6.3.2 Network Security Infrastructure Quiz

6.3.2 Network Security Infrastructure Quiz Answers

1. What is the purpose of a personal firewall on a computer?

  • to protect the computer from viruses and malware
  • to increase the speed of the Internet connection
  • to protect the hardware against fire hazard
  • to filter the traffic that is moving in and out of the PC

Explanation: The purpose of a firewall is to filter the traffic that is moving in and out of the PC. A computer firewall cannot deny all illegal traffic from a computer or increase the speed of any connection. It is also not able to protect hardware against fire hazards.

2. What is the main difference between the implementation of IDS and IPS devices?

  • An IDS can negatively impact the packet flow, whereas an IPS can not.
  • An IDS uses signature-based technology to detect malicious packets, whereas an IPS uses profile-based technology.
  • An IDS would allow malicious traffic to pass before it is addressed, whereas an IPS stops it immediately.
  • An IDS needs to be deployed together with a firewall device, whereas an IPS can replace a firewall.

Explanation: An IPS is deployed in inline mode and will not allow malicious traffic to enter the internal network without first analyzing it. An advantage of this is that it can stop an attack immediately. An IDS is deployed in promiscuous mode. It copies the traffic patterns and analyzes them offline, thus it cannot stop the attack immediately and it relies on another device to take further actions once it detects an attack. Being deployed in inline mode, an IPS can negatively impact the traffic flow. Both IDS and IPS can use signature-based technology to detect malicious packets. An IPS cannot replace other security devices, such as firewalls, because they perform different tasks.

3. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

  • SP
  • IPsec
  • MD5
  • AES

Explanation: IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.

4. What is a feature of the TACACS+ protocol?

  • It combines authentication and authorization as one process.
  • It encrypts the entire body of the packet for more secure communications.
  • It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.
  • It utilizes UDP to provide more efficient packet transfer.

Explanation: TACACS+ has the following features:

  • separates authentication and authorization
  • encrypts all communication
  • uses TCP port 49

5. Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?

  • packet filtering
  • application filtering
  • stateful packet inspection
  • URL filtering

Explanation: Stateful packet inspection on a firewall checks that incoming packets are actually legitimate responses to requests originating from hosts inside the network. Packet filtering can be used to permit or deny access to resources based on IP or MAC address. Application filtering can permit or deny access based on port number. URL filtering is used to permit or deny access based on URL or on keywords.

6. Refer to the exhibit. The network “A” contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as “A”?

6.3.2 Network Security Infrastructure Quiz 1

  • internal network
  • perimeter security boundary
  • untrusted network
  • DMZ

Explanation: A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.

7. Which statement describes the Cisco Cloud Web Security?

  • It is a security appliance that provides an all-in-one solution for securing and controlling web traffic.
  • It is an advanced firewall solution to guard web servers against security threats.
  • It is a secure web server specifically designed for cloud computing.
  • It is a cloud-based security service to scan traffic for malware and policy enforcement.

Explanation: The Cisco Cloud Web Security (CWS) is a cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement. It is not a firewall or web server solution. The Cisco Web Security Appliance (WSA) combines multiple security solutions to provide an all-in-one solution on a single platform to address the challenges of securing and controlling web traffic.

8. Which two statements are true about NTP servers in an enterprise network? (Choose two.)

  • There can only be one NTP server on an enterprise network.
  • NTP servers ensure an accurate time stamp on logging and debugging information.
  • All NTP servers synchronize directly to a stratum 1 time source.
  • NTP servers control the mean time between failures (MTBF) for key network devices.
  • NTP servers at stratum 1 are directly connected to an authoritative time source.

Explanation: Network Time Protocol (NTP) is used to synchronize the time across all devices on the network to make sure accurate timestamping on devices for managing, securing and troubleshooting. NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum 1 devices are directly connected to the authoritative time sources.

9. How is a source IP address used in a standard ACL?

  • It is the address to be used by a router to determine the best path to forward packets.
  • It is used to determine the default gateway of the router that has the ACL applied.
  • It is the criterion that is used to filter traffic.
  • It is the address that is unknown, so the ACL must be placed on the interface closest to the source address.

Explanation: The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.

10. Which network service allows administrators to monitor and manage network devices?

  • SNMP
  • NTP
  • NetFlow
  • syslog

Explanation: SNMP is an application layer protocol that allows administrators to manage and monitor devices on the network such as routers, switches, and servers.

11. What is a function of a proxy firewall?

  • connects to remote servers on behalf of clients
  • drops or forwards traffic based on packet header information
  • filters IP traffic between bridged interfaces
  • uses signatures to detect patterns in network traffic

Explanation: Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.

12. What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

  • NetFlow
  • network tap
  • port mirroring
  • SNMP

Explanation: When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.

Notify of

Inline Feedbacks
View all comments