Networking Security

Questions and Answers

What is a type of device that expands on the capabilities of a traditional firewall?

CSU/DSU

RADIUS server

NGFW (correct)

Proxy server

What feature enables an IDS to monitor all traffic on a switched network?

Trunking

Port mirroring (correct)

Service-dependent filtering

Stateful packet inspection

Which of the following is not a SAN protocol?

VoIP (correct)

iSCSI

FCoE

Fibre Channel

What do iSCSI initiators use to locate iSCSI targets on the network?

iSNS

What is the best device to install between the multifunction device and the cable modem to prevent intrusions?

Intrusion prevention system (IPS)

Which of the following statements about hubs and switches is true?

All of the devices connected to a hub are part of a single collision domain, whereas each device connected to a switch has its own collision domain.

What type of device is a load balancer?

Gateway

Which of the following devices perform essentially the same function?

Hubs and bridges

What is a proxy server used for?

To provide Internet access and security against outside intrusions

What type of switch immediately forwards frames after looking at only the destination address?

Cut-through switch

Which of the following devices can monitor network traffic for abnormal or malicious activity?

IDS

Which of the following SAN protocols can share a network medium with standard LAN traffic?

iSCSI

What is a capability that only a firewall capable of stateful packet inspection can do?

Scan Transport layer header fields for evidence of SYN floods

Which of the following methods do intrusion detection systems (IDSs) typically use to analyze incoming network traffic?

Anomaly-based detection and signature-based detection

What is another term for a multiport bridge?

Switch

What is the primary function of a personal firewall?

To block traffic entering a computer

What is the primary function of a port scanner?

To scan traffic entering a network for open ports

At which layer of the OSI model do routers operate?

Network layer

What type of system is frequently used to collect information from intrusion detection systems (IDSs)?

SIEM

What is the primary reason for splitting a large, switched Ethernet LAN into two LANs by adding a router?

To reduce the amount of broadcast traffic on each LAN

What type of addressing do bridges and switches use to forward frames?

Media access control (MAC) addressing

How do switches forward packets?

Based on their hardware addresses

What is a characteristic of a router?

It can communicate with other routers and share information

What is a benefit of adding a router to a large, switched Ethernet LAN?

It reduces the amount of broadcast traffic on each LAN

What is a fundamental requirement for bridges and switches on a local area network (LAN)?

Supporting the Network layer protocol

What defines a separate broadcast domain in a network device?

Each port on a bridge or switch

What is a traditional switch also known as?

Multiport bridge

Why do layer 2 switches improve the performance of an Ethernet LAN compared to hubs?

They reduce the number of collisions on the network

What is true about routers?

They build their internal tables based on destination IP addresses

What is not a characteristic of routers?

They store and maintain route information in a local database

What is a function of routers?

Forwarding frames based on destination IP addresses

What is a capability of software routers?

Connecting two or more networks with dissimilar Data link layer protocols and media

What is the term for the client that accesses an iSCSI device on a storage area network?

Initiator

Which protocol is not included in an iSCSI packet on a storage area network (SAN)?

None of the above

Which protocol standard defines a layered implementation that corresponds to the layers of the OSI model?

PPP

Which of the following protocols are included in an FCoE packet?

Ethernet

What is the primary objective of Ralph's proposed Internet access solution?

To provide access to web and email services

What is the role of the proxy servers in Ralph's proposed solution?

To monitor and regulate users' access to the Internet

Why does Ralph propose using private IP addresses on the client computers?

To avoid manual configuration of IP addresses

What is the benefit of using proxy servers with public, registered IP addresses?

To keep client computers safe from unauthorized users

Study Notes

Network Security Devices

• An intrusion prevention system (IPS) can be installed between a multifunction device and a cable modem to prevent unauthorized access.
• A personal firewall can be installed on each computer to protect it from external threats.

