Basic Network Devices

Question 1

BPDU guard prevents what from happening? How

Answer 1

It prevents a rogue switch from becoming the root bridge. It does this by preventing Bridge Protocol Data Units being received from a switch that isn’t already known to the switch

Question 2

BPDU guard is typically applied to which ports?

Answer 2

Access ports that don’t connect to known switches.

Question 3

Besides BPDU guard, what other feature helps to protect the STP topology and where would you apply it?

Answer 3

Root Guard.
On all ports on the ROOT BRIDGE only (you don’t want any of the ports on the root bridge being told to point out to another root bridge, there should only be one)

Question 4

How does Root Guard work?

Answer 4

If the root bridge receives a BPDU with a superior priority number it disables the port connecting to that switch.

Question 5

Router ACL’s filter packets based on what 3 criteria?

Answer 5

IP address
Protocol
Port Number

Question 6

ACL’s are applied on routers/firewalls or hosts using software, but what do you apply an ACL to?

Answer 6

The Ingress or Egress of an interface

Question 7

How would you apply anti-spoofing on a router?

Answer 7

you would deny incoming traffic from the private address ranges for each of the address classes

Question 8

type the command to deny class B private addresses inbound on a router interface

Answer 8

deny ip 172.16.0.0 0.15.255.255

Question 9

What’s the difference between a stateful and a stateless firewall?

Answer 9

a stateful firewall will keep track of the status of TCP sessions and block traffic that isn’t part of an established session. A stateless firewall only uses ACL criteria to permit/deny traffic

Question 10

Would you replace a firewall with a WAF?

Answer 10

No. WAFs are an added layer of protection in addition to the regular firewall

Question 11

An ACL applied to protocols instead of interfaces is known as what?

Answer 11

Distribution List

Question 12

Stateful firewalls work by using the TCP 3-way handshake but can also keep track of connections using UDP. TRUE or FALSE?

Answer 12

TRUE

Question 13

ACLs can categorize and queue packets for applications that require QoS, TRUE or False?

Answer 13

True

Question 14

How does a nontransparanet proxy improve security?

Answer 14

because it can filter requests to web pages using URL filters, restricting access to content that may contain malware. Transparent proxies don’t do any filtering.

Question 15

How can a reverse proxy increase security?

Answer 15

It removes the need for direct connections to a web server, thereby adding a layer of protection. It also means the web server can be placed in the private network and not the DMZ

Question 16

reverse proxies can act as load-balancers, true or false?

Answer 16

TRUE

Question 17

what device can perform URL filtering, spam filtering, malware inspection, content inspection and DDoS mitigation?

Answer 17

Unified Threat Management Device

Question 18

two key features of a mail gateway that increase security?

Answer 18

1 - mail encryption

2 - data loss prevention capabilities (content filtering)

Question 19

Which network management protocol uses UDP ports 161 and 162?

Answer 19

SNMPv3

Question 20

Flood guards protect against what and are often implemented on what device?

Answer 20

They protect against packet floods like SYN floods or ping/icmp floods or port floods by scanning. Commonly implemented on IDS/IPS