Net Def Final

¡Supera tus tareas y exámenes ahora con Quizwiz!

DMZ

The rule base should permit access to public servers in the ____________ and enable users to access the Internet.

B. they are not routable on the Internet

Which of the following is true about private IP addresses? A. they are assigned by the IANA B. they are not routable on the Internet C. they are targeted by attackers D. NAT was designed to conserve them

firewall appliance

hardware devices with firewall functionality

proxy server

software that forwards network packets and caches Web pages to speed up network performance

load-balancing software

software that prioritizes and schedules requests and then distributes them to servers in a server clusted based on each server's current load and processing power

False

Proxy servers take action based only on IP header information. True/False

False

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny. True/False

screening

A __________ router determines whether to allow or deny packets based on their source and destination IP addresses.

Java

A _____________ applet is a small program sometimes used as embedded code in Web pages.

stack

A critical buffer component is the function __________ and buffer overflows are usually aimed at this component.

False

A dual-homed host has a single NIC with two MAC addresses. True/False

endpoints

Network gateways are _____________ of the VPN connection.

stateless packet filters

simple filters that determine whether to allow or block packets based on information in protocol headers

False

Firewalls can protect against employees copying confidential data from within the network. True/False

anycast addressing

a network addressing scheme that allows DNS services to be decentralized among a group of servers, regardless of their location

publicly

A DMZ is a subnet of ____________ accessible servers placed outside the internal network.

perimeter

A firewall can consist of all devices postioned on the network __________.

filter

A primary objective of a rule base is to _______________ communications based on complex rules.

True

A screened host has a router as part of the configuration. True/False

rule

ACLs filter packets by using a _____________ base to determine whether to allow a packet to pass.

True

Another name for a VPN connection is tunnel. True/False

True

Computers on the Internet are identified primarily by their IP address. True/False

cache

DNS _____________ poisoning streers unsuspecting victims to a server of the attacker's choice instead of the intended Web site.

False

Generally, connections to instant-messaging ports are harmless and should be allowed. True/False

True

Hardware VPNs create a gateway-to-gateway VPN. True/False

True

IPsec has become the standard set of protocols for VPN security. True/False

False

If you use Windows RRAS for your VPN, you will need a third-party RADIUS server if you want to use RADIUS for authentication. True/False

host

In a screened ____________ setup, a router is added between the host and the Internet to carry out IP packet filtering.

C. DDoS

In what type of attack are zombies usually put to use? A. buffer overrun B. virus C. DDoS D. spoofing

True

SQL injection attacks are isolated to custom applications, so administrators can prevent them. True/False

False

Since ICMP messages use authentication, man-in-the-middle attacks cannot be successful. True/False

False

Software firewalls are usually more scalable than hardware firewalls. True/False

False

Standards and protocols used in VPNs are in their infancy and seldom used. True/False

False

Stateless packet filtering keeps a record of connections that a host computer has made with other computers. True/False

XOR

TLS splits the input data in half and recombines it using a(n) ___________ function.

handshake

The ACK flag is normally sent at the end of the three-way ___________ to indicate that a connection is established.

C. firewall appliance

The Cisco PIX line of products is best described as which of the following? A. software firewall B. PC with firewall installed C. firewall appliance D. VPN gateway

Exchange

The Internet Key ____________ protocol enables computers to make an SA.

False

The TCP normalization feature forwards abnormal packets to an administrator for further inspection. True/False

DNSSEC

The goal of ____________ is to provide authentication of DNS data and ensure integrity of DNS data.

NAPs

The internet tier system starts with a backbone network connected via _____________ to regional Internet service providers.

spoofing

The lack of authentication for computers on the Internet make IP _____________ possible, which is change in the IP addresses in the headers of malicious packets.

