Network Components Flashcards

1
Q

After you implement a new firewall on your corporate network, a coworker comes to you and asks why he can no longer connect to a Telnet server he has installed on his home DSL line. This failure to connect is likely due to:

Network Address Translation (NAT)

Basic packet filtering

Blocked by policy, Telnet not considered secure

A

Blocked by policy, Telnet not considered secure

Because Telnet is considered unsecure, default firewall policies will more than likely block it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why will NAT likely continue to be used even in IPv6 networks?

Even IPv6 does not have enough IP addresses.

It is integral to how access control lists work.

It can hide the internal addressing structure from direct outside connections.

A

It can hide the internal addressing structure from direct outside connections.

NAT’s capability to hide internal addressing schemes and prevent direct connections from outside nodes will likely keep NAT technology relevant even with broader adoption of IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are asked to present to senior management virtual private network methodologies in advance of your company’s purchase of new VPN concentrators. Why would you strongly recommend IPSec VPNs?

Connectionless integrity

Data-origin authentication

Traffic-flow confidentiality

All of the above

A

All of the above

The IPSec protocol supports a wide variety of services to provide security. These include access control, connectionless integrity, traffic-flow confidentiality, rejection of replayed packets, data security, and data-origin authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why is Internet Key Exchange preferred in enterprise VPN deployments?

IKE automates key management by authenticating each peer to exchange session keys.

IKE forces the use of Diffie-Hellman, ensuring higher security than consumer VPNs.

IKE prevents the use of flawed hash algorithms such as MD5.

A

IKE automates key management by authenticating each peer to exchange session keys.

IKE automates the key exchange process in a two-phase process to exchange session keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

After an upgrade to your VPN concentrator hardware, your manager comes to you with a traffic graph showing a 50 percent increase in VPN traffic since the new hardware was installed. What is a possible cause of this increase?

VPN jitter causing multiple IKE exchanges per second.

The new VPN defaults to full tunneling.

The new VPN uses transport mode instead of tunneling mode.

A

The new VPN defaults to full tunneling.

If a VPN defaults to full tunneling, all traffic is routed through the VPN tunnel, versus split tunneling, which allows multiple connection paths

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network-based intrusion prevention system (NIPS) relies on what other technology at its core?

VPN

IDS

NAT

A

IDS

A NIPS relies on the technology of an intrusion detection system at its core to detect potential attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You have been asked to prepare a report on network-based intrusion detection systems that compares the NIDS solutions from two potential vendors your company is considering. One solution is signature based and one is behavioral based. Which of the following lists what your report will identify as the key advantage of each?

Behavioral: low false-negative rate; Signature: ability to detect zero day attacks

Behavioral: ability to detect zero day attacks; Signature: low false-positive rates

Behavioral: high false-positive rate; Signature: high speed of detection

A

Behavioral: ability to detect zero day attacks; Signature: low false-positive rates

The key advantage of a behavioral-based NIDS is its ability to detect zero day attacks, whereas the key advantage of a signature-based NIDS is low false-positive rates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why are false negatives more critical than false positives in NIDS/NIPS solutions?

A false negative is a missed attack, whereas a false positive is just extra noise.

False positives are indications of strange behavior, whereas false negatives are missed normal behavior.

False negatives show what didn’t happen, whereas false positives show what did happen.

A

A false negative is a missed attack, whereas a false positive is just extra noise.

A false negative is more critical as it is a potential attack that has been completely missed by the detection system; a false positive consumes unnecessary resources to be analyzed but is not an actual attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are managing a large network with several dozen switches when your monitoring system loses control over half of them. This monitoring system uses SNMPv2 to read traffic statistics and to make configuration changes to the switches. What has most likely happened to cause the loss of control?

A zero day Cisco bug is being used against you.

One of the network administrators may be a malicious insider.

An attacker has sniffed the SNMP password and made unauthorized configuration changes.

A

An attacker has sniffed the SNMP password and made unauthorized configuration changes.

An attacker has likely sniffed the cleartext SNMP password and used it to access and make changes to the switching infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can proxy servers improve security?

They use TLS-based encryption to access all sites.

They can control which sites and content employees access, lessening the chance of malware exposure.

They enforce appropriate use of company resources.

A

They can control which sites and content employees access, lessening the chance of malware exposure.

Proxy servers can improve security by limiting the sites and content accessed by employees, limiting the potential access to malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What technology can check the client’s health before allowing access to the network?

DLP

NIDS/NIPS

NAC

A

NAC

NAC, or network access control, is a technology that can enforce the security health of a client machine before allowing it access to the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does a mail gateway’s control of spam improve security?

It prevents users from being distracted by spam messages.

It can defeat many phishing attempts.

It can encrypt messages.

A

It can defeat many phishing attempts.

A mail gateway that blocks spam can prevent many phishing attempts from reaching your users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is e-mail encryption difficult?

E-mail encryption ensures messages are caught in spam filters.

Because of a lack of a uniform standardized protocol and method for encryption.

Because of technical key exchange issues.

A

Because of a lack of a uniform standardized protocol and method for encryption.

A lack of a uniform standardized protocol for encryption makes encrypting e-mail end to end difficult

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What kind of device provides tamper protection for encryption keys?

HSM

DLP

NIDS/NIPS

A

HSM

A hardware security module (HSM) has tamper protections to prevent the encryption keys they manage from being altered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly