Quiz: Lab Manual Module 09 Network Security Appliances and Technologies

Your organization was recently the victim of an attack. You are investigating the attack and trying to determine what happened. What is the most likely entry point used for the attack? a. IoT device with default configuration b. Web server in your DMZ c. Device securely connected to the VPN d. Hardware firewall

a. IoT device with default configuration

Ciara wants to connect to her corporate network from home using a private and secure connection to be private and secure. She wants the most secure option available. Which of the following VPN protocols would you recommend? a. L2TP/IPsec b. L2TP/TLS c. IPsec/TLS d. PPTP

a. L2TP/IPsec

Security devices are only as good as their configurations. A misconfigured device provides a false sense of security and potentially creates vulnerabilities that didn't exist prior to the device being installed. Which of the following does not need to be included in the configuration planning process? a. Packet capture and analysis b. Secure baseline configurations c. Diagrams d. Standard naming conventions

a. Packet capture and analysis

You are configuring a new stateless firewall for the network. Which of the following is not a parameter that you would use in the rules? a. Source address b. State c. Protocol d. Action

b. State

Tao is installing a specialized firewall appliance that will allow private IP addresses to be used on the public Internet. Which of the following is he installing? a. Next generation firewall b. Web application firewall c. Network address translation (NAT) gateway d. Unified threat management

c. Network address translation (NAT) gateway

Dune is setting up a network packet capture and analysis monitoring tool. He wants the system to have as little effect on network throughput as possible, but also wants to receive information in real time at the monitoring tool. In addition, he wants the device to capture traffic that could be used as evidence in a trial. Which of the following would you suggest? a. Aggregators b. Network sensors c. Port TAP d. Port mirroring

c. Port TAP

DDoS attacks are a major concern of any organization. What is one of the best options to stop a DDoS attack and simultaneously collect data on the attack? a. Honeynet b. Proxy server c. Sinkholes d. Honeypot

c. Sinkholes

Luz is verifying that port security has been correctly configured on all of the switches in the organization. Which of the following is not one of the attacks he is trying to prevent? a. ARP poisoning b. MAC flooding c. MAC address spoofing d. DHCP snooping

d. DHCP snooping

Kolten wants to allow users from outside of the network to access the web server, but he does not want them to access the internal network. Which of the following technologies would you recommend using? a. VirtualIP b. Load balancing c. VLAN d. DMZ

d. DMZ

Saffron is connecting to the corporate network through the VPN when her PC is sent to quarantine and cannot connect. Which of the following is the corporate network likely using? a. DLP b. DMZ c. ACL d. NAC

d. NAC