Question 1

What are the primary and secondary goals of modern proxy servers?

Accepted Answer

The primary goal of modern proxy servers...

Question 2

MATCHING
-a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network

Accepted Answer

A)  dual-homed host
B)  load-balancing software
C)  many-to-one NAT
D)  one-to-one NAT
E)  proxy serverF) reverse firewallG) screened hostH) screening routerI) server farmJ) three-pronged firewallK) A) and B)
L) B) and C)

Question 3

A screened host has a router as part of the configuration.

Accepted Answer

A) True 
 B)False

Question 4

Describe the process of network address translation.What are the two primary types of NAT?

Accepted Answer

The NAT process begins with an internal ...

Question 5

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

Accepted Answer

A)   caching firewall
B)   proxy server
C)   caching-only DNS server
D)   DMZ intermediaryE) C) and D)
F) B) and D)

Question 6

What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?

Accepted Answer

A)   multi-homed proxy
B)   three-pronged firewall
C)   three-way packet filter
D)   multi-zone hostE) A) and B)
F) None of the above

Question 7

What is a step you can take to harden a bastion host?

Accepted Answer

A)   enable additional services to serve as honeypots
B)   open several ports to confuse attackers
C)   configure several extra accounts with complex passwords
D)   remove unnecessary servicesE) B) and C)
F) None of the above

Question 8

Which of the following is true about a screening router?

Accepted Answer

A)   it examines the data in the packet to make filtering decisions
B)   it can stop attacks from spoofed addresses
C)   it maintains a state table to determine connection information
D)   it should be combined with a firewall for better securityE) C) and D)
F) B) and D)

Question 9

Which of the following is true about a dual-homed host?

Accepted Answer

A)   serves as a single point of entry to the network
B)   its main objective is to stop worms and viruses
C)   uses a single NIC to manage two network connections
D)   it is used as a remote access server in some configurationsE) B) and D)
F) A) and B)

Question 10

A dual-homed host has a single NIC with two MAC addresses.

Accepted Answer

A) True 
 B)False

Question 11

What is a critical step you should take on the OS you choose for a bastion host?

Accepted Answer

A)   ensure all security patches are installed
B)   make sure it is the latest OS version
C)   choose an obscure OS with which attackers are unfamiliar
D)   customize the OS for bastion operationE) A) and D)
F) None of the above

Question 12

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Accepted Answer

A)   Layer 7 switch
B)   translating gateway
C)   proxy server
D)   ICMP redirectorE) None of the above
F) B) and C) C

Question 13

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

Accepted Answer

A) True 
 B)False

Question 14

What should you consider installing if you want to inspect packets as they leave the network?

Accepted Answer

A)   security workstation
B)   RIP router
C)   filtering proxy
D)   reverse firewallE) None of the above
F) A) and D)

Question 15

Which type of firewall configuration protects public servers by isolating them from the internal network?

Accepted Answer

A)   screened subnet DMZ
B)   dual-homed host
C)   screening router
D)   reverse firewallE) A) and B)
F) A) and C) A

Question 16

MATCHING
-a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

Accepted Answer

A)  dual-homed host
B)  load-balancing software
C)  many-to-one NAT
D)  one-to-one NAT
E)  proxy serverF) reverse firewallG) screened hostH) screening routerI) server farmJ) three-pronged firewallK) A) and I)
L) H) and I)

Question 17

Which of the following is true about private IP addresses?

Accepted Answer

A)   they are assigned by the IANA
B)   they are not routable on the Internet
C)   they are targeted by attackers
D)   NAT was designed to conserve themE) A) and D)
F) A) and B) B

Question 18

What is the term used for a computer placed on the network perimeter that is meant to attract attackers?

Accepted Answer

A)   bastion host
B)   honeypot
C)   proxy decoy
D)   virtual serverE) A) and D)
F) A) and B)

Question 19

Which type of NAT is typically used on devices in the DMZ?

Accepted Answer

A)   one-to-one NAT
B)   port address translation
C)   one-to-many NAT
D)   many-to-one NATE) B) and C)
F) A) and B)

Question 20

The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

Accepted Answer

A) True 
 B)False

Exam 10: Firewall Design and Management

What are the primary and secondary goals of modern proxy servers?

Correct AnswerverifiedThe primary goal of modern proxy servers...View AnswerShow Answer

MATCHING -a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network

Correct AnswerverifiedShow Answer

A screened host has a router as part of the configuration.

Correct AnswerverifiedShow Answer

Describe the process of network address translation.What are the two primary types of NAT?

Correct AnswerverifiedThe NAT process begins with an internal ...View AnswerShow Answer

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

Correct AnswerverifiedShow Answer

What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?

Correct AnswerverifiedShow Answer

What is a step you can take to harden a bastion host?

Correct AnswerverifiedShow Answer

Which of the following is true about a screening router?

Correct AnswerverifiedShow Answer

Which of the following is true about a dual-homed host?

Correct AnswerverifiedShow Answer

A dual-homed host has a single NIC with two MAC addresses.

Correct AnswerverifiedShow Answer

What is a critical step you should take on the OS you choose for a bastion host?

Correct AnswerverifiedShow Answer

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Correct AnswerverifiedC

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

Correct AnswerverifiedShow Answer

What should you consider installing if you want to inspect packets as they leave the network?

Correct AnswerverifiedShow Answer

Which type of firewall configuration protects public servers by isolating them from the internal network?

Correct AnswerverifiedA

MATCHING -a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

Correct AnswerverifiedShow Answer

Which of the following is true about private IP addresses?

Correct AnswerverifiedB

What is the term used for a computer placed on the network perimeter that is meant to attract attackers?

Correct AnswerverifiedShow Answer

Which type of NAT is typically used on devices in the DMZ?

Correct AnswerverifiedShow Answer

The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

Correct AnswerverifiedShow Answer

Correct Answer
verified
The primary goal of modern proxy servers...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
The NAT process begins with an internal ...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
C

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
A

Correct Answer
verified

Correct Answer
verified
B

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified