Protocol security mechanism

Voice communication security

Remote access security management

multimedia collaboration

Manage email security

virtual private network

Switching and Virtual LAN

network address translation

Third party connection

switching technology

WAN technology

Fiber optic link security control features

Prevent or mitigate cyberattacks

Learn about PPP. Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. The original PPP options for authentication are PAP, CHAP, and EAP.

PAP, CHAP and EAP definitions. PAP transmits usernames and passwords in clear text. CHAP performs authentication using a challenge-response conversation that cannot be replayed. EAP allows for custom authentication security solutions.

Can provide examples of EAP. There are approximately 40+ EAP definitions, including LEAP, PEAP, EAP-SIM, EAP-FAST, EAP-MDS, EAP-POTP, EAP-TLS and EAP-TTLS.

Understanding IEEE 802.1X • IEEE 802.1x defines the use of encapsulated EAP to support a wide range of identities over LAN connections

Authentication options. The IEEE802.1X standard is officially named "Port-based Network Access Control".

Learn about port security. Port security can refer to physical control of all connection points, such as RJ-45 wall jacks or device ports. Port security is the management of TCP and User Datagram Protocol (UDP) ports. Port security can also refer to the need to authenticate a port before allowing communication through or across the port (i.e. IEEE 802.1X).

Understand voice communications security. Voice communications are vulnerable to a variety of attacks, especially as voice communications become an important part of network services. By using encrypted communications, confidentiality can be improved. Some technical measures are needed to prevent interception, listening, tapping and other types of attacks. Familiarity with topics related to voice communications such as POTS, PSTN, PBX A VolP.

Learn about the threats associated with PBX systems and what to do about PBX spoofing. The measures to protect against PBX fraud and abuse are largely the same as those used to protect computer networks: logical controls, technical controls, administrative controls, and physical controls.

Understand the security issues related to XoIP. Security risks faced by XoIP include: caller ID fraud, voice phishing, dialing management software/firmware attacks, phone hardware attacks, DoS, MITM/path, spoofing and switch hopping attacks.

Understand the content of phishing attacks. Phreaking is a specific type of attack that uses a variety of techniques to trick functionality provided by a phone system in order to make free long-distance calls, change the functionality of a phone service, abuse specialized services, or directly Cause the service to crash. A phreak is a person who performs a phreak attack.

Understand the issues of return access security management. Remote access security management requires security system designers to select hardware and software components based on security policies, work tasks, and encryption requirements.

Learn about various issues related to remote access security. Familiarity with remote access, dial-up connections, screen capturers, virtual applications/desktops, and general remote working security priorities.

Learn about multimedia collaboration. Multimedia collaboration refers to the utilization of various multimedia-enabled communication solutions to enhance remote collaboration and communication.

Understand the purpose of a load balancer. The purpose of load balancing is to obtain more optimized infrastructure utilization, minimize response time, maximize throughput, reduce overload and eliminate bottlenecks. Load balancers are used to spread/distribute network load across multiple network links or network devices.

Learn about active-active systems. An active-active system is a form of load balancing that uses all available paths or systems during normal operations, but has reduced capacity during adverse conditions.

Understand active-passive systems. An active-passive system is a form of load balancing that puts certain paths or systems to sleep unused during normal operations and is able to maintain consistent capacity during abnormal conditions.

Understand how email security works. Internet mail is based on the SMTP, POP3 and IAP protocols. It is inherently unsafe. In order to make email secure, some security measures need to be added to the security policy. Technologies that address email security include: SMIME, PGP, DKIM, SPF, DMARC, STARTTLS, and Implicit SMTPS.

Learn how to secure data communications. Protection measures should include implementing secure VoIP, VPN, VLAN and NAT.

Learn about virtualized networking. Virtualized networking or network virtualization refers to the combination of hardware and software network components into a single integrated entity. Examples include: software-defined networking (SAN), VIAN, VPN, virtual switch, virtual SAN, guest operating system, port isolation, and NAT.

