CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources]

b,d,e

b

a,c,e

b,c,d

b,e

b

a

b,e,g,h

b,c,d

b

c

a

What modules are found within the medium-sized network design?

Corporate Internet module

Campus module

WAN module

At what locations in the medium-sized network design are private VLANs used?

On the public services segment

Within the campus module

What devices in a medium-sized network design provide VPN connectivity?

Firewall

VPN concentrator

Where would you use intrusion detection in the medium-sized network design?

HIDS is used on servers that are located on the public services segment and within the campus module on the corporate intranet and management servers.

A NIDS is used on both the public services and inside segments of the firewall. It is also used on the core switch of the campus module. Optionally, a NIDS can be used on the outside of the firewall.

Traditional dial-in users are terminated in which module of the medium-sized network design?

Corporate Internet module

What type of filter is used to prevent IP spoofing attacks?

RFC 2827 filtering mitigates IP spoofing attacks

In the medium-sized network design, the ACS is located in which module?

The ACS is located within the campus module

What is facilitated by the use of a Layer 3 switch within the Campus module?

Because multiple VLANs are used within the Campus module, a Layer 3 switch provides the functionality to route between each VLAN.

What services does the Campus module provide?

End-user workstations, corporate servers, management servers, Layer 2 services, and Layer 3 services

In the SAFE medium-sized network design, what are the recommended IPSec policy parameters?

Tunnel everything, use 3DES, and use SHA/HMAC

What services does the Corporate Internet module provide?

Internet, corporate public servers, VPN, and dial-in connectivity