Network Security, Firewalls, and VPNs Textbook (Third Edition) Answer Key

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following is the only insurance against data loss?

Backup

Which security stance focuses on the use of firewalls as it's primary means of controlling commuinications?

Chokepoint

Which of the following are the two main types of NAT?

Dynamic and static

Protocol converter is another name for what device?

Gateway

Which of the following is not a benefit of SSL/TLS over the use of IPSec VPNs?

Guaranteed uptime

Which of the following is not a biometric characteristic?

Height

Most exploits are based on existence which of the following?

Human beings

Which of the following is not a type of specialized firewall?

Hybrid

Which standard allows a firewall to hand off authentication to a dedicated service hosted on a different system?

IEEE 802.1x

Which of the following is one of the primary methods for deploying remote access VPNs?

IPSec

Which of the following is not part of a complete and comprehensive security approach?

Implement single-factor authentication

Which of the following techniques is not considered a part of network security assessment?

Incident response

Which of the following is the best, first tool to use when troubleshooting firewalls?

Information

Which of the following attacks is not stopped by a border firewall?

Inside client to internal host attack

Which of the following ins an IPSec protocol that negotiates, creates, and manages security associations?

Internet key exchange

Which of the following is true of Remote desktop services?

It can host multiple, simultaneous sessions

Which of the following is true about the stark typology?

It is more fault tolerant than a bus network

What is the most important characteristic of an effective security goal?

It is written down

Which of the following is a true statement regarding IPSec?

It provides secure node-on-network connectivity

CIOs can be held accountable for security breaches in government compliance. When CIOs complain about security, which of the following is their top complaint?

Lack of measures

Which of the following is not of the three most common VPN deployment architectures?

Modified

Which term describes the deployment of multiple subnets in a series to separate private resources from public?

N-tier

Which of the following protocols does not support VPN use?

NAT-T

Which of the following is a benefit of a commercial VPN solution over open-source solutions?

Product support

Which the following best describes network availability?

Protection against downtime while supporting authorized access to resources

When selecting a firewall solution, which of the following are security concerns to consider?

Refresh rate

Which of the following is not a network security management best practice?

Rely upon single or individual defenses

Which form of attack captures authentication packets to retransmit them later?

Replay

Which of the following is the most important feature of a bastion host OS?

Resistance to attacks and compromise attempts

How can you know if a firewall is function properly?

Review the test results

Which of the following should be complete prior to building a VPN policy?

Risk assessment

What is the primary security concern with wireless connections?

Signal range

Which of the following is an example of biometric characteristic?

Signature

Which attack is based on the impersonation of a legitimate host?

Spoofing

What is another name for dynamic packet filtering?

Stateful inspection

Which of the following is not an installation method for pfSense?

Streamed across the network

Which device works at layer 2(Data Link Layer) and uses Mac addresses to differentiate traffic?

Switch

What form of cryptography encrypts the bulk of data transmitted between VPN endpoints?

Symmetric

Which of the following is a firewall rule that prevents internal users from accessing public FTP sites?

TCP 192.168.42.0/24 ANY ANY 21 Deny

Which of the following is a default-deny rule?

TCP ANY ANY 192.168.42.0/24 ANY Deny

Which of the following is not one of the overlapping types of risk in network and transaction security?

The server hardware can fail

Which of the following is most important to the effectiveness of an antivirus scanner?

Timelines of the definitions database

What is the primary purpose of a post-mortem assessment review?

To learn from mistakes

What is the purpose of physical security in an organization?

To prevent unauthorized access to facilities and equipment

Which of the following VPN tools provides anonymous, encrypted tunneling systems?

Tor

Which of the following is not a part of IPv6 IPSec cryptography?

Translation services

Which of the following is not a component of a VPN policy?

Troubleshooting

What are the two modes supported by IPSec? (Multiple answers are correct)

Tunnel Transport

Which organization originally managed the Onion Routing Project?

U.S. Naval Research Lab

Which of the following is a firewall management best practice?

Upon firewall installation, install available updates from the vendor

Which of the following is not a firewall management best practice?

Use vendor default configuration

Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted?

Using WORM devices

Which of the following does not contribute to the erosion of the network perimeter?

VPN

Which of the following is a limitation of deploying a VPN?

Vulnerabilities exist at endpoints

Which command do you use to verify that an OpenVPN VPNN is running?

ping

When deploying software firewalls, what is the maximum number this should be operational on a single system at one time?

