Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Network Defense/Countermeasures > Final Exam > Flashcards

Final Exam Flashcards

97%

1
Q

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?

Question 1 options:

IPsec

PPTP

SSL

L2TP

A

IPsec

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which IPsec component is software that handles the tasks of encrypting, authenticating, decrypting, and checking packets?

Question 2 options:

IKE

IPsec driver

Oakley protocol

ISAKMP

A

IPsec driver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

Question 3 options:

DMZ intermediary

caching firewall

proxy server

caching-only DNS server

A

proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is a benefit of using centralized data collection to manage sensor data?

Question 4 options:

data stays on the local network

less administrative time

less network traffic

must use a VPN to transport data

A

less administrative time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a suggested maximum size of a rule base?

Question 5 options:

10 rules

100 rules

300 rules

30 rules

A

30 rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.

Question 6 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The process of testing a network defense system is referred to as which of the following?

Question 7 options:

security auditing

IDPS evaluation

distributed data collection

change management

A

security auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What should a company concerned about protecting its data warehouses and employee privacy consider installing on the network perimeter to prevent direct connections between the internal network and the Internet?

Question 8 options:

router

proxy server

VPN server

ICMP monitor

A

proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a disadvantage of using a proxy server?

Question 9 options:

may require client configuration

can’t filter based on packet content

slows Web page access

shields internal host IP addresses

A

may require client configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Standards and protocols used in VPNs are in their infancy and seldom used.

Question 10 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Computers on the Internet are identified primarily by their IP address.

Question 11 options:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is NOT a type of event that you would normally monitor?

Question 12 options:

user account creation

antivirus scanning

access to shared folders

e-mail attachment handling

A

access to shared folders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A dual-homed host has a single NIC with two MAC addresses.

Question 13 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is true about the Internet?

Question 14 options:

it was originally built on an extended star topology

it is the same as the World Wide Web

it was established in the mid-1960s

it was developed by a network of banks and businesses

A

it was established in the mid-1960s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

At what layer of the OSI model do proxy servers generally operate?

Question 15 options:

Application

Session ?

Network

Transport

A

Transport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Since ICMP messages use authentication, man-in-the-middle attacks cannot be successful.

Question 16 options:
True
False

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The first phase of the system development life cycle is needs assessment.

Question 17 options:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?

Question 18 options:

proxy server

Layer 7 switch

ICMP redirector

translating gateway

A

proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is a network’s ability to detect attacks when they occur and to evaluate the extent of damage and compromise?

Question 19 options:

recovery

recognition

resistance

reliability

A

recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The first step in SNA is the survivability analysis.

Question 20 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SQL injection attacks are isolated to custom applications, so administrators can prevent them.

Question 21 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is described as the combination of an IP address and a port number?

Question 22 options:

portal

datagram

socket

subnet

A

socket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is considered the ‘cleanup rule’ on a Cisco router?

Question 23 options:

implicit allow

implicit deny all

explicit prompt

explicit allow all

A

implicit deny all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which VPN protocol is a poor choice for high-performance networks with many hosts due to vulnerabilities in MS-CHAP?

Question 24 options:

SSL

IPsec

PPTP

L2TP

A

PPTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What type of attack displays false information masquerading as legitimate data?

Question 25 options:

Java applet

SQL injection

buffer overflow

phishing

A

phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which is best defined as the ability of a system to continue operations despite a failure?

Question 26 options:

adaptation and evolution

reliability audit

survivability analysis

fault tolerance

A

fault tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following is considered an asset?

Question 27 options:

intellectual property

unpatched Web server

disgruntled employee

hacker

A

intellectual property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What should an outside auditing firm be asked to sign before conducting a security audit?

Question 28 options:

search and seizure contract

subpoena

nondisclosure agreement

social engineering covenant

A

nondisclosure agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Network protection is something you should implement initially and then only make changes if there is a serious security breach.

Question 29 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Firewalls can protect against employees copying confidential data from within the network.

Question 30 options:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following is NOT a phase in the system development life cycle?

Question 31 options:

system implementation

performance monitoring

security audit

needs assessment

A

security audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?

Question 32 options:

NSF

NAP

POP

ISP

A

NAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate?

Question 33 options:

security association

tunnel

internet key exchange

pairing

A

security association

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A screened host has a router as part of the configuration.

Question 34 options:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Security auditing is the process of documenting countermeasures put in place due to attacks on the network.

Question 35 options:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Where should network management systems generally be placed?

Question 36 options:

out of band

in the server farm

in the DMZ

on the perimeter

A

out of band

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

In centralized data collection, data from sensors go to security managers at each corporate office.

Question 37 options:
True
False
Question 38 (1 point)

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which element of a rule base conceals internal names and IP addresses from users outside the network?

Question 38 options:

QoS

NAT

filtering

trackin

A

NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What feature of the 13 DNS root servers enables any group of servers to act as a root server?

Question 39 options:

unicast addressing

multicast addressing

broadcast addressing

anycast addressing

A

anycast addressing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following defines how employees should use the organization’s computing resources?

Question 40 options:

Network and Internet Policy

Acceptable Use Policy

Computing and Resource Policy

Email and Spam Policy

A

Acceptable Use Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following shows how devices are connected and includes an IP allocation register?

Question 41 options:

asset table

hardware inventory

security policy

topology map

A

topology map

42
Q

What makes IP spoofing possible for computers on the Internet?

Question 42 options:

the DNS hierarchy

network address translation

the 32-bit address space

the lack of authentication

A

the lack of authentication

43
Q

In what type of attack are zombies usually put to use?

Question 43 options:

virus

DDoS

spoofing

buffer overrun

A

DDoS

44
Q

Which of the following is NOT a step in threat and risk assessment?

Question 44 options:

Threat assessment

Asset definition

Resolution

Recommendation

A

Resolution

45
Q

Which of the following is NOT among the six factors needed to create a risk analysis?

Question 45 options:

personnel profiles

probabilities

consequences

threats

A

personnel profiles

46
Q

Which of the following is a typical drawback of a free firewall program?

Question 46 options:

oversimplified configuration

have centralized management

cannot monitor traffic in real time

more expensive than hardware firewalls

A

cannot monitor traffic in real time

47
Q

Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication?

Question 47 options:

SSL

IPsec

L2TP

PPTP

A

L2TP

48
Q

Which of the following is an advantage of hardware firewalls?

Question 48 options:

not scalable compared to software firewalls

not dependent on a conventional OS

less expensive than software firewalls

easy to patch

A

not dependent on a conventional OS

49
Q

Most IDPSs use random ports to transfer security data, thereby making it difficult for attackers to exploit.

Question 49 options:
True
False

A

False

50
Q

Which of the following is a security-related reason for monitoring and evaluating network traffic?

Question 50 options:

to determine if your IDPS signatures are working well

to optimize your router and switch protocols

to see how many files employees download form the Internet

to create substantial data to analyze

A

signatures are working well

51
Q

Which of the following best describes ROI?

Question 51 options:

the cost of mitigating a threat

how long before an investment will pay for itself

the chance that a threat will result in lost money

the benefits of setting security priorities

A

how long before an investment will pay for itself

52
Q

Which of the following is a top-level digital certificate in the PKI chain?

Question 52 options:

RRSIG record

DNSSEC resolver

security-aware resolver

trust anchor

A

trust anchor

53
Q

Which IPsec component authenticates TCP/IP packets to ensure data integrity?

Question 53 options:

AH

ESP

ISAKMP

IKE

A

AH

54
Q

Which activity performed by VPNs encloses a packet within another packet?

Question 54 options:

encryption

address translation

encapsulation

authentication

A

encapsulation

55
Q

What is considered the first step in formulating a security policy?

Question 55 options:

elimination of threats

system monitoring

risk reduction

risk analysis

A

risk analysis

56
Q

Which of the following is true about a screening router?

Question 56 options:

it examines the data in the packet to make filtering decisions ?

it maintains a state table to determine connection information

it can stop attacks from spoofed addresses

it should be combined with a firewall for better security

A

it should be combined with a firewall for better security

57
Q

Which of the following is true about software VPNs?

