Firewalls & Network Security Chapters 9 -15

Susan has discovered that the vice president of marketing has brought in her own personal tablet device and connected it to the company's secure wireless network. This violates the organization's IT security policies. Susan informs the chief information security office (CISO) of the situation. What level of control must the CISO exercise with this upper-level manager?

Accounting

What is an encryption standard that was designed to scale upward with longer keys?

Advanced Encryption Standard (AES)

Which of the following is designed to block buffer overflow attacks, SQL injection attacks, and many other web-focused attacks?

Application firewall

Arturo is troubleshooting a firewall that may have been hacked by a malicious outsider. He is under pressure and immediately tries a fix that, if it fails, will not be easy to back out of. Before he makes the attempt, his supervisor warns him of the danger. What does Arturo's supervisor say?

Avoid destructive or irreversible solutions until last.

Which of the following is insurance against data loss?

Backups

Lauren is a network technician monitoring performance on the local area network (LAN). She becomes alarmed when the network utilization reaches 95 percent for a particular time of day. How does she know what the utilization is normally like?

Benchmarks

Bill is a network engineer. On Monday morning, he learns that the firewalls between network segments are not operating as expected. He checks the activity sheet for the on-call techs who worked the weekend and sees that one of them performed an unscheduled patch. Bill suspects the patch made modifications to the firewalls. Of the following choices, what is the BEST way to check this?

Bill compares screenshots of the optimal firewall configuration against the current settings.

Which of the following is the best defense against wireless and mobile risks?

Biometrics and education - WRONG

Hong is a network engineer. He is developing a firewall policy that addresses troubleshooting a firewall that has either failed or is under attack. In his plan, what should be included as a best practice?

Collect firewall documentation before an attack.

What is a type of assessment that judges how well an organization is accomplishing set goals or requirements?

Compliance auditing

Strong encryption supports:

Confidentiality

Which term describes a technology that performs deep-content inspection within a scope defined by a central management console?

Data leakage prevention (DLP)

________ is the concept that data is subject to the laws of a country in which it is stored, and is becoming a challenge for businesses as their operations move to the cloud.

Data sovereignty

Which of the following is NOT an example of a vanishing network perimeter?

Demilitarized zone (DMZ)

In an incident response situation, which term is used to described the actual confirmation of a breach?

Detection and analysis

Juan is a technician designing a physical security strategy for his company's network. He wants to convince potential hackers that it would be too difficult and complex for them to mount a successful assault or that such an attack would be too easily detected. What central function is he addressing?

Deterrence

______ is commonly exploited by many hackers because most enterprise web traffic is _________.

Encryption; encrypted

During which step of firewall incident response is the compromise resolved?

Eradication

Which of the following is a security state that reverts to a state of being unavailable or locked?

Fail-close

A small fire breaks out in the lunch room of a branch office and the fire alarms sound. The employees are directed to leave the building and assemble in the parking lot. What condition is required to enable them to cross restricted access areas that are normally locked?

Fail-open

A good policy is to implement the first generation or first release of a firewall product.

False

Allow by default/deny by exception is always the preferred security stance.

False

An antivirus scanner needs to have its database of definitions updated at least once per week.

False

Availability deals with keeping information, networks, and systems secure from unauthorized access.

False

Basic packet filtering uses a complex, dynamic rule set.

False

Delay is the use of security to convince a potential attacker that the efforts to compromise a system are not worth it.

False

Depending on the situation, a fail-open state could be fail-secure or fail-close.

False

Governance means ensuring that your organization obeys internal policies, as well as any applicable laws or other regulatory requirements.

False

In layered security strategy, the strengths and benefits of one countermeasure do not affect the other countermeasures.

False

Physical damage is not related to denial of service.

False

Security education for users is desired, but not required, for maintaining a secure environment.

False

The HITECH Act expanded the scope of privacy and security protections available under the Sarbanes-Oxley (SOX) Act.

False

The Sarbanes-Oxley (SOX) Act was created to protect shareholders by requiring publicly traded companies to validate controls securing financial data.

False

The term "mobile IP" describes how a wide variety of devices and sensors can connect and be accessed, typically over a wireless network.

False

Whole hard drive encryption prevents anyone from accessing data on the drive.

False

You can fix a firewall's vulnerability to denial of service (DoS) flooding by upgrading the firewall or applying a patch.

False

Over time, how has the focus of security shifted?

From data centers to clouds - WRONG

Which of the following is a European Union (EU) regulation that protects citizens' privacy and information?

General Data Protection Regulation (GDRP)

Which of the following is BEST described as processes and procedures intended to help ensure that employees will follow security policies?

Governance

Jonathan is a network security specialist. He has developed several policies for his employer. One describes restrictions on transmitting clients' protected health information (PHI). Another policy addresses working with a third party to securely process a blood sample. Which law is he complying with?

Health Insurance Portability and Accountability Act (HIPAA)

A malicious person is using an existing virtual private network (VPN) tunnel to infiltrate a company's private local area network (LAN). What is this tunneling method doing?

Hijacking an existing port

Which of the following has a native information security framework that can provide virtual private networking without client software?

IPv6

Juan is a network engineer. His manager has tasked him with gathering concrete metrics on network security and operations. Juan selects the most popular performance metrics methodology. What is it?

Information Technology Infrastructure Library (ITIL)

Hacker tunneling uses two techniques. The first is to install a server component on an internal system and then have an external client make a connection. What is the second?

Install a server component on an external system and then use an internal client to make the connection.

Which of the following provides the ability to present a unique virtual private network (VPN) configuration to each individual user group?

Internet Protocol Security (IPSec) - WRONG

Which of the following best describes devices NOT traditionally thought of as networked, such as wearable activity trackers, thermostats, and building automation?

Internet of Things (IoT)

Which of the following is a limitation of Internet Protocol Security (IPSec)?

It does not encrypt data on client computers.

Devaki is developing a backup and recovery strategy for the network and server system. She needs a way to address and quickly restore small events where a bit of data has accidentally been deleted, as well as to remedy situations where the entire facility is compromised. What is her plan?

Keep a local backup for quick retrieval to deal with small events and an encrypted remotely stored copy for major incidents.

Ahmed is testing the security of his company's IT infrastructure. He is using an application that works as a network mapper, port scanner, and OS fingerprinting tool. Which of the following is he employing?

Nmap

A major online retailer was recently hacked, and the secure banking data and other personal information of tens of thousands of users were stolen. Who or what is the most likely culprit?

Organized crime group

Which of the following can cause a full or partial overwriting of datagram components, creating new datagrams out of parts of previous datagrams?

Overlapping

A malicious person is performing a technique called anti-forensics on a target network to hide evidence of an intrusion and conceal implanted rootkits and other malware. What is one action that might be taken when this method is used?

Overwriting metadata

Aditya is a network engineer. He is deploying a special host that will attract hackers so he can capture and analyze the attacks. This specific method involves using an intrusion detection system (IDS) to detect attacks and then routing them to an environment where they can do no harm. What is this method called?

Padded cell

A company hires security experts to play the role of hackers. The experts are asked to attempt to breach the infrastructure to determine how secure the company is from threats. The experts are also asked to recommend improvements. What is this activity called?

Penetration testing

Although encryption standards and methods have become increasingly more sophisticated over time, what other evolving technology is making it easier to defeat encryption?

Scaling algorithms - WRONG

In deploying security for a network, which method is no longer seen as truly secure or sufficient for protecting logins?

Single-factor authentication

Carl is a security engineer for his company. He is reviewing a checklist of measures to physically protect the network specifically and the office environment in general. What is he focused on?

Testing alarms

Jacob is a sixth-grade student who has logged in to his school account. Online learning is a new implementation for the school district, which does not have its own data center to host services. The district uses a cloud service instead. Halfway through class, Jacob's connection goes down and he cannot reestablish it. The network connection seems fine and nothing appears wrong with his school-issued laptop. What is the likely cause?

The cloud service

802.1x authentication requires connecting systems to authenticate using public key infrastructure (PKI) machine certificates.

True

A best practice for cloud deployments is to audit the vendor(s) to ensure that your data is consistently kept secure.

True

A best practice is to block any device connecting to a network that is not in compliance with the security policy.

True

A hacker tunneling set up using an inbound connection must "hijack" an existing open port or reconfigure the firewall to open another port for use by the tunnel.

True

A hybrid firewall combines several different functions in a single appliance.

True

A network security management best practice is to focus on the big-impact and big-result issues first.

True

A written policy dictates which firewall features to enable or disable.

True

After installing a firewall, you should always install every available patch and update from the vendor.

True

Attackers often use open-source security tools to attack networks.

True

Breaches are confirmed during the detection and analysis phase of incident response.

True

Data analytics enables you to understand what is happening on a network.

True

Delay involves slowing down an attack so that even successful breaches give defenders time to respond.

True

Detection involves watching for attempts to breach security and being able to respond promptly.

True

Even with a firewall protecting the internal network, a denial of service (DoS) flooding attack can still successfully disconnect or interfere with external communications.

True

Every update, change, or alteration to any aspect of a firewall should trigger another round of firewall testing.

True

Governance is generally used to demonstrate to management, customers, and auditors that your information security program is operating as outlined in your policies, procedures, and practices.

True

In a layered security strategy, each security mechanism addresses a single issue or a small set of issues within a specific context.

True

In either a host firewall or an appliance firewall, the logic and controlling mechanisms are software.

True

Integrity is the consistency, accuracy, and validity of data or information.

True

One advantage of open-source applications and tools is the high level of innovation available in the open-source community.

True

One of the primary objectives of a change control board is to ensure that all changes are properly tested.

True

Online backups make an organization dependent on the online provider's security.

True

Prevention is the use of safeguards to thwart exploitation or compromise.

True

Pushing out a patch without proper testing can result in negative impacts that are just as bad as delaying patch approval.

True

Regulatory requirements are the laws enacted by the federal government and individual states to establish what is acceptable in business.

True

Some firewalls can be partitioned into multiple virtual firewalls, each with its own security policy, interfaces, and configuration.

True

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student information.

True

The Payment Card Industry Data Security Standard (PCI DSS) ensures the confidentiality, integrity, and availability of cardholder data and transaction-processing functions.

True

The Safeguards Rule within the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop and comply with a comprehensive information security policy that includes safeguards for the handling of sensitive customer information.

True

The longer the time span between a malicious action and an authoritative response, the greater the likelihood the perpetrator will get away without consequence.

True

The purpose of compartmentalization is to create small collectives of systems that support work tasks while minimizing risk.

True

Whereas honeypots can be single systems or multiple networked systems, a honeynet is a network of honeypots.

True

With a cloud-based firewall, the firewall functions are performed in the cloud.

True

With a multi-tenant environment in the cloud, multiple companies share the same virtual environment.

True

Arturo is installing a hardware server in the network room of a branch office. He wants to label it in a way that will make it easy to differentiate this server from other server machines, yet not clearly identify it in case an unauthorized person gains physical access. How should he label it?

Using a code

What is a common security mistake made by both end users and experts?

Using the same password on multiple systems

Alice is a network technician designing infrastructure security based on compartmentalization. Which of the following does she employ?

Zones of access that are separated from other parts of the network by routers, switches, and firewalls

A hypervisor is ________.

a software layer on which virtual machines run

All of the following are firewall management best practices, EXCEPT:

establish a philosophy of default allow rather than default deny.

All of the following protect against fragmentation attacks, EXCEPT:

internal code planting.

All of the following are true about data leakage prevention (DLP), EXCEPT:

it cannot scan social media accounts.

Tonya is a network engineer. She is developing a new security policy for her company's IT infrastructure. She understands that the heart of performing a risk assessment, which is a necessary part of policy development, is understanding assets, likelihoods, threats, and _________.

vulnerabilities.