Chapter 8

9 September 2022
4.7 (114 reviews)
33 test answers

Unlock all answers in this set

Unlock answers (29)
question
Which of the following is a firewall function? -encrypting -protocol conversion -frame filtering -FTP hosting -packet filtering
answer
-Packet filtering (firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped)
question
You would like to control internet access based on users, time of day, and websites visited. how can you do this? -configure a packet filtering firewall. Add rules to allow or deny internet access -Configure the local security policy of each system to add internet restrictions. -enable windows firewall on each system. add or remove exceptions to control access. -install a proxy server. allow internet access only through the proxy server. -configure internet zones using internet options
answer
-install a proxy server. allow internet access only through the proxy server. (use a proxy server to control internet access based on users, time os day and websites visited. You configure these rules on the proxy server and all internet requests are routed through the proxy server. Use a packet filtering firewall, such as windows firewall, to allow or deny individual packets based on characteristics such as source or destination address and port number. Configure internet zones to identify trusted or restricted websites and control the types of actions that can be performed when visiting those sites.
question
Which of the following are true of a circuit proxy filter firewall? (select 2) -examines the entire message contents -operates at the network and transport layers -operates at the application layer. -verifies sequencing of session packets -operates at ring 0 of the operating system -operates at the session layer
answer
-verifies sequencing of session packets -operates at the session layer (A circuit proxy filter firewall operates at the session layer. It verifies the sequencing of session packets, breaks the connections, and acts as a proxy between the server and the client. An application layer firewall operates at the application layer, examines the entire message, and can act as a proxy to clients. A stateful inspection firewall operates at the network and transport layers. it filters on both IP addresses and port numbers. A kernel proxy firewall operates at the operating system ring 0.)
question
Which of the following are true about reverse proxy? (select 2) -Handles requests from the internet to a server in a private network. -sits between a client computer and the internet. -can perform load balancing, authentication, and caching. -clients always know they are using reverse proxy -handles requests from inside a private network out to the internet.
answer
-Handles requests from the internet to a server in a private network. -can perform load balancing, authentication, and caching. (a reverse proxy server handles requests from the internet to a server located inside a private network. reverse proxies can perform load balancing, authentication, and caching. reverse proxies often work transparently, meaning clients don't know they are connected to a reverse proxy)
question
Based on the diagram, which type of proxy server is handling the clients request? (diagram shows client outside of network, in the tinernet somewhere, trying to communicate with a private network) -Forward proxy server -circuit level proxy server -reverse proxy server -open proxy server
answer
-reverse proxy server
question
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? -MAC address -Username and Password -IP address -session ID
answer
-IP address (A router acting as a firewall at layer 3 is capable of making forwarding decisions based on the IP address The MAC addy is associated with OSI model layer 2. switches and wireless access points use MAC addy's to control access. The session ID is used by a circuit level gateway, and username and password are used by application layer firewalls)
question
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use? -Host based firewall -Proxy server -VPN concentrator -network based firewall
answer
-Host based firewall (a host based firewall inspects traffic recieved by a host. use a host based firewall to protect you computer from attacks when there is no network based firewall, such as when you connect to the internet in a public location)
question
Which of the following are characteristics of a circuit level gateway? (select 2) -Filters IP addresses but not ports -Stateful -Filters by URL -Stateless -Filters by session
answer
-Stateful -Filters by session (a circuit level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. a circuit level proxy is considered a stateful firewall because it keeps track of the state of a session. Packet filtering firewalls are stateless and filter by IP addresses and port number. Application level gateways filter by application layer data, which might include data such as URLs within an HTTP request)
question
You connect your computer to a wireless network available at the local library. You find that you can access all Web sites you want on the Internet except for two. What might be causing the problem? -A proxy server is blocking access to websites -Port triggering is redirecting traffic to the wrong IP address -A firewall is blocking ports 80 and 443 -The router has not been configured to perform port forwarding
answer
-A proxy server is blocking access to websites (a proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. if a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.)
question
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (select all that apply) -destination address of a packet -acknowledgment number -checksum -port number -digital signature -sequence number -source address of packet
answer
-destination address of a packet -port number -source address of packet (firewalls allow you to filter by IP address and port number)
question
Haley configures a Web site using Windows 2016 default values. What are the HTTP port and SSL port settings? -80 for HTTP; 443 for SSL -440 for HTTP; 160 for SSL -160 for HTTP; 440 for SSL -443 for HTTP; 80 for SSL
answer
-80 for HTTP; 443 for SSL (The default TCP port setting for HTTP is 80. You can change that setting to another TCP setting that is not in use, but users will have to know they must request the non-default setting, or they will be unable to connect. The SSL port number is 443 and is only used with secure socket layers for encryption)
question
You have recently installed a new windows server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronized the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. which of the following ports are you most likely to open on the firewall? -110 -80 -123 -119
answer
-123 (TCP/IP port 123 is assigned to the network time protocol (NTP). NTP is used to communicate time synchronization info between systems on a network HTTP uses 80, for requests to a web server and retrieving web pages from a web server. 119 is used by the network news transfer protocol (NTTP) which accesses and retrieves messages from newsgroups. 110 is used by the post office protocol version 3 (POP3) to download email from mail servers)
question
you are configuring a firewall to allow access to a server hosted on the DMZ of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server? -web server, DNS server, and DHCP server -web server and email server -web server, DNS server, and email server -email serverm newsgroup server, and DNS server.
answer
-web server and email server 80 is web pages, 25 is SMTP (simple mail transfer protocol), 110 is POP3 (post office protocol), and 143 is IMAP4 (internet message access protocol)
question
You are monitoring network traffic on your network, and you see the traffic between two network hosts on port 2427. Which kind of network traffic uses this port? -someone is remotely accessing another system using the SSH protocol. -a workstation is using the DHCP protocol to request an IP address from a DHCP server. -the MGCP protocol is generating traffic, which VoIP uses to send data over a network. -a ping of death attack on a network host is in progress
answer
-the MGCP protocol is generating traffic, which VoIP uses to send data over a network. (the media gateway control protocol or MGCP uses port 2427)
question
You are monitoring network traffic on your network, and you see the traffic between two network hosts on port 1720. What is the source of this network traffic? - a man in the middle attack is in progress -someone is downloading files from a server using the FTP protocol -someone is using VoIP to make a telephone call -a workstation is using the DNS protocol to send a name resolution request to a DNS server.
answer
-someone is using VoIP to make a telephone call (some VoIP's use the H.323 protocol to make calls, which uses port 1720)
question
An all-in-one security appliance is best suited for which type of implementation? -A remote office with no on-site technician. -A company that transmits large amounts of time-sensitive data -A credit card company that stores customer data. -An office with a dedicated network closet
answer
-A remote office with no on-site technician. (all in one security appliances are best suited for small offices with limited space or remote offices without a technician to manage the individual security components. a company with a dedicated network closet would have the space necessary for multiple network devices. and a company that handles large amounts of data should use dedicated devices to maintain optimal performance.)
question
which of the following features are common functions of an all in one security appliance? (select 2) -quality of service -bandwidth shaping -content caching -password complexity -Spam filtering
answer
-A remote office with no on-site technician. -Spam filtering (security functions in an all in one appliance include -spam filtering -url filter -web content filter -malware inspection -intrusion detection system in addition they can include -network switch -router -firewall -TX uplink (integrated CSU/DSU) -bandwidth shaping)
question
You recently installed a new all-in-one security appliance in a remote office. You are in the process of configuring the device. You need to: -increase security of the device -enable remote management from the main office -allow users to be managed through active directory You want to configure the device so you can access it from the main office. You also want to make sure the device is as secure as possible. Which of the following tasks should you carry out (select two) -configure the devices authentication type using active directory -create an active directory user group and add all users to the group -deny login from the devices WAN interface -deny login from all external IP addresses -change the default username and password
answer
-configure the devices authentication type using active directory -change the default username and password (first thing you should do is change the default user and pass, active directory will allow centralized authentication)
question
Match the firewall type on the right with the OSI layers at which it operates. Note: Each OSI Layer can be used once, more than once, or not at all. OSI layers 1-7 Packet filtering firewall: Circuit level proxy: Application level gateway: Routed firewall: Transparent firewall:
answer
Packet filtering firewall: 3 Circuit level proxy: 5 Application level gateway: 7 Routed firewall: 3 Transparent firewall: 2
question
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? -VPN concentrator -IDS - Host based firewall -network based firewall -IPS
answer
-network based firewall ( a DMZ is a buffer network, or subnet, that sits between the private network and an untrusted network, such as the internet host based firewall inspects traffic received by host VPN concentrator is a device that is used to establish remote VPN connections. IDS or intrusion detection system is a special network device that can detect attacks and suspicious activity, also called IPS or intrusion prevention system)
question
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must comunicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? ( select 2) -Put the web server inside the DMZ -Put the web server on the private network -Put the database server on the private network -Put the database server inside the DMZ
answer
-Put the web server inside the DMZ -Put the database server on the private network (publicly accessible servers are placed inside the DMZ, protected servers should be within the protected zone of the private network)
question
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? -Mac addy -session ID -IP addy -user and pass
answer
-IP addy (a router acting as a firewall on layer 3 is capable of making forwarding decisions based on the ip address. MAC addy is layer 2, session ID is used by circuit level gateways and user/pass is used by application layer)
question
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (select all that apply) -checksum -digital signature -Ackknowledgement numnber -destination address of a packet -source address of a packet -sequence number -port number
answer
-destination address of a packet -source address of a packet -port number firewalls allow you to filter by IP address and port number
question
Which of the following describes how access lists can be used to improve network security? -An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers -an access list looks for patterns of traffic between multiple packets and takes action to stop detected attacks -an access list identifies traffic that must use authentication or encryption. -An access list filters traffic based on the frame header such as a source or destination MAC address
answer
-An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers (access lists filter traffic based on the IP header information such as source or destination IP address, Protocol, or socket numbers. Access lists are configured on routers and operate on layer 3 information.)
