Securing Networks Flashcards

1
Q

You have been tasked by your manager with performing an evaluation of the benefits of using virtualization in your quality assurance (QA) testing environment. Which of the following is an advantage of using virtual machines in terms of security and cost efficiency?

It reduces the need to install operating system software updates.

Multiple operating systems can be installed and run in their own separate, secure area on a single hardware device.

It helps secure the hardware from unauthorized access.

A

Multiple operating systems can be installed and run in their own separate, secure area on a single hardware device.

Virtual machines all run in their own separate and isolated area on the system as if they were each on a separate physical machine. This greatly increases security because any issues arising in one virtual machine will not affect another virtual system. This also allows multiple operating systems to be installed on the same physical hardware, which saves money by avoiding the need to buy multiple hardware systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

After a security review, it is recommended that your organization install a network intrusion prevention system (NIPS). Based on the current budget, your manager recommends that you install a less costly network detection system (NIDS). What is the primary security difference between an NIDS and an NIPS that you can use to justify the additional costs?

An NIDS system only detects TCP/IP attacks.

The NIPS system actively tries to mitigate an incoming intrusion rather than just detect it.

The NIDS system can raise alarms when it detects an intrusion.

A

The NIPS system actively tries to mitigate an incoming intrusion rather than just detect it.

The NIPS system actively tries to mitigate an incoming intrusion rather than just detect it. An NIPS actively monitors for intrusions and will alert the administrator when one is detected. A network intrusion prevention system goes a step further and tries to actively prevent the intrusion as it is occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You must install and secure your organization’s Internet services, including web, FTP, and e-mail servers, within your current network topology, which uses a network firewall to protect your internal networks. In which security zone of your network should these servers be installed to isolate them from the Internet and your internal networks?

DMZ

VLAN

Internal network

A

DMZ

The demilitarized zone (DMZ) is a network that typically contains Internet servers and services that are accessible from the outside world but should be isolated from your internal network. The DMZ ensures incoming connections for these services are routed to the DMZ and never reach the internal LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your organization is growing fast, and the number of clients and devices on your network has doubled in size over the last year. To help better partition and secure your network, which networking technology could you use?

NAC

VPN

VLAN

A

VLAN

A virtual LAN (VLAN) is used to segment a network into smaller logical units to aid in security and performance. The virtual LANs are logically isolated from each other to prevent network traffic and unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your organization has a large remote user base, and it is becoming difficult to enable them to access a legacy local application server and share and collaborate on project documents. Which of the following technologies could you use to provide secure, centralized access to these resources?

VLAN

Web-based cloud computing application

Virtualization

A

Web-based cloud computing application

You could convert your legacy application to a secure, cloud-based web resource that allows clients to remotely access the application and its data from any Internet connection. The data can be easily shared, and multiple users can collaborate on projects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Many of your users are downloading MP3 music files from the Internet and using up the company’s valuable bandwidth resources. Which technology could you implement to help block the transfer of these files from the Internet?

Content filter

Anti-spam filter

Protocol analyzer

A

Content filter

A content-filtering server can analyze network traffic and block specific file types, such as MP3 music files, from being downloaded. The end users will receive an error when they try to access blocked files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You need to implement a solution that allows your users to browse web content safely and protects the company from legal liabilities regarding the downloading of inappropriate content. Which of the following security devices would you install?

Anti-spam filter

Web proxy

Web security gateway

A

Web security gateway

A web security gateway device is specifically engineered to content-filter HTTP web traffic and prevent attacks on web clients via the HTTP protocol. A network firewall, web proxy, or anti-spam filter would not prevent security issues specifically for HTTP applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your users are complaining that web browsing is very slow, but your small office cannot afford a faster Internet connection. Which of the following technologies would help improve web browsing performance?

Web proxy

Firewall

Authentication proxy

A

Web proxy

Web proxy servers are used primarily for their caching capability, which boosts web browsing performance by storing content retrieved from an external web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have discovered that a networking security issue might exist between your network firewall and e-mail server, which is accepting connections from an unauthorized external e-mail server. Which of the following network security tools would be best used for examining network traffic between your firewall and your e-mail server?

IDS

Proxy server

Protocol analyzer

A

Protocol analyzer

A protocol analyzer is best suited for examining and capturing network packets and frames between the two devices. You would be able to examine the network traffic to determine the details of the unauthorized connection and use firewall rules to block it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly