Module 5 Chapter 13,14,15 Network Security, Firewalls and VPN Second Edition

Which of the following is a minimum requirement for running SmoothWall?

512 MB PC SDRAM

Which of the following characteristics relates to Kerberos?

A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Which of the following characteristics relates to mobile IP?

A standard communications protocol designed to let mobile devices users move from one network to another while maintaining a permanent IP address.

Which type of firewall is designed to control input, output, and/or access to an application?

Application firewall

Which of the following identifies a user based on anatomical characteristics such as a fingerprint, a voice print, or iris patterns?

Biometrics

Which of the following is a solution that represents the majority of VPNs on the market and is commonly referred to as a VPN appliance? This solution is easy to set up, manage, and maintain.

CPE

Which of the following deals with keeping information, networks, and systems secure from unauthorized access?

Confidentiality

Which of the following is a key feature of SmoothWall?

Cybercash support

What is meant by synchronous Dynamic Random Access Memory (SDRAM)?

Dynamic random access memory that has a synchronous interface.

Which of the following refers to a public interest research group in Washington, D.C. that was established in 1994 to preserve the right of privacy in the electronic age as well as to give individuals greater control over personal information?

EPIC

Which of the following links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure?

Extranet VPNs

Which of the following is used to connect two offices in different locations?

Gateway-to-Gateway vpn

Which of the following is a collection of honeypots used to present an attacker an even more realistic attack environment?

Honeynet

For which of the following does the mobile user take specific actions to connect to the VPN?

Host-to-gateway vpn

Which of the following is an IPSec-based VPN protocol that uses NAT traversal (NAT-T)?

IKEv2

Which name is given to an architectural framework for delivering IP multimedia services?

IP multimedia subsystem (IMS)

Which of the following detects unauthorized user activities, attacks, and network compromises, alerts of the detected attacks, and takes action to prevent breaches?

IPS

Which of the following is a public location that sells Internet access?

Internet cafe

Which of the following allows file-sharing functionality?

LogMeIn

Which of the following is a method for encapsulating IPSec ESP packets into UDP packets to pass through routers or firewalls employing Network Address Translation (NAT)?

NAT-T

Which of the following is as an architecture that is designed to limit a network's vulnerability to eavesdropping and traffic analysis?

Onion routing

Which of the following refers to a database tool intended to handle time-series data, such as network bandwidth, temperatures, CPU load, and so on?

RRDTool

Which of the following is a Microsoft remote control solution used for modern operating systems that allows help desk professionals or other IT administrators to remotely control a user's system, while the user is watching?

Remote Assistance

Which of the following risks can compromise the confidentiality of documents stored on the server?

Risk that information about the server can be accessed

Which of the following is a popular open-source intrusion detection system that runs on SmoothWall??

SNORT

Which of the following requires PKI support and is used for encryption with newer tunneling protocols?

SSTP

Which of the following is a Microsoft solution that runs on a Microsoft Terminal Services server but appears, to end users, as if it were actually running on their systems?

TS RemoteApp

Which of the following allows administrators to connect remotely into servers from their desktop computers?

Terminal services for administration

Describe the three tenets of information security.

The three tenets of information security are of the C-I-A triangle. C-confidentiality means to secure all assets from unauthorized users. This will include strong encryption, authentication, and stringent access controls. I-intergrity means to ensure the information is protected against any unauthorized users or changes made by mistake. A-availability means the assets are available to users when they need it.

Which of the following refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker?

anti-forensics

The term Electronic Privacy Information Center (EPIC) refers to a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.

false

Which of the following is a system that waits for an IDS to detect and attackers and then transfers the attackers to a special host where they cannot do damage to the production environment?

padded cell

Which of the following will generate a graph of network traffic every five minutes on a firewall?

smoothwall

Which term describes a distributed data protection technology that leverages deep analysis, context evaluation, and rules configured from a central console to ensure confidential information remains secure while in use, in transit, and at rest?

DLP

Which of the following is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet?

DMZ

If an external server needs to communicate with servers inside the green zone, which network setting on SmoothWall can be opened?

DMZ pinhole

Which of the following is a Microsoft solution that can be used as an alternative to a traditional Internet Engineering Task Force (IETF) VPN?

DirectAccess

Which name is given to a set of communications standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network?

ISDN

Which term describes a set of concepts and practices that provides detailed descriptions and comprehensive checklists, tasks, and procedures for common IT practices?

ITIL

What are digital forensic techniques?

Identifying, extracting, and evaluating evidence obtained from digital media such as computer hard drives.

Which of the following offers keycard security and allows you to restrict the times that your computer can be remotely accessed?

NTRconnect

In SmoothWall, what color network interface card indicates the segment of the network is not trusted, but shares the Internet connection?

Orange

Which of the following is a proprietary protocol developed by Microsoft that provides a user with a graphical interface to another computer?

RDP

What must be enabled to test SmoothWall's capability to mitigate attacks?

Snort intrusion detection software

A gateway-to-gateway VPN provides connectivity between two locations such as a main office and a branch office.

TRUE

CERT, SANS, and Symantec are excellent network security Web sites.

TRUE

Which of the following allows a single server to host one or more applications for remoter users?

Terminal services for applications

In addition to providing network security, organizations must address what other type of security issue?

Transaction security

Connecting port 22 or 222 with a client such as WinSCP3 will allow SmoothWall which capability?

Transferring files via SCP/SFTP

Which of the following describes a VPN?

a hardware and software solution for remote workers, providing users with a data-encrypted gateway through a firewall and into a corporate network

What term is used to describe a chipset developed and promoted by the U.S. government from 1993 to 1996 as an encryption device to be adopted by telecommunications companies for voice transmission?

clipper chip

Which of the following is the term that describes the consistency, accuracy, and validity of data or information?

integrity

Which of the following is a third-party tool that Symantec offers as a solution for organizations to access and securely manage remote computers?

pcAnywhere

The degree to which a firewall can impose user access restrictions is known as which of the following?

privilege control

Which of the following will track every single connection outside the Web by IP address and URL?

proxy server

The volume of data throughput and transmission speed associated with a firewall is considered what?

scalability

Which of the following involves writing hidden messages so that only the sender and intended recipient know a message exists?

steganography

Clipper Chip was a chipset developed and promoted by the U.S. government as an encryption device to be adopted by telecommunications companies for voice transmission and was discontinued in 1996.

true

Digital forensic techniques identify, extract, and evaluate evidence obtained from digital media such as computer hard drives, CDs, DVDs, and other digital storage devices.

true

Tor was derived from the Onion Routing Project managed by the U.S. Naval Research Lab.

true

When implementing VPNs, you should not disable unneeded services or protocols.

true

Which of the following monitors traffic that gets through the screening firewall and has the advantage of reducing the amount of traffic to be monitored?

unfiltered IDS/IPS installation