Chapter 15 - Physical Security and Risk Flashcards
In general, firewalls work by __________.
A. Rejecting all packets regardless of security restrictions Forwarding all packets regardless of security restrictions Allowing only packets that pass security restrictions to be forwarded None of the above
- C. Firewalls work by allowing only packets that pass security restrictions to be forwarded through the firewall. A firewall can also permit, deny, encrypt, decrypt, and proxy all computer traffic that flows through it; this can be between a public and private network or between different security domains (or zones) on a private network. You, as the administrator, set up the rules by which a firewall decides to forward or reject packets of data.
Which of the following devices can read an entry card from a distance?
A. Biometric reader
B. Proximity reader
C. Mantrap
D.Key fob
- B. Proximity readers are door controls that read a card from a short distance and are used to control access to sensitive rooms.
What is the main difference between a network-based firewall and a host-based firewall?
A. A network-based firewall protects the Internet from attacks.
B. A network-based firewall protects a network, not just a single host.
C. A network-based firewall protects the network wires.
D. A network-based firewall protects a CD from data loss.
- B. A network-based firewall is what companies use to protect their private network from attacks sourced in the public network. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers as opposed to just one system. This is usually a combination of hardware and software. A host-based firewall is implemented on one machine and is designed to protect that machine only. Most often, this is implemented as software; no additional hardware is required on your personal computer to run a host-based firewall.
Which of the following minimizes the effect of a disaster and includes the steps necessary to resume normal operation?
A. SLA
B. BIA
C. DRP
D. ARP
- C. A properly designed disaster recovery plan (DRP) minimizes the effect of a disaster and includes the steps necessary to resume normal operation. The DRP is implemented when the emergency occurs and includes the steps to restore functions and systems.
Which of the following items cannot be identified by the Nessus program?
A. Default password use
B. Incorrect IP addresses
C. Unsecured data
D. Missing security patches
- B. Nessus cannot identify incorrect IP addresses.
What is the benefit of using a firewall?
A. Protects external users
B. Protects external hardware
C. Protects LAN resources
D. Protects hardware from failure
- C. One of the benefits of using a firewall is that it helps protect LAN resources from unwanted attacks.
IDSs can identify attackers by their __________.
A. Port number
B. Signature
C. Timing
D. IV
- B. An intrusion detection system (IDS) monitors network traffic, looking for signs of an intrusion. Intrusions are detected by an attack signature.
Which of the following is also called disk striping?
A. RAID-0
B. RAID-1
C. RAID-3
D. RAID-5
- A. RAID-0, also called disk striping, writes the data across multiple drives. While it improves performance, it does not provide fault tolerance.
Which is not a type of access control list (ACL)?
A. Standard
B. Extended
C. Referred
D. Outbound
- C. Standard, extended, and outbound are all types of ACLs. Referred is not.
What is it called when the firewall ignores an attack?
A. Logging
B. Shunning
C. Notification
D. False negative
- B. You can sometimes just ignore the attack because it’s possible it won’t affect your network. This is called shunning.
What is the function of a DMZ?
A. To separate a security zone for an IPS and IDS server
B. To create a security zone for VPN terminations
C. To create a security zone that allows public traffic but is isolated from the private inside network
D. To create a security zone that allows private traffic but is isolated from the public network
- C. A DMZ can be set up many different ways, but the best explanation is that the DMZ is used to separate and secure your inside network from the Internet while still allowing hosts on the Internet to access your servers.
Which of the following are types of services that firewalls can provide?
A. Content filtering
B. Segregation of network segments
C. Signature identification
D. Scanning services
E. All of the above
- E. Most firewalls provide content filtering, signature identification, and the ability to segregate network segments into separate security zones. Most firewalls are also capable of performing scanning services, which means that they scan different types of incoming traffic in an effort to detect problems.
In which type of test is the testing team provided with limited knowledge of the network systems and devices, using publicly available information, while the security team knows the test is coming?
A. Blind test
B. Double-blind test
C. Target test
D. Open test
- A. In a blind test, the testing team is provided with limited knowledge of the network systems and devices, using publicly available information. The organization’s security team knows that an attack is coming. This type of test requires more effort by the testing team.
Which of the following is a vulnerability scanner?
A. Network Monitor
B. Nessus
C. Traceroute
D. Tripwire
- B. Nessus is a proprietary vulnerability scanning program that requires a license for commercial use yet is the single most popular scanning program in use.
Which of the following is not a function of Nmap?
A. Perform port scanning
B. Identify operating systems
C. Collect passwords
D. Identify versions of network services in operation on the network
- C. Nmap does not collect passwords.
