Test out 6.1 - 6.2
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use?
A network-based firewall
Which of the following is true about a network-based firewall?
A network-based firewall is installed at the edge of a private network or network segment.
How does a proxy server differ from a packet-filtering firewall?
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer.
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do?
Add a permit statement to the bottom of the access list.
Which of the following describes how access control lists can improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following are specific to extended Access control lists? (Select two.)
Are the most used type of ACL. Use the number ranges 100-199 and 2000-2699.
Which of the following does the sudo iptables -F command accomplish?
Clears all the current rules.
Which of the following BEST describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
Filters IP address and port Stateless
Which of the following chains is used for incoming connections that aren't delivered locally?
Forward
Which of the following are true about reverse proxy? (Select two.)
Handles requests from the internet to a server on a private network. Can perform load balancing, authentication, and caching.
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
Which options are you able to set on a firewall? (Select three.)
Packet destination address Port number Packet source address
Which of the following is a firewall function?
Packet filtering
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the web server inside the screened subnet. Put the database server on the private network.
Based on the diagram, which type of proxy server is handling the client's request?
Reverse proxy server
Which of the following are true about routed firewalls? (Select two.)
Supports multiple interfaces. Counts as a router hop.
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance?
Unified Threat Management (UTM)
Which of the following combines several layers of security services and network functions into one piece of hardware?
Unified Threat Management (UTM)
Which of the following is true about a firewall?
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked.