Network Technologies And Tools Quiz!

1. Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting this action?

Support voice and video transmissions

Provide time synchronization

Enable email usage

Encrypt data-in-transit

The Network Time Protocol (NTP) provides time synchronization services, so enabling NTP on servers would meet this use case. The Real-time Transport Protocol (RTP) delivers audio and video over IP networks and Secure RTP (SRTP) provides encryption, message authentication, and integrity for RTP. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3), and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn’t relevant to time synchronization services provided by NTP.

Explanation

The Network Time Protocol (NTP) provides time synchronization services, so enabling NTP on servers would meet this use case. The Real-time Transport Protocol (RTP) delivers audio and video over IP networks and Secure RTP (SRTP) provides encryption, message authentication, and integrity for RTP. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3), and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn’t relevant to time synchronization services provided by NTP.

2. Your organization's security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?

FTP

SSH

SMTP

HTTP

You can use Secure Shell (SSH) to encrypt Personally Identifiable Information (PII) data when transmitting it over the network (data-in-transit). Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic. FTP, Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.

Explanation

You can use Secure Shell (SSH) to encrypt Personally Identifiable Information (PII) data when transmitting it over the network (data-in-transit). Secure File Transfer Protocol (SFTP) uses SSH to encrypt File Transfer Protocol (FTP) traffic. FTP, Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP) transmit data in cleartext unless they are combined with an encryption protocol.

3. You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?

Create rules to block all outgoing traffic from a private IP address.

Implement a flood guard on switches.

Add a web application firewall.

Create rules to block all incoming traffic from a private IP address.

You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the Internet and any traffic coming from the Internet with a private IP address is a spoofed source IP address. All outgoing traffic will typically use a private IP address, so you shouldn’t block this outgoing traffic. A flood guard on a switch protects against media access control (MAC) flood attacks and is unrelated to this question. A web application firewall protects a web application and is unrelated to antispoofing.

Explanation

You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the Internet and any traffic coming from the Internet with a private IP address is a spoofed source IP address. All outgoing traffic will typically use a private IP address, so you shouldn’t block this outgoing traffic. A flood guard on a switch protects against media access control (MAC) flood attacks and is unrelated to this question. A web application firewall protects a web application and is unrelated to antispoofing.

4. Your organization recently purchased a sophisticated security appliance that includes a DDoS mitigator. Where should you place this device?

Within the DMZ

At the border of the network, between the intranet and the DMZ

At the border of the network, between the private network and the Internet

In the internal network

A distributed denial-of-service (DDoS) mitigator attempts to block DDoS attacks and should be placed at the border of the network, between the private network and the Internet. If the network includes a demilitarized zone (DMZ), the appliance should be placed at the border of the DMZ and the Internet. Placing it in the DMZ or the internal network doesn’t ensure it will block incoming traffic.

Explanation

A distributed denial-of-service (DDoS) mitigator attempts to block DDoS attacks and should be placed at the border of the network, between the private network and the Internet. If the network includes a demilitarized zone (DMZ), the appliance should be placed at the border of the DMZ and the Internet. Placing it in the DMZ or the internal network doesn’t ensure it will block incoming traffic.

5. You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?

Wireless access point

Firewall

Layer 2 switch

Bridge

Iptables include settings used by the Linux Kernel firewall and can be used to replace a firewall. While it’s possible to implement iptables on a wireless access point (assuming it is Linux-based), iptables still function as a firewall, not a wireless access point. A Layer 2 switch routes traffic based on the destination media access control (MAC) address, but iptables focus on IP addresses. A network bridge connects multiple networks together.

Explanation

Iptables include settings used by the Linux Kernel firewall and can be used to replace a firewall. While it’s possible to implement iptables on a wireless access point (assuming it is Linux-based), iptables still function as a firewall, not a wireless access point. A Layer 2 switch routes traffic based on the destination media access control (MAC) address, but iptables focus on IP addresses. A network bridge connects multiple networks together.

6. Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?

Transparent proxy

Reverse proxy

Nontransparent proxy

Caching proxy

A nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice. A transparent proxy doesn’t modify or filter requests. A reverse proxy is used for incoming traffic to an internal firewall, not traffic going out of the network. Proxy servers are caching proxy servers, but won’t block outgoing traffic.

Explanation

A nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice. A transparent proxy doesn’t modify or filter requests. A reverse proxy is used for incoming traffic to an internal firewall, not traffic going out of the network. Proxy servers are caching proxy servers, but won’t block outgoing traffic.

7. Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?

The new service

An ACL

ServerA

The VLAN

The most likely problem of the available choices is that an access control list (ACL) is configured incorrectly. The server is in a demilitarized zone (DMZ) and the most likely problem is an incorrectly configured ACL on the border firewall. The service is operating when accessed from internal clients, so it isn’t likely that it is the problem. Also, the server works for internal systems indicating it is working correctly. There isn’t any indication a virtual local area network (VLAN) is in use.

