Practice Test 5 – Solution
1. Because there is no allow rule for FTP or TCP port 21, explicit deny will be applied, preventing the download.
2. Port security disables the ports and reduces the functionality of the switch, however, 802.1x authenticates the device, so the ports remain open with rogue devices being prevented access.
3. Using IPSec between servers uses transport mode, but when IPSec is used over the internet, it uses tunnel mode.
4. A stateful firewall inspects incoming traffic down to the commands used and packet sizes and would realize that the three-way handshake is not being established and would prevent the SYN flood attack.
5. The role of the VPN concentrator is to set up the secure session for the VPN connection.
6. We would install a load balancer to deal with the vast amount of web traffic and we would set up affinity in the regions with limited bandwidth with all of the requests going to the same web server...