CC6003 Digital Crime Investigation quiz 6

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following devices should you use to keep machines behind it anonymous? (Select the best answer.) A. Caching proxy B. IP proxy C. Circuit-level gateway D. Firewall

B. IP proxy secures a network by keeping the computers behind it anonymous. Caching proxies store HTTP or other information so that clients don't have to actually contact a remote server. Circuit-level gateways apply security mechanisms when connections are established; they are a type of filtering. Firewalls protects the LAN, and although some firewall devices include an IP proxy, they won't necessarily do so.

James has detected an intrusion in his company. What should he check first? A. DNS logs B. Firewall logs C. Event Viewer D. Performance logs

B. If there were an intrusion, the first thing you should check are the firewall logs. DNS logs in the event viewer and the performance logs will most likely not show intrusions to the company. The best place to look first is the firewall logs.

Which type of firewall filter can match incoming traffic to the corresponding outbound IP address connection by way of IP address and port? A. Packet filtering B. NAT filtering C. Application-level gateway D. Circuit-level gateway

B. NAT filtering matches incoming traffic to the corresponding outbound IP address connection. Packet filtering inspects each packet passing through the firewall and accepts or rejects it based on rules. Application-level gateways apply security mechanisms to specific applications. Circuit-level gateways apply security mechanisms whenever TCP or UDP connections are established.

Which of the following should be your primary line of defense? A. Proxy server B. NIPS C. Firewall D. Protocol analyzer

C. Firewalls should be your primary line of defense. Although intrusion detection/prevention systems are important, a firewall should be installed first. Proxy servers can also help to protect computers on the LAN and should be considered. Protocol analyzers investigate packets that are sent across the network.

Which of the following should be used to filter out activities such as instant messaging? A. IP proxy B. Application-level gateway C. Internet content filter D. Honeypot

C. Internet content filters are used to filter out activities such as instant messaging, email, and websites accessed. IP proxies are used to secure networks by keeping the computers behind it anonymous. Application-level gateways apply security mechanisms to specific applications. Honeypots are used to attract and trap potential attackers.

Which of the following can detect malicious packets and discard them? A. Proxy server B. NIDS C. NIPS D. PAT

C. NIPS, or a network intrusion prevention system, can detect and discard malicious packets. A NIDS only detects them and alerts the administrator. A proxy server acts as a go-between for clients sending data to systems on the Internet. PAT is a port-based address translation.

What are Snort and Bro examples of? A. Firewalls B. Proxy servers C. IDS D. SPI

C. Snort and Bro are examples of IDS.

Honeynets are one or more computers or servers used to counteract attempts at unauthorized access to a network.

True—A honeynet is one or more computers, servers, or an area of a network; these are used when a single honeypot is not sufficient to trap potential attackers.

Circuit level gateways work at the Session Layer of the OSI model.

True—Circuit level gateways do work at the Session Layer of the OSI model and apply security mechanisms whenever TCP or UDP connections are established.

. A firewall can use NAT and packet filters.

True—Firewalls can use packet filtering, NAT filtering, application level gateways, and circuit level gateways.

An IP proxy can be the victim of denial-of-service attacks.

True—IP proxies can indeed be the victim of denial-of-service attacks and should be monitored periodically and updated regularly.

NAT filtering matches incoming traffic to corresponding outbound IP connections by matching the IP address and port.

True—NAT filtering matches incoming and outgoing traffic by way of IP addresses and port numbers.

A stateless packet filter is vulnerable to IP spoofing attacks.

True—Stateless packet filters are vulnerable to IP spoofing attacks. Firewalls running stateful packet inspection are not vulnerable because they keep track of the state of network connections.

A honeypot is a device that caches information for hackers.

False—Honeypots are usually single computers that are used to attract and trap potential attackers. Normally, you would not cache information for a hacker, but you would cache information for legitimate users by way of a caching proxy.

An IP proxy serves client requests by caching HTTP information.

False—IP proxies secure networks by keeping the machines behind it anonymous. Caching proxies serve client requests such as caching hypertext information among other types of information.

NAT filtering accepts or rejects packets based on rules.

False—NAT filtering filters traffic according to ports such as TCP or UDP. A firewall that incorporates packet filtering inspects each packet passing through the firewall and accepts or rejects it based on rules.

Which of the following are examples of protocol analyzers? (Select the two best answers.) A. Wireshark B. HTTP proxy C. NAT filter D. Network Monitor

A and D. Wireshark and Network Monitor are examples of protocol analyzers. HTTP proxies cache information for client computers. NAT filtering is a type of filtering that firewalls can accomplish if configured.

Where would a NIDS sit on a network? (Select the best answer.) A. Inline B. On the extranet C. On the DMZ D. Back to back

A. A NIDS normally sits inline on the network. It could be before or after the firewall but more commonly is on the side closer to the Internet. Although it is possible to put a NIDS on the extranet or on a DMZ, it is far less common. Back to back is a phrase used when an organization implements to firewalls.

A client computer uses the IP address 10.254.254.189. It has made a connection to a web server by opening the outbound port 1589. The server uses the IP address 65.19.28.154. You want to filter out any HTTP packets coming from the server. Which IP address and port should you specify to be filtered on the firewall? A. 10.254.254.189:1589 B. 10.254.254.189:80 C. 65.19.28.154: 1589 D. 65.19.28.154:80

D. You should filter the packets coming from the server's IP and its inbound port: 65.19.28.154:80. It would be difficult to filter Port 1589 because this port is assigned dynamically to the outbound connection of the client computer; it will change every time a new session starts. The client computer should not use Port 80 because it is not the computer acting as a web server. The web server will most likely not use Port 1589. The connection from the client computer on outbound Port 1589 is made to the web server on inbound Port 80.

A NIDS can inspect traffic and possibly remove, detain, or redirect malicious traffic.

False—A NIDS attempts to detect malicious network activities by monitoring network traffic and alerts the administrator in the case that it finds any. A NIPS can inspect traffic and remove, detain, or redirect that traffic.


Kaugnay na mga set ng pag-aaral

HESI A2 MATH ON THE EXAM**, HESI A2 Math Questions, Hesi A2 V2 Math, HESI master sophia Ae

View Set

Chapter 1: Introduction to Organizational Management and Leadership

View Set

Chapter 2 - Nature of Insurance, Risk, Perils and Hazards

View Set

Anatomy: Bones of Lower Extremity

View Set

LIFESPAN DEVELOPMENT FINAL EXAM REVIEW

View Set

GLG 201 FINAL (all previous exams)

View Set

Chapter 7 - Cross-Cultural Communication and Negotiation

View Set