Final 263

When troubleshooting a firewall, why should you make one fix at a time and test after each attempt?

attempting multiple fixes at once might mask the actual resolution

Which firewall limitation is typically characterized by a memory-based exploit?

buffer overflow

How does KISS (Keep It Simple: Security) apply to firewalls?

use simple direct firewall rules

What should you consider when selecting a firewall for your organization?

both a and b

You need to conduct VPN training for some users who require a lot of support. What is the best method?

classroom training

Which type of backup solution typically stores your data on another organization's hardware, making you dependent on their security, confidentiality assurance, and reliability?

cloud

Which of the following is the easiest and safest way to detect software coding errors in a firewall?

conduct a pilot test

Which of the following sections is not commonly part of a written VPN policy?

configuration

What is not an example of containment during incident response?

confirming a breach

Why should you change the default administrative password on a wireless router?

default passwords are commonly known, which is a security weakness

Regarding firewall rules, what is another name for default deny?

deny all

What is a potential disadvantage of online data backups?

dependency on provider's security

What is the primary purpose of log monitoring?

detect malicious network activities

An IT environment with an intrusion detection system, antivirus software, strong authentication, virtual private network support, and granular access control is an example of _____________.

diversity of defense

Which VPN deployment architecture includes a firewall in front of the VPN to protect it from Internet-based attacks, as well as a firewall behind it to protect the internal network?

dmz based

When dealing with a firewall emergency, what should you not do?

document your network

Which of the following must an administrator organize to ensure follow-through of a new security plan?

end user training and awareness

Which of the following firewall design elements serves as an over-arching security stance to drive an organization's overall security?

fail-safe

What is one of the most problematic issues with an intrusion detection system (IDS)?

false negatives

What is the name of the process that sends a wide variety of packets toward an internal target in hopes of discovering a packet configuration that succeeds in passing the restrictions of a firewall's rule set?

firewalking

What is a common problem of running VPN software on a server that supports multiple applications, such as a server running SQL Server or Web software?

incorrect configuration exposes VPN configuration to an attacker

One of the most effective preventative techniques in network security troubleshooting is __________.

installing patches and updates

Which VPN deployment architecture places only the Internet-facing VPN connection behind a firewall?

internally connected

On a Windows computer, which command can you use to determine the computer's IP address?

ipconfig

What is the purpose of the post-mortem review after a security assessment?

learn from mistakes

Which of the following critical factors that can affect the performance of a VPN is usually associated with peak usage?

load

What is a benefit of an open source VPN solution?

low cost

Which type of firewall commonly uses inbound rules?

DMZ firewall

Which of the following network management/monitoring/troubleshooting tools is available natively through Windows?

netstat

What does forced universal participation typically apply to in an organization?

security

Deciding which firewall rules to define is subject to an organization's _____________.

security policy

Isolating and compartmentalizing administrative privileges, so that no single administrator has full or total power over the entire environment, is an example of __________.

separation of duties

You require a fast, flexible, simple firewall for your network. Which type of firewall should you choose?

stateful inspection

Which of the following is not a common VPN vulnerability?

strong client security

Which of the following tools is a network mapper, port scanner, and OS fingerprinting tool all in one?

nmap

Which of the following is a centralized logging system?

syslog

Which of the following is a best practice for secure network communications?

require that every service, transaction and communication must pass through one or more firewalls

What is an important thing to do regarding firewall logs?

review the log files frequently

When troubleshooting a firewall, the following items are useful except:

acceptable use policy

What is another name for a written VPN policy?

remote access policy

Which modes does IPSec provide?

transport and tunnel

Anonymity is the ability for a network or system user to remain unknown. The problem with many anonymity solutions is that they don't always protect __________.

your privacy

If you want to prevent external connections from insecurely logging into your internal systems, which port do you block on your firewall?

23

Because IPSec has issues traversing a translated network, which firewall ports must be permitted for IPSec to work through NAT?

50, 51 and 500

Which of the following tools is an open source, rule-based IDS that can detect firewall breaches?

SNORT

Which of the following is not true of compliance auditing?

A regular compliance audit can be used in place of an organization's security policy.

When ordering firewall rule sets, where should critical denial exceptions be placed?

At the top of or early in the rules list

When ordering firewall rule sets, where should rules related to more common traffic be placed?

At the top of or early in the rules list

Which of the following types of communications must take place or a business will suffer?

Business-essential

In networking terms, what forces all traffic, communications, and activities through a single pathway or channel?

Choke point

A critical business function conflicts with a security solution. What is the best response?

Design a new security solution or modify how the task is accomplished.

Who performs penetration testing?

Ethical Hackers

What type of traffic is port 443 associated with?

HTTPS

Which of the following is an example of a user violating security policy?

He installed a utility from the Internet that will help him perform his job.

What does a reverse proxy accomplish?

Hides the identity of the Web server accessed by the Internet (or external) client

Which of the following is not true of a bastion host?

Is available only as an open source product

All of the following are true of port forwarding except:

Many internal machines can use a forwarded port simultaneously

Which of the following is a method for secure remote login and other secure network services over a public network such as the Internet?

SSH

Which of the following could compromise network security?

Simplify by assigning maximum required permissions

A written firewall policy, which is part of a security policy, does not need to address which of the following?

The cost of the firewall

What is an access control list (ACL)?

a firewall rule or filter

What is an example of strong two-factor authentication?

a smart card with a pin

A security assessment may include which of the following steps?

all of the above

Building your own firewall can result in which of the following?

all of the above

Which of the following firewalls uses rules?

all of the above

Which of the following typically contains a firewall or firewall functionality?

all of the above

Window Firewall in Windows 7 enables you to create custom firewall configuration settings for which of the following connections?

all of the above

In a home network environment, which of the following firewall ports can you typically block without affecting normal network communications?

anything above 1033

When ordering firewall rule sets, where should the Default Deny rule be placed?

at the bottom of the rules list

___________ is the process of verifying the identity of an electronic entity.

authentication

You use a hardware firewall on your network. To analyze all network traffic, where would you locate the firewall?

choke point

When testing firewall security, which type of tool stresses a system to discover if it will react improperly, fail, or reveal unknown vulnerabilities?

fuzzing

Which of the following is not a network security management best practice?

implement single factor authentication

Which of the following is not true of tunneling through a firewall?

is a common and safe method of allowing remote access

An IDS or IPS that uses a database of signatures or patterns of known malicious activities to detect threats is called _______________ detection.

knowledge based

Which of the following is not a best practice when creating firewall rules?

make sure the deny default rule is first

Which of the following is true of host firewalls?

most server operating systems do not include a host software firewall

Which type of firewall is ideal for many small office/home office (SOHO) environments?

native OS firewall

Which of the following firewalls is native to all Linux distributions?

none of the above

Which of the following is not a typical location for a firewall?

on removable media

What is another form of a honeypot?

padded cell

Window locks, door locks, and security cameras are examples of which of the following?

physical security

When troubleshooting VPN connectivity, which Windows and Linux command can you use to verify your internal port?

ping

Which of the following addresses passive Internet threats?

pop up blocker

Assigning users, including administrators, only the necessary privileges, access, and permissions to accomplish their assigned work is an example of __________.

principle of least privilage

Which of the following is not a common phase of incident response?

recconaissance

What type of firewall is most effective against firewalking, fragmentation, and internal code planting?

stateful inspection

Which of the following is the best method of determining an optimal firewall configuration?

test the rules in a laboratory environment

When troubleshooting VPN connectivity, which Windows command can you use to verify your external port?

traceroute

In which situation is a change control system most effective?

troubleshooting

Which of the following should be avoided?

two software firewalls on a single computer system

What is a benefit of a commercial VPN solution?

typically easy to install

Which of the following is not a VPN best practice?

use split tunneling

On a SOHO network with a wireless router from the Internet service provider, which of the following is not a typical way to harden the network or router?

use the default SSID

What situation allows for successful internal code planting attacks?

using only inbound firewall filtering

Which industry-standard protocol enables you to configure two VPNs as a pair for high availability?

virtual router redundancy protocol (VRRP)

Which of the following is typically not an important feature of a commercial appliance firewall?

virtualization

What is the name of the native firewall in Windows Vista and Windows 7?

windows firewall

You want to capture network packets that leave your firewall and then analyze them. Which tool is best for these tasks?

wireshark