Audit2E_Lab07_AW_9e44dbb7654661a39e313b0b089f89fc.pdf

60 LAB #7 | Auditing the LAN-to-WAN Domain for Compliance

Lab #7 – Assessment Worksheet

Auditing the LAN-to-WAN Domain for Compliance
Course Name and Number: _____________________________________________________

Student Name: ________________________________________________________________

Instructor Name: ______________________________________________________________

Lab Due Date: ________________________________________________________________

Overview

In this lab, you learned how to audit the LAN-to-WAN Domain. You identified common risks,
threats, and vulnerabilities found in the LAN-to-WAN Domain, you assessed common risks,
threats, and vulnerabilities found in the LAN-to-WAN Domain, you identified network and
security policies needed to properly secure the LAN-to-WAN portion of the network
infrastructure, you audited and assessed implementation of security controls within the LAN-to-
WAN Domain, and you recommended LAN-to-WAN Domain hardening solutions by
implementing proper security controls at the Internet ingress/egress point within an IT
infrastructure.

Lab Assessment Questions & Answers

1. What are some common risks, threats, and vulnerabilities found in the LAN-to-WAN Domain
that must be mitigated through a layered security strategy?

2. What is an access control list (ACL), and how is it useful in a layered security strategy?

3. What is a Bastion Host? Provide an example of when a Bastion Host should be used and how.

4. Provide at least two examples of how the enclave requirement to place a firewall at the perimeter
can be accomplished.

61

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual

5. What is the difference between a traditional IP stateful firewall and a deep packet inspection
firewall?

6. How would you monitor for unauthorized management access attempts to sensitive systems?

7. What is the significance of VLAN 1 traffic in a Cisco Catalyst LAN switch? Describe the
vulnerabilities associated with it if it traverses across an unnecessary trunk.

8. At what logging level should the syslog service be configured on a Cisco router, switch, or
firewall device?

9. As defined in the Network Infrastructure Technology Overview, describe the three layers that can
be found in the DISA Enclave Perimeter layered security solution for Internet ingress/egress
connections (for instance, Demilitarized Zone [DMZ] or Component Flow).

10. Which device in the Enclave Protection Mechanism Component Flow helps mitigate risks from
users violating acceptable use and unwanted Web sites and URL links?

11. True or false: The Enclave Protection Mechanism includes both an internal IDS and external IDS
when connecting a closed network infrastructure to the public Internet.

12. True or false: Securing the enclave requires only perimeter security and firewalls.

13. What is the primary objective of the Network Infrastructure STIG as it relates to DoD network
infrastructures?

Course Name and Number:
Student Name:
Instructor Name:
Lab Due Date:
Question1:
Question2:
Question3:
Question4:
Question5:
Question6:
Question7:
Question8:
Question9:
Question10:
Question11:
Question12:
Question13: