Network Security Final

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is a suggested maximum size of a rule base? 30 rules 300 rules 10 rules 100 rules

30 rules

Which two ports should packetfiltering rules address when establishing rules for Web access? 423, 88 143, 80 25, 110 80, 443

80, 443

Which of the following is NOT an ICMPv6 packet type that you should allow within your organization but never outside the organization? Time Exceeded Destination unreachable Packet Redirect Packet too big

Packet Redirect

________________ clauses exist in acceptable use policies so that companies can discipline employees whose computer activities interfere with productivity.

Penalty

Which of the following is a general practice for a rule base? -permit access to public servers in the DMZ -allow direct access from the Internet to computers behind the firewall -allow all access to the firewall -begin by blocking all traffic and end by allowing selective services

permit access to public servers in the DMZ

Which type of NAT is typically used on devices in the DMZ? - port address translation - one-to-many NAT - many-to-one NAT - one-to-one NAT

one-to-one NAT

A(n) ____________________ audit should look for accounts assigned to employees who have left the company or user group.

operational

Where should network management systems generally be placed? in the DMZ out of band in the server farm on the perimeter

out of band

A firewall can consist of all devices positioned on the network _____________.

perimeter

Which of the following is NOT among the six factors needed to create a risk analysis? consequences threats probabilities personnel profiles

personnel profiles

Which variation on phishing modifies the user's host file to redirect traffic? pharming DNS phishing spear phishing hijacking

pharming

What type of attack displays false information masquerading as legitimate data? Java applet buffer overflow phishing SQL injection

phishing

Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address? port address translation one-to-many NAT DMZ proxy translation one-to-one NAT

port address translation

What type of DNS server is authoritative for a specific domain? secondary primary initial readonly

primary

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

profiles

What should a company concerned about protecting its data warehouses and employee privacy might consider installing on the network perimeter to prevent direct connections between the internal network and the Internet? ICMP monitor VPN server proxy server router

proxy server

A DMZ is a subnet of _____________ accessible servers placed outside the internal network.

publicly

Which of the following is a network's ability to detect attacks when they occur and to evaluate the extent of damage and compromise? recovery reliability resistance recognition

recognition

By providing _________________ through backup systems, you ensure information remains accessible if primary systems go offline.

redundancy

What is a step you can take to harden a bastion host? - configure several extra accounts with complex passwords - remove unnecessary services - enable additional services to serve as honeypots - open several ports to confuse attackers

remove unnecessary services

To manage the security information from the devices in a large network, you should establish a security incident _________________ team.

response

What should you consider installing if you want to inspect packets as they leave the network? RIP router filtering proxy security workstation reverse firewall

reverse firewall

The process called _____________ analysis determines the threats an organization faces.

risk

ACLs filter packets by using a __________ base to determine whether to allow a packet to pass.

rule

Which type of firewall configuration protects public servers by isolating them from the internal network? dual-homed host reverse firewall screened subnet DMZ screening router

screened subnet DMZ

Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate? pairing tunnel internet key exchange security association

security association

Which of the following is NOT a phase in the system development life cycle? security audit needs assessment system implementation performance monitoring

security audit

The process of testing a network defense system is referred to as which of the following? change management security auditing IDPS evaluation distributed data collection

security auditing

Each IDPS has _____________ that gather data passing through the gateway.

sensors

T/F: A weakness of a signaturebased system is that it must keep state information on a possible attack.

True

T/F: An IDPS must have enough memory to maintain connection state information.

True

T/F: An operational audit looks for accounts that have weak or blank passwords.

True

T/F: Another name for a VPN connection is tunnel.

True

T/F: Change management should be used before making changes to firewall or IDPS rules that affect users.

True

T/F: Hardware VPNs create a gatewaytogateway VPN.

True

T/F: IPsec has become the standard set of protocols for VPN security.

True

T/F: One of the events you should continually monitor is logins.

True

T/F: SQL injection attacks are isolated to custom applications, so administrators can prevent them.

True

T/F: The first phase of the system development life cycle is needs assessment.

True

Which of the following defines how employees should use the organization's computing resources? Acceptable Use Policy Email and Spam Policy Network and Internet Policy Computing and Resource Policy

Acceptable Use Policy

The _______________ Web Server is the most widely used Web server application.

Apache

At what layer of the OSI model do proxy servers generally operate? Network Application Session Transport

Application

____________ are networks of zombie computers that magnify the scope and intensity of an attack.

Botnets

_______________ management involves modifying equipment, systems, software, or procedures in a sequential, planned way.

Change

The Cisco PIX line of products is best described as which of the following? firewall appliance software firewall VPN gateway PC with firewall installed

firewall appliance

Search warrants and subpoenas were developed in response to the _____________ Amendment which protects U.S. residents against illegal search and seizure.

fourth

The ACK flag is normally sent at the end of the threeway ______________ to indicate that a connection is established.

handshake

In what type of attack are zombies usually put to use? virus buffer overrun spoofing DDoS

DDoS

The rule base should permit access to public servers in the _________ and enable users to access the Internet.

DMZ

What service uses UDP port 53? ICMP SMTP DNS TFTP

DNS

_______________________ is a nameresolution service that translates domain names to IP addresses.

DNS

The goal of _____________ is to provide authentication of DNS data and ensure integrity of DNS data.

DNSSEC

Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports? -IP packet reassembly -Traffic rate monitoring -Protocol state tracking -Dynamic Application Layer protocol analysis

Dynamic Application Layer protocol analysis

While the AH ensures data integrity, confidentiality of data is provided by the __________ component of IPsec.

ESP

_________ procedures are a set of actions that are spelled out in the security policy and followed if the IDPS detects a true positive.

Escalation

What type of attack are stateless packet filters particularly vulnerable to? -attempts to connect to ports above 1023 -attempts to connect to ports below 1023 -IP spoofing attacks -attempts to connect to the firewall

IP spoofing attacks

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet? L2TP PPTP SSL IPsec

IPsec

T/F: A dualhomed host has a single NIC with two MAC addresses.

False

T/F: An IDPS consists of a single device that you install between your firewall and the Internet.

False

T/F: Generally, connections to instantmessaging ports are harmless and should be allowed.

False

T/F: If you use Windows RRAS for your VPN, you will need a thirdparty RADIUS server if you want to use RADIUS for authentication.

False

T/F: Most IDPSs use random ports to transfer security data, thereby making it difficult for attackers to exploit.

False

T/F: Network protection is something you should implement initially and then only make changes if there is a serious security breach.

False

T/F: Since ICMP messages use authentication, maninthemiddle attacks cannot be successful.

False

T/F: Software firewalls are usually more scalable than hardware firewalls.

False

T/F: Standards and protocols used in VPNs are in their infancy and seldom used.

False

T/F: Stateless packet filtering keeps a record of connections that a host computer has made with other computers.

False

T/F: The TCP normalization feature forwards abnormal packets to an administrator for further inspection.

False

T/F: The first step in SNA is the survivability analysis.

False

T/F: The people that manage security for the organization should not be same people that conduct risk analysis.

False

T/F: The term Internet and World Wide Web are different terms that mean the same thing.

False

T/F: Windows Basic Authentication requires that users enter a username and password and the password is transmitted using a hashing algorithm.

False

Which of the following is NOT a typical IDPS component? -Internet gateway -database server -command console -network sensors

Internet Gateway

Which of the following is a disadvantage of putting the VPN on a firewall? -Internet and VPN traffic compete for resources -VPN and firewall use the same configuration tools -more configuration mistakes -centralized control of network access security

Internet and VPN traffic compete for resources

A _______________ applet is a small program sometimes used as embedded code in Web pages.

JAVA

Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication? SSL IPsec L2TP PPTP

L2TP

Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data? POP NAP NSF ISP

NAP

Which element of a rule base conceals internal names and IP addresses from users outside the network? tracking NAT QoS filtering

NAT

____________________ risk is the amount of risk left over after countermeasures are implemented.

Residual

Which of the following is NOT a step in threat and risk assessment? Asset definition Resolution Threat assessment Recommendation

Resolution

___________ direct network traffic to its destination on the Internet using tables and protocols.

Routers

What type of attack involves plaintext scripting that affects databases? SQL injection ActiveX control Java applet phishing

SQL injection

Which VPN protocol leverages Webbased applications? L2TP PPTP SSL IPsec

SSL

Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted? Teredo tunneling SMTP/S tunneling IPsec tunneling ICMPv6 encapsulation

Teredo tunneling

What are the two standard ports used by FTP along with their function? TCP 21 control, TCP 20 data UDP 23 control, TCP 20 data UDP 20 data, TCP 21 control TCP 23 data, TCP 21 control

TCP 21 control, TCP 20 data

T/F: A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

True

T/F: A screened host has a router as part of the configuration.

