CYB 220 - Week 5 - 5-1 Lab

Ace your homework & exams now with Quizwiz!

The central office implementation of a firewall has which of the following common elements? - A firewall that hosts many hub locations - A firewall separating multiple DMZs - A firewall that handles the majority of the company's internet access - A firewall that takes the place of a decentralized router

A firewall that handles the majority of the company's internet access

What is the underlying premise of a honeypot? - All network traffic is suspicious - A proxy server used for web browsing - A server used for email - All network traffic is nonthreatening

All network traffic is suspicious

When implementing a firewall in an internal network, what element should be considered a priority? - The ability to properly bottleneck network traffic - Amount of bandwidth needed for network traffic - A connection to the internet - Tiered tracing for troubleshooting problems

Amount of bandwidth needed for network traffic

What is Snort? - An open-source IDS software application - A Cisco-branded IDS software application - A honeypot software application - The first Symantec firewall

An open-source IDS software application

How does the ZoneAlarm Free Firewall open? - When you open it - When you input the command #ZoneAlarm - After it is vetted - Automatically

Automatically

Snort's default set of rules is: - Bluelist.rules - Whitelist.rules - Greylist.rules - Blacklist.rules

Blacklist.rules

What is one problem with implementing many DMZs in one network? - Many different operating systems - Requires a lot of electrical power - High infrastructure costs - Creates network confusion

High infrastructure costs

What type of network traffic is monitored by an IPS? - Inbound only - Outbound only - Inbound and outbound - Neither inbound nor outbound

Inbound and outbound

When configuring a host-based firewall, which elements should be considered? - Inbound and outbound network traffic - Inbound network traffic - Inbound and outbound port traffic only - Outbound network traffic

Inbound and outbound network traffic

An external router should be the first point of control for what type of network traffic? - Ingress only - Egress only - Ingress and egress - It is the internal router, not the external router.

Ingress and egress

What is the idea behind intrusion deterrence? - Making a system seem like a less palatable target - Moving the attack surface to another system - Interweaving threaded response files for detection - Avoiding the risk of system detection

Making a system seem like a less palatable target

There are several common components to an IDS. Which of the following are three of them? - Administrator, operator, threshold - Event, data destination, planner - Manager, operator, analyzer - Activity, sensor, executable

Manager, operator, analyzer

A host-based firewall resides where in a network? - After the DMZ but before the internet - Within the external router - On a user's computer - On a third-party network

On a user's computer

The administrator of the IDS is responsible for what? - Indicating suspicious activity - Providing notification to the IDS manager - Organizational security - Analyzing data collected from a security monitor

Organizational security

Logically separated subnets are still physically connected to: - Other VLANS in the same subnet fabric - Other VLANs in the same router fabric - Other subnets in the same switch fabric - Other subnets in the same VLAN fabric

Other subnets in the same switch fabric

What two things are most important when first considering firewall implementation? - Placement and power requirements - Placement and type - Type and power requirements - Power requirements and remote access

Placement and type

Wireshark is categorized as a: - Firewall - Malware - Network configuration tool - Protocol analyzer

Protocol analyzer

What does the mstsc command invoke? - Server configuration dialog - Remote desktop connection software - ZoneAlarm installation process - Firewall settings software

Remote desktop connection software

Firewalls use __________ to filter incoming and outgoing traffic. - Proxies - Rules - Environments - Networks

Rules

What is a best practice for mitigating human error when connecting to a switch that communicates across multiple networks? - Plug a 24-port switch into an open port - Turn on trunking for all access ports - Reset the default VLAN configuration - Shut down all unused ports

Shut down all unused ports

Snort works in one of three modes: - Network intrusion detection, monitor, and operator relay - Packet logger, monitor, and analyzer - Sniffer, packet logger, and network intrusion detection - Packet logger, notification agent, and data source recorder

Sniffer, packet logger, and network intrusion detection

Why is it important to remove AVG 2012? - It is malware. - It doesn't allow the installation of ZoneAlarm. - The software might conflict with ZoneAlarm. - The software uses too much space.

The software might conflict with ZoneAlarm.

What are the specific ways anomalies are detected? - User/group profiling, component profiling, threshold monitoring, process monitoring - Threshold monitoring, user/group profiling, resource profiling, executable profiling - Component profiling, threshold monitoring, resource profiling, process monitoring - Executable profiling, component monitoring, user/group monitoring, component profiling

Threshold monitoring, user/group profiling, resource profiling, executable profiling

Why would someone use an anonymous proxy site? - To uphold their workplace firewall policies - To access non-work-related websites at work - To make their firewall more resilient - To display their IP address online

To access non-work-related websites at work

To make the ZoneAlarm software more effective at fending off unwanted malware, you must: - Run it in Administration mode - Update the signatures of the program - Set the automatic updates to only user mode - Install a second firewall

Update the signatures of the program

Which option from Snort shows the available network interfaces? - snort -D - snort -I - snort -V - snort -W

snort -W


Related study sets

Economies and diseconomies of Scale

View Set

14.4 Eukaryotic Pre-mRNA Transcripts are Processed prior to Translation.

View Set