FIREWALLS VPNS Flashcards
1
Q
- Firewalls can be categorized by processing mode, development era, or structure.
A
T
2
Q
- The firewall can often be deployed as a separate network containing a number of supporting devices.
A
T
3
Q
- Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database.
A
T
4
Q
- A packet’s structure is independent from the nature of the packet.
A
F
5
Q
- The ability to restrict a specific service is now considered standard in most routers and is invisible to the user.
A
T
6
Q
- The application firewall runs special software that acts as a proxy for a service request.
A
T
7
Q
- A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network.
A
F
8
Q
- Circuit gateway firewalls usually look at data traffic flowing between one network and another.
A
F
9
Q
- The Cisco security kernel contains three component technologies: the Interceptor/Packet Analyzer, the Security Verification ENgine (SVEN), and Kernel Proxies.
A
T
10
Q
- Internal computers are always visible to the public network.
A
F
11
Q
- The SMC Barricade residential broadband router does not have an intrusion detection feature.
A
F
12
Q
- One method of protecting the residential user is to install a software firewall directly on the user’s system.
A
T
13
Q
- There are limits to the level of configurability and protection that software firewalls can provide.
A
T
14
Q
- All organizations with an Internet connection have some form of a router at the boundary between the organization’s internal networks and the external service provider.
A
F
15
Q
- The DMZ cannot be a dedicated port on the firewall device linking a single bastion host.
A
F
16
Q
- The screened subnet protects the DMZ systems and information from outside threats by providing a network of intermediate security.
A
T
17
Q
- Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation
A
T
18
Q
- Syntax errors in firewall policies are usually difficult to identify.
A
F
19
Q
- When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.
A
T
20
Q
- Firewall Rule Set 1 states that responses to internal requests are not allowed.
A
F
21
Q
- Some firewalls can filter packets by protocol name.
A
T
22
Q
- It is important that e-mail traffic reach your e-mail server and only your e-mail server.
A
T
23
Q
- Though not used much in Windows environments, Telnet is still useful to systems administrators on Unix/Linux systems.
A
T
24
Q
- A content filter is technically a firewall.
A
F
25
Q
- A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations.
A
T
26
Q
- Internet connections via dial-up and leased lines are becoming more popular.
A
F
27
Q
- The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication.
A
F
28
Q
- Even if Kerberos servers are subjected to denial-of-service attacks, a client can request additional services.
A
F
29
Q
- A VPN allows a user to use the Internet into a private network.
A
T
30
Q
- On the client end, a user with Windows 2000 or XP can establish a VPN by configuring his or her system to connect to a VPN server.
A
T
31
Q
- Firewalls fall into ____ major processing-mode categories.
a. two c. four
b. three d. five
A
d. five
32
Q
- ____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
a. Packet-filtering c. Circuit gateways
b. Application gateways d. MAC layer firewalls
A
a. Packet-filtering
33
Q
- The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
a. IP source and destination address
b. Direction (inbound or outbound)
c. TCP or UDP source and destination port requests
d. All of the above
A
d. All of the above
34
Q
- ____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.
a. Dynamic c. Stateful
b. Static d. Stateless
A
b. Static
35
Q
- A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event.
a. dynamic c. stateful
b. static d. stateless
A
a. dynamic
36
Q
- ____ inspection firewalls keep track of each network connection between internal and external systems.
a. Static c. Stateful
b. Dynamic d. Stateless
A
c. Stateful
37
Q
- The application gateway is also known as a(n) ____.
a. application-level firewall c. proxy firewall
b. client firewall d. All of the above
A
a. application-level firewall
38
Q
- The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.
a. fully trusted c. demilitarized
b. hot d. cold
A
c. demilitarized
39
Q
- The ____ is an intermediate area between a trusted network and an untrusted network.
a. perimeter c. domain
b. DMZ d. firewall
A
b. DMZ
40
Q
- ____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
a. MAC layer c. Application gateways
b. Circuit gateway d. Packet filtering
A
a. MAC layer
41
Q
- In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.
a. UDPs c. WANs
b. MACs d. WAPs
A
d. WAPs
42
Q
- Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.
a. trusted c. single
b. domain d. sacrificial
A
d. sacrificial
43
Q
- The dominant architecture used to secure network access today is the ____ firewall.
a. static c. unlimited
b. bastion d. screened subnet
A
d. screened subnet
44
Q
- ____ is the protocol for handling TCP traffic through a proxy server.
a. SOCKS c. FTP
b. HTTPS d. Telnet
A
a. SOCKS
45
Q
- Telnet protocol packets usually go to TCP port ____.
a. 7 c. 14
b. 8 d. 23
A
d. 23
46
Q
- ICMP uses port ____ to request a response to a query and can be the first indicator of a malicious attack.
a. 4 c. 8
b. 7 d. 48
A
b. 7
47
Q
- In most common implementation models, the content filter has two components: ____.
a. encryption and decryption c. rating and decryption
b. filtering and encoding d. rating and filtering
A
d. rating and filtering
48
Q
- ____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection.
a. RADIUS c. TUNMAN
b. RADIAL d. IPSEC
A
a. RADIUS
49
Q
- Which of the following is a valid version of TACACS?
a. TACACS c. TACACS+
b. Extended TACACS d. All of the above
A
d. All of the above
50
Q
- ____ generates and issues session keys in Kerberos.
a. VPN c. AS
b. KDC d. TGS
A
b. KDC
51
Q
- Kerberos ____ provides tickets to clients who request services.
a. KDS c. AS
b. TGS d. VPN
A
b. TGS
52
Q
- In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.
a. VPN c. ticket
b. ECMA d. PAC
A
d. PAC
53
Q
- A(n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.”
a. SVPN c. SESAME
b. VPN d. KERBES
A
b. VPN
54
Q
- In ____ mode, the data within an IP packet is encrypted, but the header information is not.
a. tunnel c. public
b. transport d. symmetric
A
b. transport
55
Q
- ISA Server can use ____ technology.
a. PNP c. RAS
b. Point to Point Tunneling Protocol d. All of the above
A
b. Point to Point Tunneling Protocol
