ITN 263 Midterm Pt 2

Which of the following can affect the confidentiality of documents stored on a server?

A server breach

In executing the processes of risk assessment and risk management, which statistic calculates the potential number of times the threat could be a realized attack in a year's time?

Annualized rate of occurrence

Which of the following is a common firewall philosophy?

Deny by default

Hashing does not verify the integrity of messages.

False

Protecting computers, hard disks, databases, and other computer equipment from unauthorized Internet access can be categorized as what kind of security area?

Network security

With multifactor authentication, facial geometry is an example of something you know.

False

pfSense can be installed on a local firewall only.

False

Which of the following is a protocol that allows web servers to complete secure transactions over the Internet?

Hypertext Transfer Protocol Secure (HTTPS)

When setting up port forwarding on an external firewall to pass HTTP traffic from the Internet to an internal web server, the external address and port are 208.40.235.38:8081. What is the internal IP address and port, assuming the most common port for that protocol?

192.168.5.74:80

While the design of a hardware firewall requires it to filter all inbound and outbound traffic, it can also act as a bottleneck for that traffic if the wire speed it filters at is too slow. For a 1 gigabits per second (Gbps) network, what filtering wire speed should the firewall possess?

2 Gbps or higher

A hardware firewall is a dedicated hardware device specifically built and hardened to support the functions of firewall software.

True

A next-generation firewall (NGFW) is a device that offers additional capabilities beyond traditional firewall functionality.

True

A small office/home office (SOHO) firewall may include intrusion detection.

True

A small office/home office (SOHO) virtual private network (VPN) hardware firewall provides remote access.

True

Israel is a network technician who has just deployed a new firewall. Before putting it in production, he wants to test the firewall's ability to filter traffic according to its rule set, without risking the internal network. What is the best solution?

Place the firewall in a virtual network environment and simulate traffic.

Malika is a network engineer who is configuring firewalls separating both the Accounting and HR departments from the rest of the business divisions on the local area network (LAN). She wants to allow only certain traffic into those subnets from both internal employees and those working from home. The traffic may include email, chat, and video conferencing. She wants to prevent access to the company intranets to protect confidential employee and financial data. How has she configured these firewalls?

Filter

Isabelle is the cybersecurity engineer for a medium-sized company. She is setting up a firewall for examining inbound network traffic for a variety of characteristics. While remote users working from home should be allowed access to network resources, malicious traffic should be blocked. To differentiate between the two, Isabelle is looking at factors such as whether the inbound traffic is a response to a previous request inside the network, whether it includes blocked domain names, IP addresses, and protocols, and whether it conforms to known malicious patterns or is otherwise abnormal. What is she setting up the firewall to practice?

Filtering

Delmar is a consultant configuring a small firewall for a client who uses a small office/home office (SOHO) network. He is permitting the common protocols on the outbound connection, but he can only forward rather than block incoming protocols. If he forwards common protocols such as FTP, Telnet, and NetBIOS, how can this protect the network from anyone who may maliciously use these ports?

Forward to a nonexistent port where no device is listening

A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect?

Packet header

Thuan is a new network engineer. He is increasing the security of end-user computers. Which of the following is a security feature every client computer needs?

Password-protected screen saver

Geraldine is a freelance network technician. She has been hired to design and build a small office/home office (SOHO) network. She is considering what firewall solution to select, keeping in mind that her client has a tight budget and the network is made up of no more than six nodes. Which of the following is the best solution?

Personal hardware firewall integrated in the wireless access point or modem

Werner is a security manager for a health insurance company. He is examining the organization's compliance with patient privacy. While investigating how staff handle verbal and email communications, he discovers that some staff members are lax about how well they protect details that, when combined, might be used to reveal sensitive details about some customers. What is the focus of his concern?

Personally identifiable information (PII)

The design of firewall placement and configuration in a network infrastructure has many aspects. Which of the following concerns is most likely related to an upper management decision that does NOT conform with existing security policy?

Political

Which of the following is a concern when considering the use of a demilitarized zone (DMZ) firewall solution to access high-value data on an internal network?

Poorly constructed firewall rules

A best practice when troubleshooting issues is to make one change at a time, and then test the change before making any other changes.

True

A firewall serves as a clear and distinct boundary between one network area and another.

True

A firewall's job is to impose all restrictions and boundaries defined in the security policy on all network traffic.

True

A good practice is to trust no network traffic until it is proved to comply with security policy.

True

A guideline for firewall selection is to never skimp on throughput.

True

A virtual firewall can protect physical networks as well as virtual clients and servers.

True

A web server between two firewalls is considered to be in a demilitarized zone (DMZ).

True

All the rules on a firewall are exceptions.

True

An IPv6 address consists of 128 bits; an IPv4 address consists of 32 bits.

True

An active threat is one that takes some type of initiative to seek out a target to compromise.

True

Authentication is the verification or proof of someone's or something's identity.

True

Basic packet filtering provided by routers can be used to protect subnets within a network.

True

Content filtering can focus on domain name, URL, filename, file extension, or keywords in the content of a packet.

True

Firewall implementation documentation should include every action taken from the moment the firewall arrives on site through the point of enabling the filtering of production traffic.

True

Firewalls can provide port-forwarding services.

True

IT infrastructure growth can be expected, unexpected, gradual, or abrupt.

True

If a server has a public IP address, it is a potential target for hacker attacks.

True

In a risk assessment, the asset value (AV) includes both tangible and intangible costs.

True

Including photos of configuration screens in firewall procedures can speed up restoration after a network incident.

True

It is often more difficult to preserve a user's privacy on the Internet than in the physical world.

True

Network router security is primarily about preventing unauthorized access.

True

Networked systems that are no longer used or monitored can become network entry points for hackers.

True

One contingency for growth is to build additional capacity into the current infrastructure.

True

Outbound network traffic should be subjected to the same investigations and analysis as inbound network traffic.

True

Passive threats are those you must seek out to be harmed, such as visiting a malicious website.

True

Redundancy is the act of avoiding single points of failure.

True

Static packet filtering uses a static or fixed set of rules to filter network traffic.

True

TCP/IP is a suite of two communication protocols.

True

The Internet Assigned Numbers Authority (IANA) is responsible for global coordination of IP addressing.

True

The pfSense firewall requires the host to have at least two network interface controllers (NICs).

True

When considering network expenditures, sunk costs should not influence future choices.

True

Windows Defender Firewall is an example of a native firewall.

True

You can check firewall connectivity using the ping and traceroute commands.

True

A firewall with two interfaces is known as a dual-homed firewall.

True

Hypertext Transfer Protocol Secure (HTTPS) does NOT encrypt private transactions made over the Internet.

False

One of the advantages of an off-the-shelf firewall versus a do-it-yourself firewall is lower cost.

False

One technique for hardening a system is to remove all protocols.

False

Private IP addresses can communicate directly with Internet resources.

False

Prospective cost is money paid or an investment made in the past.

False

A firewall allows you to restrict unauthorized access between the Internet and an internal network.

True

A firewall best practice is to document every action taken during troubleshooting.

True

Devaki is an engineer who is designing network security for her company's infrastructure. She is incorporating protections for programming flaws, default settings, maximum values, processing capabilities, and memory capacities on devices, as well as malicious code and social engineering. What is this type of protection called?

Defense in depth

A social networking website has been gathering a great deal of personal information on its users for years. This presents the potential danger of exposure if the site is hacked. In addition, the data could be sold by the social networking platform without the users' knowledge or consent. What technology does the social media company most likely use to gather data, such as users' buying preferences?

Data mining

The goal of the Electronic Privacy Information Center (EPIC) is to preserve consumer privacy in the state of California.

False

The pfSense firewall is a border firewall.

False

The sole use of ingress and egress filtering is to eliminate spoofing.

False

A bastion host firewall stands guard along the pathway of potential attack, positioned to take the brunt of any attack.

True

Static IP addressing hands out IP addresses to hosts from a pool.

False

The IP address range of 192.168.0.0-192.168.255.255/16 is the Class A range.

False

Thirty years ago, a major corporation purchased and still owns IP addresses within the IPv4 Class A range. The corporation uses these addresses to connect to the Internet. To which IPv4 address range do they belong?

1.0.0.1 to 126.255.255.254

Passive threats are those you must act upon to be harmed, such as clicking a link and downloading infected content. An active threat, such as a hacker, seeks out vulnerable targets. Which of the following is least effective against passive threats?

A door lock

Which of the following best describes a network chokepoint?

A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering

In preserving the confidentiality of users on a corporate network, which party is responsible for setting up security policies to guarantee users' privacy?

Administrator

Mario is the network security engineer for his company. He discovered that, periodically, a remote user working from home accesses certain resources on the network that are not part of her regular duties. Mario has questioned the user and her supervisor, and has accessed the user's workstation. Mario believes the user is not the source of these intrusions and strongly suspects a malicious source is responsible. What is the most likely explanation?

An external hacker has gained access to the user's authentication and is accessing confidential company resources.

Although it is not recommended, a company chief information officer (CIO) wants to configure and use the ff02::1 group on his new IPv6 network to send traffic to every node in the infrastructure. What group must he enable?

Anycast

Charles is an IT help desk technician. He gets a ticket from a branch office saying that they lost Internet connectivity. He investigates remotely over a backup maintenance link and determines that this was done by design; the office's firewall deliberately severed the connection. Which of the following does this functionality define?

Bastion host

Nina is a corporate attorney for a San Francisco firm. The chief information and security officer (CISO) told her that the firm's data center had been hacked 24 hours ago. The personal information of more than 3 million users was accessed, including their full names, addresses, and login credentials. Nina discusses the company's liability under the law, including the requirement to implement and maintain reasonable security procedures and practices. If it can be proven that the firm was negligent, it may need to pay damages. Which of the following regulates this issue?

California Consumer Privacy Act (CCPA)

Augustine is a network engineer for a mid-sized company. He needs to deploy a new firewall, which was expensive to purchase and is complex to configure. In preparation for installation and configuration, he attends training conducted by the firewall vendor. Which of the following types of firewalls is he most likely planning to install?

Commercial

Jiang is a network technician. He is programming a web server to provide clients with dynamically produced web content in real time based on several attributes that the connecting user enters. This includes any forms the user may fill out. Martha is the cybersecurity chief. She says that the technology Jiang is using could expose sensitive customer data to hackers if it were ever accessed. What web server technology is Jiang using?

Common Gateway Interface (CGI )

Tonya is redesigning her company's network infrastructure to accommodate rapid growth. Several departments are highly specialized. Tonya needs to allow Network News Transfer Protocol (NNTP) on some, but not all, subnets. Her budget is limited. Which of the following is the best solution?

Configure existing routers to filter NNTP packets.

Rupesh is a network technician who has been tasked by his supervisor to configure the edge firewall of an office branch. His task is to focus on outbound traffic based on several factors, such as domain name, URL, file extension, and certain keywords. What is he configuring the firewall to perform?

Content filtering

Brianna is an IT technician. She is studying a threat that holds the communication channel open when a TCP handshake does not conclude. What kind of attack does this involve?

Denial of service (DoS) attack

Which of the following is a firewall implementation best practice?

Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls.

The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv4 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution?

Dynamic Host Configuration Protocol (DHCP) reservation

What prevents firewall filtering?

Encryption

A host software firewall should never be installed on a server if a dedicated firewall appliance is deployed on the same network.

False

A software firewall can protect multiple hosts from malicious network activity.

False

All firewalls provide network perimeter security.

False

Bump-in-the-wire is a software firewall implementation.

False

Removing all unnecessary protocols, uninstalling all unnecessary applications and services, and installing the latest final releases of all device drivers are part of which security process?

Hardening

Which of the following is closely associated with maintaining data integrity?

Hash

Hao is a network security engineer for a mid-sized company. She is redesigning the infrastructure and its resources to provide greater protection from both external and internal threats. She wants to place firewall devices not only where the local area network (LAN) connects to the Internet, but also within the network. Although she doesn't suspect any employees of misusing computer resources, there is always the potential that one might send unauthorized emails or other messages containing confidential company information to a competitor. Which redundant solution should she select that will be most likely to detect malicious behavior by an internal employee?

Host firewalls and firewalls at each subnet

Location-aware anti-theft software will periodically upload its location to a centralized site in the event that the mobile device is lost or stolen. What can defeat this?

If the thief reformats the mobile device's drive

Nicolau is a network engineer for a large online retailer. He is concerned about the security of his company's network connections to its customers, vendors, and partners. Although all of these sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect unauthorized user activity and attacks that is also capable of taking action to prevent a breach?

Intrusion detection system/intrusion prevention system (IDS/IPS)

The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for?

More than 50 percent

Marcus is studying networking with an emphasis on cybersecurity at a local university. As part of his research, he wants to visit certain hacker sites but is concerned that his laptop would be vulnerable to passive threats while visiting them. He doesn't have the funds for expensive security equipment. What is the least expensive option he has at hand?

Native firewall

Chang is a network engineer. He is revising the company's firewall implementation procedure. He is reviewing the procedural element requiring placement of network firewalls at chokepoints and mapping out the network structure to pinpoint the location where firewalls are to be placed. Which of the following is he focusing on?

Network design

Jae is a network consultant hired by a small business client. He has been asked to recommend a firewall solution. Given the relatively small size of the infrastructure, he suggests a firewall that provides integrated intrusion detection system/intrusion prevention system (IDS/IPS) functionality because a single device offering multiple functions is cost- and space-effective. What is the solution?

Next-generation firewall (NGFW)

What does a digital signature provide?

Nonrepudiation

Which of the following network zones has the lowest risk and the highest trust?

Private network

Logan is a network administrator. He is considering a firewall purchase for a branch office being built by his company. Above all other considerations, the design requires a device capable of a high degree of imposing user access restrictions. What is this called?

Privilege control

Which of the following records every connection outside the network on the Internet by IP address and URL requested?

Proxy server

Gino is an ethical hacker hired as a consultant to test the security of a mid-sized company's network. As part of his assignment, he has been given physical access to the system. He has built a dictionary of hashed passwords from the hard drive of the device. Which type of attack is he planning to launch?

Rainbow

The chief information officer (CIO) is working with the chief financial officer (CFO) on next year's budget for new networking equipment. The CIO is explaining that lowest-cost equipment is not the sole deciding factor. The hardware must conform to high security standards to prevent a malicious person from hacking into the network and accessing valuable company data. Which of the following considerations does not specifically require a hacker to have physical access to the equipment?

Remote connection

Manuela has researched a third-party software firewall she wants to install on her PC since she believes it is a better quality than the operating system's onboard firewall. She has read the installation instructions. The firewall is compatible with her operating system and has gotten good customer reviews. After performing the installation last week, she notices that numerous malicious exploits are successfully hacking her computer. What went wrong?

She forgot to disable the native firewall when she installed the third-party firewall.

Demetrice is a network consultant. She has been hired to design security for a network that hosts 25 employees, many of whom need remote access. The client recently opened another small office in a neighboring community and wants to be able to routinely establish secure network connections between the two locations. The client often deals with customer bank information and requires a particularly secure solution. What is her response to these requirements?

Small office/home office (SOHO) virtual private network (VPN)

Every morning when James logs into his computer and attempts to access Microsoft 365, he is asked to enter his password. After that, he is sent a text on his mobile phone with a six-digit code he must enter. In terms of multifactor authentication, his password is something he knows. What is the text message?

Something he has

Shamika is a networking student who has just moved into a small house with two other roommates. She has purchased a new DSL modem and is planning on configuring the built-in firewall. She needs to change the default username and password for the device first. What is her concern?

The default username and password are likely available on the Internet and anyone could use those credentials to hack into the modem and access the home network.

A best practice is to use strong authentication and nonrepudiation methods for all transactions over the Internet.

True

A hacker is attempting to access a company's router using false Internet Control Message Protocol (ICMP) type 5 redirect messages. What is the hacker's goal?

To spoof or manipulate routing data

Rachel is a network technician. She is writing a proposal that recommends which firewall type to purchase to replace an aging and failing unit. She wants to be able to protect two separate internal network segments with one hardware firewall. What is her recommendation?

Triple-homed

A Dynamic Host Configuration Protocol (DHCP) system automatically assigns IP addresses on network.

True

Nahla is a network engineer charged with maintaining the routine operations of equipment in her company's server room. She is aware that fluctuations in electrical power flow can damage delicate circuitry. While configuring redundancy into a number of systems, which component does she choose that offers both redundancy and power conditioning? Correct!

Uninterruptible power supply (UPS)

Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)?

Upgrade to IPv6

The network infrastructure supervisor is designing a firewall placement strategy that will protect the organization's Internet-facing web and email servers and the internal network. Which design will provide the best protection?

Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network

Santiago is a new network engineer for a mid-sized company. It is his responsibility to ensure that all employees working from home are able to connect to the office network in an efficient and secure manner. He must provide a service that allows communications between out-of-office staff and network resources to be encrypted at the protocol level and to be performed by either client or server software. The solution must also ensure that even if protocol encryption fails, the data is safe by its own encryption. What solution does he select?

Virtual private network (VPN)