3.3 Given a scenario, implement secure network designs

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

A network administrator wants to set up a load balancing cluster to manage traffic to a web server farm. The load balancer will route traffic based on the type of requests coming in from internal users. Design a solution that would provide at minimum a failover solution and proper configuration for a load balancing cluster. (Select all that apply.)

*Create a Virtual IP address *Set up an active/passive topology

Two virtual hosts run on a stack and each host runs a virtual machine (VM). Both VMs use shared storage, and an admin must provide stateful fault tolerance. The Enterprise services running on these VMs must work on both virtual hosts and continue working if one of the virtual hosts goes offline. What cluster set up would provide the functionality the organization requires?

An active/active configuration consisting of n nodes

A network administrator needs to monitor traffic that passes through the firewall to analyze attacks on the network. Which of the following devices will combine multiple sensors to gather data for analysis?

Collector

What can a system administrator configure on two load balanced servers to ensure each node gets its fair share of work?

Configure scheduling

A network administrator separates access to company resources based on job function. The administrator groups access allowed to specific information within the network. Which of the following is the best separation method to implement?

Create VLANs

A vendor requires access to company resources to fulfill business requirements with a company it services. The company provides a zone to keep proprietary information secure but allows the vendor access to the resources. What type of zone does the vendor use?

Extranet

A hacker infiltrated a commercial stock image company and found a file share full of free images that users could download via a web server. The hacker replaced each image with malicious code, hoping the free images will get downloaded onto unsuspecting users' computers. Which of the following can prevent this attack method?

File integrity monitoring

Systems administrators want to set up a way for remote administration from home. The solution should use available services like a web browser, rather than installing a virtual private network agent. Which option would best support these requirements?

HTML5

Network designs show strategically placed firewalls on the local area network (LAN) to add layers of network security. The internal cloud stack also provides a layer of firewall security. Which firewall solution would provide immediate protection to a client computer?

Host-based firewall

A company would like to implement a private network accessible through a portal to communicate and share resources. Authorized users can only access the network. Which of the following is the best choice for implementation?

Intranet

A network administrator sets up a wireless access point (WAP) in the office. Management wishes to allow access to only certain mobile devices owned by employees. What setting on the WAP would the network administrator configure?

MAC filtering

A network engineer is installing a patch panel in the newly renovated floor of a building. Before connecting network cables between the patch panel and switch, the engineer configures Spanning Tree Protocol (STP). How will STP secure the network?

Prevent broadcast storms

What is a jump server commonly used for?

Provide secure access to DMZ servers.

A company hosts its own web servers. These web servers provide multiple services that employees need while on the road. A recent security audit advised the company to find a more secure way to publish these web services to the Internet. Which of the following will accomplish this?

Reverse Proxy

A firewall contains a Network Intrusion Detection System (NIDS), which monitors activity on the network. Devices are placed in front of the firewall and after the firewall, gather information, and report applicable findings to a central console in the NIDS. Identify these devices.

Sensors

An administrator deploys a basic network intrusion detection (NID) device to block common patterns of attacks. What detection method does this device use?

Signature-based

An administrator decides what traffic should go in the encryption tunnel versus what goes to the unsecured Internet. Which VPN protocol did the administrator employ?

Split tunnel

Users are reporting jittery video communication during routine video conferences. What can a system administrator implement to improve video quality and overall use of the network bandwidth?

Use 802.1p header

Two virtual machines have a custom application set up for active/active clustering. Each physical node has the appropriate number of network adapters for clustering, as well as service communication to clients. Cisco backs the company's infrastructure and has also made recommendations. Which of the following will most likely support these customer services? (Select all that apply.)

*GLBP *VIP

Cloud engineers are considering network segmentation options that will provide the most security between services on the cloud platform. Which of the following would ensure this type of network security is within the cloud? (Select all that apply.)

*Set up efficient east-west traffic *Set up zero trust

Management hired 20 new people and the network team set up the network connections in the office to accommodate them. There are three dummy client switches, with roughly 40 computers connected to the network. The client computers have an Internet Protocol (IP) address using Dynamic Host Configuration Protocol (DHCP). The local DHCP server and file server are connected to the switches. When trying to access the servers or the Internet from the client computers, there is no network connectivity. Some clients have a DHCP IP address. What may be the cause?

A loop in the network

An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting?

ACL

A VPN connection allows employees to use both physically separated networks any time they need to. What type of capability does this represent?

Always on

A concentrator placed on a firewall or router combines multiple sensors to gather data for processing by an intrusion detection system. Identify this device.

Collector

Which of the following does NOT describe an application firewall?

It analyzes packets at layer 2

An organization has a network access control (NAC) system that assesses the health of workstations and laptops connected to the corporate network. A network admin must add mobile devices to the list of platforms. How will an admin provide health assessments for these new devices?

Perform an agentless health assessment

A system administrator configures a switch, sending a copy of all network traffic to an area where admin can analyze it. What should the administrator implement?

Port mirror

After an in-depth security analysis of recent detections of malware, the security admin found the root cause to be website blogs and online podcasts which contained several pop-up ads. The information systems security officer (ISSO) wants to deploy a solution that blocks these websites, scans users' web browsing traffic for malware, and blocks it from entering the Intranet. Which of the following will fulfill the security requirements?

UTM

A system administrator needs to hide internal resource private IP addresses from the internet to protect from exploitation. What can the administrator apply to the network to complete this action?

Apply NAT to the Internet facing firewall.

An employee plans to travel for work purposes and will require access to the company's website. The site restriction is for employees only and requires a secure means to gain access. The employee will most likely use what?

Remote access VPN


Set pelajaran terkait

(Health Psychology) Chapter 7: Possible M.C.

View Set

chapter 8 reading quiz question 3

View Set

Week 2 Practice Quiz; Chapters 2 & 3

View Set

Principles of Selling - Chapter 6, 7, & 8

View Set

Leadership 101 Conventional NCTI Exam

View Set