NetSec Final Quiz Questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

Isabelle is a network engineer deploying an IT infrastructure in one of her company's new branch offices. Currently, she is designing a local subnetwork that contains and exposes the office's external services to a larger, untrusted network, specifically the Internet. What is this called? a) Demilitarized zone (DMZ) b) Extranet c) Intranet d) Virtual private network (VPN)

a) Demilitarized zone (DMZ)

Which of the following is a virtual private network (VPN) encryption encapsulation method best suited for linking individual computers together, even though it does not encrypt the original IP header? a) Cryptography b) Ciphertext c) Transport d) Tunnel

c:) transport

Which of the following is a component of a good VPN policy? Scope Acronym Purpose All of the above

All of the above

All firewalls, including those using static packet filtering, stateful inspection, and application proxy, have one thing in common. What is it? a) Default permit b) Default reject c) Rules d) Transport Layer Security (TLS)

C:) Rules

A bypass architecture deploys the VPN so that traffic to the VPN and from the VPN to the internal network is always firewalled. True False

False

The source address and the port address of inbound firewall rules are often set to Deny, unless the rule is to apply to specific systems or ports. True False

True

Torri is a network technician. She needs to configure the edge firewalls for her company's IT infrastructure. Her supervisor has told her she must find a configuration method that assumes all network traffic is safe and, as malicious traffic is identified, it is added to a list of exceptions. Which of the following configuration methods does Torri select? a) Allow by default/deny by exception b) Allow by default/allow by exception c) Deny by default/allow by exception d) Deny by default/deny by exception

a) Allow by default/deny by exception

Which of the following virtual private network (VPN) solutions typically accepts a wider variety of client operating system types? a) Cloud-based VPN b) Hardware VPN c) Software VPN d) Traditional VPN

a) Cloud-based VPN

Bill's work-issued Windows laptop has been configured so he can remotely connect to his office from home without having to initiate a virtual private network (VPN) connection. What technology is he using? a) DirectAccess b) IETF c) RD RemoteApp d) RD Web Access

a) DirectAccess

Alice is a network engineer who has been tasked with researching a virtual private network (VPN) tunneling protocol to be used by her company. It must be able to pass traffic through a network address translation (NAT) server and be compatible with a number of well-known proprietary and open source platforms. What solution does she select? a) Internet Key Exchange v2 (IKEv2) b) Layer 2 Tunneling Protocol (L2TP) c) Transport Layer Security (TLS) d) Point-to-Point Tunneling Protocol (PPTP)

a) Internet Key Exchange v2 (IKEv2)

Alphonse is a networking contractor who has been hired by a small to medium-sized company to configure its firewall. The firewall comes preconfigured with a common rule set that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution? a) Allow access to HTTP, HTTPS, and SQL and Java, but deny access to TCP and UDP b) Allow access to HTTPS, SQL, and Java, but deny access to HTTP c) Deny access to HTTP, HTTPS, SQL, and Java, but allow access to TCP and UDP d) Allow access to SMTP, POP3, and HTTP, but deny access to HTTPS, SQL, and Java

b) Allow access to HTTPS, SQL, and Java, but deny access to HTTP

Elissa is a network technician. She is configuring firewall rules for one of her company's branch offices, which supports online retail sales of the company's products. She is configuring rules to block traffic based on a traditional model but needs to allow a particular type of traffic. What should she allow? a) All Internet Control Message Protocol (ICMP) traffic coming from the Internet b) Any traffic specifically directed to the firewall c) All traffic from port 80 originating from the office's web server, which is in a protected subnet d) Inbound Transmission Control Protocol (TCP) traffic on port 53 to external Domain Name System (DNS) zone transfer requests

b) Any traffic specifically directed to the firewall

Chris is a network engineer deploying a virtual private network (VPN) solution. He needs an implementation of Secure Sockets Layer/Transport Layer Security (SSL/TLS) that adds a layer of authentication to the access. What feature does he require? a) Advanced Encryption Standard (AES) b) Bidirectional authentication c) Identity services d) One-way authentication

b) Bidirectional authentication

Hyon is a network consultant. She was hired by a client company to examine the effectiveness of its IT infrastructure. She discovers that the company's Internet-facing firewall is not capable of automatically handling and adjusting for random source ports when a session is being established to its web and gaming servers. How should she correct this? a) Allow all source ports above 1023 b) Create a custom rule to manage random source ports c) Deny all source ports above 1023 d) Enable port forwarding

b) Create a custom rule to manage random source ports

James is a network engineer. He has been assigned the responsibility of designing a virtual private network (VPN) solution that will allow customers, suppliers, and business partners access to network resources without exposing the secure private LAN. The parties accessing these resources must use digital certificates issues by a certification authority (CA). What form of VPN is he setting up? a) Demilitarized zone (DMZ) b) Extranet c) Intranet d) Wide area network (WAN)

b) Extranet

Maria is a new network engineer for a company that was established more than 30 years ago. She is examining the IT infrastructure and discovers that the virtual private network (VPN) solution employs an older encryption protocol for backward compatibility. This protocol has largely been replaced, but it used to be popular in early VPN solutions. What is this protocol? a) Layer 2 Forwarding (L2F) Protocol b) Layer 2 Tunneling Protocol (L2TP) c) Point-to-Point Protocol (PPP) d) Point-to-Point Tunneling Protocol (PPTP)

b) Layer 2 Tunneling Protocol (L2TP)

