Start with network attacks (Topic 3.1)Read the Topic 3.1 guide and map each attack (ARP poisoning, MAC flooding, DNS poisoning, DoS) to its mechanism and CIA triad impact. Use the key terms for ARP, MAC address, and DoS attack to lock in the vocabulary before moving to defenses.
Review managerial controls and wireless settings (Topic 3.2)Go through the Topic 3.2 guide and list the specific requirements in each policy type (router, switch, VPN). Then focus on wireless: write out why each WAP setting (beacon frames, signal strength, WPA3, MAC filtering) addresses a specific attack from Topic 3.1.
Work through segmentation concepts (Topic 3.3)Use the Topic 3.3 guide to sketch a network diagram with a screened subnet, an internal subnet, and a VLAN. Label where each segmentation method applies and what attack it limits. Practice explaining why port security prevents MAC flooding.
Practice firewall ACL rules (Topic 3.4)Read the Topic 3.4 guide, then write five ACL rules using the format from the essential knowledge examples (direction, filter criteria, action). Swap the order of two rules and explain how the outcome changes. Use the practice questions available for this topic to test your rule-reading skill.
Compare detection methods and analyze log indicators (Topic 3.5)Use the Topic 3.5 guide to build a comparison of signature-based, anomaly-based, and hybrid detection across speed, cost, and false positive rate. Then review the log indicators for ARP poisoning, MAC flooding, and evil-twin attacks so you can identify them from a description of network log data.