Review

Answering the following questions will reinforce key information presented in this chapter. If you are unable to answer a question, review the appropriate lesson and then try the question again. Answers to the questions can be found in the appendix.

  1. Your organization compiles data for the local blood bank. How should you configure your database server so that certain fields (such as blood type and quantity) are accessible to external hospitals and emergency response organizations while other fields (such as disease screening and donor identity) are kept confidential?


  2. You're the manager for your organization's new firewall. You must restrict access to a Web server (10.10.10.10) in your DMZ to allow only HTTP and HTTPS protocol access, but your attempts to do that have been unsuccessful. The following table shows the list of packet filters that you configured at the external firewall to protect the servers located in your DMZ. What's wrong with the packet filter list?

    Protocol Source IP Source Port Target IP Target Port Transport Protocol Action
    HTTP Any 80 10.10.10.10 Any TCP Allow
    HTTPS Any 443 10.10.10.10 Any TCP Allow




  3. In the following table, enter the correct packet filters for your organization's firewall to allow HTTP and HTTPS connections to your Web server located at 10.10.10.10 in your DMZ.

    Protocol Source IP Source Port Target IP Target Port Transport Protocol Action
               
  4. Contoso uses a DMZ to protect resources exposed to the Internet. What security weaknesses do you see in the DMZ configuration proposed in Figure 14.29?

    click to view at full size.

    Figure 14.29 Proposed DMZ configuration for Contoso Ltd.

  5. The news has just reported that computer intruders have taken control of an army of remote "zombie" computers. The bandwidth of all those computers will be targeted at a single target Web site, "flooding" the Web site with partial connections and effectively shutting it down. List two ways you can protect your e-business Web site.


  6. During a routing inspection of the Web server in your DMZ, you discover that an unauthorized software application is installed on your Web server. The software application is a Trojan horse that collects passwords. What could you do to prevent this sort of attack? What measure must you take for private network security because of this attack?


Answers



Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net