Networking Fundamentals: Firewalls and Appliances

Questions and Answers

In its primary functionality, a network-attached storage (NAS) device is most closely associated with which of the following devices?

RAID

Failover cluster

File server (correct)

JBOD

Which of the following statements about the differences between network-attached storage (NAS) and storage area networks (SANs) are true? (Choose all that apply.)

NAS provides file-level storage access, whereas SAN provides block-level storage access. (correct)

NAS devices typically contain integrated iSCSI targets.

SAN devices have an operating system, whereas NAS devices do not.

NAS devices typically provide a filesystem, whereas SAN devices do not. (correct)

Which of the following specify advantages of FCoE over the original Fibre Channel standard? (Choose all that apply.)

FCoE uses standard Ethernet networking hardware. (correct)

FCoE can share a network with standard IP traffic, whereas Fibre Channel cannot. (correct)

FCoE is routable over IP networks, whereas Fibre Channel is not. (correct)

FCoE is less expensive to implement than Fibre Channel.

Which of the following are Application layer protocols that network-attached storage (NAS) devices can use to serve shared files to clients on the network? (Choose all that apply.)

NFS

Which of the following is not one of the advantages of iSCSI over Fibre Channel?

iSCSI can share the same network as standard local area network traffic, whereas Fibre Channel cannot.

Which of the following is the term for the client that accesses an iSCSI device on a storage area network?

Initiator

Which of the following protocols are included in an iSCSI packet on a storage area network (SAN)? (Choose all that apply.)

IP

Which of the following protocols are included in a Fibre Channel packet?

None of the above

Which of the following protocol standards defines a layered implementation that does not correspond to the layers of the Open Systems Interconnection (OSI) model?

PPP

Which of the following protocols are included in an FCoE packet?

Ethernet

Ralph, the administrator of a 500-node private internetwork, is devising a plan to connect the network to the Internet. Which of the following statements about Ralph's proposed Internet access solution is true?

The proposal satisfies the primary objective and one of the secondary objectives.

Which of the following is not a mechanism for distributing incoming network traffic among multiple servers?

VPN headend

Which of the following is not a function typically provided by a unified threat management (UTM) appliance?

Network-attached storage

A multilayer switch can operate at which layers of the Open Systems Interconnection (OSI) model? (Choose all that apply.)

Transport

Control plane policing (CPP or CoPP) is a feature on some routers and switches that limits the rate of traffic on the device's processor to prevent denial-of-service (DoS) and reconnaissance attacks. It uses which of the following technologies?

QoS

Which of the following is a device that switches calls between endpoints on the local IP network and provides access to external Internet lines?

VoIP gateway

What is the true definition of the term modem?

A device that converts analog signals to digital signals and back again

Which of the following terms are used to describe the device used to place calls on a Voice over Internet Protocol (VoIP) installation?

Gateway

Which of the following devices enables you to use a standard analog telephone to place calls using the Internet instead of the public switched telephone network (PSTN)?

VoIP gateway

Which of the following prevents packets on a TCP/IP internetwork from being transmitted endlessly from router to router?

Time to live (TTL)

Which of the following is the abbreviation for a network of Internet data centers supplying end users with localized access to their data?

CDN

Which of the following best describes the function of a firewall?

A device located between two networks that enables administrators to restrict incoming and outgoing traffic

Which of the following terms is used to describe the method by which a firewall examines the port numbers in Transport layer protocol headers?

Service-dependent filtering

Which of the following physical network devices can conceivably be implemented as software in a computer's operating system? (Choose all that apply.)

Router

Which of the following criteria does a firewall capable of service-dependent filtering use to block traffic?

Port numbers

Ralph is a freelance network consultant installing a small business network. Which solution would enable Ralph to protect the network from unauthorized Internet traffic and attacks against open ports with minimum cost?

Install a hardware firewall between the multifunction device and the cable modem

Which of the following statements are true about hubs and switches? (Choose all that apply.)

All of the devices connected to a hub are part of a single collision domain, whereas each device connected to a switch has its own collision domain

Which of the following devices perform essentially the same function? (Choose two.)

Bridges

Which of the following switch types immediately forwards frames after looking at only the destination address?

Cut-through

Which of the following is something that only a firewall capable of stateful packet inspection can do?

Scan Transport layer header fields for evidence of SYN floods

Which of the following are methods typically used by intrusion detection systems (IDSs) to analyze incoming network traffic? (Choose all that apply.)

Anomaly-based detection

Which of the following is another term for a multiport bridge?

Switch

Which of the following statements about switches and routers are true? (Choose all that apply.)

All of the devices connected to a switch are part of a single broadcast domain, whereas the networks connected to a router form separate broadcast domains

Which of the following types of systems are frequently used to collect information from intrusion detection systems (IDSs)?

SIEM

Which of the following explains why splitting a large, switched Ethernet LAN into two LANs by adding a router can help alleviate traffic congestion and improve performance? (Choose all that apply.)

Adding a router reduces the amount of broadcast traffic on each of the two LANs

Which of the following statements about traditional bridges and switches is true?

Bridges and switches are Data link layer devices that use media access control (MAC) addresses to forward frames

Which of the following is a correct term describing the function of a traditional switch?

Multiport bridge

Which of the following is the primary reason why replacing hubs with layer 2 switches on an Ethernet LAN improves its performance?

Layer 2 switches reduce the number of collisions on the network

Which of the following statements about routers are true? (Choose all that apply.)

Routers are Network layer devices that use IP addresses to forward frames

The network administrator is installing a firewall. At which of the following locations should the administrator install the firewall system?

Between the Internet access router and the rest of the private internetwork

Proxy servers operate at which layer of the OSI reference model?

Application

Which of the following is a feature that is not found in a traditional firewall product, but which might be found in a next-generation firewall (NGFW)?

Deep packet inspection (DPI)

Which of the following statements about content filtering in firewalls is true?

Content filters examine the data carried within packets for potentially objectionable materials

In its primary functionality, a network-attached storage (NAS) device is most closely associated with which of the following devices?

File server

Which of the following statements about the differences between network-attached storage (NAS) and storage area networks (SANs) are true? (Choose all that apply.)

NAS provides file-level storage access, whereas SAN provides block-level storage access.

Which of the following statements specify advantages of FCoE over the original Fibre Channel standard? (Choose all that apply.)

FCoE can share a network with standard IP traffic, whereas Fibre Channel cannot.

Which of the following are Application layer protocols that network-attached storage (NAS) devices can use to serve shared files to clients on the network? (Choose all that apply.)

NFS

Which of the following is not one of the advantages of iSCSI over Fibre Channel?

iSCSI includes its own internal flow control mechanism, whereas Fibre Channel does not.

Which of the following is the term for the client that accesses an iSCSI device on a storage area network?

Initiator

Which of the following protocols are included in an iSCSI packet on a storage area network (SAN)? (Choose all that apply.)

IP

Which of the following is the abbreviation for a network of Internet data centers supplying end users with localized access to their data?

CDN

Which of the following best describes the function of a firewall?

A device located between two networks that enables administrators to restrict incoming and outgoing traffic

Which of the following terms is used to describe the method by which a firewall examines the port numbers in Transport layer protocol headers?

Service-dependent filtering

Which of the following physical network devices can conceivably be implemented as software in a computer's operating system?

Router

Study Notes

Networking Appliances, Applications, and Functions

• A firewall is a device that restricts incoming and outgoing traffic between two networks.
• Service-dependent filtering is a method used by firewalls to block traffic based on port numbers.
• Deep packet inspection (DPI) is a method used by firewalls to examine the contents of packets.
• A router is a device that connects multiple networks together and forwards traffic between them.
• A switch is a device that connects multiple devices on a network and forwards traffic between them.
• A hub is a simple network device that connects multiple devices together.
• Network address translation (NAT) is a technique used to allow multiple devices to share a single public IP address.
• Intrusion detection systems (IDSs) are used to monitor network traffic for signs of unauthorized access or attacks.

Switching and Routing

• Cut-through switching is a technique used by switches to forward frames immediately after reading the destination address.
• Store-and-forward switching is a technique used by switches to forward frames after receiving the entire frame.
• Routers operate at the Network layer and use IP addresses to forward packets.
• Switches operate at the Data link layer and use MAC addresses to forward frames.
• Routers can connect multiple networks with different Data link layer protocols and media.

Firewalls and Network Security

• Next-generation firewalls (NGFWs) are firewalls that can perform deep packet inspection and other advanced security features.
• Proxy servers are used to access Internet resources on behalf of a network user.
• Content filtering is a technique used by firewalls to block traffic based on the contents of packets.
• Load balancers are used to distribute incoming traffic among multiple servers.
• Unified threat management (UTM) appliances are devices that provide multiple security features, including firewalling, antivirus, and intrusion prevention.

Storage Area Networks (SANs)

• iSCSI is a protocol used to connect storage devices to a network.
• Fibre Channel is a high-speed protocol used to connect storage devices to a network.
• Fibre Channel over Ethernet (FCoE) is a protocol used to connect storage devices to a network over Ethernet.
• Network-attached storage (NAS) devices are used to provide shared file access to a network.

Internet Access and Voice over IP (VoIP)

• Proxy servers can be used to provide Internet access to a network.
• VoIP gateways are used to connect VoIP phones to the Internet.
• VoIP PBX is a device that connects VoIP phones to a network and provides call management features.

Miscellaneous

• Time to live (TTL) is a field in a packet that prevents packets from being transmitted endlessly from router to router.
• Content delivery networks (CDNs) are networks of data centers that provide localized access to data.
• Control plane policing (CPP) is a feature used to prevent denial-of-service attacks on network devices.

Networking Appliances, Applications, and Functions

• A firewall is a device that restricts incoming and outgoing traffic between two networks.
• Service-dependent filtering is a method used by firewalls to block traffic based on port numbers.
• Deep packet inspection (DPI) is a method used by firewalls to examine the contents of packets.
• A router is a device that connects multiple networks together and forwards traffic between them.
• A switch is a device that connects multiple devices on a network and forwards traffic between them.
• A hub is a simple network device that connects multiple devices together.
• Network address translation (NAT) is a technique used to allow multiple devices to share a single public IP address.
• Intrusion detection systems (IDSs) are used to monitor network traffic for signs of unauthorized access or attacks.

Switching and Routing

• Cut-through switching is a technique used by switches to forward frames immediately after reading the destination address.
• Store-and-forward switching is a technique used by switches to forward frames after receiving the entire frame.
• Routers operate at the Network layer and use IP addresses to forward packets.
• Switches operate at the Data link layer and use MAC addresses to forward frames.
• Routers can connect multiple networks with different Data link layer protocols and media.

Firewalls and Network Security

• Next-generation firewalls (NGFWs) are firewalls that can perform deep packet inspection and other advanced security features.
• Proxy servers are used to access Internet resources on behalf of a network user.
• Content filtering is a technique used by firewalls to block traffic based on the contents of packets.
• Load balancers are used to distribute incoming traffic among multiple servers.
• Unified threat management (UTM) appliances are devices that provide multiple security features, including firewalling, antivirus, and intrusion prevention.

Storage Area Networks (SANs)

• iSCSI is a protocol used to connect storage devices to a network.
• Fibre Channel is a high-speed protocol used to connect storage devices to a network.
• Fibre Channel over Ethernet (FCoE) is a protocol used to connect storage devices to a network over Ethernet.
• Network-attached storage (NAS) devices are used to provide shared file access to a network.

Internet Access and Voice over IP (VoIP)

• Proxy servers can be used to provide Internet access to a network.
• VoIP gateways are used to connect VoIP phones to the Internet.
• VoIP PBX is a device that connects VoIP phones to a network and provides call management features.

Miscellaneous

• Time to live (TTL) is a field in a packet that prevents packets from being transmitted endlessly from router to router.
• Content delivery networks (CDNs) are networks of data centers that provide localized access to data.
• Control plane policing (CPP) is a feature used to prevent denial-of-service attacks on network devices.

Description

Compare and contrast networking appliances, applications, and functions, including firewalls, routers, and more. Understand their roles in network security and connectivity.