3.3 Given a scenario, implement secure network designs.

Question 1

gathers information to determine if the data being passed is malicious or not.

Answer 1

sensors

Question 2

aggregation switch

Answer 2

An aggregation switch can connect multiple subnets to reduce the number of active ports. When aggregating subnets, the subnets are connected to the switch versus the router.

Question 3

active/passive configuration

Answer 3

Sends all requests to one node while the other node is on standby. The secondary node takes over services when the primary node loses connectivity or goes offline.

Question 4

virtual IP address

Answer 4

A virtual IP address is a shared (usually public) IP address between the two instances in a cluster. Requests go to one IP address and are routed, usually via a scheduling algorithm.

Question 5

Persistence settings

Answer 5

Persistence settings allow an application-layer load balancer to keep clients connected to a session. This is achieved with a cookie at the client.

Question 6

scheduling algorithm

Answer 6

The scheduling algorithm is the code and metrics that determine which node is selected for processing each incoming request. The simplest scheduling is round robin; this just means picking the next node.

Question 7

extranet

Answer 7

An extranet is a zone created to allow authorized users access to company assets separate from the intranet.

Question 8

DMZ

Answer 8

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN.

Question 9

Intranet

Answer 9

An intranet is an internal company zone established to allow employees the ability to share content and communicate more effectively.

Question 10

Collector

Answer 10

A collector combines multiple sensors to collect internet traffic for processing by an Intrusion Detection Systems (IDS) and other systems. Depending on where the collector is placed determines the type of traffic analyzed.

Question 11

Port mirror

Answer 11

A port mirror is used to monitor network traffic. It forwards a copy of each packet from one switch port to another.

Question 12

NAT

Answer 12

Network Addressing Protocol (NAT) translates public IP addresses to private and vice versa. By using the NAT protocol on the firewall, a company can hide assets from the public internet.

Question 13

Agentless Health assessment

Answer 13

An agentless health or posture assessment supports a wide range of devices, such as smartphones and tablets, but less detailed information about the client is available.

Question 14

GLBP

Answer 14

Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. The infrastructure is Cisco-based, so this service will most likely be implemented.

Question 15

CARP

Answer 15

Common Address Redundancy Protocol (CARP) is another commonly used network protocol that works in the same way as GLBP.

Question 16

Split tunnel VPN

Answer 16

In a split tunnel VPN, administrators decide where traffic is routed. A split tunnel can decipher whether traffic goes to a private network or not.

Question 17

Reverse Proxy

Answer 17

Reverse proxies can publish specific applications from the corporate network to the Internet by listening for specific client requests. This will ensure other intranet services are not exposed.

Question 18

802.1p header

Answer 18

Switches that support quality of service uses the 802.1p header to prioritize frames. This will improve video conferences and make efficient use of the overall network bandwidth.

Question 19

Out-of-band (OOB) managment

Answer 19

Out-of-band (OOB) management is a means of remote management of a system; a term commonly used when managing network devices. For example, a console connection to a router.

Question 20

What detection method does NID use?

Answer 20

Signature based

Question 21

UTM

Answer 21

The Unified Threat Management (UTM) is an all-in-one security appliance that combines the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, Data Loss Prevention, content filtering, and many more.

Question 22

IDS

Answer 22

An Intrusion Detection System (IDS) by itself out-of-the-box will be able to notice a user visiting a bad website, and may do passive or non-intrusive notification, but nothing active will occur.

Question 23

BPDU

Answer 23

A Bridge Protocol Data Unit (BPDU) guard setting is applied to switches. This causes a portfast-configured port that receives a BPDU to become disabled.

Question 24

STP

Answer 24

Spanning Tree Protocol (STP) is principally designed to prevent broadcast storms. These storms occur when a bridged network contains a loop and broadcast traffic is amplified by the other switches. This can disrupt the network services.