CTC 452 Network Security and Hacking Prevention

A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

True

A weakness of a signature-based system is that it must keep state information on a possible attack.

True

Computers on the Internet are identified primarily by their IP address.

True

The IP address 172.20.1.5 is a private IP address.

True

The TCP protocol uses a three-way handshake to create a connection.

True

The objective of a phishing attack is to entice e-mail recipients to click a bogus link where personal information can be stolen.

True

A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed.

False

All devices interpret attack signatures uniformly.

False

IPv4 and IPv6 headers are interoperable.

False

Reviewing log files is a time-consuming task and therefore should only be done when an attack on the network has occurred.

False

Which of the following is an element of the TCP header that can indicate that a connection has been established?

Flags

Which component of IPsec enables computers to exchange keys to make an SA?

IKE

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?

IPsec

Which of the following is NOT a typical IDPS component?

Internet gateway

What type of attack involves plaintext scripting that affects databases?

SQL injection

Which VPN protocol leverages Web-based applications?

SSL

What is the sequence of packets for a successful three-way handshake?

SYN, SYN ACK, ACK

What are the two standard ports used by FTP along with their function?

TCP 21 control, TCP 20 data

Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted?

Teredo tunneling

The Cisco PIX line of products is best described as which of the following?

firewall appliance

Which of the following is true about SSL?

it uses sockets to communicate between client and server

Which of the following is true about the Internet?

it was established in the mid-1960s

How does the CVE standard make network security devices and tools more effective?

they can share information about attack signatures

What are the two modes in which IPsec can be configured to run?

tunnel and transport

Which security tool works by recognizing signs of a possible attack and sending notification to an administrator?

IDPS

What is contained in ARP tables?

IP address, MAC address

What was created to address the problem of remote clients not meeting an organization's VPN security standards?

VPN quarantine

What makes IP spoofing possible for computers on the Internet?

the lack of authentication

network identifier

the part of an IP address that a computer has in common with other computers in its subnet

Which of the following is a valid IPv6 address?

1080::8:800:200C:417A

How large is the IPv6 address space?

128 bits

Which of the following addresses is a Class B IP address?

189.77.101.6

Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240

192.168.10.47

What is a suggested maximum size of a rule base?

30 rules

Which feature of a router provides traffic flow and enhances network security?

ACLs

Which of the following types of traffic does NOT travel through routers?

ARP requests

At what layer of the OSI model do proxy servers generally operate?

Application

In what type of attack are zombies usually put to use?

DDoS

Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?

Dynamic Application layer protocol analysis

Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?

NAP

In which OSI model layer will you find the OSPF protocol?

Network

Which of the following is an open standard used for authentication on Cisco routers?

RADIUS

Which type of scan has the FIN, PSH, and URG flags set?

Xmas

datagram

a discrete chunk of information; each datagram contains source and destination addresses, control settings, and data

Defense in depth can best be described as which of the following?

a layered approach to security

Network Address Translation

a process by which internal hosts are assigned private IP addresses and communicate with the Internet using a public address

Which of the following best describes a DMZ?

a subnet of publicly accessible servers placed outside the internal network

Which of the following is an improvement of TLS over SSL?

adds a hashed message authentication code

Which of the following is true about using VPNs?

can use an existing broadband connection

Which of the following is a typical drawback of a free firewall program?

cannot monitor traffic in real time

Which of the following is NOT information that a packet filter uses to determine whether to block a packet?

checksum

With which access control method do system administrators establish what information users can share?

mandatory access control

Which of the following is true about software VPNs?

more cost-effective than hardware VPNs

Of what category of attack is a DoS attack an example?

multiple-packet attack

Which of the following is an advantage of hardware firewalls?

not dependent on a conventional OS

Where is a host-based IDPS agent typically placed?

on a workstation or server

Which type of NAT is typically used on devices in the DMZ?

one-to-one NAT

Where should network management systems generally be placed?

out of band

Which of the following is a general practice for a rule base?

permit access to public servers in the DMZ

Which variation on phishing modifies the user's host file to redirect traffic?

pharming

What does a sliding window do in a TCP packet?

provides flow control

What should you consider installing if you want to inspect packets as they leave the network?

reverse firewall

Which of the following makes routing tables more efficient?

route summarization

Which of the following is NOT a critical goal of information security?

scalability

Which type of firewall configuration protects public servers by isolating them from the internal network?

screened subnet DMZ

What is a VPN typically used for?

secure remote access

What is the TCP portion of a packet called?

segment

What Cisco router command encrypts all passwords on the router?

service password-encryption

Why might you want your security system to provide nonrepudiation?

so a user can't deny sending or receiving a communication

Which term is best described as an attack that relies on the gullibility of people?

social engineering

In which type of scan does an attacker scan only ports that are commonly used by specific programs?

strobe scan

How are the two parts of an IP address determined?

subnet mask

Which of the following is NOT a category of suspicious TCP/IP packet?

suspicious CRC value

What is an advantage of the anomaly detection method?

system can detect attacks from inside the network by people with stolen accounts

Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?

use standard naming conventions

Software firewalls are usually more scalable than hardware firewalls.

False

Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?

access control

Which of the following is true about an NIDPS versus an HIDPS?

an HIDPS can detect attacks not caught by an NIDPS

Which of the following is NOT an essential element of a VPN?

authentication server

In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated?

challenge/response

Which of the following is a type of VPN connection?

client-to-site

To what type of port on a Cisco router do you connect a rollover cable?

console

What uses mathematical calculations to compare routes based on some measurement of distance?

distance-vector routing protocols

Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy?

employees can use instant-messaging only with external network users

Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router?

enable

What is the term used when an IDPS doesn't recognize that an attack is underway?

false negative

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

hybrid

Which of the following is NOT one of the three primary goals of information security?

impartiality

Which of the following is a reason that UDP is faster than TCP?

it doesn't guarantee delivery

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

proxy server

Under which suspicious traffic signature category would a port scan fall?

reconnaissance

What is a step you can take to harden a bastion host?

remove unnecessary services

If you see a /16 in the header of a snort rule, what does it mean?

the subnet mask is 255.255.0.0

Which of the following is true about ACLs on Cisco routers?

there is an implicit deny any statement at the end of the ACL

Which of the following is true about private IP addresses?

they are not routable on the Internet

Which of the following is true about static routes?

they are used for stub networks

What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?

three-pronged firewall

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?

training period

Which of the following is a top-level digital certificate in the PKI chain?

trust anchor

scopes

unicast addresses used in IPv6 to identify the application suitable for the address