5.2 Quiz

How many network interfaces does a dual-homed gateway typically have?

3 A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to the public subnet, and one connected to the private network.

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

Bastion or sacrificial host

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?

DMZ A DMZ, or demilitarized zone, is a network placed between a private secured network and the untrusted internet to grant external users access to internally controlled services. The DMZ serves as a buffer network.

Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?

Only the servers in the DMZ are compromised, but the LAN will stay protected.

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) Correct Answer:

- Put the database server on the private network. - Put the web server inside the DMZ.

What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?

Packet filters Packet filters on the firewall allow traffic directed to the public resources inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network.

Which of the following is another name for a firewall that performs router functions?

Screening router A firewall performing router functions is considered a screening router. A screening router is the router that is most external to your network and closest to the internet. It uses access control lists (ACLs) to filter packets as a form of security.

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

Which of the following is the BEST solution to allow access to private resources from the internet?

VPN A VPN provides a secure outside connection to an internal network's resources. A VPN server can be placed inside the DMZ. Internet users can be required to authenticate to the VPN server and then allowed communications from the VPN server to the private network. Only communications coming through the VPN server are allowed through the inner firewall.

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

You want to protect a public web server from attack.