Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BYU-i CIT270 2021 > Module 9 > Flashcards

Module 9 Flashcards

1
Q

What is a virtual firewall?

  • A firewall that runs in an endpoint virtual machine
  • A firewall that blocks only incoming traffic
  • A firewall appliance that runs on a LAN
  • A firewall that runs in the cloud
A

-A firewall that runs in the cloud
Correct. A virtual firewall is one that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is NOT correct about L2TP?

  • It does not offer encryption.
  • It is used as a VPN protocol.
  • It is paired with IPSec.
  • It must be used on HTML5 compliant devices.
A

-It must be used on HTML5 compliant devices.
Correct. L2TP does not have to be used in conjunction with HTML5.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?

  • Stateful packet filtering
  • Proxy firewall
  • Connection-aware firewall
  • Packet filtering firewall
A

-Stateful packet filtering
Stateful packet filtering uses both the firewall rules and the state of the connection: that is, whether the internal device requested each packet. A stateful packet filtering firewall keeps a record of the state of a connection between an internal endpoint and an external device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of monitoring methodology looks for statistical deviations from a baseline?

  • Heuristic monitoring
  • Behavioral monitoring
  • Anomaly monitoring
  • Signature-based monitoring
A

Anomaly monitoring is designed for detecting statistical anomalies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?

  • IP denier
  • MAC pit
  • DDoS Prevention System (DPS)
  • DNS sinkhole
A

-DNS sinkhole
A DNS sinkhole changes a normal DNS request to a pre-configured IP address that points to a firewall that has a rule of Deny set for all packets so that every packet is dropped with no return information provided to the sender. DNS sinkholes are commonly used to counteract DDoS attacks. Many enterprises contract with a DDoS mitigation service that helps identify DDoS traffic so that it is sent to a sinkhole while allowing legitimate traffic to reach its destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following best describes east-west traffic?

  • Movement of data from an unsecured endpoint to a server outside a data center
  • Movement of data from a router to an enterprise switch
  • Movement of data from one unsecured endpoint to another
  • Movement of data from one server to another within a data center
A

-Movement of data from one server to another within a data center
East-west traffic refers to the movement of data from one server to another within a data center.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which technology allows scattered users to be logically grouped even when they are connected to different physical switches?

  • WAN
  • VLAN
  • LAN
  • VPN
A

-VLAN
Virtual local area networks (VLAN) can logically group devices connected to different switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following best describes a host-based firewall?

  • A host-based firewall is a hardware firewall that protects a single endpoint device.
  • A host-based firewall is a hardware firewall that protects multiple endpoint devices.
  • A host-based firewall is a software firewall that protects multiple endpoint devices.
  • A host-based firewall is a software firewall that protects a single endpoint device.
A

-A host-based firewall is a software firewall that protects a single endpoint device.
A host-based firewall is a software-based firewall and can protect only the installed device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sansa is a network security administrator at an enterprise. She is asked to take appropriate steps to defend against a MAC address spoofing attack in the enterprise network. Which of the following methods should Sansa apply?

  • Configure the switch so that only one port can be assigned per MAC address
  • Increase the capacity of CAM to allow for an increased volume of MAC addresses
  • Close all unused ports in the switch so that old MAC addresses are not allowed
  • Configure the switch so that no changes can be done once a port is assigned to a MAC address
A

Configure the switch so that only one port can be assigned per MAC address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In an interview, Max was asked to tell one difference between a software firewall and a virtual firewall. How should Max answer?

  • Virtual firewalls are cost-free, whereas software firewalls are paid services.
  • Software firewalls can protect all the endpoints in a network, whereas virtual firewalls can protect only one device.
  • Virtual firewalls are used on almost all devices, whereas software firewalls are mostly used by enterprises.
  • Software firewalls are locally installed on a device, whereas virtual firewalls run in the cloud.
A

Software firewalls are locally installed on a device, whereas virtual firewalls are hosted on the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In an interview, you are asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose?

  • Switches can transfer packets when VLAN members on one switch need to communicate with members connected to another switch.
  • Workgroup switches reside at the top of the hierarchy and carry traffic between switches.
  • Load balancers can detect and stop protocol attacks directed at a server or application.
  • Zero trust is designed to make a system trusted.
A

-Load balancers can detect and stop protocol attacks directed at a server or

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

As a cybersecurity expert, you are asked to take adequate measures to mitigate DDoS attacks on your enterprise servers. Which of the following techniques should you apply?

  • You should set up a DNS sinkhole.
  • You should set up a virtual private network.
  • You should set up a proxy server.
  • You should set up a host-based firewall.
A

-You should set up a DNS sinkhole.

When a Distributed denial of service (DDoS) attack is sensed in a network, the traffic is redirected to a DNS sinkhole that will never give the command-and-control server any response, as the packets will be dropped when they reach the DNS sinkhole.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An employee at your enterprise is caught violating company policies by transferring confidential data to his private email. As a security admin, you are asked to prevent this from happening in the future. Which of the following actions should you perform?

  • You should set up a DLP.
  • You should set up an ACL.
  • You should set up a NAC.
  • You should set up a VPN.
A

-You should set up a DLP.

Data loss prevention (DLP) continuously monitors confidential data, and if any suspicious activity is detected, it immediately generates an alert.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a network set up with intentional vulnerabilities?

  • Virtual private network
  • Honeypot
  • Honeynet
  • Sinkhole
A

-Honeynet

Correct. A honeynet refers to a network of honeypot’s made with intentional vulnerabilities to attract attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following outlines the process of a proxy server?

  • User - forward proxy - user - reverse proxy - Internet
  • User - internet - reverse proxy - forward proxy - user
  • User - forward proxy - Internet - reverse proxy - user
  • User - reverse proxy - Internet - forward proxy - user
A

-User - forward proxy - Internet - reverse proxy - user

The traffic from the user is first intercepted by the forward proxy. The forward proxy then connects to the internet, and the data is sent to the reverse proxy. The reverse proxy then sends the data to the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which statement regarding a demilitarized zone (DMZ) is NOT true?

  • It typically includes an email or web server.
  • It provides an extra degree of security.
  • It can be configured to have one or two firewalls.
  • It contains servers that are used only by internal network users.
A

-It contains servers that are used only by internal network users.

It contains servers that are used only by external and not internal network users.

17
Q

Which of the following contains honeyfiles and fake telemetry?

  • Honeypotnet
  • Attacker-interaction honeypot
  • High-interaction honeypot
  • Honeyserver
A

-High-interaction honeypot

A high-interaction honeypot is designed for capturing much more information from the threat actor. Usually, it is configured with a default login and loaded with software, data files that appear to be authentic but are actually imitations of real data files (honeyfiles), and fake telemetry.

18
Q

How does BPDU guard provide protection?

  • It sends BPDU updates to all routers.
  • All firewalls are configured to let BPDUs pass to the external network.
  • BPDUs are encrypted so that attackers cannot see their contents.
  • It detects when a BPDU is received from an endpoint.
A

-It detects when a BPDU is received from an endpoint.

19
Q

After encountering a network attack in your enterprise network, the chief network security engineer assigned you a project. The project was to create a vulnerable network that is similar to your enterprise network and entices the threat actor to repeat the attack. This is to analyze the behavior and techniques the attacker is using to ensure better defenses to your enterprise network in the future. Which of the following appliances should you use?

  • You should use a proxy server.
  • You should use a honeypot.
  • You should set up behavioral IDS monitoring.
  • You should set up network access control.
A

-You should use a honeypot.

A honeypot can be used to mimic the original network and discover and analyze attack patterns.

20
Q

Which of the following best describes an extranet?

  • Additional network bandwidth being allocated
  • Private network only accessed by an authorized party
  • Public network accessed by proper authorization
  • Private network accessed by the public
A

-Private network only accessed by an authorized party

An extranet is a private network that can only be accessed by an authorized party.

21
Q

How do NACs ensure that a device is safe to connect to a secure network?

  • The NAC moves suspicious data on an unknown device onto an external storage device.
  • The NAC encrypts all of the data on an unknown device before connecting it to the secured network.
  • The NAC ensures the safety of the device by deleting all suspicious files.
  • The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.
A

-The NAC issues a health certificate, only allowing healthy devices to connect to the secured network.

A network access control (NAC) issues a health certificate after analyzing the device, and the device can connect to the secure network only if it has good health.

22
Q

Which protocol is used to prevent looping in a switch?

  • STP
  • SSTP
  • SMTP
  • SSL
A

-STP

Spanning-tree protocol (STP) helps prevent looping in the switch by finding the right path.

23
Q

Which of the following is a deception instrument?

  • Sinkhole
  • Reverse proxy
  • Forward proxy
  • WAF
A

-Sinkhole

A sinkhole is a deception instrument used to attract attackers by intentionally creating vulnerable devices.

24
Q

What is a jump box used for?

  • Bypassing a firewall by generating a log entry
  • Switching from a public IP to a private IP
  • Restricting access to a demilitarized zone
  • Deceiving threat actors by intentionally creating vulnerable devices
A

-Restricting access to a demilitarized zone

A jump box is used to restrict access to a demilitarized zone (DMZ) by enforcing strict standards so that only authorized admins can access it.

25
Q

Which of the following best describes DLP?

  • DLP is a protocol used to transfer data within switches.
  • DLP is a VPN protocol.
  • DLP is used to control access to digital assets.
  • DLP is used to prevent leakage of confidential data.
A

-DLP is used to prevent leakage of confidential data.

DLP is used to prevent the leakage of confidential data.

26
Q

The head of cybersecurity at your enterprise has asked you to set up an IDS that can create the baseline of all system activities and raise an alarm whenever any abnormal activities take place, without waiting to check the underlying cause. Which of the following actions should you take?

  • You should set up an IDS with anomaly-based monitoring methodology.
  • You should set up an IDS with heuristic monitoring methodology.
  • You should set up an IDS with signature-based monitoring methodology.
  • You should set up an IDS with behavior-based monitoring methodology.
A

You should set up an IDS with anomaly-based monitoring methodology.

Anomaly-based monitoring creates a baseline, and whenever a slight deviation occurs in the activity, an alarm is raised.

27
Q

Which firewall rule action implicitly denies all other traffic unless explicitly allowed?

a. Force Allow
b. Force Deny
c. Bypass
d. Allow

A

d. Correct. Allow implicitly denies all other traffic unless explicitly allowed

28
Q

Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?

a. Stateful packet filtering
b. Connection-aware firewall
c. Proxy firewall
d. Packet filtering firewall

A

Correct. Stateful packet filtering uses both the firewall rules and the state of the connection: that is, whether the internal device requested each packet. A stateful packet filtering firewall keeps a record of the state of a connection between an internal endpoint and an external device.

29
Q

Which of these appliances provides the broadest protection by combining several security functions?

a. NAT
b. WAF
c. UTM
d. NGFW

A

c. Correct. Unified threat management (UTM) is a device that combines several security functions. These include packet filtering, antispam, antiphishing, antispyware, encryption, intrusion protection, and web filtering.

30
Q

Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?

a. DDoS Prevention System (DPS)
b. DNS sinkhole
c. MAC pit
d. IP denier

A

b. Correct. A DNS sinkhole changes a normal DNS request to a pre-configured IP address that points to a firewall that has a rule of Deny set for all packets so that every packet is dropped with no return information provided to the sender. DNS sinkholes are commonly used to counteract DDoS attacks. Many enterprises contract with a DDoS mitigation service that helps identify DDoS traffic so that it is sent to a sinkhole while allowing legitimate traffic to reach its destination.

31
Q

Which statement regarding a demilitarized zone (DMZ) is NOT true?

a. It can be configured to have one or two firewalls.
b. It typically includes an email or web server.
c. It provides an extra degree of security.
d. It contains servers that are used only by internal network users.

A

d. Correct. It contains servers that are used only by external and not internal network users

32
Q

Which of these is NOT used in scheduling a load balancer?

a. The IP address of the destination packet
b. Data within the application message itself
c. Round-robin
d. Affinity

A

b. Data within the application message itself

A load balancer does not consider the contents of the payload in scheduling.

33
Q
  1. Which device intercepts internal user requests and then processes those requests on behalf of the users?
    a. Forward proxy server
    b. Reverse proxy server
    c. Host detection server
    d. Intrusion prevention device
A

a. Correct. A forward proxy is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user

34
Q

Which of the following is not a basic configuration management tool?

a. Baseline configuration
b. Standard naming convention
c. Diagrams
d. MAC address schema

A

d. Correct. An Internet Protocol schema (not a MAC address schema) is a standard guide for assigning IP addresses to devices. This makes it easier to set up and troubleshoot devices and helps to eliminate overlapping or duplicate subnets and IP address device assignments, avoid unnecessary complexity, and not waste IP address space.

35
Q

Which of the following is NOT a NAC option when it detects a vulnerable endpoint?

a. Deny access to the network.
b. Give restricted access to the network.
c. Update Active Directory to indicate the device is vulnerable.
d. Connect to a quarantine network.

A

c. Correct. NAC does not update Active Directory.

36
Q

How does a Bridge Protocol Data Unit (BPDU) guard provide protection?

a. It detects when a BPDU is received from an endpoint.
b. It sends BPDU updates to all routers.
c. BPDUs are encrypted so that attackers cannot see their contents.
d. All firewalls are configured to let BPDUs pass to the external network

A

a. Correct. This statement is accurate.

BYU-i CIT270 2021 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions