1. Which network security design typically uses one inside interface, one outside interface, and one DMZ interface?
- layered defense
- public
- demilitarized
- two-interface firewall
- ZPF
Explanation: A demilitarized firewall design typically has one inside interface, one outside interface, and one DMZ interface.
2. Which security design uses different types of firewalls and security measures that are combined at different areas of the network to add depth to the security of an organization ?
- ZPF
- private-public
- demilitarized
- layered defense
- stateful firewall
Explanation: In a layered network defense, security measures are taken at the network core, perimeter, endpoints, and other communication security points.
3. Which three statements describe trusted and untrusted areas of the network? (Choose three.)
- The public internet is generally considered untrusted.
- A DMZ is considered a trusted area of the network.
- Each network security layer is considered trusted and requires no security measures.
- Internal networks, except the DMZ, are considered trusted.
- In a ZPF network, traffic that moves within zones is generally considered trusted.
Explanation: The public internet is considered untrusted. Internal networks are generally considered to be trusted; however additional security may be required to protect them from threats. In a ZPF, traffic that travels within zones is generally considered as trusted.
4. Which network design groups interfaces into zones with similar functions or features?
- layered
- private
- demilitarized
- self-zone
- ZPF
Explanation: ZPF groups interfaces into zones that have similar functions or features.
5. What are two best practices when implementing firewall security policies?
- Permit all traffic and then implement rules to block specific traffic.
- Disable unnecessary network services.
- Strictly control physical access to firewall devices.
- Firewall logging is not required due to the complexity of log entries.
- Firewalls should only be used at the network edge.
Explanation: Disable unnecessary network services to limit access to endpoints. Strictly control physical access to firewall devices to prevent tampering unauthorized access to configuration ports.