7 –You have been given a laptop to use for work. You connect the laptop to your company network,use it from home, and use it while traveling. You want to protect the laptop from Internet-basesattacks. What solution should you use?
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a ConsultantWhich of the following is the best device to deploy to protect your private network from a public untrusted network? | Firewall |
Which of the following are true of a circuit proxy filter firewall?(Select two) | Operates at the Session Layer AND Verifies sequencing of session packets |
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply. | Source address of a packet, Destination address of a packet, AND Port Number |
When designing a firewall, what is the recommended approach for opening and closing ports? | Close all ports; open only ports required by applications inside the DMZ |
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? | IP address |
Which of the following are characteristics of a packet filtering firewall?(Select two) | Stateless AND Filters IP address and port |
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-bases attacks. What solution should you use? | Host based firewall |
Which of the following functions are performed by proxies?(Select two) | Block employees from accessing certain Web sites AND Cache web pages |
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use? | Circuit-level |
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem? | A proxy server is blocking access to the web sites |
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped? | ACL |
Which of the following are characteristics of a circuit-level gateway?(Select two) | Filters based on sessions AND Stateful |
Which of the following is a firewall function? | Packet filtering |
Which of the following firewall types can be a proxy between servers and clients?(Select two) | Application layer firewall AND Circuit proxy filtering firewall |
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install? | Application level |
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a ConsultantMatch the firewall type on the right with the OSI layer at which it operates. | None |
packet-filtering firewall OSI Layer | Layer 3 |
Circuit-level proxy OSI Layer | Layer 5 |
Application-Level Gateways OSI Layer | Layer 7 |
Router Firewalls OSI Layer | Layer 3 |
Transparent Firewalls OSI Layer | Layer 2 |
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? •VPN concentrator •Network-based firewall •IDS •Host-based firewall •IPS | Network-based firewall |
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) •Put the web server inside the DMZ. •Put the web server on the private network. •Put the database server inside the DMZ. •Put the database server on the private network. | •Put the web server inside the DMZ. •Put the database server on the private network. |
You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets? •Username and password •Session ID •MAC address •IP address | •IP address |
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.) •Acknowledgement number •Checksum •Sequence number •Source address of a packet •Port number •Destination address of a packet •Digital signature | •Source address of a packet •Port number •Destination address of a packet |
Which of the following describes how access lists can be used to improve network security? •An access list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. •An access list filters traffic based on the frame header such as source or destination MAC address. •An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. •An access list identifies traffic that must use authentication or encryption. | •An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers. |
Which of the following is likely to be located in a DMZ? •FTP server •User workstations •Domain controller •Backup server | •FTP server |
In which of the following situations would you most likely implement a demilitarized zone (DMZ)? •You want to encrypt data sent between two hosts using the internet. •You want to detect and respond to attacks in real time. •You want to protect a public web server from attack. •You want internet users to see a single IP address when accessing your company network. | •You want to protect a public web server from attack. |
Match the firewall type on the left with its associated characteristics on the right. Each firewall type may be used once, more than once, or not at all. | None |
Operates at Layer 2 | Virtual firewall |
Operates at Layer 3. | Routed firewall |
Counts as a hop in the path between hosts. | Routed firewall |
Does not count as a hop in the path between hosts. | Virtual firewall |
Each interface connects to a different network. | Routed firewall |
Each interface connects to the same network segment. | Virtual firewall |
When designing a firewall, what is the recommended approach for opening and closing ports? •Close all ports. •Open all ports; close ports that expose common network attacks. •Close all ports; open ports 20, 21, 53, 80, and 443. •Close all ports; open only ports required by applications inside the DMZ. •Open all ports; close ports that show improper traffic or attacks in progress. | Close all ports; open only ports required by applications inside the DMZ |
After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done? •Open port 25 to allow SMTP service. •Open port 80 to allow SNMP service. •Open port 110 to allow SMTP service. •Open port 25 to allow SNMP service. •Open port 80 to allow SMTP service. •Open port 110 to allow POP3 service. | •Open port 25 to allow SMTP service. |
You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: • IP address: 192.168.23.8 • HTTP Port: 1030 • SSL Port: 443 Users complain that they can’t connect to the website when they type www.westsim.com. What is the most likely source of the problem? •The HTTP port should be changed to 80. •FTP is not configured on the server. •Clients are configured to look for the wrong IP address. •SSL is blocking internet traffic. | The HTTP port should be changed to 80. |
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable? •443 •42 •80 •21 •53 | 53 |
In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing? •Downloading a file •Downloading a web page •Performing a name resolution request •Downloading email | •Downloading a file |
You want to allow users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability? •HTML •IP •FTP •HTTP •TFTP •TCP | •FTP |