Alexa_Week23

Ace your homework & exams now with Quizwiz!

Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? A) A network-based firewall B) An IPS C) An IDS D) A host-based firewall

A) A network-based firewall

Which of the following is required to establish a new network switch and configure its IP address for the first time? A) Out-of-band management B) Client-to-site VPN C) In-band management D) Site-to-site VPN

A) Out-of-band management

Which of the following methods is best to have when a network goes down? A) Out-of-band management B) In-band management C) Client-to-site VPN D) Site-to-site VPN

A) Out-of-band management

Which of the following is another name for a firewall that performs router functions? A) Screening router B) Screened subnet C) Dual-homed gateway D) Screened-host gateway

A) Screening router

Which of the following are true about routed firewalls? (Select two.) A) Supports multiple interfaces. B) Operates at Layer 2. C) Internal and external interfaces connect to the same network segment. D) Counts as a router hop. E) Easily introduced to an existing network.

A) Supports multiple interfaces. D) Counts as a router hop.

Which of the following combines several layers of security services and network functions into one piece of hardware? A) Unified Threat Management (UTM) B) Firewall C) Intrusion detection system (IDS) D) Circuit-level gateway

A) Unified Threat Management (UTM)

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use? A) Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. B) Use firewalls to create a screened subnet. Place the web server and the private network inside the screened subnet. C) Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. D) Use a single firewall. Put the server and the private network behind the firewall.

A) Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.

How many network interfaces does a dual-homed gateway typically have? A) three B) two C) four D) one

A) three

Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? A) Use the out parameter instead of the in parameter within each ACL rule. B) Add a permit statement to the bottom of the access list. C) Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface. D) Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface.

B) Add a permit statement to the bottom of the access list.

Listen to exam instructions Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? A) Misuse detection B) Anomaly-based C) Pattern matching D) Dictionary recognition

B) Anomaly-based

Which of the following are specific to extended Access control lists? (Select two.) A) Identify traffic based on the destination address. B) Are the most used type of ACL. C) Are used by route maps and VPN filters. D) Should be placed as close to the destination as possible. E) Use the number ranges 100-199 and 2000-2699.

B) Are the most used type of ACL. E) Use the number ranges 100-199 and 2000-2699.

Which of the following BEST describes a stateful inspection? A) Allows all internal traffic to share a single public IP address when connecting to an outside entity. B) Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. C) Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. D) Designed to sit between a host and a web server and communicate with the server on behalf of the host.

B) Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.

Which of the following are characteristics of a packet-filtering firewall? (Select two.) A) Filters based on URL B) Filters IP address and port C) Stateless D) Stateful E) Filters based on sessions

B) Filters IP address and port C) Stateless

Which of the following is true about an unmanaged switch? A) It supports link aggregation. B) It can connect to all devices in a small area. C) It allows port configuration. D) It is capable of VLAN creation.

B) It can connect to all devices in a small area.

What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet? A) FTP B) Packet filters C) VPN D) Subnet

B) Packet filters

You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) A) Put the database server outside the screened subnet. B) Put the web server inside the screened subnet. C) Put the database server inside the screened subnet. D) Put the database server on the private network. E) Put the web server on the private network.

B) Put the web server inside the screened subnet. D) Put the database server on the private network.

Which of the following can serve as a buffer zone between a private, secured network and an untrusted network? A) Intranet B) Screened subnet C) Padded cell D) Extranet

B) Screened subnet

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? A) Heuristics-based IDS B) Signature-based IDS C) Anomaly analysis-based IDS D) Stateful inspection-based IDS

B) Signature-based IDS

Which of the following is the BEST solution to allow access to private resources from the internet? A) Subnet B) VPN C) Packet filters D) FTP

B) VPN

Which of the following is true about an intrusion detection system? A) An intrusion detection system maintains an active security role within the network. B) An intrusion detection system can terminate or restart other processes on the system. C) An intrusion detection system monitors data packets for malicious or unauthorized traffic. D) An intrusion detection system can block malicious activities.

C) An intrusion detection system monitors data packets for malicious or unauthorized traffic.

