Domain 4: Network Security

What is the CIA triad?

Confidentiality (data is private), Integrity (data is accurate), Availability (data is accessible)

What is the AAA framework?

Authentication (who you are), Authorization (what you can do), Accounting (what you did)

What is Type 1 authentication?

Something you know (password, PIN)

What is Type 2 authentication?

Something you have (smart card, token, phone)

What is Type 3 authentication?

Something you are (biometric - fingerprint, retina)

What is Type 4 authentication?

Somewhere you are (location-based, geofencing)

What is Type 5 authentication?

Something you do (behavioral patterns, typing rhythm)

What is MFA (Multi-Factor Authentication)?

Uses two or more different authentication factors (not two passwords)

What is 802.1X?

Port-based network access control for wired and wireless networks

What are the three components of 802.1X?

Supplicant (client), Authenticator (switch/AP), Authentication Server (RADIUS)

What is PEAP?

Protected EAP - uses TLS tunnel for authentication

What is EAP-TLS?

EAP using certificates (most secure but complex)

What is EAP-TTLS?

EAP Tunneled TLS - similar to PEAP

What is EAP-FAST?

Flexible Authentication via Secure Tunneling (Cisco)

What's the difference between RADIUS and TACACS+?

RADIUS: UDP, encrypts password only, combines auth/authorization. TACACS+: TCP, encrypts everything, separates AAA, Cisco proprietary

What ports does RADIUS use?

UDP 1812 (authentication), 1813 (accounting)

What port does TACACS+ use?

TCP 49

What is Kerberos?

Ticket-based authentication protocol using symmetric encryption (port 88)

What are the Kerberos components?

KDC (Key Distribution Center), TGT (Ticket Granting Ticket), TGS (Ticket Granting Service)

What is LDAP?

Lightweight Directory Access Protocol - queries directory services like Active Directory (port 389)

What is LDAPS?

LDAP over SSL/TLS for secure queries (port 636)

What is WEP?

Wired Equivalent Privacy - broken wireless security, never use

What is WPA?

Wi-Fi Protected Access - uses TKIP encryption (legacy, weak)

What is WPA2?

Uses AES encryption with CCMP (secure, current standard)

What is WPA3?

Enhanced security with SAE authentication and forward secrecy (newest, most secure)

What is WPA2 Personal mode?

Uses Pre-Shared Key (PSK) - password-based authentication

What is WPA2 Enterprise mode?

Uses 802.1X with RADIUS server for authentication

What are wireless authentication methods?

Open (no auth), PSK (shared password), Enterprise (802.1X/RADIUS), Captive portal (web login)

What is MAC filtering?

Allows/denies access based on MAC address (weak security, easily spoofed)

What is geofencing?

Virtual perimeter using GPS/RFID that triggers actions when device enters/exits

What is AES?

Advanced Encryption Standard - symmetric encryption (128, 192, 256-bit)

What is DES/3DES?

Legacy encryption algorithms (deprecated, insecure)

What is RSA?

Asymmetric encryption algorithm (public/private key pairs)

What is ECC?

Elliptic Curve Cryptography - asymmetric encryption using smaller keys

What is a site-to-site VPN?

Connects two networks together (typically uses IPSec)

What is a client-to-site VPN?

Remote access VPN for individual users to connect to network

What is a clientless VPN?

Browser-based VPN using SSL/TLS (no software installation needed)

What is IPSec?

Layer 3 VPN protocol with strong security

What are the two IPSec modes?

Transport mode (encrypts payload only), Tunnel mode (encrypts entire packet)

What is SSL/TLS VPN?

Browser-based VPN using port 443 (looks like HTTPS traffic)

What is L2TP?

Layer 2 Tunneling Protocol (usually combined with IPSec for security)

What is PPTP?

Point-to-Point Tunneling Protocol (legacy, insecure, don't use)

What is OpenVPN?

Open-source VPN using SSL/TLS

What is WireGuard?

Modern, lightweight, fast VPN protocol

What does AH do in IPSec?

Authentication Header - provides authentication and integrity (no encryption)

What does ESP do in IPSec?

Encapsulating Security Payload - provides encryption

What is IKE in IPSec?

Internet Key Exchange - negotiates encryption keys

What is an SA in IPSec?

Security Association - defines connection parameters and encryption settings

What is a packet-filtering firewall?

Layer 3/4 basic filtering (stateless)

What is a stateful firewall?

Tracks connection state (smarter than packet-filtering)

What is an application-level firewall?

Layer 7 firewall with deep packet inspection

What is an NGFW?

Next-Generation Firewall with IPS, application awareness, threat intelligence

What is a WAF?

Web Application Firewall - protects web applications from attacks

What is an ACL?

Access Control List - rules that permit/deny traffic based on criteria

How are ACL rules processed?

Top-to-bottom, first match wins, implicit deny at end

What is a standard ACL?

Filters based on source IP address only

What is an extended ACL?

Filters based on source, destination, port, protocol

What are common security zones?

Internal/Private (trusted), DMZ (public servers), External/Public (Internet), Guest (isolated)

What is a DMZ?

Demilitarized Zone - perimeter network for public-facing servers

What is a honeypot?

Decoy system designed to attract and monitor attackers

What happens in shutdown port security mode?

Port disables completely, requires manual re-enable (most secure)

What happens in restrict port security mode?

Drops violating packets, logs event, port stays up

What happens in protect port security mode?

Drops violating packets silently, no log, port stays up

What is a DoS attack?

Denial of Service - attack from single source to overwhelm system

What is a DDoS attack?

Distributed DoS - attack from multiple sources (botnet)

What are common DoS attack types?

SYN flood, UDP flood, ping flood, amplification attacks

What is a man-in-the-middle attack?

Attacker intercepts communication between two parties

What are MitM attack types?

ARP spoofing, DNS spoofing, session hijacking

What is phishing?

Fraudulent emails trying to steal credentials or install malware

What is spear phishing?

Targeted phishing attack against specific person/organization

What is whaling?

Phishing attack targeting executives/high-level targets

What is vishing?

Voice phishing - phone-based social engineering

What is smishing?

SMS phishing - text message-based attacks

What is tailgating?

Following authorized person through secure door without badge

What is shoulder surfing?

Observing someone entering passwords or viewing sensitive info

What is a brute force attack?

Trying all possible password combinations

What is a dictionary attack?

Trying common words and passwords from a list

What is a rainbow table attack?

Using pre-computed hash tables to crack passwords

What is credential stuffing?

Using leaked username/password combinations from breaches

What is password spraying?

Trying common passwords across many user accounts

What is IP spoofing?

Faking the source IP address in packets

What is MAC spoofing?

Changing device MAC address to impersonate another device

What is ARP spoofing?

Sending fake ARP replies to poison ARP cache

What is DNS spoofing/poisoning?

Corrupting DNS cache with false records

What is VLAN hopping?

Attacker gains unauthorized access to other VLANs

What are VLAN hopping methods?

Switch spoofing (mimics trunk), double tagging

How do you prevent VLAN hopping?

Disable unused ports, disable DTP, use native VLAN other than 1

What is a rogue DHCP server?

Unauthorized DHCP server providing false network configuration

How do you prevent rogue DHCP servers?

Enable DHCP snooping on switches

What is an evil twin attack?

Fake wireless AP with legitimate SSID to intercept traffic

What is a deauthentication attack?

Attacker sends deauth frames to disconnect clients from AP

How does WPA3 prevent deauth attacks?

Protected Management Frames (PMF)

What is DNS hijacking?

Redirecting DNS queries to malicious server

What is domain hijacking?

Stealing domain name registration

What is DNS amplification?

DDoS attack using DNS servers to amplify traffic

What is a virus?

Malware that self-replicates and requires host file

What is a worm?

Malware that self-replicates and spreads independently

What is a Trojan?

Malware disguised as legitimate software

What is ransomware?

Encrypts data and demands payment for decryption

What is a rootkit?

Hides malicious activity at system level