Testout 5.4-5.7
In addition to Authentication Header (AH), IPSec is comprised of what other service?
ESP
Which IPSec subprotocol provides data encryption?
ESP
which of the following is likely to be located in a DMZ
FTP Server
which of the following is a firewall function
Packet filtering
PPTP is quickly becoming obsolete because of what VPN protocol?
L2TP
Which VPN protocol typically employs IPSec as its data encryption mechanism?
L2TP
which of the following network devices or services prevents the use of IPsec in most cases
NAT
in which of the following situations would you most likely implement a dmz
you want to protect a public web server from attack
A salesperson in your organization spent most of her time traveling between customers sites. After a customer visit, she must complete various managerial tasks, such as updating your organizations order database. Because she rarely... many of the things... Which key step should you take when implementing this configurations? select two
- configure the vpn connection to use IPsec - configure the browser to send HTTPS requests through the VPN connection
which of the following are characteristics of a packet filtering firewall
- filters ip address and port - stateless
which of the following are characteristics of a circuit-level gateway?
- stateful - filters based on sessions
which of the following are true of a circuit proxy filter firewall?
- verifies sequencing of session packets - operates at the session layer
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers?
-put the web server inside the DMZ - put the database server on the private network
which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?
169.254.0.0-169.254.255.255
which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?
DMZ
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
which is the best countermeasure for someone attempting to view your network traffic?
VPN
A group of salesmen would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator
which of the following describes how access lists can be used to improve network security?
an access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
application level
which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
bastion/sacrificial host
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
circuit-level
When designing a firewall, what is the recommended approach for opening and closing ports?
close all ports; open only ports required by applications inside the DMZ
You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?
dynamic
which of the following is the best device to deploy/protect your private network from a public untrusted network
firewall
you have been given a laptop to use for work. you connect the laptop to your company network, use it from home, and use it while traveling. you want to protect the laptop from internet-based attacks. which solution should you use?
host based firewall
which of the following is not a benefit of NAT
improving the throughput rate of traffic
you would like to control internet access based on users, time of day, and websites visited. how can you do this?
install a proxy server. allow internet access through the proxy server.
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?
network based firewall
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
network based firewall
You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
static
you want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. what should you use to allow access?
static NAT
VPN
support secured communications over an untrusted network
tunneling
supporting private traffic through a public communication medium
which statement best describes IPSec when used in tunnel mode?
the entire data packet, including headers, is encapsulated
features of an application level gateway
the entire messages are reassembled stops each packet at the firewall and inspects it