Network-and-Security-Foundation Network-and-Security-Foundation Questions and Answers

Availabilityensures that systems and data remain accessible and operational, even in the event of failures or attacks. Adisaster recovery plan (DRP)focuses on restoring IT infrastructure and operations after incidents like hardware failures, cyberattacks, or natural disasters. Strategies include data backups, failover systems, and redundant architectures.

Confidentialityfocuses on restricting unauthorized access.

Integrityensures data remains unaltered, but does not address service continuity.

Innovationis unrelated to the CIA triad.

Thedigcommand in Linux is used for DNS troubleshooting. It queries DNS records and provides detailed information about domain name resolutions.

traceroutetracks the path packets take to a destination but does not diagnose DNS.

netstatlists active connections, not DNS records.

ifconfigis used for managing network interfaces.

Availabilityensures that systems, applications, and data remain accessible and operational for authorized users when needed. Organizations implement redundancy, failover mechanisms, and backup systems to maintain availability.

Integrityensures that data remains accurate and unchanged.

Confidentialityprotects sensitive data from unauthorized access.

Innovationis not a component of the CIA triad.

Infrastructure as a Service (IaaS)provides virtualized computing resources, including virtual machines, storage, and networking, while allowing users full control over operating systems and applications. Examples include AWS EC2 and Google Compute Engine.

SaaSprovides ready-to-use applications (e.g., Google Docs).

FaaSruns code in response to events (e.g., AWS Lambda).

PaaSprovides development environments but not full infrastructure control.

Configuring switch port tracinghelps detect unauthorized devices, such as rogue access points, that are connected to the network. Network administrators can useport securityandintrusion detection systems (IDS)to monitor and block unauthorized access points.

Decreasing wireless rangemay limit exposure but does not actively detect rogue APs.

Disabling unnecessary servicesimproves security but does not prevent rogue APs.

Monitoring traffic patternshelps detect anomalies but does not directly stop rogue APs.

Confidentialityin IT security ensures that sensitive data remains private and protected from unauthorized access. Encryption is a key measure used to maintain confidentiality by encoding data so that only authorized users can access it.

Integrityensures that data remains accurate and unchanged.

Availabilityensures that data is accessible when needed.

Consistencyis not a component of the CIA triad.

Integrityin IT security ensures that data remains accurate, unaltered, and trustworthy throughout its lifecycle. This means that data transmission should occurwithout errorsand should not be modified by unauthorized parties. Mechanisms like checksums, hashing, and digital signatures help maintain integrity.

Encryption (B)enhances confidentiality, not integrity.

Accessibility (C and D)relates to availability, not integrity.

This describes aransomware attack, which falls underdenial of availabilitybecause it prevents users from accessing their data or systems until a ransom is paid. Attackers use encryption to lock files, disrupting operations.

Data modificationrefers to unauthorized changes to information.

Data exportinvolves stealing data rather than disabling access.

Launch pointdescribes an attacker's use of a compromised system to attack others.

Infrastructure as a Service (IaaS)provides virtualized computing resources over the cloud, including virtual machines where users can install and configure their own operating systems and applications. It offers flexibility and scalability without requiring hardware investment. Examples include AWS EC2 and Microsoft Azure Virtual Machines.

FaaSexecutes small code functions without infrastructure management.

PaaSprovides a managed platform but not full OS control.

SaaSoffers ready-to-use applications without infrastructure control.

Server-side validationhelps preventSQL injection, command injection, and other input-based attacksby ensuring that user input is properly sanitized before being processed by the system.Parameterized queries and input validationshould also be implemented to further reduce risk.

Detecting code vulnerabilitiesis helpful but not a direct mitigation technique.

Decreasing wireless rangedoes not affect injection attacks.

Using WPA2secures wireless networks but does not prevent injection attacks.

Enhancing physical resource securityensures that servers, networking devices, and data storage facilities are protected from unauthorized physical access, theft, or tampering. This includes measures like biometric authentication, surveillance, and restricted access zones.

Using a variable network topologydoes not directly protect data.

Increasing wireless access point rangemay improve connectivity but does not enhance security.

WEPis weak and should not be used for data protection.

TheTransport layer(Layer 4 of the OSI model) includes theTransmission Control Protocol (TCP), which provides reliable, connection-oriented communication. TCP ensures error-checking, sequencing, and retransmission of lost packets.

Application layerdeals with end-user protocols like HTTP and FTP.

Session layermanages communication sessions but not transport protocols.

Network layerfocuses on IP addressing and routing, not transport mechanisms.

TheNetwork layer(Layer 3 of the OSI model) includes theInternet Control Message Protocol (ICMP), which is used for network diagnostics (e.g.,pingcommand). ICMP helps in error reporting and network troubleshooting.

Transport layerhandles reliable data delivery (e.g., TCP, UDP).

Session layermanages communication sessions.

Application layerprovides end-user services.

Alaunch point attackoccurs when an attacker compromises a system and uses it as a foothold to spread malware, conduct reconnaissance, or launch further attacks against other systems. Botnets and command-and-control (C2) servers operate this way.

Denial of availabilitydisrupts service, but does not spread attacks.

Data exportsteals data instead of launching further attacks.

Data modificationchanges existing information but does not involve propagating threats.

Aman-in-the-middle (MITM) attackoccurs when an attacker secretly intercepts and relays communication between two parties. This allows the attacker to steal data, modify messages, or inject malicious content without the victims' knowledge.

Credential stuffingreuses stolen login credentials but does not involve interception.

Social engineeringmanipulates users rather than intercepting messages.

Pharmingredirects users to fraudulent websites, but it does not intercept communication.