FIREWALLS VPNS

Question 1

1. Firewalls can be categorized by processing mode, development era, or structure.

Answer 1

T

Question 2

2. The firewall can often be deployed as a separate network containing a number of supporting devices.

Answer 2

T

Question 3

3. Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database.

Answer 3

T

Question 4

4. A packet’s structure is independent from the nature of the packet.

Answer 4

F

Question 5

5. The ability to restrict a specific service is now considered standard in most routers and is invisible to the user.

Answer 5

T

Question 6

6. The application firewall runs special software that acts as a proxy for a service request.

Answer 6

T

Question 7

7. A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network.

Answer 7

F

Question 8

8. Circuit gateway firewalls usually look at data traffic flowing between one network and another.

Answer 8

F

Question 9

9. The Cisco security kernel contains three component technologies: the Interceptor/Packet Analyzer, the Security Verification ENgine (SVEN), and Kernel Proxies.

Answer 9

T

Question 10

10. Internal computers are always visible to the public network.

Answer 10

F

Question 11

11. The SMC Barricade residential broadband router does not have an intrusion detection feature.

Answer 11

F

Question 12

12. One method of protecting the residential user is to install a software firewall directly on the user’s system.

Answer 12

T

Question 13

13. There are limits to the level of configurability and protection that software firewalls can provide.

Answer 13

T

Question 14

14. All organizations with an Internet connection have some form of a router at the boundary between the organization’s internal networks and the external service provider.

Answer 14

F

Question 15

15. The DMZ cannot be a dedicated port on the firewall device linking a single bastion host.

Answer 15

F

Question 16

16. The screened subnet protects the DMZ systems and information from outside threats by providing a network of intermediate security.

Answer 16

T

Question 17

17. Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation

Answer 17

T

Question 18

18. Syntax errors in firewall policies are usually difficult to identify.

Answer 18

F

Question 19

19. When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.

Answer 19

T

Question 20

20. Firewall Rule Set 1 states that responses to internal requests are not allowed.

Answer 20

F

Question 21

21. Some firewalls can filter packets by protocol name.

Answer 21

T

Question 22

22. It is important that e-mail traffic reach your e-mail server and only your e-mail server.

Answer 22

T

Question 23

23. Though not used much in Windows environments, Telnet is still useful to systems administrators on Unix/Linux systems.

Answer 23

T

Question 24

24. A content filter is technically a firewall.

Answer 24

F

Question 25

25. A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.

Answer 25

T

Question 26

26. Internet connections via dial-up and leased lines are becoming more popular.

Answer 26

F

Question 27

27. The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication.

Answer 27

F

Question 28

28. Even if Kerberos servers are subjected to denial-of-service attacks, a client can request additional services.

Answer 28

F

Question 29

29. A VPN allows a user to use the Internet into a private network.

Answer 29

T

Question 30

30. On the client end, a user with Windows 2000 or XP can establish a VPN by configuring his or her system to connect to a VPN server.

Answer 30

T

Question 31

1. Firewalls fall into ____ major processing-mode categories.
   a. two c. four
   b. three d. five

Answer 31

d. five

Question 32

2. ____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
   a. Packet-filtering c. Circuit gateways
   b. Application gateways d. MAC layer firewalls

Answer 32

a. Packet-filtering

Question 33

3. The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
   a. IP source and destination address
   b. Direction (inbound or outbound)
   c. TCP or UDP source and destination port requests
   d. All of the above

Answer 33

d. All of the above

Question 34

4. ____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.
   a. Dynamic c. Stateful
   b. Static d. Stateless

Answer 34

b. Static

Question 35

5. A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event.
   a. dynamic c. stateful
   b. static d. stateless

Answer 35

a. dynamic

Question 36

6. ____ inspection firewalls keep track of each network connection between internal and external systems.
   a. Static c. Stateful
   b. Dynamic d. Stateless

Answer 36

c. Stateful

Question 37

7. The application gateway is also known as a(n) ____.
   a. application-level firewall c. proxy firewall
   b. client firewall d. All of the above

Answer 37

a. application-level firewall

Question 38

8. The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.
   a. fully trusted c. demilitarized
   b. hot d. cold

Answer 38

c. demilitarized

Question 39

9. The ____ is an intermediate area between a trusted network and an untrusted network.
   a. perimeter c. domain
   b. DMZ d. firewall

Answer 39

b. DMZ

Question 40

10. ____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
    a. MAC layer c. Application gateways
    b. Circuit gateway d. Packet filtering

Answer 40

a. MAC layer

Question 41

11. In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.
    a. UDPs c. WANs
    b. MACs d. WAPs

Answer 41

d. WAPs

Question 42

12. Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.
    a. trusted c. single
    b. domain d. sacrificial

Answer 42

d. sacrificial

Question 43

13. The dominant architecture used to secure network access today is the ____ firewall.
    a. static c. unlimited
    b. bastion d. screened subnet

Answer 43

d. screened subnet

Question 44

14. ____ is the protocol for handling TCP traffic through a proxy server.
    a. SOCKS c. FTP
    b. HTTPS d. Telnet

Answer 44

a. SOCKS

Question 45

15. Telnet protocol packets usually go to TCP port ____.
    a. 7 c. 14
    b. 8 d. 23

Answer 45

d. 23

Question 46

16. ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack.
    a. 4 c. 8
    b. 7 d. 48

Answer 46

b. 7

Question 47

17. In most common implementation models, the content filter has two components: ____.
    a. encryption and decryption c. rating and decryption
    b. filtering and encoding d. rating and filtering

Answer 47

d. rating and filtering

Question 48

18. ____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection.
    a. RADIUS c. TUNMAN
    b. RADIAL d. IPSEC

Answer 48

a. RADIUS

Question 49

19. Which of the following is a valid version of TACACS?
    a. TACACS c. TACACS+
    b. Extended TACACS d. All of the above

Answer 49

d. All of the above

Question 50

20. ____ generates and issues session keys in Kerberos.
    a. VPN c. AS
    b. KDC d. TGS

Answer 50

b. KDC

Question 51

21. Kerberos ____ provides tickets to clients who request services.
    a. KDS c. AS
    b. TGS d. VPN

Answer 51

b. TGS

Question 52

22. In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.
    a. VPN c. ticket
    b. ECMA d. PAC

Answer 52

d. PAC

Question 53

23. A(n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.”
    a. SVPN c. SESAME
    b. VPN d. KERBES

Answer 53

b. VPN

Question 54

24. In ____ mode, the data within an IP packet is encrypted, but the header information is not.
    a. tunnel c. public
    b. transport d. symmetric

Answer 54

b. transport

Question 55

25. ISA Server can use ____ technology.
    a. PNP c. RAS
    b. Point to Point Tunneling Protocol d. All of the above

Answer 55

b. Point to Point Tunneling Protocol