chapter 11 (2) Flashcards
What is the primary motivation for casual intruders?
a) Espionage
b) Financial gain
c) The thrill of the hunt; to show off
d) Professional advancement
c
Who are script kiddies?
a) Novice attackers using hacking tools
b) Experts in security
c) Organization employees
d) Professional hackers
a
What distinguishes crackers from other types of intruders?
a) They have limited knowledge
b) They use hacking tools for fun
c) They cause damage
d) They are motivated by financial gain
c
What is a common characteristic of insider threats?
a) They have limited knowledge about hacking
b) They are motivated by the thrill of the hunt
c) They have legitimate access to the network
d) They primarily engage in espionage activities
c
Crackers are casual hackers with a limited knowledge of computer security
f. Experts in security (hackers)
Which of the following is not a type of intruder who attempts to gain intrusion to
computer networks?
a. Delphi team member
b. script kiddies
c. crackers
d. professional hackers
e. organization employees
a
What is the best rule for maintaining high security with sensitive data?
a) Keeping sensitive data online but encrypted
b) Storing sensitive data in computers isolated from the network
c) Sharing sensitive data with trusted third parties
d) Deleting sensitive data permanently
b
hich of the following is NOT considered an important control for detecting, preventing, or recovering from intrusion?
a) Security policy
b) Server and client protection
c) Encryption
d) Employee breakroom access control
d
Which of the following is NOT listed as an important control for detecting, preventing, or recovering from intrusion?
a) Security policy
b) Intrusion Detection Systems (IDSs)
c) Encryption
d) Intrusion recovery
b. Intrusion Protection System (IPSs)
What is the primary purpose of a security policy?
a) To increase company profits
b) To control risk due to intrusion
c) To reduce employee productivity
d) To promote employee creativity
b
According to the security policy, what should be clearly defined?
a) Employee vacation days
b) Company lunch hours
c) Important assets to be safeguarded and necessary controls
d) Preferred office attire
c
Which of the following is NOT a component that a security policy should clearly define?
a) Important assets to be safeguarded
b) Procedures for filing expense reports
c) Controls needed to protect assets
d) What employees should and should not do
b
How often should employees receive security training according to the security policy?
a) Once a year
b) Every five years
c) Whenever they feel like it
d) Routinely
d
Who is typically responsible for decision-making regarding security, according to the security policy?
a) The CEO
b) The IT department
c) The decision-making manager designated in the policy
d) External security consultants
c
What is an essential component of the security policy for responding to security breaches?
a) Sending a company-wide email
b) Contacting law enforcement immediately
c) Having an incident reporting system and a rapid-response team
d) Ignoring the breach and hoping it resolves itself
c
What does the security policy prioritize in its risk assessment?
a) Least important assets
b) Most convenient access points
c) Important assets
d) Non-critical user activities
c
What is the purpose of having effective controls at major access points into the network?
a) To welcome external agents
b) To deter access by internal users
c) To prevent access by external agents
d) To provide entertainment for users
c
The most common access point used by attackers to gain access to an organization’s
network is the Internet connection.
t
Why are effective controls within the network necessary?
a) To ensure users exceed their authorized access
b) To enhance management time
c) To minimize inconvenience to users
d) To prevent internal users from exceeding their authorized access
d
According to the security policy, what is the recommended approach regarding the number of controls?
a) Maximize controls for better security
b) Use as few controls as possible
c) Use a moderate number of controls for balance
d) Allow users to set their own controls
b. using just enough security measures to keep things safe without making them too complicated or annoying for users
What does the acceptable use policy outline?
a) Guidelines for users to do whatever they want
b) Guidelines for accessing others’ accounts
c) Guidelines for avoiding password security
d) Guidelines for ignoring email rules
b. An acceptable use policy that explains to users what they can and cannot do, including guidelines for accessing others’ accounts, password security, email rules, and so on
What procedure does the security policy recommend for monitoring changes to important network components?
a) Routine coffee breaks
b) Annual team-building retreats
c) Regular monitoring of network components
d) Ignoring changes altogether
c
What is the purpose of routinely training users regarding security policies?
a) To decrease security awareness
b) To increase the likelihood of security breaches
c) To build awareness of security risks
d) To waste company resources
c
How often should the security practices be audited and reviewed according to the policy?
a) Weekly
b) Quarterly
c) Annually
d) Never, as audits are unnecessary
c
A __________ is a router or special purpose computer that examines packets flowing
into and out of a network and restricts access to the organization’s network.
a. firewall
b. token system
c. ANI
d. call-back modem
e. firefighter
a
What is a common purpose of a firewall in an organization’s network security strategy?
a) To provide physical security for servers
b) To secure internal communications
c) To manage employee schedules
d) To help secure the organization’s Internet connection
d
What additional function can some firewalls perform besides restricting access?
a) Generating daily reports on office activities
b) Scheduling employee meetings
c) Identifying and preventing denial-of-service attacks
d) Ordering office snacks
c
Where are firewalls typically placed within an organization’s network architecture?
a) Only within the company cafeteria
b) At every network connection between the organization and the Internet
c) Inside individual employees’ desks
d) At the entrance of the CEO’s office
b
Which of the following is NOT a typical feature of a firewall?
a) Identifying and preventing denial-of-service attacks
b) Filtering and monitoring network traffic
c) Arranging company picnics
d) Restricting access to the organization’s network
c
. A(n) ____________ examines the source and destination address of every network
packet that passes through it.
a. packet level firewall
b. mullion server
c. ANI system
d. IP spoofing system
e. network switch
A
Which layer of the OSI model do packet-level firewalls inspect packets at?
a) Physical layer
b) Data link layer
c) Network protocol level
d) Application layer
c. Examines IP addresses and TCP port addresses only
What is a characteristic of application-level firewalls?
a) They only operate at the physical layer of the OSI model
b) They offer less control over traffic compared to other types of firewalls
c) They operate at the application layer of the OSI model
d) They are not concerned with inspecting packets
c
What is the primary function of NAT firewalls?
a) Inspecting packets at the network protocol level
b) Offering granular control over traffic
c) Translating private IP addresses into public ones
d) Preventing unauthorized access to the network
c
How does a packet-level firewall determine whether to allow or deny packets?
a) By inspecting packet contents
b) By analyzing packet behavior
c) By examining source and destination addresses
d) By monitoring packet history
c
Why is a packet-level firewall considered to operate on a “stateless” basis?
a) Because it maintains detailed records of packet history
b) Because it lacks awareness of packet history
c) Because it can detect packet tampering
d) Because it focuses solely on application-layer data
b
What type of inspection do packet-level firewalls typically use?
a) Deep packet inspection
b) Stateless inspection
c) Stateful inspection
d) Application-layer inspection
b
What is the purpose of an Access Control List (ACL) in packet-level firewalls?
a) To allow only packets with specific content
b) To restrict access based on packet history
c) To create rules for permitting or denying packets
d) To identify all applications within the network
c
What do IP packets contain that ACLs may rely on for access control?
a) Source and destination MAC addresses
b) Source and destination IP addresses
c) Application-layer data
d) Packet payloads
b
Why might ACLs not heavily rely on source IP addresses?
a) Due to the limited capabilities of packet-level firewalls
b) Because source IP addresses can be easily spoofed
c) Because source IP addresses are always trustworthy
d) Because ACLs primarily focus on packet contents
b
An intruder uses TCP spoofing to send packets to a target computer requesting certain
privileges be granted to some user
F. IP spoofing
A packet-level firewall examines the source and destination address of every network
packet that passes though the firewall.
t
IP spoofing means to:
a. fool the target computer and any intervening firewall into believing that messages
from the intruder’s computer are actually coming from an authorized user inside
the organization’s network
b. clad or cover the internal processing (IP) lines with insulating material to shield
the IP lines from excess heat or radiation
c. illegally tape or listen in on telephone conversations
d. detect and prevent denial-of-service attacks
e. act as an intermediate host computer between the Internet and the rest of the
organization’s networks
A
A(n) ____________ can use stateful inspection to monitor and record the status of
each connection and can use this information in making decisions about what packets
to discard as security threats.
