1. What is the purpose of a personal firewall on a computer?

The purpose of a firewall is to filter the traffic that is moving in and out of the PC. A computer firewall cannot deny all illegal traffic from a computer or increase the speed of any connection. It is also not able to protect hardware against fire hazards.

2. What is the main difference between the implementation of IDS and IPS devices?

An IPS is deployed in inline mode and will not allow malicious traffic to enter the internal network without first analyzing it. An advantage of this is that it can stop an attack immediately. An IDS is deployed in promiscuous mode. It copies the traffic patterns and analyzes them offline, thus it cannot stop the attack immediately and it relies on another device to take further actions once it detects an attack. Being deployed in inline mode, an IPS can negatively impact the traffic flow. Both IDS and IPS can use signature-based technology to detect malicious packets. An IPS cannot replace other security devices, such as firewalls, because they perform different tasks.

3. Which two pieces of information should be included in a logical topology diagram of a network? (Choose two.)

The interface identifier and connection type should be included in a logical topology diagram because they indicate which interface is connected to other devices in the network with a specific type such as LAN, WAN, point-to-point, etc. The OS/IOS version, device type, cable type and identifier, and cable specification are typically included in a physical topology diagram.

4. What is a characteristic of a WAN?

A WAN (wide-area network) is used to connect networks that are geographically separated and is typically owned by a service provider. The service provider contracts out WAN services to individuals and organizations.

5. What network monitoring technology enables a switch to copy and forward traffic sent and received on multiple interfaces out another interface toward a network analysis device?

When enabled on a switch, port mirroring copies frames sent and recieved by the switch and forwards them to another port, which has a analysis device attached.

6. What is a function of a proxy firewall?

Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.

7. Which technology is used by Cisco Advanced Malware Protection (AMP) in defending and protecting against known and emerging threats?

Cisco AMP uses threat intelligence along with known file signatures to identify and block policy-violating file types and exploitations.

8. How is a source IP address used in a standard ACL?

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL is used to filter on such traffic as the source IP address, destination IP address, type of traffic, and type of message.

9. Which statement describes the Cisco Cloud Web Security?

The Cisco Cloud Web Security (CWS) is a cloud-based security service that uses web proxies in the Cisco cloud environment to scan traffic for malware and policy enforcement. It is not a firewall or web server solution. The Cisco Web Security Appliance (WSA) combines multiple security solutions to provide an all-in-one solution on a single platform to address the challenges of securing and controlling web traffic.

10. Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"?

A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.

11. Which network service allows administrators to monitor and manage network devices?

SNMP is an application layer protocol that allows administrators to manage and monitor devices on the network such as routers, switches, and servers.

12. Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN?

IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.

13. What is a feature of the TACACS+ protocol?

TACACS+ has the following features:

  • separates authentication and authorization
  • encrypts all communication
  • uses TCP port 49

14. Which layer of the hierarchical design model is a control boundary between the other layers?

The three design layers from lowest to highest are access, distribution, and core. The distribution layer commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters. The distribution layer also acts as a control boundary between the access and core layers.