Quiz: Module 09 Network Security Appliances and Technologies
What is a virtual firewall? a. A firewall that runs in the cloud b. A firewall appliance that runs on a LAN c. A firewall that runs in an endpoint virtual machine d. A firewall that blocks only incoming traffic
A firewall that runs in the cloud A virtual firewall is one that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.
In which of the following configurations are all the load balancers always active? a. Active-passive b. Active-active c. Active-load-passive-load d. Passive-active-passive
Active-active In an active-active configuration, all load balancers are always active. Network traffic is combined, and the load balancers then work together as a team.
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Force Deny b. Bypass c. Allow d. Force Allow
Allow Allow implicitly denies all other traffic unless explicitly allowed.
Which type of monitoring methodology looks for statistical deviations from a baseline? a. Heuristic monitoring b. Signature-based monitoring c. Anomaly monitoring d. Behavioral monitoring
Anomaly monitoring Anomaly monitoring is designed for detecting statistical anomalies.
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? a. MAC pit b. DDoS Prevention System (DPS) c. IP denier d. DNS sinkhole
DNS sinkhole A DNS sinkhole changes a normal DNS request to a pre-configured IP address that points to a firewall that has a rule of Deny set for all packets so that every packet is dropped with no return information provided to the sender. DNS sinkholes are commonly used to counteract DDoS attacks. Many enterprises contract with a DDoS mitigation service that helps identify DDoS traffic so that it is sent to a sinkhole while allowing legitimate traffic to reach its destination.
Which of these is NOT used in scheduling a load balancer? a. Round-robin b. Data within the application message itself c. The IP address of the destination packet d. Affinity
Data within the application message itself A load balancer does not consider the contents of the payload in scheduling.
Which of the following functions does a network hardware security module NOT perform? a. Key exchange b. Key management c. Fingerprint authentication d. Random number generator
Fingerprint authentication A network HSM does not perform authentication.
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Reverse proxy server b. Intrusion prevention device c. Host detection server d. Forward proxy server
Forward proxy server A forward proxy is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.
Which of the following contains honeyfiles and fake telemetry? a. Honeypotnet b. Attacker-interaction honeypot c. High-interaction honeypot d. Honeyserver
High-interaction honeypot A high-interaction honeypot is designed for capturing much more information from the threat actor. Usually, it is configured with a default login and loaded with software, data files that appear to be authentic but are actually imitations of real data files (honeyfiles), and fake telemetry.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It typically includes an email or web server. b. It contains servers that are used only by internal network users. c. It provides an extra degree of security. d. It can be configured to have one or two firewalls.
It contains servers that are used only by internal network users. It contains servers that are used only by external and not internal network users.
How does BPDU guard provide protection? a. All firewalls are configured to let BPDUs pass to the external network. b. BPDUs are encrypted so that attackers cannot see their contents. c. It sends BPDU updates to all routers. d. It detects when a BPDU is received from an endpoint.
It detects when a BPDU is received from an endpoint.
Which of the following is NOT correct about L2TP? a. It must be used on HTML5 compliant devices. b. It is used as a VPN protocol. c. It is paired with IPSec. d. It does not offer encryption.
It must be used on HTML5 compliant devices. L2TP does not have to be used in conjunction with HTML5.
Which of the following is not a basic configuration management tool? a. Standard naming convention b. MAC address schema c. Diagrams d. Baseline configuration
MAC address schema An Internet Protocol schema (not a MAC address schema) is a standard guide for assigning IP addresses to devices. This makes it easier to set up and troubleshoot devices and helps to eliminate overlapping or duplicate subnets and IP address device assignments, avoid unnecessary complexity, and not waste IP address space.
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? a. Masking b. PII Hiding c. Tokenization d. Data Object Obfuscation (DOO)
Masking When the data is used only for testing purposes, such as determining if a new app functions properly, masking may be used. Data masking involves creating a copy of the original data but obfuscating (making unintelligible) any sensitive elements such as a user's name or Social Security number.
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Policy-based firewall b. Content/URL filtering firewall c. Proprietary firewall d. Hardware firewall
Policy-based firewall A more flexible type of firewall than a rule-based firewall is a policy-based firewall. This type of firewall allows for more generic statements to be used instead of specific rules.
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? a. Split tunnel b. Narrow tunnel c. Full tunnel d. Wide tunnel
Split tunnel Not all traffic—such as web surfing or reading personal email—needs to be protected through a VPN. In this case, a split tunnel, or routing only some traffic over the secure VPN while other traffic directly accesses the Internet, may be used instead. This can help to preserve bandwidth and reduce the load on the VPN concentrator.
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Packet filtering firewall b. Stateful packet filtering c. Proxy firewall d. Connection-aware firewall
Stateful packet filtering Stateful packet filtering uses both the firewall rules and the state of the connection: that is, whether the internal device requested each packet. A stateful packet filtering firewall keeps a record of the state of a connection between an internal endpoint and an external device.
Which of these appliances provides the broadest protection by combining several security functions? a. NAT b. UTM c. NGFW d. WAF
UTM Unified threat management (UTM) is a device that combines several security functions. These include packet filtering, antispam, antiphishing, antispyware, encryption, intrusion protection, and web filtering.
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Give restricted access to the network. b. Update Active Directory to indicate the device is vulnerable. c. Deny access to the network. d. Connect to a quarantine network.
Update Active Directory to indicate the device is vulnerable. NAC does not update Active Directory.
Which of the following is NOT a firewall rule parameter? a. Action b. Time c. Context d. Visibility
Visibility There is no visibility firewall parameter.
