Final Exam Flashcards
97%
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
Question 1 options:
IPsec
PPTP
SSL
L2TP
IPsec
Which IPsec component is software that handles the tasks of encrypting, authenticating, decrypting, and checking packets?
Question 2 options:
IKE
IPsec driver
Oakley protocol
ISAKMP
IPsec driver
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
Question 3 options:
DMZ intermediary
caching firewall
proxy server
caching-only DNS server
proxy server
Which of the following is a benefit of using centralized data collection to manage sensor data?
Question 4 options:
data stays on the local network
less administrative time
less network traffic
must use a VPN to transport data
less administrative time
What is a suggested maximum size of a rule base?
Question 5 options:
10 rules
100 rules
300 rules
30 rules
30 rules
Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.
Question 6 options:
True
False
False
The process of testing a network defense system is referred to as which of the following?
Question 7 options:
security auditing
IDPS evaluation
distributed data collection
change management
security auditing
What should a company concerned about protecting its data warehouses and employee privacy consider installing on the network perimeter to prevent direct connections between the internal network and the Internet?
Question 8 options:
router
proxy server
VPN server
ICMP monitor
proxy server
Which of the following is a disadvantage of using a proxy server?
Question 9 options:
may require client configuration
can’t filter based on packet content
slows Web page access
shields internal host IP addresses
may require client configuration
Standards and protocols used in VPNs are in their infancy and seldom used.
Question 10 options:
True
False
False
Computers on the Internet are identified primarily by their IP address.
Question 11 options:
True
False
True
Which of the following is NOT a type of event that you would normally monitor?
Question 12 options:
user account creation
antivirus scanning
access to shared folders
e-mail attachment handling
access to shared folders
A dual-homed host has a single NIC with two MAC addresses.
Question 13 options:
True
False
False
Which of the following is true about the Internet?
Question 14 options:
it was originally built on an extended star topology
it is the same as the World Wide Web
it was established in the mid-1960s
it was developed by a network of banks and businesses
it was established in the mid-1960s
At what layer of the OSI model do proxy servers generally operate?
Question 15 options:
Application
Session ?
Network
Transport
Transport
Since ICMP messages use authentication, man-in-the-middle attacks cannot be successful.
Question 16 options:
True
False
The first phase of the system development life cycle is needs assessment.
Question 17 options:
True
False
True
Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?
Question 18 options:
proxy server
Layer 7 switch
ICMP redirector
translating gateway
proxy server
Which of the following is a network’s ability to detect attacks when they occur and to evaluate the extent of damage and compromise?
Question 19 options:
recovery
recognition
resistance
reliability
recognition
The first step in SNA is the survivability analysis.
Question 20 options:
True
False
False
SQL injection attacks are isolated to custom applications, so administrators can prevent them.
Question 21 options:
True
False
False
Which of the following is described as the combination of an IP address and a port number?
Question 22 options:
portal
datagram
socket
subnet
socket
What is considered the ‘cleanup rule’ on a Cisco router?
Question 23 options:
implicit allow
implicit deny all
explicit prompt
explicit allow all
implicit deny all
Which VPN protocol is a poor choice for high-performance networks with many hosts due to vulnerabilities in MS-CHAP?
Question 24 options:
SSL
IPsec
PPTP
L2TP
PPTP
What type of attack displays false information masquerading as legitimate data?
Question 25 options:
Java applet
SQL injection
buffer overflow
phishing
phishing
Which is best defined as the ability of a system to continue operations despite a failure?
Question 26 options:
adaptation and evolution
reliability audit
survivability analysis
fault tolerance
fault tolerance
Which of the following is considered an asset?
Question 27 options:
intellectual property
unpatched Web server
disgruntled employee
hacker
intellectual property
What should an outside auditing firm be asked to sign before conducting a security audit?
Question 28 options:
search and seizure contract
subpoena
nondisclosure agreement
social engineering covenant
nondisclosure agreement
Network protection is something you should implement initially and then only make changes if there is a serious security breach.
Question 29 options:
True
False
False
Firewalls can protect against employees copying confidential data from within the network.
Question 30 options:
True
False
False
Which of the following is NOT a phase in the system development life cycle?
Question 31 options:
system implementation
performance monitoring
security audit
needs assessment
security audit
Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?
Question 32 options:
NSF
NAP
POP
ISP
NAP
Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate?
Question 33 options:
security association
tunnel
internet key exchange
pairing
security association
A screened host has a router as part of the configuration.
Question 34 options:
True
False
True
Security auditing is the process of documenting countermeasures put in place due to attacks on the network.
Question 35 options:
True
False
True
Where should network management systems generally be placed?
Question 36 options:
out of band
in the server farm
in the DMZ
on the perimeter
out of band
In centralized data collection, data from sensors go to security managers at each corporate office.
Question 37 options:
True
False
Question 38 (1 point)
False
Which element of a rule base conceals internal names and IP addresses from users outside the network?
Question 38 options:
QoS
NAT
filtering
trackin
NAT
What feature of the 13 DNS root servers enables any group of servers to act as a root server?
