C700 Part Two A: (5,6,7)Technical Overview of Network Security, Firewalls, and VPNs
The best network security management tools include all of the following except: A Complete inventory of equipment B Written security policy C Expensive commercial products D Logical organization map E Change documentation
C
The most important configuration element related to a firewall's management interface is: A Access over wireless is prevented. B Access through a network interface is enabled. C Access is encrypted. D Access through a CON port is allowed. E Physical access to the device is controlled.
C
The purpose of a security checklist is: A To keep an inventory of equipment in the event of a disaster B To create a shopping list for replacement parts C To ensure that all security elements are still effective D To complete the security documentation for the organization E To assess the completeness of the infrastructure
C
What form of encryption allows a firewall to filter based on the original source and destination address? (Assume the firewall is located along the path between session endpoints.) A Tunnel mode B VPN remote access encryption C Transport mode D VPN LAN-to-LAN encryption E Header encryption Item List Clickable
C
What is a primary benefit of system hardening? A It reduces user performance. B It increases network throughput. C It decreases the attack surface. D It improves host ROI. E It tracks attempted intrusions.
C
What is the biggest issue or problem with an IDS? A False positives B Failing to operate at wirespeed C False negatives D Keeping the pattern database current E Using anomaly detection
C
What is the essential purpose or function of encryption? A Verifying integrity B Proving the identity of endpoints C Protecting content from unauthorized third parties D Maintaining performance E Validating parking
C
All of the following are elements of an effective network security installation except: A Backup and restoration B User training and awareness C Compliance auditing D Security checklist E Unplanned downtime
E
All of the following are elements of network design except: A Satisfying security goals B Understanding of the seven domains of IT infrastructure C Implementing multiple layers of defense D Thorough research and planning E Utilizing a single vendor
E
All of the following are examples of network security management best practices except: A Using multifactor authentication B Backing up C HavBacking up a business continuity plan D Prioritizing E Spending each year's budget in full
E
All of the following avenues of accessing a firewall's management interface should be limited, restricted, or disabled except: A Wireless B Telnet C Public facing NIC interface D Port 80 Web E Private network NIC interface
E
All of the following events appearing in a firewall log warrant investigation by an administrator except: A Firewall host reboot B A connection attempt to the firewall host C Detection of an attack attempt D Inbound packets with spoofed internal source addresses E An internal user accessing a public Web site
E
Incident response is the planned reaction to negative situations or events. Which of the following is not a common step or phase in an incident response?A Containment B Recovery C Eradication D Detection E Assessment
E
System hardening should be applied to all of the following except: A Clients B Servers C Switches D Routers E Cable adapters
E
The performance of what type of communication session can be improved using caching on a firewall? A Instant messaging B Remote access C E-mail D Time synchronization E Web
E
When an organization first deploys a firewall and chooses to begin logging activity, what should you include in the log file? A Only malicious traffic B Only DoS traffic C Only dropped packets D Only allowed packets E All events
E
Which of the following cannot be performed adequately using an automated tool?A Checking for current patches B Confirming configuration settings C Vulnerability assessment D Scanning for known weaknesses E Ethical hacking
E
Which of the following is a true statement with regard to compliance auditing?A Compliance auditing is a legally mandated task for every organization. B Compliance auditing ensures that all best practices are followed. C Compliance auditing creates a security policy. D Compliance auditing is an optional function for the financial and medical industries. E Compliance auditing verifies that industry specific regulations and laws are followed.
E
Which of the following is not a potential hazard when installing patches or updates? A Resetting configuration back to factory defaults B Reducing security C Bricking the device D Installing untested code E Improving resiliency against exploits
E
Which of the following limitations or potential weaknesses of a firewall cannot be fixed or corrected with the application of an update or patch? A Programming bug or flaw B Firewalking C Buffer overflow vulnerability D Fragmentation E Denial of service due to traffic from external sources
E
Which of the following types of security components are important to install on all hosts? A Firewall B Antivirus C Whole hard drive encryption D Spyware defenses E All of these
E
The purpose of a post-mortem assessment review is to learn from mistakes, improve the process in future events, and avoid a recurrence of the same mistakes.
T
When a firewall is able to process packets, filter malicious code, and transmit authorized communications onward to their destination without introducing latency or lag, this is known as operating at
Wirespeed
How can static addresses be simulated with DHCP? A Round robin assignment B Manual configuration on each host C Duplicate MAC addresses D Reservations E DNS reverse lookup
D
A complete and comprehensive security approach needs to address or perform two main functions. The first is to secure assets and the second is: A Watch for violation attempts. B Prevent downtime. C Verify identity. D Control access to resources. E Design the infrastructure based on the organization's mission.
A
All of the following are true statements about system hardening except: A System hardening is a one-time process that does not need to be repeated on the same host. B System hardening removes or reduces many known vulnerabilities. C System hardening is different for each system with a unique function. D System hardening is dependent on the location or placement of a host within the seven common domains of an IT infrastructure. E Any system discovered to be out of compliance with system hardening guidelines should be quarantined until it can be repaired.
A
The task of compartmentalization is focused on assisting with what overarching security concern? A Limiting damage caused by intruders B Filtering traffic based on volume C Controlling access based on location D Supporting transactions through utilization E Assessing security
A
What is the essential purpose or function of authorization? A Granting or denying access to resources B Checking policy compliance C Identifying entities D Monitoring levels of utilization E Detecting spoofed content
A
What is the key factor that determines how valuable and relevant a vulnerability assessment's report is? A Timeliness of the database B Whether the product is open sourced C The platform hosting the scanning engine D The time of day the scan is performed E The available bandwidth on the network
A
When configuring node security on a switch, all of the following are important elements except: A Enabling keystroke logging B Limiting access to management interfaces C Monitoring for ARP flooding D Upgrading to SNMP v3 E Using a final version of firmware
A
Which of the following is a benefit of private addressing that is not present in public addressing? A Isolation from the Internet B Subnetting C Use of IPv6 D Routing traffic E Filtering by source and designation address
A
Which of the following is a default-deny rule? A TCP ANY ANY ANY ANY Deny B TCP 192.168.42.0/24 ANY ANY ANY Deny C TCP ANY 192.168.42.0/24 ANY ANY Deny D TCP ANY ANY 192.168.42.0/24 ANY Deny E DENY TCP ANY ANY ANY ANY
A
Which of the following is not related to improving or maintaining the performance of a firewall? A Native antivirus scanning B Round-robin task assignment C Caching D Fair queuing session management E Load balancing
A
Why would a network implement public addresses internally instead of private addresses? A To avoid the use of NAT B To be able to custom subnet C To maintain isolation from the Internet D To prevent external initiation of communications with internal hosts E To reduce costs
A
A remote host has all of the following additional security issues or concerns in comparison with a local host except: A Potential exposure to unfiltered Internet B Poor end user training C Greater risk of physical theft D Possible lack of patches and updates E Additional interaction with external entities
B
All of the following are common mistakes or security problems that should be addressed in awareness training except:A Opening e-mail attachments from unknown sources B Using resources from other subnets of which the host is not a member C Installing unapproved software on work computers D Failing to make backups of personal data E Walking away from a computer while still logged in
B
All of the following are elements of system hardening except: A Removing unnecessary protocols, services, and applications B Implement ingress and egress filtering against spoofed addresses C Installing patches and updates D Configuring encryption for storage and communication E Installing antivirus and a host firewall
B
All of the following are examples of network security management best practices except:A Avoiding remote access B Purchasing equipment from a single vendor C Using whole hard drive encryption D Implementing IPSec E Hardening internal and border devices
B
Which of the following is a firewall rule that prevents internal users from accessing public FTP sites? A TCP ANY ANY ANY FTP Deny B TCP 192.168.42.0/24 ANY ANY 21 Deny C TCP 21 192.168.42.0/24 ANY ANY Deny D TCP ANY ANY 192.168.42.0/24 21 Deny E TCP FTP ANY ANY Deny
B
Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network? A Packets from a known malicious address B Packets from an unassigned internal address C Packets to an unknown port on an internal host D Packets in a serial grouping that attempt to access a sequential series of ports E Packets in a very large grouping that are all exactly the same directed toward a single target
B
Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats? A Configuration scan B Compliance audit C Vulnerability assessment D Ethical hacking E Penetration testing
B
Which of the following is not usually part of the system hardening process? A Updating hardware firmware or BIOS B Installing additional RAM C Configuring a backup process D Configuring account lockout E Replacing outdated device drivers
B
A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as:A Default permit B Explicit deny C Fail-close D Egress filtering E Security through obscurity
C
What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging? A Load balanced filtering B Port based network access (admission) control C Unified threat management D Multifactor authentication E IEEE 802.1x
C
What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales? A Does the enhanced firewall cost the same or less than separate products? B Does the enhancement affect the operating speed of the firewall? C Does the enhancement operate as well as or better than the original firewall? D Does the enhancement require the purchase of a new firewall, or can it be added to existing products already deployed? E Does the enhancement have a reoccurring license or subscription fee?
C
What mechanism allows a firewall to hand off authentication to a dedicated service hosted on a different system? A IEEE 802.11 B RFC 1918 C IEEE 802.1x D RFC 1492 E IEE 802.3
C
When performing node security on a router, all of the following are important concerns, except: A Blocking all directed IP broadcasts B Disabling echo, chargen, discard, and daytime C Watching for MAC spoofing D Dropping RFC 1918 addressed packets from the Internet E Enabling a warning banner for all attempted connections
C
Which IT infrastructure domain does not require firewalls to be included as part of its network design? A Workstation Domain B LAN Domain C User Domain D Remote Access Domain E System/Application Domain
C
Which of the following is not a limitation or potential weakness of a firewall? A Firewalking B Software bugs or flaws C Using first match apply rule systems D Fragmentation attacks E Internal code connecting to an external service
C
Which of the following is not an important factor when included as part of network design? A Usability B Capacity C Obscurity D Growth E Defense in depth
C
All of the following are examples of network security management best practices except: A Writing a security policy B Obtaining senior management endorsement C Filtering Internet connectivity D Providing fast response time to customers E Implementing defense in depth
D
The default-deny rule appears where in the rule set? A First B After any explicit Allow rules C Anywhere D Last E After any explicit Deny rules
D
The purpose of physical security access control is to:A Grant access to external entities. B Prevent external attacks from coming through the firewall. C Provide teachable scenarios for training. D Limit interaction between people and devices. E Protect against authorized communications over external devices.
D
What is the essential purpose or function of accounting? A Detecting intrusions B Proving identity C Controlling access to assets D Recording the activities and events within a system E Throttling transactions
D
What is the essential purpose or function of authentication? A Controlling access to resources B Monitoring for security compliance C Watching levels of performance D Verifying entity identity E Preventing distribution of malware
D
What is the only protection against data loss? A Integrity checking B Encryption C Traffic filtering D Backup and recovery E Auditing
D
What is the primary purpose of a post-mortem assessment review? A Reducing costs B Adding new tools and resources C Placing blame on an individual D Learning from mistakes E Extending the length of time consumed by a task
D
Which of the following is a flaw or weakness that both static and dynamic addressing share? A The assignment server can go offline. B Changes require manual modification on each host. C Public queries will fail. D Hackers can spoof valid addresses. E The first half of the address identifies the NIC vendor.
D
Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted? A Storing them in binary form B Using 15,000 RPM hard drives C Recording only important events D Centralized logging E Using timestamps
D
Which of the following is a protection against a single point of failure? A Encryption B Filtering C Auditing D Redundancy E VPNs
D
You can use firewall logging to perform all of the following activities except: A Discovering new methods or techniques of attack B Creating a historical record of activity used for traffic and trend analysis C Tracking usage levels and times for load balancing D Stopping intrusions E Creating legally admissible evidence for use in prosecution
D
Personal bias, tradition, and sunk cost should always guide your security design decisions. If it isn't broken, don't fix it. True or False?
F
Vulnerability scanning focuses on mitigating known exploitable weaknesses or vulnerabilities in deployed systems. True or False?
F