Objective 4.3

Question 1

Which best describes device hardening?
- Ignoring software updates
- Removing unused services and ports
- Allowing all traffic for performance
- Using only default settings

Answer 1

Removing unused services and ports | Practical Use: Disabling Telnet if not in use. | Explanation: Device hardening reduces vulnerabilities by limiting attack surface. | Objective: 4.3 – Device hardening | Follow-up Question: Why is applying patches part of device hardening?

Question 2

Why should unused switch ports be disabled?
- To allow faster bandwidth
- To save electricity
- To reduce unauthorized network entry points
- To prevent patching needs

Answer 2

To reduce unauthorized network entry points | Practical Use: Closing unused ports on access switches in an office. | Explanation: Disabled ports prevent rogue devices from being connected. | Objective: 4.3 – Device hardening | Follow-up Question: What other step strengthens port security?

Question 3

Why must default passwords be changed on network devices?
- They prevent encryption
- They cause switches to fail open
- They are too long and complex
- They are published and easily known

Answer 3

They are published and easily known | Practical Use: Changing admin/admin on a new router. | Explanation: Default passwords are easy for attackers to exploit. | Objective: 4.3 – Device hardening | Follow-up Question: What’s a best practice for password creation?

Question 4

What is the main function of Network Access Control (NAC)?
- To block malware automatically
- To increase wireless speed
- To enforce policies on devices before allowing access
- To configure DNS servers

Answer 4

To enforce policies on devices before allowing access | Practical Use: Only compliant devices with antivirus can join the LAN. | Explanation: NAC checks and enforces device compliance before network entry. | Objective: 4.3 – NAC | Follow-up Question: What’s an example of a NAC policy?

Question 5

Which security feature limits the number of allowed MAC addresses on a switch port?
- Port security
- NAC
- DMZ
- DNS filtering

Answer 5

Port security | Practical Use: Limiting a port to one MAC prevents device swapping. | Explanation: Port security protects against MAC flooding and rogue devices. | Objective: 4.3 – NAC | Follow-up Question: What happens when a port security violation occurs?

Question 6

Which standard uses port-based authentication with Extensible Authentication Protocol (EAP)?
- RADIUS
- 802.1X
- PKI
- SSL/TLS

Answer 6

802.1X | Practical Use: Validating laptops connecting to secure Wi-Fi. | Explanation: 802.1X ensures devices are authenticated before accessing LAN/WLAN. | Objective: 4.3 – NAC | Follow-up Question: Which server protocol often works with 802.1X?

Question 7

Which NAC feature allows only listed MAC addresses onto the network?
- MAC filtering
- URL filtering
- Port security
- ACL

Answer 7

MAC filtering | Practical Use: Allowing only company devices onto Wi-Fi. | Explanation: MAC filtering restricts network access by device identifiers. | Objective: 4.3 – NAC | Follow-up Question: Why is MAC filtering not foolproof?

Question 8

What is the main purpose of key management in security?
- To create, distribute, and protect cryptographic keys
- To monitor bandwidth usage
- To configure firewall ports
- To store all user passwords

Answer 8

To create, distribute, and protect cryptographic keys | Practical Use: Rotating SSL keys on web servers. | Explanation: Secure key management ensures encryption remains effective. | Objective: 4.3 – Key management | Follow-up Question: Why is key rotation important?

Question 9

Which security rule filters traffic based on IP addresses, protocols, or ports?
- 802.1X
- ACL
- URL filtering
- DMZ

Answer 9

ACL (Access Control List) | Practical Use: Blocking all inbound traffic except port 443. | Explanation: ACLs enforce rules at the router/switch level. | Objective: 4.3 – Security rules | Follow-up Question: What’s one limitation of ACLs?

Question 10

Which rule blocks access to specific websites based on their addresses?
- ACL
- URL filtering
- Port security
- Content filtering

Answer 10

URL filtering | Practical Use: Blocking access to social media sites at work. | Explanation: URL filtering compares requests against allowed/blocked lists. | Objective: 4.3 – Security rules | Follow-up Question: How is URL filtering different from content filtering?

Question 11

Which rule inspects and blocks harmful or inappropriate digital material?
- ACL
- URL filtering
- Port security
- Content filtering

Answer 11

Content filtering | Practical Use: Blocking phishing emails with malicious attachments. | Explanation: Content filtering analyzes data and blocks unsafe material. | Objective: 4.3 – Security rules | Follow-up Question: Why is content filtering useful against phishing attacks?

Question 12

Which type of zone is considered secure and usually contains internal servers?
- NAC zone
- Untrusted zone
- Trusted zone
- DMZ

Answer 12

Trusted zone | Practical Use: Internal database servers. | Explanation: Trusted zones are secured areas with tight access control. | Objective: 4.3 – Zones | Follow-up Question: What is an example of an untrusted zone?

Question 13

What is the purpose of a screened subnet (DMZ)?
- To connect VLANs
- To encrypt stored data
- To isolate public-facing servers from the internal network
- To replace a firewall

Answer 13

To isolate public-facing servers from the internal network | Practical Use: Hosting a company’s web server in a DMZ. | Explanation: The DMZ prevents direct access from the internet to private systems. | Objective: 4.3 – Zones | Follow-up Question: What kind of servers are typically placed in a DMZ?