What 5 essential characteristics does a cloud have?
On-demand self-service - consumer can customize computing capabilities
Broad network access - capabilities available over the network (internet)
Resource pooling - optimal distribution of computing load and sharing of computing resources
Rapid elasticity
What are the service models?
Software as a Service (SaaS) - Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com
Platform as a Service (PaaS) - ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.)
Infrastructure as a S
Software as a Service (SaaS)
Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com
Platform as a Service (PaaS)
ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.)
Infrastructure as a Service (IaaS)
consumer has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Also Amazon and Azure ...
What are the deployment models?
Private Cloud -
Community Cloud -
Public Cloud -
Hybrid Cloud -
Private Cloud -
cloud infrastructure is operated solely for an organization
Community Cloud -
cloud infrastructure is shared by several organizations with a shared purpose
Public Cloud -
cloud infrastructure is made available to general public or large industry group
Hybrid Cloud
combination of two or more clouds (private, community, or public) that remain unique entities but share technology and resources
What are the different devices, components, and access controls in a WAN domain?
WAN service provider
Dedicated lines/circuits
MPLS/VPN WAN or Metro Ethernet
WAN Layer 2/Layer 3 Switches
How are backups and redundant connections used within WAN domain?
-either multiple connections to the same WAN or multiple connections using different WANs
-Install backup or redundant connection devices in the WAN Domain to ensure connection hardware failure does not result in a failure to connect to your WAN.
Ensure the ______ for each WAN service provider meets or exceeds the required uptime goals for each WAN
SLA
How do you Implement WAN traffic monitoring and analysis software?
Installing software or devices on the perimeter of the WAN where you connect to it; or
� Relying on you WAN service provider to supply traffic flow data
In order to Maximize WAN Domain C-I-A, one should require ...?
Requiring WAN service availability SLAs
Requiring WAN recovery and restoration SLAs Requiring WAN traffic encryption/VPNs
WAN Recovery and Restoration SLAs should include ...?
Most include provisions for recovering from major interruptions due to hardware or carrier failure
Should contain a commitment for the maximum amount of time it should take to restore organization's WAN service after a failure
Time to recover (TTR), or ti
A best practice is to verify that WAN service provider has a SOC report, which signifies..?
that a service organization has had its control objectives and activities examined by an independent auditing firm per Requirements of Section 404 of the Sarbanes- Oxley Act
Use ___________ techniques on the multiple WAN connections to utilize the bandwidth of both connections.
load-balancing
Primary security concern for remote access is ________.
data privacy
What are the key controls for the Remote Access Domain?
application data, application connection, and system connection encryption
What are the different components in the Remote Access Domain?
Remote users
Remote workstations or laptops
Remote access controls and tools
Authentication servers
RADIUS
TACACS+
VPNs and encryption
Internet service provider (ISP) WAN connections
Broadband Internet service provider WAN connections
Private" part of VPN refers to private
addressing and not data privacy. T/F
True
When monitoring the VPN what areas should be monitored?
VPN connection creation, remote access connection, and remote computer logon
What stpes should be followed when monitoring VPN traffic?
1. monitor data for modification in transit. 2. verify secure data transmission. 3. Use a proxy filter 4. Log and review data
What are the main areas of concern in regards to Remote Access Domain security compliance?
Client-side configuration
� Server-side configuration
� Configuration-management verification
Remote Access Domain Configuration Validation should validate ..?
-VPN client definition and access controls
� TLS/VPN remote access via a Web browser
� VPN configuration management
Configuration and change management for remote access domain will oversee ..?
VPN client software, authentication servers, VPN servers, remote access servers, and network management system servers
Organizations should Install at least one firewall between your VPN endpoint and your internal network. T/F
True
The WAN Domain commonly contains a DMZ.