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? A) Multi-homed B) Kernel proxy C) Bastion D) Circuit proxy

C) Bastion

Which level of the OSI model does a Layer 2 switch operate at? A) Network layer B) Session layer C) Data Link layer D) Transportation layer

C) Data Link layer

You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? A) IDS B) Packet sniffer C) IPS D) Port scanner

C) IPS

On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs? A) Load balancer B) Layer 2 switch C) Layer 3 switch D) Repeater

C) Layer 3 switch

Which IDS type can alert you to trespassers? A) HIDS B) VMIDS C) PIDS D) NIDS

C) PIDS

You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) A) Put the database server inside the screened subnet. B) Put the database server and the web server inside the screened subnet. C) Put the web server inside the screened subnet. D) Put the web server on the private network. E) Put the database server on the private network.

C) Put the web server inside the screened subnet. E) Put the database server on the private network.

Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN? A) Access point B) Hub C) Switch D) Router

C) Switch

Which of the following describes the worst possible action by an IDS? A) The system detected a valid attack and the appropriate alarms and notifications were generated. B) The system identified harmless traffic as offensive and generated an alarm. C) The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. D) The system correctly deemed harmless traffic as inoffensive and let it pass.

C) The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? A) Generate a new baseline. B) Check for backdoors. C) Update the signature files. D) Modify clipping levels.

C) Update the signature files.

Which of the following describes how access control lists can improve network security? A) An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. B) An access control list filters traffic based on the frame header, such as source or destination MAC address. C) An access control list identifies traffic that must use authentication or encryption. D) An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.

D) An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.

Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? A) Negative B) Positive C) False negative D) False positive

D) False positive

Which of the following is a device that can send and receive data simultaneously? A) Managed B) Honeypot C) Unmanaged D) Full-duplex

D) Full-duplex

Which of the following is true about an NIDS? A) It can access encrypted data packets. B) It can analyze fragmented packets. C) It can monitor changes that you've made to applications and systems. D) It detects malicious or unusual incoming and outgoing traffic in real time.

D) It detects malicious or unusual incoming and outgoing traffic in real time.

As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs? A) Layer 2 switch B) Repeater C) Load balancer D) Layer 3 switch

D) Layer 3 switch

Which of the following is a firewall function? A) Frame filtering B) Encrypting C) FTP hosting D) Packet filtering

D) Packet filtering

Which of the following uses access control lists (ACLs) to filter packets as a form of security? A) Dual-homed gateway B) Screened-host gateway C) Screened subnet D) Screened router

D) Screened router

In which of the following situations would you MOST likely implement a screened subnet? A) You want users to see a single IP address when they access your company network. B) You want to encrypt data sent between two hosts using the internet. C) You want to detect and respond to attacks in real time. D) You want to protect a public web server from attack.

D) You want to protect a public web server from attack.

Listen to exam instructions As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? A) Protocol analyzer B) Network-based IDS C) Port scanner D) VPN concentrator E) Host-based IDS

E) Host-based IDS

Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. Competes with normal network traffic for bandwidth. Uses a dedicated communication channel. Must be encrypted to protect communications from sniffing. Does not compete with normal network traffic for bandwidth. Affected by network outages. A) In-band B) Out-of-band

In-band Out-of-band In-band Out-of-band In-band

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all. Commonly sold at retail stores. Provides port security features. Supports VLANs. Provides very few configuration options. Can be configured over a network connection. Can be configured over a dedicated communication channel. A) Unmanaged switch B) Managed switch

Unmanaged switch Managed switch Managed switch Unmanaged switch Managed switch Managed switch


Related study sets

Chapter 2 Conceptual Questions- Motion along a Straight Line

View Set

Series 9 Chapter 1 and 2 Equity Options

View Set

TCU Abnormal Psych Exam 2 - Broom

View Set

Intro to Forensic Science: Chapter 2 Test Review

View Set

Human Anatomy ZOO 3731: Nervous Tissue, Spinal Cord and Nerves, and Brain and Cranial Nerves

View Set