Test Out Module 6 Test - This is a description so the engine will pass it PDF

Preview

Summary

This is a description so the engine will pass it...

Description

1/31/22, 9:38 AM

TestOut LabSim

IT-253 Module Six Quiz (SP 7.0) Candidate:Zemas Howard (zmshoward) Date: 1/10/2022 6:29:26 am•Time spent:19:58

Score:100%



Question 1:



Correct

Which of the following is the BEST solution to allow access to private resources from the internet? FTP VPN Packet filters Subnet E X P LAN ATI ON

A VPN provides a secure outside connection to an internal network's resources. A VPN server can be placed inside the DMZ. Internet users can be required to authenticate to the VPN server and then allowed communications from the VPN server to the private network. Only communications coming through the VPN server are allowed through the inner firewall. Packet filters on the firewall allow traffic directed to a public resource inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network. Packet filters won't allow access to private resources from the internet. A subnet is used to segment a network. File Transfer Protocol (FTP) is a protocol used to transfer files. This does not allow access to private resources from the internet.

https://labsimapp.testout.com/v6 0 480/index.html

1/8

1/31/22, 9:38 AM



TestOut LabSim

Question 2:



Correct

Which of the followingBEST describes zero-trust security? Only devices that pass authentication are trusted. Only devices that pass both authentication and authorization are trusted. Only devices that pass authorization are trusted. All devices are trusted. E X P LAN ATI ON

Network Access Control (NAC) is usually accomplished using a two-stage process of authentication and authorization. If the requirements for either of these stages is not met, the access request is denied. This if often referred to as zero-trust security, meaning nothing is trusted unless it can pass both the authentication and authorization stages.



Question 3:



Correct

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? Multi-homed Kernel proxy Bastion or sacrificial host Circuit proxy E X P LAN ATI ON

A bastion or sacrificial host is one that is unprotected by a firewall. The term bastion host is used to describe any device fortified against attack (such as a firewall). A sacrificial host might be a device intentionally exposed to attack, such as a honeypot. Circuit proxy and kernel proxy are types of firewall devices. Multi-homed describes a device with multiple network interface cards.

https://labsimapp.testout.com/v6 0 480/index.html

2/8

1/31/22, 9:38 AM



TestOut LabSim

Question 4:



Correct

Where should an organization's web server be placed? DMZ Honeynet Intranet Extranet E X P LAN ATI ON

A web server should be placed in the demilitarized zone (DMZ). The DMZ is a network that contains publicly accessible resources. The DMZ is located between the private network and an untrusted network (such as the internet) and is protected by a firewall. An intranet is a private network (LAN) that employs internet information services for internal use only. Since a website should be publicly available, its server should not be placed on the intranet. An extranet is a privately controlled network that is distinct from the intranet. An extranet is located between the internet and a private LAN. An extranet is often used to grant resource access to business partners, suppliers, and even customers outside of an organization. The web server shouldn't be placed here. A honeynet is a special network created to trap potential attackers. A web server would not be placed in a honeynet.

https://labsimapp.testout.com/v6 0 480/index.html

3/8

1/31/22, 9:38 AM



TestOut LabSim

Question 5:



Correct

Which of the following NAC agent types is the most convenient agent type? Dissolvable Agentless Zero-trust Permanent E X P LAN ATI ON

A permanent agent resides on a device permanently. This is the most convenient agent since it does not have to be renewed and can always run on the device. It is also known as a persistent agent. A dissolvable agent is downloaded, or a temporary connection is established. This is not the most convenient type of agent. An agentless agent is housed on the domain controller. This is not the most convenient type of agent. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages.



Question 6:



Correct

Which statementBEST describes IPsec when used in tunnel mode? Packets are routed using the original headers, and only the payload is encrypted The entire data packet, including headers, is encapsulated IPsec in tunnel mode may not be used for WAN traffic The identities of the communicating parties are not protected E X P LAN ATI ON

When using IPsec in tunnel mode, the entire data packet, including original headers, is encapsulated. New encrypted packets are created with headers indicating only the endpoint addresses. Tunneling protects the identities of the communicating parties and original packet contents. Tunneling is frequently used to secure traffic traveling across insecure public channels, such as the internet. IPsec in tunnel mode is the most common configuration for gateway-to-gateway communications. In transport mode, routing is performed using the original headers; only the packet's payload is encrypted. Transport mode is primarily used in direct host-to-host communication outside of a dedicated IPsec gateway/firewall configuration.

https://labsimapp.testout.com/v6 0 480/index.html

4/8

1/31/22, 9:38 AM



TestOut LabSim

Question 7:



Correct

Which of the following describes how access control lists can be used to improve network security? An access control list identifies traffic that must use authentication or encryption. An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. An access control list filters traffic based on the frame header, such as source or destination MAC address. E X P LAN ATI ON

An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Access control lists are configured on routers, and they operate on Layer 3 information. Port security is configured on switches, which filter traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected.

https://labsimapp.testout.com/v6 0 480/index.html

5/8

1/31/22, 9:38 AM



TestOut LabSim

Question 8:



Correct

Which of the following VPN protocols is no longer considered secure? PPTP SSL IPsec TLS E X P LAN ATI ON

Point-to-Point Tunneling Protocol (PPTP) was one of the first VPN protocols and was developed by Microsoft. It is no longer considered secure and is essentially obsolete. Internet Protocol Security (IPsec) provides authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution. IPSec is still considered very secure. The Secure Sockets Layer (SSL) Protocol has long been used to secure traffic generated by other IP protocols, such as HTTP, FTP, and email. SSL can also be used as a VPN solution, typically in a remote access scenario. Transport Layer Security (TLS) Protocol works in a similar way to SSL, even though they are not interoperable.

https://labsimapp.testout.com/v6 0 480/index.html

6/8

1/31/22, 9:38 AM



TestOut LabSim

Question 9:



Correct

You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem? The router has not been configured to perform port forwarding. A proxy server is blocking access to the websites. A firewall is blocking ports 80 and 443. Port triggering is redirecting traffic to the wrong IP address. E X P LAN ATI ON

A proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. If a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.

https://labsimapp.testout.com/v6 0 480/index.html

7/8

1/31/22, 9:38 AM



TestOut LabSim

Question 10:



Correct

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed. Which solution should you use? VLAN NIDS NAC DMZ E X P LAN ATI ON

Network access control (NAC) controls access to a network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: Antivirus software with up-to-date definition files An active personal firewall Specific operating system critical updates and patches A client that is determined healthy by the NAC is given access to the network. An unhealthy client, who has not met all the checklist requirements, is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between a private network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic looking for intrusion attempts.

Copyright © 2022 TestOut Corporation All rights reserved.

https://labsimapp.testout.com/v6 0 480/index.html

8/8...