True

What was created to address the problem of remote clients not meeting an organization's VPN security standards? split tunneling VPN quarantine IPsec filters GRE isolation

VPN quarantine

TLS splits the input data in half and recombines it using a(n) ___________ function.

XOR

Which of the following best describes a bastion host? -a computer running only embedded firmware -a computer on the perimeter network that is highly protected -a computer running a standard OS that also has proxy software installed -a host with two or more network interfaces

a computer on the perimeter network that is highly protected

How much space is typically needed to store IDPS data? at least a terabyte a gigabyte or more a few hundred Kilobytes a few hundred gigabytes

a gigabyte or more

Which of the following best describes a DMZ? -a subnet of publicly accessible servers placed outside the internal network -a proxy server farm used to protect the identity of internal servers -a private subnet that is inaccessible to both the Internet and the company network -a network of computers configured with robust firewall software

a subnet of publicly accessible servers placed outside the internal network

Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address? authentication access control NTFS permissions data confidentiality

access control

Which of the following is NOT a type of event that you would normally monitor? -access to shared folders -antivirus scanning -user account creation email -attachment handling

access to shared folders

Which of the following is an improvement of TLS over SSL? -uses a single hashing algorithm for all the data -requires less processing power -uses only asymmetric encryption -adds a hashed message authentication code

adds a hashed message authentication code

Which of the following is true about an NIDPS versus an HIDPS? -an HIDPS can detect intrusion attempts on the entire network -an NIDPS can compare audit log records -an HIDPS can detect attacks not caught by an NIDPS -an NIDPS can determine if a host attack was successful

an HIDPS can detect attacks not caught by an NIDPS

Which of the following best describes a Monte Carlo simulation? -an analytical method that simulates a reallife system for risk analysis -a procedural system that simulates a catastrophe -a formula that estimates the cost of countermeasures -a technique for simulating an attack on a system

an analytical method that simulates a reallife system for risk analysis

What feature of the 13 DNS root servers enables any group of servers to act as a root server? broadcast addressing anycast addressing multicast addressing unicast addressing

anycast addressing

A primary goal of proxy servers is to provide security at the _______________ layer.

application

SNA starts with the assumption that a system or network will be ________________.

attacked

The process of reviewing records of network computer activity is called which of the following? monitoring archiving auditing recording

auditing

Which of the following is NOT an essential element of a VPN? tunnel authentication server VPN server VPN client

authentication server

Which of the following is NOT a primary detection methodology? anomaly detection signature detection baseline detection stateful protocol analysis

baseline detection

What type of attack exploits a lack of bounds checking on the size of data stored in an array? SQL injection phishing ActiveX control buffer overflow

buffer overflow

DNS _____________ poisoning steers unsuspecting victims to a server of the attacker's choice instead of the intended Web site.

cache

Which of the following is true about using VPNs? -more expensive than leased lines -usually higher performance than leased lines -can use an existing broadband connection -not dependent on an ISP

can use an existing broadband connection

Which of the following is a typical drawback of a free firewall program? -oversimplified configuration -cannot monitor traffic in real time -more expensive than hardware firewalls -have centralized management

cannot monitor traffic in real time

Which type of change does NOT typically require the use of change management procedures? -new password systems or procedures -changes to ACLs -new VPN gateways -changing a manager's permissions to a file

changing a manager's permissions to a file

Which of the following is a type of VPN connection? server-to-client site-to-server client-to-site remote gateway

client-to-site

Which of the following is an IDPS security best practice? -communication between IDPS components should be encrypted -all sensors should be assigned IP addresses -to prevent false positives, only test the IDPS at initial configuration -log files for HIDPSs should be kept local

communication between IDPS components should be encrypted

Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets. TCP flags data patterns IP address ports

data patterns

One way to consolidate the data from several network and security devices is to transfer the information to a central _______________.

database

With ___________________ data collection, data from security devices goes to a management console on its own local network.

distributed

Which of the following is an advantage of a signaturebased detection system? -each signature is assigned a number and name -the definition of what constitutes normal traffic changes -the IDPS must be trained for weeks -it is based on profiles the administrator creates

each signature is assigned a number and name

Which activity performed by VPNs encloses a packet within another packet? address translation authentication encapsulation encryption

encapsulation

Network gateways are ____________ of the VPN connection.

endpoints

What is a critical step you should take on the OS you choose for a bastion host? -make sure it is the latest OS version -ensure all security patches are installed -choose an obscure OS with which attackers are unfamiliar -customize the OS for bastion operation

ensure all security patches are installed

You should review the logs and alerts created by your security devices, a process called _________ monitoring.

event

The Internet Key ______________ protocol enables computers to make an SA.

exchange

An extranet is a backup network that you can use if the main network fails.

false

Once written, a security policy should not be altered so that you can maintain consistency.

false

Which of the following is considered a problem with a passive, signature based system? profile updating custom rules signature training false positives

false positives

Which is best defined as the ability of a system to continue operations despite a failure? adaptation and evolution survivability analysis reliability audit fault tolerance

fault tolerance

Which of the following is NOT true about a hardware VPN? -have more security vulnerabilities than software VPNs -can handle more traffic than software VPNs -should be the first choice for fastgrowing networks -create a gatewaytogateway VPN

have more security vulnerabilities than software VPNs

Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance? -signature -anomaly -brute force -heuristic

heuristic

What is the term used for a computer placed on the network perimeter that is meant to attract attackers? honeypot virtual server bastion host proxy decoy

honeypot

In a screened ____________ setup, a router is added between the host and the Internet to carry out IP packet filtering.

host

Which of the following best describes ROI? -how long before an investment will pay for itself -the chance that a threat will result in lost money -the benefits of setting security priorities -the cost of mitigating a threat

how long before an investment will pay for itself

Which of the following is NOT a network defense function found in intrusion detection and prevention systems? -prevention -identification -response -detection

identification

What is considered the 'cleanup rule' on a Cisco router? implicit allow explicit allow all implicit deny all explicit prompt

implicit deny all

The portion of a security policy that describes who responds when there has been a security breach is called the ______________ response section.

incident

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content? -passive only -online only -inline only -active only

inline only

Which of the following is considered an asset? disgruntled employee hacker unpatched Web server intellectual property

intellectual property

Why is a bastion host the system most likely to be attacked? -it has weak security -it contains company documents -it is available to external users -it contains the default administrator account

it is available to external users

Which of the following is true about a screening router? -it can stop attacks from spoofed addresses -it maintains a state table to determine connection information -it examines the data in the packet to make filtering decisions -it should be combined with a firewall for better security

it should be combined with a firewall for better security

Which of the following is true about SSL? -it operates at the Data Link layer -it uses sockets to communicate between client and server -it uses sharedkey encryption only -it uses IPsec to provide authentication

it uses sockets to communicate between client and server

Which of the following is true about the Internet? -it was originally built on an extended star topology -it is the same as the World Wide Web -it was established in the mid1960s -it was developed by a network of banks and businesses

it was established in the mid1960s

Which of the following is a benefit of using centralized data collection to manage sensor data? data stays on the local network less network traffic less administrative time must use a VPN to transport data

less administrative time

Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power. traffic distribution filter server pooling software priority server farm loadbalancing software

loadbalancing software

An IDPS __________________ server is the central repository for sensor and agent data.

management

Which of the following is NOT typically an aspect of a security event management program? monitoring events managing change managing data from sensors managing IDPS firmware

managing IDPS firmware

Which of the following is a disadvantage of using a proxy server? - can't filter based on packet content - slows Web page access - shields internal host IP addresses - may require client configuration

may require client configuration

Which of the following is true about an HIDPS? -tracks misuse by external users -monitors OS and application logs -sniffs packets as they enter the network -centralized configurations affect host performance

monitors OS and application logs

The ________________ command reviews the current connections and reports which ports a server is listening to.

netstat

What should an outside auditing firm be asked to sign before conducting a security audit? search and seizure contract social engineering covenant subpoena nondisclosure agreement

nondisclosure agreement

Which of the following is NOT a factor a secure VPN design should address? authentication encryption nonrepudiation performance

nonrepudiation

Which of the following is an advantage of hardware firewalls? -not dependent on a conventional OS -not scalable compared to software firewalls -easy to patch -less expensive than software firewalls

not dependent on a conventional OS

Where is a hostbased IDPS agent typically placed? -on a workstation or server -between two subnets -at Internet gateways -between remote users and internal network

on a workstation or server

Which of the following is true about a dualhomed host? - its main objective is to stop worms and viruses - serves as a single point of entry to the network - uses a single NIC to manage two network connections - it is used as a remote access server in some configurations

serves as a single point of entry to the network

In a _________ based detection system, the IDPS can begin working immediately after installation.

signature

You monitor and evaluate network traffic to gather evidence that indicates whether your IDPS _________________ are working well or need to be updated.

signatures

Which of the following is described as the combination of an IP address and a port number? portal datagram subnet socket

socket

What type of DNS configuration prevents internal zone information from being stored on an Internetaccessible server? anti-phishing DNS read-only zone split-DNS architecture caching DNS zone

split-DNS architecture

The lack of authentication for computers on the Internet make IP _____________ possible, which is a change in the IP addresses in the headers of malicious packets.

spoofing

Which VPN topology is also known as a hubandspoke configuration? bus partial mesh star full mesh

star

What is an advantage of the anomaly detection method? -easy to understand and less difficult to configure than a signaturebased system -after installation, the IDPS is trained for several days or weeks -system can detect attacks from inside the network by people with stolen accounts -makes use of signatures of wellknown attacks

system can detect attacks from inside the network by people with stolen accounts

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

tap

Which best defines residual risk? -a vulnerability for which the risk has been reduced to zero -risk that occurs as a result of new vulnerabilities -the amount of risk remaining after countermeasures are implemented -the cost of implementing solutions to an assessed risk

the amount of risk remaining after countermeasures are implemented

What makes IP spoofing possible for computers on the Internet? the lack of authentication the 32bit address space network address translation the DNS hierarchy

the lack of authentication

If you see a /16 in the header of a snort rule, what does it mean? -a maximum of 16 log entries should be kept -the size of the log file is 16 MB -the detected signature is 16 bits in length -the subnet mask is 255.255.0.0

the subnet mask is 255.255.0.0

Which of the following is true about private IP addresses? -they are not routable on the Internet -NAT was designed to conserve them -they are assigned by the IANA -they are targeted by attackers

they are not routable on the Internet

What do you call a firewall that is connected to the Internet, the internal network, and the DMZ? three-pronged firewall multi-zone host three-way packet filter multi-homed proxy

three-pronged firewall

Groups known as ______________ teams are assembled to actively test a network.

tiger

Why might you want to allow extra time for setting up the database in an anomalybased system? - the installation procedure is usually complex and time consuming - to add your own custom rule base - to allow a baseline of data to be compiled - it requires special hardware that must be custom built

to allow a baseline of data to be compiled

Which of the following is a security-related reason for monitoring and evaluating network traffic? -to create substantial data to analyze -to see how many files employees download form the Internet -to determine if your IDPS signatures are working well -to optimize your router and switch protocols

to determine if your IDPS signatures are working well

Which of the following shows how devices are connected and includes an IP allocation register? security policy hardware inventory topology map asset table

topology map

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following? -baseline scanning -traffic normalizing -training period -profile monitoring

training period

Which of the following is a toplevel digital certificate in the PKI chain? security-aware resolver DNSSEC resolver RRSIG record trust anchor

trust anchor

VPNs create a _____________ to transport information through public communications media.

tunnel

What are the two modes in which IPsec can be configured to run? header and payload client and server tunnel and transport transit and gateway

tunnel and transport

What is a zone transfer? -updating a secondary DNS server -backing up an SQL data file -copying host file data to another system

updating a secondary DNS server

Which of the following is NOT a recommended security setting for Apache Web servers? -harden the underlying OS -use the default standard Web page error messages -create Web groups -disable HTTP traces

use the default standard Web page error messages

Which IDPS customization option is a list of entities known to be harmless? whitelists thresholds alert settings blacklists

whitelists


Kaugnay na mga set ng pag-aaral

Cardiovascular Hypertension Chp 32

View Set

1. P1L1-Chapter1- Security Mindset - Practice Test - Midterm1

View Set

Superlativo Assoluto (ITA 2): alcune forme di comparativi e superlativi irregolari degli aggettivi (forme organiche)

View Set

Career Exploration Final Exam Study Guide

View Set