Chapter 3
C. Nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice. A transparent proxy doesn't modify or filter requests. A reverse proxy is used for incoming traffic to an internal firewall, not traffic going out of the network. Proxy servers are caching proxy servers, but won't block outgoing traffic.
Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement? a. transparent proxy b. reverse proxy c. nontransparent proxy d. caching proxy
D. Spanning tree protocol STP or Rapid STP both prevent switching loop problems. Its rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Admins use Simple Network Management Protocol version 3 (SNMPv3) to manage and monitor devices, but it doesn't prevent switching loops.
A network technician incorrectly wired switch connections in your organizations network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future? a. install an IDS (Intrusion Detection System) b. only use layer 2 switch c. install SNMPv3 on the switches d. implement STP or RSTP
B. Stateful firewall filters traffic based on the state of the packet within a session. it would filter a packet that isn't part of a TCP three-way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While its appropriate to place a network firewall in a DMZ, a network firewall could be either a stateless firewall or a stateful firewall. An application-based firewall is typically only protecting a host not a network.
An organization has recently had several attacks against servers within a DMZ. Security admins discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the Best solution? a. stateless firewall b. stateful firewall c. network firewall d. application-based firewall
B. The most likely problem of the availability choices is that an access control list ACL is configured incorrectly. The server is in a DMZ and the most likely problem is an incorrectly configured ACL on the border firewall. The service is operating when accessed from internal clients, so it isn't likely that it is the problem. Also the server works for internal systems indicating it is working correctly. There isn't any indication a virtual local area network VLAN is in use.
Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the internet. Network admins modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However it does not work when accessed from the internet. Which of the following is Most likely configured incorrectly? a. the new service b. an ACL c. ServerA d. the VLAN
B. Network time protocol NTP provides time synchronization services so enabling NTP on servers would meet this use case. The real-time transport Protocol (RTP) delivers audio and video over IP networks, and Secure RTP (SRTP) provides encryption, message authentication, and integrity for RTP. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3) and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn't relevant to time synchronization services provided by NTP.
Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she Most likely supporting with this action? a. support voice and video transmissions b. provide time synchronization c. enable email usage d. encrypt data-in-transit
D. Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need. A flood guard on a switch helps prevent a media access control MAC flood attack. Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.
Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the Best choice to meet this need? a. Flood guard b. SNMPv3 (Simple Network Management Protocol) c. SRTP (Secure Real-time Transport Protocol) d. RSTP (Rapid Spanning Tree Protocol)
C. Simple network management protocol version 3 SNMPv3 is a secure protocol that can monitor and collect info from network devices. It includes strong authentication mechanisms to protect the confidentiality of credentials. None of the other protocols listed are used to monitor network devices. Secure Shell (SSH) provides a secure method of connecting to devices, but does not monitor them. File Transport Protocol Secure (FTPS) is useful for encrypting large files in transit, using Transport Layer Security (TLS). TLS is commonly used to secure transmissions, but doesn't include methods to monitor devices.
Marge needs to collect network device configuration info and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would Best meet this need? a. SSH (Secure Shell) b. FTPS (File Transfer Protocol Secure) c. SNMPv3 (Simple Network Management Protocol) d. TLS (Transport Layer Security)
A. These are rules in an access control list ACL for a firewall. the first rules indicate that traffic from any IP address, to any IP address using ports 80 or 443 is permitted or allowed. the final run is also known as in implicit deny rule and is placed last in the ACL. It ensures that all traffic that hasn't been previously allowed is denied. Layer 2 switches do not use ACLs. A proxy server would not use an ACL, although it would use ports 80 and 443 for Hypertext Transfer Protocol (HTTP) and HTTPS respectively. A web server wouldn't use an ACL, although it would also use ports 80 and 443.
Which type of device would have the following entries used to define its operation? -permit IP any any eq 80 -permit IP any any eq 443 -deny IP any any a. firewall b. layer 2 switch c. proxy server d. web server
B. Iptables include settings used by the Linux Kernel firewall and can be used to replace a firewall. While its possible to implement iptables on a wireless AP (assuming its linux based), iptables still function as a firewall, not a wireless AP. A layer 2 switch routes traffic based on the destination MAC address, but iptables focus on IP address. A network bridge connects multiple networks together.
You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace? a. wireless access point (WAP) b. firewall c. layer 2 switch d. bridge
C. You would most likely configure the Uniform Resource Locator URL filter on the unified threat management UTM security appliance. This would block access to the peer-to-peer sites based on their URL. Content inspection and malware inspection focus on inspecting the data as it passes through the UTM, but they do not block access to sites. A distributed denial-of-service (DDoS) mitigator will attempt to block incoming DDoS attack traffic.
You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you Most likely to configure? a. content inspection b. malware inspection c. URL filter d. DDoS mitigator (Distributed Denial of Service)
D. You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the Internet and any traffic coming from the internet with a private IP address is a spoofed source IP address. All outgoing traffic will typically use a private IP address, so you shouldn't block this outgoing traffic. A flood guard on a switch protects against MAC flood attacks and is unrelated to this question. A web application firewall protects a web application and is unrelated to anti spoofing.
You need to implement anti spoofing on a border router. Which one of the following choices will Best meet this goal? a. create rules to block all outgoing traffic from a private IP address b. implement a flood guard on switches c. add a web application firewall d. create rules to block all incoming traffic from a private IP address
A. Demilitarized zone DMZ is a buffered zone between a private network and the internet, and it will separate the web servers web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other admin need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn't necessarily separate the web-facing traffic from the internal network. A web application firewall WAF protects a web server from incoming attacks, but is does not necessarily separate internet and internal network traffic.
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the Best solution? a. DMZ b. VLAN c. firewall d. WAF (Web Application Firewall)
C. DDoS mitigator attempts to block DDoS attacks and should be placed at the border of the network, between the private network and the internet. If the network includes a DMZ, the appliance should be placed at the border of the DMZ and the internet. Placing it in the DMZ or the internal network doesn't ensure it will block incoming traffic.
Your organization recently purchased a sophisticated security appliance that includes a DDoS mitigator. Where should you place this device? a. within the DMZ b. at the border of the network, between the intranet and the DMZ c. at the border of the network, between the private network and the internet d. in the internal network
D. Secure real-time transport protocol SRTP provides encryption, message authentication and integrity for voice over internet protocol VoIP, video teleconferencing and other streaming media applications. None of the other answers are directly related to VoIP or video teleconferencing. Simple Mail Transfer Protocol (SMTP) transfers email. The Transport Layer Security (TLS) protocol is used to encrypt data-in-transit, but isn't the best choice for streaming media. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP to transfer files.
Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will Best support this goal? a. SMTP (Simple Mail Transfer Protocol) b. TLS (Transport Layer Security) c. SFTP (Secure File Transfer Protocol) d. SRTP (Secure Real-time Transport Protocol)
B. You can use secure shell SSH to encrypt PII data when transmitting it over the network (data-in-transit). Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic. FTP, Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.
Your organizations security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would Best meet this requirement? a. FTP (File Transfer Protocol) b. SSH (Secure Shell) c. SMTP (Simple Mail Transfer Protocol) d. HTTP (Hypertext Transfer Protocol)