Firewall Types and Network Security, Exams of Advanced Education

An overview of different types of firewalls and their features for improving network security. It covers topics such as packet-filtering firewalls, circuit-level gateways, application-level gateways, and stateful firewalls. How these firewall types can be used to control and inspect network traffic based on various criteria like ip addresses, protocols, ports, and application-level data. It also touches on related concepts like network address translation (nat), virtual private networks (vpns), and intrusion detection/prevention systems (ids/ips). The information presented can be useful for understanding the capabilities and trade-offs of different firewall architectures in the context of securing computer networks.

Typology: Exams

2024/2025

Available from 10/17/2024

alex-david-34
alex-david-34 🇿🇦

4.5

(4)

5.6K documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
5.3.6 PRACTICE QUESTIONS
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP
address, protocol, or socket number.
An access control list filters traffic based on the IP header information, such as source or destination IP
address, protocol, or socket number. Access control lists are configured on routers, and they operate on
Layer 3 information.
Port security is configured on switches, which filter traffic based on the MAC address in the frame. An
intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across
multiple packets. An IPS can take action when a suspicious pattern of traffic is detected.
Which of the following are features of an application-level gateway? (Select two.)
Reassembles entire messages
Stops each packet at the firewall for inspection
> Application-level gateways:
> Operate up to OSL Layer 7 (Application layer)
> Stop each packet at the firewall for inspection (no IP forwarding)
> Inspect encrypted packets, such as an SSL inspection
> Examine the entire content that is sent (not just individual packets)
> Understand or interface with the application-layer protocol
> Can filter based on user, group, and data (such as URLs within an HTTP request)
> Is the slowest form of firewall protection because entire messages are reassembled at the Application
layer
> Allowing only valid packets within approved sessions and verifying that packets are properly
sequenced are features of a stateful firewall.
> Using access control lists is a feature of a packet-filtering firewall.
You want to install a firewall that can reject packets that are not part of an active session. Which type of
firewall should you use?
Circuit-level gateway
> A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits
or sessions. A circuit-level gateway:
pf3
pf4
pf5

Partial preview of the text

Download Firewall Types and Network Security and more Exams Advanced Education in PDF only on Docsity!

5.3.6 PRACTICE QUESTIONS

Which of the following describes how access control lists can be used to improve network security? An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Access control lists are configured on routers, and they operate on Layer 3 information. Port security is configured on switches, which filter traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected. Which of the following are features of an application-level gateway? (Select two.) Reassembles entire messages Stops each packet at the firewall for inspection

Application-level gateways: Operate up to OSL Layer 7 (Application layer) Stop each packet at the firewall for inspection (no IP forwarding) Inspect encrypted packets, such as an SSL inspection Examine the entire content that is sent (not just individual packets) Understand or interface with the application-layer protocol Can filter based on user, group, and data (such as URLs within an HTTP request) Is the slowest form of firewall protection because entire messages are reassembled at the Application layer Allowing only valid packets within approved sessions and verifying that packets are properly sequenced are features of a stateful firewall. Using access control lists is a feature of a packet-filtering firewall. You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use? Circuit-level gateway A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level gateway:

Operates at OSI Layer 5 (Session layer). Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. Verifies that packets are properly sequenced. Ensures that the TCP three-way handshake process occurs only when appropriate. Does not filter packets. Rather, it allows or denies sessions. A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. An Application-level gateway is a firewall that is capable of filtering based on information contained within the data portion of a packet (such as URLs within an HTTP request). A VPN concentrator is a device that is used to establish remote access VPN connections. We have an expert-written solution to this problem! Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use? Hardware Hardware firewalls are physical devices that are usually placed at the junction or gateway between two networks, generally a private network and a public network like the internet. Hardware firewalls can be a standalone product or can also be built into devices like broadband routers. Software firewalls are generally used to protect individual hosts. Tunneling is when an attacker wraps a malicious command in an HTTP, ICMP, or ACK tunneling packet that bypasses the firewall and reaches an internal system. Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated. We have an expert-written solution to this problem! You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? Host-based firewall

A proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. If a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network. We have an expert-written solution to this problem! Which of the following best describes a stateful inspection? Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated. The stateful firewall maintains a state table that tracks the ongoing record of active connections. A virtual private network (VPN) is a network that provides secure access to a private network through a public network or the internet. Virtual private networks offer secure connectivity between many entities, both internally and remotely. Their use of encryption provides an effective defense against sniffing. Network Address Translation (NAT) separates IP addresses into two sets. This technology allows all internal traffic to share a single public IP address when connecting to an outside entity. A firewall can be implemented on circuit-level gateways or Application-level gateways. Both of these firewall designs sit between a host and a web server and communicate with the server on behalf of the host. They can also be used to cache frequently accessed websites for faster web page loading. Which of the following are characteristics of a packet-filtering firewall? (Select two.) Stateless Filters IP address and port A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet-filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session. A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Application-level gateways filter on Application layer data, which might include data such as URLs within an HTTP request.