Question 1

Which of the following is true about private IP addresses?

Accepted Answer

A)  they are assigned by the IANA 
B)  they are not routable on the Internet 
C)  they are targeted by attackers 
D)  NAT was designed to conserve them 
A)  they are assigned by the IANA 
B)  they are not routable on the Internet 
C)  they are targeted by attackers 
D)  NAT was designed to conserve them B

Question 2

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Accepted Answer

A)  Layer 7 switch 
B)  translating gateway 
C)  proxy server 
D)  ICMP redirector 
A)  Layer 7 switch 
B)  translating gateway 
C)  proxy server 
D)  ICMP redirector C

Question 3

Which type of firewall configuration protects public servers by isolating them from the internal network?

Accepted Answer

A)  screened subnet DMZ 
B)  dual-homed host 
C)  screening router 
D)  reverse firewall 
A)  screened subnet DMZ 
B)  dual-homed host 
C)  screening router 
D)  reverse firewall A

Question 4

What is a step you can take to harden a bastion host?

Accepted Answer

A)  enable additional services to serve as honeypots 
B)  open several ports to confuse attackers 
C)  configure several extra accounts with complex passwords 
D)  remove unnecessary services 
A)  enable additional services to serve as honeypots 
B)  open several ports to confuse attackers 
C)  configure several extra accounts with complex passwords 
D)  remove unnecessary services

Question 5

Which type of NAT is typically used on devices in the DMZ?

Accepted Answer

A)  one-to-one NAT 
B)  port address translation 
C)  one-to-many NAT 
D)  many-to-one NAT 
A)  one-to-one NAT 
B)  port address translation 
C)  one-to-many NAT 
D)  many-to-one NAT

Question 6

What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?

Accepted Answer

A)  multi-homed proxy 
B)  three-pronged firewall 
C)  three-way packet filter 
D)  multi-zone host 
A)  multi-homed proxy 
B)  three-pronged firewall 
C)  three-way packet filter 
D)  multi-zone host

Question 7

What is the term used for a computer placed on the network perimeter that is meant to attract attackers?

Accepted Answer

A)  bastion host 
B)  honeypot 
C)  proxy decoy 
D)  virtual server 
A)  bastion host 
B)  honeypot 
C)  proxy decoy 
D)  virtual server

Question 8

MATCHING
-a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network

Accepted Answer

A) dual-homed host 
B) load-balancing software 
C) many-to-one NAT 
D) one-to-one NAT 
E) proxy server
F)reverse firewall
G)screened host
H)screening router
I)server farm
J)three-pronged firewall 
A) dual-homed host 
B) load-balancing software 
C) many-to-one NAT 
D) one-to-one NAT 
E) proxy server
F)reverse firewall
G)screened host
H)screening router
I)server farm
J)three-pronged firewall

Question 9

Which of the following is true about a screening router?

Accepted Answer

A)  it examines the data in the packet to make filtering decisions 
B)  it can stop attacks from spoofed addresses 
C)  it maintains a state table to determine connection information 
D)  it should be combined with a firewall for better security 
A)  it examines the data in the packet to make filtering decisions 
B)  it can stop attacks from spoofed addresses 
C)  it maintains a state table to determine connection information 
D)  it should be combined with a firewall for better security

Question 10

The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

Accepted Answer

A) True 
 B)False

Question 11

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

Accepted Answer

A)  caching firewall 
B)  proxy server 
C)  caching-only DNS server 
D)  DMZ intermediary 
A)  caching firewall 
B)  proxy server 
C)  caching-only DNS server 
D)  DMZ intermediary

Question 12

What are the primary and secondary goals of modern proxy servers?

Accepted Answer

The primary goal of modern proxy servers

Question 13

What should you consider installing if you want to inspect packets as they leave the network?

Accepted Answer

A)  security workstation 
B)  RIP router 
C)  filtering proxy 
D)  reverse firewall 
A)  security workstation 
B)  RIP router 
C)  filtering proxy 
D)  reverse firewall

Question 14

Describe the process of network address translation.What are the two primary types of NAT?

Accepted Answer

The NAT process begins with an internal

Question 15

A screened host has a router as part of the configuration.

Accepted Answer

A) True 
 B)False

Question 16

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

Accepted Answer

A) True 
 B)False

Question 17

MATCHING
-a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

Accepted Answer

A) dual-homed host 
B) load-balancing software 
C) many-to-one NAT 
D) one-to-one NAT 
E) proxy server
F)reverse firewall
G)screened host
H)screening router
I)server farm
J)three-pronged firewall 
A) dual-homed host 
B) load-balancing software 
C) many-to-one NAT 
D) one-to-one NAT 
E) proxy server
F)reverse firewall
G)screened host
H)screening router
I)server farm
J)three-pronged firewall

Question 18

Which of the following is true about a dual-homed host?

Accepted Answer

A)  serves as a single point of entry to the network 
B)  its main objective is to stop worms and viruses 
C)  uses a single NIC to manage two network connections 
D)  it is used as a remote access server in some configurations 
A)  serves as a single point of entry to the network 
B)  its main objective is to stop worms and viruses 
C)  uses a single NIC to manage two network connections 
D)  it is used as a remote access server in some configurations

Question 19

A dual-homed host has a single NIC with two MAC addresses.

Accepted Answer

A) True 
 B)False

Question 20

What is a critical step you should take on the OS you choose for a bastion host?

Accepted Answer

A)  ensure all security patches are installed 
B)  make sure it is the latest OS version 
C)  choose an obscure OS with which attackers are unfamiliar 
D)  customize the OS for bastion operation 
A)  ensure all security patches are installed 
B)  make sure it is the latest OS version 
C)  choose an obscure OS with which attackers are unfamiliar 
D)  customize the OS for bastion operation

Which of the following is true about private IP addresses?

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Which type of firewall configuration protects public servers by isolating them from the internal network?

What is a step you can take to harden a bastion host?

Which type of NAT is typically used on devices in the DMZ?

What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?

What is the term used for a computer placed on the network perimeter that is meant to attract attackers?

MATCHING -a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network

Which of the following is true about a screening router?

The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

What are the primary and secondary goals of modern proxy servers?

What should you consider installing if you want to inspect packets as they leave the network?

Describe the process of network address translation.What are the two primary types of NAT?

A screened host has a router as part of the configuration.

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

MATCHING -a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

Which of the following is true about a dual-homed host?

A dual-homed host has a single NIC with two MAC addresses.

What is a critical step you should take on the OS you choose for a bastion host?

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Intrusion Detection and Prevention Systems

Firewalls

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters

Exam 10: Firewall Design and Management

Which of the following is true about private IP addresses?

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Which type of firewall configuration protects public servers by isolating them from the internal network?

What is a step you can take to harden a bastion host?

Which type of NAT is typically used on devices in the DMZ?

What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?

What is the term used for a computer placed on the network perimeter that is meant to attract attackers?

MATCHING -a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network

Which of the following is true about a screening router?

The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

What are the primary and secondary goals of modern proxy servers?

What should you consider installing if you want to inspect packets as they leave the network?

Describe the process of network address translation.What are the two primary types of NAT?

A screened host has a router as part of the configuration.

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

MATCHING -a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

Which of the following is true about a dual-homed host?

A dual-homed host has a single NIC with two MAC addresses.

What is a critical step you should take on the OS you choose for a bastion host?

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Intrusion Detection and Prevention Systems

Firewalls

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters