secure network designs Flashcards
A network-based firewall analyzes packets at the layer _ or _____ of the OSI
2
data link layer
An application firewall analyzes packets at layer _ or the _____.
7
application layer
_____ will ensure a proper failure capability. Requests will continually flow through one load balancer and through the secondary if the primary fails.
active/passive topology
Switches that support quality of service uses the _____ header to prioritize frames. This will improve video conferences and make efficient use of the overall network bandwidth.
802.1p
_____ is a means of remote management of a system; a term commonly used when managing network devices.
Out-of-band (OOB) management
The _____ is the code and metrics that determine which node is selected for processing each incoming request
scheduling algorithm
An _____ configuration sends all requests to one node while the other node is on standby. The secondary node takes over services when the primary node loses connectivity or goes offline.
active/passive
_____ allow an application-layer load balancer to keep clients connected to a session. This is achieved with a cookie at the client.
Persistence settings
_____ is principally designed to prevent broadcast storms. These storms occur when a bridged network contains a loop and broadcast traffic is amplified by the other switches. This can disrupt the network services.
Spanning Tree Protocol (STP)
_____ is a network setting that inspects traffic on access ports to ensure that a host is not trying to spoof its MAC address.
Dynamic Host Configuration Protocol (DHCP) snooping
A _____ guard prevents _____ from communicating network topology information on access ports. This protects against misconfiguration or a possible malicious attack.
Bridge Protocol Data Unit (BPDU)
An _____ can connect multiple subnets to reduce the number of active ports.
aggregation switch
A _____ is part of a Security Information and Event Manager (SIEM). It captures and examines logged events to alert administrators of potential threats on a network.
correlation engine
_____ gather information to determine if the data being passed is malicious or not.
Sensors
The Internet facing sensor will see all traffic and determine its Intent. The sensor behind the firewall will only see filtered traffic. The sensors send findings to the NIDS console.
An ____ is a private company zone established to allow employees the ability to share content and communicate more effectively.
intranet
An _____ is a zone created to allow authorized users access to company assets, separate from the intranet.
extranet
The _____ is an all-in-one security appliance that combines the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, Data Loss Prevention, content filtering, and many more.
Unified Threat Management (UTM)
_____ Virtual Private Network (VPN) uses modern web browsers to access and manage a desktop with relatively little lag. This is also known as a clientless remote desktop gateway.
Hypertext Markup Language 5 (HTML5)
_____ is used with IP Security (IPSec) to provide a VPN tunnel. This will require installing a VPN agent at the client.
Layer 2 Tunneling Protocol (L2TP)
An _____ can be used to restrict communications between two network segments or two switches connected to a router.
access control list (ACL)
_____ describes the network and platform configurations that support cloud and other Internet services where most traffic is actually between servers within the data center.
East-west traffic
_____ is Cisco’s proprietary service to providing a load-balanced service with a VIP (Virtual IP)
Gateway Load Balancing Protocol (GLBP)
The infrastructure is Cisco-based
_____ is another commonly used network protocol that works in the same way as GLBP.
Common Address Redundancy Protocol (CARP)
A _____ examines the data and makes rule-based decisions about whether the request should be forwarded or refused.
proxy
_____ translates public IP addresses to private and vice versa. By using the ___ protocol on the firewall, a company can hide assets from the public internet.
Network Addressing Protocol (NAT)
A _____ is an area of a network that is designed specifically for public users to access.
demilitarized zone (DMZ)
A _____ is used to monitor network traffic. It forwards a copy of each packet from one switch port to another.
port mirror
_____ can publish specific applications from the corporate network to the Internet by listening for specific client requests. This will ensure other intranet services are not exposed
Reverse proxies
