local control panel or software that runs on a computer
Human-Machine Interface (HMI)
58
Type of ICS used to manage large scale multi-site devices and equipment in a geographic region from a host computer
Supervisory Control and Data Acquisition (SCADA)
59
ICS - Single plant/system
DCS - Small connection of the ICS system in a single area
SCADA - Different ICS and DCS plants in a wide area network
60
Creating a clear separation between personal and company data on a single device
Storage Segmentation
61
Centralized software solution for remote administration and configuration of mobile devices
Mobile Device Management
62
CYOD - Choose Your Own Device
63
Used to ensure the security of the corporate network and corporate data | "Trust nothing and verify everything"
Zero Trust
64
Overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access
Control Panel
65
Key elements of control plane:
Adaptive identity - Relies on real time validation that takes into account the user's behavior, device, location, etc
Threat scope reduction - limit users' access to only work-related tasks
Policy-driven access control - Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
Secured zones - Isolated environments in a network for sensitive data
66
Used to properly implement zero trust architectures
Data Plane
67
Control Plane - Layout of the policies and procedures
Data Plane - Execution of the policies and procedures
68
To secure our systems in a Zero-True architecture, we're going to rely on the use
Subject systems = An individual or entity that's attempting to gain access
Policy engine - Cross - references the access requests with its predefined policies
Policy administrator - Used to establish and manage the access policies
Policy enforcement point - Where access decisions are execute
The policy administrator and policy engine form the backbone of the control plane's functionality in a zero trust architecture
69
Zero trust is a cybersecurity approach that assumes no user or system is trusted by default | by integrating zero trust strategies and utilizing control planes and data planes, organizations can proactively defend against threats
70
Extends a private network across a public network and enables sending and receiving data across shared or public networks
Virtual Private Network (VPN)
71
VPNs can be configured like what?
Site to site - Connect two offices together
Client to site - Single remote user back to a corporate network
Clientless - web browsing
72
Routes and encrypts all network requests through the VPN connection back to the headquaters
Full Tunnel VPN
73
Routes and encrypts only the traffic bound for the headquarters over the VPN, and sends the rest of the traffic to the regular Internet
Split Tunnel VPN
74
Security - Full tunnel
Performance - Split tunnel
75
Layer 2 Tunneling Protocol (L2TP) - Lacks security feature like encryption by default and needs to be combined with an extra encryption layer for protection
Layer 2 Forwarding (L2F) - Provides a tunneling protocol for the P2P protocol, but also lacks native security and encryption features
Point-to-Point Tunneling Protocol (PPTP) - Supports dial-up networks, but also lacks native security features except when used with Microsoft Windowss
IP Security (IPSec) - Provides authentication and encryption of packets to create a secure encrypted communication path between two computers
76
Used to connect anyone or any resources from one private network to another over a public network
Virtual Private Network (VPN) Connection
77
sends text-based commands to remote devices and is a very old networking protocol
Telnet
Port 23
78
Encrypts everything that is being sent and received between the client and the server
Secure Shell (SSH)
Port 22
79
Provides graphical interface to connect to another computer over a network connection | to make it secure use RDG
Remote Desktop Protocol (RDP)
Port 3389
80
Provides a secure connection using the SSL/TLS protocols to the server via RDP
Remote Desktop Gateway (RDG)
81
Designed for thin client architectures and things like Virtual Desktop infrastructure (VDI)
Virtual Network Computing (VNC) Port 5900
82
Hosts a desktop environment on a centralized server
Virtual Desktop Infrastructure (VDI)
83
Managing devices through the use of Telnet or SSH protocols over the network
In-Band Management
84
Connecting to and configuring different network devices using an alternate path or management network | prevent a user's machine from connecting to the management interfaces of devices | can provide separation of data between production networks and management networks
Out-of-Band Management
85
Set of protocols and routines for building and interacting with software applications | allow for automated administration, management, and monitoring of cloud services | allows for direct integration of different third-party applications in web applications
Applications Programming Interface (API)
86
Nigel, a network technician, was discussing implementing a better security stance with his supervisors. They decided together that they should implement a Zero Trust philosophy to best assist with ongoing concerns over their networks. Which of the following best describes this Zero Trust Architecture (ZTA) when compared to other methods?
A security model based on the assumption that threats are already inside the network, and no entity, whether inside or outside, should be trusted by default.
87
Which remote access protocol encrypts data for secure transmission over the internet and is commonly used for managing network devices remotely?
SSH
88
Which network device feature is commonly used to enforce traffic filtering based on predefined criteria such as source and destination IP addresses, ports, and protocols?
ACL
89
Which technology is commonly used to monitor and control industrial processes in sectors such as manufacturing, energy, and utilities?
SCADA
90
Which network solution is commonly implemented to allow guests and personal devices to access the internet without compromising the security of the primary corporate network?
BYOD
Network +
flashcards
Decks in class (26)
# Cards
-
Network Fundamentals67
-
OSI Model77
-
Ports and Protocols47
-
Media and Connectors93
-
Distribution Systems39
-
Wireless Networks57
-
Ethernet Switching144
-
IP Addressing128
-
Routing63
-
Network Services51
-
Wide Area Networks (WANs)38
-
Cloud and the Datacenter77
-
Network Security Fundamentals46
-
Network Attacks62
-
Logical Security75
-
Network Segmentation90
-
Network Monitoring95
-
Orchestration and Automation50
-
Documentation and Processes59
-
Disaster Recovery46
-
Troubleshooting Methodology14
-
Troubleshooting Tools92
-
Troubleshooting Physical Networks145
-
Troubleshooting Wireless Issues57
-
Troubleshooting Network Services134
-
Troubleshooting Performance Issues66