Question 57 options:

best when all router and firewall hardware is the same

configuration is easy since there is no OS to rely upon

usually less flexible than hardware VPNs

more cost-effective than hardware VPNs

A

more cost-effective than hardware VPNs

58
Q

What type of DNS server is authoritative for a specific domain?

Question 58 options:

primary

secondary

read-only

initial

A

primary

59
Q

Which VPN protocol leverages Web-based applications?

Question 59 options:

L2TP

SSL

PPTP

A

SSL

60
Q

Which aspect of strengthening the performance of IDPS may involve degaussing?

Question 60 options:

managing bandwidth

managing memory

managing processors

managing storage

A

managing storage

61
Q

Change management should be used before making changes to firewall or IDPS rules that affect users.

Question 61 options:
True
False

A

True

62
Q

Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets?

Question 62 options:

ports

TCP flags

IP address

data patterns

A

data patterns

63
Q

Which of the following is NOT typically an aspect of a security event management program?

Question 63 options:

monitoring events

managing data from sensors

managing IDPS firmware

managing change

A

managing IDPS firmware

64
Q

Stateless packet filtering keeps a record of connections that a host computer has made with other computers.

Question 64 options:
True
False

A

False

65
Q

Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?

Question 65 options:

limit table access

place the database server in a DMZ

use stored procedures

use standard naming conventions

A

use standard naming conventions

66
Q

What is a zone transfer?

Question 66 options:

the movement of e-mail from one domain to another

updating a secondary DNS server

copying host file data to another system

backing up an SQL data file

A

updating a secondary DNS server

67
Q

Which of the following best describes a bastion host?

Question 67 options:

a computer running a standard OS that also has proxy software installed

a computer on the perimeter network that is highly protected

a computer running only embedded firmware

a host with two or more network interfaces

A

a computer on the perimeter network that is highly protected

68
Q

What is a critical step you should take on the OS you choose for a bastion host?

Question 68 options:

choose an obscure OS with which attackers are unfamiliar

ensure all security patches are installed

customize the OS for bastion operation

make sure it is the latest OS version

A

ensure all security patches are installed

69
Q

Which of the following requires you to assist police by appearing in court or producing evidence?

Question 69 options:

de facto agent

search warrant

subpoena

the 4th amendment

A

subpoena

70
Q

Which type of firewall configuration protects public servers by isolating them from the internal network?

Question 70 options:

screened subnet DMZ

dual-homed host

reverse firewall

screening router

A

screened subnet DMZ

71
Q

An operational audit looks for accounts that have weak or blank passwords.

Question 71 options:
True
False

A

True

72
Q

Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?

Question 72 options:

authentication

data confidentiality

NTFS permissions

access control

A

access control

73
Q

Which of the following would be considered a vulnerability?

Question 73 options:

installation of a firewall

antivirus software

spyware

Internet-connected computer

A

Internet-connected computer

74
Q

The Cisco PIX line of products is best described as which of the following?

Question 74 options:

firewall appliance

PC with firewall installed

software firewall

VPN gateway

A

firewall appliance

75
Q

Which variation on phishing modifies the user’s host file to redirect traffic?

Question 75 options:

pharming

spear phishing

DNS phishing

hijacking

A

pharming

76
Q

Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server’s current load and processing power?

Question 76 options:

load-balancing software

server pooling software

priority server farm

traffic distribution filter

A

load-balancing software

77
Q

Which of the following best describes a DMZ?

Question 77 options:

a private subnet that is inaccessible to both the Internet and the company network

a proxy server farm used to protect the identity of internal servers

a subnet of publicly accessible servers placed outside the internal network

a network of computers configured with robust firewall software

A

a subnet of publicly accessible servers placed outside the internal network

78
Q

What should you consider installing if you want to inspect packets as they leave the network?

Question 78 options:

security workstation

filtering proxy

reverse firewall

RIP router

A

reverse firewall

79
Q

What type of attack involves plaintext scripting that affects databases?

