Understanding Devices and Infrastructure Flashcards

1
Q

Which of the following devices is the most capable of providing infrastructure security?

Hub

Switch

Router

A

Router

Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?

Prevents unauthorized packets from entering the network

Allows all packets to leave the network

Eliminates collisions in the network

A

Prevents unauthorized packets from entering the network

Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which device stores information about destinations in a network (choose the best answer)?

Hub

Modem

Router

A

Router

Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You’re preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?

Hub

Switch

Router

A

Switch

Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You’ve been notified that you’ll soon be transferred to another site. Before you leave, you’re to audit the network and document everything in use and the reason why it’s in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn’t a tunneling protocol but is probably used at your site by tunneling protocols for network security?

IPSec

PPTP

L2TP

A

IPSec

IPsec provides network security for tunneling protocols. IPsec can be used with many different protocols besides TCP/IP, and it has two modes of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—used to shift a load from one device to another?

Proxy

Hub

Load balancer

A

Load balancer

A load balancer can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are multiport devices that improve network efficiency?

Switches

Modems

Gateways

A

Switches

Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which IDS system uses algorithms to analyze the traffic passing through the network?

Algebraic

Statistical

Heuristic

A

Heuristic

A heuristic system uses algorithms to analyze the traffic passing through the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following can be used to offload the public-key encryption to a separate hardware plug-in card?

SSL accelerator

Load balancer

Proxy firewall

A

SSL accelerator

Since encrypting data is very processor-intensive, SSL accelerators can be used to offload the public-key encryption to a separate plug-in card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following protections implies that information, once written, cannot be modified?

DLP

ROM

WORM

A

WORM

With WORM (write-once-read-many) protection, information, once written, cannot be modified thus assuring that the data cannot be tampered with once it is written to the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In which two modes can IPSec work?

Tunneling and Storing

Transport and Storing

Tunneling and Transport

A

Tunneling and Transport

IPsec can work in either Tunneling or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

With which tunnel configuration are only some (usually all incoming) requests routed and encrypted over the VPN?

Split

Full

Partial

A

Split

With a full tunnel configuration, all requests are routed and encrypted through the VPN, while with a split tunnel, only some requests (usually all incoming) are routed and encrypted over the VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

With which type of load balance scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on?

Affinity

Round-robin

Sequential

A

Round-robin

With round-robin load balancing, the first client request is sent to the first group of servers, the second is sent to the second, and so on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which type of load balancing configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in?

Active-active

Cooperative-sharing

Equal-partner

A

Active-active

An active-active configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination?

SSL gateways

SSL accelerators

SSL decryptors

A

SSL decryptors

SSL decryptors work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is a chip that can store cryptographic keys, passwords, or certificates?

HMP

TPM

MTP

A

TPM

TPM (Trusted Platform Module) is the name assigned to a chip that can store cryptographic keys, passwords, or certificates

17
Q

Which AP-based technology can increase security dramatically by allowing or denying access based on a client’s physical address?

MAC filtering

UTM (unified threat management)

Round-robin

A

MAC filtering

With MAC Filtering each host is identified by its MAC address and allowed (or denied) access based on that

18
Q

Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two?

Accelerators

Proxies

Bridges

A

Bridges

Bridges are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two

19
Q

Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not?

Backdoors

Collisions

Loops

A

Loops

Loops can occur when more than one bridge or switch is implemented on the network and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not

20
Q

To combat the problem described in Question 19, which of the following technologies enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent problems?

SSID

BRD

STP

A

STP

To combat the loop problem, technologies such as the Spanning Tree Protocol (STP) enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent loops