Chapter 2.1

Question 1

SSL Decryptor Pros vs Cons

Answer 1

PRO: A benefit (or pro) for deploying an SSL decryptor is that it will block connections that use weak cipher suites or implementations and block connections that cannot be inspected.

CON: Placing the SSL decryptor at the edge is a drawback (or con). The edge of the network is also the point where internal network meets the public network. The placement makes the SSL decryptor a single point of failure.

Question 2

multipurpose proxy

Answer 2

A multipurpose proxy server can be configured with filters for multiple protocol types, such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and SMTP (Simple Mail Transfer Protocol).

Question 3

application proxy

Answer 3

An application-specific proxy, like a web proxy, will only filter out content from the web. A proxy server is required for FTP services as well.

Question 4

non-transparent proxy

Answer 4

A non-transparent class of proxies requires a client to be configured with the proxy server address and port settings.

Question 5

transparent proxy

Answer 5

A transparent class of proxies requires no extra configuration of client computers. This proxy intercepts client traffic through a switch, router or other inline network appliance.

Question 6

bridge

Answer 6

A bridge connects two network segments together. An example includes a bridged connection between the wireless and Ethernet adapters of a laptop.

Question 7

STP

Answer 7

STP stands for Spanning Tree Protocol. It prevents loops with multiple switches and routers.

Question 8

port security

Answer 8

Port security is used to prevent the attachment of unauthorized client devices on wall ports, switches, or routers. A maximum number of MAC addresses can be set to record, which will prevent future connections once the maximum is met.

Question 9

SNMP

Answer 9

SNMP or Simple Network Management Protocol is used for sending traps to network monitoring tools with status information. Changing the custom string will prevent unauthorized tools from gathering data using default string names.

Question 10

HTTPS for switches

Answer 10

HTTPS can be enabled on the network switch for secure web management. This is an alternative to managing switches via SSH.

Question 11

SSL decryptor/inspector/interceptor

Answer 11

An SSL decryptor, inspector, or interceptor is a type of proxy used to examine encrypted traffic before it enters or leaves the network. This ensures that traffic complies with data policies and strong cipher suites are used.

The SSL interceptor is at the network’s edge as a transparent bridge to evade a hacker’s view. It will not be a regular device with an IP address on its own subnet range.

Question 12

Round Robin setting

Answer 12

A round robin setting is used in load balancing scenarios. New client sessions are established with the next server in the group. Round robin and affinity provide stateless fault tolerance.

Question 13

session affinity

Answer 13

A session affinity setting is used in load balancing scenarios. This is also known as source IP (internet protocol) and is a layer 4 approach to handling user sessions.

Question 14

active/active

Answer 14

An active/active cluster provides Enterprise services to clients from both virtual servers. All services will transparently transfer to the other server if one virtual host goes offline.

Question 15

active/passive

Answer 15

An active/passive cluster provides Enterprise services to clients from only one virtual server. The other server comes online only when the currently active server goes offline.

Question 16

IPsec VPN

Answer 16

IPSec VPN will use encryption, such as L2TP (Layer 2 Tunneling Protocol) and IKEv2 (Internet Key Exchange). It is generally harder to implement than TLS VPN, due to firewall restrictions and client-side set up.

Question 17

TLS VPN

Answer 17

A TLS (Transport Layer Security) VPN will require a remote server listening on port 443 (so no changes to firewalls) and optionally, a set of client certificates for authenticating the device (transparent for users after simple set up).

Better for remote access VPN set up

Question 18

Two virtual servers deployed DHCP. One server will actively provide IP (Internet Protocol) addresses, while the other is on standby. The server backend has active-passive clustering. Management would like services for session routing with something other than a Cisco solution. Which of the following will most likely support management’s needs? (Select two)

Answer 18

VIP–CORRECT: Each server node has its own IP address, but externally a load-balanced service is advertising a Virtual IP (VIP) address. Clients go to an IP address or FQDN (fully qualified domain name) and will be routed accordingly between the servers in the cluster.

CARP–CORRECT: Common Address Redundancy Protocol (CARP) is a standard industry network protocol that will work in this situation.

GLBP–Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. While GLBP and CARP are similar in functionality, management specifically requested not to use a Cisco solution, so GLBP will not work in this case.

DNS—-A FQDN can have multiple IP addresses using DNS records, and name resolution can route the sessions. However, only the first record will be active until it is unavailable.

Question 19

DLP

Answer 19

A DLP can be used to block the writing of information to a CD or DVD based on configured policies and installed agents at the endpoint.

A DLP can block the transferring of content to USB in the same way as writing to CD or DVD.

A DLP can block the sending of proprietary information over email by, for example, preventing the attaching of documents or pictures to an email.

Question 20

Yagi

Answer 20

The Yagi or Yagi-Uda array is describe as a rod with fins. It is a directional antenna.

Question 21

Dish

Answer 21

A parabolic or dish antenna are very familiar. These dishes are often pointed to satellites in space.

Question 22

Grid

Answer 22

Also known as a parabolic antenna, a grid antenna has open spacing that solves the high wind issues that dish antennas experience causing them to move.

Question 23

Rubber ducky

Answer 23

The rubber ducky or dipole antennas are plastic-coated rods used on wireless access points (WAPs). WAPs without any antennas use omnidirectional vertical rod-type antennas, which can receive and send a signal in all directions.

Question 24

S/MIME

Answer 24

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to email.

Question 25

TPM

Answer 25

A TPM or Trusted Platform Module is a hardware security module that BitLocker uses to link an encrypted hard drive with a specific system. Placing an encrypted hard drive in another laptop will require a recovery password.