Intro to Firewalls DCOM 211 Midterm Study -Ch3-6
Which ICMP types should be allowed through the firewall? 1. ICMP Time-To-Live (TTL) Exceeded 2. ICMP destination unreachable packets 3. ICMP source quench 4. Timestamp reply
1. ICMP Time-To-Live (TTL) Exceeded 2. ICMP destination unreachable packets
Windows Firewall features include 1. IPv6 support 2. Startup security 3. An operating mode that allows exceptions 4. No IPv4 traffic scoping
1. IPv6 support 2. Startup security
Filtering Traffic from Internal Source methods that explicitly permit traffic: (Choose all that apply) 1. Port Range 2. Port -range forwarding 3. IP address 4. Mac Address
1. Port Range 3. IP address 4. Mac Address
Filtering Traffic from External Source methods that explicitly permit traffic: (Choose all that apply) 1. Port-Range forwarding 2. DMZ forwarding 3.Port Triggering 4.Port Range
1. Port-Range forwarding 2. DMZ forwarding 3.Port Triggering
PIX firewalls use two types of translation: 1. Static 2.. Dynamic 3. Parallel 4. Short
1. Static 2.. Dynamic
Which of the following Internet filtering products are supported for seamless integration with the PIX/ASA: Websense Enterprise CSC-SSM Sentient 2112 ChloeX
1. Websense Enterprise 2. CSC-SSM
Windows Firewall was previously known as 1. Windows Internet Connection Firewall (ICF) 2. Gates Personal Firewall (GPS) 3. Windows International Community Firewall (ICF) 4. Firewall XGC
1. Windows Internet Connection Firewall (ICF)
Most IDSs detect attacks by matching the network traffic against. 1. a signature, or fingerprint, of the attack 2. bad ICMP packets 3. bad checksums 4. IP addresses that have been spoofed
1. a signature, or fingerprint, of the attack
Windows Firewall comes bundled with 1. every new version of Microsoft's operating systems 2. only WIndows XP 3. in all BUT Windows Server 2003 Standard 4. an additional fee
1. every new version of Microsoft's operating systems
Configuring SSH is more complicated because you need to 1. generate and save the RSA pair 2. submit a complete ACL 3. identify all acceptable IP addresses 4. Disable SSH access
1. generate and save the RSA pair
Application inspection on the PIX firewall is accomplished through the fixup command now known as the 1. policy-map command 2. police command 3. protect command 4. point-to-point command
1. policy-map command
Regardless of the logging method implemented, it is important to ensure that the firewall has 1. the correct date and time 2. an accurate IP address 3. a secure power supply 4. a static ACL
1. the correct date and time
PIX/ASA ACLs are linked lists of values (known as ACL entries (ACEs) parsed in a 1. top-down manner 2. bottom-up manner 3. last-in-first-out manner 4. first-in-last-out manner
1. top-down manner
PIX/ASA 7.x operates with a new mode of operation where the firewall is more like a bridge than a router, allowing traffic to traverse without requiring additional hops. This mode is called: 1. transparent mode 2. ghost mode 3. accidental mode 4. default mode
1. transparent mode
When a Linksys Router/Firewall is used in a SOHO environment the ________________ is automatically enabled by default. 1.Dynamic Host Configuration Protocol (DHCP) 2.Universal Plug-&-Play (UPnP) 3.Dynamic Domain Name Servie (DynDNS or DDNS) 4.Remote Access Service (RAS)
1.Dynamic Host Configuration Protocol (DHCP)
Routing Information Protocol (RIP) supports a maximum hop count of _____ hops which makes it suitable for small network environments. 15 10 20 30
15
Quality of Service (Qos) prioritization could be applied and determined by: (Choose all that apply) 1. Protocol Port 2. Ethernet Port 3. MAC address 4.Queried Application
2. Ethernet Port 3. MAC address 4.Queried Application
When enabled this setting prevents the router from being able to be pinged or otherwise connected to on the external interface 1.Filter Multicast 2.Block Anonymous Internet Requests (BAIR) 3.Filter Internet NAT Redirection 4.Filter IDENT
2.Block Anonymous Internet Requests (BAIR)
A setting that permits a host to query a network node 1.Block Anonymous Internet Requests (BAIR) 2.Filter IDENT 3.Filter Internet NAT Redirection 4.Filter Multicast
2.Filter IDENT
Examples of secure firewalls would be: (Choose all that apply) 1.NAT Firewall 2.Microsoft ISA Server 3.Check Point Firewall-1 4.Cisco PIX Firewall
2.Microsoft ISA Server 3.Check Point Firewall-1 4.Cisco PIX Firewall
The utilization of NAT would impede the performance of which protocols? (Choose all that apply) 1.Dynamnic Host Configuration Protocol (DHCP) 2.Point-to-Point Tunneling Protocol (PPTP) 3.Internet Protocol Security (IPsec) 4.Point-to-Point Protocol over Ethernet (PPPoE)
2.Point-to-Point Tunneling Protocol (PPTP) 3.Internet Protocol Security (IPsec) 4.Point-to-Point Protocol over Ethernet (PPPoE)
Which port would NOT need to be accessible by the local network? 21 135 445 3389
21
When enabled a setting that permits a user to configure the router to block access to local network nodes from other local network nodes attempting to connect through an external masked address 1.Filter IDENT 2.Filter Multicast 3.Filter Internet NAT Redirection 4.Block Anonymous Internet Requests (BAIR)
3.Filter Internet NAT Redirection
A setting that would permit a burst of traffic to be sent simultaneously to several registered hosts. 1.Block Anonymous Internet Requests (BAIR) 2.Filter IDENT 3.Filter Multicast 4.Filter Internet NAT Redirection
3.Filter Multicast
The message length field in the UDP datagram header has a minimum value of _____ .
8 bytes
The 32-bit IPaddress is separated into four _______octets.
8-bit
Web browsers and web servers allow users to access graphical content using HTTP, which uses TCP port ________. 80 443 21 135
80
Which of the following is one of the three types of routing? Dynamic Distorted Normalized Simple
Dynamic
Access list webtype is the most commonly implemented type of ACL and is used for general-purpose filtering of TCP/IP-based traffic. True/False?
False
According to the textbook, a good configuration checklist for the PIX/ASA firewall consists of 24 items. True/False?
False
NAT-based packet-filtering routers provide stateful packet inspection (SPI). True/False?
False
Port Triggering does forward all traffic to an internal host until the data stop command has been initiated. True/False?
False
Port-range forwarding is an advanced port-forwarding configuration that few firewalls & routers implement. True/False?
False
Remote Desktop should never be configured as an exception in the Windows Firewall policy. True/False?
False
The TCP/IP protocol suite that was based on the DoD model, maps directly to the OSI model. True/False?
False
NAT firewalls perform advanced firewall functions. True/False?
False?
Which level of security would be the best selection for a system directly connected to the internet through a broadband connection that is always active. High security level Low security level Medium security level No security level
High security level
NAT is the acronym for Selected Answer: Network Address Translation Network Address Transmission Network Assessment Transposition Network Analyzed Translation
Network Address Translation
Which of the following is NOT one of the three classes of routing protocols? Proximity Distance vector Link state Hybrid
Proximity
The ICMP message of Destination unreachable (Type 3), (Code 0) typically indicates a failure of a ____________.
Router
A fundamental aspect of almost all firewalls is the use of ACLs to define the list of permitted or denied traffic. True/False?
True
Dial-up connections are not considered to be a critical to protect as "always connected" broadband connections. True/False?
True
IP packet data is a variable length, ranging from 1 to 65515 bytes. True/False?
True
The most secure firewall is the disconnection of the network from the Internet. True/False?
True
Trend Micro's firewall supports Windows systems back to Windows 98 and 98 SE. True/False
True
On a Linksys Router/Firewall the _________________ tab is used to configure & filter external sources to internal sources. Status Security Administration Application & Gaming Setup
Application & Gaming