True

The objective of a phishing attack is to entice e-mail recipients to click a bogus link where personal information can be stolen. True/False

False

The term Internet and World Wide Web are different terms that mean the same thing. True/False

C. TCP 21 control, TCP 20 data

What are the to standard ports used by FTP along with their function? A. UDP 23 control, TCP 20 data B. UDP 20 data, TCP 21 control C. TCP 21 control, TCP 20 data D. TCP 23 data, TCP 21 control

C. anycast addressing

What feature of the 13 DNS root servers enables any group of servers to act as a root server? A. multicast addressing B. broadcast addressing C. anycast addressing D. unicast addressing

A. 30 rules

What is a suggested maximum size of a rule base? A. 30 rules B. 300 rules C. 10 rules D. 100 rules

B. updating a secondary DNS server

What is a zone transfer? A. the movement of e-mail from one domain to another B. updating a secondary DNS server C. backing up an SQL data file D. coping host file data to another system

B. DNS

What service uses UDP port 53? A. SMTP B. DNS C. ICMP D. TFTP

D. proxy server

What should a company concerned about protecting its data warehouses and employee privacy might consider installing on the network perimeter to prevent direct connections between the internal network and the Internet? A. router B. filtering C. ICMP monitor D. proxy server

D. reverse firewall

What should you consider installing if you want to inspect packets as they leave the network? A. security workstation B. RIP router C. filtering proxy D. reverse firewall

D. split-DNS architecture

What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server? A. read-only zone B. anti-phishing DNS C. caching DNS zone D. split-DNS architecture

A. primary

What type of DNS server is authoratative for a specific domain? A. primary B. secondary C. read-only D. initial

B. phishing

What type of attack displays false information masquerading as legitimate data? A. Java applet B. phishing C. buffer overflow D. SQL injection

D. SQL injection

What type of attack involves plaintext scripting that affects databases? A. phishing B. ActiveX control C. Java applet D. SQL injection

B. VPN quarantine

What was created to address the problem of remote clients not meeting an organization's VPN security standards? A. split tunneling B. VPN quarantine C. IPsec filters D. GRE isolation

C. IPsec driver

Which IPsec component is software that handles the taks of encrypting, authenticating, decrypting and checking packets? A. ISAKMP B. IKE C. IPsec driver D. Oakley protocol

C. SSL

Which VPN protocol leverages Web-based applications? A. PPTP B. L2TP C. SSL D. IPsec

B. L2TP

Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication? A. IPsec B. L2TP C. PPTP D. SSL

C. IPsec

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet? A. PPTP B. L2TP C. IPsec D. SSL

D. encapsulation

Which activity performed by VPNs encloses a packet within another packet? A. address translation B. encryption C. authentication D. encapsulation

C. NAT

Which element of a rule base conceals internal names and IP addresses from users outside the network? A. tracking B. filtering C. NAT D. QoS

B. a computer on the perimeter network that is highly protected

Which of the following best describes a bastion host? A. a host with two or more network interfaces B. a computer on the perimeter network that is highly protected C. a computer running a standard OS that also has a proxy software installed D. a computer running only embedded firmware

C. data patterns

Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets. A. IP address B. ports C. data patterns D. TCP flags

C. use the default standard Web page error messages

Which of the following is NOT a recommended security setting for Apache Web servers? A. harden the underlying OS B. create Web groups C. use the default standard Web page error messages D. disable HTTP traces

C. use standard naming conventions

Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes? A. limit table access B. use stored procedures C. use standard naming conventions D. place the database server in a DMZ

B. employees can use instant-messaging only with external network users

Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy? A. only authenticated traffic can access the internal network B. employees can use instant-messaging only with external network users C. the public can access the company Web servers D. employees can have restricted internet access

D. authentication server

Which of the following is NOT an essential element of a VPN? A. VPN server B. tunnel C. VPN client D. authentication server

C. have more security vulnerabilities than software VPNs

Which of the following is NOT true about a hardware VPN? A. should be the first choice for fast-growing networks B. can handle more traffic than software VPNs C. have more security vulnerabilities than software VPNs D. create a gateway-to-gateway VPN

