Chapter 10 key

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Under which of the following conditions is the FORWARD firewall chain used?

A Linux system is performing Network Address Translation (NAT).

A company has suffered a data breach. Investigators are able to establish exactly when the data breach occurred, but on checking the IDS logs, no evidence of the breach is present. What type of intrusion detection error condition is this?

A false negative.

What component does a network-based IDS use to scan traffic?

A sniffer or sensor.

The firewall bases is decisions on a set of rules called what?

ACL

Other than attempting to block access to sites based on content, what security options might be offered by Internet content filters?

Blocking access based on time of day or total usage

What type of firewall monitors packet sequence to prevent session jacking?

Circuit-level

What is shunning?

Configuring an IPS to set a temporary firewall rule to block the suspect IP address.

You are troubleshooting a connectivity problem with a network application server. Certain clients cannot connect to the service port. How could you rule out a network or remote client host firewall as the cause of the problem?

Connect to or scan the service port from the same segment with no host firewall running

What sort of maintenance must be performed on signature-based monitoring software?

Definition/signature updates

What is the default rule on a firewall?

Deny anything not permitted by the preceding rules.

A company has a 20% drop in productivity in the previous quarter. Management believes this is due to employees conducting personal business online at work. Management asks the network manager to provide a solution. Recommend a solution for management.

Deploy a content filter

What is the command iptables used for in Linux based systems?

Edit rules enforced by Linux-based firewalls

A software scans files and re-computes a hashsum for the local version. The software then verifies that the hashsum matches the correct value. Evaluate security tools and determine what software is performing this action.

File Integrity Monitoring (FIM)

What blocks traffic that does not conform to rules?

Firewall

A network manager needs to secure a critical client. The manager's primary goal is to prevent modification of the system. Which can the manager use to prevent modification of the system?

Host-Based Intrusion Prevention System (HIPS)

What parameters can a layer 3 firewall ruleset use?

IP source and destination address, protocol type, and port number.

What tool can an administrator use that provides passive detection by logging incidents and displays alerts at the management interface?

Network-Based Intrusion Detection System (NIDS)

A network manager installs a tool that throttles the bandwidth of attacking hosts and modifies suspect packets to render them harmless. Evaluate security technology tools and determine what tool the network manager is utilizing.

Network-Based Intrusion Prevention System (NIPS)

A network administrator deploys a firewall that analyzes the header and Hypertext Markup Language (HTML) code in Hypertext Protocol (HTTP) packets to match patterns in a threat database. Consider the types of firewalls and determine which firewall is on the network.

Next Generation Firewall (NGFW)

What OSI layer does an NGFW work at and why?

OSI layer 7 (Application) because the next generation firewall (NGFW) is configured with application-specific filters that can parse the contents of protocols such as HTTP, SMTP, or FTP.

Using iptables, in which chain would you create rules to block all outgoing traffic not meeting certain exceptions?

OUTPUT chain.

A network manager is configuring a firewall. Prepare guidelines for the network manager to follow. (Select two)

Only allow the minimum amount of traffic required. The most specific rules are placed at the top.

What deconstructs each packet, performs analysis, rebuilds and then forwards the packets rather than inspecting passing traffic?

Proxy server

What uses a database of attack patterns and known composites of malware to prevent malware attacks?

Signature-based detection

Why would you deploy a reverse proxy?

To publish a web application without directly exposing the servers on the internal network to the Internet.

A company has a need for increased security control. The company currently has two network technicians and a small budget for the project. Given this scenario, which is the BEST solution for the company?

Unified Threat Management (UTM)

What is the main purpose of UTM?

Unified Threat Management (UTM) consolidates multiple security functions in a single appliance with a single management console.

It is a good idea to block TCP and UDP ports in a firewall.

false

The more antiviruses a system has, the great performance of functionality the system will have and lower chance of the system getting malware.

false; greater antiviruses slows it down!

A reverse proxy is used with a published website to not directly expose the server to the Internet.

true

The basic function of a NIDS is to provide a PASSIVE response to any network threat

true

The basic function of a NIPS is provide an ACTIVE detection of network traffic and threats.

true


संबंधित स्टडी सेट्स

EXAMEN FINAL DE SEGUNDO PERIODO DE BACHILLERATO GENERAL SEGUNDO ANO

View Set

Fragile environments & climate change igcse geography

View Set

Texas Jurisprudence (combined sources)

View Set

NCLEX Questions; Pediatrics: Respiratory, GI, GU, Cardiac

View Set

ATI questions over cognition unit

View Set

earth science - assignment 12. test

View Set