Session 3 Flashcards
What is the role of a first generation or classic firewall?
Choices: A - Data layer 5 analyzation B - Packet filtering C - Application filtering D - Circuit filtering
B - Packet filtering
Which type of firewall works at network layer 7?
Choices: A - Classic B - Packet C - Application-level D - Circuit
C - Application-level
A software firewall has a reduced attack surface due to its included operating system.
A - True
B - False
B - False
Which are hardware-based firewall traits? Choose two answers.
Choices: A - Take up CPU space B - No competition for resources C - Have their own operating system D - Not dedicated
B - No competition for resources
C - Have their own operating system
A stateless inspection inspects data based on which items? Choose three answers.
Choices: A - Destination and source IP addresses B - Port numbers C - Protocol addresses D - Return traffic E - Packet types
A - Destination and source IP addresses
B - Port numbers
E - Packet types
A/The __________ is a collection of settings that are used to provide a positive security impact.
Choices: A - security baseline B - Microsoft baseline C - Security Compliance Manager D - surveillance manager
A - security baseline
Which best defines defense in depth?
Choices:
A - Providing multiple layers of security to protect assets
B - The last line of defense in protecting assets
C - A network security infrastructure
D - Defensive layers
A - Providing multiple layers of security to protect assets
A(n) ________ is a logical network managed on a physical switch.
Choices: A - LAN B - VLAN C - IPRNET D - ARCHNET
B - VLAN
A router uses which item to determine where packets are sent?
Choices: A - Delay-tolerant network B - Event handler C - Presentation layer D - Routing table
D - Routing table
Which are traits of software routers? Choose two answers.
Choices:
A - Better scaling than hardware routers
B - Worse scaling than hardware routers
C - Support the same number of protocols as hardware routers
D - Do not support the same number of protocols as hardware routers
B - Worse scaling than hardware routers
D - Do not support the same number of protocols as hardware routers
Which type of route allows the users to control exactly where traffic goes?
Choices: A - Static B - Dynamic C - Custom D - IP
A - Static
Which best defines a honeypot?
Choices:
A - A system set up to wait for an IDS
B - A system designed to trap attackers
C - A collection of systems designed to trap attackers
D - An area of a network that is easily hackable
C - A collection of systems designed to trap attackers
Which item is a collection of honeypots on a network?
Choices: A - Honeynet B - Honey group C - Honey party D - Honeycluster
A - Honeynet
The perimeter network is commonly placed where on a network?
Choices:
A - Between the internal network and VPN
B - In the DMZ
C - Between the internal network and a VLAN
D - Between the internal network and a public network
D - Between the internal network and a public network
Which is a difference between a sandwich DMZ and a single firewall DMZ?
Choices:
A - A sandwich DMZ has firewalls both inside and outside the perimeter network
B - A single firewall DMZ has firewalls both inside and outside the perimeter network
C - A sandwich DMZ is more useful
D - A single firewall DMZ is more secure
A - A sandwich DMZ has firewalls both inside and outside the perimeter network
NAT saves on the use of public __________ addresses.
Choices: A - IPv5 B - IPv6 C - IPv4 D - IPv2
C - IPv4
Which best defines a dynamic NAT?
Choices:
A - A private network device which gets a public IP address from a pool of available public IP addresses
B - A public network device which gets a public IP address from a pool of available public IP addresses
C - A private network device which gets a private IP address from a pool of available public IP addresses
D - A public network device which gets a private IP address from a pool of available public IP addresses
A - A private network device which gets a public IP address from a pool of available public IP addresses
Which are the two IPsec modes?
Choices: A - Transport mode B - Swarm mode C - Phase-shift mode D - Tunnel mode
A - Transport mode
D - Tunnel mode
Which two items should be placed on separate subnets?
Choices: A - Mobile nodes B - Servers C - Netmasks D- Test Machines
B - Servers
D- Test Machines
Which type of protocol spoofing steals IP addresses, which forces traffic to the attacking machine?
Choices: A - DNS B - IP address C - DoS D - ARP
D - ARP
Which type of protocol spoofing redirects a web request to an incorrect website?
Choices: A - DNS B - TCP C - DoS D - ACL
A - DNS
Which IPsec protocol provides confidentiality, integrity, and availability for just the data in an IP payload?
Choices: A - VPN B - IKE C - ESP D - AH
C - ESP
Encryption does not take place in which IPsec protocol?
Choices: A - VPN B - ACP C - ADP D - AH
D - AH
Tunneling is used to securely transmit data over part of a(n) __________ connection.
Choices: A - SSH B - VPN C - SSL D - GRE
B - VPN
Which item helps avoid redirection to a malicious website?
Choices: A - DNS B - DOS C - DNSSEC D - GRE
C - DNSSEC
A network sniffing tool is used to capture the source and destination of __________.
Choices: A - data packets B - IP addresses C - DNS packets D - MAC addresses
A - data packets
A DoS network attack disrupts a network to the point where it can no longer function.
A - True
B - False
A - True
Which common attack method injects a fraudulent destination for an IP address?
Choices: A - Replay attack B - DNS poisoning C - SQL injection attack D - Cross-site scripting
B - DNS poisoning
Which type of attack method is used to intercept data while it is being transferred?
Choices: A - Back door attack B - Replay attack C - Email bombing D - Man-in-the middle
D - Man-in-the middle
__________ is an attack method that inserts script that can bypass a web browser’s security mechanism.
Choices: A - SQL injection B - Cross-site scripting C - Remote code scripting D - Password cracking
B - Cross-site scripting