C. may require client configuration

Which of the following is a disadvantage of using a proxy server? A. shields internal host IP addresses B. slows Web page access C. may require client configuration D. can't filter based on packet content

C. NAP

Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data? A. ISP B. POP C. NAP D. NSF

A. Teredo tunneling

Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted? A. Teredo tunneling B. ICMPv6 encapsulation C. IPsec tunneling D. SMTP/S tunneling

B. not dependent on a conventional OS

Which of the following is an advantage of hardware firewalls? A. not scalable compared to software firewalls B. not dependent on a conventional OS C. less expensive than software firewalls D. easy to patch

D. adds a hashed message authentication code

Which of the following is an improvement of TLS over SSL? A. requires less processing power B. uses a single hashing algorithm for all the data C. uses only asymmetric encryption D. adds a hashed message authentication code

D. load-balancing software

Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power. A. server pooling software B. traffic distribution filter C. priority server farm D. load-balancing software

B. it was established in the mid-1960s

Which of the following is true about the Internet? A. it is the same as the World Wide Web B. it was established in the mid-1960s C. it was developed by a network of banks and businesses D. it was originally built on an extended star topology

C. 80,443

Which two ports should packet-filtering rules address when establishing rules for Web access? A. 143, 80 B. 25, 110 C. 80, 443 D. 423, 88

A. screened subnet DMZ

Which type of firewall configuration protects public servers by isolating them from the internal network? A. screened subnet DMZ B. dual-homed host C. screening router D. reverse firewall

B. proxy server

Which type of security device can speed up Web page retrieval and shield hosts on the internal network? A. caching firewall B. proxy server C. caching-only DNS server D. DMZ intermediary

B. port address translation

Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address? A. one-to-one NAT B. port address translation C. one-to-many NAT D. DMZ proxy translation

B. pharming

Which variation on phishing modifies the user's host file to redirect traffic? A. spear phishing B. pharming C. DNS phishing D. hijacking

False

Windows Basic Authentication requires that users enter a username and password and the password is transmitted using a hashing algorithm. True/False

harden

You can _________ a bastion host by removing unnecessary accounts and services.

split brain DNS architecture

a network architecture that uses a single DNS domain with a DNS server on the organization's DNZ for Internet services and a DNS server on the internal network for service to internal hosts

Botnets

_________ are networks of zombie computers that magnify the scope and intensity of an attack.

Routers

_____________ direct network traffic to its destionation on the Internet using tables and protocols.

dual-homed host

a computer configured with more than one network interface

IKE

a form of key exchange used to encrypt and decrypt data as it passes though a VPN tunnel

screened host

a host in which one interface is connected to an internal network and the other interface is connected to a router to an untrusted network

GRE

a nonproprietary tunneling protocol that can encapsulate a variety of Network layer protocols

cleanup rule

a packet-filtering rule that comes last in a rule base and covers any packets that have not been covered by preceding rules

many-to-one NAT

a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts

SSL

a protocol developed by Netscape Communications Corporation as a way of enabling Web servers and browsers to exchange encrypted information

screening router

a router placed between an untrusted network and an internal network

IPsec

a set of standard procedures that the IETF developed for enabling secure communication on the Internet

Kerberos

an IETF standard for secure authentication of requests for resource access

ESP

an IPsec protocol that encrypts the header and data components of TCP/IP packets

rule base

the collection of rules that filter traffic at an interface of a firewall

socket

the end point of a computer-to-computer connection defined by an IP address and port address

one-to-one NAT

the process of mapping one internal IP address to one external IP address


Conjuntos de estudio relacionados

Naturalism and Society: Mastery Test

View Set

التحصيلي ( رياضيات ) ١

View Set

Marketing Midterm Study Guide (1-12)

View Set

Combo with "TEST 3 A&P Q233" and 1 other

View Set

Module 11, 12, 13, and 14 Assessment Questions

View Set

อิทอิส Chapter 2 Q:1-40

View Set

CCNA 4 chapter 8 Network Troubleshooting

View Set