M7Q28: Firewalls & VPNs Flashcards
Which of the following is a physical piece of hardware installed on the edge of a network that protects the network by permitting or denying traffic that attempts to enter or leave it?
A. Host-based firewall
B. Network-based firewall
C. VPN Concentrator
D. Anti-malware
B. Network-based firewall
Explanation: A network-based firewall is a physical hardware device while a host-based firewall is software that is installed on an individual host computer. Network-based firewalls are able to provide security for an entire network by being placed in-line at the edge between the private network and the public internet connection.
Which of the following is a list of rules on layer 3 switches, routers and firewalls that is used to permit and/or deny traffic based on where the traffic is coming from and where it is going to?
A. ACL
B. UTM
C. GRE
D. VPN
A. ACL
Explanation: An ACL (Access Control List) is a list created to match specific criteria such as the protocol (IP), source address/network, destination address/network, and the TCP/UP port number. Once an ACL is created it can be applied to an interface on a layer 3 switch, router, or firewall to permit or deny inbound or outbound traffic that passes through the interface.
This type of firewall keeps track of connections that originate from inside the network and go out to the internet. It tracks the outgoing connection and allows legitimate return traffic to enter the network while still blocking non-legitimate traffic from the outside.
A. Stateful host-based firewall
B. Stateless network-based firewall
C. Stateless host-based firewall
D. Stateful network-based firewall
D. Stateful network-based firewall
Explanation: Stateful hardware firewalls perform Stateful packet inspection which allows them to keep track of connections that are leaving the firewall and going out to the internet. The purpose of this is to allow the return traffic associated with the the outgoing connection as it is legitimate traffic. However, the firewall will still block other non-legitimate connections that come from the internet. This is different from Stateless packet inspection as Stateless inspection does not keep track of the outgoing connections and simple permits or denies traffic based on the criteria found in the ACLs (Access Control Lists) that are applied to the device.
Most modern firewalls are either stateful or stateless, but never both.
A. True
B. False
B. False
Explanation: Most modern firewalls use Access Control Lists for permitting or denying traffic in a stateless manner and also track connections in a stateful manner. In this way, most modern firewalls use both stateful and stateless packet inspection.
This type of firewall is able to perform deep-packet inspection and inspect traffic that passes through it up to OSI layer 7.
A. Stateful firewall
B. VPN Concentrator
C. Application aware firewall
D. Stateless firewall
C. Application aware firewall
Explanation: Application aware firewalls (aka context aware firewalls) are able to inspect traffic up to the Application layer and make decisions based on the context of the layer 7 traffic.
UTM firewalls provide multiple security services and in addition to stateless and stateful firewalling can also provide things like VPN services, Anti-malware and Content Filtering. The term UTM means ___________________.
A. Unmanaged Tactical Monitoring
B. Unlimited Tactical Mitigation
C. Unilateral Trojan Monitoring
D. Unified Threat Management
D. Unified Threat Management
Explanation: Unified Threat Management Firewalls (or UTM Firewalls) include multiple security services and act as a strong safeguard for many types of network security threats.
This type of VPN (Virtual Private Network) connects one location to another location via an encrypted tunnel over the internet.
A. Host-to-Site VPN
B. PPTP VPN
C. IPSec Site-to-Site VPN
D. Remote VPN
C. IPSec Site-to-Site VPN
Explanation: A Site-to-Site VPN is a VPN tunnel that connects two locations over a private tunnel. VPN tunnels are encrypted with protocols such as IPSec or SSL to make them secure and viable over the internet. In some instances a site-to-site VPN can be the primary connection for a location to connect into the private network, but in other instances a site-to-site VPN may be used as a back-up or alternate connection to the primary private WAN. Another type of VPN is a
Host-to-Site VPN which is also referred to as a Remote VPN. A Host-to-Site VPN connects a single host into the main network with an encrypted IPSec or SSL VPN tunnel and is established by using client software on a computer or an SSL vpn web-portal.
IPSec provides the following encryption algorithms.
(choose all that apply)
A. DES
B. 3DES
C. Blowfish
D. AES
A. (DES), B. (3DES), C. (Blowfish), D. (AES).
Explanation: IPSec includes all of the above algorithms by default and IPSec tunnels use the 3DES algorithm by default. However, most network engineers prefer to use the stronger AES encryption to encrypt the traffic in IPSec VPN tunnels.
A VPN Concentrator is a device that is designed specifically to handle many VPN connections. As it’s sole function.
A. True
B. False
A. True