Understanding Network Security
Which type of firewall filters packets based on IP address and ports? a) packet-filtering b) circuit-filtering c) application-level d) stateful
Answer: a Difficulty: Easy Section Reference: Looking at Packet Filtering Explanation: When you configure a packet-filtering firewall rule, you generally use one or more of the following TCP/IP attributes: • Source IP addresses • Destination IP addresses • IP protocol (telnet, ftp, http, https, etc.) • Source TCP and UDP ports (e.g., the http protocol runs on TCP port 80) • Destination TCP and UDP ports • The inbound firewall network interface • The outbound firewall network interface
Which type of server can be used to trap a hacker? a) honeypot b) NAT c) IPS d) IDS
Answer: a Difficulty: Medium Section Reference: Looking at Honeypots Explanation: Honeypots, honey nets, and padded cells are complementary technologies to IDS/IPS deployments. A honeypot is designed to distract hackers from real targets, detect new vulnerabilities and exploits, and learn about the identity of attackers.
Which of the following servers should not be placed on the DMZ? a) internet web server b) email relay servers c) email mailbox servers d) proxy servers
Answer: c Difficulty: Medium Section Reference: Looking at DMZs Explanation: In computer networking, a DMZ is a firewall configuration used to secure hosts on a network segment. You should place internet web servers, email relay servers, and reverse proxy servers on a DMZ. SQL servers and email mailbox servers should be on the internal networks.
Which type of routing protocol sends the entire routing table to its neighbors? a) distance vector b) link state c) scalable driven d) infinity
Answer: a Difficulty: Easy Section Reference: Looking at Routing Protocols Explanation: Distance vector-based routing protocols require that each router inform its neighbors of its routing table. This is done by sending the entire routing table when the router boots and then retransmitting it at scheduled intervals. Each router takes the updates from its neighboring routers and then updates its own routing table based on this information. RIP is one example of a distance vector-based routing protocol that is supported by Windows Server 2008.
Which seven-layer model is often used to describe networking technologies and services? a) OSI b) TCP/IP c) IPX/SPX d) DIX
Answer: a Difficulty: Easy Section Reference: Understanding the OSI Model Explanation: The OSI model is a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as model for a protocol, the OSI model is nonetheless the standard for discussing how networking works.
Which type of device isolates a network by filtering the packets that can enter it? a) firewall b) bridge c) gateway d) switch
Answer: a Difficulty: Easy Section Reference: Using Dedicated Firewalls to Protect a Network Explanation: A firewall is a system designed to protect a computer or computer network from network-based attacks. A firewall does this by filtering the data packets traversing the network.
Which IPsec protocol provides integrity protection for packet headers, data, and user authentication but does not encrypt the data load? a) AH b) ESP c) IKE d) LDAP
Answer: a Difficulty: Hard Section Reference: Understanding Internet Protocol Security (IPsec) Explanation: Authentication Header (AH) provides integrity protection for packet headers, data, and user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets. For AH to work with NAT, the IP protocol number 51 needs to be allowed across the firewall.
Which special area serves as a buffer area between the internet and the internal network and can be used to hold web servers that are accessed from the internet? a) DMZ b) NAT c) VLAN d) PLC
Answer: a Difficulty: Medium Section Reference: Looking at DMZs Explanation: In computer networking, a demilitarized zone (DMZ) is a firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network such as the internet. Another common configuration is to have the firewall connected to an extranet that has connections to customers, vendors, or business partners. DMZs are designed to provide access to systems without jeopardizing the internal network.
You administer several internet web servers that need to communicate with a SQL server. Where should the SQL server be placed? a) internal network b) DMZ c) internet d) isolated VLAN
Answer: a Difficulty: Medium Section Reference: Looking at DMZs Explanation: Web servers are the most common servers found in DMZ networks. Accessed via HTTP over port 80 or HTTPS over port 443 for secure access, web servers are commonly internet-accessible. However, because the SQL server needs more security, it needs to be placed in the internal network.
Which OSI layer is used by switches and bridges? a) 1 b) 2 c) 3 d) 4
Answer: b Difficulty: Easy Section Reference: Data Link Layer (Layer 2) Explanation: The Data Link layer (Layer 2) connects the data layer to the physical layer so that data can be transmitted across the network. The Data Link layer handles error detection, error correction, and hardware addressing (that is, the address of a network interface card). Switches and bridges are devices that work with the destination MAC addresses to determine where to forward a packet.
How many firewalls should be used to create a sandwich DMZ? a) 1 b) 2 c) 3 d) 4
Answer: b Difficulty: Medium Section Reference: Looking at DMZs Explanation: A sandwich DMZ model uses both an outer firewall and an inner firewall. The outer firewall secures the DMZ network segment from the external (insecure) network. Servers that are meant to be accessed from the external network (such as the internet) have the appropriate rules configured to permit secure access.
