Network Security Practices Flashcards
Your manager would like to implement a security system that can be used to secure the server room but at the same time audit who enters the server room. What technology would you use?
Give each employee a key to the server room.
Use an electronic locking system and give each employee a separate code.
Give employees a key to the server room and ask them to record an entry in the paper-based log by the entrance.
Use an electronic locking system and give each employee a separate code.
One of the benefits of using an electronic locking mechanism is that it typically logs when someone gains access to the facility
Which of the following represents the use of a biometrics device?
A key fob
PIN number
Retina scan
Retina scan
Examples of biometrics used to gain access to a facility are a retina scan, voice recognition, and a fingerprint scan
Your manager is looking to harden the network environment by ensuring clients are receiving IP addresses only from authorized DHCP servers and wants to prevent malicious ARP messages on the network. What features should you enable on the switch to accomplish these goals? (Choose two.)
MAC address filtering
DHCP SNOOPING
VLAN assignments
ARP inspection
DHCP SNOOPING
ARP inspection
In order to protect against unauthorized DHCP servers on the network, you can enable the DHCP snooping feature on the switch. You can also enable ARP inspection to help protect against malicious ARP messages
After installing a network operating system, what should you do before placing the machine on the network to help secure it?
Harden the operating system.
Disable the firewall.
Configure e-mail.
Harden the operating system.
After installing the network operating system, you should harden it, which involves removing unnecessary services. Removing unnecessary services helps secure the system, because each additional piece of software running provides more security holes for a hacker to find
After hardening the operating system, what should you do to ensure that your server has all security fixes applied to it?
Install antivirus software.
Install antispyware software.
Patch the server.
Patch the server.
After hardening the operating system, you should patch the server to apply security fixes to any software running on the server
You are assessing the security of the network infrastructure and have noticed that administrators are using Telnet to access network devices remotely to administer those devices. What change would you recommend?
Use SFTP.
Use HTTP.
Use SSH.
Use SSH.
You would ensure that administrators are encrypting traffic between their administrative workstations and the network devices by using SSH. SSH is a secure replacement to the unsecure Telnet protocol
What type of device analyzes packets that attempt to enter the network and then either allows or denies the traffic, based on rules?
Encryption
Firewall
Router
Firewall
A firewall is used to secure the internal network from the outside world by rules configured on the firewall that specify which packets to drop and which packets to allow through
What kind of firewall provides a single computer with two physical network interfaces?
A dual-homed host firewall
A screened-host firewall
A screening router
A dual-homed host firewall
A dual-homed host firewall contains two physical network interfaces
Which component(s) is/are included in a screened subnet firewall configuration?
Single screening router
Host firewall server
Circuit application
Two screening routers
Host firewall server
Two screening routers
A firewall and two screening routers are required in a screened subnet configuration
Which type of firewall is used to provide security based on rules governing the network or transport layers?
Packet level
Application level
Circuit level
Packet level
The packet level controls the network or transport layer within packets, creating rules that allow or deny traffic based on IP address (layer 3) or port number (layer 4)
You are the administrator for a small office network. You frequently have customers visit your office who need Internet access. Which of the following security recommendations would you advise?
Give the wireless password to the customers and change it when they leave.
Create a guest network segment for the customers.
Add their MAC address to the port security feature of the switch.
Create a guest network segment for the customers.
You want to make sure that you have a guest network segment for visitors so that if someone is visiting your office and needs network access, there is no way for them to connect to the production systems
You want to ensure that clients on the network receive IP addresses from authorized servers only. What would you do?
Use a guest network segment.
Use VLANs.
Configure DHCP snooping.
Configure DHCP snooping.
DHCP snooping is a network hardening technique that ensures clients only receive DHCP messages from authorized DHCP servers
