Section 3.3 Implementing secure network designs

Question 1

What provide a first line of defense for detection and prevention attacks at your network border?

Answer 1

Network security devices and secure network design

Question 2

What is a network device that helps evenly distribute the flow of network traffic to other network devices, either in an active/active mode or an active/passive mode?

Answer 2

Load balancer

Question 3

If one router receives too many requests what could happen?

Answer 3

A bottleneck or network delays

Question 4

What are required to analyze incoming requests and route them evenly between servers?

Answer 4

Load balancer

Question 5

What can schedule their functions through different techniques or can use intelligent methods to detect which servers are overloaded and which are free?

Answer 5

Load balancers

Question 6

What prevent DoS network attacks by detecting floods of network packets and prevents them from overloading a device?

Answer 6

Load Balancer

Question 7

What enhances load balancing by making routing the resources of all servers so they can be used to perform the same task as one server?

Answer 7

Clustering

Question 8

In what mode of load balancing do the load balancers act like an array, dealing with traffic together as both are active?

Answer 8

Active/Active mode

Question 9

What eliminates a host’s dependency upon individual network interfaces?

Answer 9

a Virtual IP address

Question 10

Web traffic comes into the network load balancer from the?

Answer 10

Virtual IP Address

Question 11

What NLB setting knows the status of all servers in the server farms and which web servers are the least utilized by using a scheduling algorithm?

Answer 11

Least Utilized Host

Question 12

What NLB setting takes the incoming request then contacts the DNS server and rotates the request based on the lowest IP address first?

Answer 12

DNS round Robin

Question 13

What NLB setting sends the request to the same web server based on the requester’s IP address, IP + port, and/or session ID?

Answer 13

Affinity

Question 14

What do you call a private network that is designed to host the information internal to the organization?

Answer 14

Intranet

Question 15

What do you call a section of an organization’s network that has been sectioned off to act as an intranet for the private network but also serves information to external business partners or the public internet?

Answer 15

Extranet

Question 16

What do you call an extranet for public consumption that is typically labeled a DMZ or perimeter network?

Answer 16

Screened Subnet

Question 17

What is used to control traffic and isolate static/sensitive environments?

Answer 17

Network segmentation

Question 18

What do you call a collection of devices that communicate with one another as if they made up a single physical LAN?

Answer 18

VLAN

Question 19

What do you call a subnet that is placed between two routers or firewalls?

Answer 19

Screened subnet

Question 20

Bastion hosts are located within which subnet?

Answer 20

Screened subnet

Question 21

What extends a private network across a public network, enabling users and devices to send and receive data across shared or public networks as if their computing devices were directly connected to the private network?

Answer 21

VPN

Question 22

What is the most secure VPN tunneling protocol that can use certificates, Kerberos authentication, or a pre-shared key?

Answer 22

L2TP/IPSec

Question 23

What VPN works with legacy systems and uses SSL certificates for authentication?

Answer 23

Secure Socket Layer VPN

Question 24

What VPN uses certificates for authentication and just needs and HTML-5 compatible browser such as Opera, Edge, Firefox, or Safari?

Answer 24

HTML 5 VPN

Question 25

What mode of VPN means all traffic both the internet and the corporate network run through the VPN?

Answer 25

Full Tunnel

Question 26

What mode of VPN is used for traffic destined for the corporate network only and internet traffic is sent through its normal route?

Answer 26

Split Tunnel

Question 27

In what kind of scenario is a connection initiated from a users PC or laptop for a connection of shorter duration?

Answer 27

Remote Access Scenario

Question 28

What do you call a hierarchical naming system that resolves a hostname to an IP address?

Answer 28

DNS

Question 29

What type of record is a text record used by DNS to prevent spam and confirm the email has come from the domain it appears to come from?

Answer 29

Sender Policy Framework

Question 30

What type of record is used for mail servers?

Answer 30

MX

Question 31

What type of record is a DNS text that is used by ISPs to prevent malicious email, such as phishing or spear phishing attacks?

Answer 31

Domain-based Message Authentication, Reporting and Conformance (DMARC)

Question 32

What stores recently resolved DNS requests for later reuse, reducing calls to the DNS server?

Answer 32

DNS Cache

Question 33

What is a flat-file where name and IP pairs are stored on a client? Often checked before request is sent to DNS server.

Answer 33

Hosts File

Question 34

What normally maintains only the hostnames for domains it is configured to serve? It is said to be ‘authoritative’ for those domains.

Answer 34

DNS server

Question 35

What do you call DNS nameservers that operate in the root zone? They can also refer to requests to the appropriate Top-Level Domain (TLD) server.

Answer 35

Root Server

Question 36

What prevents unauthorized access to DNS records on the server? Each DNS record is digitally signed, creating an RRSIG (digitally signed record) record to protect against attacks.

Answer 36

DNSSEC

Question 37

What is it called when an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic to a rogue system or perform DoS against a system?

Answer 37

DNS poisoning

Question 38

What is it called when an attacker sends false replies to a requesting system, beating the real reply from the valid DNS server?

Answer 38

DNS Spoofing

Question 39

What is it called when an attacked uses a captive portal such as a pay-for-use Wi-Fi hotspot?

Answer 39

DNS hijacking

Question 40

What kind of attack leverages similarities in character sets to register phony international domain names (IDNs) that appear legitimate to the naked eye?

Answer 40

Homograph attack

Question 41

After a remote client has authenticated, __________ checks that the device being used is patched and compliant with corporate security policies.

Answer 41

Network Access Control (NAC)

Question 42

What is it called when the operating system includes NAC as part of the operating system itself and no additional agent is required?

Answer 42

Agent-based/Agentless NAC

Question 43

What kind of management enables IT to work around problems that my be occurring on the network?

Answer 43

Out-of-band Management

Question 44

What kind of security turns off the port but limits the functionality of the switch?

Answer 44

Port security

Question 45

What kind of security authenticates users or devices by a certificate before the connection is made? Prevents an unauthorized device from connecting and allows an authorized device to connect.

Answer 45

802.1x

Question 46

What kind of protection prevents two or more connected switches from creating loops that create broadcast storms?

Answer 46

Loop protection

Question 47

What protocol prevents broadcast storms from happening by forwarding, listening, or blocking on some ports?

Answer 47

Spanning Tree Protocol (STP)

Question 48

What are the frames that contain information about the STP?

Answer 48

Bridge Protocol Data Units (BPDU)

Question 49

What kind of attack will try and spoof the root bridge so that the STP is recalculated?

Answer 49

BPDU attack

Question 50

What do you call a layer 2 security that prevents a rogue DHCP server from allocating IP addresses to a host on your network?

Answer 50

DHCP snooping

Question 51

What is used by a wireless access point to block access to all non-authorized devices?

Answer 51

MAC filtering

Question 52

What is a way some attackers get around MAC filtering?

Answer 52

MAC spoofing

Question 53

What network appliance is typically placed on a screened subnet and allows admins to connect remotely to the network?

Answer 53

Jump Server

Question 54

What network appliance is a server that controls requests from clients seeking resources on the internet or an external network?

Answer 54

Forward proxy

Question 55

What network appliance is placed on a screened subnet and performs the authentication and decryption of a secure session to enable it to filter the incoming traffic?

Answer 55

Reverse Proxy

Question 56

What kind of IDS can monitor activity on a single system only? A drawback is that attackers can discover and disable them.

Answer 56

Host based IDS

Question 57

What kind of IDS can monitor activity on a network, and isn’t as visible to attackers?

Answer 57

Network based IDS

Question 58

What type of IDS creates a baseline of activity to identify normal behavior and then measures system performance against the baseline to detect abnormal behavior? It can detect previously unknown attack methods.

Answer 58

Behavior-based

Question 59

What type of IDS system uses signatures similar to the signature definitions used by anti-malware software? Only effective against known attacks

Answer 59

Signature based

Question 60

What mode of operation has the NIDS/NIPS placed on or near the firewall as an additional layer of security?

Answer 60

Inline/In-band

Question 61

What mode of operation has the traffic not going through the NIDS/NIPs? Instead sensors and collectors forward alerts to the NIDS

Answer 61

Passive/Out of band

Question 62

What can be placed on a network to alert NIDS of any changes in traffic patterns on the network?

Answer 62

Sensors and collectors

Question 63

What do you call a physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions? Like a TPM, but are often removable or external devices.

Answer 63

Hardware Security Module (HSM)

Question 64

What do you call a multifunction device (MFD) composed of several security features in addition to a firewall? More common in small and medium businesses.

Answer 64

Unified Threat Management (UTM)

Question 65

What do you call packet inspection that inspects and filters both the header and payload of a packed that is transmitted through an inspection point? Can detect protocol non-compliance, spam, viruses, and intrusions

Answer 65

Deep packet inspection

Question 66

What firewall state watches network traffic and restricts or blocks packets based on source and destination addresses or other static values? Typically faster and performs better under heavier traffic loads.

Answer 66

Stateless

Question 67

What firewall state can watch traffic streams from end to end? Better at identifying unauthorized and forged communications?

Answer 67

Stateful

Question 68

What firewall state is not aware of traffic patterns or data flows?

Answer 68

Stateless

Question 69

What firewall state is aware of communication paths and can implement various IP security functions such as tunnels and encryption?

Answer 69

Stateful

Question 70

What allows private subnets to communicate with other cloud services and the internet but hides the internal network from Internet users? Contains the Network Access Control List (NACL) for the private subnets.

Answer 70

Network Address Translation Gateway

Question 71

What looks at the content on the requested web page and blocks requests depending on filters? Used to block inappropriate content in the context of the situation.

Answer 71

Content/URL filter

Question 72

What type of firewall is one in which the vendor makes the license freely available and allows access to the source code, though it might ask for an optional donation?

Answer 72

Open source firewall

Question 73

What type of firewall offers no vendor support?

Answer 73

Open source firewall

Question 74

What type of firewalls are more expensive but tend to provide more/better protection and more functionality and support (at a cost)?

Answer 74

Proprietary

Question 75

What type of firewall is a piece of purpose-built network hardware?

Answer 75

Hardware firewall

Question 76

What type of firewall may offer more configurable support for LAN and WAN connections?

Answer 76

Hardware firewalls

Question 77

What type of firewall often has superior throughput vs software firewalls because it is designed for the speeds and connections common to an enterprise network?

Answer 77

Hardware firewalls

Question 78

What type of firewalls might you install on your own hardware?

Answer 78

Software firewalls