Security In Network Design
What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?
ARP doesn't perform any authentication
Which access control technique is responsible for detection of an intruder who succeeds in accessing a network?
Accounting
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP
At what layer of the OSI model do proxy servers operate?
Layer 7
Which device can be used to increase network performance by caching websites?
Proxy server
Which two features on a switch or router are integrated into CoPP?
QoS ACLs
Which of the following defenses addresses a weakness of IPv6?
RA guard
Any traffic that is not explicitly permitted in the ACL is ____________________ , which is called the ____________________ .
denied by default, implicit deny
Which of the following is not one of the AAA services provided by RADIUS and TACACS+?
Administration
Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic?
Application data
Which firewall type can protect a home network from adult content not suitable for the family's children?
Application layer firewall
What are the two primary features that give proxy servers an advantage over NAT?
Content filtering and improved performance
Which device would allow an attacker to make network clients use an illegitimate default gateway?
DHCP server
What's the essential difference between an IPS and an IDS?
IDS (intrusion detection system) can only detect and log suspicious activity IPS (intrusion prevention system) stands between the attacker and the network host, and can prevent traffic from reaching the protected network or host
Which policy ensures messages are discarded when they don't match a specific firewall rule?
Implicit deny
Which security device relies on a TAP or port mirroring?
NIDS
Which authentication protocol is optimized for wireless clients?
RADIUS
Which authorization method will allow Nancy, a custodian, to access the company's email application but not its accounting system?
RBAC
Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?
Separation of duties
What information in a transmitted message might an IDS use to identify network threats?
Signature
Why would you need separate RA guard policies for network hosts and routers attached to a switch?
The HOSTS policy blocks all RA messages for interfaces with that policy applied. The ROUTERS policy might filter RA messages to ensure they're coming from a trusted router.
Who is responsible for the security of hardware on which a public cloud runs?
The cloud provider
What does a client present to a network server to access a resource on that server?
Ticket
What kind of ticket is held by Kerberos's TGS?
Ticket Granting Ticket
Why do network administrators create domain groups to manage user security privileges?
To assign appropriate permissions for each group and to prevent access to network resources that are not needed
What kinds of issues might indicate a misconfigured ACL?
When troubleshooting problems with performance between two hosts or when some applications or ports can make the connection while others can't
Which ACL rule will prevent pings from a host at 192.168.2.100?
access-list acl_2 deny icmp host 192.168.2.100 any
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
access-list acl_2 permit https any any
What causes most firewall failures?
Firewall misconfiguration