Question 79 options:

SQL injection

phishing

ActiveX control

Java applet

A

SQL injection

80
Q

How much space is typically needed to store IDPS data?

Question 80 options:

at least a terabyte

a megabyte or two

a gigabyte or more

a few hundred Kilobytes

A

a gigabyte or more

81
Q

Hardware VPNs create a gateway-to-gateway VPN.

Question 81 options:
True
False

A

True

82
Q

Which of the following is NOT a factor a secure VPN design should address?

Question 82 options:

performance

authentication

nonrepudiation

encryption

A

nonrepudiation

83
Q

Which of the following is NOT true about a hardware VPN?

Question 83 options:

have more security vulnerabilities than software VPNs

create a gateway-to-gateway VPN

can handle more traffic than software VPNs

should be the first choice for fast-growing networks

A

have more security vulnerabilities than software VPNs

84
Q

Which of the following is a type of VPN connection?

Question 84 options:

remote gateway

site-to-server

client-to-site

server-to-client

A

client-to-site

85
Q

Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization’s security policy?

Question 85 options:

the public can access the company Web servers

only authenticated traffic can access the internal network

employees can have restricted Internet access

employees can use instant-messaging only with external network users

A

employees can use instant-messaging only with external network users

86
Q

Once written, a security policy should not be altered so that you can maintain consistency.

Question 86 options:
True
False

A

False

87
Q

What type of attack exploits a lack of bounds checking on the size of data stored in an array?

Question 87 options:

buffer overflow

phishing

ActiveX control

SQL injection

A

buffer overflow

88
Q

What approach to security calls for security through a variety of defensive techniques that work together?

Question 88 options:

PoE

DOA

DiD

WoL

A

DiD

89
Q

Which of the following is true about a dual-homed host?

Question 89 options:

uses a single NIC to manage two network connections

its main objective is to stop worms and viruses

it is used as a remote access server in some configurations

serves as a single point of entry to the network

A

serves as a single point of entry to the network

90
Q

The term Internet and World Wide Web are different terms that mean the same thing.

Question 90 options:
True
False

A

False

91
Q

Which type of change does NOT typically require the use of change management procedures?

Question 91 options:

new VPN gateways

new password systems or procedures

changing a manager’s permissions to a file

changes to ACLs

A

changing a manager’s permissions to a file

92
Q

Which of the following is NOT an essential element of a VPN?

Question 92 options:

authentication server

tunnel

VPN client

A

authentication server

93
Q

What type of attack are stateless packet filters particularly vulnerable to?

Question 93 options:

attempts to connect to ports below 1023

attempts to connect to the firewall

IP spoofing attacks

attempts to connect to ports above 1023

A

IP spoofing attacks

94
Q

Which best defines residual risk?

Question 94 options:

risk that occurs as a result of new vulnerabilities

a vulnerability for which the risk has been reduced to zero

the amount of risk remaining after countermeasures are implemented

the cost of implementing solutions to an assessed risk

A

the amount of risk remaining after countermeasures are implemented

95
Q

Which of the following best describes a Monte Carlo simulation?

Question 95 options:

a procedural system that simulates a catastrophe

an analytical method that simulates a real-life system for risk analysis

a technique for simulating an attack on a system

a formula that estimates the cost of countermeasures

A

an analytical method that simulates a real-life system for risk analysis

96
Q

Which of the following is true about using VPNs?

Question 96 options:

usually higher performance than leased lines

can use an existing broadband connection

more expensive than leased lines

not dependent on an ISP

A

can use an existing broadband connection

97
Q

What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?

Question 97 options:

multi-homed proxy

three-pronged firewall

three-way packet filter

multi-zone host

A

three-pronged firewall

98
Q

One of the events you should continually monitor is logins.

Question 98 options:
True
False

A

True

99
Q

Another name for a VPN connection is tunnel.

Question 99 options:
True
False

A

True

100
Q

What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server?

Question 100 options:

caching DNS zone

read-only zone A

split-DNS architecture

anti-phishing DNS

A

split-DNS architecture

Network Defense/Countermeasures (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions