Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Firewalls and Network Security > Quiz 13 > Flashcards

Quiz 13 Flashcards

1
Q

Which feature can be configured to block sessions that the firewall cannot decrypt?

Select one:

a. Decryption profile in security profile

b. Decryption profile in decryption policy

c. Decryption profile in security policy

d. Decryption profile in PBF

A

Decryption profile in decryption policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is default setting for “Action” in a decryption policy rule?

Select one:

a. None

b. No-decrypt

c. Decrypt

d. Any

A

None

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of Next Generation Firewall decryption inspects SSL traffic between an internal host and an external web server?

Select one:

a. SSH

b. SSL Inbound Inspection

c. SSL Outbound Inspection

d. SSL Forward Proxy

A

SSL Forward Proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When SSL encrypted traffic first arrives at the Next Generation Firewall, which technology initially identifies the application as web-browsing?

Select one:

a. User-ID

b. Encryption-ID

c. Content-ID

d. App-ID

A

App-ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which type of Next Generation Firewall decryption inspects SSL traffic coming from external users to internal servers?

Select one:

a. SSL Inbound Inspection

b. SSL Forward Proxy

c. SSH

d. SSL Outbound Inspection

A

SSL Inbound Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False. In the Next Generation Firewall, even if the Decryption policy rule action is “no-decrypt,” the Decryption Profile attached to the rule can still be configured to block sessions with expired or untrusted certificates.

Select one:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which two types of activities does SSL/TLS decryption on the firewall help to block?

Choose the 2 correct choices.

If you choose an incorrect choice your question score will be deducted

Select one or more:

a.
sensitive data exfiltration

b.
malware introduction

c.
protocol-based attacks

d.
denial-or-service attacks

A

sensitive data exfiltration

malware introduction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or false? If OCSP and CRL are configured on a firewall, CRL is consulted first.

Select one:
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of firewall decryption requires the administrator to import a server certificate and a private key into the firewall?

Select one:

a.
SSH Decryption

b.
SSL Inbound Inspection Decryption

c.
SSL Forward Proxy Decryption

d.
SSH Tunnel Decryption

A

SSL Inbound Inspection Decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or false? The SSL forward untrusted certificate should not be trusted by the client but should still be a CA certificate.

Select one:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or false? The firewall still can check for expired or untrusted certificates even if the SSL traffic is not being decrypted.

Select one:
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Firewalls and Network Security (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions