IS3220 CHAPTER 2

Question 1

This is a port or portal authentication. A mechanism commonly used by network devices, such as firewalls, routers, switches, and wireless access points, to perform authentication of users before allowing communication to continue across or through the device. The authentication can take place locally on the device or go to and authentications service, such as a credit card payment system, PKI, or directory service. This is called ___?

Answer 1

802.1x

Question 2

Malicious software programs distributed by hackers to take over control of victim’s computers. AKA bot or zombies. These are commonly used to construct botnets and are called ___?

Answer 2

AGENTS

Question 3

The calculation of the total loss potential across a year for a given asset and a specific threat. This is called ___?

Answer 3

ANNUALIZED LOSS EXPECTANCY (ALE)

Question 4

A probability prediction based on statistics and historical occurrences on the likelihood of how many times in the next year is a threat going to cause harm. This is called ___?

Answer 4

ANNUALIZED RATE OF OCCURRENCE (ARO)

Question 5

A hardened hardware firewall is called an ___?

Answer 5

APPLIANCE FIREWALL

Question 6

The top or seventh layer of the OSI model. This layer is responsible for enabling communications with host software, including the operating system. This layer is the interface between host software and the network protocol stack. the sub-protocols of this layer support specific applications or types of data and is called ___?

Answer 6

APPLICATION LAYER (LAYER 7)

Question 7

A type of firewall that filters on a specific application’s content and session information is called ___?

Answer 7

APPLICATION PROXY/FIREWALL/GATEWAY

Question 8

The cumulative value of an asset based on both tangible and intangible values. This supports the SLE calculation and is called ___?

Answer 8

ASSET VALUE (AV)

Question 9

A firewall positioned at the initial entry point where a network interfaces with the Internet. It serves as the first line of defense for the network. AKA a sacrificial host and is called ___?

Answer 9

BASTION HOST

Question 10

A description often applied to firewalls positioned on network zone transitions or gateway locations and is called ___?

Answer 10

BORDER SENTRY

Question 11

A network of zombie/bot/agent-comprised systems controlled by a hacker is called ___?

Answer 11

BOTNETS

Question 12

Malicious software programs distributed by hackers to take over control of victims’ computers. AKA agents or zombies. These are commonly used to construct botnets and are called ___?

Answer 12

BOTS

Question 13

A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. AKA session or a state and is called ___?

Answer 13

CIRCUIT

Question 14

A filtering device that allows or denies the initial creation of a circuit, session, or state, but performs no subsequent filtering on the circuit once established and is called ___?

Answer 14

CIRCUIT PROXY/FIREWALL

Question 15

A type of software product that is pre-compiled and whose source code is undisclosed is called ___?

Answer 15

CLOSED SOURCE

Question 16

A firewall product designed for larger networks. Usually a commercial firewall is a hardware device and is called ___?

Answer 16

COMMERCIAL FIREWALL

Question 17

A form of filtering that focuses on traffic content. Application proxies perform most of these and are called ___?

Answer 17

CONTENT FILTERING

Question 18

The final equation of risk analysis to assess the relative benefit of a countermeasure against the potential annual loss of a given asset exposed to a specific threat is called ___?

Answer 18

COST/BENEFIT

Question 19

The second layer of the OSI model responsible for physical addressing (MAC addresses) and supporting the network topology, such as Ethernet is called ___?

Answer 19

DATA LINK LAYER (LAYER 2)

Question 20

A form of auto-initian switch that triggers when the ongoing prevention mechanism fails. These often include firewalls and hand grenades. If the firewall stops functioning, the connection is severed. This is called ___?

Answer 20

DEAD-MAN SWITCH

Question 21

The action of processing the contents of a header, removing that header, and sending the remaining payload up to the appropriate protocol in the next higher layer in the OSI model is called ___?

Answer 21

DE-ENCAPSULATION

Question 22

A firewall that has two network interfaces. Each network interface is located in a uniques network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another and is called ___?

Answer 22

DUAL-HOMED FIREWALL

Question 23

The process of automatically created temporary filters. In most cases, the filters allow inbound responses to previous outbound requests. AKA stateful inspection. This is called ___?

Answer 23

DYNAMIC PACKET FILTERING

Question 24

The potential amount of harm from a specific threat stated as a percentage. Used in the calculation of SLE and is called ___?

Answer 24

EXPOSURE FACTOR (EF)

Question 25

A failure response resulting in a secured or safe level of access or communication is called ___?
A failure response resulting in a secured or safe level of access communication is called ___?
(2 answers)

Answer 25

FAIL-SAFE

FAIL-SECURE

Question 26

The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on the content. Firewalls and other security components use this. This is called ___?

Answer 26

FILTERING

Question 27

A network security device or host software that filters communications, usually network traffic, is based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. AKA a sentry device and is called ___?

Answer 27

FIREWALL

Question 28

The collection of data at the Data Link layer (Layer 2) of the OSI model, defined by the Ethernet IEEE802.3 standard, that consists of a payload from the Network layer (Layer 3) to which an Ethernet header and footer have been attached is called ___?

Answer 28

FRAME

Question 29

An entrance or exit point to a controlled space. A firewall is often positioned at the is of a network to block unwanted traffic and is called ___?

Answer 29

GATEWAY

Question 30

The physical address assigned to a network interface by the manufacturer. AKA the MAC address is called ___?

Answer 30

HARDWARE ADDRESS

Question 31

An appliance firewall. A hardened computer product that hosts firewall software exclusively is called ___?

Answer 31

HARDWARE FIREWALL

Question 32

The additional data added to the front of a payload at each layer of the OSI model that includes layer-specific information is called ___?

Answer 32

HEADER

Question 33

A software firewall installed on a client or server is called a ___?

Answer 33

HOST FIREWALL

Question 34

These are not directly related to budgetary funds. They can include, but not limited to: research and development, marketing edge, competition value, first to market, intellectual property, public opinion, quality of service, name recognition, repeat customers, loyalty, honesty, dependability, assurance, reliability, trademarks, patents, privacy etc is called ___?

Answer 34

INTANGIBLE COST/VALUE

Question 35

A commonly used protocol found in the Network layer (Layer 3). This rides as the payload of an IP packet. It supports network health and testing. commonly abused by hackers for flooding and probing attacks. This is called ___?

Answer 35

INTERNET CONTROL MESSAGE PROTOCOL (ICMP)

Question 36

The temporary logical address assigned to hosts on a network. This is managed and controlled at the Network layer (Layer 3) of the OSI model and called ___?

Answer 36

IP ADDRESS

Question 37

A temporarily assigned address given to a host. IP address is a common example of this. Most of these exist a the Network layer (Layer 3) of the OSI model. This is called ___?

Answer 37

LOGICAL ADDRESS

Question 38

The physical address assigned to a network interface by the manufacturer. This is know as the Organizationally Unique Identifier (OUI) or vender ID, the last half is the unique serial number of the NIC and is called ___?

Answer 38

MAC ADDRESS

Question 39

This is the third layer of the OSI model. This layer is responsible for logical address (IP addresses and routing traffic. This is called ___?

Answer 39

NETWORK LAYER (LAYER 3)

Question 40

A type of software product that may or may not be pre-compiled and whose source code is freely disclosed and available for review and modification and is called ___?

Answer 40

OPEN SOURCE

Question 41

This is a standard conceptual tool used to discuss protocols and their functions. It has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While this helps to discuss protocols, mow protocols are not in full compliance with it. This is called ___?

Answer 41

OPEN SYSTEM INTERCONNECTION REFERENCE MODEL (OSI MODEL)

Question 42

The collection of data at the Network layer (Layer 3) of the OSI model. It consists of the payload from the Transport layer (Layer 4) above and the Network layer header. This is called ___?

Answer 42

PACKET

Question 43

The non-header component of a PDU/segment/packet/frame. This is the data received from the layer above that includes the above layer’s header and its ___.

Answer 43

PAYLOAD

Question 44

Typically a software host firewall installed on a home computer or network client. This can also refer to SOHO hardware firewalls such as those found on DSL and cable modems and wireless access point. This is called ___?

Answer 44

PERSONAL FIREWALL

Question 45

The hardware address assigned to a network interface by the manufacturer. AKA the MAC address is called ___?

Answer 45

PHYSICAL ADDRESS

Question 46

The bottom or first layer of the OSI model. This layer converts data into transmitted bits over the physical network medium and is called ___?

Answer 46

PHYSICAL LAYER (LAYER 1)

Question 47

The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (AKA reverse proxy and static NAT). This is called ___?

Answer 47

PORT FORWARDING

Question 48

The addressing scheme used at the Transport layer (Layer 4) of the OSI model. There are 65,535 ports, each of which can in theory support a single simultaneous communication. This is called ___?

Answer 48

PORT NUMBER

Question 49

A combination of several cryptographic components to create a real-world solution that provides secure communications, storage, and identification services. This is called ___?

Answer 49

PUBLIC KEY INFRASTRUCTURE (PKI)

Question 50

The sixth layer of the OSI model translates the data received from host software into a format acceptable to the network. This layer also performs this task in reverse for data coming from the network to host software and is called ___?

Answer 50

PRESENTATION LAYER (LAYER 6)

Question 51

The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (AKA a socket) to an internal resource server. AKA as port forwarding and static network address translation (NAT). This is called ___?

Answer 51

REVERSE PROXY

Question 52

This is the process of examining values, threat levels, likelihoods, and total cost of compromise versus the value of the resource and the cost of the protection. This involves the use of values and calculations, such as AV, EF, SLE, ARO, ALE, and the cost/benefit equation. This is called ___?

Answer 52

RISK ASSESSMENT

Question 53

Performing risk assessment, and then acting on the results to reduce or mitigate risk. Often risk assessment establishes a new security policy and then aids in revising it over time. This is called ___?

Answer 53

RISK MANAGEMENT

Question 54

The list of rules on a firewall (or router or switch) that determine what traffic is and is not allowed to cross the filtering device. Most rule sets employ a first-match-apply action process and is called ___?

Answer 54

RULE SET

Question 55

A written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of concern appears in traffic. Also known as a filter or ACL and is called ___?

Answer 55

RULES

Question 56

A firewall positioned at the initial entry point where a network interfaces with the Internet serving as the first line of defense for the network. AKA a bastion host and is called ___?

Answer 56

SACRIFICIAL HOST

Question 57

A router that can perform basic static packet filtering services in addition to routing functions. This is the predecessor of modern firewalls and is called ___?

Answer 57

SCREENING ROUTER

Question 58

A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. Netscape designed in 1997 for secure Web commerce, but it can encrypt any traffic above the Transport layer. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data and is called ___?

Answer 58

SECURE SOCKETS LAYER (SSL)

Question 59

The collection of data at the Transport layer (Layer 4) of the OSI model. It consists of the payload from the Session layer (Layer 5) above and the Transport layer header. TCP segments are a common example. This is called ___?

Answer 59

SEGMENT

Question 60

A logical connection between a client and a resource server. AKA a circuit or a state and is called ___?

Answer 60

SESSION

Question 61

The fifth layer of the OSI model. This layer manages the communication channel, known as a session, between the endpoints of the network communication. A single transport layer connection between two systems can support multiple simultaneous sessions and is called ___?

Answer 61

SESSION LAYER (LAYER 5)

Question 62

The calculation of the loss potential across a single incident for a given asset and a specific threat. This is called ___?

Answer 62

SINGLE LOSS EXPECTANCY (SLE)

Question 63

The combination of an IP address and a port number as a complete address is called ___?

Answer 63

SOCKET

Question 64

A host firewall installed on a client or server is called ___?

Answer 64

SOFTWARE FIREWALL

Question 65

The falsification of information. Often this is the attempt to hide the true identity of a user or the true origin of a communication and is called ___?

Answer 65

SPOOFING

Question 66

A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. AKA a session or a circuit and is called ___?

Answer 66

STATE

Question 67

The process of automatically tracking sessions or states to allow inbound responses to previous outbound requests. AKA dynamic packet filtering and is called ___?

Answer 67

STATEFUL INSPECTION

Question 68

The static coding of a translation pathway across a NAT service. AKA port forwarding and reverse proxy and is called ___?

