Architecture Frameworks and Secure Network Architectures Flashcards
From the Internet going into the network, which of the following is the first device a packet would encounter (assuming all devices are present)?
Load balancer
DMZ
DDoS mitigator
DDoS mitigator
When present, the DDoS mitigator is first in the chain of devices to screen incoming traffic. It blocks the DDoS traffic that would otherwise strain the rest of the network
Tunneling is used to achieve which of the following?
Eliminate an air gap
Connect users to a honeynet
Remote access from users outside the building
Remote access from users outside the building
Remote access is one of the primary uses of tunneling and VPNs
Connections to third-party content associated with your business, such as a travel agency website for corporate travel, is an example of which of the following?
Intranet
Extranet
Guest network
Extranet
External network connections to sections of a third-party network as a part of your business’s network is an extranet
Which of the following is not a standard practice to support defense-in-depth?
Vendor diversity
User diversity
Control diversity
User diversity
Although diversity among users can have many benefits, defense-in-depth isn’t one of them. All of the other choices are valid components of a defense-in-depth program
Industry-standard frameworks are useful for which of the following purposes?
Aligning with an audit-based standard
Aligning IT and security with the enterprise’s business strategy
Providing high-level organization over processes
Aligning IT and security with the enterprise’s business strategy
Industry frameworks provide a method to align IT and security with the enterprise’s business strategy
Which of the following represents the greatest risk if improperly configured?
Web server
Application server
Network infrastructure device
Network infrastructure device
When improperly configured, network infrastructure devices can allow unauthorized access to traffic traversing all devices they carry traffic to and from
What is the primary purpose of a DMZ?
Prevent direct access to secure servers from the Internet
Provide a place for corporate servers to reside so they can access the Internet
Create a safe computing environment next to the Internet
Prevent direct access to secure servers from the Internet
The primary purpose of a DMZ is to provide separation between the untrusted zone of the Internet and the trusted zone of enterprise systems. It does so by preventing direct access to secure servers from the Internet
If you wish to monitor 100 percent of the transmissions from your customer service representatives to the Internet and other internal services, which is the best tool?
SPAN port
TAP
Aggregator switches
TAP
A Test Access Point (TAP) is required to monitor 100 percent of the transmissions from your customer service representatives to the Internet and other internal services
For traffic coming from the Internet into the network, which of the following is the correct order in which devices should receive the traffic?
– Firewall – DMZ – firewall – load balancer – SSL accelerator – web server
– DMZ – firewall – SSL accelerator – load balancer – web server
– Firewall – DMZ – firewall – SSL accelerator – load balancer – web server
– Firewall – DMZ – firewall – SSL accelerator – load balancer – web server
Firewall – DMZ – Firewall – SSL accelerator – load balancer – web server. A is missing the second firewall, B has the load balancer and SSL accelerator in the wrong order, and C is missing the first firewall
Which type of network enables networking without intervening network devices?
Ad hoc
Honeynet
NAT
Ad hoc
An ad hoc network is constructed without central networking equipment and supports direct machine-to-machine communications
Air gaps offer protection from which of the following?
Malware
Ransomware
Reverse shells
Reverse shells
Reverse shells or other items that call out of a network are stopped by the air gap. All of the other problems can occur by connection such as a USB
For traffic coming from the Internet into the network, which of the following is the correct order in which devices should receive the traffic?
– Firewall – DMZ – firewall – DDoS mitigator – web server
– DMZ – Firewall – load balancer – web server
– Firewall – DMZ – firewall – load balancer – database server
– Firewall – DMZ – firewall – load balancer – database server
Firewall – DMZ – firewall – load balancer – database server. A has a missing second firewall, B has the DDoS mitigator in the wrong position, and C is missing the first firewall
Your boss asks you to set up a new server. Where can you get the best source of information on configuration for secure operations?
User group website for the server
Secure configuration guide from the Center for Internet Security
Ask the senior admin for his notes from the last install
Secure configuration guide from the Center for Internet Security
The Center for Internet Security (CIS) maintains a collection of peer-reviewed, consensus-driven guidance for secure system configuration. All of the other options represent choices with potential errors from unvetted or previous bad choices
To have the widest effect on security, which of the following controls should be addressed and maintained on a regular basis?
User training
Vendor diversity
Administrative controls
User training
User training has the widest applicability, because users touch all systems, while the other controls only touch some of them. Users also require maintenance in the form of retraining as they lose their focus on security over time
VLANs provide which of the following?
Physical segregation
Physical isolation
Logical segmentation
Logical segmentation
VLANs are logical segmentation devices. They have no effect on the physical separation of traffic
