Chapter 10 Flashcards
At what layer of the OSI model do proxy servers operate?
Layer 7
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
access-list acl_2 permit http any any
What kind of firewall blocks traffic based on application data contained within the packets?
Content-filtering firewall
Which NGFW feature allows a network admin to restrict traffic generated by a specific game?
Application awareness
What software might be installed on a device in order to authenticate it to the network?
Agent
Which of the following is not one of the three AAA services provided by RADIUS and TACACS+?
Access control
What feature of Windows Server allows for agentless authentication?
AD (active directory)
Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?
switchport port-security
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP (Lightweight Directory Access Protocol)
What are the two primary features that give proxy servers an advantage over NAT?
Content filtering
File caching
What kinds of issues might indicate a misconfigured ACL?
Connectivity and performance issues between two hosts in which some applications or ports can make the connection while others can’t
Any traffic that is not explicitly permitted in the ACL is denied, which is called the
Implicit deny
What’s the essential difference between an IPS and an IDS?
An IDS can only detect and log suspicious activity. An IPS can react when alerted to such activity.
What causes most firewall failures?
Firewall miconfiguration
Why is a BPDU filter needed at the demarc?
The ISP’s STP-related topology information shouldn’t be mixed with a corporate network’s STP-related topology information.
Why do network administrators create domain groups to manage user security privileges?
To simplify the process of granting rights to users
Only one ___________________ exists on a network using STP
Root bridge
What kind of ticket is held by Kerberos’ TGS?
TGT (Ticket-Granting Ticket)
EAPoL is primarily used with what kind of transmission?
Wireless
___________ (abbreviation) is a security strategy that combines multiple layers of security appliances and technologies into a single safety net.
UTM (Unified Threat Management)
_______ (abbreviation) monitors network traffic and alerts (only) about suspicious activity.
IDS (Intrusion Detection System)
can detect suspicious activity and block it from entering the network or the host
IPS (Intrusion Prevention System)
On a Linux system, which command allows you to modify settings used by the built-in packet filtering firewall?
iptables
A stateless firewall inspects each incoming packet to determine whether it belongs to a currently active connection.
False
