Network Security Exam Review

Questions and Answers

What is the primary goal of network security?

To increase network speed

To protect the integrity, confidentiality, and accessibility of computer networks (correct)

To enhance network connectivity for devices

To allow unrestricted access for all users

Which of the following is NOT a reason why network security is important?

Preventing unauthorized access

Protecting data integrity

Ensuring business continuity

Enhancing file storage capacity (correct)

What kind of threats can network security help mitigate?

Cyberattacks such as DDoS attacks (correct)

Natural disasters

Performance monitoring issues

Software installation challenges

Which statement best describes a cyber attack?

An intentional act to gain unauthorized access or cause damage

How does network security assist organizations in complying with regulations?

By implementing data protection measures

Which of the following is a type of malware?

Virus

What is one of the main consequences of failing to secure a network?

Increased vulnerability to cyber threats

What does the acronym GDPR stand for?

General Data Protection Regulation

What is a primary method by which a drive-by download infects a system?

By exploiting security flaws in systems

What characterizes a DNS attack?

It targets vulnerabilities in the domain name system

Which of the following is a common source of misconfiguration exploits?

Insecure default settings

What challenge does the rapid evolution of the cyber threat landscape present?

It requires businesses to frequently update and enhance defenses

How does a Bring Your Own Device (BYOD) policy complicate network security?

It increases the attack surface significantly

Which of the following is NOT a reason for vulnerabilities resulting from misconfiguration?

Timely updates to system configurations

What is the impact of insufficiently securing communications between clients and DNS servers?

It exposes networks to DNS attacks

Why is building a unified security strategy for all network users challenging?

Different users require different security measures

What is the primary goal of ransomware?

To encrypt files and demand a ransom for access

Which of the following best describes phishing?

A fraud where a perpetrator impersonates a reputable entity

What is a bot primarily designed to do?

Automate web requests to perform various tasks

What is a defining characteristic of a DDoS attack?

It employs multiple compromised systems to deny service

What distinguishes an Advanced Persistent Threat (APT) from other attacks?

APTs are targeted and prolonged, remaining undetected for long periods

What does a drive-by download typically involve?

The automatic downloading of malicious code without user intervention

Which of the following is NOT an objective of using malware?

Encrypting files for data safety

What might be a consequence of a bot attack?

Manipulation of web applications and denial of service

Study Notes

Course Information

• Course Title: Network Security
• Course Code: ITNETW1
• Exam Dates: December 2nd, 4th, 9th, 11th, and 12th, 2024

Exam Details

• Exam Type: Pen and Paper
• Topics: IP Addresses and Subnets, Network Simulation, and Network Security

Guide Questions

• What is Network Security?
• Why do we need to secure the network?
• What makes a secured network?

Network Security Definition

• Network security uses technologies, processes, and devices to protect the integrity, confidentiality, and accessibility of computer networks.
• Important for organizations of all sizes to protect against evolving cyber threats.

Cyber Attack Definition

• A cyber attack is a set of actions performed by threat actors.
• These actors aim to gain unauthorized access, steal data, or cause damage to computer networks or systems.
• Attacks can be launched from any location and involve individuals or groups utilizing multiple tactics, techniques, and procedures (TTPs).

Importance of Network Security

• Preventing Unauthorized Access: Security protocols ensure only authorized users can access critical systems and data.
• Protecting Data Integrity: Security measures prevent data tampering, ensuring data accuracy and reliability. This is crucial for sensitive info like financial data, personal records, and intellectual property.
• Ensuring Business Continuity: Effective network security strategies help mitigate risks from cyberattacks like DDoS attacks, ensuring the continued operation of services and maintaining availability.
• Compliance with Regulations: Many industries require strict data protection measures. Network security helps organizations comply with standards like GDPR, HIPAA, and PCI-DSS; avoiding penalties and maintaining customer trust.

Network Security Threats and Attacks

• Malware: Programs designed to attack information systems. Various types include ransomware (encrypts files), spyware (spies on victims), and Trojans (infiltrate systems).
• Phishing: A type of fraud where threat actors impersonate reputable entities (e.g., via email) to spread malicious attachments or links and extract account info or login credentials.
• Bots: Small programs that automate web requests with various malicious goals, disrupting applications, websites, end-users, or APIs.
• DDoS Attacks: Employ multiple compromised systems to flood a target with messages or requests, causing a denial of service and disrupting operations. DDoS attacks target websites, servers, and other network resources.
• Advanced Persistent Threats (APTs): Targeted and prolonged attacks involving unauthorized access to a network. Threat actors typically aim to steal data rather than cause immediate damage. They remain undetected for extended periods.
• Drive-by Downloads: Unintentional download of malicious code to a device (computer or mobile) exposing the user to a cyberattack; not requiring user interaction to enact the malicious code.
• DNS Attacks: Exploiting vulnerabilities in the domain name system; aiming to disrupt systems or cause issues. Communication between clients and servers is vulnerable and can be exploited by threat actors.
• Misconfiguration Exploits: Improper configuration of network systems, applications, or devices. Common sources include default settings, lack of updates, and human error.

Challenges of Network Security

• Rapidly Evolving Threat Landscape: Attackers constantly develop new methods to exploit networks and organizations must implement new defenses.
• Bigger Attack Surface: The broader scope of organizations' security strategies can be challenging to manage. All network users play a role in security maintenance.
• BYOD (Bring Your Own Device) and Remote Work: Distributed nature, personal devices (increased attack surface), and the reliance on public networks makes security management more complex.
• Cloud Security: Organizations need to address cloud security, managing the responsibility of cloud vendors versus the organization's security policies for the data and applications running in the cloud.

Firewall (Triad)

• How Firewalls function
• Use of firewalls within home networks
• Security mechanisms used in typical home networks
• Reasoning for implementation
• Practical procedures for setup

Types of Firewall (Part 2)

• Detailed Information on firewall types.

Description

Prepare for your exam on Network Security with this quiz. It covers essential topics such as IP Addresses, Subnets, and the importance of securing networks against cyber threats. Test your knowledge on the definitions and practices vital for maintaining network integrity.