Chapter 8 Checkpoint
The network-security toolkit, all together. This mixed quiz pulls from every lesson. Passing means you can reason about controlling traffic to contain attackers — limiting lateral movement, filtering at each layer, defending availability, and replacing location-based trust with verification.
The quiz samples from a larger bank each attempt. The chapter's through-line: trust nothing by location. Segment to contain, filter at the right layer, defend availability with scale, control outbound as well as inbound, and verify every connection. If a question stings, follow its revisit link.
What you should be able to do now
- Segment (lesson) to contain lateral movement and shrink blast radius.
- Apply firewalls and WAFs at the right layers — and know a WAF is a layer, not a fix.
- Defend availability against DDoS with absorption, scrubbing, and resilient design.
- Secure remote access (VPNs → ZTNA) without over-trusting "on the network."
- Control outbound with egress filtering to stop C2 and exfiltration.
- Unify it all under zero trust — never trust by location, verify everything.
The checkpoint
Chapter 8: Network Security
Pass to unlock the Next button belowChapter 8 complete
You can now reason about the network as a place to contain attackers, not just keep them out: segment to limit lateral movement, filter at the right layer (knowing a WAF is a layer, not a fix), defend availability with scale, secure access by identity not location, control outbound to strand a breach, and unify it all under zero trust. The single idea: trust nothing by where it comes from.
→ On to Chapter 9: Cloud & Identity Security — where zero trust is enforced in practice and identity becomes the central control plane of modern security.