Chapter 10 and 9
Which of the following is described as the combination of an IP address and a port number?
socket
What type of ICMP packet can an attacker use to send traffic to a computer they control outside the protected network?
Redirect
Which element of a rule base conceals internal names and IP addresses from users outside the network?
NAT
Which of the following is NOT an ICMPv6 packet type that you should allow within your organization but never outside the organization?
Packet Redirect
Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets.
data patterns
The ACK flag is normally sent at the end of the three-way ______________ to indicate that a connection is established.
handshake
You can ______________ a bastion host by removing unnecessary accounts and services.
harden
Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power.
load-balancing software
Which of the following is a disadvantage of using a proxy server?
may require client configuration
Which of the following is an advantage of hardware firewalls?
not dependent on a conventional OS
Which type of NAT is typically used on devices in the DMZ?
one-to-one NAT
Where should network management systems generally be placed?
out of band
Which of the following is a general practice for a rule base?
permit access to public servers in the DMZ
Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address?
port address translation
What should a company concerned about protecting its data warehouses and employee privacy might consider installing on the network perimeter to prevent direct connections between the internal network and the Internet?
proxy server
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
proxy server
A DMZ is a subnet of _____________ accessible servers placed outside the internal network.
publicly
What is a step you can take to harden a bastion host?
remove unnecessary services
What should you consider installing if you want to inspect packets as they leave the network?
reverse firewall
ACLs filter packets by using a __________ base to determine whether to allow a packet to pass.
rule
Which type of firewall configuration protects public servers by isolating them from the internal network?
screened subnet DMZ
A _______________ router determines whether to allow or deny packets based on their source and destination IP addresses.
screening
Which of the following is true about a dual-homed host?
serves as a single point of entry to the network
A dual-homed host has a single NIC with two MAC addresses. (True or False)
False
Firewalls can protect against employees copying confidential data from within the network. (True or False)
False
Generally, connections to instant-messaging ports are harmless and should be allowed. (True or False)
False
Generally, connections to instant-messaging ports are harmless and should be allowed. (True or False)
False
Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny. (True or False)
False
Since ICMP messages use authentication, man-in-the-middle attacks cannot be successful. (True or False)
False
Software firewalls are usually more scalable than hardware firewalls. (True or False)
False
Stateless packet filtering keeps a record of connections that a host computer has made with other computers. (True or False)
False
The TCP normalization feature forwards abnormal packets to an administrator for further inspection. (True or False)
False
What is a suggested maximum size of a rule base?
30 rules
Which two ports should packet-filtering rules address when establishing rules for Web access?
80, 443
A primary goal of proxy servers is to provide security at the _______________ layer.
Application
At what layer of the OSI model do proxy servers generally operate?
Application
The rule base should permit access to public servers in the _________ and enable users to access the Internet.
DMZ (demilitarized-zone)
What service uses UDP port 53?
DNS
In what type of attack are zombies usually put to use?
DDoS
What is the term used for a computer placed on the network perimeter that is meant to attract attackers?
Honeypot
What type of attack are stateless packet filters particularly vulnerable to?
IP spoofing attacks
What are the two standard ports used by FTP along with their function?
TCP 21 control, TCP 20 data
Which of the following is NOT a protocol,port pair that should be filtered when an attempt is made to make a connection from outside the company network?
TCP,80
Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted?
Teredo tunneling
A screened host has a router as part of the configuration. (True or False)
True
Which of the following best describes a bastion host?
a computer on the perimeter network that is highly protected
Which of the following best describes a DMZ?
a subnet of publicly accessible servers placed outside the internal network
Which of the following is a typical drawback of a free firewall program?
cannot monitor traffic in real time
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy?
employees can use instant- messaging only with external network users
What is a critical step you should take on the OS you choose for a bastion host?
ensure all security patches are installed
A primary objective of a rule base is to ______________ communications based on complex rules.
filter
The Cisco PIX line of products is best described as which of the following?
firewall appliance
In a screened ____________ setup, a router is added between the host and the Internet to carry out IP packet filtering.
host
What is considered the 'cleanup rule' on a Cisco router?
implicit deny all
Why is a bastion host the system most likely to be attacked?
it is available to external users
Which of the following is true about a screening router?
it should be combined with a firewall for better security
Which of the following is true about private IP addresses?
they are not routable on the Internet
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?
three-pronged firewall