Objective 3.1: Devices
Your company has a large internal network that you would like to subnet into smaller parts. Which of the following devices can you use to separate your LAN and still protect critical resources? (Select all that apply.)
An internal firewall
A router between subnets
A modem between computers
A switch between departments
Which of the following are considered to be possible components of an ethernet LAN? (Select all that apply.)
Access Point (AP)
Which of the following devices is specially designed to forward packets to specific ports based on the packet's address?
Objective 3.1.1: Firewalls
Your company receives Internet access through a network or gateway server. Which of the following devices is best suited to protect resources and subnet your LAN directly on the network server?
A multi-homed firewall
A brouter that acts both as a bridge and a router
What are some of the benefits of using a firewall for your LAN? (Select all that apply.)
Increased access to Instant Messaging
Stricter access control to critical resources
Greater security to your LAN
Less expensive than NAT servers
Which of the following are true about firewalls? (Select all that apply.)
Filters network traffic
Can be either a hardware or software device
Follows a set of rules
Can be configured to drop packets
Which of the following are true about firewall protection when using static packet filtering on the router? (Select all that apply.)
Static packet filtering is less secure than stateful filtering
Static packet filtering is less secure than proxy filtering
Static packet filtering is more secure than dynamic packet filtering
Static packet filtering is more secure than stateful filtering
A packet filtering firewall operates at which of the following OSI layers? (Select all that apply.)
At the Application layer
At the Transport layer
At the Network layer
At the Gateway layer
Firewalls are designed to perform all the following except:
Limiting security exposures
Logging Internet activity
Enforcing the organization's security policy
Protecting against viruses
Stateful firewalls may filter connection-oriented packets that are potential intrusions to the LAN. Which of the following types of packets can a stateful packet filter deny?
Which of the following systems run an application layer firewall using Proxy software?
Which of the following use routers with packet filtering rules to allow or deny access based on source address, destination address, or port number?
Application layer firewall
Packet filtering firewall
Router enhanced firewall
IP enabled firewall
Which of the following firewalls keeps track of the connection state?
Application layer firewall
Packet filtering firewall
Router enhanced firewall
Stateful packet filtering firewall
Objective 3.1.2: Routers
Which of following devices discriminates between multicast and unicast packets?
Your primary concern is LAN security. You want to subnet your internal network with a device that provides security and stability. Which of the following devices do you choose to meet these needs?
Which of the following will help you to improve your LAN security? (Select all that apply.)
Change user passwords frequently
Install a firewall program
Use a dynamic rather than static router
Use a proxy
Which of the following is the most difficult to configure, but safest device to use on a LAN?
IP enabled router
RIP enabled router
Which of the following statements are true about routers and bridges? (Select all that apply.)
Bridges connect two networks at the Data Link Layer
Bridges are types of inexpensive routers
Routers are improved bridges
Routers connect two networks at the Network Layer
Remember, routers work at the Network Layer of the International Standards Organization/Open Systems Interconnection (ISO/OSI) established sequence of OSI Layers. What is the correct and complete OSI sequence in order from user interface (Layer 7) to the delivery of binary bits (Layer 1)?
Physical Layer, Network Layer, Data Link Layer, Transport Layer, Session Layer, Presentation Layer, Application Layer
Application Layer, Presentation Layer, Session Layer, Transport Layer, Network Layer, Data Link Layer, Physical Layer
Application Layer, Physical Layer, Session Layer, Transport Layer, Network Layer, Data Link Layer, Presentation Layer
Physical Layer, Data Link Layer, Network Layer, Session Layer, Transport Layer, Presentation Layer, Application Layer
Most networks employ devices for routing services. Routers work at which of the following OSI layers?
Objective 3.1.3: Switches
You manage a company network and the network budget. You want to minimize costs, but desire to prevent crackers from sniffing your local network (LAN). Which of the following devices would you recommend to meet your goals?
Which of the following statements apply to security concerns when using a switch in the LAN? (Select all that apply.)
