Testout 5.4-5.7

Ace your homework & exams now with Quizwiz!

In addition to Authentication Header (AH), IPSec is comprised of what other service?

ESP

Which IPSec subprotocol provides data encryption?

ESP

which of the following is likely to be located in a DMZ

FTP Server

which of the following is a firewall function

Packet filtering

PPTP is quickly becoming obsolete because of what VPN protocol?

L2TP

Which VPN protocol typically employs IPSec as its data encryption mechanism?

L2TP

which of the following network devices or services prevents the use of IPsec in most cases

NAT

in which of the following situations would you most likely implement a dmz

you want to protect a public web server from attack

A salesperson in your organization spent most of her time traveling between customers sites. After a customer visit, she must complete various managerial tasks, such as updating your organizations order database. Because she rarely... many of the things... Which key step should you take when implementing this configurations? select two

- configure the vpn connection to use IPsec - configure the browser to send HTTPS requests through the VPN connection

which of the following are characteristics of a packet filtering firewall

- filters ip address and port - stateless

which of the following are characteristics of a circuit-level gateway?

- stateful - filters based on sessions

which of the following are true of a circuit proxy filter firewall?

- verifies sequencing of session packets - operates at the session layer

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers?

-put the web server inside the DMZ - put the database server on the private network

which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?

169.254.0.0-169.254.255.255

which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?

DMZ

You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

which is the best countermeasure for someone attempting to view your network traffic?

VPN

A group of salesmen would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

which of the following describes how access lists can be used to improve network security?

an access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers

You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

application level

which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

bastion/sacrificial host

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

circuit-level

When designing a firewall, what is the recommended approach for opening and closing ports?

close all ports; open only ports required by applications inside the DMZ

You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?

dynamic

which of the following is the best device to deploy/protect your private network from a public untrusted network

firewall

you have been given a laptop to use for work. you connect the laptop to your company network, use it from home, and use it while traveling. you want to protect the laptop from internet-based attacks. which solution should you use?

host based firewall

which of the following is not a benefit of NAT

improving the throughput rate of traffic

you would like to control internet access based on users, time of day, and websites visited. how can you do this?

install a proxy server. allow internet access through the proxy server.

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

network based firewall

Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

network based firewall

You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?

static

you want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. what should you use to allow access?

static NAT

VPN

support secured communications over an untrusted network

tunneling

supporting private traffic through a public communication medium

which statement best describes IPSec when used in tunnel mode?

the entire data packet, including headers, is encapsulated

features of an application level gateway

the entire messages are reassembled stops each packet at the firewall and inspects it


Related study sets

Module 5 Study Guide (Apologia Marine Biology)

View Set

Adult health and PEDS nclex (copy)

View Set

NURS 3230 Chapter 31 Skin Integrity and Wound Care NCLEX

View Set

MCAT general and organic chemistry

View Set

Consumer Behavior: Chapter 8 Quiz Review

View Set

MTLB- MODULE 5 (HIV LAWS)- RA 8504

View Set

Ch04: Civil Liberties: Nationalizing the Bill of Rights

View Set

resistance training notes test 2

View Set

PED #1 (Chp 1, 2, 31, 32, 33, 34, 35, 36, 37, 38, 42)

View Set