5.0 Network Security

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level.
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Signature-based
Which of the following is the most important thing to do to prevent console access to the router?
Keep the router in a locked room
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Firewall
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?
Intranet
What is the most common form of host-based IDS that employs signature or pattern matching detection methods?
Anti-virus software
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
IDS
Which of the following are performed by proxies?
Block employees from accessing certain Web sites.
Cache web pages.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home and use it while traveling.
You want to protect the laptop from Internet-based attacks.
Which solution should you use?
Host based firewall.
You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information.
How should you place devices on the network to best protect the servers?
Put the database server on the private network.
Put the Web server on the DMZ.
Which of the following are characteristics of a circuit-level gateway?
Filters based on sessions.
Stateful.
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers.
Which type of device should you use to create the DMZ?
Network based firewall.
Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?
Screen lock
Which of the following are NOT reasons to remote wipe a mobile device?
When the device is inactive for a period of time
A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?
Remote wipe
Which of the following are true of a circuit proxy filter firewall?
Operates at the Session Layer
Verifies sequencing of session packets
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.
Source address of a packet, Destination address of a packet, AND Port Number
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports open, only ports required by applications inside the DMZ
Which of the following are characteristics of a packet filtering firewall?
Stateless
Filters IP address and port
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem?
A proxy server is blocking access to the web sites
Which of the following is a firewall function?
Packet filtering
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
Application level
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of emails for all users. You want to scan the emails and prevent any emails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?
Network based firewall
You have a company network that is connected to the internet. You want all users to have internet access, but need to protect your private network and users. You also need to make private network and users. You also need to make a Web server publicly available to Internet users. Which solution should use?
Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?
VLANs
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were grouped on separate networks.
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
Port authentication
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch? Which one of the following should you implement?
802.1x
Which of the following applications typically use 802.1x authentication?
Controlling access through a switch
Controlling access though a wireless access point
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Which of the following devices is capable of detecting and responding to security threats?
IPS
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
In which of the following situations would you most likely implement a demilitarized zone(DMZ)?
You want to protect a public Web server from attack
Which of the following is likely to be located in a DMZ?
FTP Server
You want to install a firewall that can reject packets that are not part of an active session. What type of firewall should you use?
Circuit-level
What do host based intrusion detection systems often rely upon to perform their detection activities?
Host system auditing capabilities
What actions can a typical passive IDS take when it detects an attack?
The IDS logs all pertinent data about the intrusion
An alert is generate and delivered via email, the console, or SNMP trap.
Network based intrusion detection is the most suited to detect and prevent what type of attacks?
bandwidth-based denial of service attacks
Which of the following prevents access based on website ratings and classifications?
Content filter
What does an IDS that uses signature recognition use for identifying attacks?
Comparisons to a database of known attacks
You want to implement an IDS that uses rules or statistical analysis to detect attacks. What type of IDS should you deploy?
Anomaly based IDS
Which of the following solutions would you implement to track which websites that network users are accessing?
Proxy
Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code?
IDS
IPS
You would like to control internet access based on users, time of day, and web sites visited. How can you do this?
Install a proxy server. Allow internet access only through the proxy server.
When configuring VLANs on a switch, what is used to identify VLAN membership of a device?
Switch port
Which of the following describes how access lists can be used to improve network security.
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, socket numbers.
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. What feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning tree
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support?
Spanning tree
In which of the following situations would you use port security?
You wanted to restrict the devices that could connect through a switch port.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You’ve had problems with patrons bringing personal laptops into the library and disconnecting the network cable from the library computers to connect to their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VLAN
Members of the sales team use laptops to connect to the company network. While traveling, the connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. What solution should you use?
NAC (Network Access Control)
What do you call a set of solutions that helps ensure availability for a VOIP solution?
QoS (Quality of Service)
What is a vulnerability associated with a PBX?
2600 Club – Long distance w/o paying (2600KHz)
You want to use an encryption protocol for encrypting internet phone calls. What protocol would you use?
PGP (Pretty Good Privacy)
You have a company network with a single switch. All devices connect to the network through a switch. You want to control which devices will be able to connect to you network. for devices that do not have the latest OS patches, you want to prevent access to all network devices except for a special server that holds the patches that all the computer need to download. Which tow of the following components will be part of your solution?
802.1x authentication
Remediation servers
You are concerned about attacks directed at your firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?
IPS – Intrusion Prevention System
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of the attacks that are being deployed. What should you implement?
Honeynet
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is NOT detected by the NIDS device?
False Negative
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?
War Dialing
Which of the following phone attacks adds unauthorized charges to a telephone bill?
Cramming