Answer 68

STATIC NAT

Question 69

A method of filtering using a static or fixed set of rules to filter network traffic. The rules can focus on source or destination IP address, source or destination port number. IP header protocol field value, ICMP types is called ___?

Answer 69

STATIC PACKET FILTERING

Question 70

Costs or values directly related to budgetary funds. They can include, but are not limit to: purchase, licenses, maintenance, management, administration, support, utilities, training, troubleshooting, hardware, software, update/upgrades, etc. This is called ___?

Answer 70

TANGIBLE COST/VALUE

Question 71

The connection-oriented protocol operating at the Transport layer (Layer 4) of the OSI model is called ___?

Answer 71

TRANSMISSION CONTROL PROTOCOL (TCP)

Question 72

This layer of the OSI model formats and handles data transportation. This transportation is independent of and transparent to the application. This is called ___?

Answer 72

TRANSPORT LAYER (LAYER 4)

Question 73

A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data. This is called ___?

Answer 73

TRANSPORT LAYER SECURITY (TLS)

Question 74

A form of encryption AKA point-to-point or host-to-host encryption. This protects only the payload of traffic and leaves the header in plain-text original form. This is called ___?

Answer 74

TRANSPORT MODE ENCRYPTION

Question 75

A firewall that has three network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic traversing from one segment to another. This is called ___?

Answer 75

TRIPLE-HOMED FIREWALL

Question 76

A form of encryption AKA site-to-site LAN-to-LAN, gateway-to-gateway, host-to-LAN, and remote access encryption. This performs a complete encapsulation of the original traffic into a new tunneling protocol. The entire original header and payload are encrypted and a temporary link or tunnel header guides the data across the intermediary network and is called ___?

Answer 76

TUNNEL MODE ENCRYPTION

Question 77

The connectionless protocol operating at the Transport layer (Layer 4) of OSI and is called ___?

Answer 77

USER DATAGRAM PROTOCOL (UDP)

Question 78

Malicious software programs distributed by hackers to take over control of victims’ computers. AKA bots or agents. These are commonly used to construct botnets and are called ___?

Answer 78

ZOMBIES

Question 79

Any segment, subnet, network, or collection of networks that represent a certain level of risk. The higher the risk, the higher the security needed to protect against that risk. The less the risk of a zone, the lower the security needed because fewer threats exist or existing threats are less harmful. This is called ___?

Answer 79

ZONE OF RISK

Question 80

Any segment, subnet, network, or collection of networks that represent a certain level of trust. Highly trusted zones require less security, while low trusted zones require more security. This is called ___?

Answer 80

ZONE OF TRUST

Question 81

1. What is another term for the individual rules in a firewall rule set?
2. States
3. Exceptions
4. Policies
5. Referrals
6. Sentries

Answer 81

Exceptions

Question 82

2. which of the following is NOT associated with a firewall?
3. Fail-secure
4. Sentry device
5. Fail-open
6. Choke point
7. Filtering service

Answer 82

Fail-open

Question 83

3. A firewall is designed to allow what type of traffic to traverse its interfaces?
4. Authorized
5. Non-benign
6. Unknown
7. Abnormal
8. Malicious

Answer 83

Authorized

Question 84

4. What is the first step in deploying a firewall?
5. Determining the filtering process
6. Defining rules
7. Selecting a security stance
8. Purchasing a license
9. Writing a security policy

Answer 84

Writing a security policy

Question 85

5. Which of the following is the best description of a firewall?
6. An authentication service
7. A remote access server
8. Resource host
9. A sentry device
10. Malicious code scanner

Answer 85

A sentry device

Question 86

6. A border firewall cannot protect against which of the following?
7. Flooding attacks
8. Inside attacking another internal target
9. Protocol abuses
10. Unauthorized inbound service requests
11. Port scans

Answer 86

Inside attacking another internal target

Question 87

7. All of the following are mistakes in firewall security EXCEPT:
8. Managing security poorly
9. Deploying too many firewalls
10. Using firewalls to provide filtering for networks and hosts
11. Not writing a security policy
12. Failing to keep current with updates and patches

Answer 87

Using firewalls to provide filtering for networks and hosts

Question 88

8. What is the primary reason a firewall is an essential security product?
9. Low cost of deployment
10. Threats exist
11. High ROI
12. Native protocol encryption
13. Interoperability

Answer 88

Threats exist

Question 89

9. What technique determines if firewall is the best countermeasure choice for a particular threat against a specific asset?
10. Conducting a risk assessment
11. Reading blogs
12. Buying the least expensive option
13. Only using open-source products
14. Using products from a single vendor

Answer 89

Conducting a risk assessment

Question 90

10. Which of the following is NOT a common zone of risk?
11. An extranet
12. A DMZ
13. A private LAN
14. The Internet
15. Department subnets

Answer 90

Department subnets

Question 91

11. Which of the following statements is true?
12. A firewall can be deployed as a bastion host
13. Firewalls protect resources
14. Firewalls are often the first line of defense for a network
15. Firewalls are part of an overall security strategy
16. All the above

Answer 91

A firewall can be deployed as a bastion host
Firewalls protect resources
Firewalls are often the first line of defense for a network
Firewalls are part of an overall security strategy

ALL

Question 92

12. When a one way or sieve firewall protecting you network allows external initiations of communications to occur over a specific socket, this is known as:
13. Static NAT
14. Traffic forwarding
15. Port forwarding
16. Reverse proxy
17. All the above

Answer 92

Static NAT
Traffic forward
Port forwarding
Reverse proxy

ALL

Question 93

13. What is ingress filtering?
14. Restricting traffic to a specific subnet
15. Preventing traffic from leaving a network
16. Limiting host activities to that host
17. Monitoring traffic on its way inbound
18. Blocking access to external resource sockets

Answer 93

Monitoring traffic on its way inbound

Question 94

14. Content filtering can focus on the following aspects of traffic EXCEPT:
15. Source or destination IP address
16. Keywords in the payload
17. URLs
18. File extensions
19. Domain names

Answer 94

Source or destination IP address

Question 95

15. Which of the following will prevent firewall filtering from blocking malicious content?
16. Speed of the network
17. User permissions
18. Not being positioned at a choke point
19. Encrypted traffic
20. Cable type

Answer 95

Encrypted traffic

Question 96

16. Which of the following is NOT a valid method for determining whether a source address is spoofed?
17. Compare against a use table
18. Verify the route of reception
19. Check the DHCP logs
20. Check against RFC 1918
21. Perform ingress filtering

Answer 96

Check against RFC 1918

Question 97

17. what form of filtering focuses on source or destination IP address and requires separate rules for inbound and outbound communications?
18. Stateful inspection
19. Static packet filtering
20. Application proxy
21. Circuit proxy
22. Dynamic packet filtering

Answer 97

Static packet filtering

Question 98

18. Dynamic packet filtering is alson known as:
19. Static packet filtering
20. Application proxy
21. Stateful inspection
22. Circuit proxy
23. Deep packet inspection

Answer 98

Stateful inspection

Question 99

19. What method of filtering automatically keeps track of sessions on a limited timeout basis to allow responses to queries to reach internal clients?
20. Deep packet inspection
21. Static packet filtering
22. Application proxy
23. Dynamic packet filtering
24. Circuit proxy

Answer 99

Dynamic packet filtering

Question 100

20. what form of filtering allows communications regardless of content once the session is established?
21. Dynamic packet filtering
22. Circuit proxy
23. Stateful inspection
24. Application proxy
25. Deep packet inspection

Answer 100

Circuit proxy

Question 101

21. What type of firewall requires the presence of a host operating system?
22. Appliance firewall
23. Personal firewall
24. Software firewall
25. Commercial firewall
26. Screening router

Answer 101

Software firewall

Question 102

22.

Answer 102

.

Question 103

23. What activity performed by a triple homed firewall cannot be performed by a dual homed firewall?
24. Filter content
25. Physically isolate
26. Support NAT proxy services
27. Be deployed as an appliance
28. Route traffic from the Internet to either an intranet or DMZ

Answer 103

Route traffic from the Internet to either an intranet or DMZ