Review and Test Yourself


The following sections provide you with the opportunity to review what you learned in this chapter and to test yourself.

The Facts

For the exam, don't forget these important concepts:

  • Common password policies typically include a minimum length of password, password expiration, prevention of password reuse, and prevention of easy-to-guess passwords.

  • A password that uses eight case-sensitive characters, with letters, numbers, and special characters, is considered hard to crack, or strong.

  • A firewall is a system or group of systems that controls the flow of traffic between two networks.

  • A firewall often provides such services as NAT, proxy, and packet filtering.

  • TCP/IP protocol suite uses port numbers to identify which service a certain packet is destined for. By configuring the firewall to allow certain types of traffic, you can control the flow.

  • A proxy server acts as an intermediary between a user on the internal network and a service on the external network such as the Internet.

  • A proxy server enables a network to appear to external networks as a single IP addressthat of the external network interface of the proxy server.

  • A proxy server allows Internet access to be controlled; having a centralized point of access allows for a great deal of control over the use of the Internet.

  • Port blocking is one of the most widely used security methods on networks. Port blocking is associated with firewalls and proxy servers, although in fact it can be implemented on any system that provides a means to manage network data flow, according to data type.

  • An intranet is a web-based application that is commonly used to provide groupware and collaboration applications to users within an organization.

  • An application, normally Web server based, that is made available to external users is classed as an extranet. Because extranets very often use the Internet as an access mechanism, security is of a major concern.

Key Terms

  • Authentication

  • Password policy

  • Firewalls

  • Packet filtering

  • Port number

  • MACaddress

  • Circuit-level firewall

  • Application gateway firewall

  • Personal firewalls

  • Proxy server

  • NAT

  • Caching proxy server

  • Encryption

  • IPSec

  • SSL

  • 3DES

  • PGP

  • Intranet

  • Extranet

Exam Prep Questions

1:

After noticing that there have been several attempts to access your network from the Internet, you decide to block port 53. Which of the following services is associated with port 53?

  • A. WINS

  • B. DNS

  • C. SMTP

  • D. POP3

2:

Which of the following statements would you associate with an extranet? (Choose the two best answers.)

  • A. It is typically hosted by a Web server application and accessed through a Web browser.

  • B. It is only available to users within an organization.

  • C. It is used to provide application access to users outside of an organization.

  • D. Security is generally not a priority.

3:

What is the basic reason for implementing a firewall?

  • A. It reduces the costs associated with Internet access.

  • B. It provides NAT functionality.

  • C. It provides a mechanism to protect one network from another.

  • D. It allows Internet access to be centralized.

4:

Which of the following are benefits of using a proxy server? (Choose the three best answers.)

  • A. It allows costs associated with Internet access to be reduced.

  • B. It provides a central point of Internet access.

  • C. It allows Internet access to be controlled.

  • D. It allows hostnames to be resolved to IP addresses.

5:

While on vacation, another system administrator decides to use the firewall to filter out all ports between 50 and 100. Which of the following services will now be unavailable to network users?

  • A. HTTP

  • B. HTTPS

  • C. POP3

  • D. DNS

6:

You are the network administrator for a large company. You have recently been tasked with supplying Internet access to all network users. Which of the following could you do to accomplish this?

  • A. Implement a firewall

  • B. Implement a proxy server

  • C. Enable port 80 on all workstations

  • D. Disable port 80 on all workstations

7:

Which of the following is the strongest password?

  • A. password

  • B. WE300GO

  • C. l00Ka1ivE

  • D. lovethemusic

8:

As system administrator, you have been asked to prevent users from using Web-based email during work. Which of the following might you do to accomplish this?

  • A. Set a password policy on the Web-based email

  • B. Block port 123

  • C. Block port 80

  • D. Configure the proxy server to filter out Web-based email requests

9:

Your manager has asked you to look at the feasibility of implementing encryption on your network. Which of the following factors will you NOT consider as part of your evaluation?

  • A. Whether to use password or smartcard authentication

  • B. Network traffic overhead

  • C. Processor overhead

  • D. Operating system support

10:

You have installed a proxy server on your network and have configured it to allow all the hosts on your internal network to access the Internet through it. None of the users on the internal network can access the Internet, although they could before. What is the most likely cause of the problem?

  • A. The proxy server is not configured correctly.

  • B. The Internet connection is not working.

  • C. The Web browser on the client system needs to be reconfigured to use a proxy server.

  • D. The HTTP proxy service is not enabled on the system.

Answers to Exam Prep Questions

A1:

The correct answer is B. DNS uses port 53. WINS uses TCP/IP port 42. SMTP uses TCP/IP port 25. POP3 uses TCP/IP port 110.

A2:

The correct answers are A and C. Extranets are typically Web serverbased applications that are accessed through a Web browser. Applications on an extranet are made available to users outside the organization. Because they are accessed by outside users, security is a major concern.

A3:

The correct answer is C. Implementing a firewall allows you to have protection between networks, typically from the Internet to a private network. All the other answers describe functions offered by a proxy server. Note that some firewall systems do offer NAT functionality, but NAT is not a firewall feature; it is an added benefit of these systems.

A4:

The correct answers are A, B, and C. A proxy server enables the costs associated with Internet access to be reduced, provides a central point of Internet access, and allows Internet access to be controlled. Answer D describes the function of a DNS server.

A5:

The correct answers are A and D. HTTP uses port 80, and DNS uses port 53; both of these services would be affected by the filtering. HTTPS uses port 443, and POP3 uses port 110; therefore, these services would be unaffected.

A6:

The correct answer is B. A proxy server allows a central point through which all network users can access the Internet. A firewall typically does not provide this functionality. Enabling or disabling port 80 on the workstations is not a valid answer.

A7:

The correct answer is C. Strong passwords include a combination of letters and numbers and upper- and lowercase letters. In this question, answer C is by far the strongest password. Answer A is not a strong password because it is a standard word, contains no numbers, and is all in lowercase. Answer B mixes letters and numbers, and it is not a recognized word, so it is a strong password, although it is not as strong as answer C. Answer D is too easy to guess and contains no numbers.

A8:

The correct answer is C. Blocking port 80 would prevent users from accessing Web-based email; it would however also block Web access altogether. Setting a password policy would have little effect. TCP/IP port 123 is associated with the Network Time Protocol (NTP). Blocking port 123 would likely have no effect on a user's ability to access Web-based email. A proxy server is not used to filter Web-based email. Filtering of this nature would be performed by a firewall.

A9:

The correct answer is A. The authentication mechanism used on a network does not affect the implementation of encryption. Network traffic overhead, processor overhead, and operating system support are all considerations when implementing encryption.

A10:

The correct answer is C. In order for Web browsers to access the Internet through a Web browser, they must often be configured to do so. The Web browsers on client systems must be configured to use the proxy server.



    Network+ Exam Cram 2
    Network+ Exam Cram 2
    ISBN: 078974905X
    EAN: N/A
    Year: 2003
    Pages: 194

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net