Switches use SSH to manage interfaces by default
Switches use Telnet or HTTP to manage interfaces
Switches are more secure than routers since they are internal to the LAN
Switches should be placed behind a dedicated firewall
Which of following is a type of hub that forwards packets to an appropriate port based on the packet's address?
Objective 3.1.4: Wireless
Which of the following is actually considered a critical wireless device?
Objective 3.1.5: Modems
Which of the following are true statements about modems? (Select all that apply.)
Modems use the telephone lines
Modem stands for modulator and demodulator
Modems are no longer used in secure networks
A modem's fastest transfer rate is 56 Kbps
Modems can be configured to automatically answer any incoming call. Many user computers have modems installed from the manufacturer. What is the greatest security risk when dealing with modems in this situation?
Remote access without network administrator knowledge
Local access without network administrator knowledge
Client access without network administrator knowledge
Server access without network administrator knowledge
Objective 3.1.6: RAS
Which of the following terms defines RAS?
Random Access Security
Remote Access Security
Random Access Service
Remote Access Service
Usually, a RAS connection is a dial-up connection. What network connections also apply to RAS? (Select all that apply.)
Objective 3.1.7: Telecom/PBX
Your company has gone through several phone company changes to reduce costs. Last week, two new phone company employees indicated that they needed remote access to your company network and wanted to establish a permanent guest account on your RAS server for continued maintenance support. Which of the following actions are your best recommendations for this situation? (Select all that apply.)
Agree with their requests so that maintenance costs are reduced
Recommend that user accounts be verified with strong authentication
Remove the guest account and create verifiable remote accounts
Create a phone company group account and place that inside the guest account
Which of the following applies to PBX? (Select all that apply.)
PBX stands for Private Branch Exchange
PBX allows for analog, digital, and data to transfer over a high-speed phone system
PBX stands for Public Broadcasting Exchange
PBX is used to carry analog messages and modem communication originating at the phone company
Objective 3.1.8: VPN
You want to have a private communication between two sites that also allows for encryption and authorization. Which of the following is the best choice in this instance?
VPN tunnels have end points. Which of the following methods is used to offer Strong Authentication at each end point?
VPNs transfer encrypted data through tunneling technology. Which of the following performs fast data encryption and may be used with VPNs?
You desire to secure a VPN connection. Which protocols should you use? (Select all that apply.)
Objective 3.1.9: IDS
What does the acronym IDS stand for?
Intrusion Detection System
Internet Detection Standard
Internet Detection System
Intrusion Detection Standard
Which of the following devices is used to monitor network traffic, including DoS attacks in real time?
A host-based Intrusion Detection System
A network-based Intrusion Detection System
A router-based Intrusion Detection System
A server-based Intrusion Detection System
Which of the following security devices acts more like a detective rather than a preventative measure?
Objective 3.1.10: Network Monitoring/Diagnostic
Which of the following protocols is used to monitor network devices such as hubs, switches, and routers?
You have been using a network monitor or protocol analyzer to monitor ethernet packets. One of the messages sent has an IP header protocol field value of "1". What does this value classify?
You have been using a network monitor or protocol analyzer to monitor ethernet packets. One of the messages sent has an IP header protocol field value of "6". What does this value classify?
Objective 3.1.11: Workstations
Which of the following LAN devices is frequently a source of security concern because of its ability to process applications, share files, and perform network services in a peer-to-peer network?
You want to prevent users from downloading software on company workstations. What is this called?
Objective 3.1.12: Servers
Which of the following is a group of independent servers that are grouped together to appear like one server?
Which of the following devices have similar security concerns because they provide file sharing, network connection, and application services? (Select all that apply.)
3.1.13. Mobile Devices
Many mobile devices use wireless technology and may lack security. Which of the following devices are considered mobile devices used to connect to a network? (Select all the apply.)
Which one of the following is a small network device that is a security concern for network administrators because the device is easily misplaced?