Firewalls can be implemented in different ways. Consider a dedicated firewall device. What is its major advantage when the target is throughput and security? Explain.
PROBLEM 1 – Network Access Control (20 points)
(5 pts each)
- a) Which of the following are the most important functions of a NAC in setting up a compliance program? Explain.
A) Policies, authentication and access control
B) Authentication, access control and remediation
C) Authentication, access control and audit
D) Policies, remediation and audit
- b) Which of the following are elements of the Separation of Duties principle of operations security? (Choose two.) Explain.
A) Individuals rotate security-related duties so that no one person is permanently responsible for a sensitive function.
B) Includes two-man and dual operator controls.
C) Operators maintain an arms-length relationship with security controls.
D) Continuous retraining of personnel.
E) Ensures that no one person can compromise the whole system.
- c) What role does the policy server play in endpoint security? Explain.
A) It retrieves security credentials directly from the endpoints.
B) It evaluates security credentials and makes an admission control policy decision.
C) It enforces admission control policy decision.
D) All of the above
- d) A deviation from an organization-wide security policy requires which of the following? Explain.
A) Risk Assignment
B) Risk Containment
C) Risk Acceptance
D) Risk Reduction
PROBLEM 2 – IPSec and VPN (20 points)
(5 pts each)
- a) Which two answers are the primary header formats for IPsec?
A) Transport and Session Header
B) Encapsulating and Authenticating Header
C) Authentication Header and Encapsulating Security Payload
D) TCP and UDP
- b) In tunneling, an IP datagram is _______.
A) First encapsulated in another datagram and then encrypted.
B) First encrypted and then encapsulated in another datagram.
C) First authenticated and then encrypted.
D) First encrypted and then authenticated.
- c) What is the relationship between a VPN and an extranet? Explain.
A) Some extranets are VPNs; some VPNs are extranets.
B) Some extranets are VPNs; all VPNs are extranets.
C) VPNs and extranets are the same type of network.
D) VPNs are unrelated to extranets.
- d) Which one is the best approach to VPNs? Explain.
A) VPN-specific gateway device.
D) Software only.
E) All of the above.
PROBLEM 3 – Firewalls (20 points)
(5 pts each)
- a) Which is untrue of a packet filtering firewall? Explain.
A) High security.
B) Application independence.
C) Performance strength.
D) Excellent scalability.
- b) Firewalls can be implemented in different ways. Consider a dedicated firewall device. What is its major advantage when the target is throughput and security? Explain.
A) The management console is easily installed.
B) The device contains proprietary operating systems.
C) The connection to the device is monitored by security personnel.
D) A thorough packet inspection capability.
E) The hackers know most router-based firewall code.
- c) Of the following choices, which one is a type of firewall actively maintaining awareness of the status conversations between internal and external hosts? Explain.
A) Stateful Firewall.
B) Non-Passive Firewall.
C) Active State Firewall.
D) Stateless Firewall.
E) None of the above
- d) Which answer BEST describes a device that sits between your users and the internet and rewrites source ports and source IP Addresses and enhances your security posture? Explain.
A) Network Address Translator.
B) Web Proxy.
C) Web Firewall.
D) Host based firewall.
PROBLEM 4 – Wireless Network Security (20 points)
(5 pts each)
- a)What is the protocol developed for the wireless network communications? Explain.
A) Wireless Encryption Protocol (WEP)
B) Wireless Application Protocol (WAP)
C) Wired Equivalent Privacy (WEP)
D) Wireless Session Protocol (WSP)
- b)Which of the following vulnerabilities is unique to 802.11 wireless LANs?
A) Forged deauthenticate frames
B) RF jamming
C) TCP SYN floods
D) Data sniffing
- c)You are assisting a user implement a wireless network in his home. The wireless hardware he has requires the RC4 protocol. What type of security is BEST for this network? Explain.