Security+ 701 Practice

Reverse Proxy

Sits between clients and backend servers, forwarding client requests to the appropriate server.

It obscures the identity and structure of internal servers, providing anonymity and some protection.

Lateral Movement

Cyberattack: where an attacker, aftergaining access to a network, moves from one device to another to expand their reach and potentially access sensitive data or systems.

Proxy Server / Forward Proxy

Intermediary between clients and a server, handling requests on the client's behalf.

Hides internal client IP addresses from the internet

DHCP (Dynamic Host Configuration Protocol)

Network protocol that automatically assigns IP addresses & other network configuration parameters to devices connecting to a network.

(Automation that gives devices neccessary info to communicate on network)

DMZ (Demilitarized Zone)

A separate subnet between the internal network and the untrusted external network that Hosts publicly accessible services, (web servers) while shielding the rest of the internal network from direct exposure to external threats. 

It allows public access to specific resources while protecting the internal network.

Hyper-visor Based Firewall

Enables fine-grained, VM-level control—ideal for microsegmentation in virtualized environments.

DNS Filtering

Controls access to websites and online content by blocking or allowing access based on predefined rules

ARP Poisoning

Cyber attack carried out over a Local Area Network (LAN) wmalicious ARP packets are sent within a LAN to associate a different MAC address with an IP address,

Evil Twin

A rogue Wi-Fi access point set up to mimic a legitimate one.

Once connected, the attacker can intercept sensitive data, steal login credentials, distribute malware, or launch man-in-the-middle attacks

Rootkit

Designed to gain unauthorized, access to a computer or network while concealing its presence creating a ‘backdoor’ for attackers.

SQL Injection

Injects malicious SQL code into input fields, allowing them to manipulate the database and potentially gain unauthorized access to sensitive data (meant for database-driven applications)

Worm Virus

Malicious program that can replicate and spread across a network independently, without the need for user interaction or attachment to a host file.

Command Injection

Cyberattack that involves executing arbitrary commands on a host operating system (OS).

Cross-site request forgery

Attack that makes the end-user perform unwanted actions within a web application that has already granted them authentication

Cross-site scripting (XSS)

Allows attackers to inject malicious scripts into web pages viewed by other users.

These scripts can then execute in the users' browsers, potentially leading to various malicious actions

Man in the Middle Attack

Intercepts & modifies communications between 2 parties

Stateful Firewall

Track the state of active connections to make more informed filtering decisions.

Stateless Firewall

Filter packets based on predefined rules without considering the context of previous packets,

DHCP (Dynamic Host Configuration Protocol)

used to dynamically assign Internet Protocol (IP) addresses to each host on your organization's network. I

Port Mirroring

Network feature that copies packets from a specified source to a destination port for analysis without impacting packet processing

MAC filtering

VLAN tagging

Process of adding a tag to an ethernet frame to identify which VLAN it belongs to

Port Forwarding

Method used in networking to allow external devices to connect to devices on a private network.