Defense & Access
This strategy uses multiple layers of protection in a network.
What is Defense in Depth?
A fake email designed to steal login information.
What is phishing?
A system that detects threats but does not block them.
What is an IDS?
A device that filters network traffic based on rules.
What is a firewall?
Logical separation of networks on the same hardware.
What is VLAN?
The process of verifying who a user is.
What is authentication?
Software designed to damage or disrupt systems.
What is malware?
A system that detects and blocks malicious traffic.
What is an IPS?
A network segment for public-facing servers.
What is a DMZ?
VLANs improve this by separating users into groups.
What is security?
This determines what resources a user can access
What is authorization?
This attack floods a network with traffic to overwhelm it.
What is a DDoS attack?
Records of system and network activity.
What are logs?
Rules used to allow or deny network traffic.
What are ACLs?
This allows multiple VLANs to travel across one link.
What is trunking?
This principle gives users only the permissions they need.
What is least privilege?
A weakness in a system that attackers can exploit.
What is a vulnerability?
A system that collects and analyzes logs from multiple sources.
What is a SIEM?
ACL rules are processed in this order.
What is top-down?
Limits which devices can connect to a switch port.
What is port security?
Name one layer of defense in depth besides network security.
What is physical / host / application / data security?
An employee reuses passwords across systems, creating risk.
What is a security vulnerability?
The process of scanning a network to identify connected devices.
What is network discovery?
If “deny all” is the first rule, this happens.
What is all traffic is blocked?
Separating students and staff into different networks uses this concept.
What are VLANs?