A. True
B. Fales
A. True
2. One of the most important concerns when sending data across a WAN is confidentiality.
A. True
B. False
A. True
3. Which of the following is the primary type of control employed in the WAN Domain?
A. Firewalls
B. Encryption
C. Hashing
D. Compression
B. Encryption
4. Who writes SLAs?
A. Subscribing organization
B. Telecom company
C. WAN service provider
D. SOC
C. WAN service provider
5. Which types of WAN generally has the highest speed and is the most secure?
A. Dedicated line
B. Circuit switching
C. Packet switching
D. MPLS network
A. Dedicated line
6. The _____ contains the guaranteed availability for your WAN connection.
SLA
7. Which WAN technology is a cost-effective solution for connecting multiple locations?
A. MPLS
B. ISBDN
C. MAN
D. L2TP
A. MPLS
8. Most WAN protocols operate at which level in the OSI reference model?
A. 7
B. 3
C. 2
D. 1
C 2
9. A _______ can exclude unnecessary traffic from the WAN.
WAN optimizer
10. WAN subscription cost tends to decrease as availability increases.
A. True
B. False
B. False
11. By definition, VPN traffic is encrypted.
True
False
False
12. Which of the following is an internal control report for the services provided by a service provider?
A. SLA
B. WAN
C. SOC
D. MPLS
C. SOC
13. A ______ makes it easy to establish what appears to be a dedicated connection over a WAN.
VPN
14. Which of the following describes a common LAN protocol deployed to a network size of a city?
A. IPSec MAN
B. Urban Ethernet
C. TCP MAN
D. Metro Ethernet
D. Metro Ethernet
1. The primary concern for remote access is availability.
A. True
B. False
B. False
2. Which entity is responsible for controlling access to network traffic in the WAN?
A. WAN optimizer
B. Your organization
C. WAN service provider
D. Network management platform
C. WAN service provider
3. _______ is the primary security control used in the Remote Access Domain.
Encryption
4. All VPN traffic is encrypted .
A. True
B. False
B. False
5. Given adequate security controls, PDAs are appropriate for use as remote access devices.
A. True
B. False
A. True
6. Which of the following terms means the process to decide what a user can do?
A. Identification
B. Authentication
C. Clearance
D. Authorization
D. Authorization
7. Which of the following protocols is used for encrypted traffic?
A. HTTPS
B. SNMP
C. IP
D. L2TP
A. HTTPS
8 __________ is a technique that creates a virtual encrypted channel that allows applications to use any protocol to communicate with servers and services without having to worry about addressing privacy concerns.
Tunneling
9. Which of the following protocols works as well with firewalls?
A. GRE
B. SSTP
C. L2TP
D. L2F
B. SSTP
10. Which of the following transmission techniques requires the entire bandwidth of a channel?
A. Multiband
B. Baseband
C. Broadband
D. duplex
B. Baseband
11. _______ is a network protocol used to monitor network devices.
SNMP
12. The us of global user accounts can simplify user maintenance.
True
False
True
13. Which protocol is commonly used to protect data sent to web browsers when not using VPNs?
A. IPSec
B. PPTP
C. GRE
D. TLS
D. TLS
14. Which of the following controls would best protect sensitive data disclosure to unauthorized users using remote computers?
A. Encryption
B. Strong passwords
C. Firewalls
D. Configuration management tools
B. Strong passwords
15. Which protocol does SNMP use to transport messages?
A. TCP
B. UDP
C. TLS
D. GRE
B. UDP
What 5 essential characteristics does a cloud have?
On-demand self-service - consumer can customize computing capabilities
Broad network access - capabilities available over the network (internet)
Resource pooling - optimal distribution of computing load and sharing of computing resources
Rapid elasticity
What are the service models?
Software as a Service (SaaS) - Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com
Platform as a Service (PaaS) - ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.)
Infrastructure as a S
Software as a Service (SaaS)
Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com
Platform as a Service (PaaS)
ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.)
Infrastructure as a Service (IaaS)
consumer has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Also Amazon and Azure ...
What are the deployment models?
Private Cloud -
Community Cloud -
Public Cloud -
Hybrid Cloud -
Private Cloud -
cloud infrastructure is operated solely for an organization
Community Cloud -
cloud infrastructure is shared by several organizations with a shared purpose
Public Cloud -
cloud infrastructure is made available to general public or large industry group
Hybrid Cloud
combination of two or more clouds (private, community, or public) that remain unique entities but share technology and resources
What are the different devices, components, and access controls in a WAN domain?
WAN service provider
Dedicated lines/circuits
MPLS/VPN WAN or Metro Ethernet
WAN Layer 2/Layer 3 Switches
How are backups and redundant connections used within WAN domain?
#NAME?
Ensure the ______ for each WAN service provider meets or exceeds the required uptime goals for each WAN
SLA
How do you Implement WAN traffic monitoring and analysis software?
Installing software or devices on the perimeter of the WAN where you connect to it; or
� Relying on you WAN service provider to supply traffic flow data
In order to Maximize WAN Domain C-I-A, one should require ...?
Requiring WAN service availability SLAs
Requiring WAN recovery and restoration SLAs Requiring WAN traffic encryption/VPNs
WAN Recovery and Restoration SLAs should include ...?
Most include provisions for recovering from major interruptions due to hardware or carrier failure
Should contain a commitment for the maximum amount of time it should take to restore organization's WAN service after a failure
Time to recover (TTR), or ti
A best practice is to verify that WAN service provider has a SOC report, which signifies..?
that a service organization has had its control objectives and activities examined by an independent auditing firm per Requirements of Section 404 of the Sarbanes- Oxley Act
Use ___________ techniques on the multiple WAN connections to utilize the bandwidth of both connections.
load-balancing
Primary security concern for remote access is ________.
data privacy
What are the key controls for the Remote Access Domain?
application data, application connection, and system connection encryption
What are the different components in the Remote Access Domain?
