1:
| What is the purpose of the ISP router in the SAFE medium-sized network blueprint? What features does this device provide for traffic control? |
A1:
| This router's primary purpose is to provide connectivity to a provider network. For traffic control, ACLs provide for address filtering in accordance with RFC 1918 and RFC 2827 in both directions of traffic. |
2:
| What management devices are found in the Campus module of the SAFE medium-sized network blueprint? |
A2:
| The following management devices are found in the Campus module of the SAFE medium-sized network blueprint: | Management hosts | Provide management for network devices; typically use SNMP | | Syslog host | Aggregates firewall, router, and NIDS logs | | Access control server | Provides authentication services to network devices such as network access servers | | OTP server | Provides for authorization of one-time password authentication relayed from the access control server | | Sysadmin host | Provides for configuration, software, and content changes on network devices | |
3:
| What are the functions provided by the Layer 3 switch in the medium-sized network Campus module? |
A3:
| The functions provided by the Layer 3 switch in the medium-sized network Campus module are as follows:- Routing and switching of production and management traffic
- Distribution layer services such as routing, QoS, and access control
- Connectivity for the corporate and management servers
- Traffic filtering between subnets
|
4:
| What is the primary function of the Layer 2 switches in the Campus and Corporate Internet modules of the SAFE design? |
A4:
| The primary purpose of the Layer 2 switches is to provide connectivity for end-user workstations. Additionally, these switches are configured with private VLANs to reduce the potential of device compromise through trust exploitation. |
5:
| What is the function of the internal router in the Corporate Internet module of the SAFE medium-sized network blueprint? |
A5:
| The primary function of the internal router is to provide for Layer 3 separation and routing between the Campus and Corporate Internet modules. The device functions solely as a router without any filtering capabilities and provides a final point of demarcation between the routed intranet and the external network. |
6:
| Where are the NIDS appliances located in the Corporate Internet module of the SAFE medium-sized network blueprint? |
A6:
| The NIDS appliances are deployed in two locations: in the public services segment and in the internal segment between the firewall's private interface and the internal router. This allows for traffic inspection and analysis in two critical junctions of the blueprint. |
7:
| What are the key network devices in the Corporate Internet module of the SAFE small network blueprint and what are their functions? |
A7:
| The key network devices in this module are the firewall and the Layer 2 switch in the public services segment. The firewall provides filtering capabilities and one additional DMZ. The Layer 2 switch provides connectivity and the configuration of private VLANs in the DMZ of the firewall. |
8:
| The firewall in the SAFE medium-sized network blueprint divides the Corporate Internet module into four segments. What are they? |
A8:
| The four segments are- External segment
- Public services segment
- VPN/dial-in segment
- Internal segment
|
9:
| What are some of the precautions to take when placing a NIDS appliance outside of the firewall in the Corporate Internet module of the SAFE medium-sized network blueprint? |
A9:
| Configure the NIDS to alarm at a lower severity than alarms generated by the NIDS behind the firewall's private interface, and configure the NIDS' alarms to log to a separate management server so that the legitimate alarms receive the appropriate attention. |
10:
| What authentication protocol is recommended at the NAS of the Corporate Internet module in the SAFE medium-sized network blueprint? |
A10:
| Authentication using the three-way CHAP is recommended. |
لطفا منتظر باشید ...
