Chapter 11 review questions

Question 1

You work for a retailer that sells household goods online. The company has decided to
redesign its network for better security. Included in this redesign is the addition of a new
firewall. Assuming the firewall is placed between the Internet connection and the Web
server, which of the following should be included in the firewall’s configuration so that
customers can still reach the Web site?

a. Allow incoming UDP-based transmissions to port 23.
b. Allow incoming TCP-based transmissions to port 80.
c. Allow outgoing TCP-based transmissions to port 88.
d. Allow outgoing UDP-based transmissions to port 1024.

Answer 1

b. Allow incoming TCP-based transmissions to port 80.

Question 2

Which of the following is the most secure password?
a. 12345ABC
b. dolphins
c. !tlzOGS557x^^L
d. A1B2C333

Answer 2

c. !tlzOGS557x^^L

Question 3

You are alerted that suddenly 100% of the resources on your two core routers are being
used and no legitimate traffic can travel into or out of your network. What kind of
security attack are you most likely experiencing?
a. IP spoofing
b. Brute force attack
c. Flashing
d. Denial-of-service attack

Answer 3

d. Denial-of-service attack

Question 4

What type of device guards against an attack in which a hacker modifies the IP source
address in the packets he’s issuing so that the transmission appears to belong to your
network?
a. Packet-filtering firewall
b. Proxy server
c. NAT gateway
d. Router

Answer 4

b. Proxy server

Question 5

Which of the following devices can improve performance for certain applications, in
addition to enhancing network security?
a. Packet-filtering firewall
b. NAT gateway
c. Proxy server
d. Router

Answer 5

c. Proxy server

Question 6

If a firewall does nothing more than filter packets, at what layer of the OSI model does
it operate?
a. Transport
b. Network
c. Data Link
d. Session

Answer 6

b. Network

Question 7

Which of the following encryption methods provides the best security for data traveling
over VPN connections?
a. PPTP
b. L2TP
c. IPSec
d. SLIP

Answer 7

c. IPSec

Question 8

Which of the following criteria could a router’s ACL use for denying packets access to a
private network?
a. Source IP address
b. Authentication header
c. RTT
d. Source MAC address

Answer 8

a. Source IP address

Question 9

Which of the following NOS logon restrictions is most likely to stop a hacker who is
attempting to discover someone’s password through a brute force or dictionary attack?
a. Total time logged on
b. Time of day
c. Period of time after which a password expires
d. Number of unsuccessful logon attempts

Answer 9

d. Number of unsuccessful logon attempts

Question 10

Which of the following can automatically detect and deny network access to a host
whose traffic patterns appear suspicious?
a. IPS
b. NAT gateway
c. Proxy server
d. Router

Answer 10

a. IPS

Question 11

If you are entering your account number and password in a Web form to check your bank
account balance online, which of the following encryption methods are you most likely using?
a. PGP
b. SSL
c. SSH
d. Kerberos

Answer 11

b. SSL

Question 12

Which of the following encryption techniques is incorporated into IP version 6?
a. SSH
b. SSL
c. Kerberos
d. IPSec

Answer 12

d. IPSec

Question 13

Which of the following is one reason WEP is less secure than 802.11i?

a. WEP is only capable of 16-bit keys, whereas 802.11i can use keys up to 128 bits long.

b. WEP uses only one encryption method, whereas 802.11i combines two encryption
methods for data in transit.

c. WEP uses the same key for authentication and encryption every time a client
connects, whereas 802.11i assigns keys dynamically to each transmission.

d. WEP does not require clients to specify an SSID, whereas 802.11i requires clients to
specify an SSID plus a username and password for the network’s access server.

Answer 13

c. WEP uses the same key for authentication and encryption every time a client connects, whereas 802.11i assigns keys dynamically to each transmission.

Question 14

Using a 20-bit key is how many times more secure than using an 18-bit key?
a. Two times
b. Three times
c. Four times
d. Eight times

Answer 14

c. Four times

Question 15

How many keys are required for public key encryption?
a. One
b. Two
c. Four
d. None

Answer 15

b. Two

Question 16

You are designing an 802.11n wireless network for a local café. You want the
wireless network to be available to the café’s customers, but not to anyone with a
wireless NIC who happens to be in the vicinity. Which of the following security
measures require customers to enter a network key to gain access to your network
via the access point?
a. SSL
b. IPSec
c. TLS
d. WPA2

Answer 16

d. WPA2

Question 17

Which of the following requires port-based authentication?
a. Kerberos
b. RADIUS
c. WEP
d. WPA

Answer 17

a. Kerberos

Question 18

Which of the following plays a crucial role in the Public-key Infrastructure?
a. IDS
b. Certificate authority
c. VPN concentrator
d. PGP

Answer 18

b. Certificate authority

Question 19

Which of the following techniques would prevent an FTP bounce attack?
a. Configuring your firewall to deny requests to ports 20 and 21
b. Performing a port scan of your network using NMAP
c. Configuring the FTP service to require a password
d. Restricting the size of your FTP server’s memory allocation table

Answer 19

a. Configuring your firewall to deny requests to ports 20 and 21

Question 20

You have decided to add a honeypot to your network. Where on the network would
you place it?
a. On your company’s Web server
b. In a decoy DMZ
c. Between the access server and RADIUS server
d. Attached to a workgroup switch

Answer 20

b. In a decoy DMZ