60 LAB #7 | Auditing the LAN-to-WAN Domain for Compliance
Lab #7 – Assessment Worksheet
Auditing the LAN-to-WAN Domain for Compliance
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
Overview
In this lab, you learned how to audit the LAN-to-WAN Domain. You identified common risks,
threats, and vulnerabilities found in the LAN-to-WAN Domain, you assessed common risks,
threats, and vulnerabilities found in the LAN-to-WAN Domain, you identified network and
security policies needed to properly secure the LAN-to-WAN portion of the network
infrastructure, you audited and assessed implementation of security controls within the LAN-to-
WAN Domain, and you recommended LAN-to-WAN Domain hardening solutions by
implementing proper security controls at the Internet ingress/egress point within an IT
infrastructure.
Lab Assessment Questions & Answers
1. What are some common risks, threats, and vulnerabilities found in the LAN-to-WAN Domain
that must be mitigated through a layered security strategy?
2. What is an access control list (ACL), and how is it useful in a layered security strategy?
3. What is a Bastion Host? Provide an example of when a Bastion Host should be used and how.
4. Provide at least two examples of how the enclave requirement to place a firewall at the perimeter
can be accomplished.
61
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual
5. What is the difference between a traditional IP stateful firewall and a deep packet inspection
firewall?
6. How would you monitor for unauthorized management access attempts to sensitive systems?
7. What is the significance of VLAN 1 traffic in a Cisco Catalyst LAN switch? Describe the
vulnerabilities associated with it if it traverses across an unnecessary trunk.
8. At what logging level should the syslog service be configured on a Cisco router, switch, or
firewall device?
9. As defined in the Network Infrastructure Technology Overview, describe the three layers that can
be found in the DISA Enclave Perimeter layered security solution for Internet ingress/egress
connections (for instance, Demilitarized Zone [DMZ] or Component Flow).
10. Which device in the Enclave Protection Mechanism Component Flow helps mitigate risks from
users violating acceptable use and unwanted Web sites and URL links?
11. True or false: The Enclave Protection Mechanism includes both an internal IDS and external IDS
when connecting a closed network infrastructure to the public Internet.
12. True or false: Securing the enclave requires only perimeter security and firewalls.
13. What is the primary objective of the Network Infrastructure STIG as it relates to DoD network
infrastructures?
Course Name and Number:
Student Name:
Instructor Name:
Lab Due Date:
Question1:
Question2:
Question3:
Question4:
Question5:
Question6:
Question7:
Question8:
Question9:
Question10:
Question11:
Question12:
Question13:
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more