The following questions are designed to test your knowledge of network edge security design and sometimes build on knowledge found elsewhere in the book. You might find that a question has more than one possible answer. The answers provided in Appendix B are intended to reinforce concepts that you can apply in your own networking environment.
Questions 5, 6, and 7 are an exercise for you and have no single answer.
Where in edge network designs should internal proxy servers be placed?
How should connections from the edge be made back to the campus network?
How do the NIDS systems report data back to the management network?
Are there any security issues resulting from having a redundant infrastructure in which each path through the edge is equally preferred by the campus?
Based on your understanding of this chapter, which edge design is currently closest to your own network?
Which design most mirrors how you intuitively think your network should be designed?
Looking at the design most similar to the design you envision for your own network, find at least one place where you disagree with the layout or function of the design. How and why would you do it differently?