Jacob is a remote employee. He clicks the Start menu button in Windows and selects an application to run. Most of the time, he is unaware that he is really accessing the application on a server at his company's main office several miles away. What solution is he using? a) Hosted services b) RD RemoteApp c) RD Web Access d) SSL NAT Transversal

b) RD RemoteApp

Carl is a network technician who has been assigned to select a dedicated hardware device to act as the company's termination point for the secured virtual private network (VPN) tunnel. He chooses a device that allows the firewall to filter traffic that is exiting the VPN and moving into the local area network (LAN). It is the choice that is best suited for controlled access into the demilitarized zone (DMZ). What is the solution that he recommends? a) Corporate firewall b) Edge router c) Software VPN d) VPN appliance

b:) Edge Router

Diego is a network consultant. He is explaining the benefits of virtual private network (VPN) connections for remote clients to the owner of a company who wants to allow most staff to work remotely. He says that a VPN is both private and secure. What does he say is the rationale? a) Authentication provides privacy and security. b) Encryption provides privacy and security. c) Authentication provides privacy and encryption provides security. d) Encryption provides privacy and authentication provides security.

c) Authentication provides privacy and encryption provides security.

Oscar is deploying a virtual private network (VPN) solution for his company. The VPN needs to connect to remote servers by their Internet Protocol (IP) addresses rather than using network address translation (NAT). What type of VPN is Oscar deploying? a) Customer premise equipment (CPE) b) Hardware VPN c) Operating system (OS) d) Internet Protocol Security (IPSec)

c) Operating system (OS)

Which of the following is needed when determining what firewall traffic to allow and what to block? a) A complete inventory of all needed or desired network communications b) A complete inventory of all unneeded and unwanted network communications c) A list of available port numbers and protocols d) Which type of traffic to deny only inside the network and which type to deny to enter the network from the Internet

c:) A list of available port numbers and protocols

Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose? a) Channeled VPN b) Hybrid VPN c) Secured VPN d) Trusted VPN

c:) Secured VPN

Which of the following can perform authentication to provide integrity protection, although not for the outermost IP header? a) Layer 2 Forwarding (L2F) b) Internet Key Exchange (IKE) c) Authentication Header (AH) d) Encapsulating Security Payload (ESP)

d) Encapsulating Security Payload (ESP)

Various virtual private network (VPN) encryption technologies offer access to almost any network application or resource. Which one offers additional features, such as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized web portals upon login? a) DirectAccess b) Internet Information Services (IIS) c) Internet Protocol Security (IPSec) d) Secure Sockets Layer/Transport Layer Security (SSL/TLS)

d) Secure Sockets Layer/Transport Layer Security (SSL/TLS)

What is a virtual private network (VPN) protocol that requires public key infrastructure (PKI) support to obtain and use a certificate? a) Internet Key Exchange v2 (IKEv2) b) Layer 2 Tunneling Protocol (L2TP) c) Point-to-Point Tunneling Protocol (PPTP) d) Secure Sockets Layer/Transport Layer Security (SSL/TLS)

d) Secure Sockets Layer/Transport Layer Security (SSL/TLS)

Shoshana is a network technician for a mid-sized organization. She is configuring firewall rules. She is in a firewall's graphical interface and sets a rule as TCP, 192.168.42.0/24, ANY, ANY, 443, Allow. In what order is this rule organizing protocols, source addresses, source and target ports, and actions? a) Protocol, source address, source port, target address, target port, action b) Action, target port, target address, source port, source address, protocol c) Source port, source address, protocol, target port, target address, action d) Target port, source address, source port, target address, protocol, action

d) Target port, source address, source port, target address, protocol, action

Arturo is a new network technician. He wants to use Remote Desktop Protocol (RDP) to connect to a server from his computer. The server is on the other side of the building. His computer is running Windows 10. Will he be able to make the connection? a) Yes, because the RDP protocol works only on Windows. b) No, because the RDP protocol works only on Linux. c) No, because the RDP protocol works only on Mac OSX. d) Yes, because the RDP protocol has clients that work on most common operating systems.

d:)Yes, because the RDP protocol has clients that work on most common operating systems.

In a gateway-to-gateway virtual private network (VPN), the mobile user takes specific actions to connect to the VPN. True False

false

A customer premise equipment (CPE)-based virtual private network (VPN) is a VPN appliance. True False

true


Conjuntos de estudio relacionados

Las estaciones y los meses del ano

View Set

Metacognition and Learning Strategies

View Set

Medical Assisting - Chapter 54 Administering Medications Exam

View Set

FIN 300 Ch. 12 & 13 Practice (Exam 3)

View Set