M7Q29: Network Segmentation Flashcards

1
Q

VLANs are a poor tool for creating segmentation in our networks.

A. True
B. False

A

B. False

Explanation: In fact, VLANs are one of the best tools we have for creating segmentation in our network. VLANs can be used to create segmentation down to layer 2 of the OSI model and allow us to create logically separated areas of the network where we can apply security rules on a per-VLAN basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following can be configured on a VLAN gateway to add layer 3 security to the VLAN?

A. NAC
B. 802.1x
C. ACL
D. DMZ

A

C. ACL

Explanation: Access Control Lists (ACLs) can be applied to any layer 3 interface to add layer 3 security to a network. In the case of VLANs a VLAN interface (aka VLAN gateway) is needed in order to allow the VLAN to communicate with other networks. When a VLAN interface is configured as a VLAN Gateway is has no security until an Access Control List is applied to the VLAN interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Testing Labs are good for testing things such as device updates, patches and new configurations before deploying them onto the live production network. Testing Labs should be connected to the live production network.

A. True
B. False

A

B. False

Explanation: Testing labs are truly great for testing things before implementing them in the live production network. However, since testing labs are sometimes used for testing systems that may have malicious data such as malware, a testing lab should never ever be connected to the live production network. Testing labs should be physically segmented from the production network so there is no chance that data can get from the Testing Lab into the live production network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a private network “neutral zone” that sites between a private LAN and the public internet which is used to expose certain servers to the internet (such as web-servers and mail-servers) without exposing the actual private LAN.

A. DMZ
B. Honeypot
C. Honeynet
D. Quarantine Network

A

A. DMZ

Explanation: The DMZ (De-Militarized Zone) an area of the network that is segmented away from the main LAN and sits between the main LAN and the internet. Servers that need exposure to the internet are placed in the DMZ for security purposes so that the main internal LAN does not have to be opened up to the wild wild west of the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an entire network made to mimic a live production network that is usually built with weak security and is used to monitor the activities of malicious attackers.

A. DMZ
B. Honeypot
C. Honeynet
D. Quarantine Network

A

C. Honeynet

Explanation: Honeynets are networks created specifically for the purpose of inviting and monitoring malicious attacker activities. Honeynets are always segmented away from the live production network similar to a DMZ, but with no possible access back to the internal network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly