Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers.
Which type of device should you use to create the DMZ?
answer
Network-based firewall
A demilitarized zone (DMZ), or screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network, such as the internet. To create a DMZ, use one network-based firewall connected to the public network, and one connected to the private network.
question
Which of the following is a firewall function?
answer
Encrypting
Packet filtering
FTP hosting
Firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped.
question
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed.
As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users.
Your solution should minimize administration, allowing you to centrally manage the scan settings.
Which solution should you use?
answer
Network based firewall
DMZ
A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the Internet and scans all incoming e-mail. Scanning e-mail as it arrives at your e-mail server allows you to centralize management and stop malicious e-mails before they arrive at client computers.
question
Which of the following are characteristics of a circuit-level gateway? (Select two.)
answer
Stateful
Stateless
Filters based on URL
Filters IP address and port
Filters based on sessions
A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session.
question
Which of the following are characteristics of a packet filtering firewall? (Select two.)
answer
Filters IP address and port
Stateful
Filters based on sessions
Stateless
A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header such as source and destination addresses, ports, and service protocols. A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session.
question
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
answer
VPN concentrator
Circuit-level
Packet filtering
question
You provide internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs.
Which type of firewall should you install?
answer
Application level
Circuit-level
Packet filtering
An application-level gateway is a firewall that is capable of filtering based on information contained within the data portion of a packet. An application level gateway can filter based on user, group, and data such as URLs within an HTTP request. One example of an application level gateway is a proxy server. Proxies can be configured to restrict access by user or by specific Web sites.
question
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
answer
Router
Firewall
Hub
question
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling.
You want to protect the laptop from Internet-based attacks.
Which solution should you use?
answer
VPN concentrator
Proxy server
Network based firewall
Host based firewall
question
Which of the following are true of a circuit proxy filter firewall? (Select two.)
answer
Verifies sequencing of session packets.
Examines the entire message contents.
Operates at the Network and Transport layers.
Operates at the Session layer.
Operates at ring 0 of the operating system.
A circuit proxy filter firewall operates at the Session layer. It verifies the sequencing of session packets, breaks the connections, and acts as a proxy between the server and the client.
question
You would like to control Internet access based on users, time of day, and websites visited. How can you do this?
answer
Configure Internet zones using the Internet Options.
Enable Windows Firewall on each system. Add or remove exceptions to control access.
Configure the Local Security Policy of each system to add Internet restrictions.
Install a proxy server. Allow Internet access only through the proxy server.
Use a proxy server to control Internet access based on users, time of day, and websites visited. You configure these rules on the proxy server, and all Internet access requests are routed through the proxy server.
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
answer
ACL
IPsec
When you configure a router as a firewall, you configure the access control list (ACL) with statements that identify traffic characteristics, such as the direction of traffic (inbound or outbound), the source or destination IP address, and the port number. ACL statements include an action to either allow or deny the traffic specified by the ACL statement.
question
Which of the following describes how access lists can be used to improve network security?
answer
An access list identifies traffic that must use authentication or encryption.
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
An access list filters traffic based on the frame header such as source or destination MAC address.
question
When designing a firewall, what is the recommended approach for opening and closing ports?
answer
Open all ports; close ports that expose common network attacks.
Close all ports; open only ports required by applications inside the DMZ.
question
Which of the following are features of an application-level gateway? (Select two.)
answer
(all correct) Operate up to OSL Layer 7 (Application layer)
Stops each packet at the firewall and inspects it, so there is no IP forwarding
Inspects encrypted packets, such as in SSL inspection
Examines the entire content (not just individual packets)
Understands or interfaces with the application-layer protocol
Can filter based on user, group, and data such as URLs within an HTTP request
Is the slowest form of firewall because entire messages are reassembled at the Application layer
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