Hubs and Switches

• Hubs operate only at the Physical layer, whereas switches operate at the Data link layer.
• All devices connected to a hub are part of a single collision domain, whereas each device connected to a switch has its own collision domain.
• There are switches available with Network layer functionality, but there are no hubs with that capability.
• Switches do not create a separate broadcast domain for each connected device; instead, they create a single broadcast domain for all connected devices.

Switch Types

• Cut-through switches immediately forward frames after looking at only the destination address.
• Source route switches are a type of switch that is not commonly used.
• Store-and-forward switches receive the entire frame before forwarding it.

Firewalls

• Firewalls capable of stateful packet inspection can filter traffic based on port numbers, block traffic destined for specific IP addresses, and scan Transport layer header fields for evidence of SYN floods.
• Firewalls can block all TCP traffic from entering a network.

Intrusion Detection Systems (IDSs)

• IDSs use anomaly-based detection, behavior-based detection, and signature-based detection to analyze incoming network traffic.
• IDSs can also use statistic-based detection, but it is not a common method.

Switches and Routers

• Routers operate at the Network layer, whereas switches operate at the Data link layer.
• All devices connected to a switch are part of a single broadcast domain, whereas the networks connected to a router form separate broadcast domains.
• Routers can communicate with each other and share information, but switches cannot.
• Routers forward packets based on their IP addresses, whereas switches forward packets based on their hardware addresses.

SIEM Systems

• SIEM (Security Information and Event Management) systems are used to collect information from IDSs.

Traffic Congestion

• Splitting a large, switched Ethernet LAN into two LANs by adding a router can help to alleviate traffic congestion and improve performance by reducing the amount of broadcast traffic on each LAN.

Bridges and Switches

• Bridges and switches are Data link layer devices that use media access control (MAC) addresses to forward frames.
• Bridges and switches build their internal tables based on destination addresses and forward packets based on source addresses.

Traditional Switches

• A traditional switch is a multiport bridge that forwards packets based on MAC addresses.

Layer 2 Switches

• Layer 2 switches improve network performance by reducing the number of collisions on the network.
• Layer 2 switches do not forward broadcast transmissions, which improves network performance.

Routers

• Routers are Network layer devices that use IP addresses to forward frames.
• Routers can connect two or more networks with dissimilar Data link layer protocols and media.
• Routers can learn and populate their routing tables through static and dynamic routing.
• Each port on a router defines a separate broadcast domain.

Load Balancers

• A load balancer is a type of device that expands on the capabilities of traditional routers and firewalls.

Next-Generation Firewalls (NGFWs)

• NGFWs are devices that expand on the capabilities of traditional firewalls by adding features like deep packet inspection (DPI) and an intrusion prevention system (IPS).

Proxy Servers

• Proxy servers can provide security against outside intrusion by using a public IP address, while the client computers use private addresses.
• Proxy servers can be used to monitor and regulate users' access to the Internet.

Intrusion Detection Systems (IDSs)

• IDSs can be used to monitor a network for abnormal or malicious traffic.
• IDSs can monitor traffic on a switched network using port mirroring.

Storage Area Networks (SANs)

• iSCSI, Fibre Channel, and FCoE are protocols used in SANs.
• iSCSI initiators use iSNS (Internet Storage Name Service) to locate iSCSI targets on the network.
• Fibre Channel and FCoE are not capable of sharing a network medium with standard LAN traffic.

iSCSI Packets

• iSCSI packets include Ethernet, IP, and TCP protocols.

Fibre Channel Packets

• Fibre Channel packets do not include Ethernet, IP, or TCP protocols.

FCoE Packets

• FCoE packets include Ethernet and Fibre Channel protocols.

Private Internetworks

• Private internetworks can use private IP addresses and proxy servers with public, registered IP addresses to connect to the Internet.
• This solution can provide access to web and email services while keeping client computers safe from unauthorized users on the Internet.

Description

This quiz assesses knowledge of computer networking security measures such as intrusion prevention systems, firewalls, and detection systems. It also tests understanding of network devices like hubs and switches.