Module11 Security in Network Design

Active Directory and 389 Directory Server are both compatible with which directory access protocol?

LDAP

Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?

Separation of duties

As a network administrator, Murphy wants to add additional layers of security to prevent hackers from penetrating the network. In order to achieve this, he plans on adding additional authentication restrictions that might strengthen network security. Analyze which of the following he should do in this context

Set a limit on consecutive login attempts

What information in a transmitted message might an IDS use to identify network threats?

Signature

Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?

access-list acl_2 permit https any any

Darwin has purchased a laptop for the purpose of running his stock brokerage activities from home. He has contracted Navin, a network engineer, to install a software specifically for his workstation so that the software can protect the network from certain traffic. Analyze which of the following firewalls is best applicable in this scenario.

A host-based firewall

At what layer of the OSI model do proxy servers operate?

Layer 7

Valiant is an NGO that has very strong opinions against the government. It has faced a number of legal notices and its IP address has been blocked numerous times for voicing out dissent on online forums and social media. Valiant has requested your help as a network analyst to find a way around this problem so that it won't receive any more legal notices due to IP address tracking. Which of the following methods will you use in this scenario?

Proxy server

Which of the following firewalls manages each incoming packet as a stand-alone entity without regard to currently active connections?

Stateless firewall

You are the network engineer for Muhan Mobile Services. The network administrator has asked you to separate the authentication, auditing, and authorization process. Which of the following tools will you use in such a scenario?

TACACS+

Bruno is a network engineer who is tasked with adding a separate layer of protection to the control plane of a router. He wants messages with a bps (bits per second) rate below the threshold 7000 to be transmitted and the messages with a threshold above 7000 to be dropped. Analyze which of the following commands Bruno should use in pmap configuration mode in this scenario.

police 8000 conform-action transmit exceed-action drop

You are a network engineer at BHMS Ltd. The network administrator wants you to set up a security configuration for the router so that the router can accept or decline certain packets depending on their information. Which of the following will you use in such a scenario?

ACL

Which of the following stands in-line between the attacker and the targeted network or host where it can prevent traffic from reaching that network or host?

IPS

Which policy ensures messages are discarded when they don't match a specific firewall rule?

Implicit deny

Which authorization method allows a network administrator to receive from a user's supervisor a detailed description of the roles or jobs the user performs for the organization?

RBAC

Which of the following refers to a division of labor that ensures no one person can singlehandedly compromise the security of data, finances, or other resources?

SoD

Which of the following is not one of the AAA services provided by RADIUS and TACACS+?

Administration

Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic?

Application data

The HR manager of Veep Communications notices a lot of employees waste valuable time surfing social media websites. The HR manager requests you (a network administrator) to prevent the employees' access to these websites. Which of the following firewalls will you use in this scenario?

Application layer firewall

Identify which of the following terms defines the process of verifying a user's credentials.

Authentication

Who is responsible for the security of hardware on which a public cloud runs?

The cloud provider

You as a network administrator want to have a check on the ARP (address resolution protocol) vulnerabilities in your organization so that you can prevent a switch against possible ARP spoofing attacks and MAC flooding. Which of the following will you use in this scenario?

DAI

Which device would allow an attacker to make network clients use an illegitimate default gateway?

DHCP server

Which of the following technologies selectively filters or blocks traffic between networks?

Firewall

A special kind of DoS (denial of service) attack has attacked an AAA server with authentication requests that must all be processed and responded to. The network administrator has analyzed the situation and requested you, a network engineer, to use a command by which you can reclaim compromised resources in case of a similar attack in the future. Which of the following commands will you use in this scenario?

floodguard