• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

security question

 
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What type of firewall will you use to the validate the application protocol of a network communication?
a. SSL
b. Packet Filters
c. Stateful packet Filters
d. Proxy

Can you give me answer and explanation?
 
Vaithiya Sundaram
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
some more questions:

2. Which of the following is not an optional step in establishing an SSL handshake?

a. Server side certificate validation by the client
b. client side certificate validation by the server
c. Generation of session keys for encryption and decryption
d. Selection of a suitable Cipher suite for encryption by the server and the client

3. Which of the following is true about SSL

a. SSL can be configured only on port 80
b. SSL can be configured only on port 443
c. SSL can be configured to work on any port above 1024
d. None of the above

4. Which of the following are true about load balancing methods?

a. DNS round robin method maps multiple IPs to a single host name
b. Hardware load balancing maps multiple IPs to a single host name
c. Hardware load balancing can potentially involve a single point of failure
d. DNS round robin is easy to setup than hardware load balancing.
e. DNS load balancing supports server affinity
f. Hardware load balancing supports server affinity

5. Which of the following are true about SSL?

a. SSL facilitates secure communication
b. SSL is a high level protocol and sits on top of HTTP
c. SSL is a low level protocol and sits below HTTP
d. SSL works only with HTTP
 
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My answer is 4

Proxy type firewall works at the application layer. it understands the specific application layer protocol.

Both packet filtering and stateful inspection firewall work at the Ip layer.

Never heared of the SSL firewall.


James Du
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good Day,

#3 � I would say d which is 'None of the above' because SSL can be configured on any port; by convention it's configured on port 443.

As my book, HTTP Essentials by Stephen Thomas, says on page #158:

Although the URI scheme allows explicit specification if a TCP port, HTTP over SSL has a default port of 443. This approach does highlight a limitation with SSL. Each application that has the option of using SSL needs two separate default TCP ports: one for standard, non-secure operation (e.g., HTTP�s port 80) and a separate port fir secure communications (such as HTTP�s port 443).



#5 a and c

The book says on page #157:

As a separate protocol, SSL is available to all applications that use TCP for transport. .....
Notice that in the standard case HTTP communicates directly with TCP while, when SSL is involved, HTTP communicates only with SSL, and SSL, in turn, communicates with TCP.



#4 a,b,d,f

The book says:

The simplest way to distribute HTTP requests to multiple servers is to use the Domain Name System (DNS). The DNS protocol translates the host name part of a URL into an IP address. To send requests to different Web servers, the DNS server simply needs to respond with different IP addresses.
.....
The earliest load balancing implementations used a single round-robin algorithm to route the requests. With a round robin, the first request is sent to host A; the next request is sent to host B, and so on. The process continues through all the Web servers and then starts over again at server A.



http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci1005407,00.html says:

A hardware load-balancing device (HLD), also known as a layer 4-7 router, is a physical unit that directs computers to individual servers in a network, based on factors such as server processor utilization, the number of connections to a server, or the overall server performance. The redirection process is one form of load balancing.
The use of an HLD minimizes the probability that any particular server will be overwhelmed and optimizes the bandwidth available to each computer or terminal. In addition, the use of an HLD can minimize network downtime, facilitate traffic prioritization, provide end-to-end application monitoring, provide user authentication, and help protect against malicious activity such as denial-of-service (DoS) attacks.



http://publib.boulder.ibm.com/infocenter/ws40help/index.jsp?topic=/com.ibm.websphere.v4.doc/wasa_content/07010603.html says:

Server affinity refers to the characteristics of each load distribution facility that take these constraints into account. The load distribution facility recognizes that multiple servers can be acceptable targets for a request. However, it also recognizes that each request can be directed to a particular server where it is handled better or faster.



Regards,
Dan
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
About #2

The non-optional steps in establishing an SSL handshake should probably be a, c and d. The optional is therefore b. - client side certificate validation by the server.

-- Dan
 
Vaithiya Sundaram
Ranch Hand
Posts: 98
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Dan Drillich.
My assumptions are matching with you.
But the answers given in mock exam:
#3. c
#4. a,c,d,f
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Vaithiya,

#3. c doesn't make much sense.

#4. a,c,d,f while we said a,b,d,f

It seems to me that b and c are correct �

b. Hardware load balancing maps multiple IPs to a single host name
c. Hardware load balancing can potentially involve a single point of failure



where the single point of failure is the load balancer.

It just that if we choose c, then we are inconsistent with the a choice.

-- Dan
[ February 28, 2005: Message edited by: Dan Drillich ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic