M7Q31: Network Hardening Techniques

Question 1

This type of network hardening system performs a posture assessment on hosts that connect to the network to check for criteria such as allowed MAC addresses, operating systems, and if the host has anti-malware software installed. If the host fails the posture assessment it is placed into a black-hole Quarantine network.

A. NAC
B. 802.1x
C. DMZ
D. Man Trap

Answer 1

A. NAC

Explanation: NAC (Network Access Control) is a network security system that checks every host as it connects to the network to confirm that it meets the required criteria before allowing it to fully connect to the production network.

Question 2

This type of anti-malware runs on firewalls or other devices that are inline with the internet connection and check traffic for malware as it passes through.

A. Host-based
B. Cloud-based
C. Network-based
D. All of the above

Answer 2

C. Network-based

Explanation: Network-based antimalware runs on devices like advanced firewalls or proxy servers and scans all traffic for malware as the traffic passes through the device. Host-based antimalware runs directly on a host computer and cloud-based antimalware is centrally via a cloud-based service. It’s important to note that a combination of all the types of antimalware is the best way to defend against malware.

Question 3

Which of the following are network hardening techniques that can be found on switches.

(choose all that apply)

A. ARP Inspection
B. DHCP Snooping
C. Single Sign On
D. Port Security

Answer 3

A. (ARP Inspection), B. (DHCP Snooping), D. (Port Security)

Explanation: Dynamic ARP Inspection allows switches to check ARP request and replies and drop them if spoofing is detected. DHCP Snooping allows switches to inspect DHCP traffic and only allow DHCP traffic to pass if it is associated with trusted DHCP servers. Port Security allows for port-based MAC address security and if an invalid MAC address is connected to a switch port the switch will shut the port down.

Question 4

Which of the following are secure forms of networking protocols?

(choose all that apply)

A. Telnet
B. SNMPv3
C. SFTP
D. PPTP
E. IPSEC

Answer 4

B. (SNMPv3), C. (SFTP), E. (IPSec)

Explanation: SNMPv3 is for secure network management traffic, SFTP is for secure file transfers, and IPSec is for encrypted VPN tunnels. Telnet is a clear text remote terminal application and SSH should be used instead of Telnet. PPTP is an unencrypted VPN technology and generally should not be used at all.

Question 5

Two-factor Authentication is a form of Multi-factor Authentication that adds an additional layer to authentication such as a security question, a one-time password texted to a phone, or an additional PIN.

A. True
B. False

Answer 5

A. True

Explanation: Multifactor Authentication is a great tool for authentication security. More and more applications and systems are now using multifactor authentication with two-factor authentication being the most prevalent.

Question 6

Physical security is not as important as security software features on network devices.

A. True
B. False

Answer 6

B. False

Explanation: Physical Security is just as important if not more important than the security features that are available on network devices. However, it’s the combination of both that truly make an impact on network security. Without physical security people would have free access to the systems that house our data. It always important to consider the benefit of things that may seem insignificant such as using locks on equipment racks and restricting access to communications and equipment rooms.