Intro to Firewalls DCOM 211 Midterm Study -Ch3-6

Ace your homework & exams now with Quizwiz!

Which ICMP types should be allowed through the firewall? 1. ICMP Time-To-Live (TTL) Exceeded 2. ICMP destination unreachable packets 3. ICMP source quench 4. Timestamp reply

1. ICMP Time-To-Live (TTL) Exceeded 2. ICMP destination unreachable packets

Windows Firewall features include 1. IPv6 support 2. Startup security 3. An operating mode that allows exceptions 4. No IPv4 traffic scoping

1. IPv6 support 2. Startup security

Filtering Traffic from Internal Source methods that explicitly permit traffic: (Choose all that apply) 1. Port Range 2. Port -range forwarding 3. IP address 4. Mac Address

1. Port Range 3. IP address 4. Mac Address

Filtering Traffic from External Source methods that explicitly permit traffic: (Choose all that apply) 1. Port-Range forwarding 2. DMZ forwarding 3.Port Triggering 4.Port Range

1. Port-Range forwarding 2. DMZ forwarding 3.Port Triggering

PIX firewalls use two types of translation: 1. Static 2.. Dynamic 3. Parallel 4. Short

1. Static 2.. Dynamic

Which of the following Internet filtering products are supported for seamless integration with the PIX/ASA: Websense Enterprise CSC-SSM Sentient 2112 ChloeX

1. Websense Enterprise 2. CSC-SSM

Windows Firewall was previously known as 1. Windows Internet Connection Firewall (ICF) 2. Gates Personal Firewall (GPS) 3. Windows International Community Firewall (ICF) 4. Firewall XGC

1. Windows Internet Connection Firewall (ICF)

Most IDSs detect attacks by matching the network traffic against. 1. a signature, or fingerprint, of the attack 2. bad ICMP packets 3. bad checksums 4. IP addresses that have been spoofed

1. a signature, or fingerprint, of the attack

Windows Firewall comes bundled with 1. every new version of Microsoft's operating systems 2. only WIndows XP 3. in all BUT Windows Server 2003 Standard 4. an additional fee

1. every new version of Microsoft's operating systems

Configuring SSH is more complicated because you need to 1. generate and save the RSA pair 2. submit a complete ACL 3. identify all acceptable IP addresses 4. Disable SSH access

1. generate and save the RSA pair

Application inspection on the PIX firewall is accomplished through the fixup command now known as the 1. policy-map command 2. police command 3. protect command 4. point-to-point command

1. policy-map command

Regardless of the logging method implemented, it is important to ensure that the firewall has 1. the correct date and time 2. an accurate IP address 3. a secure power supply 4. a static ACL

1. the correct date and time

PIX/ASA ACLs are linked lists of values (known as ACL entries (ACEs) parsed in a 1. top-down manner 2. bottom-up manner 3. last-in-first-out manner 4. first-in-last-out manner

1. top-down manner

PIX/ASA 7.x operates with a new mode of operation where the firewall is more like a bridge than a router, allowing traffic to traverse without requiring additional hops. This mode is called: 1. transparent mode 2. ghost mode 3. accidental mode 4. default mode

1. transparent mode

When a Linksys Router/Firewall is used in a SOHO environment the ________________ is automatically enabled by default. 1.Dynamic Host Configuration Protocol (DHCP) 2.Universal Plug-&-Play (UPnP) 3.Dynamic Domain Name Servie (DynDNS or DDNS) 4.Remote Access Service (RAS)

1.Dynamic Host Configuration Protocol (DHCP)

Routing Information Protocol (RIP) supports a maximum hop count of _____ hops which makes it suitable for small network environments. 15 10 20 30

15

Quality of Service (Qos) prioritization could be applied and determined by: (Choose all that apply) 1. Protocol Port 2. Ethernet Port 3. MAC address 4.Queried Application

2. Ethernet Port 3. MAC address 4.Queried Application

When enabled this setting prevents the router from being able to be pinged or otherwise connected to on the external interface 1.Filter Multicast 2.Block Anonymous Internet Requests (BAIR) 3.Filter Internet NAT Redirection 4.Filter IDENT

2.Block Anonymous Internet Requests (BAIR)

A setting that permits a host to query a network node 1.Block Anonymous Internet Requests (BAIR) 2.Filter IDENT 3.Filter Internet NAT Redirection 4.Filter Multicast

2.Filter IDENT

Examples of secure firewalls would be: (Choose all that apply) 1.NAT Firewall 2.Microsoft ISA Server 3.Check Point Firewall-1 4.Cisco PIX Firewall

2.Microsoft ISA Server 3.Check Point Firewall-1 4.Cisco PIX Firewall

The utilization of NAT would impede the performance of which protocols? (Choose all that apply) 1.Dynamnic Host Configuration Protocol (DHCP) 2.Point-to-Point Tunneling Protocol (PPTP) 3.Internet Protocol Security (IPsec) 4.Point-to-Point Protocol over Ethernet (PPPoE)

2.Point-to-Point Tunneling Protocol (PPTP) 3.Internet Protocol Security (IPsec) 4.Point-to-Point Protocol over Ethernet (PPPoE)

Which port would NOT need to be accessible by the local network? 21 135 445 3389

21

When enabled a setting that permits a user to configure the router to block access to local network nodes from other local network nodes attempting to connect through an external masked address 1.Filter IDENT 2.Filter Multicast 3.Filter Internet NAT Redirection 4.Block Anonymous Internet Requests (BAIR)

3.Filter Internet NAT Redirection

A setting that would permit a burst of traffic to be sent simultaneously to several registered hosts. 1.Block Anonymous Internet Requests (BAIR) 2.Filter IDENT 3.Filter Multicast 4.Filter Internet NAT Redirection

3.Filter Multicast

The message length field in the UDP datagram header has a minimum value of _____ .

8 bytes

The 32-bit IPaddress is separated into four _______octets.

8-bit

Web browsers and web servers allow users to access graphical content using HTTP, which uses TCP port ________. 80 443 21 135

80

Which of the following is one of the three types of routing? Dynamic Distorted Normalized Simple

Dynamic

Access list webtype is the most commonly implemented type of ACL and is used for general-purpose filtering of TCP/IP-based traffic. True/False?

False

According to the textbook, a good configuration checklist for the PIX/ASA firewall consists of 24 items. True/False?

False

NAT-based packet-filtering routers provide stateful packet inspection (SPI). True/False?

False

Port Triggering does forward all traffic to an internal host until the data stop command has been initiated. True/False?

False

Port-range forwarding is an advanced port-forwarding configuration that few firewalls & routers implement. True/False?

False

Remote Desktop should never be configured as an exception in the Windows Firewall policy. True/False?

False

The TCP/IP protocol suite that was based on the DoD model, maps directly to the OSI model. True/False?

False

NAT firewalls perform advanced firewall functions. True/False?

False?

Which level of security would be the best selection for a system directly connected to the internet through a broadband connection that is always active. High security level Low security level Medium security level No security level

High security level

NAT is the acronym for Selected Answer: Network Address Translation Network Address Transmission Network Assessment Transposition Network Analyzed Translation

Network Address Translation

Which of the following is NOT one of the three classes of routing protocols? Proximity Distance vector Link state Hybrid

Proximity

The ICMP message of Destination unreachable (Type 3), (Code 0) typically indicates a failure of a ____________.

Router

A fundamental aspect of almost all firewalls is the use of ACLs to define the list of permitted or denied traffic. True/False?

True

Dial-up connections are not considered to be a critical to protect as "always connected" broadband connections. True/False?

True

IP packet data is a variable length, ranging from 1 to 65515 bytes. True/False?

True

The most secure firewall is the disconnection of the network from the Internet. True/False?

True

Trend Micro's firewall supports Windows systems back to Windows 98 and 98 SE. True/False

True

On a Linksys Router/Firewall the _________________ tab is used to configure & filter external sources to internal sources. Status Security Administration Application & Gaming Setup

Application & Gaming


Related study sets

Chapter 1- Blockchain Fundamentals

View Set

MEANING OF SIMILARITY - THEOREMS

View Set

Leadership and Management skills

View Set

Case study - convolutional neural networks (CNNs)

View Set