ITN 263 Final Exam

You are analyzing a risk and have determined that the SLE is $1,000 and the ARO is 5. What is the ALE?

$5,000

When performing a risk assessment, how do you calculate a potential cost/benefit?

(Original ALE - New ALE) - cost of the countermeasure per year

What is an access control list (ACL)?

- A firewall rule or filter

Which of the following firewalls uses rules?

- All of the above "Circuit proxy, Application proxy, Content filtering"

___________ is the process of verifying the identity of an electronic entity.

- Authentication

Which firewall limitation is typically characterized by a memory-based exploit?

- Buffer overflow

Which type of firewall commonly uses inbound rules?

- DMZ firewall

Regarding firewall rules, what is another name for default deny?

- Deny all

What is the primary purpose of log monitoring?

- Detect malicious network activities

What is one of the most problematic issues with an intrusion detection system (IDS)?

- False negatives

Which of the following is not a best practice when creating firewall rules?

- Make sure the Default Deny rule is first.

What is an important thing to do regarding firewall logs?

- Review the log files frequently.

Which of the following is a centralized logging system?

- Syslog

Which of the following is the best method of determining an optimal firewall configuration?

- Test the rules in a laboratory environment.

In which situation is a change control system most effective?

- Troubleshooting

An IDS or IPS that uses a database of signatures or patterns of known malicious activities to detect threats is called _______________ detection.

- knowledge-based

Deciding which firewall rules to define is subject to an organization's _____________.

- security policy

Which of the following is not true of compliance auditing?

A regular compliance audit can be used in place of an organization's security policy.

Which of the following do you not get with network address translation (NAT)?

A static public IP address for each internal client

What does asymmetric cryptography provide?

A. Authenticity & B. Non-repudiation. (Both A and B)

A security assessment may include which of the following steps?

All of the above

Building your own firewall can result in which of the following?

All of the above

Which of the following typically contains a firewall or firewall functionality?

All of the above

Which of the following does not apply to stateful firewalls?

Analyzes both static and real-time data

When performing a risk assessment, what is the amount of potential loss that can be experienced due to any compromise of an asset for a specific threat within a year?

Annualized loss expectancy (ALE)

When ordering firewall rule sets, where should the Default Deny rule be placed?

At the bottom of the rules list

When ordering firewall rule sets, where should critical denial exceptions be placed?

At the top of or early in the rules list

When ordering firewall rule sets, where should rules related to more common traffic be placed?

At the top of or early in the rules list

You are filtering MAC addresses on a switch by blocking only specific IP addresses. What do you use to perform this type of filtering?

Black list

What should you consider when selecting a firewall for your organization?

Both A and B

You can filter which type of traffic on a typical firewall?

Both ingress and egress

Which of the following types of communications must take place or a business will suffer?

Business-essential

The lack of ____________ is both a strength and weakness of workgroups.

Central authority

In networking terms, what forces all traffic, communications, and activities through a single pathway or channel?

Choke point

Which private address range is 172.16.0.0-172.31.255.255 /12?

Class B

Which type of backup solution typically stores your data on another organization's hardware, making you dependent on their security, confidentiality assurance, and reliability?

Cloud

What is not an example of containment during incident response?

Confirming a breach

You have a firewall between a programming group's network and the production network. What is the best option to enable on the firewall to prevent unapproved versions of software from leaking out?

Content filtering

What is a feature of hashing?

Creates a fixed-length output from a file or message

A _________ is a boundary network that hosts resource servers for the public Internet.

DMZ

_______ resolves FQDNs into the associated IP address. [hint 3 letters abbreviation]

DNS

Which layer of the OSI reference model manages physical addressing (MAC addresses) and supports the network topology, such as Ethernet?

Data link

What is a potential disadvantage of online data backups?

Dependency on provider's security

A critical business function conflicts with a security solution. What is the best response?

Design a new security solution or modify how the task is accomplished.

Which of the following is a VPN device model that's best suited for business partners?

Edge router

What is an advantage of VPN tunnel mode?

Encapsulates protocol headers and packet payloads

Which of the following must an administrator organize to ensure follow-through of a new security plan?

End-user training and awareness

Who performs penetration testing?

Ethical hackers

What does an application proxy do?

Examines packet payloads

When performing a risk assessment, what is the amount of potential harm from a threat, expressed as a percentage?

Exposure factor (EF)

Which of the following firewall design elements serves as an over-arching security stance to drive an organization's overall security?

Fail-safe

What is the name of the process that sends a wide variety of packets toward an internal target in hopes of discovering a packet configuration that succeeds in passing the restrictions of a firewall's rule set?

Firewalking

A ___________ is either a hardware device or a software product you deploy to enforce the access control policy on network communications.

Firewall

What is a network component that filters traffic between nodes?

Firewall

_______________ is the process of securing or locking down a host against threats and attacks.

Hardening

Which of the following is not a distinguishing characteristic of a WAN compared to a LAN?

Has a limited geographic area

Which of the following is an example of a user violating security policy?

He installed a utility from the Internet that will help him perform his job.

What does a reverse proxy accomplish?

Hides the identity of the Web server accessed by the Internet (or external) client

What reason might you use an optical carrier (OC) line for a VPN rather than the Internet?

High speed

Which of the following is a secure VPN protocol?

IPSec

Which of the following is not a network security management best practice?

Implement single-factor authentication

Which of the following is not true of a bastion host?

Is available only as an open source product

What is a primary benefit of a multi-homed firewall?

Isolation of subnets

Which IT domain includes demilitarized zones (DMZs) and intrusion detection systems (IDS)?

LAN-to-WAN Domain

Which of the following a problem for static filtering?

Large, unordered rule sets

What is the purpose of the post-mortem review after a security assessment?

Learn from mistakes.

All of the following are true of port forwarding except:

Many internal machines can use a forwarded port simultaneously

Which layer of the OSI reference model handles logical addressing (IP addresses) and routing traffic?

Network

Which of the following enables you to check a client computer for compliance with security policies and either grant or deny its access to the internal network?

Network access control

_______ translates internal addresses into external addresses.

Network address translation (NAT)

Security ________ are goals an organization strives to achieve through its security efforts.

Objectives

What is another form of a honeypot?

Padded cell

Window locks, door locks, and security cameras are examples of which of the following?

Physical security

What can a firewall provide that is a form of static reversal of network translation?

Port forwarding

What can a stateful firewall accomplish by filtering network packets?

Prevent malware infection

Which of the following is not a primary objective of information security?

Privacy

Which of the following is generally not a benefit of VPNs?

Quality of service

What does forced universal participation typically apply to in an organization?

Security

Which of the following has the ultimate and final responsibility for network security in an organization?

Senior management

What does a client/server environment have that a peer-to-peer networking environment typically does not?

Server

When selecting a strong symmetric cryptography algorithm, which of the following is not a desirable feature?

Short key length

Which of the following could compromise network security?

Simplify by assigning maximum required permissions

Which type of VPN architecture supports secure connections between LANs over intermediary public networks?

Site-to-site

Which firewall is able to protect only a single host from malicious network activity?

Software

What type of firewall keeps track of state tables to filter network traffic?

Stateful packet inspection

Which of the following is not a common VPN device model?

Switch

A written firewall policy, which is part of a security policy, does not need to address which of the following?

The cost of the firewall

Which of the following is a typical function of a network firewall?

Traffic filtering

From the perspective of computers and networks, _________ is confidence that other users will act in accordance with your organizations

Trust

Which of the following is generally not protected by a firewall?

USB flash drive

How does KISS (Keep It Simple: Security) apply to firewalls?

Use simple, direct firewall rules.

What situation allows for successful internal code planting attacks?

Using only inbound firewall filtering

______ __________ ____________ allows an attacker to eavesdrop on electronic devices from a distance. The technique is to perfect or simple to perform, but has been demonstrated on LCD and CRT monitors as well as keyboard cables. With minor shielding, you can eliminate most of the risk from such an attack.

Van Eck phreaking

Which IT domain in a typical IT infrastructure typically includes routers, circuits, switches, firewalls, and equivalent gear at remote locations?

WAN Domain

_____ ________ __________are new and previously unknown attacks for which no current specific defenses exist. [hint 3 words]

Zero day exploits

A _________ is any segment, subnet, network, or collection of networks that represent a certain level of risk.

Zone of risk

An IT environment with an intrusion detection system, antivirus software, strong authentication, virtual private network support, and granular access control is an example of _____________.

diversity of defense

One of the most effective preventative techniques in network security troubleshooting is __________.

installing patches and updates

Isolating and compartmentalizing administrative privileges, so that no single administrator has full or total power over the entire environment, is an example of __________.

separation of duties

Assigning users, including administrators, only the necessary privileges, access, and permissions to accomplish their assigned work is an example of __________.

the principle of least privilege