Authentication is the component of the AAA (Authentication, Authorization, and Accounting) framework that verifies user identities (e.g., via passwords, certificates, or biometrics) before granting access to network resources.

IoT devices often have constant internet connectivity and increased data sharing, making them more vulnerable to command-and-control (C2) attacks. Their limited security features and exposure to external networks provide attackers more opportunities to compromise and control them remotely.

A directory service is a database that contains information about users, resources, and services in a network.

A meddler-in-the-middle (MITM) attack is a type of Wi-Fi attack where the attacker intercepts and redirects the victim’s web traffic to serve content from a web server it controls. The attacker can use various techniques, such as ARP spoofing, DNS spoofing, or SSL stripping, to trick the victim into connecting to a rogue access point or a proxy server that acts as a middleman between the victim and the legitimate website. The attacker can then modify, inject, or drop the packets that are exchanged between the victim and the website, and perform malicious actions, such as stealing credentials, injecting malware, or displaying fake or misleading content. A MITM attack can compromise the confidentiality, integrity, and availability of the victim’s web traffic and expose them to various risks and threats. References:

What is a man-in-the-middle attack?

The 5 most dangerous Wi-Fi attacks, and how to fight them

What Are Sniffing Attacks, and How Can You Protect Yourself?

Stateful packet inspection firewalls Second-generation stateful packet inspection (also known as dynamic packet filtering) firewalls have the following characteristics:

● They operate up to Layer 4 (Transport layer) of the OSI model and maintain state information about the communication sessions that have been established between hosts on the trusted and untrusted networks.

● They inspect individual packet headers to determine source and destination IP address, protocol (TCP, UDP, and ICMP), and port number (during session establishment only) to

determine whether the session should be allowed, blocked, or dropped based on configured

firewall rules.

● After a permitted connection is established between two hosts, the firewall creates and

deletes firewall rules for individual connections as needed, thus effectively creating a tunnel that allows traffic to flow between the two hosts without further inspection of individual packets during the session.

● This type of firewall is very fast, but it is port-based and it is highly dependent on the

trustworthiness of the two hosts because individual packets aren’t inspected after the

connection is established.

A Type 1 hypervisor, also known as a bare-metal hypervisor, is a software layer that runs directly on the hardware of a physical host computer, without requiring an underlying operating system. A Type 1 hypervisor can create and manage multiple isolated virtual machines (VMs), each with its own virtual (or guest) operating system and applications. A Type 1 hypervisor is hardened against cyber attacks, as it has a smaller attack surface and fewer vulnerabilities than a Type 2 hypervisor, which runs within an operating system. A Type 1 hypervisor also offers better performance, scalability, and resource utilization than a Type 2 hypervisor. References: 10 Palo Alto Networks PCCET Exam Practice Questions, Palo Alto Networks Certified Cybersecurity Entry-level Technician v1.0, FREE Cybersecurity Education Courses.

Multiple attack vectors – APTs often use various methods (phishing, malware, lateral movement) to infiltrate and maintain access to a target.

Repeated pursuit of objective – APTs are known for their persistent nature, involving continuous efforts over time to achieve their goals, such as data theft or surveillance.

SSL/TLS decryption allows security tools to inspect encrypted traffic, enabling them to detect hidden malware, command-and-control communication, or data exfiltration that would otherwise bypass inspection if left encrypted.