Here’s a set of flashcards based on your study guide. You can use these as digital flashcards or write them on index cards to quiz yourself on key concepts!
Flashcards for CompTIA Security+ Domain 3, Chapter 11
Flashcard 1
Q: What is Device Placement?
A: It’s the strategic positioning of network devices (e.g., firewalls, routers) within a network to maximize security.
Flashcard 2
Q: What are Security Zones?
A: Network segments with distinct security policies, such as DMZ or internal networks.
Flashcard 3
Q: Define Attack Surface.
A: All the vulnerable points in a network that are exposed to potential threats.
Flashcard 4
Q: What is Fail-Open?
A: A configuration that allows network traffic through if the device fails, prioritizing availability.
Flashcard 5
Q: What is Fail-Closed?
A: A configuration that blocks network traffic if the device fails, prioritizing security.
Flashcard 6
Q: Active vs. Passive devices – what’s the difference?
A: Active devices (e.g., firewalls) interact with traffic, while passive devices (e.g., IDS) only monitor it.
Flashcard 7
Q: Inline vs. Tap/Monitor – explain each.
A: Inline devices sit directly in the traffic path (e.g., IPS), while taps/monitors observe without interference.
Flashcard 8
Q: What is a Jump Server?
A: A secure intermediary server providing access to a sensitive network segment.
Flashcard 9
Q: Describe a Proxy Server.
A: A server that acts as an intermediary for requests between clients and servers, adding security and caching.
Flashcard 10
Q: IPS vs. IDS – What’s the difference?
A: IPS (Intrusion Prevention System) actively blocks threats; IDS (Intrusion Detection System) detects and alerts.
Flashcard 11
Q: What is a Load Balancer?
A: A device that distributes network traffic across multiple servers to prevent overload.
Flashcard 12
Q: Define Port Security.
A: A method to control which devices can connect to physical network ports to prevent unauthorized access.
Flashcard 13
Q: What does 802.1X do?
A: It’s a port-based network access control standard used with authentication protocols like EAP.
Flashcard 14
Q: What is Extensible Authentication Protocol (EAP)?
A: A framework providing authentication methods for network access.
Flashcard 15
Q: What is a Web Application Firewall (WAF)?
A: A firewall specifically designed to protect web applications from attacks like XSS and SQL injection.
Flashcard 16
Q: What does Unified Threat Management (UTM) provide?
A: It combines multiple security functions like firewall, antivirus, and content filtering into one solution.
Flashcard 17
Q: What is a Next-Generation Firewall (NGFW)?
A: A firewall with advanced features like deep packet inspection and application awareness.
Flashcard 18
Q: Layer 4 vs. Layer 7 Filtering – What’s the difference?
A: Layer 4 filters by IP/port; Layer 7 inspects data at the application layer (e.g., HTTP requests).
Flashcard 19
Q: What is a VPN used for?
A: It creates an encrypted tunnel for secure remote access to a network.
Flashcard 20
Q: Define Tunneling.
A: A method of encapsulating data within secure protocols for safe transmission.
Flashcard 21
Q: What does TLS do?
A: Encrypts data during transfer, ensuring confidentiality and integrity.
Flashcard 22
Q: What is IPSec?
A: A protocol suite for securing IP communications with encryption and authentication.
Flashcard 23
Q: Describe SD-WAN.
A: A wide area network approach that dynamically manages connections for cost-effective and reliable performance.
Flashcard 24
Q: What is Secure Access Service Edge (SASE)?
A: A cloud-based network security model combining SD-WAN with security services.
Flashcard 25
Q: What should you consider when selecting Effective Controls?
A: Choose security measures based on network needs for confidentiality, integrity, and availability.
Knowt
Note
Studied by 22 people
