is the practice of dividing a network into smaller, isolated sections to improve security and performance.
Think of it like dividing a building into separate rooms with locked doors — if an intruder gets into one room, they can’t freely move through the whole building.
Segmentation
is the process of making data, code, or information harder to understand or interpret, even if someone gains access to it.
Think of it like writing a message in a secret code — the information is still there, but it’s disguised so others can’t easily make sense of it.
Obfuscation
is the process of converting readable data (plaintext) into an unreadable format (ciphertext) so that only authorized users with the correct decryption key can access it.
Encryption
are temporary access credentials that expire after a short time. They’re used to limit how long someone or something can access a system or resource, reducing the risk if those credentials are stolen.
Ephemeral Credentials
a set of rules that lets different software programs talk to each other. It defines how requests and responses should be structured so systems can share data or functions.
It’s like a waiter in a restaurant — you (the user) tell the waiter what you want, and the waiter gets it from the kitchen (server) and brings it back to you.
API (Application Programming Interface)
is a network access control method that requires devices to authenticate before gaining network access. It uses credentials (like certificates or usernames/passwords) to verify that only authorized users or devices can connect.
It’s like a security checkpoint that verifies your ID before you’re allowed into a restricted area — only approved personnel get through.
802.1X authentication
is a technique used to make stored passwords more secure by adding random data to the password before hashing it.
Salting
is the process of converting data (like a password or file) into a fixed-length string of characters using a mathematical algorithm
It’s like turning a message into a fingerprint — even a tiny change creates a completely different fingerprint.
Hashing
is a hashing algorithm that converts data into a 128-bit (32-character) hash value.
Used for file integrity checks and verifying data hasn’t changed.
Not secure for passwords or sensitive data because it’s vulnerable to collisions (two different inputs producing the same hash).
MD5 Hash
is a cryptographic hash function that converts data into a 256-bit (64-character) fixed-length hash.
Used for password storage, digital signatures, and verifying data integrity.
Commonly used in blockchains, SSL/TLS certificates, and secure file verification.
Sha-256
A company wants to store user passwords securely and ensure that even if the password database is stolen, attackers cannot easily reverse the hashes. They also need a hash function that reliably detects any tampering with files or messages. Which cryptographic hash function should the company use?
SHA-256
A developer needs a fast way to verify that downloaded files haven’t been corrupted during transfer. They don’t require strong protection against attacks, only a simple checksum to detect accidental changes. Which hash function would be appropriate for this use case?
MD5
a security system that monitors network traffic for suspicious activity or policy violations and alerts administrators when potential threats are detected.
NIDS (Network Intrusion Detection System)
__ focuses on real-time network traffic, while __ aggregates and analyzes data from multiple sources for broader threat detection and investigation.
NIDS, SIEM
a high-capacity network switch at the center of an enterprise network, connecting all distribution or access switches.
The main highway hub where all roads (network segments) meet.
Core Switch
is a special switch port configured to copy all network traffic from other ports or VLANs to itself.
A traffic camera placed on the highway hub that records all cars passing through without stopping them.
Mirrored Port
connectionless transport layer protocol used for sending messages (datagrams) across a network without establishing a connection or guaranteeing delivery.
Think of it like sending a postcard — you drop it in the mailbox and hope it arrives, but you don’t get a confirmation and there’s no guarantee it won’t get lost.
UDP (User Datagram Protocol)
a connection-oriented transport layer protocol that ensures reliable, ordered delivery of data between devices on a network.
Think of it like sending a series of certified letters — each one is tracked, and the sender gets confirmation that it arrived in the right order.
TCP (Transmission Control Protocol)
Ex. When you open a website using HTTPS, your browser uses TCP to establish a connection with the server, ensuring all webpage data is delivered completely and in the correct order.
a risk assessment approach that uses numerical values and data to measure the likelihood and impact of risks.
Quantitative risk
is a risk assessment approach that uses descriptions, categories, or rankings rather than numbers to evaluate the likelihood and impact of risks.
It’s like color-coding hazards in a workplace — red for severe, yellow for moderate, green for low — to guide attention and resources.
Qualitative Risk
is any attempt to exploit vulnerabilities in wireless networks or devices (Wi‑Fi, Bluetooth, NFC, etc.) to intercept, disrupt, or gain unauthorized access to communications or systems.
Common goals are eavesdropping (sniffing), man-in-the-middle (MITM), credential theft, or network disruption (jamming).
Wireless attack
are protocols used to encrypt data in transit over networks, most commonly for web traffic (HTTPS).
Think of it like locking your messages in a secure envelope before sending them over the internet — even if someone intercepts it, they can’t read the contents.
TLS (Transport Layer Security) / SSL (Secure Sockets Layer)
a protocol used to securely access and manage remote devices over a network. It encrypts all communications, including login credentials and commands, to prevent eavesdropping.
Think of it like a secure tunnel between your computer and a remote server — whatever you send through the tunnel is protected from prying eyes.
A system administrator uses __ to log into a Linux server from home. All commands and data sent over __ are encrypted, preventing attackers from intercepting the session.
SSH (Secure Shell)
when an attacker captures valid authentication data (like usernames/passwords, tokens, or session cookies) and reuses those credentials to try to log in as the legitimate user.
Credential replay attack
