Skip to content

Domain 4 Communication and Network Security 13%

4.1 Apply secure design principles in network architectures

  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models Chapter 11

  • Internet Protocol (IP) version 4 and 6 (IPv6) (e.g., unicast, broadcast, multicast, anycast) Chapter 11, 12

  • Secure protocols (e.g., Internet Protocol Security (IPSec), Secure Shell (SSH), Secure Sockets Layer (SSL)/Transport Layer Security (TLS)) Chapter 11

  • Implications of multilayer protocols Chapter 11

  • Converged protocols (e.g., Internet Small Computer Systems Interface (iSCSI), Voice over Internet Protocol (VoIP), InfiniBand over Ethernet, Compute Express Link) Chapter 11

  • Transport architecture (e.g., topology, data/control/management plane, cut-through/store-and-forward) Chapter ???

  • Performance metrics (e.g., bandwidth, latency, jitter, throughput, signal-to-noise ratio) Chapter ???

  • Traffic flows (e.g., north-south, east-west) Chapter ???

  • Physical segmentation (e.g., in-band, out-of-band, air-gapped) Chapter ???

  • Logical segmentation (e.g., virtual local area networks (VLANs), virtual private networks (VPNs), virtual routing and forwarding, virtual domain) Chapter ???

  • Micro-segmentation (e.g., network overlays/encapsulation; distributed firewalls, routers, intrusion detection system (IDS)/intrusion prevention system (IPS), zero trust) Chapter ???

  • Edge networks (e.g., ingress/egress, peering) Chapter ???

  • Wireless networks (e.g., Bluetooth, Wi-Fi, Zigbee, satellite) Chapter 11

  • Cellular/mobile networks (e.g., 4G, 5G) Chapter 11

  • Content distribution networks (CDN) Chapter 11

  • Software defined networks (SDN), (e.g., application programming interface (API), Software-Defined Wide-Area Network, network functions virtualization) Chapter ???

  • Virtual Private Cloud (VPC) Chapter ???

  • Monitoring and management (e.g., network observability, traffic flow/shaping, capacity management, fault detection and handling) Chapter ???

4.2 Secure network components

Chapter 11

  • Operation of infrastructure (e.g., redundant power, warranty, support)

  • Transmission media (e.g., physical security of media, signal propagation quality)

  • Network Access Control (NAC) systems (e.g., physical, and virtual solutions)

  • Endpoint security (e.g., host-based)

4.3 Implement secure communication channels according to design

Chapter 12

  • Voice, video, and collaboration (e.g., conferencing, Zoom rooms)

  • Remote access (e.g., network administrative functions)

  • Data communications (e.g., backhaul networks, satellite)

  • Third-party connectivity (e.g., telecom providers, hardware support)