| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
Network & Endpoint Security
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers how organizations build and defend the network perimeter and protect the devices connected to it. The session introduces at a topic level how networks are structured, how VPNs secure remote connectivity, how firewalls make access decisions, how segmentation contains threats, and how endpoint detection tools guard the devices at the edge.
What this episode covers
- Network link types and network categories — dedicated versus switched circuits, packet switching, and the spectrum from personal area networks to wide area networks including the internet.
- Network services — file, print, email, remote access, directory services, address assignment protocols, and name resolution, and why standards ensure interoperability.
- Virtual private networks (VPNs) — remote-access, intranet, and extranet types, VPN security best practices, and the critical limitation that VPNs encrypt but do not inspect traffic.
- Storage and delivery services — network attached storage vulnerabilities and controls, content delivery networks and session hijacking risk, and network time protocol for log correlation.
- Client-server technology — thin versus thick clients, two-tier versus three-tier architectures, middleware as the glue between applications, and on-demand computing.
- Firewall types and next-generation capabilities — packet filtering, application, and stateful inspection firewalls, next-generation firewalls with deep packet inspection, web application firewalls, screened subnets, and unified threat management.
- Segmentation and endpoint security — network segmentation, micro-segmentation, endpoint detection and response, and extended detection and response tools.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What are the three classic types of firewall and how do they differ?
A packet filtering firewall inspects each packet’s header and decides based on simple rules; it is fast but easily fooled by tricks such as spoofing. An application firewall uses proxies and a fortified bastion host to hide the internal network but can be slower. A stateful inspection firewall tracks outgoing requests and matches the replies, making it efficient but more complex to manage. All three typically follow a deny-all philosophy where traffic is blocked unless there is a business reason to allow it.
What is a VPN and what is its key security limitation?
A virtual private network extends the corporate network securely over the public internet using encryption, replacing expensive leased lines with cheaper public connectivity. It comes in three types: remote-access for individual workers, intranet for branch offices, and extranet for business partners. The key limitation is that a VPN encrypts traffic but does not inspect it for malware, so all VPN traffic should be routed through a full security stack.
What is network segmentation and why does it matter for security?
Network segmentation splits a network into smaller zones each with its own rules, and micro-segmentation takes that down to individual devices. Segmentation limits how far an attack can spread, improves performance, compliance, and monitoring, and helps contain a breach before it reaches critical systems. The challenge is finding the right granularity, neither too coarse to be effective nor so fine that administration becomes unmanageable.
What is endpoint detection and response and how does it differ from extended detection and response?
Endpoint detection and response continuously watches endpoints for suspicious behavior and responds automatically, collecting data, triggering alerts, and supporting forensic investigation. Extended detection and response stretches that visibility across endpoints, cloud, email, and networks together, correlating alerts from multiple sources so security teams can focus on what truly matters. Both tools address the reality that laptops, phones, printers, and smart devices are favorite entry points for attackers.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Network & Endpoint Security.