Quiz 10

Question 1

A DMZ is .

Question 1 options:

a semi-trusted network

a trusted network

an untrusted network

not actually a network

Answer 1

a semi-trusted network

Question 2

A screening router would be an appropriate choice for meeting the security needs of
a .
Question 2 options:

DMZ

none of the above

small office network

home network

Answer 2

none of the above.

Question 3

Which of the following computers is likely to be found in a DMZ? (Choose all that apply.)
Question 3 options:

A) domain controller

B) e-mail server

C) customer information database

D) Web server

Answer 3

B) e-mail server
D) Web server

Question 4

Which of the following issues should you consider in firewall design? (Choose all that apply.)
Question 4 options:

A) authorization

B) fault tolerance

C) log size

D) load balancing

Answer 4

B) fault tolerance
D) load balancing

Question 4

A proxy server . (Choose all that apply.)

Question 5 options:

A) uses fewer system resources than a software firewall

B) can filter Application layer content

C) is the same as a reverse firewall

D) is designed to improve Web access

Answer 4

B) can filter Application layer content

D) is designed to improve Web access

Question 4

What enables servers in a server farm to work together to handle requests?

Question 7 options:

a router

a switch

load-balancing software

a networking hub

Answer 4

load-balancing software

Question 4

What is the main problem with using a screening router?

Question 6 options:

The router alone cannot stop many types of attacks.

The router cannot be used with a firewall.

The router might not provide an adequate screen.

The router can be configured incorrectly.

Answer 4

The router alone cannot stop many types of attacks.

Question 4

For which of the following reasons would you consider creating a protected subnet
within an already protected internal network? (Choose all that apply.)
Question 8 options:

A) to protect Web servers

B) to protect the company’s reputation

C) to protect customer information

D) to protect management servers

Answer 4

A) to protect Web servers

C) to protect customer information

D) to protect management servers

Question 4

Which of the following functions can a bastion host perform? (Choose all that apply.)

Question 10 options:

A) FTP server

B) e-mail server

C) domain controller

D) security management server

Answer 4

A) FTP server

B) e-mail server

Question 5

A corporation with several branch offices has decided to maintain multiple firewalls,
one to protect each branch office’s network. What is the most efficient way to maintain
these firewalls?
Question 9 options:

Send information about the security policy to each network administrator.

Set up remote desktop management software.

Use a centralized security workstation.

Broadcast configuration instructions periodically by e-mail.

Answer 5

Use a centralized security workstation.

Question 5

Which of the following can hide internal IP addresses from the Internet? (Choose all that apply.)
Question 11 options:

A) state tables

B) packet filters

C) proxy servers

D) NAT

Answer 5

C) proxy servers

D) NAT

Question 6

Hardening a bastion host involves which of the following measures?

Question 12 options:

installing current patches

disabling unnecessary services

all of the above

removing unnecessary accounts

Answer 6

all of the above

Question 7

To isolate all external Web requests to a specific Web server on the DMZ, it would be
best to use many-to-one NAT.

Question 13 options:
True
False

Answer 7

False

Question 8

A bastion host is usually located on the internal network.

Question 14 options:
True
False

Answer 8

False

Question 9

In a Cisco ASA 5505 firewall, security level 100 is the least secure level.

Question 15 options:
True
False

Answer 9

False