DCOM 211 Final Exam Actual Questions and Answers
Verified 100%
The Microsoft ISA Server 2004 Checklist has ____ tasks.
14
Application firewalls are the simplest to implement and the most intelligent
firewall architecture.
False
Limitations of application proxy firewalls include the fact that
they are slower than packet filtering firewalls
they are only effective for proxying defined applications
Monitoring and reporting are some of the __________ aspects of firewall
management.
less-elegant
Proxies that support the HTTP protocol can also cache data.
True
Microsoft ISA Server 2004 supports which of the following HTTP applicatin-
filtering options?
File extension filtering
What is one special function that Microsoft ISA Server 2004 CANNOT perform?
Maintains a threat database
Rule Action
This defines whether traffic should be allowed or denied when the rule conditions are
met.
Source
This is where you define the source of the traffic that the rule will apply to, typically an
internal network.
Content types
This is where you define the Multipurpose Internet Mail Extensions (MIME) types and
file extensions that the rule will apply to.
Protocols
These are where you specify protocols with Layer 3, Layer 4, or any ICMP properties.
ISA Server 2004 can natively detect the following intrusion/attack attempt:
UDP bomb
Microsoft ISA Server 2004 supports ____ clients: one of which is SecureNAT
Three
Some good examples to mitigate instances of human error when using VLANs
would be
Set trunking to off on all access ports
Limit the use of VLAN 1
The most important task of any firewall implementation takes placebefore the
firewall itself is ever configured
True
, The dual-firewall architecture is _______________ than single-firewall
architecture.
more complex
A keynote speaker at BlackHat 2004 stated that the network firewall is the most
important part of a network.
False
There is no practical limit to the number of DMZ segments that can be
implemented with the only real restrictionbeing the number of ____________ the
firewall can physically or logically support.
interfaces
The most important thing to remember is that s firewall is not a device but s
system of devices.
True
Dual-firewall architecture is typically implemented in environments such as
banking
The internet firewall witih a single DMZ is often referred to as a
DMZ-on-a-stick
One way that remote office implementation differs from central office
implementation is that it protects
fewer than 100 users or resources
Sensitive internal data would NOT likely include
the location of the business
This policy defines administrative access as well as in use for creating preshared
secrets, hashes, and community strings
Password policy
Policy
a document that outlines the requirements or rules that must be met
Standard
a set of requirements, typically system or technology specific, that must be adhered to
by everyone
Guideline
a recommendation or suggestion that should probably be followed but is not necessarily
required
Procedure
defines the process that is followed to meet the requirements of a policy, standard, or
guideline
The term security policy refers to the
actual configuration of the device
written policies
Purpose
explains why the policy is needed
Scope
defines what the policy applies to and defines who is responsible for the policy
Enforcement
defines repercussions of not following the policy
Verified 100%
The Microsoft ISA Server 2004 Checklist has ____ tasks.
14
Application firewalls are the simplest to implement and the most intelligent
firewall architecture.
False
Limitations of application proxy firewalls include the fact that
they are slower than packet filtering firewalls
they are only effective for proxying defined applications
Monitoring and reporting are some of the __________ aspects of firewall
management.
less-elegant
Proxies that support the HTTP protocol can also cache data.
True
Microsoft ISA Server 2004 supports which of the following HTTP applicatin-
filtering options?
File extension filtering
What is one special function that Microsoft ISA Server 2004 CANNOT perform?
Maintains a threat database
Rule Action
This defines whether traffic should be allowed or denied when the rule conditions are
met.
Source
This is where you define the source of the traffic that the rule will apply to, typically an
internal network.
Content types
This is where you define the Multipurpose Internet Mail Extensions (MIME) types and
file extensions that the rule will apply to.
Protocols
These are where you specify protocols with Layer 3, Layer 4, or any ICMP properties.
ISA Server 2004 can natively detect the following intrusion/attack attempt:
UDP bomb
Microsoft ISA Server 2004 supports ____ clients: one of which is SecureNAT
Three
Some good examples to mitigate instances of human error when using VLANs
would be
Set trunking to off on all access ports
Limit the use of VLAN 1
The most important task of any firewall implementation takes placebefore the
firewall itself is ever configured
True
, The dual-firewall architecture is _______________ than single-firewall
architecture.
more complex
A keynote speaker at BlackHat 2004 stated that the network firewall is the most
important part of a network.
False
There is no practical limit to the number of DMZ segments that can be
implemented with the only real restrictionbeing the number of ____________ the
firewall can physically or logically support.
interfaces
The most important thing to remember is that s firewall is not a device but s
system of devices.
True
Dual-firewall architecture is typically implemented in environments such as
banking
The internet firewall witih a single DMZ is often referred to as a
DMZ-on-a-stick
One way that remote office implementation differs from central office
implementation is that it protects
fewer than 100 users or resources
Sensitive internal data would NOT likely include
the location of the business
This policy defines administrative access as well as in use for creating preshared
secrets, hashes, and community strings
Password policy
Policy
a document that outlines the requirements or rules that must be met
Standard
a set of requirements, typically system or technology specific, that must be adhered to
by everyone
Guideline
a recommendation or suggestion that should probably be followed but is not necessarily
required
Procedure
defines the process that is followed to meet the requirements of a policy, standard, or
guideline
The term security policy refers to the
actual configuration of the device
written policies
Purpose
explains why the policy is needed
Scope
defines what the policy applies to and defines who is responsible for the policy
Enforcement
defines repercussions of not following the policy
