Chapter 1-3, 5-10 Quiz
Which of the following describes security stance? a. an organization's filtering configuration; it answers the question, "What should be allowed and what should be blocked?" b. a means of providing faster access to static content for external users accessing internal Web servers c. an operating system such as Windows or Linux that supports a wide variety of purposes and functions, but when used as a bastion host OS must be hardened and locked down d. an approach to security similar to defense in depth that uses a different security mechanism at each or most of the layers
a. an organization's filtering configuration; it answers the question, "What should be allowed and what should be blocked?"
Which term describes the calculation of the total loss potential across a year for a given asset and a specific threat? a. annualized loss expectancy (ALE) b. annualized rate of occurrence (ARO) c. user datagram protocol (UDP) d. cost-benefit analysis
a. annualized loss expectancy (ALE)
Which of the following does port forwarding support? a. any service on any port b. caching c. encryption endpoint d. load balancing
a. any service on any port
Which term describes an object, computer, program, piece of data, or other logical or physical component that you use in a business process to accomplish a business task? a. asset b. client c. appliance d. trust
a. asset
Which term describes the cumulative value of an asset based on both tangible and intangible values? a. asset value (AV) b. exposure factor (EF) c. single loss expectancy (SLE) d. packet
a. asset value (AV)
What attack cracks a password or encryption key by trying all possible valid combinations from a defined set of possibilities (a set of of characters or hex values)? a. brute-force attack b. hybrid attack c. dictionary password attack d. modeling
a. brute-force attack
Which of the following is a true statement with regard to compliance auditing? a. compliance auditing verifies that industry specific regulations and laws are followed b. compliance auditing is a legally mandated task for every organization c. compliance auditing creates a security policy d. compliance auditing ensures that all best practices are followed e. compliance auditing is an optional function for the financial and medical industries
a. compliance auditing verities that industry specific regulations and laws are followed
Which term describes the process of converting ciphertext back into plain text? a. decryption b. hashing c. avalanche effect d. symmetric cryptography
a. decryption
In which type of system environment do you block all access to all resources, internal and external, by default, and then use the principle of least privilege by adding explicit and specific allow-exceptions only when necessary based on job descriptions? a. default-deny b. default-accept c. filter-free d. fail-safe
a. default-deny
Which term describes a security stance that prevents all communications except those enabled by specific allow exceptions? a. deny by default/allow by exception b. syslog c. behavioral-based detection d. signature-based detection
a. deny by default/allow by exception
Which name is given to a hacking technique used against static packet filtering firewalls to discover the rules or filters controlling inbound traffic? a. firewalking b. signature-based detection c. database-based detection d. filter
a. firewalking
Which of the following steps of an incident response plan selects and trains security incident response team (SIRT) members and allocates resources? a. preparation b. detection c. containment d. eradication
a. preparation
Which of the following is an operating system built exclusively to run on a bastion host device? a. proprietary OS b. general OS c. reverse proxy d. appliance firewall
a. proprietary OS
Which of the following is not a characteristic of a private address? a. they are leased to users and businesses b. they require translation c. they can be mixed with public addresses d. they are isolated from the Internet
a. they are leased to users and businesses
True or False: The term zero day exploit describes a new and previously unknown attack for which there is not a current specific defense. a. true b. false
a. true
True or False: To allow clients to use a single public addresses to access a cluster of internal Web servers, you can deploy reverse proxy to support load balancing or load distribution across multiple internal resource hosts. a. true b. false
a. true
True or False: Transport mode encryption protects only the original IP packet's payload, which retains its original IP header. a. true b. false
a. true
True or False: Unified threat management (UTM) has the advantage of managing multiple security services from a single interface. a. true b. false
a. true
True or False: When troubleshooting firewalls, you should simplify the task by first disabling or disconnecting software and hardware not essential to the function of the firewall. a. true b. false
a. true
True or False: Windows Firewall is a native operating system firewall. a. true b. false
a. true
True or False: Wireshark can be used in the absence of a firewall, with a firewall set to allow all traffic, or even in the presence of a firewall to inventory all traffic on the network. a. true b. false
a. true
True or False: Wireshark is a free packet capture, protocol analyzer, and sniffer that can analyze packets and frames as they enter or leave a firewall. a. true b. false
a. true
True or False: You should consider placing rules related to more common traffic earlier in the set rather than later. a. true b. false
a. true
True or False: You should not automatically purchase the product your cost/benefit analysis says is the best option. a. true b. false
a. true
Which term describes encryption that protects the entire original IP packet's header and payload? a. tunnel mode encryption b. transport mode encryption c. cryptography d. IP headers
a. tunnel mode encryption
Which of the following is not a firewall type? a. universal b. static packet filtering c. proxy d. stateful inspection
a. universal
In theory, the use of a software firewall as a replacement for a network appliance can work as long as the host OS's network communication is routed through which type of firewall? a. virtual firewall b. appliance firewall c. hardware firewall d. commercial firewall
a. virtual firewall
A complete and comprehensive security approach needs to address or perform two main functions. The first is to secure assets and the second is... a. watch for violation attempts b. design the infrastructure based on the organization's mission c. verify identity d. control access to resources e. prevent downtime
a. watch for violation attempts
The firewall configuration on an ISP connection device is most commonly accessed through what type management interface? a. TELNET b. HTTP/HTTPS c. SSL d. FTP
b. HTTP/HTTPS
Which of the following is hardware that connects a local network - or even a single computer - to a telco's carrier network to access the Internet? a. IPFire b. ISP connection device c. DSL line d. SOHO
b. ISP connection device
Which of the following is a network mapper, port scanner, and OS fingerprinting tool that checks the state of ports, identifies targets, and probes services? a. Wireshark b. Nmap c. TCPView d. Backtrack
b. Nmap
Which of the following is given to an Application layer protocol used by e-mail clients to receive messages from an e-mail server? a. Simple Mail Transfer Protocol (SMTP) b. Post Office Protocol (POP) c. Transmission Control Protocol/Internet Protocol (TCP/IP) d. File Transfer Protocol (FTP)
b. Post Office Protocol (POP)
Which of the following is disabled by default and requires an invitation? a. TOR (The Onion Router) b. Remote Desktop Protocol (RDP) and Remote Assistance c. SubSeven d. Netcat
b. Remote Desktop Protocol (RDP) and Remote Assistance
Which of the following refers to the end user's desktop devices such as a desktop computer, laptop, VoIP telephone, or other endpoint device? a. LAN Domain b. Workstation Domain c. WAN Domain d. Remote Access Domain
b. Workstation Domain
Which of the following describes a native firewall? a. a small text file used by Web browsers and servers to track Web sessions b. a firewall in an operating system or hardware device that is placed in a system by the vendor or manufacturer c. open-source and commercial software firewalls for most operating systems d. Windows 7 host commercial software firewall
b. a firewall in an operating system or hardware device that is placed in a system by the vendor or manufacturer
True or False: A false negative is an event that triggers an alarm when the traffic or event is abnormal and/or malicious. a. true b. false
b. false
True or False: A one-way function refers to a mathematical operation performed in one direction, reversing the operation is easy. a. true b. false
b. false
True or False: A personal firewall is an appliance firewall placed on the border or edge of an organization's network. a. true b. false
b. false
True or False: An application firewall filters on a specific application's content and session information; however, it cannot inspect traffic at any layer. a. true b. false
b. false
True or False: An encrypted VPN link guarantees that the other end of the VPN connection is secure. a. true b. false
b. false
True or False: Authentication and authorization must be used together. a. true b. false
b. false
True or False: Denial of service (DoS) attacks cannot be detected by a firewall. a. true b. false
b. false
True or False: Deploy firewalls as quickly as possible. a. true b. false
b. false
True or False: Deploying a security product is more preferable than addressing your environment's specific risks. a. true b. false
b. false
True or False: Intranet access allows businesses, partners, vendors, suppliers, and so on to gain access to resources a. true b. false
b. false
True or False: Linux distributions automatically come with a native software firewall enabled. a. true b. false
b. false
True or False: Multifactor authentication is significantly less secure than any single factor form of authentication. a. true b. false
b. false
True or False: Software firewalls cannot be bastion hosts. a. true b. false
b. false
True or False: Symmetric cryptography encodes and decodes information using different keys for each process. a. true b. false
b. false
True or False: The WAN Domain refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms. a. true b. false
b. false
True or False: The firewall administrator should give physical access to firewall devices to senior managers and middle managers. a. true b. false
b. false
True or False: The term monitoring refers to the act of creating or recording events into a log. a. true b. false
b. false
True or False: When conducting an inventory, you don't need to include protocols in use or the port(s) in use. You just need to include the likely source and destination addresses. a. true b. false
b. false
True or False: When too much data crosses a network segment, throughput and latency are increased. a. true b. false
b. false
True or False: You should not keep ports 465 and 995 open. a. true b. false
b. false
Which of the following uses ICMP as a tunneling protocol? a. TOR b. Netcat c. Loki d. NetBus
c. Loki
What is anomaly-based detection? a. an event that does not trigger an alarm but should have because the traffic or event is abnormal and/or malicious b. a notification from a firewall that a specific event or packet was detected c. a form of intrusion detection system/intrusion prevention system (IDS/IPS) based on a defined normal, often defined using rules similar to firewall rules d. an event that triggers an alarm but should not have because the traffic or event is benign
c. a form of intrusion detection system/intrusion prevention system (IDS/IPS) based on a defined normal, often defined using rules similar to firewall rules
Which of the following describes an access control list (ACL)? a. a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on b. an event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious c. a mechanism that defines traffic or an event to apply an authorization control of allow or deny against d. an intrusion detection system/intrusion prevention system (IDS/IPS) based on a defined normal, often defined using rules similar to firewall rules
c. a mechanism that defines traffic or an event to apply an authorization control of allow or deny against
Which of the following is given to a notification from a firewall that a specific event or packet was detected? a. management interface b. rules c. alert d. anomaly-based detection
c. alert
Which of the following characteristics relates to the term algorithm? a. a hardware VPN device b. a VPN created between two individual hosts across a local or intermediary network c. used to connect a remote or mobile host into office network workstation d. a set of rules and procedures - usually mathematical in nature - that can define how the encryption and decryption processes operate
d. a set of rules and procedures - usually mathematical in nature - that can define how the encryption and decryption processes operate
Which of the following is a malicious software program distributed by a hacker to take control of a victim's computers? a. sacrificial host b. client c. server d. agent
d. agent
Which of the following is a dedicated hardware device that functions as a black-box sentry? a. fail-safe b. reverse proxy firewall c. proxy firewall d. appliance firewall
d. appliance firewall
Which of the following refers to an operating system built exclusively to run on a bastion host device? a. universal participation b. bastion host OS c. reverse caching d. proprietary OS
d. proprietary OS
Which of the following hands out tasks in a repeating non-priority sequence? a. alert b. firewalking c. port-based network access (admission) control (PNAC) d. round robin
d. round robin
Which term describes a form of security based on hiding details of a system, or creating convolutions that are difficult to understand? a. firewall b. Bring Your Own Device (BYOD) c. modeling d. security through obscurity
d. security through obscurity
Which of the following is a technique for storing or copying log events to a centralized logging server? a. firewall logging b. write-once read-many (WORM) storage c. unified threat management (UTM) d. syslog
d. syslog
What is compression? a. a VPN used to grant outside entities access into a perimeter network; used to hose resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public b. a subset of asymmetric cryptography based on the use of key pair sets c. the art and science of hiding information from unauthorized third parties d. the removal of redundant or superfluous data or space to reduce the size of a data set
d. the removal of redundant or superfluous data or space to reduce the size of a data set
Which of the following is not true of VLANs? a. they control traffic b. they are cost-effective c. VLAN configuration takes place in the switch d. they require a change of IP address or re-cabling
d. they require a change of IP address or re-cabling
Which of the following is defined as the act of avoiding single points of failure by building in multiple elements, pathways, or methods of accomplishing each mission-critical task? a. preparedness b. redundancy c. endpoint security d. encryption
b. redundancy
Which of the following refers to the deployment of a firewall as an all-encompassing primary gateway security solution? a. access control list (ACL) b. false positive c. signature-based detection d. unified threat management (UTM)
d. unified threat management (UTM)
Which of the following is not a consideration when placing firewalls on the network? a. structure of the network b. traffic patterns c. most likely access pathways d. where hackers are located
d. where hackers are located
Which of the following is described as the maximum communication or transmission capability of a network segment? a. round robin b. signature-based detection c. filter d. wirespeed
d. wirespeed
Which of the following types of security components are important to install on all hosts? a. antivirus b. whole hard drive encryption c. Spyware defenses d. firewall e. all of the above
e. all of the above
Which of the following cannot be performed adequately using an automated tool: a. confirming configuration settings b. vulnerability assessment c. checking for current patches d. scanning for known weaknesses e. ethical hacking
e. ethical hacking
Which of the following is a firewall rule that prevents internal users from accessing public FTP sites? a. TCP 192.168.42.0/24 ANY ANY 21 Deny b. TCP ANY ANY 192.168.42.0/24 ANY Deny c. TCP 21 192.168.42.0/24 ANY ANY Deny d. TCP ANY ANY ANY FTP Deny
a. TCP 192.168.42.0/24 ANY ANY 21 Deny
Which of the following is a double-blind encapsulation system that enables anonymous but not encrypted Internet communications? a. TOR (The Onion Router) b. Cryptcat c. Back Orifice d. Remote Desktop Protocol (RDP) and Remote Assistance
a. TOR (The Onion Router)
True or False: If your home router is a wireless device, you should change the service set identifier (SSID) from the default setting. a. true b. false
a. true
True or False: In a company network setting, you should immediately terminate any communication found to take place without firewall filtering. a. true b. false
a. true
True or False: Ingress filtering filters traffic as it attempts to enter a network, including spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations. a. true b. false
a. true
True or False: Integrity prevents unauthorized changes to data. a. true b. false
a. true
True or False: Intrusion detection system (IDS) is a security mechanism that detects unauthorized user activities, attacks, and network compromises. a. true b. false
a. true
True or False: Netcat is a hacker tool that creates network communication links using UDP or TCP ports that support the transmission of standard input and output. a. true b. false
a. true
True or False: Node security focuses on the tasks for each type of networking device to improve its security; it takes the generic recommendations of system hardening and expands them with additional node/host specific improvements. a. true b. false
a. true
True or False: Nonrepudiation ensures that a sender cannot deny sending a message. a. true b. false
a. true
True or False: Overlapping occurs when full or partial overwriting of datagram components creates new datagrams out of parts of previous datagrams. a. true b. false
a. true
True or False: PacketiX VPN and HotSpotShield are encrypted Web proxy services. a. true b. false
a. true
True or False: Rule-set ordering is critical to the successful operation of firewall security. a. true b. false
a. true
True or False: SMTP is an Application Layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers. a. true b. false
a. true
True or False: Security through obscurity can be both a good strategy and a bad one depending on the type of security. a. true b. false
a. true
True or False: ShieldsUP! is a port-scanning tool that is an effective way to test your configuration. a. true b. false
a. true
True or False: Simulator tests are secure by design. a. true b. false
a. true
True or False: Telnet is a protocol and a service used to remotely control or administer a host through a plaintext command-line interface. a. true b. false
a. true
True or False: The Containment phase of an incident response plan restrains further escalation of the incident. a. true b. false
a. true
True or False: The Detection phase of an incident response plan confirms breaches. a true b. false
a. true
True or False: The best defenses against covert channels include IDS and Intrusion Prevention System (IPS) and thoroughly watching all aspects of an IT infrastructure for aberrant or abnormal events of any type. a. true b. false
a. true
True or False: The fewer rules you need to check before you grant an Allow, the less delay to the traffic stream. a. true b. false
a. true
True or False: The principle of least privilege states that you should grant users the fewest capabilities, permissions, and privileges possible to complete their assigned work, without additional capabilities. a. true b. false
a. true
True or False: The term bastion host refers to a firewall positioned along the pathway of a potential attack. It serves as the first line of defense for the network. a. true b. false
a. true
Which of the following refers to the process of simulating and testing a new concept, design, programming technique, and so on before deployment into a production environment? a. eavesdropping b. modeling c. AppleTalk d. piloting
b. modeling
All of the following are examples of network security management best practices except: a. obtaining senior management endorsement b. providing fast response time to customers c. writing a security policy d. filtering Internet connectivity e. implementing defense in depth
b. providing fast response time to customers
Which of the following is a malicious remote control tool? a. NetBus b. Remote Desktop Protocol (RDP) and Remote Assistance c. Cryptcat d. Loki
a. NetBus
Which of the following is not a security suite? a. Netfilter b. Webroot Internet Security Essentials c. McAfee Personal Firewall Plus d. Computer Associates
a. Netfilter
Which of the following describes fair queuing? a. a technique of load balancing that operates by sending the next transaction to the firewall with the least current workload b. a written expression of an item of concern (protocol, port, service, application, user, and IP address) and one or more actions to take when the item of concern appears in traffic c. a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on d. an event that triggers an alarm but should not have because the traffic or event actually is benign
a. a technique of load balancing that operates by sending the next transaction to the firewall with the least current workload
Ingress and egress filtering can expand beyond protection against spoofing and include a variety of investigations on inbound and outbound traffic. Which of the following is not one of the ways ingress and egress filtering expand beyond protection against spoofing? a. dynamic packet filtering b. blacklist and whitelist filtering c. protocol and port blocking d. confirmation of authentication or authorization before communications continue
a. dynamic packet filtering
Which of the following refers to a software firewall installed on a client or server? a. host firewall b. hardware firewall c. transport layer (Layer 4) d. client
a. host firewall
What is the primary purpose of a post-mortem assessment review? a. learning from mistakes b. extending the length of time consumed by a task c. placing blame on an individual d. reducing costs e. adding new tools and resources
a. learning from mistakes
The task of compartmentalization is focused on assisting with what overarching security concern? a. limiting damage caused by intruders b. controlling access based on location c. assessing security d. filtering traffic based on volume e. supporting transactions through utilization
a. limiting damage caused by intruders
Which of the following can improve firewall performance? a. load balancing b. wirespeed c. firewalking d. port-based network access (admission) control (PNAC)
a. load balancing
When troubleshooting firewalls, which of the following is not something you should do after you attempt a fix? a. make multiple fixes b. repeat the failure c. test after each attempt d. reverse or undo solution failures
a. make multiple fixes
Which of the following prevents or restricts Web sites from automatically opening additional tabs or windows without the user's consent? a. pop-up blocker b. active threat c. cookie filter d. native filter
a. pop-up blocker
Which of the following characteristics describes an edge router? a. the last device owned by an organization before an ISP or telco connection b. a form of VPN establishing a secure VPN over trusted VPN connections c. a form of cryptography in which each encryption key is used once before being discarded d. a security service that ensures that a sender cannot deny sending a message
a. the last device owned by an organization before an ISP or telco connection
Which of the following describes authentication? a. the process of confirming the identity of a user b. confidence in the expectation that others will act in your best interest or that a resource is authentic c. a small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home d. a stated purpose or target for network security
a. the process of confirming the identity of a user
True or False: A VPN appliance can be placed inside and outside the corporate firewall. a. true b. false
a. true
True or False: A chokepoint is a form of bottleneck and is a single, controlled pathway between two different levels of network trust where a firewall or other filtering devices block or allow traffic based on a set of rules. a. true b. false
a. true
True or False: A closed source is a type of software product that is pre-compiled and whose source code is undisclosed. a. true b. false
a. true
True or False: A digital envelope is a secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient. a. true b. false
a. true
True or False: A firewall is a filtering device that enforces network security policy and protects the network against external attacks. a. true b. false
a. true
True or False: A native firewall is not necessarily installed by default, but can be added to a system through an update or patch installation. a. true b. false
a. true
True or False: A passive threat is similar to a virus in that it depends upon the activity of the user to activate, infect, and spread. a. true b. false
a. true
True or False: A private key is kept secret and used only by the intended entity. a. true b. false
a. true
True or False: A split tunnel is a VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection. a. true b. false
a. true
True or False: Allowing every communication is a bad idea from a security standpoint as well as a productivity one. a. true b. false
a. true
True or False: Diversity of defense uses a different security mechanism at each or most of the layers. a. true b. false
a. true
True or False: Firewalking is a hacking technique used against static packet filtering firewalls to discover the rules or filters controlling inbound traffic. a. true b. false
a. true
True or False: Free software can have no cost, which makes it non-commercial. a. true b. false
a. true
True or False: Hashing verifies data integrity by using algorithms to produce unique numbers from datasets known as hash values. a. true b. false
a. true
True or False: IPCop is a commercial firewall solution for Linux. a. true b. false
a. true
True or False: If strong authentication is a priority, select an application gateway firewall or a dedicated application-specific proxy firewall. a. true b. false
a. true
Which of the following describes an appliance firewall? a. the process of automatically created temporary filters. In most cases, the filters allow inbound responses to previous outbound requests b. a hardened hardware firewall c. the second layer of the OSI model responsible for physical addressing (MAC addresses) d. a type of firewall that filters on a specific application's content and session information
b. a hardened hardware firewall
Which of the following describes a blacklist? a. a security mechanism to detect and prevent attempts to breach security b. a type of filtering in which all activities or entities are permitted except those identified c. a list of the hosts and servers on the network d. a list that describes the steps to lock down a host against threats and attacks
b. a type of filtering in which all activities or entities are permitted except those identified
Which of the following characteristics relates to a demilitarized zone (DMZ)? a. confidence in the expectation that others will act in your best interest or that a resource is authentic b. a type of perimeter network used to host resources designated as accessible by the public from the Internet c. a form of networking where each computer is a peer d. a host on a network
b. a type of perimeter network used to host resources designated as accessible by the public from the Internet
All of the following are examples of network security management best practices except: a. Having a business continuity plan b. allowing company resources to be shared with all who need them c. backing up d. using multifactor authentication e. prioritizing
b. allowing company resources to be shared with all who need them
Incident response is the planned reaction to negative situations or events. Which of the following is not a common step or phase in a incident response? a. recovery b. assessment c. containment d. detection e. eradication
b. assessment
Which of the following refers to encoding and decoding information using related but different keys for each process? a. digital certificate b. asymmetric cryptography c. ciphertext d. algorithm
b. asymmetric cryptography
Which of the following is the name given to unauthorized access to a system unofficially with no bad intent? a. hijacking b. backdoor c. tunneling d. exploit
b. backdoor
What is the only protection against data loss? a. encryption b. backup and recovery c. traffic filtering d. auditing e. integrity checking
b. backup and recovery
Which term is used to describe a firewall that is implemented via software? a. risk assessment b. bump-in-the-stack c. hardware firewall d. screening router
b. bump-in-the-stack
Which of the following forces all traffic, communications, and activities through a single pathway or channel that can be used to control bandwidth consumption, filter content, provide authentication services, or enforce authorization? a. fail-safe b. chokepoint c. fail-secure d. reverse proxy
b. chokepoint
Which term describes the seemingly random and unusable output from a cryptographic function applied to original data? a. dedicated leased line b. ciphertext c. identity proofing d. host VPN
b. ciphertext
Which of the following refers to a type of software product that is pre-compiled and whose source code is undisclosed? a. circuit b. closed source c. bots d. physical address
b. closed source
If the process of creating rules requires a significant number of special exceptions to modify or adjust ranges of addresses or ports, what should you do? a. use a more complex rule set b. consider reconfiguring the network rather than using a too complex or too long rule set c. use a longer rule set d. don't use any addresses or ports
b. consider reconfiguring the network rather than using a too complex or too long rule set
Which attack uses a pre-constructed list of potential passwords or encryption keys? a. piloting b. dictionary password attack c. brute-force attack d. hybrid attack
b. dictionary password attack
Which of the following refers to filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations? a. router b. egress filtering c. auditing d. whitelist
b. egress filtering
Which term describes a VPN created between two individual hosts across a local or intermediary network? a. VPN appliance b. host-to-host VPN c. hash d. site-to-site VPN
b. host-to-host VPn
Which of the following describes caching? a. a network service that acts as a "middle man" between a client and server b. retention of Internet content by a proxy server c. filtering traffic as it attempts to enter a network d. a mechanism to establish a secure remote access connection across an intermediary network
b. retention of Internet content by a proxy server
What is the key factor that determines how valuable and relevant a vulnerability assessment's report it? a. the available bandwidth on the network b. timeliness of the database c. the platform hosting the scanning engine d. whether the product is open sourced e. the time of day the scan is performed
b. timeliness of the database
The purpose of a security checklist is: a. to create a shopping list for replacement parts b. to ensure that all security elements are still effective c. to keep an inventory of equipment in the event of a disaster d. to complete the security documentation for the organization e. to assess the completeness of the infrastructure
b. to ensure that all security elements are still effective
All of the following are common mistakes or security problems that should be addressed in awareness training except: a. failing to make backups of personal data b. using resources from other subnets of which the host is not a member c. walking away from a computer while still logged in d. installing unapproved software on work computers e. opening e-mail attachments from unknown sources
b. using resources from other subnets of which the host is not a member
Which protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, but which is unencrypted and performs authentication and data transfers in plaintext? a. Post Office Protocol (POP) b. AppleTalk c. File Transfer Protocol (FTP) d. Hyper Text Transfer Protocol Secure (HTTPS)
c. File Transfer Protocol (FTP)
Which of the following refers to the entity responsible for global coordination of IP addressing, DNS root, and other internet protocol resources? a. Afrinic b. RIPE c. Internet Assigned Numbers Authority (IANA) d. ARIN
c. Internet Assigned Numbers Authority (IANA)
Which one of the following is not a commercial host firewall option available for Linux? a. SmoothWall b. IPFire c. Kaspersky Internet Security d. IPCop
c. Kaspersky Internet Security
Which of the following are documents that can help you to review and assess your organization's status and state of security? a. firewall checklists b. risk assessment c. STIGs (Security Technical Implementation Guides) d. incident response plan
c. STIGs (Security Technical Implementation Guides)
Which of the following is a centralized logging service that hosts a duplicate copy of log files? a. Nessus b. Netcat c. Syslog d. Backtrack
c. Syslog
Which of the following refers to the hardware, operating system software, database software, client-server applications, and data that are typically housed in the organization's data center and/or computer rooms? a. Remote Access Domain b. WAN Domain c. System/Application Domain d. LAN Domain
c. System/Application Domain
Which of the following refers to a type of firewall that filters on a specific application's content and session information? a. circuit firewall b. hardware firewall c. application firewall d. stateful inspection
c. application firewall
Which term describes portions of a software system that unauthenticated users can run? a. Internet Assigned Numbers Authority (IANA) b. File Transfer Protocol (FTP) c. attack surface d. Internet Package Exchange/Sequenced Packet Exchange (IPX/SPX)
c. attack surface
Which term describes programs used to control access to computer resources, enforce policies, audit usage, and provide billing information? a. traffic congestion b. certificate authority (CA) c. authentication, authorization, and accounting (AAA) services d. trusted roots list
c. authentication, authorization, and accounting (AAA) services
Which malicious software program is distributed by hackers to take control of victims' computers? a. hardware firewalls b. viruses c. bots d. bastion bot
c. bots
Which term describes a network device that forwards traffic between networks based on the MAC address of the Ethernet frame? a. domain b. bottleneck c. bridge d. node
c. bridge
Which name is given to a form of filtering that focuses on traffic content? a. stateful inspection filtering b. static filtering c. content filtering d. application gateway
c. content filtering
Which of the following refers to a form of attack that attempts to compromise availability? a. zero day exploits b. man-in-the-middle (mitm) c. denial of service (DoS) d. sniffer
c. denial of service (DoS)
By what mechanism do VPNs securely exchange session keys between endpoints? a. digital signature b. digital forensics c. digital envelope d. digital certificate
c. digital envelope
Which firewall has a network interface located in a unique network segment that allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another? a. appliance firewall b. software firewall c. dual-homed firewall d. triple-homed firewall
c. dual-homed firewall
A firewall host that fails and reverts to a state where all communication between the Internet and the DMZ is cut off displays a type of defense known as: a. default permit b. security through obscurity c. fail-close d. egress altering e. explicit deny
c. fail-close
The purpose of physical security access control is to: a. provide teachable scenarios for training b. protect against authorized communications over external devices c. limit interaction between people and devices d. grant access to external entities e. prevent external attacks from coming through the firewall
c. limit interaction between people and devices
Which of the following is an open source product? a. one that is non-commercial b. one where the source code cannot be obtained and viewed by just anyone c. one where the source code can be obtained and viewed by anyone d. one that is commercial
c. one where the source code can be obtained and viewed by anyone
Which of the following describes any harmful code or site that depends upon the user's actions to be accessed or activated? a. native firewall b. active threat c. passive threat d. cookie filter
c. passive threat
Which of the following troubleshooting steps involves reviewing the entire troubleshooting response process? a. reversing solution failures b. testing after each attempt c. performing a post-mortem review d. making one fix at a time
c. performing a post-mortem review
Which of the following is not an ISP connection? a. cable b. satellite c. pfSense d. DSL
c. pfSense
All of the following are examples of network security management best practices except: a. using whole hard drive encryption b. hardening internal and border devices c. purchasing equipment from a single vendor d. avoiding remote access e. implementing IPSec
c. purchasing equipment from a single vendor
Which of the following provides faster access to static content for external users accessing internal Web servers? a. general purpose OS b. security stance c. reverse caching d. diversity of defense
c. reverse caching
Which term describes the act of working from a home, remote, or mobile location while connecting into the employer's private network, often using a VPN? a. public key cryptography b. host-to-site VPN c. telecommuting d. scalability
c. telecommuting
Which of the following characteristics relates to access control? a. the feature of network design that ensures the existence of multiple pathways of communication b. an attack that occurs when a hacker uses a network snigger to watch a communications session to learn its parameters c. the process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic d. the process of confirming the identity of a user
c. the process or mechanism of granting or denying use of resources; typically applied to users or generic network traffic
Which of the following is not a common reason for deploying a reverse proxy? a. reverse caching b. security c. time savings d. encryption
c. time savings
Which of the following refers to a form of encryption also known as point-to-point or host-to-host encryption? a. hardware firewall b. circuit firewall c. transport mode encryption d. tunnel mode encryption
c. transport mode encryption
All of the following are elements of an effective network security installation except: a. compliance auditing b. backup and restoration c. unplanned downtime d. security checklist e. user training and awareness
