ITN263 ch7
Syslog
Which of the following is a centralized logging system?
Make sure the Default Deny rule is first.
Which of the following is not a best practice when creating firewall rules?
knowledge-based
An IDS or IPS that uses a database of signatures or patterns of known malicious activities to detect threats is called _______________ detection.
security policy
Deciding which firewall rules to define is subject to an organization's _____________.
Troubleshooting
In which situation is a change control system most effective?
Deny all
Regarding firewall rules, what is another name for default deny?
A firewall rule or filter
What is an access control list (ACL)?
Review the log files frequently.
What is an important thing to do regarding firewall logs?
False negatives
What is one of the most problematic issues with an intrusion detection system (IDS)?
Detect malicious network activities
What is the primary purpose of log monitoring?
All of the above
Which of the following firewalls uses rules?
Test the rules in a laboratory environment.
Which of the following is the best method of determining an optimal firewall configuration?
DMZ firewall
Which type of firewall commonly uses inbound rules?
Authentication
___________ is the process of verifying the identity of an electronic entity.
Buffer overflow
hich firewall limitation is typically characterized by a memory-based exploit?