5.4.6 PQ
Which of the following describes how access control lists can be used to improve network security? -An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. -An access control list identifies traffic that must use authentication or encryption. -An access control list filters traffic based on the frame header, such as source or destination MAC address. -An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Explanation: An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Access control lists are configured on routers, and they operate on Layer 3 information. Port security is configured on switches, which filter traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected.
When designing a firewall, what is the recommended approach for opening and closing ports? -Close all ports; open ports 20, 21, 53, 80, and 443. -Open all ports; close ports that expose common network attacks. -Close all ports; open only ports required by applications inside the network. -Open all ports; close ports that show improper traffic or attacks in progress. -Close all ports.
Close all ports; open only ports required by applications inside the network. Explanation: When designing a firewall, the recommended practice is to close all ports and then only open those ports that allow the traffic that you want to allow inside the firewall or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are opened, but the exact ports you open depends on the services provided inside the firewall.
A network security administrator's responsibilities include enhancing the enterprise's network infrastructure security posture. They deploy a Next Generation Firewall (NGFW) as part of their defense strategy. The enterprise mixes internal and external services, including a web application and a virtual private network (VPN) for remote access. Which of the following should the administrator primarily consider when implementing the NGFW to ensure effective security without disrupting normal operations? -Use the NGFW as a load balancer, distributing network traffic across multiple servers. -Set the NGFW to operate in a fail-open mode, ensuring continuous network service even if the firewall fails. -Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity. -Position the NGFW as a jump server to manage secure access for all network services.
Deploy the NGFW in inline mode, ensuring it analyzes all traffic while maintaining connectivity. Explanation: Deploying an NGFW in inline mode enables it to examine all traffic passing through it, identify and mitigate threats, and maintain connectivity without disrupting normal network operations. An NGFW's primary role is deep packet inspection and threat prevention, not secure access as a jump server. Although fail-open mode prevents network service interruption if the firewall fails, it may compromise NGFW's primary goal of advanced threat prevention. A main NGFW function includes advanced threat prevention and deep packet inspection, not load balancing, a technique used to distribute workloads across multiple servers.
Which of the following BEST describes a stateful inspection? -Allows all internal traffic to share a single public IP address when connecting to an outside entity. -Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. -Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. -Designed to sit between a host and a web server and communicate with the server on behalf of the host.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. Explanation: Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated. The stateful firewall maintains a state table that tracks the ongoing record of active connections.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? -Proxy server -Network-based firewall -VPN concentrator -Host-based firewall
Host-based firewall Explanation: A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the internet from a public location.
The security team in a financial organization identified a zero-day vulnerability attack that enables cross-site scripting (XSS) attacks on its internal web portal. The chief information security officer (CISO) instructs the team to take immediate action. Which action MOST effectively minimizes the threat from the zero-day vulnerability and the potential XSS attacks? -Upgrade the hardware of the server. -Encourage staff to change their passwords. -Implement a web application firewall (WAF). -Restrict the number of login attempts.
Implement a web application firewall (WAF). Explanation: Implementing a WAF directly addresses the zero-day vulnerability and XSS attacks by inspecting incoming traffic and blocking suspicious requests. Upgrading the server hardware might improve overall system performance but does not address software vulnerabilities like XSS. Encouraging staff to change passwords is generally a good practice in maintaining security, but it does not directly help in preventing XSS attacks. XSS attacks exploit vulnerabilities in web applications to inject malicious scripts, which execute in the context of the victim's session. Restricting login attempts is a common method used to mitigate brute-force attacks, where an attacker tries multiple combinations to guess a password and does not prevent XSS attacks.
A cyber team implements new hardening techniques after a data loss prevention (DLP) audit revealed increased data exfiltration. What is a tenet of host-based firewalls? -It uses signature-based detection and anomaly detection. -It requires deploying and configuring specialized software agents. Correct Answer: -It provides controls for incoming and outgoing network traffic. -Incorrect answer: -It describes software tools that monitor and protect individual hosts.
It provides controls for incoming and outgoing network traffic. Explanation: Host-based firewalls provide controls for incoming and outgoing network traffic and are essential for detecting potential attacks. An important technique for using them when hardening endpoints involves implementing default-deny policies to block all traffic unless explicitly allowed.
Which of the following are features of an application-level gateway? (Select two.) -Verifies that packets are properly sequenced -Reassembles entire messages -Uses access control lists -Stops each packet at the firewall for inspection -Allows only valid packets within approved sessions
Reassembles entire messages Stops each packet at the firewall for inspection Explanation: Application-level gateways: Operate up to OSL Layer 7 (Application layer) Stop each packet at the firewall for inspection (no IP forwarding) Inspect encrypted packets, such as an SSL inspection Examine the entire content that is sent (not just individual packets) Understand or interface with the application-layer protocol Can filter based on user, group, and data (such as URLs within an HTTP request) Is the slowest form of firewall protection because entire messages are reassembled at the Application layer Allowing only valid packets within approved sessions and verifying that packets are properly sequenced are features of a stateful firewall. Using access control lists is a feature of a packet-filtering firewall.
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select three.) -Checksum -Sequence number -Acknowledgement number -Source address of a packet -Destination address of a packet -Digital signature -Port number
Source address of a packet Destination address of a packet Port number Explanation: A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. Sequence number, acknowledgement number, digital signature, and checksum are information that a packet-filtering firewall does not check by default to make decisions about allowing network traffic through the firewall.
Which of the following are characteristics of a basic packet-filtering firewall? (Select two.) -Filters based on URL -Stateless -Stateful -Filters IP address and port -Filters based on sessions
Stateless Filters IP address and port Explanation: A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet-filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session. A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session.
