CNT3004 CH10
What kinds of issues might indicate a misconfigured ACL?
Connectivity and performance issues between two hosts in which some applications or ports can make the connection while the others can't
What are the two primary features that give proxy servers an advantage over NAT?
Content filtering and file caching
What kind of firewall block traffic based on application data contained within the packets?
Content-filtering firewall
What causes most firewall failures?
Firewall misconfiguration
Which of the following is not one of the three AAA services provided by RADIUS and TACAS+?
access control
At what layer of the OSI model do proxy servers operate?
layer 7
Only one ___________________ exists on a network using STP.
root bridge
What feature of Windows Server allows for agentless authentication?
AD (Active Directory)
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
Access-list acl_2 permit http any any
What's the essential difference between an IPS and an IDS?
An IDS can only detect and log suspicious activity. AN IPS can react when alerted to such activity.
Which NGFW feature allows a network admin to restrict traffic generated by a specific game?
Application awareness
Any traffic that is not explicitly permitted in the ACL is _______________, which is called the ______________________________________.
Denied, Implicit Deny rule
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP
Why do network administrators create domain groups to manage user security privileges?
To simplify the process of granting rights to users.
Which of the following features is common to both an NGFW and traditional firewalls?
User authentication
What software might be installed on a device in order to authenticate it to the network?
agent
EAPoL is primarily used with what kind of transmission?
wireless
Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?
Switchport port-security
What kind of ticket is held by Kerberos' TGS?
TGT (ticket-granting ticket)
Why is a BPDU filter needed at the demark?
The ISP's STP-related topology information shouldn't be mixed with a corporate network's STP related topology information.