a. application level firewall
b. bullion server
c. ANI system
d. IP spoofing systems
e. packet level firewall
A
What is a key feature of Application-Level Firewalls?
a) They only inspect packet headers
b) They operate exclusively at the network layer
c) They examine contents of application layer packets
d) They lack rules for processing applications
C
What action do many Application-Level Firewalls take regarding external users and executable files?
a) They encourage external users to upload executable files
b) They prohibit external users from uploading executable files
c) They modify executable files on behalf of external users
d) They do not interact with executable files
b
How are software modifications to Application-Level Firewalls typically managed?
a) Remotely via the network
b) Through a web-based interface
c) Via physical access to the firewall
d) Through email requests
c
With application level firewalls, any access that has not been explicitly denied is
automatically permitted.
f
What is the primary function of Network Address Translation (NAT) firewalls?
a) Deep packet inspection
b) Packet filtering
c) Address translation between public and private IP addresses
d) Application-layer inspection
c
How does NAT operate in terms of the translation process?
a) It operates visibly, alerting computers to the translation process
b) It operates transparently, meaning computers are unaware of the translation process
c) It operates sporadically, causing disruptions in network traffic
d) It operates randomly, assigning IP addresses without a specific pattern
b
What are the primary purposes of NAT?
a) To increase the complexity of network configurations
b) To conserve IPv6 addresses
c) To conserve IPv4 addresses and enhance security
d) To facilitate direct targeting of internal computers by external intruders
c
Where is NAT commonly integrated?
a) Only in high-end enterprise-grade firewalls
b) Only in specialized network appliances
c) Only in routers intended for corporate use
d) In routers and firewalls, including low-cost routers for home use
d
How does NAT contribute to security?
a) By exposing private IP addresses to external entities
b) By enhancing the visibility of internal computers on the Internet
c) By hiding private IP addresses, making it difficult for external intruders to target internal computers directly
d) By randomly assigning IP addresses to external entities
c
A NAT firewall uses an address table to translate private IP addresses used inside the
organization into proxy IP addresses used on the Internet.
t
__________ refers to the process of translating between one set of private IP
addresses inside a network and a set of public addresses outside the network.
a. Translation
b. Conversion
c. Network Address Translation
d. Proxy translation
e. IP conversion.
c
A ______ uses an address table to translate the private IP addresses used inside the
organization into proxy IP addresses used on the Internet.
a. NAT proxy server
b. virtual server
c. DNS server
d. privacy server
e. anomaly server
A
RAID1 writes duplicate copies of all data on at least two different disks; this means
that if one disk in the RAID array fails, there is no data loss because there is a second
copy of the data stored on a different disk. This is referred to as _____.
a. disk backup
b. hard drive duplication
c. cloud backups
d. disk duplication
e. disk mirroring
e
How does a NAT firewall handle outgoing IP packets from internal computers?
a) It changes the destination IP address to the firewall’s address
b) It changes the source IP address to the firewall’s address
c) It changes the source IP address to a publicly illegal IP address
d) It changes the source IP address to a unique number
b
What does a NAT firewall use as an index to the original source IP address?
a) Destination IP address
b) Source port number
c) Destination port number
d) Firewall’s IP address
b
When external computers respond to outgoing messages, to which IP address do they address their messages?
a) Destination IP address
b) Source IP address
c) Firewall’s IP address
d) Unique number
c
What does the NAT firewall do upon receiving incoming messages from external computers?
a) It discards the messages
b) It forwards the messages without any changes
c) It changes the destination IP address to the private IP address of the internal computer and adjusts the TCP port number
d) It changes the destination IP address to the firewall’s address
c
What range of IP addresses is reserved for private networks, according to the information provided?
a) 128.192.55.x
b) 10.x.x.x
c) 192.168.x.x
d) 172.16.x.x to 172.31.x.x
b. 10.x.x.x is reserved for private networks (never used on Internet)
What benefit does NAT provide in terms of internal IP addresses for an organization?
a) It decreases the number of available internal IP addresses
b) It increases the likelihood of IP conflicts
c) It limits the number of internal IP addresses to conserve network resources
d) It allows for more internal IP addresses to be used within the organization
d
Which type of firewall typically performs initial screening from the Internet?
a) Application-level firewall
b) NAT firewall
c) Packet-level firewall
d) Stateful inspection firewall
C
What is typically found behind a packet-level firewall?
a) Private internal networks
b) Public access servers such as Web servers and public DNS servers
c) DMZ network
d) Application-level firewalls
b,c
What is the primary purpose of a DMZ in network architecture?
a) To facilitate internal communication within a network
b) To provide a secure environment for public access servers
c) To isolate critical servers from external access
d) To serve as a backup for internal network resources
b
A(n) _______ is a screened subnet devoted solely to public access servers such as
Web servers and public DNS servers.
a. intranet
b. DMZ
c. zone of authority
d. VLAN
e. smart hub
b
What types of access does the packet-level firewall permit and deny according to the provided information?
a) It permits FTP access but denies HTTP and SMTP access
b) It permits HTTP and SMTP access but denies FTP access
c) It permits FTP and SMTP access but denies HTTP access
d) It permits FTP and HTTP access but denies SMTP access
b. HTTP (web browsing), SMTP (email), and others
What role does a NAT firewall play in address translation for packets destined for internal computers?
a) It changes the destination address to its own address
b) It changes the source address to its own address
c) It changes both the source and destination addresses to its own address
d) It forwards packets without any address translation
b
What does the NAT firewall change in the IP packet when it receives a packet from a client computer inside the internal network?
a) Source address and destination port number
b) Destination address and source port number
c) Source address and source port number
d) Destination address and destination port number
c
What is the purpose of an application-level firewall?
a) To protect individual applications on servers
b) To provide access to public servers
c) To manage network traffic routing
d) To perform address translation for internal networks
a
What does physical security aim to prevent?
a) Unauthorized access to internal LANs
b) Unauthorized access to external websites
c) Unauthorized software installations
d) Unauthorized access to email accounts
a
What is a recommended practice to control access to areas where network equipment is located?
a) Allowing unrestricted access to all personnel
b) Implementing proper access controls and allowing only authorized personnel access
c) Posting access codes on public bulletin boards
d) Installing surveillance cameras without access controls
b
What is the purpose of implementing locks on power switches and passwords to disable keyboard and screens?
a) To increase network bandwidth
b) To enhance system performance
c) To prevent unauthorized access to network equipment
d) To facilitate remote access for all personnel
D
Why should organizations be careful about distributed backup and servers?
a) Because it improves network performance
b) Because it increases the risk of unauthorized access
c) Because it reduces network complexity
d) Because it simplifies network management
b
What is a potential drawback of having a dispersed base of servers?
a) Reduced network bandwidth
b) Increased risk of unauthorized access
c) Enhanced network security
d) Improved network scalability
b. but good for continuity
How can a well-backed-up, centralized data center potentially enhance security?
a) By reducing the need for security education
b) By increasing the number of access points
c) By simplifying physical security measures
d) By inherently providing better security than a dispersed base of servers
D
In addition to physical security measures, what other factors are important to consider?
a) Network bandwidth optimization
b) Proper security education, background checks, and error and fraud controls
c) Software licensing agreements
d) Employee training on network protocols
b
Why is physical security important in reducing the possibility of attackers posing as employees?
a) To increase network bandwidth
b) To simplify network management
c) To prevent unauthorized access and eavesdropping
d) To enhance system performance
c
Which area is considered the easiest target for eavesdropping due to signals often extending beyond physical walls?
a) Wired LANs
b) Network devices
c) Wireless LANs
d) Fiber-optic cables
c
What makes wireless LANs vulnerable to eavesdropping?
a) Signals extending beyond physical walls
b) Encryption protocols
c) Regular checking for tampering
d) Locked wiring closets
a
What type of network cables are susceptible to eavesdropping, especially when running long distances?
a) Armored cables
b) Fiber-optic cables
c) Pressurized cables
d) Unsecured cables
D. Network cable
What is recommended to secure network devices such as switches and routers?
a) Keeping them in open areas for easy access
b) Storing them in unlocked wiring closets
c) Securing them in locked wiring closets to prevent unauthorized access
d) Regularly checking for tampering without locking them
c