c. unplanned downtime
Which of the following is not a protection against fragmentation attacks? a. performing sender fragmentation b. using firewall filtering c. using firewalking d. using IDS
c. using firewalking
Which of the following is not a security strategy? a. defense diversity b. firewall policies c. weakest link d. forced universal participation
c. weakest link
A security policy is important for all of the following reasons except which one? a. it establishes goals b. it helps with planning c. with it, you cannot trust the network's security d. it helps you respond, contain, and repair
c. with it, you cannot trust the network's security
Which of the following is not a commonsense element of troubleshooting firewalls? a. focus on the most critical issues first b. isolate problems c. work with urgency d. know your firewall thoroughly
c. work with urgency
Which one of the following is not a third-party software firewall but is a security suite? a. eConceal Pro b. Look 'n' Stop c. Lavasoft Personal Firewall d. McAfee Personal Firewall Plus
d. McAfee Personal Firewall Plus
Which of the following creates TCP and UDP network connections to or from any port? a. Cryptcat b. Back Orifice c. SubSeven d. Netcat
d. Netcat
Which of the following describes dynamic packet filtering? a. an entrance or exit point to a controlled space b. the function of routing traffic from an external source received on a specific pre-defined IP address and port combination (also known as a socket) to an internal resource server c. a process that translates internal addresses into external addresses d. a process that automatically creates temporary filters. In most cases, the filters allow inbound responses to previous outbound requests
d. a process that automatically creates temporary filters. In most cases, the filters allow inbound responses to previous outbound requests
Which of the following describes a dedicated leased line? a. a set of rules and procedures, usually mathematical in nature b. a hardware VPN device c. an electronic proof of identity issued by a certificate authority (CA) d. allows communication between one site and another
d. allows communication between one site and another
When conducting an audit, the auditor should be which of the following? a. an internal employee who can be trusted b. an external person capable of hacking c. an internal employee capable of enclosing or encasing one protocol or packet inside another protocol or packet d. an external person who is independent of the organization under audit
d. an external person who is independent of the organization under audit
Which term describes when a system is usable for its intended purpose? a. authorization b. auditing c. encryption d. availability
d. availability
Which of the following refers to a system designed, built, and deployed specifically to serve as a frontline defense for a network? a. diversity of defense b. universal participation c. proprietary OS d. bastion host
d. bastion host
Which of the following is not a protection against fragmentation attacks? a. sender fragmentation b. modern IDS detection c. firewall filtering d. buffer overflows
d. buffer overflows
Which type of software is closed-sourced to protect intellectual property and allow vendors to charge for the product? a. non-commercial b. open source c. free software d. commercial
d. commercial
Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats: a. vulnerability assessment b. ethical hacking c. penetration testing d. compliance audit e. configuration scan
d. compliance audit
What term describes a small text file used by Web browsers and servers to track Web sessions? a. Web-based service b. Web browser c. popup blocker d. cookie filter
d. cookie filter
All of the following are disadvantages of the build-it-yourself firewall, but one is an advantage. Which of the following is an advantage? a. additional hardware manipulation b. hardening of a host OS c. juggling of device drivers d. cost
d. cost
The best network security management tools include all of the following except: a. written security policy b. change the documentation c. complete inventory of equipment d. expensive commercial products e. logical organization map
d. expensive commercial products
Which of the following refers to an event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious? a. false positive b. deny by default/allow by exception c. round robin d. false negative
d. false negative
Which term is used to describe a network security device or host software that filters communications, usually network traffic, based on a set of predefined rules? a. sniffer b. auditor c. hacket d. firewall
d. firewall
Which of the following terms refers to the process of securing or locking down a host against threats and attacks? a. auditing b. redundancy c. authorization d. hardening
d. hardening
Which of the following is not true of security for a SOHO? a. cost effective b. easy to implement c. not as vulnerable as corporate offices d. have a higher risk than corporate offices
d. have a higher risk than corporate offices
Which term describes a network, network link, or channel located between the endpoints of a VPN? a. one-way function b. host-to-host network c. site-to-site network d. intermediary network
d. intermediary network
Which of the following outbound ports is for HTTPS? a. port 25 b. port 53 c. port 80 d. port 443
d. port 443
Which of the following is not a potential hazard when installing patches or updates? a. installing untested code b. reducing security c. bricking the device d. resetting configuration back to factory defaults e. improving resiliency against exploits
e. improving resiliency against exploits
