CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Which of the following module(s) is not part of the "SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks" blueprint?

1. Campus module

2. E-Commerce module

3. Corporate Internet module

4. WAN module

5. Management module

Which of the following functions is not provided by the Layer 3 switch in the medium-sized network Campus module?

1. Routing and switching of production and management traffic

2. Distribution layer services such as routing, quality of service (QoS), and access control

3. Connectivity for the corporate and management servers

4. Firewall protections between VLANs

5. Traffic filtering between subnets

What does RFC 2827 cover in terms of network security?

1. RFC 2827 describes the address ranges for private networks.

2. RFC 2827 provides for the routing of VLAN traffic across a distribution switch.

3. RFC 2827 describes filtering to help reduce the risk of attack through source address spoofing.

4. RFC 2827 describes the process of setting up a connection between two systems using TCP.

5. RFC 2827 defines OSPF version 2.

What is the function of private VLANs in the SAFE blueprint and where are they implemented?

1. Private VLANs are used to help mitigate the risk associated with the exploitation of trust relationships, and they are implemented at the Layer 3 core switch.

2. Private VLANs are used to help mitigate the risk associated with VLAN hopping attacks, and they are implemented at the Layer 2 core switch.

3. Private VLANs are used to help mitigate the risk associated with VLAN hopping attacks, and they are implemented at the Layer 3 core switch.

4. Private VLANs are used to help mitigate the risk associated with the exploitation of trust relationships, and they are implemented at the Layer 2 distribution switches.

What is the purpose of the NIDS in the medium-sized Campus module?

1. To detect attacks originating from outside the Campus module that may result from a workstation compromised by an unauthorized dial-in modem or attacks from viruses, worms, or disgruntled employees.

2. To detect attacks originating from within the Campus module that may result from a workstation compromised by an unauthorized dial-in modem or attacks from viruses, worms, or disgruntled employees.

3. To detect attacks originating from within the Campus module that may result from a workstation compromised by an attacker gaining access through the Internet.

4. To detect attacks originating from outside the Campus module that may result from a workstation compromised by an attacker gaining access through the Internet.

5. The medium-sized network Campus module does not include a network intrusion detection appliance.

The ISP router is considered to be owned and managed by which of the following?

1. Owned by the ISP and managed by the ISP

2. Owned by the ISP and managed by the customer

3. Owned by the customer and managed by the ISP

4. Owned by the customer and managed by the customer

What is the primary purpose of the private VLANs in the medium-sized network Corporate Internet module?

1. To provide traffic segmentation for remote systems that are terminating their IPSec tunnels on the VPN concentrator

2. To mitigate trust exploitation attacks

3. To improve bandwidth outside of the firewall in the module

4. To facilitate the use of an IDS in the module

5. None of the above

Which of the following key devices are not present in the small network Corporate Internet module?

1. Firewall

2. VPN concentrator

3. NIDS appliance

4. Dial-in access server

5. Layer 2 switch

Where is the NIDS appliance(s) deployed in the medium-sized network Corporate Internet module blueprint?

1. In the public services segment

2. External to the firewall behind the edge router

3. Behind the firewall's internal interface

4. On the VPN/remote-access segment of the firewall before the VPN concentrator

5. In front of the dial-in access server

Which of the following are factors in determining whether a WAN module is needed?

1. When there is an unjustifiable cost factor of migrating to IPSec VPNs

2. Whenever management feels that WANs are justified

3. When QoS requirements cannot be met through the use of IPSec VPNs

4. When private networks are needed for security reasons

5. When existing legacy WAN connections exist

Which of the following describe how ACLs are applied in the WAN module?

1. Inbound ACLs restrict the traffic that is permitted into the medium-sized network Campus module from the remote locations.

2. Inbound ACLs restrict the traffic that is permitted to reach the remote networks.

3. Outbound ACLs determine what traffic is permitted into the medium-sized network Campus module from the remote locations.

4. Outbound ACLs determine what traffic from the medium-sized network Campus module is permitted to reach the remote networks.