secure network designs

Question 1

A network-based firewall analyzes packets at the layer _ or _____ of the OSI

Answer 1

2

data link layer

Question 2

An application firewall analyzes packets at layer _ or the _____.

Answer 2

7

application layer

Question 3

_____ will ensure a proper failure capability. Requests will continually flow through one load balancer and through the secondary if the primary fails.

Answer 3

active/passive topology

Question 4

Switches that support quality of service uses the _____ header to prioritize frames. This will improve video conferences and make efficient use of the overall network bandwidth.

Answer 4

802.1p

Question 5

_____ is a means of remote management of a system; a term commonly used when managing network devices.

Answer 5

Out-of-band (OOB) management

Question 6

The _____ is the code and metrics that determine which node is selected for processing each incoming request

Answer 6

scheduling algorithm

Question 7

An _____ configuration sends all requests to one node while the other node is on standby. The secondary node takes over services when the primary node loses connectivity or goes offline.

Answer 7

active/passive

Question 8

_____ allow an application-layer load balancer to keep clients connected to a session. This is achieved with a cookie at the client.

Answer 8

Persistence settings

Question 9

_____ is principally designed to prevent broadcast storms. These storms occur when a bridged network contains a loop and broadcast traffic is amplified by the other switches. This can disrupt the network services.

Answer 9

Spanning Tree Protocol (STP)

Question 10

_____ is a network setting that inspects traffic on access ports to ensure that a host is not trying to spoof its MAC address.

Answer 10

Dynamic Host Configuration Protocol (DHCP) snooping

Question 11

A _____ guard prevents _____ from communicating network topology information on access ports. This protects against misconfiguration or a possible malicious attack.

Answer 11

Bridge Protocol Data Unit (BPDU)

Question 12

An _____ can connect multiple subnets to reduce the number of active ports.

Answer 12

aggregation switch

Question 13

A _____ is part of a Security Information and Event Manager (SIEM). It captures and examines logged events to alert administrators of potential threats on a network.

Answer 13

correlation engine

Question 14

_____ gather information to determine if the data being passed is malicious or not.

Answer 14

Sensors

The Internet facing sensor will see all traffic and determine its Intent. The sensor behind the firewall will only see filtered traffic. The sensors send findings to the NIDS console.

Question 15

An ____ is a private company zone established to allow employees the ability to share content and communicate more effectively.

Answer 15

intranet

Question 16

An _____ is a zone created to allow authorized users access to company assets, separate from the intranet.

Answer 16

extranet

Question 17

The _____ is an all-in-one security appliance that combines the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, Data Loss Prevention, content filtering, and many more.

Answer 17

Unified Threat Management (UTM)

Question 18

_____ Virtual Private Network (VPN) uses modern web browsers to access and manage a desktop with relatively little lag. This is also known as a clientless remote desktop gateway.

Answer 18

Hypertext Markup Language 5 (HTML5)

Question 19

_____ is used with IP Security (IPSec) to provide a VPN tunnel. This will require installing a VPN agent at the client.

Answer 19

Layer 2 Tunneling Protocol (L2TP)

Question 20

An _____ can be used to restrict communications between two network segments or two switches connected to a router.

Answer 20

access control list (ACL)

Question 21

_____ describes the network and platform configurations that support cloud and other Internet services where most traffic is actually between servers within the data center.

Answer 21

East-west traffic

Question 22

_____ is Cisco’s proprietary service to providing a load-balanced service with a VIP (Virtual IP)

Answer 22

Gateway Load Balancing Protocol (GLBP)

The infrastructure is Cisco-based

Question 23

_____ is another commonly used network protocol that works in the same way as GLBP.

Answer 23

Common Address Redundancy Protocol (CARP)

Question 24

A _____ examines the data and makes rule-based decisions about whether the request should be forwarded or refused.

Answer 24

proxy

Question 25

_____ translates public IP addresses to private and vice versa. By using the ___ protocol on the firewall, a company can hide assets from the public internet.

Answer 25

Network Addressing Protocol (NAT)

Question 26

A _____ is an area of a network that is designed specifically for public users to access.

Answer 26

demilitarized zone (DMZ)

Question 27

A _____ is used to monitor network traffic. It forwards a copy of each packet from one switch port to another.

Answer 27

port mirror

Question 28

_____ can publish specific applications from the corporate network to the Internet by listening for specific client requests. This will ensure other intranet services are not exposed

Answer 28

Reverse proxies