Chapter 9: Firewalls and Intrusion Detection

Question 1

When it comes to defense against attacks, one of the most important principles is what?

A. Authorization
B. Authentication
C. Defense-in-Depth
D. Time

Answer 1

Answer: C
Source: Defense-in-Depth Lecture

Question 2

Firewalls are typically what type of mechanism?

A. Prevention
B. Botnet
C. Attack
D. None of the Above

Answer 2

Answer: A
Source: Defense-in-Depth Lecture

Question 3

(T/F) The firewall will enforce different security restrictions on traffic

Answer 3

Answer: True
Source: What is a Firewall

Question 4

A ______ is a device that provides secure connectivity between networks

A. Enterprise Intranet
B. Trusted Users
C. Firewall
D. DMZ

Answer 4

Answer: C
Source: What is a Firewall

Question 5

Firewalls as a prevention mechanism should be designed to enforce what?

A. User Safety
B. Security Policy
C. Organizational Policy
D. Public Key Infrastructure

Answer 5

Answer: B
Source: Firewall

Question 6

(T/F) All traffic from internal network to the internet and vice versa (external and out of network) must pass through the firewall

Answer 6

Answer: True

Question 7

The critical component of planning and implementation of a firewall is specifying a suitable _______ policy

A. Security
B. Access
C. Network
D. Directory

Answer 7

Answer: B
Source: Firewall Access Policy

Question 8

At a high level the types of traffic that are allowed through the access policy is what?

A. Address Ranges (machines, protocols, applications, and content)
B. IPSEC & TLS
C. Intranet
D. Defense in Depth

Answer 8

Answer: A
Source: Firewall Access Policy

Question 9

(T/F) A policy should not be developed based on the security and risk assessment/organizational needs but how the CEO thinks it should be

Answer 9

Answer: False

It should be based on what the whole organization needs

Question 10

(T/F) Firewalls always provide protection 100% of the time

Answer 10

Answer: False

No firewall is 100% secure

Question 11

(T/F) Firewalls can log all traffic and can provide Network Address Translation

Answer 11

Answer: True

Question 12

What is firewall filtering?

A. Is when policies are defined for a firewall
B. When firewalls authenticate users into the system
C. When firewalls decide whether to let traffic in or not
D. When firewalls decide to allow for defense in depth strategy

Answer 12

Answer: C

Question 13

(T/F) Packet filtering at a very high level is essentially a policy that has a set of access control lists based on packet types

Answer 13

Answer: True

Question 14

Session filtering is based on the context within a session. In order to do this a firewall maintains a session or connection and performs a ________

A. Traffic Block
B. Stateful Inspection
C. DMZ Re-Route
D. Virtual Switch

Answer 14

Answer: B

Question 15

(T/F) In a packet filtering firewall, decisions are made on a per-packet basis and not other packets

Answer 15

Answer: True

Question 16

(T/F) The packet filtering firewall applies a list of rules to match the IP or TCP header of a packet. Based on the rules, it matches the firewall and then decides to forward or discard the pack.

Answer 16

Answer: True

Question 17

What are the weaknesses to packet filtering?

A. Limited Logging Functionality
B, Vulnerable to attacks that take advantage of TCP/IP
C. Can’t prevent attacks that employ application specific vulnerabilities or functions
D. Packet filter firewalls are susceptible to security breaches if improperly configured
E. All of the above

Answer 17

Answer: E

Question 18

Packet Filtering Firewall Countermeasures are all of the following except…

A. IP Address Spoofing
B. Source Routing Attacks
C. Tiny Fragment Attack
D. Stateful Inspection Attack

Answer 18

Answer: D

Question 19

(T/F) Firewalls can only be a single computer system

Answer 19

Answer: False

They can be a set of two or more systems

Question 20

The goals of a firewall are all of the following except…

A. All traffic from inside to outside and vice versa must pass thru the firewall
B. Only authorized traffic as defined by the local security policy is allowed to pass
C. Only unauthorized users are defined by the local security policy and will be allowed to pass
D. The firewall is immune to penetration

Answer 20

Answer: C

A firewall itself is immune to penetration IF a hardened system with a secured operating system is used

Question 21

(T/F) A major component in the planning and implementation of a firewall is specifying an access policy

Answer 21

Answer: True

Question 22

A firewall access policy would use which of the following to filter traffic?

A.  IP Address and Protocol Values
B.  Application Protocol
C.  User Identity
D.  Network Activity
E.  All of the above

Answer 22

Answer: E

Text p. 290-291

Question 23

The following are all in the scope of a firewall except which?

A. Firewalls are a single choke point that attempts to keep unauthorized users out of the network, prohibit potential vulnerable services from entering or leaving the network and provide protection from various kinds of IP spoofing or routing attacks

B. Firewalls provide a location for monitoring security-related events

C. Firewalls fully protect against internal threats which include disgruntled employees

D. Firewalls allow for several internet functions that are not security related also to happen such as Network Address Translators and Network management function

E. A firewall can serve as a platform for IPSec. Firewalls can be used to implement VPN’s as well

Answer 23

Answer: C

Question 24

(T/F) A web proxy is a form of application-level gateway

Answer 24

Answer: True