Inbound Access To A Windows Terminal Server

1.

Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place?

Teardrop

Land

Smurf

Cross-site scripting (XSS)

The likely attack taking place is a Smurf attack. In a Smurf attack, the attacker sends a large number of ICMP echo requests (pings) to a network's broadcast address, with the source address spoofed as the victim's IP address. The broadcast address causes all devices on the network to respond with ICMP echo replies, overwhelming the victim's network with excessive traffic. This results in the situation where the ICMP echo replies coming into the network exceed the ICMP echo requests leaving the network.

Explanation

The likely attack taking place is a Smurf attack. In a Smurf attack, the attacker sends a large number of ICMP echo requests (pings) to a network's broadcast address, with the source address spoofed as the victim's IP address. The broadcast address causes all devices on the network to respond with ICMP echo replies, overwhelming the victim's network with excessive traffic. This results in the situation where the ICMP echo replies coming into the network exceed the ICMP echo requests leaving the network.

2. What type of firewall security feature limits the volume of traffic from individual hosts?

Loop protection

Network separation

Stateful inspection

Flood guard

Flood guard is a type of firewall security feature that limits the volume of traffic from individual hosts. It helps prevent network congestion and protects against denial-of-service (DoS) attacks by monitoring and controlling the amount of traffic that can be sent from a single source. By setting thresholds and rate limits, flood guard ensures that excessive traffic from a particular host is blocked or limited, thereby maintaining the overall network performance and security.

Explanation

Flood guard is a type of firewall security feature that limits the volume of traffic from individual hosts. It helps prevent network congestion and protects against denial-of-service (DoS) attacks by monitoring and controlling the amount of traffic that can be sent from a single source. By setting thresholds and rate limits, flood guard ensures that excessive traffic from a particular host is blocked or limited, thereby maintaining the overall network performance and security.

3.

Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow?

143

443

989

3389

The correct answer is 3389. This port is used for Remote Desktop Protocol (RDP) which is the protocol used by Windows Terminal Server to allow remote access to the server. By allowing inbound access on this port, Henry will be able to establish a connection to the Windows Terminal Server.

Explanation

The correct answer is 3389. This port is used for Remote Desktop Protocol (RDP) which is the protocol used by Windows Terminal Server to allow remote access to the server. By allowing inbound access on this port, Henry will be able to establish a connection to the Windows Terminal Server.

4.

Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?

80

143

443

3389

Port 443 is used for encrypted web traffic, specifically for HTTPS communication. HTTPS is the secure version of HTTP, and it encrypts the data being transmitted between a web server and a client, ensuring the privacy and integrity of the information. By allowing traffic on port 443, Henry can ensure that encrypted web traffic can reach the web server while still maintaining security.

Explanation

Port 443 is used for encrypted web traffic, specifically for HTTPS communication. HTTPS is the secure version of HTTP, and it encrypts the data being transmitted between a web server and a client, ensuring the privacy and integrity of the information. By allowing traffic on port 443, Henry can ensure that encrypted web traffic can reach the web server while still maintaining security.

5. Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use?

Firewall

Unified threat management (UTM)

Router

VPN concentrator

Bob should use a VPN concentrator because it is specifically designed to handle high-volume VPN traffic. A VPN concentrator is a device that is optimized for processing VPN connections and can handle a large number of simultaneous connections. It provides secure and efficient VPN connectivity for multiple users or devices. A firewall, UTM, or router may not have the necessary processing power or capabilities to handle the high volume of VPN traffic that Bob requires.

Explanation

Bob should use a VPN concentrator because it is specifically designed to handle high-volume VPN traffic. A VPN concentrator is a device that is optimized for processing VPN connections and can handle a large number of simultaneous connections. It provides secure and efficient VPN connectivity for multiple users or devices. A firewall, UTM, or router may not have the necessary processing power or capabilities to handle the high volume of VPN traffic that Bob requires.

6. What is NOT a service commonly offered by unified threat management (UTM) devices?

URL filtering

Wireless network access

Malware inspection

Content inspection

Unified threat management (UTM) devices commonly offer services such as URL filtering, malware inspection, and content inspection. However, wireless network access is not typically offered by UTM devices. UTM devices are primarily designed to provide security functions such as firewall, intrusion prevention, and virtual private network (VPN) capabilities, rather than wireless network access. Therefore, wireless network access is not a service commonly offered by UTM devices.

Explanation

Unified threat management (UTM) devices commonly offer services such as URL filtering, malware inspection, and content inspection. However, wireless network access is not typically offered by UTM devices. UTM devices are primarily designed to provide security functions such as firewall, intrusion prevention, and virtual private network (VPN) capabilities, rather than wireless network access. Therefore, wireless network access is not a service commonly offered by UTM devices.

7.

What wireless security technology contains significant flaws and should never be used?

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access (WPA)

WPA2

Remote Authentication Dial-In User Service (RADIUS)

Wired Equivalent Privacy (WEP) is the correct answer because it is an outdated wireless security technology that contains significant flaws. WEP encryption is easily cracked, making it vulnerable to unauthorized access and data breaches. It is no longer recommended for use and has been replaced by more secure options such as WPA and WPA2.

Explanation

Wired Equivalent Privacy (WEP) is the correct answer because it is an outdated wireless security technology that contains significant flaws. WEP encryption is easily cracked, making it vulnerable to unauthorized access and data breaches. It is no longer recommended for use and has been replaced by more secure options such as WPA and WPA2.

8.

Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?

Packet filtering

Application proxying

Stateful inspection

Network address translation

The correct answer is Application proxying. This technology involves opening separate connections between the devices on both sides of the firewall. It acts as an intermediary between the client and the server, allowing the firewall to inspect and filter the traffic at the application layer. This provides an additional layer of security by analyzing the content and behavior of the application traffic.

Explanation

The correct answer is Application proxying. This technology involves opening separate connections between the devices on both sides of the firewall. It acts as an intermediary between the client and the server, allowing the firewall to inspect and filter the traffic at the application layer. This provides an additional layer of security by analyzing the content and behavior of the application traffic.

9.

What firewall approach is shown in the figure?

Border firewall

Bastion host

Screened subnet

Multilayered firewall

The correct answer is "Screened subnet". In the figure, there is a firewall separating an internal network from an external network. This configuration is known as a screened subnet, where the firewall acts as a buffer zone between the internal network and the external network. The screened subnet approach provides an additional layer of security by adding an extra network segment between the internal and external networks, making it more difficult for attackers to gain unauthorized access to the internal network.

Explanation

The correct answer is "Screened subnet". In the figure, there is a firewall separating an internal network from an external network. This configuration is known as a screened subnet, where the firewall acts as a buffer zone between the internal network and the external network. The screened subnet approach provides an additional layer of security by adding an extra network segment between the internal and external networks, making it more difficult for attackers to gain unauthorized access to the internal network.

10. Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy?

Radius

LEAP

Captive portal

PEAP

Karen should deploy a captive portal technology. A captive portal is a web page that is displayed to users when they connect to a network. It requires users to authenticate or agree to terms and conditions before gaining access to the network. This technology is commonly used in hotels and other public Wi-Fi networks to provide a secure and controlled access to the internet.

Explanation

Karen should deploy a captive portal technology. A captive portal is a web page that is displayed to users when they connect to a network. It requires users to authenticate or agree to terms and conditions before gaining access to the network. This technology is commonly used in hotels and other public Wi-Fi networks to provide a secure and controlled access to the internet.