SEC235 - Review Questions - Week 6

docx

School

Wilmington University *

*We aren’t endorsed by this school

Course

235

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by MajorField8912

1 Week 6 Review Questions Nichole Watson SEC235: Networks and Telecommunications Christopher Chandler 16 June 2023

2 1. Why is a packet-filtering firewall a stateless device? 1. A packet-filtering firewall is a stateless device because it examines each packet and uses rules to accept or reject it without considering whether the packet is part of a valid and active session. (6.1.3 – Firewall Facts) 2. What is the difference between a proxy and a reverse proxy 1. A forward proxy server handles requests from inside a private network out to the internet. A reverse proxy server handles requests from the internet to a server located inside a private network. A reverse proxy can perform load balancing, authentication, and caching. (6.1.3 – Firewall Facts) 3. What are the benefits of a unified threat management (UTM) system? 1. The primary benefit of a unified threat management (UTM) system is that it provides a well-rounded security solution, while also reducing administrative requirements. This means it eliminates the need to install and manage multiple security devices and can be customized and expanded. It is excellent for start-up companies, with limited budgets, minimal office space, and remote working locations. ( 6.2.2 – Unified Threat Management (UTM) Appliances Facts) 4. What is the difference between a stateful and a stateless firewall? 1. A stateful firewall allows or denies traffic by examining information in IP packet headers. A stateless firewall allows or denies traffic based on virtual circuits of sessions. A stateless firewall is also known as a circuit-level proxy or a circuit-level gateway. (6.2.12 – Firewall Design and Configuration Facts) 5. Which type of computer might exist inside a screened subnet? 1. A screened subnet typically contains publicly accessible resources, such as web, FTP, or email servers. Creating a screened subnet is part of a layered security approach. (6.3.3 – Screened Subnet Facts) 6. How is an intrusion detection system different from an intrusion prevention system? 1. An intrusion detection system (IDS) is a device or software that monitors logs and detects security breaches. An IDS is a critical part of a network because it alerts administrators to possible network intrusions. The purpose of an IDS is not to prevent an attack, but instead to alert the IT security team of a possible threat. (6.4.3 – Intrusion Detection and Prevention Facts) 2. An intrusion prevention system maintains an active security role within the network. In addition to performing the functions of an IDS, an IPS reacts when security breaches occur. An IPS can terminate a session or restart other processes on the system, automate responses to malicious or suspicious traffic, perform

3 behaviors that can be seen by anyone watching the network, update filters and perform reverse lookups. (6.4.3 – Intrusion Detection and Prevention Facts) 7. What is the difference between anomaly-based and signature- based monitoring? 1. An anomaly-based detection first defines a baseline of normal network traffic and then monitors it. It looks for anything that falls outside of that baseline. Anomaly-based detection can recognize and respond to some unknown attacks (attacks that do not have a corresponding signature file), and anomaly-based usually causes more false positives than signature-based detection. (6.4.3 – Intrusion Detection and Prevention Facts) 2. Signature-based monitoring works where malicious packets have a unique fingerprint that an IDS uses to detect their presence. These fingerprints are referred to as signatures. It looks for patterns in the network traffic and compares them to known signatures. (6.4.3 – Intrusion Detection and Prevention Facts) 8. What is the difference between a managed and an unmanaged switch? 1. An unmanaged switch is fast, less expensive, and can connect to all devices in a small area like a home or small office. It connects ethernet devices with a fixed configuration that cannot be altered, and it can connect easily to devices and is ready to use without configuration. (7.1.4 – Switching Facts) 2. A managed switch has a web-based or command-line interface for configuration. It allows VLAN creation for segmentation and supports link aggregation. Lastly, it allows port configuration for port security. (7.1.4 – Switching Facts) 9. What is the difference between a Layer 2 and a Layer 3 switch? 1. A layer 2 switch operates at Layer 2 of the OSI model (data link layer). It understands the MAC addresses of connected end devices and transmits frames. 2. Layer 3 switches have the same capabilities, but more. Layer 3 can operate at Layer 2, but usually operates at Layer 3 (network layer) of the OSI model. Layer 3 can perform some router actions such as limited IP routing, an inspection of incoming packets, and dynamic routing decisions based on source and destination addresses contained. It can also transmit packets. (7.1.4 – Switching Facts) 10. How do VLANs work? 1. Virtual local area networks (VLANs) are created by configuring a physical Layer 2 switch into multiple virtual switches. These virtual switches each have their own broadcast domain. (7.2.2 – VLAN Facts)

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version