homework 6 part 2


Lab Assessment Questions & Answers

1. What are some common risks, threats, and vulnerabilities found in the LAN-to-WAN domain that must

be mitigated through a layered security strategy?

2. What is an access control list (ACL) and how is it useful in a layered security strategy?

60 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance

37524_Lab07_Pass3.indd 60 19/04/13 1:30 AM

Auditing the LAN-to-WAN

Domain for Compliance

3. What is a bastion host? Provide an example of when a bastion host should be used and how.

4. Provide at least two examples of how the enclave requirement to place a firewall at the perimeter can be

accomplished.

5. What is the difference between a traditional IP stateful firewall and a deep packet inspection firewall?

6. How would you monitor for unauthorized management access attempts to sensitive systems?

7

Assessment Worksheet 61

37524_Lab07_Pass3.indd 61 19/04/13 1:30 AM

7. What is the significance of VLAN 1 traffic in a Cisco Catalyst LAN switch? Describe the vulnerabilities

associated with it if it traverses across an unnecessary trunk.

8. At what logging level should the syslog service be configured on a Cisco router, switch, or firewall device?

9. As defined in the Network Infrastructure Technology Overview, describe the three layers that can be

found in the DISA Enclave Perimeter layered security solution for Internet ingress/egress connections (for

instance, DMZ or Component Flow).

10. Which device in the Enclave Protection Mechanism Component Flow helps mitigate risks from users

violating acceptable use and unwanted websites and URL links?

62 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance

37524_Lab07_Pass3.indd 62 19/04/13 1:30 AM

Auditing the LAN-to-WAN

Domain for Compliance

11. True or false: The Enclave Protection Mechanism includes both an internal IDS and external IDS when

connecting a closed network infrastructure to the public Internet.

12. True or false: Securing the enclave requires only perimeter security and firewalls.

13. What is the primary objective of this STIG as it relates to network infrastructures for DoD networks?

7

Assessment Worksheet 63

37524_Lab07_Pass3.indd 63 19/04/13 1:30 AM

37524_Lab07_Pass3.indd 64 19/04/13 1:30 AM

homework 6 part 2


Lab Assessment Questions & Answers

1. What are some common risks, threats, and vulnerabilities found in the LAN-to-WAN domain that must

be mitigated through a layered security strategy?

2. What is an access control list (ACL) and how is it useful in a layered security strategy?

60 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance

37524_Lab07_Pass3.indd 60 19/04/13 1:30 AM

Auditing the LAN-to-WAN

Domain for Compliance

3. What is a bastion host? Provide an example of when a bastion host should be used and how.

4. Provide at least two examples of how the enclave requirement to place a firewall at the perimeter can be

accomplished.

5. What is the difference between a traditional IP stateful firewall and a deep packet inspection firewall?

6. How would you monitor for unauthorized management access attempts to sensitive systems?

7

Assessment Worksheet 61

37524_Lab07_Pass3.indd 61 19/04/13 1:30 AM

7. What is the significance of VLAN 1 traffic in a Cisco Catalyst LAN switch? Describe the vulnerabilities

associated with it if it traverses across an unnecessary trunk.

8. At what logging level should the syslog service be configured on a Cisco router, switch, or firewall device?

9. As defined in the Network Infrastructure Technology Overview, describe the three layers that can be

found in the DISA Enclave Perimeter layered security solution for Internet ingress/egress connections (for

instance, DMZ or Component Flow).

10. Which device in the Enclave Protection Mechanism Component Flow helps mitigate risks from users

violating acceptable use and unwanted websites and URL links?

62 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance

37524_Lab07_Pass3.indd 62 19/04/13 1:30 AM

Auditing the LAN-to-WAN

Domain for Compliance

11. True or false: The Enclave Protection Mechanism includes both an internal IDS and external IDS when

connecting a closed network infrastructure to the public Internet.

12. True or false: Securing the enclave requires only perimeter security and firewalls.

13. What is the primary objective of this STIG as it relates to network infrastructures for DoD networks?

7

Assessment Worksheet 63

37524_Lab07_Pass3.indd 63 19/04/13 1:30 AM

37524_Lab07_Pass3.indd 64 19/04/13 1:30 AM

Be the first to reply

Leave a Reply

Your email address will not be published.