Chapter 10: Security in Network Design
What kind of firewall blocks traffic based on application data contained within the packets?
Content-filtering firewall
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP
EAPoL is primarily used with what kind of transmission?
Wireless LANs
Why is a BPDU filter needed at the demarc?
You can use a BPDU filter at the Demarc to keep the ISP's WAN topology from mixing with your network for the purpose of plotting STP paths.
Any traffic that is not explicitly permitted in the ACL is ---------, which is called the --------.
denied, implicit deny rule
What kinds of issues might indicate a misconfigured ACL?
problematic connections between two hosts, or between some applications or ports on two hosts after an ACL was configured on a switch or a router
Only one -------- exists on a network using STP.
root bridge
What feature of Windows Server allows for agentless authentication?
AD (Active Directory)
Which of the following is not one of the three AAA services provided by RADIUS and TACACS+?
Access control
What software might be installed on a device in order to authenticate it to the network?
Agent
What's the essential difference between an IPS and an IDS?
An IDS (intrusion detection system) monitors network traffic and generates alerts. An IPS (intrusion prevention system) stands in-line between the attacker and the targeted network or host, and can prevent traffic from reaching the network or host.
Which NGFW feature allows a network admin to restrict traffic generated by a specific game?
Application awareness
At what layer of the OSI model do proxy servers operate?
Layer 7
What causes most firewall failures?
Misconfiguration
What are the two primary features that give proxy servers an advantage over NAT?
Proxy servers can provide content filtering and can provide quicker response times when accessing external resources by storing files in a cache.
What kind of ticket is held by Kerberos's TGS?
Tickets that grant access to a network service once a client has been authenticated by the AS (authentication service)
Why do network administrators create domain groups to manage user security privileges?
To assign appropriate permissions for each group and to prevent access to network resources that are not needed.
Which of the following features is common to both an NGFW and traditional firewalls?
User authentication
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
access-list acl_2 permit icmp any any
Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?
switchport port-security