Network Defense Module 1.4.2 Module 1: Understanding Defense Quiz Questions Exam Answers
1. In a defense-in-depth approach, which three options must be identified to effectively defend a network against attacks? (Choose three.)
- location of attacker or attackers
- total number of devices that attach to the wired and wireless network
- past security breaches
- vulnerabilities in the system
- assets that need protection
- threats to assets
Explanation: In order to prepare for a security attack, IT security personnel must identify assets that need to be protected such as servers, routers, access points, and end devices. They must also identify potential threats to the assets and vulnerabilities in the system or design.
2. Which device is usually the first line of defense in a layered defense-in-depth approach?
- access layer switch
- firewall
- edge router
- internal router
Explanation: The edge router connects an organization to a service provider. The edge router has a set of rules that specify which traffic is allowed or denied.
3. Which device in a layered defense-in-depth approach denies connections initiated from untrusted networks to internal networks, but allows internal users within an organization to connect to untrusted networks?
- IPS
- firewall
- access layer switch
- internal router
Explanation: A firewall is typically a second line of defense in a layered defense-in-depth approach to network security. The firewall typically connects to an edge router that connects to the service provider. The firewall tracks connections initiated within the company going out of the company and denies initiation of connections from external untrusted networks going to internal trusted networks.
4. With the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?
- onion
- lettuce
- artichoke
- cabbage
Explanation: The artichoke is now used to provide a visual analogy to describe a defense-in-depth security approach. The onion used to be descriptive because the attacker would “peel away” each layer of the network defense mechanisms. Now the artichoke is used because a single petal or leaf can be moved or removed to reveal sensitive information.
5. What is the benefit of a defense-in-depth approach?
- The effectiveness of other security measures is not impacted when a security mechanism fails.
- Only a single layer of security at the network core is required.
- The need for firewalls is eliminated.
- All network vulnerabilities are mitigated.
Explanation: The benefit of the defense-in-depth approach is that network defenses are implemented in layers so that failure of any single security mechanism does not impact other secuirty measures.
6. Which tool can be used to gather information about the different types of traffic that exist in a network?
- RTP
- protocol analyzer
- application server
- QoS
Explanation: As part of planning to grow a small network, it is important for a network administrator to survey the network to determine the different traffic types and the amount of traffic in a network. A protocol analyzer is a tool that can be used to gather this information. RTP is a protocol used in voice and video communication. QoS is a mechanism used to manage congestion and prioritize traffic. An application server is used to host applications.
7. What component of a security policy explicitly defines the type of traffic allowed on a network and what users are allowed and not allowed to do?
- remote access policies
- acceptable use policies
- identification and authentication policies
- password policies
Explanation: Security policies specify requirements and provide a baseline for organizations. Security policies may include the following:
- Identification and authentication policies that specify authorized individuals that have access to network resources and verification procedures
- Password policies that ensure minimum requirements are met and authentication methods are being enforced and updated
- Remote access policies that identify how remote users can access a network and to what they are allowed to connect
- Acceptable use policies that identify network applications and network usage that are allowed within the organization
8. Which section of a security policy is used to specify that only authorized individuals should have access to enterprise data?
- statement of scope
- statement of authority
- acceptable use policy
- campus access policy
- Internet access policy
- identification and authentication policy
Explanation: The identification and authentication policy section of the security policy typically specifies authorized persons that can have access to network resources and identity verification procedures.
9. An administrator discovers that a user is accessing a newly established website that may be detrimental to company security. What action should the administrator take first in terms of the security policy?
- Ask the user to stop immediately and inform the user that this constitutes grounds for dismissal.
- Immediately suspend the network privileges of the user.
- Create a firewall rule blocking the respective website.
- Revise the AUP immediately and get all users to sign the updated AUP.
Explanation: An AUP would list specific websites, newsgroups, or bandwidth intensive applications that are prohibited from being accessed by company computers or from the company network. Every employee should be required to sign an AUP, and the signed AUPs should be retained for the duration of employment. Any changes to this must be updated immediately and signed by all users.
10. What three goals does a BYOD security policy accomplish? (Choose three.)
- describe the rights to access and activities permitted to security personnel on the device
- identify and prevent all heuristic virus signatures
- identify which employees can bring their own devices
- identify all malware signatures and synchronize them across corporate databases
- identify a list of websites that users are not permitted to access
- identify safeguards to put in place if a device is compromised
Explanation: A comprehensive BYOD policy should accomplish the following:
Identification of which employees can bring their own devices
Identification of which devices will be supported
Identification of the level of access employees are granted when using personal devices
Describe the rights to access and activities permitted to security personnel on the device
Identification of which regulations must be adhered to when using employee devices
Identification of safeguards to put in place if a device is compromised