6.2.13 Firewall Design and Implementation
Which of the following are true about routed firewalls? (Select two) - Internal and External Interfaces connect to the same network segment? - Operates at layer 2 - Counts as a router hop - Supports multiple interfaces - Easily introduced to an existing network
- Counts as a router hop - Supports Multiple Interfaces
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? - An IDS - A network-Based firewall - An IPS - A Host-Based Firewall
A Network-Based Firewall
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? - Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface. - Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface. - Add a permit statement to the bottom of the access list. - Use the out parameter instead of the in parameter within each ACL rule.
Add a permit statement to the bottom of the access list.
Which of the following are characteristics of a stateless firewall? (Select two.) - Allows or denies traffic by examining information in IP packet headers - Should be placed as close to the destination as possible - Identify traffic based on the destination address - controls traffic using access control lists, or ACLs. - Allows or denies traffic based on virtual circuits of sessions
Allows or denies traffic by examining information in IP packet headers controls traffic using access control lists, or ACLs.
Which of the following describes how access control lists can improve network security? - An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. - An access control list filters traffic based on the frame header, such as source or destination MAC address. - An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. - An access control list identifies traffic that must use authentication or encryption.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following BEST describes a stateful inspection? - Designed to sit between a host and a web server and communicate with the server on behalf of the host. - Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. - Allows all internal traffic to share a single public IP address when connecting to an outside entity. - Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which of the following is a firewall function? - Packet Filtering - Frame Filtering - Encrypting - FTP Hosting
Packet Filtering
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select Two) - Put the database server outside the screened subnet. - Put the database server on the private network. - Put the database server inside the screened subnet. - Put the web server on the private network. - Put the web server inside the screened subnet.
Put the database server on the private network. Put the web server inside the screened subnet.
Which of the following combiones several layers of security services and network functions into one piece of hardware? - Intrusion Detection System (IDS) - Unified Threat Mangement (UTM) - Firewall - Circuit-Level Gateway
Unifed Threat Management (UTM)
Which of the following are specific to extended Access Contol lists? (Select Two) - Identify traffic based on the destination address - Use the number ranges 100-199 and 2000-2699 - Should be place as close to the destination as possible - Are the most used type of ACL - Are used by route maps and VPN Filters
Use the Number ranges 100-199 and 2000-2699 Are the Most used type of acl