ITN263 ch7

Syslog

Which of the following is a centralized logging system?

Make sure the Default Deny rule is first.

Which of the following is not a best practice when creating firewall rules?

knowledge-based

An IDS or IPS that uses a database of signatures or patterns of known malicious activities to detect threats is called _______________ detection.

security policy

Deciding which firewall rules to define is subject to an organization's _____________.

Troubleshooting

In which situation is a change control system most effective?

Deny all

Regarding firewall rules, what is another name for default deny?

A firewall rule or filter

What is an access control list (ACL)?

Review the log files frequently.

What is an important thing to do regarding firewall logs?

False negatives

What is one of the most problematic issues with an intrusion detection system (IDS)?

Detect malicious network activities

What is the primary purpose of log monitoring?

All of the above

Which of the following firewalls uses rules?

Test the rules in a laboratory environment.

Which of the following is the best method of determining an optimal firewall configuration?

DMZ firewall

Which type of firewall commonly uses inbound rules?

Authentication

___________ is the process of verifying the identity of an electronic entity.

Buffer overflow

hich firewall limitation is typically characterized by a memory-based exploit?