Ccna certification Practice Tests

all ports on the switch. This will include the router attached to interface Fa0/3. However, 

a router does not perform forward/filter decisions, so the frame will not be flooded any 

further on Router A. Switch A will forward the frame to all ports, but the router will not 

forward the frame onto the segment where Switch B is located. Switch B will never see the 

frame from Switch A because Router A segments the two networks.

outside zone is where the public Internet connection is connected and it is the least trusted. 

The enterprise network zone is considered the inside zone. The inside zone is considered to 

be the highest trusted network because it is the internal network that you control.

and your internal network. However, proper placement is not exclusive to the boundaries 

of the Internet and internal networks. For example, it could be placed between two 

internal networks, such as R&D and guest networks. The demilitarized zone (DMZ) is a 

segment of a firewall where Internet-facing services are placed. Firewalls are normally not 

placed only between the DMZ and the Internet because most networks have an internal 

network.

 16.  B.  Firewalls are not commonly deployed to provide protection from internal attacks on 

internal resources. They are designed to protect networks from external attacks or attacks 

emanating from the outside or directed toward the Internet. Firewalls normally provide 

stateful packet inspection. Firewalls can also control application traffic by port number 

and higher-layer attributes.

 17.  A.  All physical access to a firewall should be controlled tightly so that it is not tampered 

with, which could allow external threats to enter the network. This control should include 

vendors and approved administrators. Physical access to the firewall is a security principle 

and therefore not a consideration for the management of a firewall. All firewall policies 

should be documented as a part of the firewall management process. Firewall logs should 

be regularly monitored for suspicious activity as part of the firewall management process. 

Firewalls can allow or deny traffic by default; this is a consideration when managing 

a firewall.

handshake. This is done so that an attack on the TCP/UDP flow is not executed; in 

addition, DoS attacks can be thwarted, such as a SYN flood. Zone state is terminology 

that is used with firewalls; therefore, it is an incorrect answer. Firewalls do not protect 

by keeping statistics or accounting information for the state of packets. Firewalls do not 

transition between defense states.

methodology allows for security rules to be applied uniformly to the outside zone. There 

is no such thing as an ISP zone. You can apply an ACL to the zone but not directly to the 

interface. Each connection can be managed by a group once it is added to the same zone.

Download 8,04 Mb.

Do'stlaringiz bilan baham: