Module 22 - Network Hardening - Q&A

Question 1

Which of the following describes a network device that intercepts user or host requests and then makes those requests to other hosts or networks on behalf of the user?
A. Proxy
B. Firewall
C. NIDS
D. NIPS

Answer 1

A. A proxy is a network device that intercepts user or host requests and then makes those requests to other hosts or networks on behalf of the user.

Question 2

Which of the following is an advanced form of proxy and can also perform content filtering and web application attack prevention functions?
A. NIPS
B. Firewall
C. Web security gateway
D. NIDS

Answer 2

C. A web security gateway is an advanced form of proxy and can also perform content filtering and web application attack prevention functions.

Question 3

Which of the following types of connections does a VPN concentrator control? (Choose two.)
A. Device VPN
B. Client VPN
C. User VPN
D. Site-to-site VPN

Answer 3

B, D. A VPN concentrator manages connections for both client and site-to-site VPN connections.

Question 4

A NIPS is considered a \_\_\_\_\_\_\_\_\_\_ type of control.
A. detective
B. preventative
C. network
D. host

Answer 4

B. A network intrusion prevention system (NIPS) is considered a preventative type of control.

Question 5

Which of the following types of systems detects network attacks based upon how they compare with a baseline of traffic patterns that are considered normal for the network?
A. Pattern-based
B. Rule-based
C. Signature-based
D. Behavior-based

Answer 5

D. Behavior-based detection systems detect network attacks based upon how they compare with a baseline of traffic patterns that are considered normal for the network.

Question 6

Which of the following is used to intercept and examine network traffic based upon protocol?
A. Sniffer
B. NIDS
C. NIPS
D. Proxy

Answer 6

A. A sniffer, or protocol analyzer, is used to intercept and examine network traffic based upon protocol.

Question 7

Which of the following does MAC filtering use as its filtering criteria?
A. Hardware address
B. Software address
C. Logical address
D. IP address

Answer 7

A. MAC filtering uses a host’s network hardware address as its filtering criteria.

Question 8

You are configuring a network device. You want to be able to manage the device remotely using only the Secure Shell (SSH) protocol. If enabled by default, you should disable all of the following ports, protocols, and services, except:
A. Telnet
B. UDP port 69
C. TCP port 22
D. RDP

Answer 8

C. You should not disable TCP port 22, as this is the port that SSH uses. All other port and protocol choices should be disabled, as they are not needed, nonsecure, or both.

Question 9

Which of the following techniques can be used to detect rogue or unauthorized hosts? (Choose all that apply.)
A. DHCP address assignment logs
B. NAC
C. Switch port and VLAN connection logs
D. IP address

Answer 9

A, B, C. All of these techniques can be used to detect rogue or unauthorized hosts. A rogue client can’t be detected, however, simply by examining its IP address alone.

Question 10

Which of the following terms refers to combination of multifunction security devices?
A. NIDS/ NIPS
B. Application firewall
C. Web security gateway
D. Unified Threat Management

Answer 10

D. Unified Threat Management refers to combination of multifunction security devices.