Ch.7

Question 1

a monitoring technique used by an intrusion detection system (IDS) that creates a baseline of normal activities and compares actions against the baseline. Whenever there is a significant deviation from this baseline, an alarm is raised

Answer 1

anomaly-based monitoring

Question 2

a firewall that can identify the applications that send packets through the firewall and then make decisions about the applications

Answer 2

application-aware firewall

Question 3

a specialized intrusion detection system (IDS) that is capable of using “contextual knowledge” in real time

Answer 3

application-aware IDS

Question 4

an intrusion prevention system (IPS) that knows information such as the applications that are running as well as the underlying operating systems

Answer 4

application-aware IPS

Question 5

a special proxy server that knows the application protocols that it supports

Answer 5

application-aware proxy

Question 6

a monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it

Answer 6

behavior-based monitoring

Question 7

searching incoming web content to match keywords

Answer 7

content inspection

Question 8

a defense that uses multiple types of security devices to protect a network. Also called LAYERED SECURITY

Answer 8

defense in depth

Question 9

a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network

Answer 9

demilitarized zone (DMZ)

Question 10

a set of individual instructions to control the actions of a firewall

Answer 10

firewall rules

Question 11

a monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists

Answer 11

heuristic monitoring

Question 12

a software-based application that runs on a local host computer that can detect an attack as it occurs

Answer 12

host-based intrusion detection system (HIDS)

Question 13

a device that detects an attack as it occurs

Answer 13

intrusion detection system (IDS)

Question 14

a defense that uses multiple types of security devices to protect a network. Also called DEFENSE IN DEPTH

Answer 14

layered security

Question 15

a dedicated network device that can direct requests to different servers based on a variety of factors

Answer 15

load balancer

Question 16

searching for malware in incoming web content

Answer 16

malware inspection

Question 17

a technique that examines the current state of a system or network device before it is allowed to connect to the network

Answer 17

network access control (NAC)

Question 18

a technique that allows private IP addresses to be used on the public Internet

Answer 18

network address translation (NAT)

Question 19

a technology that monitors network traffic to immediately react to block a malicious attack

Answer 19

network intrusion prevention system (NIPS)

Question 20

hardware or software that captures packets to decode and analyze their contents

Answer 20

protocol analyzer

Question 21

a computer or an application program that intercepts user requests from the internal secure network and then processes those requests on behalf of the user

Answer 21

proxy server

Question 22

any combination of hardware and software that enables remote users to access a local internal network

Answer 22

remote access

Question 23

a computer or an application program that routes incoming requests to the correct server

Answer 23

reverse proxy

Question 24

a device that can forward packets across computer networks

Answer 24

router

Question 25

a monitoring technique used by an intrusion detection system (IDS) that examines network traffic to look for well-known patterns and compares that activities against a predefined signature

Answer 25

signature-based monitoring

Question 26

a technique that uses IP addresses to divide a network into network, subnet, and host

Answer 26

subnetting (subnet addressing)

Question 27

a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices

Answer 27

switch

Question 28

network hardware that provides multiple security functions

Answer 28

unified threat management (UTM)

Question 29

restricting access to unapproved websites

Answer 29

URL filtering

Question 30

a technology that allows scattered users to be logically grouped together even though they may be attached to different switches

Answer 30

virtual LAN (VLAN)

Question 31

a technology that enables use of an unsecured public network as if it were a secure private network

Answer 31

virtual private network (VPN)

Question 32

a device that aggregates VPN connections

Answer 32

VPN concentrator

Question 33

a special type of application-aware firewall that looks at the applications using HTTP

Answer 33

web application firewall

Question 34

a device that can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).

Answer 34

web security gateway

Question 35

1. Which secure feature does a load balancer NOT provide?

a. hide HTTP error pages
b. remove server identification headers from HTTP responses
c. filter packets based on protocol settings
d. block denial-of-service (DoS) attacks

Answer 35

C

Question 36

2. Which of these would NOT be a filtering mechanism found in a firewall rule?

a. source address
b. date
c. protocol
d. direction

Answer 36

b

Question 37

3. A(n)_____ can identify the application that send packets and then make decisions about filtering based on it.

a. application-aware firewall
b. reverse proxy
c. Internet content filter
d. web security gateway

Answer 37

a

Question 38

4. Which function does an Internet content filter NOT perform?

a. URL filtering
b. malware inspection
c. content inspection
d. intrusion detection

Answer 38

d

Question 39

5. How does network address translation (NAT) improve security?

a. it discards unsolicited packets
b. it filters based on protocol
c. it masks the IP address of the NAT device
d. NATs do not improve security

Answer 39

A

Question 40

6. How does a virtual LAN (VLAN) allow devices to be grouped?

a. based on subnets
b. logically
c. directly to hubs
d. only around core switches

Answer 40

b

Question 41

7. Which device is easiest for an attacker to take advantage of in order to capture and analyze packets?

a. hub
b. switch
c. router
d. load balancer

Answer 41

a

Question 42

8. Which of these is NOT an attack against a switch?

a. MAC address impersonation
b. ARP poisoning
c. MAC flooding
d. ARP impersonation

Answer 42

d

Question 43

9. Which statement regarding a demilitarized zone (DMZ) is NOT true?

a. It can be configured to have one or two firewalls
b. It provides an extra degree of security
c. It typically includes an email or web server
d. It contains servers that are used only by internal network users

Answer 43

d

Question 44

10. Which statement about network address translation (NAT) is true?

a. It can be stateful or stateless
b. It substitutes MAC addresses for IP addresses
c. It removes private addresses when the packet leaves the network
d. It can be found only on core routers

Answer 44

c

Question 45

11. Which of these is NOT an advantage of a load balancer?

a. The risk of overloading a desktop client is reduced
b. Network hosts can benefit from having optimized bandwidth
c. Network downtime can be reduced
d. DoS attacks can be detected and stopped

Answer 45

a

Question 46

12. A (n)___________intercepts internal user requests and then processes those requests on behalf of the users.

a. content filter
b. host detection server
c. proxy server
d. Intrusion prevention device

Answer 46

C

Question 47

13. A reverse proxy _____.

a. only handles outgoing request
b. is the same as a proxy server
c. must be used together with a firewall
d. routes incoming requests to the correct server

Answer 47

d

Question 48

14. Which is the preferred location for installation of a spam filter?

a. on the POP3 server
b. with the SMTP server
c. on the local host client
d. on the proxy server

Answer 48

b

Question 49

15. A _____ watches for attacks and sounds an alert only when one occurs.

a. firewall
b. network intrusion prevention system (NIPS)
c. proxy intrusion device
d. network intrusion detection system (NIDS)

Answer 49

d

Question 50

16. A multipurpose security device is known as _____.

a. Cohesive Attack Management System (Co-AMS)
b. Proxy Security System (PSS)
c. Intrusion Detection/Prevention (ID/P)
d. Unified Threat Management (UTM)

Answer 50

d

Question 51

17. Each of these can be used to hide information about the internal network EXCEPT _____.

a. a protocol analyzer
b. subnetting
c. a proxy server
d. network address translation (NAT)

Answer 51

a

Question 52

18. What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?

a. There is no difference; a NIDS and a NIPS are equal
b. A NIPS can take actions more quickly to combat an attack
c. A NIDS provides more valuable information about attacks
d. A NIPS is much slower because it uses protocol analysis

Answer 52

b

Question 53

19. If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by ______.

a. a Trojan horse
b. TCP/IP hijacking
c. Address Resolution Protocol (ARP) poisoning
d. DHCP man-in-middle

Answer 53

c

Question 54

20. A firewall using ______ is the most secure type of firewall.

a. stateful packet filtering
b. network intrusion detection system replay
c. stateless packet filtering
d. reverse proxy analysis

Answer 54

a