Private or ephemeral ports (49152–65535) are dynamically assigned to client applications for temporary communication sessions.

An intranet is a private network that uses internet technologies (such as TCP/IP and web browsers) but is accessible only to an organization’s internal users. It mirrors the structure and functionality of the internet while remaining private.

An extranet extends limited access to external partners. A VLAN is a logical network segmentation technique. A VPN is a secure communication tunnel, not a network architecture.

Intranets are commonly used for internal portals, documentation, collaboration tools, and internal services. From a security standpoint, intranets require strong authentication, segmentation, and access controls.

Log retention policies are primarily driven by laws, regulations, and governance requirements. Audits review compliance but do not typically define retention durations themselves.

Defense in depth begins by identifying assets, followed by administrative controls (policies), technical controls (logical), and physical controls to protect systems at multiple layers.

Sniffing captures network traffic, while spoofing impersonates trusted sources.

GDPR directly addresses privacy, while FIPS and MOUs can also relate to privacy controls and data handling requirements.

Laws and regulations are legally enforceable and can impose fines or penalties. Standards and policies are not legally binding unless mandated by regulation.

VLANslogically separate networks at Layer 2 while sharing the same physical infrastructure.

Distributed Denial-of-Service (DDoS) attacks disrupt availability by overwhelming systems, preventing legitimate access.

“Something you know” authentication refers to knowledge-based credentials such as passwords, PINs, or passphrases. This is widely regarded as the weakest form of authentication because it is highly susceptible to compromise through phishing, brute-force attacks, credential stuffing, shoulder surfing, and social engineering.

Passwords can be guessed, reused, written down, or stolen through malware and data breaches. Users often choose weak or reused passwords, further reducing security. Even when password complexity rules are enforced, attackers frequently bypass them using previously leaked credentials.

In contrast, “something you have” (tokens, smart cards), “something you are” (biometrics), and biometric authentication provide stronger assurance because they are harder to steal or replicate. Modern security standards recommend combining factors using multi-factor authentication (MFA) to reduce reliance on knowledge-based authentication alone.

NIST SP 800-63 explicitly discourages password-only authentication for sensitive systems, emphasizing that “something you know” should be augmented with additional factors whenever possible.