CH 13 FIREWALL QUESTIONS Flashcards
Security on the Internet was considered as a priority and was designed from the start.
True
False
False
The Linux packet filter and firewall infrastructure is referred to as _________.
A) Packfilter
B) Netflix
C) Netpackets
D) Netfilter
D) Netfilter
The main principle of Netfilter is:
A) to act only as a firewall.
B) to make decisions on how and when packets should flow.
C) to filter inappropriate websites from being viewed in a web browser.
D) to capture packets and release them only when the administrator allows.
B) to make decisions on how and when packets should flow.
The iptables command specifically manages traffic over the _______ protocol(s).
A) IPv4 AND IPv6
B) IPv4
C) IPv6
D) TCP
B) IPv4
The command to modify Netfilter’s IPv6 configuration is ________:
A) ip
B) ip6tables
C) iptablesv6
D) ipv6tables
B) ip6tables
The _________ is responsible for handling network address translation.
A) NAT table
B) raw table
C) filter table
D) mangle table
A) NAT table
The most common use of the NAT table is to:
A) IP masking.
B) Doman Name Server translation.
C) allow multiple systems to access another network.
D) DHCP aliasing.
C) allow multiple systems to access another network.
The _____ table is responsible for altering or marking packets.
A) mangle
B) NAT
C) filter
D) raw
A) mangle
The raw table is used mainly for dealing with packets at a very _____________.
A) low level
B) even flow
C) high level
D) fast pace
A) low level
The _____ table is responsible for providing basic packet filtering.
A) mangle
B) raw
C) NAT
D) filter
D) filter
Network Address Translation (NAT) allows administrators to hide hosts ______________________.
A) only on the source side of a packet
B) on chesnuts roasting on an open fire
C) on both sides of a router
D) only on the destination side of a packet
C) on both sides of a router
DNAT is also known as the “demilitarized zone.”
True
False
False
SNAT changes the source IP address and port number so it appears different to the ‘outside world.’
True
False
True
Masquerading is really just a special case of_______________.
SNAT
Netfilter’s ability to ensure that packet headers are examined to be sure they are safe to route is referred to as
A) NAT monitoring
B) Stateless connection tracking
C) Stateful connection tracking
D) Internet connection tracking
C) Stateful connection tracking
NAT alone is sufficient to provide network security
True
False
False
________ are a list of rules that acts on a packet flowing through a Linux system.
A) Chains
B) Routes
C) Ropes
D) Channels
A) Chains
There are_________pre-defined chains in Netfilter.
5
PREROUTING - the first chain that is fired when a packet enters the system. Can invoke rules in filter, mangle and NAT tables. Allows for immediate exclusion of packets before any other processing is done.
FORWARD - fired when IP forwarding is enabled and the packet’s destination IP address is on another host. This would be a situation if the Linux server is configured as a gateway server.
INPUT - fired only when packet is destined for host itself. Can call rules in the filter and mangle tables. Final step for inbound packets. From here, applications at layer 4 and above can begin to interact with transmitted data.
OUTPUT - Fired when a packet is being sent FROM the host itself to a destination address. Simialr to PREROUTING but for data leaving the host. Can run rules in the filter, mangle, and NAT tables.
POSTROUTING - generally the SNAT actions (changing the source IP address/port) are done here for outbound packets. Stateful connection tracking can also be enabled here.
Besides OUTPUT, which two of the default chains also uses the NAT table?
A) POSTROUTING
B) OUTPUT
C) INPUT
D) FORWARD
E) PREROUTING
A) POSTROUTING
E) PREROUTING