100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Book 5 SANS 301 Questions and Answers 2024 $14.99   Add to cart

Exam (elaborations)

Book 5 SANS 301 Questions and Answers 2024

 12 views  0 purchase
  • Course
  • SANS
  • Institution
  • SANS

Exam of 10 pages for the course SANS at SANS (Book 5 SANS 301)

Preview 2 out of 10  pages

  • August 3, 2024
  • 10
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SANS
  • SANS
avatar-seller
julianah420
Book 5 SANS 301

Compartmentalization - answerbreaks up a network into different areas. dividing a
network into security zones. intranets, extranets, enclaves etc.

segmentation - answerdividing a network for efficient management.

firewall - answerprimary mechanism to provide security separation between two
networks.
used for going between internal network and the internet
used to keep people from HR out of accounting network and vice versa for example.

types of firewalls - answerpacket filter
proxy
stateful inspection

web App Firewall - answerspecial purpose typ eof firewall. controls all of the traffic to
and from that server.

What does every firewall require? - answeryou to configure rules of some kind.

Access Control List - answerrules that you load onto a router and apply to an interface.

How do you know what rules you should put on the firewall? - answeryour organization's
policy tells you what rules you need.

default deny - answerwhat most firewalls on the market today are. you put in rules to
allow necessary traffic and everything else is automatically denied.

default allow - answereverything automatically accepted.

Excessive rules - answerrule creep- new rules are added when new people come in.
always add a comment to your firewall rules os the next person in the job will have
some idea why the rule was added.

packet filter - answermost common on routers
load an ACL; apply to interface

when you create the rules for ACL, you can filter on information only from the OSI layers
3 and 4 headers. specifically, you can filter on the source and destination IP addresses,
the source and destination port number, and the protocol type such as TCP/UDP/ICMP
etc.

, two types of firewall packets - answerTCP and UDP

Proxy firewall - answeroperate at OSI layer 7.

most important thing to note about a proxy? - answernothing goes through a proxy.
traffic goes to the device. traffic goes from the device. no trafficc goes through the
device.

What are the two separate connections for the internet in relation to the proxy? -
answerone from the client to the proxy and one from the proxy to the internet server.

internet has no idea client system exists; its communication is with the proxy/

why have proxy firewalls fallen out of favor? - answereach time a packet containing data
arrives at a proxy, the data has to be copied out of the packet and into a buffer. a new
packet has to be created to go out the other side, and the data is copied from the buffer
to the new packet.

stateful inspection firewall - answerbased on packet filtering.

state engine - answeruses a state table that takes basic packet filtering to another level.
after the initial packet matches a permit rule, all subsequent packets are allowed based
on the state of a current connection. after the firewall sees the session terminate, it
closes the connection back off and removes the state table entry, so the communication
path is open only as long as the connection needs it.

How to start the process of state inspection - answeruser opens web browser and types
in the IP address
TCP SYN packet travels from the client toward the server but hits the firewall
firewall stops that packet to inspect
inspection approved and firewall reconfigures the packet to go through.
packet traverses the firewall and a state table entry is created
SYN packet arrives at server
inspected and approved
state table updated with more info
packets allowed through based on the state table.
connection ends and is torn down.

other features of stateful inspection examples - answerNAT-network address translation
IDS- intrusion detection system
IPS- intrusion prevention system
Gateway virus
Content filtering
Virtual private network (VPN) encryption and decryption.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

71947 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart