CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources]

Tebyan

نسخه متنی -صفحه : 290/ 185
نمايش فراداده

  • "Do I Know This Already?" Quiz

    The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

    The 13-question quiz, derived from the major sections in "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

    1:

    Which of the following objectives are fundamental in the design of SAFE IP telephony networks?

    1. Designation of responsibility

    2. Quality of service

    3. Integration with existing network infrastructure

    4. Authentication of users and devices (identity)

    5. Flexibility of the design

    6. Secure management

    2:

    What network feature should be deployed throughout the network infrastructure to ensure a successful IP telephony design?

    1. QoS

    2. ACLs

    3. Authentication

    4. IDS

    5. IPS

    3:

    Which of the following is one of the key axioms in the SAFE IP telephony design?

    1. Security and attack mitigation based on policy

    2. Voice and data segmentation

    3. User authentication

    4. Options for high availability (some designs)

    5. Secure management

    4:

    Which of the following protocols currently are used in IP telephony products?

    1. IGMP

    2. MGCP

    3. SIP

    4. CGMP

    5. CDP

    6. Q.773

    7. H.323

    5:

    Why does a firewall need to be "intelligent" when dealing with H.323 traffic?

    1. The firewall must be capable of recognizing the traffic to encrypt it properly.

    2. H.323 uses multiple static ports for signaling and media streams, and the firewall needs to know about those.

    3. H.323 traffic must be authenticated at the firewall, and, therefore, the firewall needs to be capable of recognizing that traffic.

    4. H.323 utilizes multiple dynamic ports for call sessions, and the firewall must be capable of determining those ports from the signaling channel.

    5. H.323 cannot use NAT, and, therefore, the firewall must be capable of identifying H.323 traffic appropriately.

    6:

    Which of the following is a tool that you can use to reconstruct a voice conversation?

    1. dsniff

    2. TCPdump

    3. ARPwatch

    4. VOMIT

    5. MITM

    7:

    Which of the following are legitimate connections that should be allowed through the stateful firewall protecting the call-processing manager?

    1. PC web browser connecting to voice-mail server

    2. IP phone connecting to PC clients in the data segment

    3. Call establishment and configuration traffic

    4. Browsing of the IP phone web servers by PC clients

    5. Connections from IP phones in the voice segment and the voice-mail system

    6. Communication between the voice-mail system and the call-processing manager

    8:

    What are the two most common recommended methods of authentication for IP phones?

    1. Device authentication

    2. Network authentication

    3. Proxy authentication

    4. User authentication

    5. Null authentication

    9:

    Security design reliance should be based on which of the following?

    1. VLAN segmentation

    2. Data sharing between voice and data VLANs

    3. Access control

    4. Layered security best practices

    5. Multicast join restriction

    10:

    Which of the following are services provided by the edge router in the small IP telephony design?

    1. VLAN segmentation

    2. Stateful firewalling

    3. NAT

    4. QoS

    5. All of these answers are correct

    11:

    What is the purpose of the call-processing manager in each of the SAFE IP telephony designs?

    1. The call-processing manager provides data services to IP telephony devices in the module.

    2. The call-processing manager provides voice services to IP telephony devices in the module.

    3. The call-processing manager does not provide voice-mail storage in the modules.

    4. The call-processing manager provides data storage for the IP phones.

    12:

    What two basic designs are possible in the small and medium blueprints for IP telephony?

    1. Hub

    2. Spoke

    3. Headend

    4. Remote

    5. Branch

    13:

    What is the purpose of the Layer 3 switches in the server module?

    1. The switches in the module are not Layer 3 switches; they are Layer 2 switches.

    2. No special purpose is assigned to the Layer 3 switches in this module.

    3. The Layer 3 switches provide routing and switching services to both voice and data traffic, in addition to filtering, QoS, VLANs, and private VLANs to the servers. They also provide for traffic inspection through the use of integrated NIDS.

    4. The Layer 3 switches provide firewall services through the use of an integrated firewall service module.

    The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the 'Do I Know This Already?' Quizzes and Q&A Sections." The suggested choices for your next step are as follows:

  • 12 or 13 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.