Security Infrastructure

Question 1

What does Security Infrastructure encompass?

Answer 1

• Hardware
• Software
• Networks
• Data
• Policies

All components work cohesively for information asset safeguarding.

Question 2

Name the types of firewalls.

Answer 2

• Web Application
• Unified Threat Management
• Next-generation

These firewalls serve different purposes in network security.

Question 3

What are the mechanisms of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)?

Answer 3

• Identifying trends
• Showcasing signatures

IDS logs and alerts, while IPS takes action against threats.

Question 4

What are the functions of Network Appliances?

Answer 4

• Load Balancing
• Proxying
• Monitoring
• Security Enforcement

Specialized hardware or software for specific networking functions.

Question 5

What does Port Security restrict?

Answer 5

• Network access based on MAC addresses

It enhances security by preventing unauthorized devices from connecting.

Question 6

What technologies are used for Securing Network Communications?

Answer 6

• VPNs
• IPSec
• TLS

These technologies create a secure backbone for communication.

Question 7

What is the purpose of Software-Defined Wide Area Networks (SD-WAN)?

Answer 7

Optimize WAN connections with software-defined principles

It enhances network performance and flexibility.

Question 8

What are the aspects of Infrastructure Considerations?

Answer 8

• Device placement
• Security zones
• Screen subnets
• Attack surfaces

These aspects are crucial for network security architecture.

Question 9

Define Well-Known Ports.

Answer 9

Ports 0-1023 assigned by IANA for commonly-used protocols

These ports are essential for standard network services.

Question 10

What is the key difference between IDS and IPS?

Answer 10

IDS logs and alerts; IPS logs, alerts, and takes action

This distinction is crucial for understanding their roles in network security.

Question 11

What types of Intrusion Detection Systems (IDS) exist?

Answer 11

• Network-based IDS (NIDS)
• Host-based IDS (HIDS)
• Wireless IDS (WIDS)

Each type monitors different aspects of network security.

Question 12

What does a Firewall do?

Answer 12

Monitors and controls network traffic based on security rules

It protects networks from unauthorized access and potential threats.

Question 13

What are the two types of Proxy Firewalls?

Answer 13

• Session layer (Layer 5)
• Application layer (Layer 7)

These proxies enhance security by making connections on behalf of endpoints.

Question 14

What is the function of a Web Application Firewall (WAF)?

Answer 14

Inspects HTTP traffic to prevent web application attacks

It can be placed in-line or out of band for detection.

Question 15

What is the purpose of Access Control Lists (ACLs)?

Answer 15

• Protect networks from unwanted traffic
• Control flow of traffic into and out of networks

ACLs consist of permit and deny statements based on port numbers.

Question 16

What are the key pieces of information in ACL Rules?

Answer 16

• Type of traffic
• Source of traffic
• Destination of traffic
• Action to be taken

These elements define how traffic is managed in a network.

Question 17

What is a Network Appliance?

Answer 17

A dedicated hardware device with pre-installed software for specific networking services

Examples include load balancers and proxy servers.

Question 18

What does Port Security enhance?

Answer 18

Network security by preventing unauthorized devices from connecting

It restricts device access to specific ports based on MAC addresses.

Question 19

What are the five types of Anomaly-based Detection Systems?

Answer 19

• Statistical
• Protocol
• Traffic
• Rule or Heuristic
• Application-based

These systems analyze traffic against a normal baseline to detect threats.

Question 20

What is the function of Jump Servers/Jump Box?

Answer 20

• Secure gateways for system administrators
• Control access and reduce attack surface area

They simplify logging and auditing and speed up incident response.

Question 21

What is the purpose of Port Security in network switches?

Answer 21

Restricts device access to specific ports based on MAC addresses

Enhances network security by preventing unauthorized devices from connecting.

Question 22

Network switches operate at which layer of the OSI model?

Answer 22

Layer 2

They use MAC addresses for traffic switching decisions through transparent bridging.

Question 23

What does the CAM Table (Content Addressable Memory) store?

Answer 23

MAC addresses associated with switch ports

Vulnerable to MAC flooding attacks, which can cause the switch to fail open.

Question 24

What are the three roles required for 802.1x Authentication?

Answer 24

• Supplicant
• Authenticator
• Authentication server

Utilizes RADIUS for actual authentication, typically using EAP.

Question 25

True or false: **RADIUS** is a Cisco proprietary protocol.

Answer 25

FALSE ## Footnote RADIUS is cross-platform, while TACACS+ is Cisco proprietary.

Question 26

What does **EAP** stand for?

Answer 26

Extensible Authentication Protocol ## Footnote A framework for various authentication methods.

Question 27

Which EAP variant uses public key infrastructure with a digital certificate?

Answer 27

EAP-TLS ## Footnote It uses mutual authentication.

Question 28

What is the main purpose of a **VPN**?

Answer 28

Extend private networks across public networks ## Footnote Allows remote users to securely connect to an organization's network.

Question 29

What is the difference between **Site-to-Site VPN** and **Client-to-Site VPN**?

Answer 29

* Site-to-Site: Connects two sites cost-effectively * Client-to-Site: Connects a single host to the central office ## Footnote Site-to-Site replaces expensive leased lines, while Client-to-Site is ideal for remote user access.

Question 30

What does **Transport Layer Security (TLS)** provide?

Answer 30

Encryption and security for data in transit ## Footnote Used for secure connections in web browsers (HTTPS).

Question 31

What is the purpose of **IPSec**?

Answer 31

A secure protocol suite for IP communication ## Footnote Provides confidentiality, integrity, authentication, and anti-replay protection.

Question 32

What are the two modes of **IPSec Tunneling**?

Answer 32

* Transport Mode * Tunneling Mode ## Footnote Transport Mode uses the original IP header, while Tunneling Mode adds a new header.

Question 33

What does **SD-WAN** stand for?

Answer 33

Software-Defined Wide Area Network ## Footnote A virtualized approach to managing and optimizing wide area network connections.

Question 34

What is the purpose of **SASE**?

Answer 34

Combines network security and WAN capabilities in a single cloud-based service ## Footnote Addresses challenges of securing and connecting users and data across distributed locations.

Question 35

What is the significance of **Security Zones**?

Answer 35

Isolate devices with similar security requirements ## Footnote Helps in managing security policies effectively.

Question 36

What does the term **Attack Surface** refer to?

Answer 36

Points where unauthorized access or data extraction can occur ## Footnote A larger attack surface increases the risk of vulnerabilities.

Question 37

What are the two failure modes to consider in device failures?

Answer 37

* Fail-open * Fail-closed ## Footnote Fail-open allows traffic during a failure, while fail-closed blocks all traffic.

Question 38

What is the principle of **Least Privilege**?

Answer 38

Users and systems should have only necessary access rights ## Footnote Reduces the attack surface.

Question 39

What is a **Risk-based Approach** in security controls?

Answer 39

Prioritize controls based on potential risks and vulnerabilities ## Footnote Ensures effective allocation of resources.