Section 5: Quiz 51 - Firewall Types and Implementation
A packet filtering firewall works at: A: The network layer of the OSI. B. the data layer of the OSI C. the application layer of the OSI D. the session layer of the OSI
Answer A: The network layer of the OSI. Explanation: The diagram shown in the chapter illustrates the type of firewall and their corresponding OSI layer.
Which of the following is regarded as the first step in installing a firewall in a large organization? A. To develop a security policy B. To develop an access control list C. To analyze firewall functionality D. To configure the firewall settings
Answer A: To develop a security policy. Explanation: The first step in installing a firewall is to design and develop an information security policy. On the basis of approved information security policy, other options can be considered.
A firewall is primarily installed to prevent: A. unauthorized traffic from an external network B. unauthorized traffic from the internal network C. delays in internet connectivity D. delays in system processing
Answer A: Unauthorized traffic from external networks. Explanation: A firewall is a network security system designed to prevent unauthorized access to networks. It monitors and controls incoming and outgoing network traffic as per defined rules. Primarily, firewalls are meant to prevent unauthorized external traffic from gaining access to an organization's network.
Which of the following firewalls permits traffic from external sources only if it is in response to traffic from internal hosts? A. An application-level gateway firewall B: A stateful inspection firewall. C. A packet filtering router D. A circuit-level gateway
Answer B: A stateful inspection firewall. Explanation: A stateful inspection firewall monitors and tracks the destination of each packet that is being sent from the internal network. It ensures that the incoming message is in response to the request that went out of the organization. A stateful inspection operates at the network layer of the OSI.
Which of the following firewall settings is regarded as the most robust? A. To allow all traffic and reject specific traffic B. To deny all traffic and allow specific traffic C. To decide dynamically based on network availability D. To control traffic at the discretion of the network engineer
Answer B: To deny all traffic and allow specific traffic. Explanation: The most stringent and robust configuration setting in firewall rules is 'deny all traffic and allow specific traffic' (as against 'allow all traffic and deny specific traffic'). This will restrict unknown traffic as regards entering critical systems and networks.
Which of the following firewall structures will provide the best protection to a network from an internet attack? A packet filtering router B. A circuit-level gateway C. A screened subnet firewall D. A screened host firewall
Answer C: A screened subnet firewall. Explanation: A screened subnet firewall is regarded as the most robust structure that provides a stringent security environment. A screened subnet firewall consists of two packet filtering routers. It also has one bastion host. It acts as a proxy and a direct connection between the internal and external networks is not allowed. A screened subnet firewall is also used as a demilitarized zone (DMZ).
The most robust and stringent firewall system implementation is: A. a screened host firewall B. a dual-homed firewall C. a screened subnet firewall D. a stateful inspection firewall
Answer C: A screened subnet firewall. Explanation: Of the preceding firewall implementations, a screened subnet firewall (demilitarized zone) is regarded as the most secure type of firewall implementation. A screened subnet firewall consists of two packet filtering routers. It also has one bastion host. It provides the greatest security environment. A screened subnet firewall is also used as a demilitarized zone (DMZ).
Which of the following firewalls provides the best protection to internet-based critical servers against hacking? A. A circuit gateway B. A packet filter C: An application gateway. D. A stateful inspection
Answer C: An application gateway. Explanation: An application-level firewall works on the concept of a bastion host and proxy server. It operates at the application layer of the OSI. An application- level firewall is regarded as the most secure type of firewall. It permits or denies network traffic by analyzing each packet in detail at the application level of the OSI.
Which of the following firewalls will help in restricting the downloading of files through File Transfer Protocol? A. A router B. A packet filter C. An application gateway D. A stateful inspection
Answer C: An application gateway. Explanation: An application-level firewall works on the concept of a bastion host and proxy server. It operates at the application layer of the OSI. It controls the application such as FTP and HTTP. An application-level firewall is regarded as the most secure type of firewall.
A firewall system with an enhanced degree of control is: A. a stateful gateway B. a packet gateway C: Application gateway. D. a circuit gateway
Answer C: Application gateway. Explanation: An application-level firewall works on the concept of a bastion host and proxy server. It operates at the application layer of the OSI. An application- level firewall is regarded as the most secure type of firewall. Therefore, an application gateway works in a more detailed (granular) way than the others.
Which of the following is the most common error while implementing a firewall? A. Users are not trained in the rules of firewalls B. Improper due diligence for vendor selection C: Incorrect configuration of the access lists. D. Antivirus software is not updated on a frequent basis
Answer C: Incorrect configuration of the access lists. Explanation: It is very important to update the current access list. This aspect is generally neglected and therefore has the greatest scope for errors at the time of initial installation. Other options do not directly impact firewall implementation.
A firewall is primarily installed with the objective of: A. connecting different networks B. preventing authorized users from accessing the LAN C: To connect authorized users to trusted network resources. D. acting as a proxy server for improving the speed of access to authorized users
Answer C: To connect authorized users to trusted network resources. Explanation: The primary objective of a firewall is to allow only authorized uses of the system and network and thereby restrict unauthorized access.
Which of the following is regarded as a major concern when installing a firewall in a large organization? A. The adoption of an SSL B. The frequent updating of firewall rules on the basis of changing requirements C. Firewall monitoring is outsourced to a third-party service provider D. A firewall is placed on top of the commercial operating system with all installation options
Answer D: A firewall is placed on top of the commercial operating system with all installation options. Explanation: Keeping all installations open for a firewall is a major risk for the organization. Fire security can be compromised in such a situation. The adoption of SSL is a good practice. Firewall rules should be changed as per business requirements. The monitoring of firewalls by an outsourced firm is not a major concern if appropriate controls are in place.
The most effective method for maintaining the integrity of a firewall log is: A. to provide access only to network administrators B. to capture logs in two separate media C. to make a network administrator responsible for backing up log records D: To capture logs at a dedicated third-party log server.
Answer D: To capture logs at a dedicated third-party log server. Explanation: The most effective method for maintaining the integrity of a firewall log is to capture logs at a dedicated third-party log server. Network administrators will not have access to third-party servers, and so independence can be ensured. As a best practice, network administrators should not have access to logs. Capturing logs in two different media, in itself, does not ensure the integrity of logs.
The best auditing procedure for ascertaining correct firewall configuration is: A. to review logs of failed attempts B. to review the approved access control list C. to review firewall change management policy D: To review parameter settings.
Answer D: To review parameter settings. Explanation: The best audit procedure for ascertaining correct firewall configuration is to review parameter settings. This will help to determine whether approved configurations as per security policy have actually been implemented. The other options do not provide strong auditing evidence as compared with a review of parameter settings.
Which of the following is the most important consideration while reviewing the implementation of a firewall? A. A documented information security policy B. A vendor supporting firewall implementation C. The effectiveness of the firewall in enforcing security policy D. Firewall algorithms
Answer: The effectiveness of the firewall in enforcing security policy. Explanation: The effectiveness of firewalls in supporting information security policy is the most important factor. If the firewall is not aligned in line with IS policy, the other factors will not have an impact. Documented IS policy is important, but if the firewall does not support its enforcement, then the policy is of little value.