Network Components Flashcards
After you implement a new firewall on your corporate network, a coworker comes to you and asks why he can no longer connect to a Telnet server he has installed on his home DSL line. This failure to connect is likely due to:
Network Address Translation (NAT)
Basic packet filtering
Blocked by policy, Telnet not considered secure
Blocked by policy, Telnet not considered secure
Because Telnet is considered unsecure, default firewall policies will more than likely block it
Why will NAT likely continue to be used even in IPv6 networks?
Even IPv6 does not have enough IP addresses.
It is integral to how access control lists work.
It can hide the internal addressing structure from direct outside connections.
It can hide the internal addressing structure from direct outside connections.
NAT’s capability to hide internal addressing schemes and prevent direct connections from outside nodes will likely keep NAT technology relevant even with broader adoption of IPv6
You are asked to present to senior management virtual private network methodologies in advance of your company’s purchase of new VPN concentrators. Why would you strongly recommend IPSec VPNs?
Connectionless integrity
Data-origin authentication
Traffic-flow confidentiality
All of the above
All of the above
The IPSec protocol supports a wide variety of services to provide security. These include access control, connectionless integrity, traffic-flow confidentiality, rejection of replayed packets, data security, and data-origin authentication
Why is Internet Key Exchange preferred in enterprise VPN deployments?
IKE automates key management by authenticating each peer to exchange session keys.
IKE forces the use of Diffie-Hellman, ensuring higher security than consumer VPNs.
IKE prevents the use of flawed hash algorithms such as MD5.
IKE automates key management by authenticating each peer to exchange session keys.
IKE automates the key exchange process in a two-phase process to exchange session keys
After an upgrade to your VPN concentrator hardware, your manager comes to you with a traffic graph showing a 50 percent increase in VPN traffic since the new hardware was installed. What is a possible cause of this increase?
VPN jitter causing multiple IKE exchanges per second.
The new VPN defaults to full tunneling.
The new VPN uses transport mode instead of tunneling mode.
The new VPN defaults to full tunneling.
If a VPN defaults to full tunneling, all traffic is routed through the VPN tunnel, versus split tunneling, which allows multiple connection paths
A network-based intrusion prevention system (NIPS) relies on what other technology at its core?
VPN
IDS
NAT
IDS
A NIPS relies on the technology of an intrusion detection system at its core to detect potential attacks
You have been asked to prepare a report on network-based intrusion detection systems that compares the NIDS solutions from two potential vendors your company is considering. One solution is signature based and one is behavioral based. Which of the following lists what your report will identify as the key advantage of each?
Behavioral: low false-negative rate; Signature: ability to detect zero day attacks
Behavioral: ability to detect zero day attacks; Signature: low false-positive rates
Behavioral: high false-positive rate; Signature: high speed of detection
Behavioral: ability to detect zero day attacks; Signature: low false-positive rates
The key advantage of a behavioral-based NIDS is its ability to detect zero day attacks, whereas the key advantage of a signature-based NIDS is low false-positive rates
Why are false negatives more critical than false positives in NIDS/NIPS solutions?
A false negative is a missed attack, whereas a false positive is just extra noise.
False positives are indications of strange behavior, whereas false negatives are missed normal behavior.
False negatives show what didn’t happen, whereas false positives show what did happen.
A false negative is a missed attack, whereas a false positive is just extra noise.
A false negative is more critical as it is a potential attack that has been completely missed by the detection system; a false positive consumes unnecessary resources to be analyzed but is not an actual attack
You are managing a large network with several dozen switches when your monitoring system loses control over half of them. This monitoring system uses SNMPv2 to read traffic statistics and to make configuration changes to the switches. What has most likely happened to cause the loss of control?
A zero day Cisco bug is being used against you.
One of the network administrators may be a malicious insider.
An attacker has sniffed the SNMP password and made unauthorized configuration changes.
An attacker has sniffed the SNMP password and made unauthorized configuration changes.
An attacker has likely sniffed the cleartext SNMP password and used it to access and make changes to the switching infrastructure
How can proxy servers improve security?
They use TLS-based encryption to access all sites.
They can control which sites and content employees access, lessening the chance of malware exposure.
They enforce appropriate use of company resources.
They can control which sites and content employees access, lessening the chance of malware exposure.
Proxy servers can improve security by limiting the sites and content accessed by employees, limiting the potential access to malware
What technology can check the client’s health before allowing access to the network?
DLP
NIDS/NIPS
NAC
NAC
NAC, or network access control, is a technology that can enforce the security health of a client machine before allowing it access to the network
How does a mail gateway’s control of spam improve security?
It prevents users from being distracted by spam messages.
It can defeat many phishing attempts.
It can encrypt messages.
It can defeat many phishing attempts.
A mail gateway that blocks spam can prevent many phishing attempts from reaching your users
Why is e-mail encryption difficult?
E-mail encryption ensures messages are caught in spam filters.
Because of a lack of a uniform standardized protocol and method for encryption.
Because of technical key exchange issues.
Because of a lack of a uniform standardized protocol and method for encryption.
A lack of a uniform standardized protocol for encryption makes encrypting e-mail end to end difficult
What kind of device provides tamper protection for encryption keys?
HSM
DLP
NIDS/NIPS
HSM
A hardware security module (HSM) has tamper protections to prevent the encryption keys they manage from being altered
