3.2 Given a scenario, implement secure network architecture concepts.

Question 1

DMZ

Answer 1

DeMilitarized Zone. A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.

Question 2

Extranet

Answer 2

A network separate from your internal network. Used to segregate devices that present more of a threat. For instance allowing a vendor to contractor to connect to our network.

Question 3

Bastion Host

Answer 3

host in a DMZ

Question 4

Intranet

Answer 4

Our internal network. or website/servers available only from inside our network.

Question 5

If Guest account is on the test the answer is

Answer 5

Kiosk

Question 6

NAT

Answer 6

Network Address Translation - taking the private IP address of the internal computer, and translating it to a public IP address so that it can be routed across the Internet

Question 7

Static NAT

Answer 7

One Public IP for One Private IP address. One-to-One

Question 8

Dynamic Nat

Answer 8

Dynamic assigns and reassigns a public IP address to a public IP. You only have a public assigned when you are trying to reach the the internet. One-to-Many

Question 9

Nat overload/PAT

Answer 9

NAT overload/ Port address translation - One public IP address and a high level port assigned to each private IP that tries to reach the internet. Many-to-One

Question 10

WiMAX

Answer 10

entire city with internet

Question 11

VLAN

Answer 11

Virtual Local Area Network - Network segmentation.

Question 12

VLANs break up a network using this piece of equipment

Answer 12

A network switch

Question 13

Virtualization

Answer 13

another way to segment a network. Create multiple virtual servers on a single Physical server

Question 14

Air Gap

Answer 14

Devices literally not connected to the network. the device or LAN is physically separated and not connected to any other.

Question 15

Site-to-Site VPN

Answer 15

A secure tunnel through an unsecure Internet

Question 16

Remote Access VPN

Answer 16

Allows you to access the Ft Hood network, while you are TDY or from home.

Question 17

TACACS+

Answer 17

Cisco Proprietary - AAA service

Question 18

KERBEROS

Answer 18

Microsoft - AAA service= uses Tickets

Question 19

RADIUS

Answer 19

Open source AAA service

Question 20

4 types of VPN tunnels

Answer 20

IPSEC - most secure & most common
SSL - costs money. can use a web browser.
L2TP - layer 2 tunnel protocol - Cisco Proprietary
PPTP - Point-to-Point tunnel protocol - Microsoft Proprietary

Question 21

L2TP uses what?

Answer 21

L2TP uses IPSEC

Question 22

__________ are needed in every network segment in order for an IDS or IPS to detect or Prevent malicious traffic

Answer 22

Sensors

Question 23

SSL accelerator

Answer 23

Takes some work off the CPU by handling the encryption decryption.

Question 24

Port Mirroring

Answer 24

Used to copy traffic from one network segment to another network segment. SPAN is the Cisco Proprietary method of doing this.

Question 25

Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?

A. Intranet
B. DMZ
C. Extranet
D. Ad Hoc Network

Answer 25

B. DMZ

Question 26

Which version of NAT allows all connected devices to access the internet?

A. Port Address Translation
B. Static Network Address Translation
C. Dynamic Network Address Translation
D. Virtual Local Area Network

Answer 26

A. Port Address Translation

Question 27

Which of the following would allow you to analyze an attack and then apply new security controls to the rest of the enterprise?

A. IPS
B. VPN Concentrator
C. Intranet
D. Honeynet

Answer 27

D. Honeynet