Ch. 12 - 13 Compliance Within the WAN / Remote Access Domain

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Platform as a Service (PaaS)

ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.)

5. Which types of WAN generally has the highest speed and is the most secure? A. Dedicated line B. Circuit switching C. Packet switching D. MPLS network

A. Dedicated line

7. Which of the following protocols is used for encrypted traffic? A. HTTPS B. SNMP C. IP D. L2TP

A. HTTPS

7. Which WAN technology is a cost-effective solution for connecting multiple locations? A. MPLS B. ISBDN C. MAN D. L2TP

A. MPLS

2. One of the most important concerns when sending data across a WAN is confidentiality. A. True B. False

A. True

5. Given adequate security controls, PDAs are appropriate for use as remote access devices. A. True B. False

A. True

The WAN Domain commonly contains a DMZ. A. True B. Fales

A. True

10. Which of the following transmission techniques requires the entire bandwidth of a channel? A. Multiband B. Baseband C. Broadband D. duplex

B. Baseband

3. Which of the following is the primary type of control employed in the WAN Domain? A. Firewalls B. Encryption C. Hashing D. Compression

B. Encryption

1. The primary concern for remote access is availability. A. True B. False

B. False

10. WAN subscription cost tends to decrease as availability increases. A. True B. False

B. False

4. All VPN traffic is encrypted . A. True B. False

B. False

9. Which of the following protocols works as well with firewalls? A. GRE B. SSTP C. L2TP D. L2F

B. SSTP

14. Which of the following controls would best protect sensitive data disclosure to unauthorized users using remote computers? A. Encryption B. Strong passwords C. Firewalls D. Configuration management tools

B. Strong passwords

15. Which protocol does SNMP use to transport messages? A. TCP B. UDP C. TLS D. GRE

B. UDP

8. Most WAN protocols operate at which level in the OSI reference model? A. 7 B. 3 C. 2 D. 1

C 2

2. Which entity is responsible for controlling access to network traffic in the WAN? A. WAN optimizer B. Your organization C. WAN service provider D. Network management platform

C. WAN service provider

4. Who writes SLAs? A. Subscribing organization B. Telecom company C. WAN service provider D. SOC

C. WAN service provider

12. Which of the following is an internal control report for the services provided by a service provider? A. SLA B. WAN C. SOC D. MPLS

C. SOC

Software as a Service (SaaS)

Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com

What 5 essential characteristics does a cloud have?

On-demand self-service - consumer can customize computing capabilities Broad network access - capabilities available over the network (internet) Resource pooling - optimal distribution of computing load and sharing of computing resources Rapid elasticity - Can scale to need on the fly, instantly procure more computing power Measured Service - system controls and optimizes use of resources and measures usage

What are the deployment models?

Private Cloud - Community Cloud - Public Cloud - Hybrid Cloud -

How do you Implement WAN traffic monitoring and analysis software?

Installing software or devices on the perimeter of the WAN where you connect to it; or • Relying on you WAN service provider to supply traffic flow data

What are the different components in the Remote Access Domain?

Remote users Remote workstations or laptops Remote access controls and tools Authentication servers RADIUS TACACS+ VPNs and encryption Internet service provider (ISP) WAN connections Broadband Internet service provider WAN connections

6. The _____ contains the guaranteed availability for your WAN connection.

SLA

Ensure the ______ for each WAN service provider meets or exceeds the required uptime goals for each WAN

SLA

11. _______ is a network protocol used to monitor network devices.

SNMP

Primary security concern for remote access is ________.

data privacy

8 __________ is a technique that creates a virtual encrypted channel that allows applications to use any protocol to communicate with servers and services without having to worry about addressing privacy concerns.

Tunneling

13. A ______ makes it easy to establish what appears to be a dedicated connection over a WAN.

VPN

Configuration and change management for remote access domain will oversee ..?

