CTC 452 Network Security and Hacking Prevention
A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.
True
A weakness of a signature-based system is that it must keep state information on a possible attack.
True
Computers on the Internet are identified primarily by their IP address.
True
The IP address 172.20.1.5 is a private IP address.
True
The TCP protocol uses a three-way handshake to create a connection.
True
The objective of a phishing attack is to entice e-mail recipients to click a bogus link where personal information can be stolen.
True
A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed.
False
All devices interpret attack signatures uniformly.
False
IPv4 and IPv6 headers are interoperable.
False
Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred.
False
Which of the following is an element of the TCP header that can indicate that a connection has been established?
Flags
Which component of IPsec enables computers to exchange keys to make an SA?
IKE
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
IPsec
Which of the following is NOT a typical IDPS component?
Internet gateway
What type of attack involves plaintext scripting that affects databases?
SQL injection
Which VPN protocol leverages Web-based applications?
SSL
What is the sequence of packets for a successful three-way handshake?
SYN, SYN ACK, ACK
What are the two standard ports used by FTP along with their function?
TCP 21 control, TCP 20 data
Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted?
Teredo tunneling
The Cisco PIX line of products is best described as which of the following?
firewall appliance
Which of the following is true about SSL?
it uses sockets to communicate between client and server
Which of the following is true about the Internet?
it was established in the mid-1960s
How does the CVE standard make network security devices and tools more effective?
they can share information about attack signatures
What are the two modes in which IPsec can be configured to run?
tunnel and transport
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?
IDPS
What is contained in ARP tables?
IP address, MAC address
What was created to address the problem of remote clients not meeting an organization's VPN security standards?
VPN quarantine
What makes IP spoofing possible for computers on the Internet?
the lack of authentication
network identifier
the part of an IP address that a computer has in common with other computers in its subnet
Which of the following is a valid IPv6 address?
1080::8:800:200C:417A
How large is the IPv6 address space?
128 bits
Which of the following addresses is a Class B IP address?
189.77.101.6
Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240
192.168.10.47
What is a suggested maximum size of a rule base?
30 rules
Which feature of a router provides traffic flow and enhances network security?
ACLs
Which of the following types of traffic does NOT travel through routers?
ARP requests
At what layer of the OSI model do proxy servers generally operate?
Application
In what type of attack are zombies usually put to use?
DDoS
Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?
Dynamic Application layer protocol analysis
Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?
NAP
In which OSI model layer will you find the OSPF protocol?
Network
Which of the following is an open standard used for authentication on Cisco routers?
RADIUS
Which type of scan has the FIN, PSH, and URG flags set?
Xmas
datagram
a discrete chunk of information; each datagram contains source and destination addresses, control settings, and data
Defense in depth can best be described as which of the following?
a layered approach to security
Network Address Translation
a process by which internal hosts are assigned private IP addresses and communicate with the Internet using a public address
Which of the following best describes a DMZ?
a subnet of publicly accessible servers placed outside the internal network
Which of the following is an improvement of TLS over SSL?
adds a hashed message authentication code
Which of the following is true about using VPNs?
can use an existing broadband connection
Which of the following is a typical drawback of a free firewall program?
cannot monitor traffic in real time
Which of the following is NOT information that a packet filter uses to determine whether to block a packet?
checksum
With which access control method do system administrators establish what information users can share?
mandatory access control
Which of the following is true about software VPNs?
more cost-effective than hardware VPNs
Of what category of attack is a DoS attack an example?
multiple-packet attack
Which of the following is an advantage of hardware firewalls?
not dependent on a conventional OS
Where is a host-based IDPS agent typically placed?
on a workstation or server
Which type of NAT is typically used on devices in the DMZ?
one-to-one NAT
Where should network management systems generally be placed?
out of band
Which of the following is a general practice for a rule base?
permit access to public servers in the DMZ
Which variation on phishing modifies the user's host file to redirect traffic?
pharming
What does a sliding window do in a TCP packet?
provides flow control
What should you consider installing if you want to inspect packets as they leave the network?
reverse firewall
Which of the following makes routing tables more efficient?
route summarization
Which of the following is NOT a critical goal of information security?
scalability
Which type of firewall configuration protects public servers by isolating them from the internal network?
screened subnet DMZ
What is a VPN typically used for?
secure remote access
What is the TCP portion of a packet called?
segment
What Cisco router command encrypts all passwords on the router?
service password-encryption
Why might you want your security system to provide nonrepudiation?
so a user can't deny sending or receiving a communication
Which term is best described as an attack that relies on the gullibility of people?
social engineering
In which type of scan does an attacker scan only ports that are commonly used by specific programs?
strobe scan
How are the two parts of an IP address determined?
subnet mask
Which of the following is NOT a category of suspicious TCP/IP packet?
suspicious CRC value
What is an advantage of the anomaly detection method?
system can detect attacks from inside the network by people with stolen accounts
Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?
use standard naming conventions
Software firewalls are usually more scalable than hardware firewalls.
False
Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?
access control
Which of the following is true about an NIDPS versus an HIDPS?
an HIDPS can detect attacks not caught by an NIDPS
Which of the following is NOT an essential element of a VPN?
authentication server
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated?
challenge/response
Which of the following is a type of VPN connection?
client-to-site
To what type of port on a Cisco router do you connect a rollover cable?
console
What uses mathematical calculations to compare routes based on some measurement of distance?
distance-vector routing protocols
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy?
employees can use instant-messaging only with external network users
Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router?
enable
What is the term used when an IDPS doesn't recognize that an attack is underway?
false negative
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
hybrid
Which of the following is NOT one of the three primary goals of information security?
impartiality
Which of the following is a reason that UDP is faster than TCP?
it doesn't guarantee delivery
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
proxy server
Under which suspicious traffic signature category would a port scan fall?
reconnaissance
What is a step you can take to harden a bastion host?
remove unnecessary services
If you see a /16 in the header of a snort rule, what does it mean?
the subnet mask is 255.255.0.0
Which of the following is true about ACLs on Cisco routers?
there is an implicit deny any statement at the end of the ACL
Which of the following is true about private IP addresses?
they are not routable on the Internet
Which of the following is true about static routes?
they are used for stub networks
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?
three-pronged firewall
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?
training period
Which of the following is a top-level digital certificate in the PKI chain?
trust anchor
scopes
unicast addresses used in IPv6 to identify the application suitable for the address