Remote users
Remote workstations or laptops
Remote access controls and tools
Authentication servers
RADIUS
TACACS+
VPNs and encryption
Internet service provider (ISP) WAN connections
Broadband Internet service provider WAN connections
Private" part of VPN refers to private
addressing and not data privacy. T/F
TRUE
When monitoring the VPN what areas should be monitored?
VPN connection creation, remote access connection, and remote computer logon
What stpes should be followed when monitoring VPN traffic?
1. monitor data for modification in transit. 2. verify secure data transmission. 3. Use a proxy filter 4. Log and review data
What are the main areas of concern in regards to Remote Access Domain security compliance?
Client-side configuration
� Server-side configuration
� Configuration-management verification
Remote Access Domain Configuration Validation should validate ..?
#NAME?
Configuration and change management for remote access domain will oversee ..?
VPN client software, authentication servers, VPN servers, remote access servers, and network management system servers
Organizations should Install at least one firewall between your VPN endpoint and your internal network. T/F
TRUE
The WAN Domain commonly contains a DMZ.
A. True
B. Fales
A. True
2. One of the most important concerns when sending data across a WAN is confidentiality.
A. True
B. False
A. True
3. Which of the following is the primary type of control employed in the WAN Domain?
A. Firewalls
B. Encryption
C. Hashing
D. Compression
B. Encryption
4. Who writes SLAs?
A. Subscribing organization
B. Telecom company
C. WAN service provider
D. SOC
C. WAN service provider
5. Which types of WAN generally has the highest speed and is the most secure?
A. Dedicated line
B. Circuit switching
C. Packet switching
D. MPLS network
A. Dedicated line
6. The _____ contains the guaranteed availability for your WAN connection.
SLA
7. Which WAN technology is a cost-effective solution for connecting multiple locations?
A. MPLS
B. ISBDN
C. MAN
D. L2TP
A. MPLS
8. Most WAN protocols operate at which level in the OSI reference model?
A. 7
B. 3
C. 2
D. 1
C 2
9. A _______ can exclude unnecessary traffic from the WAN.
WAN optimizer
10. WAN subscription cost tends to decrease as availability increases.
A. True
B. False
B. False
11. By definition, VPN traffic is encrypted.
True
False
FALSE
12. Which of the following is an internal control report for the services provided by a service provider?
A. SLA
B. WAN
C. SOC
D. MPLS
C. SOC
13. A ______ makes it easy to establish what appears to be a dedicated connection over a WAN.
VPN
14. Which of the following describes a common LAN protocol deployed to a network size of a city?
A. IPSec MAN
B. Urban Ethernet
C. TCP MAN
D. Metro Ethernet
D. Metro Ethernet
1. The primary concern for remote access is availability.
A. True
B. False
B. False
2. Which entity is responsible for controlling access to network traffic in the WAN?
A. WAN optimizer
B. Your organization
C. WAN service provider
D. Network management platform
C. WAN service provider
3. _______ is the primary security control used in the Remote Access Domain.
Encryption
4. All VPN traffic is encrypted .
A. True
B. False
B. False
5. Given adequate security controls, PDAs are appropriate for use as remote access devices.
A. True
B. False
A. True
6. Which of the following terms means the process to decide what a user can do?
A. Identification
B. Authentication
C. Clearance
D. Authorization
D. Authorization
7. Which of the following protocols is used for encrypted traffic?
A. HTTPS
B. SNMP
C. IP
D. L2TP
A. HTTPS
8 __________ is a technique that creates a virtual encrypted channel that allows applications to use any protocol to communicate with servers and services without having to worry about addressing privacy concerns.
Tunneling
9. Which of the following protocols works as well with firewalls?
A. GRE
B. SSTP
C. L2TP
D. L2F
B. SSTP
10. Which of the following transmission techniques requires the entire bandwidth of a channel?
A. Multiband
B. Baseband
C. Broadband
D. duplex
B. Baseband
11. _______ is a network protocol used to monitor network devices.
SNMP
12. The us of global user accounts can simplify user maintenance.
True
False
TRUE
13. Which protocol is commonly used to protect data sent to web browsers when not using VPNs?
A. IPSec
B. PPTP
C. GRE
D. TLS
D. TLS
14. Which of the following controls would best protect sensitive data disclosure to unauthorized users using remote computers?
A. Encryption
B. Strong passwords
C. Firewalls
D. Configuration management tools
B. Strong passwords
15. Which protocol does SNMP use to transport messages?
A. TCP
B. UDP
C. TLS
D. GRE
B. UDP