CH6
Which of the following are characteristics of a stateless firewall? (Select two.)
- Controls traffic using access control lists, or ACLs. - Allows or denies traffic by examining information in IP packet headers
Which of the following are true about routed firewalls? (Select two.)
- Counts as a router hop. - Supports multiple interfaces.
Which of the following are true about reverse proxy? (Select two.)
- Handles requests from the internet to a server on a private network. - Can perform load balancing, authentication, and caching.
Which options are you able to set on a firewall? (Select three.)
- Port number - Packet source address - Packet destination address
You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
- Put the database server on the private network. - Put the web server inside the screened subnet.
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
- Put the web server inside the screened subnet. - Put the database server on the private network.
Which of the following are specific to extended Access control lists? (Select two.)
- Use the number ranges 100-199 and 2000-2699. - Are the most used type of ACL.
LAB: You are helping Halle, a friend in college, with her network connection. To allow her to play SuperBlast with other classmates, Halle would like both of her computers (Dorm-PC and Dorm-PC2) to have a high-speed connection to the internet. Currently only one of Halle's computers (Dorm-PC) is connected to the internet, and there is only one Ethernet wall plate connection port available in her room.
1. Add the fastest router from shelf 2. Power the router 3. Connect Dorm-PC AND Dorm-PC2 to the router 4. Connect Router to wall plate 5. On Dorm-PC, open Win Powershell as admin 6. Enter IPconfig /renew 7. In BOTH computers navigate to Network & Internet > Firewall > Turn on Public & Private Networks 8. Allow an app through firewall > Allow another app > Superblast > Click OK
LAB: You are the security analyst for a small corporate network. You recently placed a web server in a screened subnet, or demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access to the web server from the LAN and from the WAN. You also want to allow all traffic from the LAN network to the DMZ network.
1. Login 2. Firewall > Rules 3. Under the Firewall breadcrumb, select DMZ 4. Select add (either one) 5. Under Source, select WAN net 6. Select Display Advanced 7. For Source Port Range, select HTTP (80). 8. Under Destination, select Single host or alias. 9. In the Destination Address field, enter 172.16.1.5 10. In the Destination Port Range, select HTTP (80) 11. In the Description field, enter HTTP to DMZ from WAN 12. Click SAVE & APPLY CHANGES!!!!! 13. For the rule just created, select the Copy icon (two files) 14. Under Source, select Display Advanced. 15. Change the Source Port Range to HTTPS (443) 16. Under Destination, change the Destination Port Range to HTTPS (443). 17. Under Extra Options, change the Description field to HTTPS to DMZ from WAN 18. Save > Apply Changes!!!!! 19. Select Add (either one) 20. Change Interface to LAN 21. For Protocol, select Any 22. Under Source, select LAN net 23. Under Destination, select DMZ net 24. In the Description field, enter LAN to DMZ Any. 25. Click Save > Apply Changes!!!!!!!
LAB: You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a screened subnet, or demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network.
1. Login 2. Interfaces > Assignments 3. Add > OPT1 4. Select Enable interface 5. Change the Description field to DMZ 6. Under General Configuration, select Static IPv4. 7. Change the IPv4 Address field. to 172.16.1.1 8. Use the Subnet to select 16. 9. Save > Apply Changes!!! 10. Firewall > Rules 11. Under the Firewall breadcrumb, select DMZ. 12. Select Add (either one) 13. For the Protocol, select Any. 14. Under Source, select DMZ net. 15. In the description enter: Allow DMZ to any rule 16. Save > Apply Changes!!!!! 17. Services > DHCP Server 18. Under the Services breadcrumb, select DMZ 19. Select Enable to enable DHCP server on the DMZ interface. 20. . Configure the Range field as follows: From: 172.16.1.100 To: 172.16.1.200 21. Save!!!!!
LAB: You work as the IT security administrator for a small corporate network. In an effort to protect your network from security threats and hackers, you have added Snort to pfSense. With Snort already installed, you need to configure rules and settings and then assign Snort to the desired interface.
1. Login 2. Services > Snort 3. Under the Services breadcrumb, select Global Settings. 4. Select Enable Snort VRT 5. In the Snort Oinkmaster Code field, enter 992acca37a4dbd7 6. Select Enable Snort GPLv2 7. Select Enable ET Open 8. Under Sourcefire OpenAppID Detectors, select Enable OpenAppID. 9. Select Enable RULES OpenAppID. 10. Under Rules Update Settings, use the Update Interval drop-down menu to select 4 DAYS. 11. For Update Start Time, change to 00:10 12. Select Hide Deprecated Rules Categories 13. Under General Settings, use the Remove Blocked Hosts Interval drop-down menu to select 1 Day 14. Select Startup/Shutdown Logging. 15. SAVE!!!! 16. Under the Services breadcrumb, select Snort Interfaces and then select Add 17. Under General Settings, make sure Enable interface is selected 18. For Interface, select WAN (CorpNet_pfSense_L port 1) 19. For Description, use Snort-WAN 20. Under Alert Settings, select Send Alerts to System Log 21. Select Block Offenders 22. SAVE!!!!! 23. Under the Snort Status column, select the arrow to start Snort.
LAB: You are an IT security administrator for a small corporate network. To increase security, you have installed the pfSense security appliance on the network. Now you need to configure the device.
1. Login 2. System > General Setup 3. Under DNS Server Settings, configure the primary DNS server: Address: 163.128.78.93 Hostname: DNS1 Gateway: None 4. Select Add DNS Server and then configure it as follows: Address: 163.128.80.93 Hostname: DNS2 Gateway: None 5. Click Save at bottom. 6. Navigate to Interfaces > WAN > Enable Interface 7. Select Static IPv4. 8. In the IPv4 Address field, use 65.86.24.136 9. Change the Subnet drop-down to be 8 10. Click add a new gateway 11. . Configure the gateway settings as follows: Default: select Default gateway. Gateway name: WANGateway. Gateway IPv4: 65.86.1.1 12. Select Add, Scroll down to save and apply changes!!!!
LAB: You are the security analyst for a small corporate network. You are currently using pfSense as your security appliance.
1. Login to http://198.28.56.22 2. System > User Manager > Edit User > Change password to: P@ssw0rd 3. Click Add to add user > Fill in parameters with given info 4. Under the System breadcrumb, select Settings. 5. For Session timeout, enter 20 > SAVE 6. System > Advanced > Under webConfigurator select HTTP protocol 7. Scroll down and select Anti-lockout to disable the webConfigurator anti-lockout rule. 8. SAVE!!
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use?
A network-based firewall
Which of the following is true about a network-based firewall?
A network-based firewall is installed at the edge of a private network or network segment.
How does a proxy server differ from a packet-filtering firewall?
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer.
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do?
Add a permit statement to the bottom of the access list.
Which of the following describes how access control lists can improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following is true about an intrusion detection system?
An intrusion detection system monitors data packets for malicious or unauthorized traffic.
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline?
Anomaly-based
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion
Which of the following does the sudo iptables -F command accomplish?
Clears all the current rules.
Which of the following BEST describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic?
False positive
Which of the following chains is used for incoming connections that aren't delivered locally?
Forward
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
Which of the following is true about an NIDS?
It detects malicious or unusual incoming and outgoing traffic in real time.
Which IDS type can alert you to trespassers?
PIDS
Which of the following is a firewall function?
Packet filtering
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet?
Packet filters
Based on the diagram, which type of proxy server is handling the client's request?
Reverse proxy server
Which of the following uses access control lists (ACLs) to filter packets as a form of security?
Screened router
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network?
Screened subnet
Which of the following is another name for a firewall that performs router functions?
Screening router
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance?
Unified Threat Management (UTM)
Which of the following combines several layers of security services and network functions into one piece of hardware?
Unified Threat Management (UTM)
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
Update the signature files.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use?
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN
Which of the following is true about a firewall?
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked
In which of the following situations would you MOST likely implement a screened subnet?
You want to protect a public web server from attack.
How many network interfaces does a dual-homed gateway typically have?
three