1

Which the following is not true firewalls?

A firewall is a type of authentication system

What does a hacker exploit in a target system?

A vulnerability

Which of the following is not a step or phase in incidence response plan?

Acqusition

Which of the following is not a remote VPN option discussed in this chapter?

AdobeConnect

When constructing a rule set, where should you place the default-deny rule?

After any explicit Deny rules

Which of the following is not a type of emerging issue the EPIC would alert the public about?

Alexa personal helper

Which of the following is true of firewall rules?

All rules on a firewall are exceptions.

Which of the following best describes the principle of least privilege?

Allow the user access to only what is essential for the job responsibilities.

When considering multifactor authentication, which of the following is something you have?

An ID card

Which of the following best describes nonrepudiation?

An action cannot be denied as occurring

Which of the following is the best option for resolving firewall compromises?

Apply outstanding patches

What does Van Eck phreaking allow?

Attackers to eavesdrop on electronic devices from a device

Which of the following is used by IPSec and provides integrity for packet headers and data, as well as user authentication?

Authentication Header (AH)

Which of the following is the primary factor when composing firewall rules?

Bandwidth

Which of the following is not a function of the firewall?

Block one device from using too much bandwidth

Which VPN access control issue can be enforced through VPN authentication?

Blocking unauthorized VPN users

Which of the following is not a common mistake that should be included in user training?

Bricking cooperate computers

Which form of attack submits excessive amounts of data to a target to cause arbitrary code execution?

Buffer overflow

Which of the following is a potential weakness of a firewall that cannot be fixed with the application of a path?

Buffer overflow vulnerability

Which of the following network typologies requires the use of terminators?

Bus

What is the term for a VPN deployment in which traffic between the VPN and internal network is not firewalled?

Bypass deployment

Which of the following is a form of filtering that allows communication, regardless of whether a session was previously established?

Circuit proxy

Which type of hacker represents the greatest threat because they likely already have physical access to a target?

Consultant

Which method of communication is unseen, unfiltered, and based on time manipulations?

Covert channel

Which of the following specialized firewall types is designed to provided data leakage prevention?

Data protection

What is another term for a VPN?

Data-encrypted tunnel

Which of the following is not a major component of the SSH protocol?

Datagram protection protocol

Which of the following is not a benefit of virtualization's hypervisor?

Deep-content inspection

Which of the following is not a threat to software and hardware VPNs?

Denial of service

Which activity differentiates a triple homed firewall from a dual homed firewall?

Deployment of traffic from the Internet to a DMZ

When a firewall breach is detected, what is the first step that should be taken?

Disable the firewall

Which of the following is a method of filtering that automatically keeps track of sessions on a limited timeout basis to allow the responses to queries to reach internal systems?

Dynamic packet filtering

Which agency was created to alert the public emergency issues with National information infrastructure?

EPIC

Which form of VPN deployment requires additional authentication for accessing resources across the VPN

Edge router

Which of the following should be done as part of router configuration?

Enable a warning banner for all attempting connections

Which of the following is the best way to treat private messages as confidential?

Encrypt the message so it stays private

Which of the following is not satisfied with a firewall policy?

Ensuring consistent filtering across the infrastructure

Which of the following is not a task completed with tunneling?

Ensuring encryption of traffic

Which of the following might a hacker launch if the other attempts are not successful?

Fall back attack

Pick two benefits of SSL/TLS over the use of IPSec VPNs (Multiple answers are correct)

Fewer firewall rules required Granular access control

Which of the following is not a core security principle?

Flexibility

Which of the following is true of IPv4 versus IPv6?

IPv4 is plaintext transmission by default

Which of the following best describes nonrepudiation?

It prevents a user from being able to deny having performed an action

What is always the most important element within a firewall rule set?

Listing inbound exceptions before outbound exceptions

What is the term for the unique address identifying hardware assigned by the manufacturer under the guidance of the FCC?

Mac address

Which of the following networks provides the most redundancy?

Mesh

Which of the following tools is a method for encapsulating IPSec ESP packets into UDP packets for passing through routers or firewalls employing NAT?

NAT-T

Which of the following tools is primarily used for network vulnerability assessments?

Netcat

Which of the following is true of network security?

Network security included elements preventing unwanted access and action

Part of troubleshooting is identifying open ports. Which of the following tools aids in scanning if ports are open or closed?

Nmap

Which of the following is an event found in a firewall log that a symptom of a rouge host operating within the private network?

Packets from an unassigned internal address

Which of the following is not one the best ways to consider security from a business perspective?

Permissions

Which of the following is not a VPN best practice?

Permit split tunneling

Which of the following firewall rule guidelines is most important?

Place universal allow rules for individual systems before universal deny rules for systems in that range

When designing the authentication for VPNs and VPN users, what should you use as the primary security guideline?

Principle of least privilege

Which security strategy is based on locking the environment down so users can perform their assigned tasks, but little else

Principle of least privilege

Which of the following is not a network security management tool or technique?

Products that won awards

Which of the following is a type of passive hub?

Punch panel

What is the first stage or step in the hacking process?

Reconnaissance

Which of the following is Not a type of attack against password use?

Recursive

Which of the following is not a benefit of virtualized SSL VPN environments?

Redundant hardware installation

Which of the following is Microsoft's free remote software for Windows server and Windows 10?

Remote desktop services

Which regulation was created to protect investors by requiring publicly traded companies to validate controls securing financial data?

Sarbanes-Oxley

What are the two most important characteristics of VPN authentication?

Scalable and Interoperable

Which feature in tunnel-mode encryption is not supported in transport-mode encryption?

The header is encrypted

Which of the following products features the ability to awaken when sent a "magic packet"?

Wake-on-LAN

Which of the following is one of the most common and easily exploited vulnerabilities on any hardware network device?

Weak default password

Which of the following is not a threat common to software and hardware VPNs?

Weak user name

Which type of communication session can be improved using caching on a firewall?

Web

Which of the following is a downside of using a workgroup for business network activities?

Workgroups do not have a central authority that controls or restricts network activity.

For what type of threat are there no current defenses?

Zero-day

Which of the following is an example of redundancy?

An uninterrupted power supply

Which of the following is commonly referred to as access control?

Authorization

Which of the following is part of a defense in depth strategy?

Avoid single points of failure

Which of the following is the term for malicious code entering the network and making sharp turn into the secure network?

Hairpinning

Which of the following best defines security through obscurity?

Hiding the network in order to secure it

Which of the following tools is not a troubleshooting tool for firewalls?

NAT

When considering deployment of and IDS or IPS, what is the biggest problem?

False negatives

Which of the following is a type of smart hub?

Firewall

When is the reverse proxy useful?

To offer external access to an internal web server

Which of the following best describes a dynamic password token?

A device that shows a random password

Which addressing class is 192.168.32.16?

Class C

Of the following VPNs, which prevents filtering of VPN traffic?

Corporate firewall

Which of the following is Not true of a logical network?

It is possible for the physical network to be a star and logical network to be a ring.

Which of the following best defines ingress filtering?

Monitoring traffic on its way into the network

Which of the following are the two distinct areas that must be protected with firewalls?

Network and transaction security

Which attack uses non-technical means to achieve results?

Social engineering

Which of the following is not part of multifactor authentication?

Something you wear

Which of the following is not a content filtering method?

Source IP address

Which of the following is the primary difference between a VPN and a LAN connection?

Speed

Which of the following best describes the concept of risk?

The likelihood that a threat will take advantage of vulnerability on the network.

Which of the following best describes the concept of hardening?

The process of securing or locking down a host through their own devices

Which of the following statements is true regarding a reverse proxy?

The reverse proxy server can act as the endpoint for a TLS tunnel

What form of encryption allows a firewall to filter based on the original source and destination address? (Assume that the firewall is located along the path between session endpoints.)

Transport mode


Conjuntos de estudio relacionados

History of ASL, American Sign Language, ASL Unit 1 Quiz, ASL 1A Final Study, ASL midterm, ASL 1 Study Guide

View Set

geometry a - unit 2: transformations and congruent triangles lessons 6-11

View Set

chapter 9 - the integumentary system PREP U

View Set

Trading Card- Civil War Project Menu.

View Set

Algebra I section 4. INEQUALITIES QUIZ COMPOUND INEQUALITIES

View Set

Turns Ratio Worksheet: Transformer Turns Ratio and Input/Output Problems, 2 primary windings, delta, wye,, Motor Drives (12+13), Vocabulary on Transformers (for Electrical Machines & Drives), Drive mechanism and Transformers, Transformer Review, Chap...

View Set

PSYC100: Chapter 7 Memory: InQuizitive

View Set

Module 4 - Application Layer & HTTP

View Set

Components of personal financial planning

View Set

Study guide 2 Spring 1 2014 [Chapter 6A]

View Set