Implementing Firewall Technologies,computer science homework help

SEC453 Study Guide 

Chapter 6 – Implementing Firewall Technologies

1.  What are the two specific areas of the network that need to be secured?

2.  What basic security services are provided to applications by the operating system?

3.  What is the difference between a “direct application attack” and an “indirect application attack”?

4.  List techniques that can be implemented to help protect an endpoint from operating system vulnerabilities.

5.  What are the two primary Cisco offerings designed to ensure robust endpoint security?

6.  Identify four important features of Cisco’s Network Admission Control system.

7.  How is a buffer overflow attack caused in an Ethernet switch?

8.  Provide a brief description of a MAC address spoofing attack.

9.  What tool is commonly used to launch a MAC address buffer overflow attack?

10.  How is storm control implemented by a switch?

11.  How is a VLAN hopping attack implemented?

12.  What is the best way to mitigate the VLAN hopping attack?

13.  List switch security commands and explain their purpose.

14.  Explain the three different violation modes.

15.  Why might an administrator use the “sticky” modifier?

16.  Identify the features of SNMP MAC address notification system.

17.  What is the purpose of the port fast feature of an Ethernet switch?

18.  What commands are used to enable the port fast feature?

19.  What is the purpose of implementing the BPDU guard on an Ethernet switch?

20.  There are two different ways to enable BPDU filtering. What are the differences between the two methods?

21.  What is the purpose of enabling root guard on an Ethernet switch?

22.  What is the difference between using BPDU guard and using root guard?

23.  What is a storm attack and how can it be mitigated?

24.  What are the guidelines for securing VLAN trucks?

25.  What is a SPAN port and how can it be used to protect your network?

26.  What command will allow you to verify the configuration of a SPAN port?

27.  What is the purpose of the PVLAN Edge feature?

28.  What command will enable PVLAN Edge protection on an interface?

29.  Provide a list of the guidelines for the protection of layer 2.

30.  Compare an autonomous AP to a controller-based AP. How are they different?

31.  What are the characteristics of the lightweight AP model? What advantages does it offer?

32.  Identify threats to a wireless infrastructure.

33.  Identify some of the tools that are used by wireless network attackers.

34.  What components are typically found in a VoIP system?

35.  Identify some of the threats to the VoIP system.

36.  Why is it advantageous to place voice traffic on its own VLAN?

37.  In what ways does an ASA protect a VoIP system?

38.  What is the primary side effect of encrypting VoIP traffic?

39.  What is a SAN, and what business needs are addressed by it?

40.  Identify the six critical areas of a SAN that should be secured.