Explanation

The most likely problem of the available choices is that an access control list (ACL) is configured incorrectly. The server is in a demilitarized zone (DMZ) and the most likely problem is an incorrectly configured ACL on the border firewall. The service is operating when accessed from internal clients, so it isn’t likely that it is the problem. Also, the server works for internal systems indicating it is working correctly. There isn’t any indication a virtual local area network (VLAN) is in use.

8. Marge needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?

SSH

FTPS

SNMPv3

TLS

Simple Network Management Protocol version 3 (SNMPv3) is a secure protocol that can monitor and collect information from network devices. It includes strong authentication mechanisms to protect the confidentiality of credentials. None of the other protocols listed are used to monitor network devices. Secure Shell (SSH) provides a secure method of connecting to devices but does not monitor them. File Transfer Protocol Secure (FTPS) is useful for encrypting large files in transit, using Transport Layer Security (TLS). TLS is commonly used to secure transmissions but doesn’t include methods to monitor devices.

Explanation

Simple Network Management Protocol version 3 (SNMPv3) is a secure protocol that can monitor and collect information from network devices. It includes strong authentication mechanisms to protect the confidentiality of credentials. None of the other protocols listed are used to monitor network devices. Secure Shell (SSH) provides a secure method of connecting to devices but does not monitor them. File Transfer Protocol Secure (FTPS) is useful for encrypting large files in transit, using Transport Layer Security (TLS). TLS is commonly used to secure transmissions but doesn’t include methods to monitor devices.

9. A network technician incorrectly wired the switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?

Install an IDS.

Only use Layer 2 switches.

Install SNMPv3 on the switches.

Implement STP or RSTP.

Spanning Tree Protocol (STP) and Rapid STP (RSTP) both prevent switching loop problems. It’s rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Administrators use Simple Network Management Protocol version 3 (SNMPv3) to manage and monitor devices, but it doesn’t prevent switching loops.

Explanation

Spanning Tree Protocol (STP) and Rapid STP (RSTP) both prevent switching loop problems. It’s rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Administrators use Simple Network Management Protocol version 3 (SNMPv3) to manage and monitor devices, but it doesn’t prevent switching loops.

10. Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?

DMZ

VLAN

Firewall

WAF

A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the web server’s web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other administrative need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn’t necessarily separate the web-facing traffic from the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not necessarily separate Internet and internal network traffic.

Explanation

A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the web server’s web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other administrative need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn’t necessarily separate the web-facing traffic from the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not necessarily separate Internet and internal network traffic.

11. You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?

Content inspection

Malware inspection

URL filter

DDoS mitigator

You would most likely configure the Uniform Resource Locator (URL) filter on the unified threat management (UTM) security appliance. This would block access to the peer-to-peer sites based on their URL. Content inspection and malware inspection focus on inspecting the data as it passes through the UTM, but they do not block access to sites. A distributed denial-of-service (DDoS) mitigator will attempt to block incoming DDoS attack traffic.

Explanation

You would most likely configure the Uniform Resource Locator (URL) filter on the unified threat management (UTM) security appliance. This would block access to the peer-to-peer sites based on their URL. Content inspection and malware inspection focus on inspecting the data as it passes through the UTM, but they do not block access to sites. A distributed denial-of-service (DDoS) mitigator will attempt to block incoming DDoS attack traffic.

12. An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution?

Stateless firewall

Stateful firewall

Network firewall

Application-based firewall

A stateful firewall filters traffic based on the state of the packet within a session. It would filter a packet that isn’t part of a TCP three-way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While it’s appropriate to place a network firewall in a demilitarized zone (DMZ), a network firewall could be either a stateless firewall or a stateful firewall. An application-based firewall is typically only protecting a host, not a network.

Explanation

A stateful firewall filters traffic based on the state of the packet within a session. It would filter a packet that isn’t part of a TCP three-way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While it’s appropriate to place a network firewall in a demilitarized zone (DMZ), a network firewall could be either a stateless firewall or a stateful firewall. An application-based firewall is typically only protecting a host, not a network.

13. Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?

SMTP

TLS

SFTP

SRTP

The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for Voice over Internet Protocol(VoIP), video teleconferencing, and other streaming media applications. None of the other answers are directly related to VoIP or video teleconferencing. Simple Mail Transfer Protocol (SMTP) transfers email. The Transport Layer Security (TLS) protocol is used to encrypt data-in-transit but isn’t the best choice for streaming media. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP to transfer files.

Explanation

The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for Voice over Internet Protocol(VoIP), video teleconferencing, and other streaming media applications. None of the other answers are directly related to VoIP or video teleconferencing. Simple Mail Transfer Protocol (SMTP) transfers email. The Transport Layer Security (TLS) protocol is used to encrypt data-in-transit but isn’t the best choice for streaming media. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP to transfer files.

14. Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?

Flood guard

SNMPv3

SRTP

RSTP

Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need. A flood guard on a switch helps prevent a media access control (MAC) flood attack. Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.

Explanation

Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need. A flood guard on a switch helps prevent a media access control (MAC) flood attack. Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.