Chapter 10
T/F The basic function of a NIDS is to provide an active response to any network threat.
False
T/F The more antiviruses a system has, the great performance of functionality the system will have and lower chance of the system getting malware.
False
T/F A reverse proxy is used with a published website to not directly expose the server to the Internet.
True
T/F: Routers can have the functionality of a firewall built into the router firmware.
True
A small company has decided to use a single virtual appliance to filter spam as well as reverse proxy and filter traffic to its internal web server. Which of the following has the company MOST likely deployed? a.) Content Filter b.) SIEM c.) Load balancer d.) IPS
a.) Content Filter
What security tool and software can be used to scan files and re-compute a hashsum to ensure it matches the correct value? a.) File Integrity Monitoring (FIM) b.) Host-based Intrusion Detection System (HIDS) c.) Signature management d.) Host-Based Intrusion Protection System (HIPS)
a.) File Integrity Monitoring (FIM)
A Chief Information Officer (CIO) tasks the network engineer with protecting the network from outside attacks. Placing which of the following devices on the network perimeter would provide the MOST security for the system? a.) NGFW b.) IDS/IPS c.) Firewall d.) Content Filter
a.) NGFW
A network administrator deploys a firewall that analyzes the header and Hypertext Markup Language (HTML) code in Hypertext Protocol (HTTP) packets to match patterns in a threat database. Consider the types of firewalls and determine which firewall is on the network. a.) Next Generation Firewall (NGFW) b.) Appliance firewall c.) Packet filtering firewall d.) Router firewall
a.) Next Generation Firewall (NGFW)
What type of firewall operates at layer 5 (Session) of the OSI model? a.) Stateful Inspection b.) Next Generation Firewall c.) Web Application Firewall d.) Packet Filtering
a.) Stateful Inspection
A network manager needs to secure a critical client. The manager's primary goal is to prevent modification of the system. Which can the manager use to prevent modification of the system? a.) Unified Threat Management b.) Host-Based Intrusion Prevention System (HIPS). c.) Host-Based Intrusion Detection System (HIDS). d.) Signature-Based Detection
b.) Host-Based Intrusion Prevention System (HIPS).
To achieve a more efficient and secure work environment, a company needs a way to control what is being accessed on the Internet using corporate resources. Which of the following devices should be used to accomplish this task? (SELECT TWO) a.) IDS b.) Proxy Server c.) Content Filter d.) Load Balancer e.) IPS
b.) Proxy Server c.) Content Filter
A server that mediates the communications between a client and another server is known as a: a.) Firewall server b.) Proxy server c.) Apache server d.) DMZ server
b.) Proxy server
What uses a database of attack patterns and known composites of malware to prevent malware attacks? a.) ACL b.) Signature-based detection c.) File Integrity monitoring d.) iptable
b.) Signature-based detection
If a firewall does not preserve information about the connection between two hosts, it is: a.) Stateful b.) Stateless c.) Dynamic d.) Static
b.) Stateless
A network manager is configuring a firewall. Prepare guidelines for the network manager to follow. (Select two) a.) The final default rule in a firewall is implicit allow. b.) The most important rules are placed at the top. c.) Only allow the minimum amount of traffic required. d.) The rules are processed from bottom to top.
b.) The most important rules are placed at the top. c.) Only allow the minimum amount of traffic required.
What is a means of using software tools to passively provide real-time analysis of either network traffic or system and application logs? a.) Anti-virus b.) Host-based Firewall c.) Intrusion Detection System (IDS) d.) Instrusion Protection System (IPS)
c.) Intrusion Detection System (IDS)
A server in a LAN was configured to act as a gateway between all company computers and an external network. Which of the following networking devices offers the ability to increase both performance and security? a.) IDS b.) Load Balancer c.) Proxy Server d.) Wireless controller
c.) Proxy Server
A company has three network technicians and a small budget for increasing security concerns. Given this scenario, which is the BEST solution for the company? a.) Network-Based Intrusion Prevention System (HIPS) b.) File Integrity Monitoring (FIM) c.) Unified Threat Management (UTM) d.) Signature management
c.) Unified Threat Management (UTM)
What is a command line utility provided by many Linux distributions that allows administrators to edit the rules enforced by the Linux kernel firewall? a.) ifconfig b.) ipconfig c.) iptables d.) input
c.) iptables
What type of firewall monitors packet sequence to prevent session jacking? a.) Application b.) Next Generation c.) Host-based d.) Circuit-level
d.) Circuit-level
After a recent drop in productivity, from what management believes is due to employees conducting personal business online at work, you have been asked to provide a solution. Which of the following BEST solves the issue? a.) Deploy a reverse proxy server b.) Deploy a firewall c.) Deploy a proxy server d.) Deploy a content filter
d.) Deploy a content filter
Which of the following devices would allow a network administrator to block an application at Layer 7 on the network? a.) Router b.) UPS c.) Spam Filter d.) NGFW
d.) NGFW
Packet-filtering firewalls operate at what layer of the OSI model? a.) Application layer b.) Session layer c.) Data link layer d.) Network layer
d.) Network layer
What security tool is used to throttle the bandwidth of attacking hosts and modifies suspect packets to render them harmless? a.) Signature management b.) Network-Based Intrusion Detection System (NIDS) c.) Unified Threat Management (UTM) d.) Network-Based Intrusion Prevention System (NIPS)
d.) Network-Based Intrusion Prevention System (NIPS)
T/F It is a good idea to block TCP and UDP ports in a firewall.
False