Skip to document
Welcome to StudocuSign in to access the best study resources
Guest user
0followers
Upload
HomeMy LibraryAsk AI
  • You don't have any recent items yet.
My Library
  • You don't have any courses yet.
  • You don't have any books yet.
  • You don't have any Studylists yet.

Test Out 5 This is a description so the engine will pass it

This is a description so the engine will pass it
Course

Computer Systems Security (IT 253)

355 Documents
Students shared 355 documents in this course
Academic year: 2021/2022
Uploaded by:
Student
Zemas Howard
Southern New Hampshire University
164Uploads
446upvotes

Recommended for you

Comments

Please sign in or register to post comments.

Students also viewed

Related documents

Preview text

Section Quiz

Candidate: Zemas Howard  (zmshoward) Date: 1/7/2022 8:02:44 am • Time spent: 03:

Score: 100% Passing Score: 80%

Question 1:  Correct

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

EXPLANATION A bastion or sacrificial host is one that is unprotected by a firewall. The term bastion host is used to describe any device fortified against attack (such as a firewall). A sacrificial host might be a device intentionally exposed to attack, such as a honeypot. Circuit proxy and kernel proxy are types of firewall devices. Multi-homed describes a device with multiple network interface cards.

Multi-homed

Kernel proxy

Bastion or sacrificial host

Circuit proxy

Question 2:  Correct

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?

EXPLANATION A DMZ, or demilitarized zone, is a network placed between a private secured network and the untrusted internet to grant external users access to internally controlled services. The DMZ serves as a buffer network. An intranet is a private network that happens to employ internet information services. An extranet is a division of a private network that is accessible to a limited number of users, such as business partners, suppliers, and certain customers. A padded cell is an intrusion detection countermeasure used to delay intruders sufficiently to record meaningful information about them for discovery and prosecution.

Question 3:  Correct

Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?

EXPLANATION If the firewall managing traffic into the DMZ fails, only the servers in the DMZ are subject to compromise. The LAN is protected by default. None of the other options are correct in this scenario.

Padded cell

DMZ

Intranet

Extranet

The LAN is compromised, but the DMZ stays protected.

Only the servers in the DMZ are compromised, but the LAN will stay protected.

All devices in the DMZ and LAN will be compromised.

Nothing will happen - all devices will stay protected.

Question 5:  Correct

How many network interfaces does a dual-homed gateway typically have?

EXPLANATION A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to the public subnet, and one connected to the private network.

Question 6:  Correct

What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?

EXPLANATION Packet filters on the firewall allow traffic directed to the public resources inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network. A subnet is used to segment a network. A VPN provides a secure outside connection to an internal network's resources. A VPN does not need to be configured on the firewall to allow traffic to the public resource in the DMZ. FTP is a protocol used to transfer files. This does not need to be configured on the firewall to allow traffic to the public resource in the DMZ.

4

2

1

3

VPN

Subnet

FTP

Packet filters

Question 7:  Correct

You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)

EXPLANATION Publicly accessible resources (servers) are placed inside the DMZ. Examples of publicly accessible resources include web, FTP, or email servers. Devices that should not be accessible to public users are placed on the private network. If you have a public server that communicates with another server, such as a database server, and that server should not have direct contact with public hosts, place the server on the private network and allow only traffic from the public server to cross the inner firewall.

Question 8:  Correct

In which of the following situations would you most likely implement a demilitarized zone (DMZ)?

EXPLANATION Use a demilitarized zone (DMZ) to protect public hosts on the internet, such as a web server, from attack. The DMZ uses an outer firewall that prevents internet attacks. All publicly-accessible hosts are inside the DMZ. A second firewall protects the private network from the internet. Use a Virtual Private Network (VPN) to encrypt data between two hosts on the Internet. Use Network Address Translation (NAT) to hide internal IP addresses from the internet. Use an Intrusion Prevention System (IPS) to detect and respond to threats in real time.

Put the database server inside the DMZ.

Put the web server inside the DMZ.

Put the database server on the private network.

Put the web server on the private network.

You want internet users to see a single IP address when accessing your company network.

You want to encrypt data sent between two hosts using the internet.

You want to detect and respond to attacks in real time.

You want to protect a public web server from attack.

Question 10:  Correct

Which of the following is the BEST solution to allow access to private resources from the internet?

EXPLANATION A VPN provides a secure outside connection to an internal network's resources. A VPN server can be placed inside the DMZ. Internet users can be required to authenticate to the VPN server and then allowed communications from the VPN server to the private network. Only communications coming through the VPN server are allowed through the inner firewall. Packet filters on the firewall allow traffic directed to a public resource inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network. Packet filters won't allow access to private resources from the internet. A subnet is used to segment a network. File Transfer Protocol (FTP) is a protocol used to transfer files. This does not allow access to private resources from the internet.

Copyright © 2022 TestOut Corporation All rights reserved.

Packet filters

FTP

VPN

Subnet

Was this document helpful?

Test Out 5 This is a description so the engine will pass it

Course: Computer Systems Security (IT 253)

355 Documents
Students shared 355 documents in this course

University: Southern New Hampshire University

Was this document helpful?
2/7/22, 10:22 AM
TestOut LabSim
https://labsimapp.testout.com/v6_0_486/index.html
1/7
Section Quiz
Candidate:Zemas Howard (zmshoward)
Date: 1/7/2022 8:02:44 am•Time spent:03:23
Score:100% Passing Score:80%
Question 1: Correct
Which of the following terms describes a network device that is exposed to attacks and has been
hardened against those attacks?
E X P L A N A T I O N
A bastion or sacrificial host is one that is unprotected by a firewall. The term bastion host is used to
describe any device fortified against attack (such as a firewall). A sacrificial host might be a device
intentionally exposed to attack, such as a honeypot.
Circuit proxy and kernel proxy are types of firewall devices.
Multi-homed describes a device with multiple network interface cards.
Multi-homed
Kernel proxy
Bastion or sacrificial host
Circuit proxy

Students also viewed

Related documents