Understanding Devices and Infrastructure Flashcards
Which of the following devices is the most capable of providing infrastructure security?
Hub
Switch
Router
Router
Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened
Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?
Prevents unauthorized packets from entering the network
Allows all packets to leave the network
Eliminates collisions in the network
Prevents unauthorized packets from entering the network
Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic
Which device stores information about destinations in a network (choose the best answer)?
Hub
Modem
Router
Router
Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router
As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You’re preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?
Hub
Switch
Router
Switch
Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used
You’ve been notified that you’ll soon be transferred to another site. Before you leave, you’re to audit the network and document everything in use and the reason why it’s in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn’t a tunneling protocol but is probably used at your site by tunneling protocols for network security?
IPSec
PPTP
L2TP
IPSec
IPsec provides network security for tunneling protocols. IPsec can be used with many different protocols besides TCP/IP, and it has two modes of security
Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—used to shift a load from one device to another?
Proxy
Hub
Load balancer
Load balancer
A load balancer can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another
Which of the following are multiport devices that improve network efficiency?
Switches
Modems
Gateways
Switches
Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network
Which IDS system uses algorithms to analyze the traffic passing through the network?
Algebraic
Statistical
Heuristic
Heuristic
A heuristic system uses algorithms to analyze the traffic passing through the network
Which of the following can be used to offload the public-key encryption to a separate hardware plug-in card?
SSL accelerator
Load balancer
Proxy firewall
SSL accelerator
Since encrypting data is very processor-intensive, SSL accelerators can be used to offload the public-key encryption to a separate plug-in card
Which of the following protections implies that information, once written, cannot be modified?
DLP
ROM
WORM
WORM
With WORM (write-once-read-many) protection, information, once written, cannot be modified thus assuring that the data cannot be tampered with once it is written to the device
In which two modes can IPSec work?
Tunneling and Storing
Transport and Storing
Tunneling and Transport
Tunneling and Transport
IPsec can work in either Tunneling or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload
With which tunnel configuration are only some (usually all incoming) requests routed and encrypted over the VPN?
Split
Full
Partial
Split
With a full tunnel configuration, all requests are routed and encrypted through the VPN, while with a split tunnel, only some requests (usually all incoming) are routed and encrypted over the VPN
With which type of load balance scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on?
Affinity
Round-robin
Sequential
Round-robin
With round-robin load balancing, the first client request is sent to the first group of servers, the second is sent to the second, and so on
Which type of load balancing configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in?
Active-active
Cooperative-sharing
Equal-partner
Active-active
An active-active configuration means that more than one load balancing server is working at all times to handle the load/requests as they come in
Which of the following work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination?
SSL gateways
SSL accelerators
SSL decryptors
SSL decryptors
SSL decryptors work by decrypting encrypted traffic (SSL or TLS), inspecting it, and then re-encrypting it before sending it on to its destination
Which of the following is a chip that can store cryptographic keys, passwords, or certificates?
HMP
TPM
MTP
TPM
TPM (Trusted Platform Module) is the name assigned to a chip that can store cryptographic keys, passwords, or certificates
Which AP-based technology can increase security dramatically by allowing or denying access based on a client’s physical address?
MAC filtering
UTM (unified threat management)
Round-robin
MAC filtering
With MAC Filtering each host is identified by its MAC address and allowed (or denied) access based on that
Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two?
Accelerators
Proxies
Bridges
Bridges
Bridges are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two
Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not?
Backdoors
Collisions
Loops
Loops
Loops can occur when more than one bridge or switch is implemented on the network and the devices confuse each other by leading one another to believe that a host is located on a certain segment when it is not
To combat the problem described in Question 19, which of the following technologies enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent problems?
SSID
BRD
STP
STP
To combat the loop problem, technologies such as the Spanning Tree Protocol (STP) enable bridge/switch interfaces to be assigned a value that is then used to control the learning process and prevent loops
