Chapter 4: Network Defense and Countermeasures
What implementation is the Check Point 5000 series firewall? A. Router-based B. Network-based C. Switch-based D. Host-based
A
What is the one complexity found in enterprise environments that is unlikely in small networks or SOHO environments? A. Multiple operating systems. B. Diverse user groups. C. Users running different applications. D. Web vulnerabilities.
A
What tool does McAfee Personal Firewall offer? A. A visual tool to track attacks. B. NAT C. Strong encryption D. Vulnerability scanning.
A
Which of the following is a benefit of Cisco firewalls? A. Extensive training available on the product. B. Very low cost. C. Built-in IDS on all products. D. Built-in virus scanning on all products.
A
Which of the following is an important feature of D-Link 2560? A. Built-in IDS B. WEP encryption C. Vulnerability scanning D. Liberal licensing policy
A
Which type of encryption is included with the T-Series? A. AES and 3DES B. WEP and DES C. PGP and AES D. WEP and PGP
A
What is an application gateway firewall?
A firewall type that verifies specific applications.
What is a network address translation?
A replacement technology for proxy servers.
What is a User Account Control (UAC)?
A security feature that prompts a user for an admin user's credentials if the task requires admin permissions.
What are the features of a Cisco Next-Generation firewalls?
Adaptive Security Appliances (ASA). Many different models and capabilities, one example is ASA 5500: - VPNs - Instruction prevention systems. - Content filtering. - Unified communications security. Requires moderate skill to configure and administer. Extensive training available for Cisco systems.
What is packet alteration?
An iptable used only for specialized packet alteration.
NAT is a replacement for what technology? A. Firewall B. Proxy server C. Antivirus software D. IDS
B
Should a home user block incoming ICMP traffic, and why or why not? A. It should be blocked because such traffic is often used to transmit a virus. B. It should be blocked because such traffic is often used to do port scans and flood attacks. C. It should not be blocked because it is necessary for network operations. D. It should not be blocked because it is necessary for using the web.
B
What is the advantage of an enterprise environment? A. Multiple operating systems to deal with. B. Skilled technical personnel are available. C. Lower security needs. D. IDS systems are not needed.
B
Which of the following is a common problem when seeking information on firewalls? A. It is difficult to find information on the web. B. Unbiased information might be hard to find. C. Documentation is often incomplete. D. Information often emphasizes price rather than features.
B
What is ICF? A. Windows XP Internet Connection Firewall. B. Windows XP Internet Control Firewall. C. Windows 2000 Internet Connection Firewall. D. Windows 2000 Internet Control Firewall.
C
What type of firewall is the Check Point 5000 series firewall? A. Application gateway B. Packet filtering/application gateway hybrid C. SPI/application gateway hybrid D. Circuit-level gateway
C
Which of the following is found in Norton's personal firewall but not in ICF? A. NAT B. A visual tool to trace attacks C. Vulnerability scanning D. Strong encryption
C
Should a home user with a firewall block incoming port 80, and why or why not? A. They should not because it would prevent her from using web pages. B. They should because port 80 is a common attack point for hackers. C. They should not because that will prevent her from getting updates and patches. D. They should unless she is running a web server on her machine.
D
What are the problems that medium-sized networks face? A. Lack of skilled technical personnel. B. Diverse user group. C. Need to connect multiple LANs into a single WAN. D. Low budgets.
D
Which of the following is not a common feature of most single PC firewalls? A. Software-based B. Packet filtering C. Ease of use D. Built-in NAT
D
Which of the following is not an advantage of the Fortigate firewall? A. Built-in virus scanning. B. Content filtering. C. Built-in encryption. D. Low cost.
D
Which type of firewall is SonicWALL TZ Series? A. Packet screening. B. Application gateway. C. Circuit level gateway. D. Stateful packet inspection.
D
What is a medium-sized network firewalls?
Defined as 25 users to several hundred users at single locations. Often have dedicated network admin personnel.
What are the features of a check point firewall?
Hybrid between packet filtering and application gateway. Capable of protecting against SYN and oversized packets automatically. Many versions are available, at costs from $3,000 to $50,000. Includes intrusion prevention systems. Has protections against zero-day threats. Supports VPN connections. Not simple to administer and configure.
What are the features of the McAfee Personal firewall?
Included with McAfee Total Protection Suite. Comes in many versions. Blocks outbound/inbound traffic. Tracking: Shows on a map the path from which an attack is coming. Connected to hackerwatch.org Advanced features, such as basic intrusion detection.
What are the features of the Symantec Norton firewall?
Included with Norton Security Suite. Basic packet filtering. Ability to block outbound traffic. - Can block an infected machine from propagating virus. - Blocks ports that Trojan horse might communicate on. Supports ad/pop-up blocking. Can scan your machine through Symantec web site.
What are the feature of the Enterprise firewall?
Network that typically includes a WAN connection. Extremely complex security situation. Dedicated team of admin included security professionals.
What are the features of the Small Office/Home Office (SOHO)?
Norton and McAfee offer solutions at slightly higher costs than personal firewalls. SonicWALL TZ series: 1. Stateful packet inspection. 2. Built-in encryption. 3. Easy management and configuration. 4. Built-in NAT. D-Link 2560 Office firewall: 1. Built-in encryption. 2. Whitelisting and blacklisting. 3. Intrusion detection systems. 4. Built-in antivirus. 5. Stateful packet inspection. 6. Combines multiple firewall types. 7. Built-in NAT and VPN.
What are the features of the Linux firewall Iptables?
Primary firewall for Linux 3 kinds of objects: 1. Tables. 2. Chains. 3. Rules. 3 tables and their standard chains: 1. Packet filtering. 2. Network address translation. 3. Packet alteration.
What is a Single Machine Firewalls (SMFs)?
Use on PCs in a home office or individual workstations on a network. Commonality of single machine firewalls. - Packet filtering or screening firewalls. - Software-based. - Easy to configure and set up. Helpful as a supporting role for network security, not a primary solution. Target market: home user. Key characteristics: - Ease of use. - Low cost or even free download. - Meant for essential security, not high security. Available for all major OS platforms (Windows, Linux, MacOS).
What are some features of a Windows 10 firewall?
Window 10 provides a free fully-functional firewall. Blocks inbound and outbound packets. Configurable through the Windows Firewall with Advanced Security app. Can apply different rules depending on traffic source. Has a logging feature, which is disabled by default.