Question 39 options:
unicast addressing
multicast addressing
broadcast addressing
anycast addressing
anycast addressing
Which of the following defines how employees should use the organization’s computing resources?
Question 40 options:
Network and Internet Policy
Acceptable Use Policy
Computing and Resource Policy
Email and Spam Policy
Acceptable Use Policy
Which of the following shows how devices are connected and includes an IP allocation register?
Question 41 options:
asset table
hardware inventory
security policy
topology map
topology map
What makes IP spoofing possible for computers on the Internet?
Question 42 options:
the DNS hierarchy
network address translation
the 32-bit address space
the lack of authentication
the lack of authentication
In what type of attack are zombies usually put to use?
Question 43 options:
virus
DDoS
spoofing
buffer overrun
DDoS
Which of the following is NOT a step in threat and risk assessment?
Question 44 options:
Threat assessment
Asset definition
Resolution
Recommendation
Resolution
Which of the following is NOT among the six factors needed to create a risk analysis?
Question 45 options:
personnel profiles
probabilities
consequences
threats
personnel profiles
Which of the following is a typical drawback of a free firewall program?
Question 46 options:
oversimplified configuration
have centralized management
cannot monitor traffic in real time
more expensive than hardware firewalls
cannot monitor traffic in real time
Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication?
Question 47 options:
SSL
IPsec
L2TP
PPTP
L2TP
Which of the following is an advantage of hardware firewalls?
Question 48 options:
not scalable compared to software firewalls
not dependent on a conventional OS
less expensive than software firewalls
easy to patch
not dependent on a conventional OS
Most IDPSs use random ports to transfer security data, thereby making it difficult for attackers to exploit.
Question 49 options:
True
False
False
Which of the following is a security-related reason for monitoring and evaluating network traffic?
Question 50 options:
to determine if your IDPS signatures are working well
to optimize your router and switch protocols
to see how many files employees download form the Internet
to create substantial data to analyze
signatures are working well
Which of the following best describes ROI?
Question 51 options:
the cost of mitigating a threat
how long before an investment will pay for itself
the chance that a threat will result in lost money
the benefits of setting security priorities
how long before an investment will pay for itself
Which of the following is a top-level digital certificate in the PKI chain?
Question 52 options:
RRSIG record
DNSSEC resolver
security-aware resolver
trust anchor
trust anchor
Which IPsec component authenticates TCP/IP packets to ensure data integrity?
Question 53 options:
AH
ESP
ISAKMP
IKE
AH
Which activity performed by VPNs encloses a packet within another packet?
Question 54 options:
encryption
address translation
encapsulation
authentication
encapsulation
What is considered the first step in formulating a security policy?
Question 55 options:
elimination of threats
system monitoring
risk reduction
risk analysis
risk analysis
Which of the following is true about a screening router?
Question 56 options:
it examines the data in the packet to make filtering decisions ?
it maintains a state table to determine connection information
it can stop attacks from spoofed addresses
it should be combined with a firewall for better security
it should be combined with a firewall for better security
Which of the following is true about software VPNs?
Question 57 options:
best when all router and firewall hardware is the same
configuration is easy since there is no OS to rely upon
usually less flexible than hardware VPNs
more cost-effective than hardware VPNs
more cost-effective than hardware VPNs
What type of DNS server is authoritative for a specific domain?
Question 58 options:
primary
secondary
read-only
initial
primary
Which VPN protocol leverages Web-based applications?
Question 59 options:
L2TP
SSL
PPTP
SSL
Which aspect of strengthening the performance of IDPS may involve degaussing?
Question 60 options:
managing bandwidth
managing memory
managing processors
managing storage
managing storage
Change management should be used before making changes to firewall or IDPS rules that affect users.
Question 61 options:
True
False
True
Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets?
Question 62 options:
ports
TCP flags
IP address
data patterns
data patterns
Which of the following is NOT typically an aspect of a security event management program?
Question 63 options:
monitoring events
managing data from sensors
managing IDPS firmware
managing change
managing IDPS firmware
Stateless packet filtering keeps a record of connections that a host computer has made with other computers.
Question 64 options:
True
False
False
Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?
Question 65 options:
limit table access
place the database server in a DMZ
use stored procedures
use standard naming conventions
use standard naming conventions
What is a zone transfer?
Question 66 options:
the movement of e-mail from one domain to another
updating a secondary DNS server
copying host file data to another system
backing up an SQL data file
updating a secondary DNS server
Which of the following best describes a bastion host?
Question 67 options:
a computer running a standard OS that also has proxy software installed
a computer on the perimeter network that is highly protected
a computer running only embedded firmware
a host with two or more network interfaces
a computer on the perimeter network that is highly protected
What is a critical step you should take on the OS you choose for a bastion host?
Question 68 options:
choose an obscure OS with which attackers are unfamiliar
ensure all security patches are installed
customize the OS for bastion operation
make sure it is the latest OS version
ensure all security patches are installed
Which of the following requires you to assist police by appearing in court or producing evidence?
Question 69 options:
de facto agent
search warrant
subpoena
the 4th amendment
subpoena
Which type of firewall configuration protects public servers by isolating them from the internal network?
