Network Security
Network Admin Principles
Network Design Elements
& Components
100
Implementing a solution that offers a single point of policy control and management for web-based content access. A. Routers B. IDS C. Audit logs D. DLP
What is A network-based IDS
100
The loop guard feature makes additional checks in Layer 2 switched networks. If bridge protocol data units (BPDU) are not received on a non-designated port and loop guard is enabled, that port is moved into the STP loop-inconsistent blocking state, instead of the listening/learning/forwarding state. Without the loop guard feature, the port assumes thedesignated port role.
What is the purpose of loop protection?
100
A network design element implemented if you are setting up a switched network and want to group users by department.
What is a VLAN? The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch, allowing the users to be grouped by department.
200
Which of the following devices is MOST likely being used when processing the following? 1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY
What is Firewall Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception.
200
An access control practice wherein resource availability is restricted to only those logins explicitly granted access, remaining unavailable even when not explicitly denied access. A. Implicit deny B. Role-based Access Control C. Mandatory Access Controls D. Least privilege
What is implicit deny?
200
An area that allows external users to access information that the organization deems necessary but will not compromise any internal organizational information. This configuration allows outside access yet prevents external users from directly accessing a server that holds internal organizational data.
What is a DMZ?
300
A device utilized when you have recently had some security breaches in the network. You suspect the cause might be a small group of employees. You want to implement a solution that monitors the internal network activity and incoming external traffic. (there are 2)
What is A network-based IDS & A host-based IDS Because you want to monitor both types of traffic, the IDSs should be used together. Network-based IDSs monitor the packet flow and try to locate packets that are not allowed for one reason or another and might have gotten through the firewall. Host-based IDSs monitor communications on a hostby- host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity. Answer A is incorrect because a router forwards information to its destination on the network or the Internet. A firewall protects computers and networks from undesired access by the outside world; therefore, Answer C is incorrect.
300
With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks. Networks that are shared by partners, vendors, or departments should have clear separation boundaries. A. Log Analysis B. VLAN Management C. Network separation D. 802.1x
What is principle behind network separation?
300
When an organization offers services that need to be configured for diverse vertical markets or wants to use a SaaS application but is concerned about security.
What is A hybrid cloud environment? Answer A is incorrect because using a public cloud increases the concern about security. Answer B is incorrect because a private cloud would not allow the public vendor SaaS implementation. Answer D is incorrect because a community cloud provides collaborative business processes in a cloud environment.
400
Internet connectivity, Load balancing, and Web content caching.
What are uses for proxy servers? You can place proxy servers between the private network and the Internet for Internet connectivity or internally for web content caching. If the organization is using the proxy server for both Internet connectivity and web content caching, you should place the proxy server between the internal network and the Internet, with access for users who are requesting the web content. In some proxy server designs, the proxy server is placed in parallel with IP routers. This allows for network load balancing by forwarding of all HTTP and FTP traffic through the proxy server and all other IP traffic through the router. Answer A is incorrect because proxy servers are not used for intrusion detection.
400
A safeguard implementation requires a switch feature that makes additional checks in Layer 2 networks to prevent STP issues.
What is Loop Protection? The loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with DoS attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logins explicitly granted access. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a
500
Which of the following is a best practice when securing a switch from physical access?
What is Disable unused ports Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.
500
Limiting resource availability to only specific traffic through the use of which of the following access control practices.
What is Implicit deny? Implicit deny is an access control practice wherein resource availability is restricted to only those logins explicitly granted access. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with DoS attacks. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.
M
e
n
u