ITN 263 Final Exam
You are analyzing a risk and have determined that the SLE is $1,000 and the ARO is 5. What is the ALE?
$5,000
When performing a risk assessment, how do you calculate a potential cost/benefit?
(Original ALE - New ALE) - cost of the countermeasure per year
What is an access control list (ACL)?
- A firewall rule or filter
Which of the following firewalls uses rules?
- All of the above "Circuit proxy, Application proxy, Content filtering"
___________ is the process of verifying the identity of an electronic entity.
- Authentication
Which firewall limitation is typically characterized by a memory-based exploit?
- Buffer overflow
Which type of firewall commonly uses inbound rules?
- DMZ firewall
Regarding firewall rules, what is another name for default deny?
- Deny all
What is the primary purpose of log monitoring?
- Detect malicious network activities
What is one of the most problematic issues with an intrusion detection system (IDS)?
- False negatives
Which of the following is not a best practice when creating firewall rules?
- Make sure the Default Deny rule is first.
What is an important thing to do regarding firewall logs?
- Review the log files frequently.
Which of the following is a centralized logging system?
- Syslog
Which of the following is the best method of determining an optimal firewall configuration?
- Test the rules in a laboratory environment.
In which situation is a change control system most effective?
- Troubleshooting
An IDS or IPS that uses a database of signatures or patterns of known malicious activities to detect threats is called _______________ detection.
- knowledge-based
Deciding which firewall rules to define is subject to an organization's _____________.
- security policy
Which of the following is not true of compliance auditing?
A regular compliance audit can be used in place of an organization's security policy.
Which of the following do you not get with network address translation (NAT)?
A static public IP address for each internal client
What does asymmetric cryptography provide?
A. Authenticity & B. Non-repudiation. (Both A and B)
A security assessment may include which of the following steps?
All of the above
Building your own firewall can result in which of the following?
All of the above
Which of the following typically contains a firewall or firewall functionality?
All of the above
Which of the following does not apply to stateful firewalls?
Analyzes both static and real-time data
When performing a risk assessment, what is the amount of potential loss that can be experienced due to any compromise of an asset for a specific threat within a year?
Annualized loss expectancy (ALE)
When ordering firewall rule sets, where should the Default Deny rule be placed?
At the bottom of the rules list
When ordering firewall rule sets, where should critical denial exceptions be placed?
At the top of or early in the rules list
When ordering firewall rule sets, where should rules related to more common traffic be placed?
At the top of or early in the rules list
You are filtering MAC addresses on a switch by blocking only specific IP addresses. What do you use to perform this type of filtering?
Black list
What should you consider when selecting a firewall for your organization?
Both A and B
You can filter which type of traffic on a typical firewall?
Both ingress and egress
Which of the following types of communications must take place or a business will suffer?
Business-essential
The lack of ____________ is both a strength and weakness of workgroups.
Central authority
In networking terms, what forces all traffic, communications, and activities through a single pathway or channel?
Choke point
Which private address range is 172.16.0.0-172.31.255.255 /12?
Class B
Which type of backup solution typically stores your data on another organization's hardware, making you dependent on their security, confidentiality assurance, and reliability?
Cloud
What is not an example of containment during incident response?
Confirming a breach
You have a firewall between a programming group's network and the production network. What is the best option to enable on the firewall to prevent unapproved versions of software from leaking out?
Content filtering
What is a feature of hashing?
Creates a fixed-length output from a file or message
A _________ is a boundary network that hosts resource servers for the public Internet.
DMZ
_______ resolves FQDNs into the associated IP address. [hint 3 letters abbreviation]
DNS
Which layer of the OSI reference model manages physical addressing (MAC addresses) and supports the network topology, such as Ethernet?
Data link
What is a potential disadvantage of online data backups?
Dependency on provider's security
A critical business function conflicts with a security solution. What is the best response?
Design a new security solution or modify how the task is accomplished.
Which of the following is a VPN device model that's best suited for business partners?
Edge router
What is an advantage of VPN tunnel mode?
Encapsulates protocol headers and packet payloads
Which of the following must an administrator organize to ensure follow-through of a new security plan?
End-user training and awareness
Who performs penetration testing?
Ethical hackers
What does an application proxy do?
Examines packet payloads
When performing a risk assessment, what is the amount of potential harm from a threat, expressed as a percentage?
Exposure factor (EF)
Which of the following firewall design elements serves as an over-arching security stance to drive an organization's overall security?
Fail-safe
What is the name of the process that sends a wide variety of packets toward an internal target in hopes of discovering a packet configuration that succeeds in passing the restrictions of a firewall's rule set?
Firewalking
A ___________ is either a hardware device or a software product you deploy to enforce the access control policy on network communications.
Firewall
What is a network component that filters traffic between nodes?
Firewall
_______________ is the process of securing or locking down a host against threats and attacks.
Hardening
Which of the following is not a distinguishing characteristic of a WAN compared to a LAN?
Has a limited geographic area
Which of the following is an example of a user violating security policy?
He installed a utility from the Internet that will help him perform his job.
What does a reverse proxy accomplish?
Hides the identity of the Web server accessed by the Internet (or external) client
What reason might you use an optical carrier (OC) line for a VPN rather than the Internet?
High speed
Which of the following is a secure VPN protocol?
IPSec
Which of the following is not a network security management best practice?
Implement single-factor authentication
Which of the following is not true of a bastion host?
Is available only as an open source product
What is a primary benefit of a multi-homed firewall?
Isolation of subnets
Which IT domain includes demilitarized zones (DMZs) and intrusion detection systems (IDS)?
LAN-to-WAN Domain
Which of the following a problem for static filtering?
Large, unordered rule sets
What is the purpose of the post-mortem review after a security assessment?
Learn from mistakes.
All of the following are true of port forwarding except:
Many internal machines can use a forwarded port simultaneously
Which layer of the OSI reference model handles logical addressing (IP addresses) and routing traffic?
Network
Which of the following enables you to check a client computer for compliance with security policies and either grant or deny its access to the internal network?
Network access control
_______ translates internal addresses into external addresses.
Network address translation (NAT)
Security ________ are goals an organization strives to achieve through its security efforts.
Objectives
What is another form of a honeypot?
Padded cell
Window locks, door locks, and security cameras are examples of which of the following?
Physical security
What can a firewall provide that is a form of static reversal of network translation?
Port forwarding
What can a stateful firewall accomplish by filtering network packets?
Prevent malware infection
Which of the following is not a primary objective of information security?
Privacy
Which of the following is generally not a benefit of VPNs?
Quality of service
What does forced universal participation typically apply to in an organization?
Security
Which of the following has the ultimate and final responsibility for network security in an organization?
Senior management
What does a client/server environment have that a peer-to-peer networking environment typically does not?
Server
When selecting a strong symmetric cryptography algorithm, which of the following is not a desirable feature?
Short key length
Which of the following could compromise network security?
Simplify by assigning maximum required permissions
Which type of VPN architecture supports secure connections between LANs over intermediary public networks?
Site-to-site
Which firewall is able to protect only a single host from malicious network activity?
Software
What type of firewall keeps track of state tables to filter network traffic?
Stateful packet inspection
Which of the following is not a common VPN device model?
Switch
A written firewall policy, which is part of a security policy, does not need to address which of the following?
The cost of the firewall
Which of the following is a typical function of a network firewall?
Traffic filtering
From the perspective of computers and networks, _________ is confidence that other users will act in accordance with your organizations
Trust
Which of the following is generally not protected by a firewall?
USB flash drive
How does KISS (Keep It Simple: Security) apply to firewalls?
Use simple, direct firewall rules.
What situation allows for successful internal code planting attacks?
Using only inbound firewall filtering
______ __________ ____________ allows an attacker to eavesdrop on electronic devices from a distance. The technique is to perfect or simple to perform, but has been demonstrated on LCD and CRT monitors as well as keyboard cables. With minor shielding, you can eliminate most of the risk from such an attack.
Van Eck phreaking
Which IT domain in a typical IT infrastructure typically includes routers, circuits, switches, firewalls, and equivalent gear at remote locations?
WAN Domain
_____ ________ __________are new and previously unknown attacks for which no current specific defenses exist. [hint 3 words]
Zero day exploits
A _________ is any segment, subnet, network, or collection of networks that represent a certain level of risk.
Zone of risk
An IT environment with an intrusion detection system, antivirus software, strong authentication, virtual private network support, and granular access control is an example of _____________.
diversity of defense
One of the most effective preventative techniques in network security troubleshooting is __________.
installing patches and updates
Isolating and compartmentalizing administrative privileges, so that no single administrator has full or total power over the entire environment, is an example of __________.
separation of duties
Assigning users, including administrators, only the necessary privileges, access, and permissions to accomplish their assigned work is an example of __________.
the principle of least privilege