8.3.9 - Practice Questions
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.) - Acknowledgement number - Digital signature - Checksum - Destination address of a packet - Port number - Source address of a packet - Sequence number
- Destination address of a packet - Port number - Source address of a packet
You have used firewalls to create a demilitarized zone. You have a webs server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) - Put the web server on the private network. - Put the database server on the private network. - Put the database server inside the DMZ. - Put the web server inside the DMZ.
- Put the database server on the private network - Put the web server inside the DMZ.
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to use DNS, which port should you enable? - 443 - 53 - 80 - 21 - 42
53
You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: - IP address: 192.168.23.8 - HTTP Port: 1030 - SSL Port: 443 Users complain that they can't connect to the website when they type www.westsim.com. What is the most likely source of the problem? - The HTTP port should be changed to 80. - SSL is blocking internet traffic. - FTP is not configured on the server. - Clients are configured to look for the wrong IP address.
The HTTP port should be changed to 80.
Which of the following describes how access lists can be used to improve network security? - An access list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. - An access list filters traffic based on the frame header such as source or destination MAC address. - An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
When designing a firewall, what is the recommended approach for opening and closing ports? - Open all ports; close ports that expose common network attacks. - Close all ports. - Close all ports; open only ports required by applications inside the DMZ. - Close all ports; open ports 20, 21, 53, 80, and 443. - Open all ports; close ports that show improper traffic or attacks in progress.
Close all ports; open only ports required by applications inside the DMZ.
You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? - MAC address - Username and password - Session ID - IP address
IP address
In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? - Downloading email - Downloading a file - Performing a name resolution request - Downloading a web page
Downloading a file
You want to allow users to download files from a server running the TCP/IP Protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability? - TFTP - IP - HTML - TCP - HTTP - FTP
FTP
Which of the following is likely to be located in a DMZ? - Backup server - User workstations - FTP server - Domain controller
FTP server
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? - IDS - VPN concentrator - Network-based firewall - IPS - Host-based firewall
Network-based firewall
After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done? - Open port 25 to allow SNMP service. - Open port 80 to allow SNMP service. - Open port 110 to allow POP3 service. - Open port 80 to allow SMTP service. - Open port 25 to allow SMTP service. - Open port 110 to allow SMTP service.
Open port 25 to allow SMTP service.
Match the firewall type on the left with its associated characteristics on the right. Each firewall type may be used once, more than once, or not at all. Drag - Routed firewall - Virtual firewall Drop - Operates at Layer 2 - Operates at Layer 3 - Counts as a hop in the path between hosts. - Does not count as a hop in the path between hosts. - Each interface connects to a different network. - Each interface connects to the same network segment.
Operates at Layer 2 - Virtual firewall Operates at Layer 3 - Routed firewall Counts as a hop in the path between hosts. - Routed firewall Does not count as a hop in the path between hosts. - Virtual firewall Each interface connects to a different network. - Routed firewall Each interface connects to the same network segment. - Virtual firewall
Match the firewall type on the right with the OSI layer at which it operates. Each OSI Layer may be used once, more than once, or not at all. Drag - OSI Layer 1 - OSI Layer 2 - OSI Layer 3 - OSI Layer 4 - OSI Layer 5 - OSI Layer 6 - OSI Layer 7 Drop - Packet filtering firewall - Circuit-level proxy - Application-level gateway - Routed firewall - Transparent firewall
Packet filtering firewall - OSI Layer 3 Circuit-level proxy - OSI Layer 5 Application-level gateway - OSI Layer 7 Routed firewall - OSI Layer 3 Transparent firewall - OSI Layer 2
In which of the following situations would you most likely implement a demilitarized zone (DMZ)? - You want to detect and respond to attacks in real time. - You want internet users to see a single IP address when accessing your company network. - You want to encrypt data sent between two hosts using the internet. - You want to protect a public web server from attack.
You want to protect a public web server from attack.