Define tunnel. Tunneling refers to encapsulating messages of one transport protocol using a second protocol. The second protocol often utilizes encryption to protect message content.

Understand VPNs. VPNs are based on encrypted tunnels. It can provide point-to-point connections with identity authentication and data protection functions. Common VPN protocols are PPTP, L2TP, SSH, TLS, and Psec.

Learn about split tunneling vs. full tunneling. Split tunneling is a VPN configuration that allows a VPN-connected client system (i.e., a remote node) to access an organization's network directly through both the VPN and the Internet. Full tunnel is another VPN configuration in which all traffic from the client is sent over the VPN link to the organization network, and then any traffic destined for the Internet is routed from the organization network's proxy or firewall interface to the Internet.

Be able to explain what NAT is. NAT provides an addressing scheme for private networks, allowing the use of private addresses and enabling multiple internal users to access the Internet through fewer public addresses. Many security border devices support NAT, such as firewalls, routers, gateways, WAPs, and proxy servers.

Learn about third-party connections. Most organizations interact with external third-party providers. Most external entities do not need to interact directly with the organization's IT/IS, however, although rarely, the risks and consequences must still be considered. This includes partnerships, cloud services and remote workers.

Understand the differences between packet switching and circuit switching. In circuit switching, a dedicated physical path is established between communicating parties. In packet switching, a message or communication content is divided into many small segments and then transmitted to the destination through an intermediate network. Packet switching systems have two communication paths or virtual circuits: permanent virtual circuits (PVC) and switched virtual circuits (SVC).

Understand cyber attacks of various types and countermeasures related to communication security. Communications systems are vulnerable to a variety of attacks, including distributed denial of service (DDoS), snooping, impersonation, replay, tampering, spoofing, ARP attacks, and DNS attacks. Be able to propose effective countermeasures for each attack.

1. The most important thing about a security solution is whether it meets the specific needs of the asset (i.e. the threat). However, there are many other aspects of security that you need to consider. A significant advantage of security controls is that they are invisible to users. What is this advantage? A. Invisibility B.Transparency C.Partition D. Hidden in plain sight

2. One of the three equal authentication items that can be provided by the scalable authentication protocol EAP Point-to-Point Protocol (PPP), EAP allows customized identity authentication security solutions. Which of the following options are examples of EAP methods? (Select all that apply options. ) A. LEAP B. EAP-VPN C. PEAP D.EAP-SIM E. EAP-FAST F. EAP-MBL G. EAP-MD5 H.VEAP I. EAP-POTP J.EAP-TLS K.EAP-TTLS

3. In addition to maintaining updated systems and controlling physical access, which of the following is the most effective against PBX fraud and abuse Countermeasures? A. Communication encryption B. Change default password C. Use transfer logs D. Record and archive all calls

4. A phreak was arrested who had been using technology deployed in an office building. Several handmade tools and electronics owned by the flyer at the time of his arrest were used as evidence. What might this adversary be trying to sabotage the organization? A. Account number B.NAT C.PBX D. Wi-Fi

5. Multimedia collaboration refers to the use of various communication solutions supporting multimedia to enhance remote collaboration (joint remote processing projects). Typically, collaboration allows employees to work simultaneously and across different time zones. Which of the following options are important security mechanisms to implement on multimedia collaboration tools? (Select all that apply.) A. Communication encryption B. Multi-factor authentication C. Customize virtual identities and filters D Records of events and activities

6. Michael is configuring a new Web server to provide instruction manuals and specification sheets to customers. The web server has been located in a shielded subnet and assigned a Guardian address (172.31,201.17), and the public side of the company's split DNS has associated the documents.myexamplecompany.com domain name with the assigned IP. After confirming that the website was accessible from his management station (accessed via a jump box to a shielded subnet) as well as from several employees' desktop systems, he declared the project complete and went home. After a few hours, Michael came up with some additional changes to improve the site navigation. However, when he tried to connect to the new website using the FQDN, he received a connection error—he was unable to access the site. What is the cause of this problem? A. Jumpbox not restarting. B. Split DNS does not support Internet domain name resolution. C. The browser is not compatible with the website encoding. D. Assign the private address in RFC 1918 to the web server.

7. Mark is configuring the remote access server to accept inbound connections from remote workers. He is following a configuration checklist to ensure that the telecommuting link complies with company security policies. Which authentication protocol does not provide encryption and protection of login credentials? A.PAP B. CHAP C. EAP D. RADIUS

8. Some independent automated data collection tools use search engines in their operations. They can do this by automatically interacting with the human-machine interface web portal interface. What enables this functionality? A.Remote control B. Virtual desktop C. Remote node operation D. Screen capture

9. While assessing network traffic, you discover several unfamiliar addresses. Several of these addresses are within the range of addresses assigned to internal network segments. Which of the following IP addresses are private IPv4 addresses as defined by RFC 1918? (Select all that apply.) A. 10.0.0.18 B. 169.254.1.119 C. 172.31.8.204 D. 192.168.6.43

10. The CISO has requested a report on potential communications partners across the company. There is a plan to implement VPNs between all network segments to increase protection against eavesdropping and data manipulation. Which of the following cannot be connected through a VPN? A. Two LANs connected to the Internet over long distances B. Two systems on the same LAN C. A system connected to the Internet and a LAN connected to the Internet D. Two systems with no intermediate network connection

11 What network devices can be used to create digital virtual network segments and adapt changes deployed within the device as needed? A. Router B.Switch C.Agent D. Firewall

12.CISOs are concerned that using subnets as the only form of network segmentation will limit the growth and flexibility of the network. They are considering implementing a VLAN-enabled switch, but are not sure if VLAN is the best option. Which of the following is not an advantage of VLAN? A. Traffic isolation B. Data/traffic encryption C.Congestion management D. Reduce the vulnerability of the organization to sniffers

13. The CISO has tasked you with designing and implementing an IT port security policy. While researching these options, you realize that there are several concepts in port labeled port security. You prepare a report to provide options to the CISO. Which of the following port security concepts should you include in this report? (Select all that apply.) A. Shipping container storage B.NAC C. Transport layer D. RJ-45 jack

14._______ is the supervision and management of network communication efficiency and performance. Items to measure include throughput, bitrate, packet loss, latency, jitter, transmission delay, and availability. A.VPN B.Qos C.SDN D. sniff

15. You are configuring a VPN to provide secure communication between systems. You want to minimize the information left in the plaintext through the encryption mechanism of your chosen solution. Which IPsee mode provides encryption of the complete packet, including header information? A.Transmission mode B. Encapsulating Security Payload (ESP) C Authentication Header (AH) D.Tunnel mode

16. Internet Protocol Security (IPsec) is a standard for security extensions used as an add-on to IPv4 and integrated into IPv6. What IPsec components ensure message integrity and non-repudiation? A. Authentication Header (AHD) B. Encapsulated Security Payload (ESP) C.IP Payload Compression Protocol D. Internet Key Exchange (IKE)

17. When designing a security system for Internet mail, which of the following is least important? A. Non-repudiation B. Data residual destruction C. message integrity D.Access restrictions

18. You are tasked with developing your organization's email retention policy. Which of the following is not something that must be discussed with the end user? Showing off? A. Privacy B. Auditor review C. Length of retention time D.Backup method

19. Modern networks are built on multi-layer protocols, such as TCP/IP. This provides flexibility and resilience to complex network structures. Which of the following does not mean a multi-layer protocol? A. VLAN jump B. Multiple packaging C. Use tunnels to circumvent filtering D. Static IP address

20. Which of the following connection types can be described as a logic circuit that is always present and waiting for clients to send data? A.SDN B.PVC C.VPN D.SVC