Exploration may include the following:
- Mail gateway
- Spam filter
- Data Loss Prevention (DLP)
- Encryption
- Media gateway
- Security information and event management (SIEM)
- Aggregation
- Correlation
- Automated alerting and triggers
- Time synchronization
- Event deduplication
- Logs/Write once, read many (WORM)
- Network-based intrusion prevention system (NIPS)/Network-based intrusion detection system (NIDS)/Host-based intrusion detection system (HIDS)
- Signature-based
- Anomaly-based
- Heuristic-based
- Inline vs. passive
- In-band vs. out-of-band
- Rules
- Analytics
- False positive
- False negative
- True positive
- True negative
- Virtual Private Network (VPN) Concentrator
- Remote access vs. site-to-site
- Internet Protocol Security (IPSec)
- Tunnel mode
- Transport mode
- Authentication Header (AH)
- Encapsulated Security Payload (ESP)
- Split tunnel vs. full tunnel
- Transport Layer Security (TLS)
- Always-on VPN
- Secure Sockets Layer (SSL)/TLS accelerators
- SSL decryptors
- DLP
- Universal Serial Bus (USB) blocking
- Cloud-based
- Email
- Hardware security module
Process/Skill Questions:
- How does a VPN device ensure security between two end points?
- How does a SIEM ease a security engineer’s responsibilities?
- What is the difference between a NIPS and NIDS?