Net 484 Chapter 6: Firewalls and Intrusion Detection
Which of the following is true about a network-based firewall? 1) A network-based firewall is installed at the edge of a private network or network segment. 2) A network-based firewall are considered software firewalls. 3) A network-based firewall is installed on a single computer. 4) A network-based firewall is less expensive and easier to use than host-based firewalls.
A network-based firewall is installed at the edge of a private network or network segment.
How does a proxy server differ from a packet-filtering firewall? 1) A proxy server is used to create a screened subnet, while a packet-filtering firewall can only be used with screened subnets. 2) A proxy server can prevent unknown network attacks, while a packet-filtering firewall can only prevent known attacks. 3) A proxy server includes filters for the session ID as well as the IP address and port number. 4) A proxy server operates at the Application layer, while a packet-filtering firewall
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer.
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the
Add a permit statement to the bottom of the access list.
Which of the following are characteristics of a stateless firewall? (Select two.) 1) Controls traffic using access control lists, or ACLs. 2) Allows or denies traffic by examining information in IP packet headers 3) Allows or denies traffic based on virtual circuits of sessions 4) Should be placed as close to the destination as possible 5) Identify traffic based on the destination address
Allows or denies traffic by examining information in IP packet headers, Controls traffic using access control lists, or ACLs
Which of the following describes how access control lists can improve network security? 1) An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. 2) An access control list filters traffic based on the frame header, such as source or destination MAC address. 3) An access control list identifies traffic that must use authentication or encryption. 4) An access control list filters traffic based on the IP header information, such as
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following is true about an intrusion detection system? 1) An intrusion detection system can terminate or restart other processes on the system. 2) An intrusion detection system maintains an active security role within the network. 3) An intrusion detection system can block malicious activities. 4) An intrusion detection system monitors data packets for malicious or unauthorized traffic.
An intrusion detection system monitors data packets for malicious or unauthorized traffic.
Which of the following BEST describes a stateful inspection? 1) Designed to sit between a host and a web server and communicate with the server on behalf of the host. 2) Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. 3) Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. 4) Allows all internal traffic to share a single public IP address when connecting to an outside e
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? VPN concentrator Proxy server Network-based firewall Host-based firewall
Host-based firewall
Which of the following are true about routed firewalls? (Select two.) 1) Easily introduced to an existing network. 2) Supports multiple interfaces. 3) Counts as a router hop. 4) Internal and external interfaces connect to the same network segment. 5) Operates at Layer 2.
Supports multiple interfaces, Counts as a router hop
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance? Packet-filtering firewall Circuit-level gateway Unified Threat Management (UTM) Next Generation Firewall (NGFW)
Unified Threat Management (UTM)
Which of the following combines several layers of security services and network functions into one piece of hardware? Firewall Circuit-level gateway Unified Threat Management (UTM) Intrusion detection system (IDS)
Unified Threat Management (UTM)
Which of the following is true about a firewall? 1) Firewalls protect against email spoofing attacks. 2) You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. 3) Host-based firewalls and network-based firewalls can be installed separately, but they cannot be placed together to provide multiple layers of protection. 4) Implicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access.
You must manually specify which traffic you want to allow through the firewall.
Which IDS type can alert you to trespassers? NIDS HIDS VMIDS PIDS
PIDS
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? Positive False positive False negative Negative
False positive
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? IPS Port scanner Packet sniffer IDS
IPS
Which of the following is true about an NIDS? It detects malicious or unusual incoming and outgoing traffic in real time. It can analyze fragmented packets. It can monitor changes that you've made to applications and systems. It can access encrypted data packets.
It detects malicious or unusual incoming and outgoing traffic in real time.
Which of the following describes the worst possible action by an IDS? 1) The system identified harmless traffic as offensive and generated an alarm. 2) The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. 3) The system correctly deemed harmless traffic as inoffensive and let it pass. 4) The system detected a valid attack and the appropriate alarms and notifications were generated.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? Misuse detection Anomaly-based Dictionary recognition Pattern matching
Anomaly-based
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? Check for backdoors. Generate a new baseline. Modify clipping levels. Update the signature files.
Update the signature files.
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? An IDS An IPS A host-based firewall A network-based firewall
A network-based firewall
Which of the following are true about reverse proxy? (Select two.) 1) Can perform load balancing, authentication, and caching. 2) Handles requests from the internet to a server on a private network. 3) Clients always know they are using reverse proxy. 4) Handles requests from inside a private network out to the internet. 5) Sits between a client computer and the internet.
Can perform load balancing, authentication, and caching, Handles requests from the internet to a server on a private network
Which of the following does the sudo iptables -F command accomplish? Lists all the current rules. Clears all the current rules. Saves changes to iptables. Drops all incoming traffic.
Clears all the current rules.
Which of the following chains is used for incoming connections that aren't delivered locally? Output Reject Forward Drop
Forward
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Protocol analyzer VPN concentrator Port scanner Host-based IDS Network-based IDS
Host-based IDS
Which of the following is a firewall function? Encrypting Packet filtering FTP hosting Frame filtering
Packet filtering
Which options are you able to set on a firewall? (Select three.) 1) Port number 2) Digital signature 3) Packet destination address 4) Checksum 5) Packet source address
Port number, Packet destination address, Packet source address
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) 1) Put the database server outside the screened subnet. 2) Put the web server inside the screened subnet. 3) Put the database server inside the screened subnet. 4) Put the database
Put the database server on the private network.
Based on the diagram, which type of proxy server is handling the client's request? Reverse proxy server Circuit-level proxy server Open proxy server Forward proxy server
Reverse proxy server
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Heuristics-based IDS Signature-based IDS Stateful inspection-based IDS Anomaly analysis-based IDS
Signature-based IDS
Which of the following are specific to extended Access control lists? (Select two.) 1) Use the number ranges 100-199 and 2000-2699. 2) Are used by route maps and VPN filters. 3) Identify traffic based on the destination address. 4) Should be placed as close to the destination as possible. 5) Are the most used type of ACL.
Use the number ranges 100-199 and 2000-2699, Are the most used type of ACL
