Review Questions - Module 11 - Security in Network Design

Ace your homework & exams now with Quizwiz!

Which of the following criteria can a packet-filtering firewall NOT use to determine whether to accept or deny traffic?

Application data

Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?

Separation of duties

What information in a transmitted message might an IDS use to identify network threats?

Signature

Which of the following is not one of the AAA services provided by RADIUS and TACACS+?

administration

What is the purpose of an ACL when configuring CoPP?

ACLs can be used instead of non-IP classes to drop non-IP traffic, and the default non-IP CoPP class can be used to limit to non-IP traffic that reaches the RP CPU. It identifies relevent traffic for the CoPP policies

What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack?

ARP performs no authentication

Which device would allow an attacker to make network clients use an illegitimate default gateway?

DHCP server

What are the two primary features that give proxy servers an advantage over NAT?

Filter content and file caching Content filtering and improved performance, reverse proxy.

What's the essential difference between an IPS and an IDS?

IDS (intrusion detection system) creates alerts when suspicious activity happens. IPS (intrusion Prevention system) prevents traffic from reaching the network.

Which policy ensures messages are discarded when they don't match a specific firewall rule?

Implicit deny

Active Directory and 389 Directory Server are both compatible with which directory access protocol?

LDAP

At what layer of the OSI model do proxy servers operate?

Layer 7

What causes most firewall failures?

Not being configured correctly

What kind of ticket is held by Kerberos's TGS?

TGT (Ticket-Granting Ticket)

Who is responsible for the security of hardware on which a public cloud runs?

The cloud provider

Why would you need separate RA guard policies for network hosts and routers attached to a switch?

To ensure that RA messages are coming from a trusted router

Why do network administrators create domain groups to manage user security privileges?

To simplify the process of granting rights to users

What kinds of issues might indicate a misconfigured ACL?

Wrong people being able to log in.

Which of the following ACL commands would permit web-browsing traffic from any Ip address to any Ip address?

access-list acl_2 permit icmp any any

Any traffic that is not explicitly permitted in the ACL is __________, which is called the __________

dropped, implicit deny


Related study sets

PHYS1001 Chapter: 25 Electromagnetic Induction

View Set

Sociology of Sports Exam 1 chapter 4

View Set