VPN client software, authentication servers, VPN servers, remote access servers, and network management system servers

When monitoring the VPN what areas should be monitored?

VPN connection creation, remote access connection, and remote computer logon

9. A _______ can exclude unnecessary traffic from the WAN.

WAN optimizer

What are the different devices, components, and access controls in a WAN domain?

WAN service provider Dedicated lines/circuits MPLS/VPN WAN or Metro Ethernet WAN Layer 2/Layer 3 Switches

What are the key controls for the Remote Access Domain?

application data, application connection, and system connection encryption

Private Cloud -

cloud infrastructure is operated solely for an organization

Community Cloud -

cloud infrastructure is shared by several organizations with a shared purpose

Hybrid Cloud

combination of two or more clouds (private, community, or public) that remain unique entities but share technology and resources

Infrastructure as a Service (IaaS)

consumer has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Also Amazon and Azure ...

Use ___________ techniques on the multiple WAN connections to utilize the bandwidth of both connections.

load-balancing

WAN Recovery and Restoration SLAs should include ...?

Most include provisions for recovering from major interruptions due to hardware or carrier failure Should contain a commitment for the maximum amount of time it should take to restore organization's WAN service after a failure Time to recover (TTR), or time to repair, commitment states the acceptable amount of time allowed to repair or replace failed components

In order to Maximize WAN Domain C-I-A, one should require ...?

Requiring WAN service availability SLAs Requiring WAN recovery and restoration SLAs Requiring WAN traffic encryption/VPNs

Remote Access Domain Configuration Validation should validate ..?

-VPN client definition and access controls • TLS/VPN remote access via a Web browser • VPN configuration management

How are backups and redundant connections used within WAN domain?

-either multiple connections to the same WAN or multiple connections using different WANs -Install backup or redundant connection devices in the WAN Domain to ensure connection hardware failure does not result in a failure to connect to your WAN.

Public Cloud -

cloud infrastructure is made available to general public or large industry group

A best practice is to verify that WAN service provider has a SOC report, which signifies..?

that a service organization has had its control objectives and activities examined by an independent auditing firm per Requirements of Section 404 of the Sarbanes- Oxley Act

What stpes should be followed when monitoring VPN traffic?

1. monitor data for modification in transit. 2. verify secure data transmission. 3. Use a proxy filter 4. Log and review data

What are the main areas of concern in regards to Remote Access Domain security compliance?

Client-side configuration • Server-side configuration • Configuration-management verification

6. Which of the following terms means the process to decide what a user can do? A. Identification B. Authentication C. Clearance D. Authorization

D. Authorization

14. Which of the following describes a common LAN protocol deployed to a network size of a city? A. IPSec MAN B. Urban Ethernet C. TCP MAN D. Metro Ethernet

D. Metro Ethernet

13. Which protocol is commonly used to protect data sent to web browsers when not using VPNs? A. IPSec B. PPTP C. GRE D. TLS

D. TLS

3. _______ is the primary security control used in the Remote Access Domain.

Encryption

11. By definition, VPN traffic is encrypted. True False

False

What are the service models?

Software as a Service (SaaS) - Use software that runs in the "Cloud" - email, Microsoft 360, Saleforce.com Platform as a Service (PaaS) - ready-made computing resources, user controls applications (Amazon Web Services, MS Azure etc.) Infrastructure as a Service (IaaS)- consumer has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Also Amazon and Azure ...

"Private" part of VPN refers to private addressing and not data privacy. T/F

True

12. The us of global user accounts can simplify user maintenance. True False

True

Organizations should Install at least one firewall between your VPN endpoint and your internal network. T/F

True


Ensembles d'études connexes

Ch. 19 Smartbook--The Gram + Bacilli of Medical Importance

View Set

BIOL 1322 Nutrition & Diet Therapy Chapter 7 Smart Book

View Set

Med-Surg Sp2017 ARDS & Mechanical Ventilation

View Set