Knowledge Quiz 2 - Firewall Design and Management
Which of the following computers is likely to be found in a DMZ?
E-mail server
A proxy server ___________.
Is designed to improve web access
For which of the following reasons would you consider creating a protected subnet within an already protected internal network? (Choose all that apply.) a. to protect customer information b. to protect management servers c. to protect the company's reputation d. to protect Web servers
a. to protect customer information b. to protect management servers d. to protect Web servers
Which answer below is not an advantage of using a proxy server?
***NOT Protects internal IP addresses***
Hardening a bastion host involves which of the following measures? (Choose all that apply)
All of the above
Which of the following functions can a bastion host perform?
FTP server
Which of the following functions can a bastion host perform? (Choose all that apply)
FTP server E-mail server
A bastion host is usually located on the internal network.
False
A bastion host is usually located on the internal network. True or False?
False
A bastion host is usually located on the internal network? True or False
False
In a Cisco ASA 5505 firewall, security level 100 is the least secure level. True or False
False
In a Cisco ASA 5505 firewall, security level 100 is the least secure level. True or False?
False
One-to-One NAT is also called PAT.
False
The Administrator account on Windows computers can't be renamed or disabled.
False
To isolate all external Web requests to a specific Web server on the DMZ, it would be best to use many-to-one NAT. True or False?
False
To isolate all external Web requests to a specific Web sever on the DMZ, it would be best to use many - to - one NAT? true or false
False
Which of the following issues should you consider in firewall design.
Fault Tolerance
Load-balancing software
Forwards packets to/from a p
Server Farm
Group of servers connected in a subnet that work together to receive requests.
What enables servers in a server farm to work together to handle requests?
Load balancing software
______ enable servers in a server farm to work together to handle requests.
Load-balancing software
Which of the following can hide internal IP addresses from the internet.
NAT
A screening router would be an appropriate choice for meeting the security needs of a ________________.
None of the above
Proxy Server
Prioritizes, schedules, and dis
One-to-One NAT
Process of mapping one internal IP address to one external IP address.
A DMZ is _________________
Semi Trusted network
What is the main problem with using a screening router?
The router alone cannot stop many types of attacks
__________ is the main problem with using a screening router.
The router alone cannot stop many types of attacks
A honeypot is a computer placed on the network that appears to have critical data and software for the operation of an organization, with the intent of distracting an attacker.
True
Given the multiple and varied demands on network administrators, those in charge of small-to-medium sized networks should probably purchase a vendor-supplied turn-key perimeter firewall solution.
True
Multiple firewalls can be used in a failover firewall configuration, where one firewall seamlessly takes over the traffic for another firewall when it fails.
True
A corporation with several branch offices has decided to maintain multiple firewalls, one to protect each branch office's network. What is the most efficient way to maintain these firewalls?
Use a centralized security workstation
Many-to-One NAT
Uses source/destination port
A DMZ is __________.
a semitrusted network
Which of the following functions can a bastion host perform? (Choose all that apply.) a. FTP server b. e-mail server c. security management server d. domain controller
a. FTP server b. e-mail server
A corporation with several branch offices has decided to maintain multiple firewalls, one to protect each branch office's network. What is the most efficient way to maintain these firewalls? a. Use a centralized security workstation. b. Send information about the security policy to each network administrator. c. Set up remote desktop management software. d. Broadcast configuration instructions periodically by e-mail.
a. Use a centralized security workstation.
Hardening a bastion host involves which of the following measures? (Choose all that apply.) a. disabling unnecessary services b. removing unnecessary accounts c. installing current patches d. all of the above
a. disabling unnecessary services b. removing unnecessary accounts c. installing current patches d. all of the above
Which of the following computers is likely to be found in a DMZ? (Choose all that apply.) a. e-mail server b. domain controller c. Web server d. customer information database
a. e-mail server c. Web server
Which of the following issues should you consider in firewall design? (Choose all that apply.) a. fault tolerance b. log size c. authorization d. load balancing
a. fault tolerance d. load balancing
Which of the following issues should you consider in firewall design? (Choose all that apply)
a. fault tolerance d. load balancing
A proxy server _____ . (Choose all that apply.) a. is designed to improve Web access b. is the same as a reverse firewall c. uses fewer system resources than a software firewall d. can filter Application layer content
a. is designed to improve Web access d. can filter Application layer content
For which of the following reasons would you consider creating a protected subnet within an already protected internal network? (Choose all that apply)
a. to protect customer information b. to protect management servers d. to protect Web servers
Which of the following can hide internal IP addresses from the Internet? (Choose all that apply.) a. packet filters b. NAT c. proxy servers d. state tables
b. NAT c. proxy servers
A DMZ is _____. a. a trusted network b. a semitrusted network c. an untrusted network d. not actually a network
b. a semitrusted network
What is the main problem with using a screening router? a. The router can be configured incorrectly. b. The router might not provide an adequate screen. c. The router cannot be used with a firewall. d. The router alone cannot stop many types of attacks.
d. The router alone cannot stop many types of attacks.
What enables servers in a server farm to work together to handle requests? a. a router b. a switch c. a networking hub d. load-balancing software
d. load-balancing software
A screening router would be an appropriate choice for meeting the security needs of a _____. a. small office network b. home network c. DMZ d. none of the above
d. none of the above.
Hardening a bastion host involves which of the following measures?
disabling unnecessary services
A screening router would be an appropriate choice for meeting the security needs of _______.
none of these
For which of the following reasons would you consider creating a protected subnet within an already protected internal network?
to protect customer information
