Domain 3.2

Infrastructure considerations: Key network design factors

Device placement: Where devices are located

Security zones: Network segments with distinct security policies

Attack surface: Vulnerable points exposed to threats

Connectivity: Network connections between devices

Failure modes: How devices respond to failures

• Fail-open: Device allows traffic on failure

• Fail-closed: Device blocks traffic on failure

Device attribute: Device characteristics

• Active vs. passive: Device interaction level

• Inline vs. tap/monitor: Traffic handling approach

Network appliances: Devices with specific functions

• Jump server: Secure access intermediary

• Proxy server: Intermediary for client-server requests

• IPS/IDS: Intrusion prevention and detection

• Load balancer: Distributes network traffic evenly

Sensors: Monitor network traffic for anomalies

Port security: Protects physical network ports

• 802.1X: Port-based network access control

• Extensible Authentication Protocol (EAP): Authentication framework

Firewall types: Various firewall categories

• Web application firewall (WAF): Protects web apps

• Unified threat management (UTM): Comprehensive security

• Next-generation firewall (NGFW): Advanced firewall features

• Layer 4/Layer 7: OSI model-based filtering

Secure communication/access: Protects data and access

• Virtual private network (VPN): Secure remote access

• Remote access: Connecting to a network remotely

• Tunneling: Secure data transmission method

• Transport Layer Security (TLS): Data encryption protocol

• Internet protocol security (IPSec): Secure network protocol

• Software-defined wide area network (SD-WAN): Dynamic network management

• Secure access service edge (SASE): Cloud-based network security

Selection of effective controls: Choosing security measures