Security Pro Chapter 4-5

Exit

Question 1 of 1

  Time Left


0 [{"id":447761,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:12:32","updated_at":"2018-05-13 22:06:23","questionName":"You want to connect your small company network to the internet. Your ISP provides you with a\r\nsingle IP address that is to be shared between all hosts on your private network. You do not\r\nwant external hosts to be able to initiate connection to internal hosts. What type of network\r\naddress translation (NAT) should you implement?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":9,"explanation":"Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows\r\nprivate hosts to access the internet, but does not allow internet hosts to initiate contact with\r\nprivate hosts.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447760,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:11:27","updated_at":"2018-05-13 22:06:23","questionName":"You are the network administrator for a small company that implements NAT to access the\r\ninternet. However, you recently acquired five servers that must be accessible from outside your\r\nnetwork. Your ISP has provided you with five additional registered IP addresses to support these\r\nnew servers, but you don't want the public to access these servers directly. You want to place\r\nthese servers behind your firewall on the inside network, yet still allow them to be accessible to\r\nthe public from the outside.\r\nWhich method of NAT translation should you implement for these servers?\r\n","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":8,"explanation":"Static translation consistently maps an unregistered IP address to the same registered IP address\r\non a one-to-one basis. Static NAT is particularly useful when a device needs to be assigned the\r\nsame address so it can be accessed from outside the network, such as web servers and other\r\nsimilar devices.\r\nDynamic translation would not work for these servers because it maps an unregistered host IP\r\naddress to any available IP address configured in a pool of one or more registered IP addresses.\r\nAccessing a server assigned one of these addresses would be nearly impossible because the\r\naddresses are still shared by multiple hosts.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":444954,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-04-29 18:00:20","updated_at":"2018-05-13 22:06:23","questionName":"What encryption method is used by WPA for wireless networks?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":11,"explanation":"WPA uses TKIP for encryption. TKIP uses rotating encryption keys for added security over WEP.\r\nAES encryption is used with WPA2. WEP is a security method for wireless networks that provides\r\nencryption through the use of a shared encryption key (the WEP key).\r\nIPsec is an encryption method that is used for VPN tunneling. While it can be used on a wireless\r\nnetwork, it is used in addition to encryption provided by either WEP, WPA, or WPA2. 802.1x is an\r\nauthentication method for wired and wireless networks.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":444958,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-04-29 18:03:08","updated_at":"2018-05-13 22:06:23","questionName":"You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the\r\nfollowing components will be part of your design? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":13,"explanation":"To configure WPA2 Enterprise, you will need a RADIUS server to support 802.1x authentication.\r\nWPA2 uses AES for encryption.\r\nWPA2-PSK, also called WPA2 Personal, uses pre-shared keys for authentication. WPA uses TKIP\r\nfor encryption.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447756,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:05:10","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following firewall types can be a proxy between servers and clients? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":6,"explanation":"Both the circuit proxy filtering firewall and the application layer firewall can act as a proxy server\r\nbetween a server and a client.\r\nThe kernel proxy filtering firewall operates at the operating system ring 0. The stateful inspection\r\nfirewall operates at the Network and Transport layers, and therefore cannot adequately examine\r\nmessages in order to act as a proxy. The dynamic packet filtering firewall is a combination of a\r\nstateful inspection and a packet filtering firewall.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447749,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 14:58:24","updated_at":"2018-05-13 22:06:23","questionName":"You would like to control Internet access based on users, time of day, and websites visited. How\r\ncan you do this?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":2,"explanation":"Use a proxy server to control Internet access based on users, time of day, and websites visited.\r\nYou configure these rules on the proxy server, and all Internet access requests are routed\r\nthrough the proxy server.\r\nUse a packet filtering firewall, such as Windows Firewall, to allow or deny individual packets\r\nbased on characteristics such as source or destination address and port number. Configure\r\nInternet zones to identify trusted or restricted websites and to control the types of actions that\r\ncan be performed when going to those sites.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":444956,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-04-29 18:01:44","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following features are supplied by WPA2 on a wireless network?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":12,"explanation":"Wi-Fi Protected Access (WPA) provides encryption and user authentication for wireless networks.\r\nMAC address filtering allows or rejects client connections based on the hardware address. The\r\nSSID is the network name or identifier. A wireless access point (called an AP or WAP) is the\r\ncentral connection point for wireless clients. A firewall allows or rejects packets based on packet\r\ncharacteristics (such as address, port, or protocol type).","question_score_id":null,"lang":"","questionAudioPath":null},{"id":444959,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-04-29 18:05:23","updated_at":"2018-05-13 22:06:23","questionName":"You need to configure the wireless network card to connect to your network at work. The\r\nconnection should use a user name and password for authentication with AES encryption.\r\nWhat should you do?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":14,"explanation":"Select WPA2-Enterprise for the wireless connection. WPA2 is required to support AES encryption.\r\nAn Enterprise configuration (using either WPA or WPA2) authenticates using user names,\r\npasswords, and 802.1x authentication. A RADIUS server is required for using 802.1x.\r\nA Personal (or PSK) configuration uses a pre-shared key for authentication. All clients are\r\nconfigured using the same pre-shared key. WPA uses TKIP for encryption","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447758,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:07:14","updated_at":"2018-05-13 22:06:23","questionName":"You have a small network at home that is connected to the internet. On your home network, you\r\nhave a server with the IP address of 192.168.55.199\/16. You have a single public address that is\r\nshared by all hosts on your private network.\r\nYou want to configure the server as a web server and allow internet hosts to contact the server\r\nto browse a personal website.\r\nWhat should you use to allow access?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":7,"explanation":"Static NAT maps an internal IP address to a static port assignment. Static NAT is typically used to\r\ntake a server on the private network (such as a web server) and make it available on the internet.\r\nExternal hosts contact the internal server using the public IP address and the static port. Using a\r\nstatic mapping allows external hosts to contact internal hosts.\r\nDynamic NAT automatically maps internal IP addresses with a dynamic port assignment. On the\r\nNAT device, the internal device is identified by the public IP address and the dynamic port\r\nnumber. Dynamic NAT allows internal (private) hosts to contact external (public) hosts, but not\r\nvice versa. External hosts cannot initiate communications with internal hosts.\r\nDNS records associate a host name with an IP address. With multicast, a single data stream can\r\nbe forwarded to all computers that are members of the same multicast group.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447746,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 14:54:29","updated_at":"2018-05-13 22:06:23","questionName":"You have been given a laptop to use for work. You connect the laptop to your company network,\r\nuse it from home, and use it while traveling.\r\nYou want to protect the laptop from Internet-based attacks.\r\nWhich solution should you use?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":0,"explanation":"A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect\r\nagainst attacks when there is no network-based firewall, such as when you connect to the\r\nInternet from a public location.\r\nA network-based firewall inspects traffic as it flows between networks. For example, you can\r\ninstall a network-based firewall on the edge of your private network that connects to the Internet\r\nto protect against attacks from Internet hosts.\r\nA VPN concentrator is a device connected to the edge of a private network that is used for remote\r\naccess VPN connections. Remote clients establish a VPN connection to the VPN concentrator and\r\nare granted access to the private network. A proxy server is an application layer firewall that acts\r\nas an intermediary between a secure private network and the public. Access to the public network\r\nfrom the private network goes through the proxy server.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447748,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 14:56:22","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following are true of a circuit proxy filter firewall? (Select two.)","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":1,"explanation":"A circuit proxy filter firewall operates at the Session layer. It verifies the sequencing of session\r\npackets, breaks the connections, and acts as a proxy between the server and the client.\r\nAn application layer firewall operates at the Application layer, examines the entire message, and\r\ncan also act as a proxy to clients. A stateful inspection firewall operates at the Network and\r\nTransport layers. It filters on both IP addresses and port numbers. A kernel proxy filtering firewall\r\noperates at the operating system ring 0.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447752,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:01:23","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following describes how access lists can be used to improve network security?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":4,"explanation":"An access list filters traffic based on the IP header information such as source or destination IP\r\naddress, protocol, or socket numbers. Access lists are configured on routers, and operate on\r\nLayer 3 information.\r\nPort security is configured on switches and filters traffic based on the MAC address in the frame.\r\nAn Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) examines patterns\r\ndetected across multiple packets. An IPS can take action when a suspicious pattern of traffic is\r\ndetected.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447763,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:14:14","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following is not one of the IP address ranges defined in RFC 1918 that are\r\ncommonly used behind a NAT server?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":10,"explanation":"169.254.0.1 - 169.254.255.254 is the range of IP addresses assigned to Windows DHCP clients if\r\na DHCP server does not assign the client an IP address. This range is known as the Automatic\r\nPrivate IP Addressing (APIPA) range.\r\nThe other three ranges listed in this question are defined as the private IP addresses from RFC\r\n1918, which are commonly used behind a NAT server.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447750,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:00:09","updated_at":"2018-05-13 22:06:23","questionName":"Which of the following does a router acting as a firewall use to control which packets are\r\nforwarded or dropped?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":3,"explanation":"When you configure a router as a firewall, you configure the access control list (ACL) with\r\nstatements that identify traffic characteristics, such as the direction of traffic (inbound or\r\noutbound), the source or destination IP address, and the port number. ACL statements include an\r\naction to either allow or deny the traffic specified by the ACL statement.\r\nIPsec is a protocol for encrypting packets. RDP and VNC are remote desktop protocols used for\r\nremotely accessing a computer's desktop. PPP is a protocol for establishing a remote access\r\nconnection over a dial-up link.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":447755,"quiz_id":"22322","answer_id":null,"answerType_id":"0","created_at":"2018-05-01 15:03:35","updated_at":"2018-05-13 22:06:23","questionName":"When designing a firewall, what is the recommended approach for opening and closing ports?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":5,"explanation":"When designing a firewall, the recommended practice is to close all ports and then only open\r\nthose ports that allow the traffic that you want to allow inside the DMZ or the private network.\r\nPorts 20, 21, 53, 80, and 443 are common ports that are opened, but the exact ports you will\r\nopen depend on the services provided inside the DMZ.","question_score_id":null,"lang":"","questionAudioPath":null}]
447761
0
120
block

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of network address translation (NAT) should you implement?

Select the Correct Answers  

(0/0)












447760
0
120
none
444954
0
120
none
444958
0
120
none
447756
0
120
none
447749
0
120
none
444956
0
120
none
444959
0
120
none
447758
0
120
none
447746
0
120
none
447748
0
120
none
447752
0
120
none
447763
0
120
none
447750
0
120
none
447755
0
120
none