Module 20 - LAN Security - Q&A Flashcards
Which one of the following types of filtering is used to control traffic entering a network? A. Egress filtering B. Ingress filtering C. Implicit deny D. Explicit deny
B. Ingress filtering is used to control traffic entering a network.
Which network device is used to send traffic to different physical networks, based upon logical addressing? A. Router B. Switch C. Load balancer D. Firewall
A. A router is used to send traffic to different physical networks, based upon logical addressing.
Which type of device is used to provide network protection and security by preventing hosts from connecting to the organization’s infrastructure unless they meet certain criteria? A. Switch B. NAT device C. Firewall D. NAC device
D. A Network Access Control (NAC) device is used to provide network protection and security by preventing hosts from connecting to the organization’s infrastructure unless they meet certain criteria.
You need to install a new network for a customer, and you are looking at different ways to design the perimeter network and entry points. You determine that you will need a firewall, border router, and two separate network segments off of the firewall for Internet-accessible servers. Which one of the following architectures best describes your network design? A. Bastion host B. VLAN C. DMZ D. Subnetwork
C. In this scenario, a demilitarized zone (DMZ) is the best architecture to meet your requirements.
Which of the following statements is true about subnetting?
A. Adding network bits to the subnet mask creates more networks but fewer hosts.
B. Adding network bits to the subnet mask creates more networks and hosts.
C. Adding host bits to the subnet masks creates more networks but fewer hosts.
D. Adding host bits to the subnet masks creates more hosts and networks.
A. Adding network bits to the subnet mask creates more networks but fewer hosts.
All of the following characteristics describe VLANs, except:
A. VLANs require routing between them.
B. VLANs separate hosts into logical networks.
C. VLANs can be used to apply security policies and filtering to different segments.
D. VLANs allow any host plugged into the switch to become a member of the virtual segment.
D. VLANs do not allow any hosts plugged into the switch to automatically become a member of the virtual segment; membership is based upon switch port, MAC address, or IP address.
Which of the following allows you to map a single public IP address to a pool of private IP addresses? A. Virtual LAN B. Port Address Translation C. Network Access Control D. Static NAT
B. Port Address Translation allows you to map a single public IP address to a pool of private IP addresses, based upon the source ports of the internal hosts.
One of your coworkers has recently reconfigured the firewall rule set, and users immediately began to report that they cannot receive any traffic at all from the Web. You examine the firewall rule set for issues. Which of the following could be considered a likely issue that would prevent all traffic from passing through the firewall?
A. Implicit deny
B. Explicit allow at the bottom of the rule set
C. Explicit deny at the top of the rule set
D. Implicit allow at the top of the rule set
C. An explicit deny at the top of the rule set would cause all traffic flowing through the firewall to be denied.
Which of the following would be needed to block excessive traffic from a particular protocol? A. Flood guard B. Loop protection C. ACL D. 802.1X
A. A flood guard is used to block excessive traffic from a particular protocol.
Which of the following issues must be addressed in any remote access method or technology? (Choose two.) A. Encryption B. Loop protection C. Authentication D. Traffic flooding Answers
A, C. Both encryption and authentication issues must be addressed in any remote access method or technology.