5.2.1 : Quiz Firewall (Doshi) Flashcards
The most robust configuration in firewall rule base is:
A. Allow all traffic and deny the specified traffic
B. Deny all traffic and allow the specified traffic
C. Dynamically decide based on traffic
D.Control traffic on the basis of discretion of network administrator
B. Deny all traffic and allow the specified traffic
In any given scenario, most robust configuration in firewall rule is ‘deny all traffic and allow specific traffic’ (as against ‘allow all traffic and deny specific traffic’). This will help to block unknown traffic to critical systems and servers.
A packet filtering firewall operates on which layer of following OSI model?
A. Network layer
B. Application layer
C. Transport layer
D. Session layer
A. Network layer
Which of the following would be the MOST secure firewall system implementation?
A. Screened-host firewall
B. Screened-subnet firewall
C. Dual-homed firewall
D. Stateful-inspection firewall
B. Screened-subnet firewall
Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened subnet firewall is also used as a demilitarized zone (DMZ). Difference between screened subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet filtering firewall.
Which of the following types of firewalls provide the MOST secured environment?
A. Stateful Inspection
B. Packet filter
C. Application gateway
D. Circuit gateway
C. Application gateway
Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model). Following is the major difference between application and circuit gateway:
(1) Application gateway works on application layer of OSI model and Circuit gateway works on session layer.
(2) Application gateway has different proxies for each service whereas Circuit gateway has single proxy for all services.
(3) Therefore, application gateway works in a more detailed (granularity) way than the others.
An organization wants to protect a network from Internet attack. Which of the following firewall structure would BEST ensure the protection?
A. Screened subnet firewall
B. Screened host firewall
C. Packet filtering router
D. Circuit-level gateway
A. Screened subnet firewall
Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened subnet firewall is also used as a demilitarized zone (DMZ). Difference between screened-subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet filtering firewall. Both works on the concept of bastion host and proxy.
The firewall that allows traffic from outside only if it is in response to traffic from internal hosts, is:
A. Application level gateway firewall
B. Stateful Inspection Firewall
C. Packet filtering Router
D. Circuit level gateway
B. Stateful Inspection Firewall
Stateful Inspection Firewall keeps track of the connection and ensures that incoming message is in response to the request that went out of the organization.
An organization with the objective of preventing downward of file through FTP (File Transfer Protocol) should configure which of the firewall types ?
A. Stateful Inspection
B. Application gateway
C. Packet filter
D. Circuit gateway
B. Application gateway
Application gateway works on application layer of OSI model and effective in preventing applications, such as FTPs and https. A circuit gateway firewall is able to prevent paths or circuits, not applications, from entering the organization’s network.
An organization wants to connect a critical server to the internet. Which of the following would provide the BEST protection against hacking?
A. Stateful Inspection
B. A remote access server
C. Application-level gateway
D. Port scanning
C. Application-level gateway
Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).An application-level gateway is the best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted. It analyze each package in detail at application level of OSI which means that it reviews the commands of each higher-level protocol such as HTTP, FTP etc.
An IS auditor should be most concern about which of the following while reviewing a firewall?
A. Properly defined security policy
B Use of latest firewall structure with most secure algorithm.
C. The effectiveness of the firewall in enforcing the security policy.
D. Technical knowledge of users.
The effectiveness of the firewall in enforcing the security policy.
In absence of effective firewall implementation, other factors will not be effective. The existence of a good security policy is important, but if the firewall has not been implemented so as to effectively enforce the policy, then the policy is of little value.
While implementing a firewall, the most likely error to occur is:
A. wrong configuration of the access lists.
B. compromise of the password due to shoulder surfing.
C. inadequate user training about firewall rules.
D. inadequate anti-virus updation.
A. wrong configuration of the access lists.
Updation of correct and current access list is a significant challenge and, therefore, has the greatest chance for errors at the time of the initial installation. Others are not an element in implementing a firewall.
The first step in installing a Firewall in a large organization is:
A. Develop Security Policy
B. Review firewall settings
C. Prepare Access Control List
D. Configure the firewall
A. Develop Security Policy
First step is to develop security policy and on the basis of approved security policy other steps to be considered.
Which of the following is the MOST critical function of a firewall?
A. to act as a special router that connects different network.
B. device for preventing authorized users from accessing the LAN.
C. device used to connect authorized users to trusted network resources.
D. proxy server to increase the speed of access to authorized users.
C. device used to connect authorized users to trusted network resources.
Main and critical function of a firewall is to prevent unauthorized access to server. A firewall is a set of related programs that protects the resources of a private network from users of other networks.
Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
A. Secure Sockets Layer (SSL) has been implemented.
B. Firewall policies are updated on the basis of changing requirements.
C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
D. The firewall is placed on top of the commercial operating system with all installation options.
D. The firewall is placed on top of the commercial operating system with all installation options.
Firewall Security can be compromised when all the installation options are kept open. Other choices are prudent options for better firewall security.
An IS auditor is reviewing firewall security of the organization. Which of the following is the BEST audit procedure to determine if a firewall is configured as per security policy?
A. Review incident logs.
B. Review Access Control List.
C. Review the actual procedures.
D. Review the parameter settings.
D. Review the parameter settings.
A review of the parameter settings will provide a good basis for comparison of the actual configuration to the security policy and will provide audit evidence documentation. The other choices do not provide as strong audit evidence as choice A.
Which of the following concerns would be addressed by a firewall?.
A. Unauthorized access from external network
B. Unauthorized access from internal network
C. A delay in Internet connectivity
D. A delay in system processing
A. Unauthorized access from outside the organization
Firewalls are meant to prevent outsiders from gaining access to an organization’s computer systems through the Internet gateway.
