This chapter is from the book
This chapter is from the book
This chapter is from the book
Exam Prep Answers
Objective 3.1: Devices
-
Answers A, B, and D are correct. Firewalls, routers, and switches will help you protect critical resources and separate your LAN.
-
Answer B is correct. A firewall is best suited to protect resources and subnet your LAN directly on the network or gateway server.
-
Answer B is correct. Stateful firewalls may filter connection-oriented packets such as TCP.
-
Answer A is correct. The static router offers a stable table that you, as the network administrator, generate.
-
Answer B is correct. A switch will meet your goals for this situation.
-
Answers A and B are correct. The term modem stands for modulator and demodulator. Modems use telephone lines. DSL and cable modems are faster than 56Kbps.
-
Answer C is correct. A VPN provides for a private communication between two sites that also permits encryption and authorization.
-
Answer C is correct. Data Encryption Standard (DES) performs fast data encryption and may be used with VPNs.
-
Answer A is correct. IDS stands for intrusion detection system.
Objective 3.2: Media
-
Answers A, C, and D are correct. Twisted pair, fiber optic, and coaxial are types of network cabling. Token ring is a type of physical topology.
-
Answer C is correct. Of the choices listed for coax cabling, long distance is the best answer.
-
Answer C is correct. CAT 5 twisted-pair cabling is the media standard for most local network installations.
-
Answer A is correct. Fiber is the best choice in this situation.
-
Answers A and C are correct. Zip disks and floppy disks are magnetic storage media.
Objective 3.3: Security Topologies
-
Answer C is correct. There are three accepted ranges for port numbers: the well-known ports; the registered ports, which are registered by the Internet Assigned Numbers Authority (IANA); and the dynamic (private) ports.
-
Answers A, B, C, and D are correct. All of the items listed are examples of security zones.
-
Answers A, C, and D are correct. You should place your Web servers, FTP servers, and email servers within the DMZ. Web servers, FTP servers, and email servers are typically hosted within the DMZ.
-
Answer B is correct. A VLAN will improve connectivity in this situation.
-
Answers A and C are correct. With tunneling, private network data, which is encapsulated or encrypted, is transmitted over a public network.
Objective 3.4: Intrusion Detection
-
Answer B is correct. This is an example of a false-positive result.
-
Answer A is correct. The network-based IDS monitors network traffic in real time.
-
Answer D is correct. A host-based IDS can review computer system and event logs to detect a successful attack on a client computer.
-
Answer D is correct. A honeypot is a computer configured as a sacrificial lamb so that administrators are aware when malicious attacks are in progress.
-
Answer B is correct. An incident response is a written plan that indicates who will monitor these tools and how users should react after a malicious attack occurs.
Objective 3.5: Security Baselines
-
Answer A is correct. Security baselines relate to the fundamental principal of implementing security measures on computer equipment to ensure that minimum standards are being met.
-
Answers B and D are correct. To harden your NOS, check the manufacturer's Web site for any additional service patches for the NOS and disable any unused services.
-
Answer D is correct. NetBEUI should be denied passage over your firewall for security reasons.
-
Answer C is correct. Of the items listed, configuring network applications with the most recent updates and service packs relates best to application hardening.
-
Answers A, C, and D are correct. Large data repositories may include storage area network (SAN), network attached storage (NAS), and directory enabled networks (DEN).
-
Answer B is correct. SQL has this default security vulnerability because the sa account is established with a blank password.