Question 70 options:
screened subnet DMZ
dual-homed host
reverse firewall
screening router
screened subnet DMZ
An operational audit looks for accounts that have weak or blank passwords.
Question 71 options:
True
False
True
Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?
Question 72 options:
authentication
data confidentiality
NTFS permissions
access control
access control
Which of the following would be considered a vulnerability?
Question 73 options:
installation of a firewall
antivirus software
spyware
Internet-connected computer
Internet-connected computer
The Cisco PIX line of products is best described as which of the following?
Question 74 options:
firewall appliance
PC with firewall installed
software firewall
VPN gateway
firewall appliance
Which variation on phishing modifies the user’s host file to redirect traffic?
Question 75 options:
pharming
spear phishing
DNS phishing
hijacking
pharming
Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server’s current load and processing power?
Question 76 options:
load-balancing software
server pooling software
priority server farm
traffic distribution filter
load-balancing software
Which of the following best describes a DMZ?
Question 77 options:
a private subnet that is inaccessible to both the Internet and the company network
a proxy server farm used to protect the identity of internal servers
a subnet of publicly accessible servers placed outside the internal network
a network of computers configured with robust firewall software
a subnet of publicly accessible servers placed outside the internal network
What should you consider installing if you want to inspect packets as they leave the network?
Question 78 options:
security workstation
filtering proxy
reverse firewall
RIP router
reverse firewall
What type of attack involves plaintext scripting that affects databases?
Question 79 options:
SQL injection
phishing
ActiveX control
Java applet
SQL injection
How much space is typically needed to store IDPS data?
Question 80 options:
at least a terabyte
a megabyte or two
a gigabyte or more
a few hundred Kilobytes
a gigabyte or more
Hardware VPNs create a gateway-to-gateway VPN.
Question 81 options:
True
False
True
Which of the following is NOT a factor a secure VPN design should address?
Question 82 options:
performance
authentication
nonrepudiation
encryption
nonrepudiation
Which of the following is NOT true about a hardware VPN?
Question 83 options:
have more security vulnerabilities than software VPNs
create a gateway-to-gateway VPN
can handle more traffic than software VPNs
should be the first choice for fast-growing networks
have more security vulnerabilities than software VPNs
Which of the following is a type of VPN connection?
Question 84 options:
remote gateway
site-to-server
client-to-site
server-to-client
client-to-site
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization’s security policy?
Question 85 options:
the public can access the company Web servers
only authenticated traffic can access the internal network
employees can have restricted Internet access
employees can use instant-messaging only with external network users
employees can use instant-messaging only with external network users
Once written, a security policy should not be altered so that you can maintain consistency.
Question 86 options:
True
False
False
What type of attack exploits a lack of bounds checking on the size of data stored in an array?
Question 87 options:
buffer overflow
phishing
ActiveX control
SQL injection
buffer overflow
What approach to security calls for security through a variety of defensive techniques that work together?
Question 88 options:
PoE
DOA
DiD
WoL
DiD
Which of the following is true about a dual-homed host?
Question 89 options:
uses a single NIC to manage two network connections
its main objective is to stop worms and viruses
it is used as a remote access server in some configurations
serves as a single point of entry to the network
serves as a single point of entry to the network
The term Internet and World Wide Web are different terms that mean the same thing.
Question 90 options:
True
False
False
Which type of change does NOT typically require the use of change management procedures?
Question 91 options:
new VPN gateways
new password systems or procedures
changing a manager’s permissions to a file
changes to ACLs
changing a manager’s permissions to a file
Which of the following is NOT an essential element of a VPN?
Question 92 options:
authentication server
tunnel
VPN client
authentication server
What type of attack are stateless packet filters particularly vulnerable to?
Question 93 options:
attempts to connect to ports below 1023
attempts to connect to the firewall
IP spoofing attacks
attempts to connect to ports above 1023
IP spoofing attacks
Which best defines residual risk?
Question 94 options:
risk that occurs as a result of new vulnerabilities
a vulnerability for which the risk has been reduced to zero
the amount of risk remaining after countermeasures are implemented
the cost of implementing solutions to an assessed risk
the amount of risk remaining after countermeasures are implemented
Which of the following best describes a Monte Carlo simulation?
Question 95 options:
a procedural system that simulates a catastrophe
an analytical method that simulates a real-life system for risk analysis
a technique for simulating an attack on a system
a formula that estimates the cost of countermeasures
an analytical method that simulates a real-life system for risk analysis
Which of the following is true about using VPNs?
Question 96 options:
usually higher performance than leased lines
can use an existing broadband connection
more expensive than leased lines
not dependent on an ISP
can use an existing broadband connection
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?
Question 97 options:
multi-homed proxy
three-pronged firewall
three-way packet filter
multi-zone host
three-pronged firewall
One of the events you should continually monitor is logins.
Question 98 options:
True
False
True
Another name for a VPN connection is tunnel.
Question 99 options:
True
False
True
What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server?
Question 100 options:
caching DNS zone
read-only zone A
split-DNS architecture
anti-phishing DNS
split-DNS architecture