ITN 263 Quiz 13
While fragmentation of IP packets is supported when they encounter network segments that have a smaller maximum transmission unit (MTU), that feature can be manipulated by malicious parties in overlapping attacks. In calculating a defense for such an exploit, what is the only reliable defense?
A dynamic filtering system that performs virtual reassembly
Arturo is troubleshooting a firewall that may have been hacked by a malicious outsider. He is under pressure and immediately tries a fix that, if it fails, will not be easy to back out of. Before he makes the attempt, his supervisor warns him of the danger. What does Arturo's supervisor say?
Avoid destructive or irreversible solutions until last.
A malicious person wants to use tunneling to get through a company's firewall using a vulnerability. Micah, a network security engineer, is aware of this threat and configures the firewall to combat it. What does he do?
Block all encryption
Hong is a network engineer. He is developing a firewall policy that addresses troubleshooting a firewall that has either failed or is under attack. In his plan, what should be included as a best practice?
Collect firewall documentation before an attack.
In a tunneling attack, once the tunnel is open, what are the limitations?
Data can move in either direction.
______ is commonly exploited by many hackers because most enterprise web traffic is _________.
Encryption; encrypted
During which step of firewall incident response is the compromise resolved?
Eradication
A good policy is to implement the first generation or first release of a firewall product.
False
Allow by default/deny by exception is always the preferred security stance.
False
Basic packet filtering uses a complex, dynamic rule set.
False
Netcat cannot be used to create covert channels to control a target system remotely.
False
The most common method of exploiting and/or bypassing a firewall is tunneling.
False
You can fix a firewall's vulnerability to denial of service (DoS) flooding by upgrading the firewall or applying a patch.
False
Ambrose is testing his IT department's new firewall deployment. He is using a collection of applications that employ a brute-force technique to craft packets and other forms of input directed toward a target. What is this collection of tools called?
Fuzzing tools
A malicious person is using an existing virtual private network (VPN) tunnel to infiltrate a company's private local area network (LAN). What is this tunneling method doing?
Hijacking an existing port
Hacker tunneling uses two techniques. The first is to install a server component on an internal system and then have an external client make a connection. What is the second?
Install a server component on an external system and then use an internal client to make the connection.
Which of the following is a malicious remote control tool?
NetBus
A malicious person is attempting to subvert a company's virtual private network (VPN). She is using a tool that creates TCP and UDP network connections that can link to or from any port. What is this tool?
Netcat
Ahmed is testing the security of his company's IT infrastructure. He is using an application that works as a network mapper, port scanner, and OS fingerprinting tool. Which of the following is he employing?
Nmap
Which of the following can cause a full or partial overwriting of datagram components, creating new datagrams out of parts of previous datagrams?
Overlapping
Lin is a disgruntled IT technician who believes she is about to be discharged from her job. While she still has access to her company's network infrastructure, she decides to reset the main firewall to its factory settings so she will know the default administrative username and password. Which of the following is the method she is MOST likely to use?
She uses a straightened paper clip to press the pinhole-sized reset button in the back of the firewall for 30 seconds.
A best practice is to back up firewall configurations before applying new and tested updates.
True
A best practice is to perform verification scans of all deployed firewall settings to ensure their functionality.
True
A hacker tunneling set up using an inbound connection must "hijack" an existing open port or reconfigure the firewall to open another port for use by the tunnel.
True
A simulated firewall test uses an attack simulator to transmit attack packets to a firewall.
True
A written policy dictates which firewall features to enable or disable.
True
After installing a firewall, you should always install every available patch and update from the vendor.
True
Even with a firewall protecting the internal network, a denial of service (DoS) flooding attack can still successfully disconnect or interfere with external communications.
True
Every update, change, or alteration to any aspect of a firewall should trigger another round of firewall testing.
True
Fragmentation is a supported function of Internet Protocol (IP) packets.
True
Hacker tunneling can create a covert channel.
True
Hacker tunneling is the creation of a communication channel similar to the creation of a virtual private network (VPN).
True
In either a host firewall or an appliance firewall, the logic and controlling mechanisms are software.
True
Once a firewall policy is in place, the policy should be reviewed at least annually.
True
Once a zero-day exploit is discovered, a hacker can utilize that vulnerability until it is patched.
True
Besides a firewall, numerous other elements are often implemented to protect a network, EXCEPT:
a public IP address proxy.
Maria is the technician on call for her company's IT department. Over the weekend she discovers a breach in the primary firewall. She is restraining further escalation of the issue, an action that is referred to as:
containment.
An exploit called "overlapping" can cause the full or partial overwriting of datagram components, creating new datagrams out of parts of previous datagrams. An overrun attack can create excessively large datagrams and, with other types of fragmentation attacks, can result in:
denial of service.
All of the following are firewall management best practices, EXCEPT:
establish a philosophy of default allow rather than default deny.
All of the following protect against fragmentation attacks, EXCEPT:
internal code planting.
