CYB 220 - Week 5 - 5-1 Lab
The central office implementation of a firewall has which of the following common elements? - A firewall that hosts many hub locations - A firewall separating multiple DMZs - A firewall that handles the majority of the company's internet access - A firewall that takes the place of a decentralized router
A firewall that handles the majority of the company's internet access
What is the underlying premise of a honeypot? - All network traffic is suspicious - A proxy server used for web browsing - A server used for email - All network traffic is nonthreatening
All network traffic is suspicious
When implementing a firewall in an internal network, what element should be considered a priority? - The ability to properly bottleneck network traffic - Amount of bandwidth needed for network traffic - A connection to the internet - Tiered tracing for troubleshooting problems
Amount of bandwidth needed for network traffic
What is Snort? - An open-source IDS software application - A Cisco-branded IDS software application - A honeypot software application - The first Symantec firewall
An open-source IDS software application
How does the ZoneAlarm Free Firewall open? - When you open it - When you input the command #ZoneAlarm - After it is vetted - Automatically
Automatically
Snort's default set of rules is: - Bluelist.rules - Whitelist.rules - Greylist.rules - Blacklist.rules
Blacklist.rules
What is one problem with implementing many DMZs in one network? - Many different operating systems - Requires a lot of electrical power - High infrastructure costs - Creates network confusion
High infrastructure costs
What type of network traffic is monitored by an IPS? - Inbound only - Outbound only - Inbound and outbound - Neither inbound nor outbound
Inbound and outbound
When configuring a host-based firewall, which elements should be considered? - Inbound and outbound network traffic - Inbound network traffic - Inbound and outbound port traffic only - Outbound network traffic
Inbound and outbound network traffic
An external router should be the first point of control for what type of network traffic? - Ingress only - Egress only - Ingress and egress - It is the internal router, not the external router.
Ingress and egress
What is the idea behind intrusion deterrence? - Making a system seem like a less palatable target - Moving the attack surface to another system - Interweaving threaded response files for detection - Avoiding the risk of system detection
Making a system seem like a less palatable target
There are several common components to an IDS. Which of the following are three of them? - Administrator, operator, threshold - Event, data destination, planner - Manager, operator, analyzer - Activity, sensor, executable
Manager, operator, analyzer
A host-based firewall resides where in a network? - After the DMZ but before the internet - Within the external router - On a user's computer - On a third-party network
On a user's computer
The administrator of the IDS is responsible for what? - Indicating suspicious activity - Providing notification to the IDS manager - Organizational security - Analyzing data collected from a security monitor
Organizational security
Logically separated subnets are still physically connected to: - Other VLANS in the same subnet fabric - Other VLANs in the same router fabric - Other subnets in the same switch fabric - Other subnets in the same VLAN fabric
Other subnets in the same switch fabric
What two things are most important when first considering firewall implementation? - Placement and power requirements - Placement and type - Type and power requirements - Power requirements and remote access
Placement and type
Wireshark is categorized as a: - Firewall - Malware - Network configuration tool - Protocol analyzer
Protocol analyzer
What does the mstsc command invoke? - Server configuration dialog - Remote desktop connection software - ZoneAlarm installation process - Firewall settings software
Remote desktop connection software
Firewalls use __________ to filter incoming and outgoing traffic. - Proxies - Rules - Environments - Networks
Rules
What is a best practice for mitigating human error when connecting to a switch that communicates across multiple networks? - Plug a 24-port switch into an open port - Turn on trunking for all access ports - Reset the default VLAN configuration - Shut down all unused ports
Shut down all unused ports
Snort works in one of three modes: - Network intrusion detection, monitor, and operator relay - Packet logger, monitor, and analyzer - Sniffer, packet logger, and network intrusion detection - Packet logger, notification agent, and data source recorder
Sniffer, packet logger, and network intrusion detection
Why is it important to remove AVG 2012? - It is malware. - It doesn't allow the installation of ZoneAlarm. - The software might conflict with ZoneAlarm. - The software uses too much space.
The software might conflict with ZoneAlarm.
What are the specific ways anomalies are detected? - User/group profiling, component profiling, threshold monitoring, process monitoring - Threshold monitoring, user/group profiling, resource profiling, executable profiling - Component profiling, threshold monitoring, resource profiling, process monitoring - Executable profiling, component monitoring, user/group monitoring, component profiling
Threshold monitoring, user/group profiling, resource profiling, executable profiling
Why would someone use an anonymous proxy site? - To uphold their workplace firewall policies - To access non-work-related websites at work - To make their firewall more resilient - To display their IP address online
To access non-work-related websites at work
To make the ZoneAlarm software more effective at fending off unwanted malware, you must: - Run it in Administration mode - Update the signatures of the program - Set the automatic updates to only user mode - Install a second firewall
Update the signatures of the program
Which option from Snort shows the available network interfaces? - snort -D - snort -I - snort -V - snort -W
snort -W
