5.2 Demilitarized Zones

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails? - The LAN is compromised, but the DMZ stays protected. - Nothing will happen - all devices will stay protected. - All devices in the DMZ and LAN will be compromised. - Only the servers in the DMZ are compromised, but the LAN will stay protected.

Only the servers in the DMZ are compromised, but the LAN will stay protected.

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet? - DMZ - Padded cell - Intranet - Extranet

DMZ

A screened subnet uses two firewalls. What is the function of each firewall?

External firewall that is connected to the internet and allows access to public resources and a internal firewall that connects the screened subnet to the private network.

How is a gateway different from a router?

It acts as a gate among different networks. It allows other dissimilar networks to connect even though they are configured differently.

What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ? - Subnet - VPN - FTP - Packet filters

Packet filters

How is a honeypot used to increase network security?

It can buy you time when the hackers do audit searches and it allows you to see whoever is trying to connect to your ports.

What is the typical configuration for a DMZ configured as a dual-homed gateway?

It is connected to the internet, public subnet, and the private network.

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) - Put the database server on the private network. - Put the web server on the private network. - Put the database server inside the DMZ. - Put the web server inside the DMZ.

- Put the database server on the private network. - Put the web server inside the DMZ.

How many network interfaces does a dual-homed gateway typically have? - 3 - 1 - 4 - 2

3

Demilitarized zone (DMZ)

A buffer network (or subnet) that is located between a private network and an untrusted network, such as the internet.

Screened host gateway

A device residing within the DMZ that requires users to authenticate in order to access resources within the DMZ or the intranet.

Duel-homed gateway

A firewall device that typically has three network interfaces. One interface connects to the internet, one interface connects to the public subnet, and one interface connects to the private network.

Screened subnet

A subnet protected by two firewalls; an external firewall is connected to the internet and an internal firewall is connected to a private network.

What type of computer might exist inside a demilitarized zone (DMZ)?

A web server, FTP server, or email server (publicly accessible resources)

Bastion or sacrificial host

Any host that is exposed to attack and has been hardened or fortified against attack.

What makes bastion hosts vulnerable to attack? How can you harden bastion hosts?

Bastion hosts are not protected by a firewall device or are purposely exposed; they can be hardened by using lockdown facilities, using a personal firewall, patching your bastion host, using antivirus and anti-spyware, and separating bastion host roles by placing a single application on each server

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? - Circuit proxy - Multi-homed - Bastion or sacrificial host - Kernel proxy

Bastion or sacrificial host

Which of the following is another name for a firewall that performs router functions? - Screened subnet - Screening router - Screened-host gateway - Dual-homed gateway

Screening router

Screening router

The router that is most external to the network and closest to the internet.

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use? - Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. - Use firewalls to create a DMZ. Place the web server and the private network inside the DMZ. - Use a single firewall. Put the web server and the private network behind the firewall. - Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

Which of the following is the BEST solution to allow access to private resources from the internet? - Subnet - Packet filters - FTP - VPN

VPN

In which of the following situations would you most likely implement a demilitarized zone (DMZ)? - You want to detect and respond to attacks in real time. - You want to protect a public web server from attack. - You want internet users to see a single IP address when accessing your company network. - You want to encrypt data sent between two hosts using the internet.

You want to protect a public web server from attack.


Ensembles d'études connexes

Chapter 8 Study Guide ( American History)

View Set

Principles of Management: Chapter 10 (Wesson)

View Set

Chapter 6: Public Opinion (Inquizitive)

View Set