question
Which of the following is likely to be located in a DMZ? -backup server -domain controller -user workstations -ftp server
answer
-ftp server (DMZ should only contain servers that need to be accessed by users outside of the private network)
question
In which of the following situations would you most likey implement a DMZ? -You want to detect and respond to attacks in real time -you want to encrypt data sent between two hosts using the internet -you want internet users to see a single IP address when accessing your company network -you want to protect a public web server from attack
answer
-you want to protect a public web server from attack (DMZ's protect servers that are going to be accessed by outside users, such as users from the internet.)
question
Match the firewall type on the right with the OSI layers at which it operates. Note: Each OSI Layer can be used once, more than once, or not at all. Routed firewall or virtual firewall -operates at layer 2: -operates at layer 3: -counts as a hop in the path between hosts: -does not count as a hop on the path between hosts: -each interface connects to a different network: -each interface connects to the same network segment:
answer
-operates at layer 2: virtual -operates at layer 3: routed -counts as a hop in the path between hosts: routed -does not count as a hop on the path between hosts: virtual -each interface connects to a different network: routed -each interface connects to the same network segment: virtual (in a routed firewall, the firewall is also a layer 3 router. many hardware routers include firewall functionality. transmitting data through these types of firewalls counts as a router hop. routed firewalls usually support a transparent, or virtual firewall operates at layer 2 and is not seen as a router hop by connected devices)
question
When designing a firewall, what is the recommended approach for opening and closing ports? -close all ports; open 20, 21, 53, 80, and 443. -close all ports -open all ports; close ports that show improper traffic or attacks in progress. -close all ports; open only ports required by applications inside the DMZ. -Open all ports; close ports that expose common network attacks
answer
-close all ports; open only ports required by applications inside the DMZ. (when designing a firewall, the recommended practice is to close all ports and the only open the ports that allow the traffic that you want inside the DMZ or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are open, but the exact ports you open will depend on the services provided inside the DMZ)
question
After blocking a number of ports to secure your server, you are unable to send e-mail. To allow e-mail service which of the following needs to be done? -open port 25 to allow SNMP service -open port 110 to allow SMTP service -open port 110 to allow POP3 service -open port 80 to allow SNMP service -open port 25 to allow SMTP service -open port 80 to allow SMTP service
answer
-open port 25 to allow SMTP service (the simple mail transfer protocol or SMTP uses TCP port 25 and is responsible for sending, if port 25 is blocked, users will not be able to **send** mail, but they could recieve it using port 11 and the POP3 protocol)
question
You administer a Web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the Web site as follows: β€’ IP address: 192.168.23.8 β€’ HTTP Port: 1030 β€’ SSL Port: 443 Users complain that they can't connect to the Web site when they type www.westsim.com. What is the most likely source of the problem? -SSL is blocking internet raffic -The HTTP port should be changed to 80 -FTP is not configured on the server -Clients are configured to look for the wrong IP addresses
answer
-The HTTP port should be changed to 80 (the default HTTP port for the web is 80, if you change it, users must know this and specify the correct port number)
question
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? -21 -80 -443 -42 -53
answer
-53 (DNS uses port 53)
question
in the output of the netstat command, you notice that a remote system has made a connection to your windows server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? -Performing a name resolution request -downloading a file -downloading a web page -downloading email
answer
-downloading a file (port 21 is used for the file transfer protocol or FTP.)
question
You want to allow your users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. What TCP/IP protocol should you implement to provide this capability? -FTP -IP -TFTP -TCP -HTTP -HTML
answer
-FTP (FTP enables file trasnfers and supports user authentication. the trvial file transfer protocol enables file transfer but doesnt support user authentication)