Network Security Chapter 5
What is a primary benefit of system hardening? A. It reduces user performance. B. It increases network throughput. C. It decreases the attack surface. D. It improves host ROI. E. It tracks attempted intrusions.
C
All of the following are true statements about system hardening except: A. System hardening is a one-time process that does not need to be repeated on the same host. B. System hardening removes or reduces many known vulnerabilities. C. System hardening is different for each system with a unique function. D. System hardening is dependent on the location or placement of a host within the seven common domains of an IT infrastructure. E. Any system discovered to be out of compliance with system hardening guidelines should be quarantined until it can be repaired.
A
What is the essential purpose or function of authorization? A. Granting or denying access to resources B. Checking policy compliance C. Identifying entities D. Monitoring levels of utilization E. Detecting spoofed content
A
When configuring node security on a switch, all of the following are important elements except: A. Enabling keystrock logging B. Limiting access to management interfaces C. Monitoring for ARP flooding D. Upgrading to SNMP v3 E. Using a final version of firmware
A
Which of the following is a benefit of private addressing that is not present in public addressing? A. Isolation from the Internet B. Subnetting C. Use of IPv6 D. Routing traffic E. Filtering by source and designation address
A
Why would a network implement public addresses internally instead of private addresses? A. To avoid the use of NAT B. To be able to custom subnet C. To maintain isolation from the internet D. To prevent external initiation of communication with internal hosts E. To reduce costs
A
A remote host has all of the following additional security issues or concerns in comparison with a local host except: A. Potential exposure to unfiltered Internet B. Poor end user training C. Greater risk of physical theft D. Possible lack of patches and updates E. Additional interaction with external entities
B
All of the following are elements of system hardening except: A. Removing unnecessary protocols, services, and applications B. Implement ingress and egress filtering against spoofed addresses C. Installing patches and updates D. Configuring encryption for storage and communication E. Installing antivirus and a host firewall
B
Which of the following is not usually part of the system hardening process? A. Updating hardware firmware or BIOS B. Installing additional RAM C. Configuring a backup process D. Configuring account lockout E. Replacing outdated device drivers
B
What is the essential purpose or function of encryption? A. Verifying integrity B. Proving the identity of endpoints C. Protecting content from unauthorized third parties D. Maintaining performance E. Validating parking
C
When performing node security on a router, all of the following are important concerns, except: A. Blocking all directed IP broadcasts B. Disabling echo, chargen, discard, and daytime C. Watching for MAC spoofing D. Dropping RFC 1918 adressed packets from the Internet E. Enabling a warning banner for all attempted connections
C
Which IT infrastructure domain does not require firewalls to be included as part of its network design? A. Workstation Domain B. LAN Domain C. User Domain D. Remote Access Domain E. System/Application Domain
C
Which of the following is not an important factor when included as part of network design? A. Usability B. Capacity C. Obscurity D. Growth E. Defense in depth
C
How can static addresses be simulated with DHCP? A. Round robin assignment B. Manual configuration on each host C. Duplicate MAC addresses D. Reservations E. DNS reverse lookup
D
What is the essential purpose or function of accounting? A. Detecting intrusions B. Proving identity C. Controlling access to assets D. Recording the activities and events within a system E. Throttling transactions
D
What is the essential purpose or function of authentication? A. Controlling access to resources B. Monitoring for security compliance C. Watching levels of performance D. Verifying entity identity E. Preventing distribution of malware
D
Which of the following is a flaw or weakness that both static and dynamic addressing share? A. The assignment server can go offline. B. Changes require manual modification on each host. C. Public queries will fail. D. Hackers can spoof valid addresses. E. The first half of the address identifies the NIC vendor.
D
Which of the following is a protection against a single point of failure? A. Encryption B. Fitlering C. Auditing D. Redundancy E. VPNs
D
All of the following are elements of network design except: A. Satisfying security goals B. Understanding of the seven domains of IT infrastructure C. Implementing multiple layers of defense D. Thorough research and planning E. Utilizing a single vendor
E
System hardening should be applied to all of the following except: A. Clients B. Servers C. Switches D. Routers E. Cable adapters
E