The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. The security perimeter is considered a. The connection to the Internet b. Extranet connections c. Remote access (VPN or dial-up)

d. Security postures of other organizations e. All of the above

2 Which of the following is not a typical target of attack?

a. Router b. Switch c. Networks and hosts d. PBX

e. Applications f. Management components

3. A host can be compromised so that a. An attacker can gain access to specific data b. Other attacks can be launched c. Access to the system is denied d. Data can be manipulated e. Data can be viewed f. All of the above

4. VPN technology is beneficial because it_

a. Provides cost savings b. Connects secure logical interoffice communications c. Enforces routing d. Protects sensitive data e. Provides cost savings, connects secure logical interoffice communications, and protects sensitive data f. All of the above

5. A network administrator can protect access to sensitive data from internal users by a. Setting up a private network for the users in question b. Implementing a private network segment using VLANs c. "Air gapping" the connection d. Using complex routing techniques e. Having a detailed network policy f. None of the above

6. Which of the following is a segmented address?

a. Public DMZ

b. Site-to-site VPN

c. Remote-access DMZ

d. Publicly NAT'd private range e. Public DMZ and remote-access DMZ

f. All of the above

7. A host-based IDS/IPS is installed for the following reasons, except it_.

a. Limits vulnerabilities b. Tracks user activity c. Generates alerts d. Takes the place of patching a host e. Analyzes data for hostile intent

8. Which of the following are types of host-based IDS/IPS?

a. Malicious and analytical b. Predictive and functional c. Signature and anomaly d. Restrict and respond e. Open and trap

9. Taking extensive and complex data from multiple devices and sources and generating alerts and actions is called_.

a. Detailed analysis b. Trending c. Monitoring d. Correlation e. Consolidation 10. Which of the following is not an effective security process?

a. Securing the network b. Monitoring and responding to threats c. Testing and verifying d. Documenting the environment e. Managing and improving network and security f. All of the above

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

• 8 or less overall scoreRead the entire chapter. This includes the "Foundation Topics" and "Foundation Summary" sections and the "Q&A" section.

• 9 or 10 overall scoreIf you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section. Otherwise, move on to Chapter 4, "Basic Router Management."


0 0

Post a comment