Review Questions - Module 11 - Security in Network Design
Which of the following criteria can a packet-filtering firewall NOT use to determine whether to accept or deny traffic?
Application data
Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?
Separation of duties
What information in a transmitted message might an IDS use to identify network threats?
Signature
Which of the following is not one of the AAA services provided by RADIUS and TACACS+?
administration
What is the purpose of an ACL when configuring CoPP?
ACLs can be used instead of non-IP classes to drop non-IP traffic, and the default non-IP CoPP class can be used to limit to non-IP traffic that reaches the RP CPU. It identifies relevent traffic for the CoPP policies
What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?
ARP performs no authentication
Which device would allow an attacker to make network clients use an illegitimate default gateway?
DHCP server
What are the two primary features that give proxy servers an advantage over NAT?
Filter content and file caching Content filtering and improved performance, reverse proxy.
What's the essential difference between an IPS and an IDS?
IDS (intrusion detection system) creates alerts when suspicious activity happens. IPS (intrusion Prevention system) prevents traffic from reaching the network.
Which policy ensures messages are discarded when they don't match a specific firewall rule?
Implicit deny
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP
At what layer of the OSI model do proxy servers operate?
Layer 7
What causes most firewall failures?
Not being configured correctly
What kind of ticket is held by Kerberos's TGS?
TGT (Ticket-Granting Ticket)
Who is responsible for the security of hardware on which a public cloud runs?
The cloud provider
Why would you need separate RA guard policies for network hosts and routers attached to a switch?
To ensure that RA messages are coming from a trusted router
Why do network administrators create domain groups to manage user security privileges?
To simplify the process of granting rights to users
What kinds of issues might indicate a misconfigured ACL?
Wrong people being able to log in.
Which of the following ACL commands would permit web-browsing traffic from any Ip address to any Ip address?
access-list acl_2 permit icmp any any
Any traffic that is not explicitly permitted in the ACL is __________, which is called the __________
dropped, implicit deny