Which type of system detects unauthorized intruders and then takes action to stop them from proceeding? a) IDS b) IPS c) VLAN d) NAT
Answer: b Difficulty: Medium Section Reference: Looking at Intrusion Detection and Intrusion Prevention Systems Explanation: An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring.
Which technology allows a user at home to connect to the corporate network? a) NAT b) VPN c) DMZ d) PLC
Answer: b Difficulty: Medium Section Reference: Understanding Virtual Private Networks (VPNs) Explanation: VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create secure connections across public networks such as the internet. VPNs are commonly used by remote employees for access to the internal network, to create secure network-to-network connections for branch offices or business partner connections, or even to create secure host-to-host connections for additional security and isolation on an internal network. VPNs utilize encryption and authentication to provide confidentiality, integrity, and privacy protection for data.
Which type of device looks at a packet and forwards it based on its destination IP address? a) bridge b) switch c) router d) VLAN
Answer: c Difficulty: Easy Section Reference: Examining how Routing Works Explanation: When a router receives a packet that must be forwarded to a destination host, the router has to determine whether it can deliver the packet directly to the destination host, or whether it needs to forward the packet to another router. To make this determination, the router examines the destination network address.
Which port is used by LDAP? a) 25 b) 443 c) 389 d) 3389
Answer: c Difficulty: Hard Section Reference: Looking at Packet Filtering Explanation: Lightweight Direct Access Protocol (LDAP) is a common directory service used to locate and access resources on a network. Users TCP port 389.
Which type of firewall is also known as a proxy server? a) packet-filtering b) circuit-filtering c) application-level d) stateful
Answer: c Difficulty: Medium Section Reference: Looking at Application-Level Firewalls Explanation: Application-level firewalls (also known as proxy servers) work by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, and then by enforcing correct application behavior. Application-level firewalls can block malicious activity, log user activity, provide content filtering, and even protect against spam and viruses. Microsoft Internet Security and Acceleration Server is an example of an application-level firewall.
Which port is used by SMTP? a) 21 b) 23 c) 25 d) 443
Answer: c Difficulty: Medium Section Reference: Looking at Packet Filtering Explanation: Simple Mail Transfer Protocol (SMTP) is used to relay and deliver email. It uses TCP port 25.
On which OSI layer do routers function? a) 1 b) 2 c) 3 d) 4
Answer: c Difficulty: Medium Section Reference: Network Layer (Layer 3) Explanation: The Network layer is primarily responsible for routing. This layer defines the mechanisms that allow data to be passed from one network to another. How the data is passed is defined by the routing protocols. As a result, a router is typically known as a Layer 3 device.
Which type of firewall looks at the previous conversations to determine if a packet should enter a network? a) packet-filtering b) circuit-filtering c) application-level d) stateful
Answer: d Difficulty: Hard Section Reference: Looking at Stateful Multilevel Firewalls Explanation: Stateful inspection takes packet filtering to the next level. In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet.
On which OSI layer do TCP and UDP function? a) 1 b) 2 c) 3 d) 4
Answer: d Difficulty: Medium Section Reference: Transport Layer (Layer 4) Explanation: The Transport layer does exactly what its name implies: It provides the mechanisms for carrying data across a network. This layer uses three main mechanisms to accomplish this task: segmentation, service addressing, and error checking. TCP and UDP are Layer 4 protocols.
Which type of DoS attack uses large ICMP packets to cause an overflow of the memory buffers allocated for packets? a) ICMP flood b) HTTP flood c) SYN flood d) ping of death
Answer: d Difficulty: Medium Section Reference: Understanding Denial-of-Service (DoS) Attacks Explanation: A ping of death attack sends multiple malformed or malicious pings to a computer. The IP package, including the header, is 65,535 bytes in length, and many computer systems were never designed to properly handle ping packets larger than this, because it violates the Internet Protocol. By sending IP fragments with oversized Fragment Offsets, attackers can cause the IP packets, which were split into smaller sizes for travel, to form packets larger than 65,535 bytes after reassembly at the receiver, overflowing the memory buffers. Thus, important memory areas are overwritten, causing denial-of-service for legitimate packets.
Which technology can be used to isolate a network of servers so that they cannot interact with other servers? a) bridge b) switch c) router d) VLAN
Answer: d Difficulty: Medium Section Reference: Understanding Virtual LANs Explanation: Accordingly, virtual LANs (VLANs) were developed as an alternate solution to deploying multiple routers. VLANs are logical network segments used to create separate broadcast domains, but they still allow the devices on the VLAN to communicate at Layer 2 without requiring a router. VLANs are created by switches, and traffic between VLANs is switched rather than routed, which creates a much faster network connection because a routing protocol isn't needed. Even though the hosts are logically separated, the traffic between them is switched directly as though they were on the same LAN segment.
