chapter 6 infosec
The dominant architecture used to secure network access today is the __________ firewall. static bastion unlimited screened subnet
Screened subnet
Which of the following is not a major processing mode category for firewalls? Packet-filtering Application Layer Proxy Media Access Control Layer Router passthru
router passthru
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels.
False, Authorization
The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network.
False, it is more secure than general public networks but less secure than the internal network
The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers.
False, it is standard
Discretionary access control is an approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.
False, nondisretionary
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager.
False, role based controls
Syntax errors in firewall policies are usually difficult to identify.
False, they are usually easy to identify
Telnet protocol packets usually go to TCP port __________, whereas SMTP packets go to port __________ 23, 52 80, 52 80, 25 23, 25
23, 25
The restrictions most commonly implemented in packet-filtering firewalls are based on __________. IP source and destination address Direction (inbound or outbound) TCP or UDP source and destination port requests All of the above
All of the above
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. MAC layer Circuit gateway Application gateway Packet-filtering
MAC Layer
Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host. trusted domain DMZ sacrificial
Sacrificial Host
__________ inspection firewalls keep track of each network connection between internal and external systems. Static Dynamic Stateful Stateless
Stateful
Which of the following versions of TACACS is still in use? TACACS Extended TACACS TACACS+ All of the above
TCACS+
Authentication is the process of validating and verifying an unauthenticated entity's purported identity
True
Good firewall rules include denying all data that is not verifiably authentic.
True
The application layer proxy firewall is capable of functioning both as a firewall and an application layer proxy server.
True
When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.
True
The application layer proxy firewall is also known as a(n) __________. application firewall client firewall proxy firewall All of the above
application firewall
A __________ filtering firewall can react to an emergent event and update or create rules to deal with the event. dynamic static stateful stateless
dynamic
