Telecommunications and Network Security Flashcards
A VPN can be established over which of the following?
A) Wireless LAN connection
B) Remote access dial-up connection
C) WAN link
D) All of these are correct
All of these are correct
A VPN link can be established over any other network communication connection. This could be a typical LAN cable connection, a wireless LAN connection, a remote access dialup connection, a WAN link, or even an Internet connection used by a client for access to the office LAN.
Which of the following IP addresses is not a private IP address as defined by RFC 1918?
A) 10.0.0.18
B) 169.254.1.119
C) 172.31.8.204
D) 192.168.6.43
169.254.1.119
The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918.
The addresses in RFC 1918 are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255.
Which of the following is not an example of network segmentation?
A) Intranet
B) DMZ
C) Extranet
D) VPN
VPN
A VPN is a secure tunnel used to establish connections across a potentially insecure intermediary network. Intranet, extranet, and DMZ are examples of network segmentation.
Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data?
A) ISDN
B) PVC
C) VPN
D) SVC
PVC
A permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.
A significant benefit of a security control is when it goes unnoticed by users. What is this called?
A) Invisibility
B) Transparency
C) Diversion
D) Hiding in plain sight
Transparency
When transparency is a characteristic of a service, security control, or access mechanism it is unseen by users.
Which of the following is most likely to detect DoS attacks?
A) Host-based IDS
B) Network-based IDS
C) Vulnerability scanner
D) Penetration testing
Network-based IDS
Network-based IDSs are usually able to detect the initiation of an attack or the ongoing attempts to perpetrate an attack (including denial of service, or DoS). They are, however, unable to provide information about whether an attack was successful or which specific systems, user accounts, files, or applications were affected. Host based IDSs have some difficulty with detecting and tracking down DoS attacks. Vulnerability scanners don’t detect DoS attacks; they test for possible vulnerabilities. Penetration testing may cause a DoS or test for DoS vulnerabilities, but it is not a detection tool.
_________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.
A) ISDN
B) Frame Relay
C) SMDS
D) ATM
Frame Relay
Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.
Which of the following is not defined in RFC 1918 as one of the private IP address ranges that are not routed on the Internet?
A) 169.172.0.0-169.191.255.255
B) 192.168.0.0-192.168.255.255
C) 10.0.0.0-10.255.255.255
D) 172.16.0.0-172.31.255.255
169.172.0.0-169.191.255.255
The address range 169.172.0.0-169.191.255.255 is not listed in RFC 1918 as a private IP address range. It is in fact a public IP address range.
Which type of firewall automatically adjusts its filtering rules based on the content of the traffic of existing sessions?
A) Static packet filtering
B) Application-level gateway
C) Stateful inspection
D) Dynamic packet filtering
Dynamic packet filtering
Dynamic packet-filtering firewalls enable the real-time modification of the filtering rules based on traffic content.
By examining the source and destination addresses, the application usage, the source of origin, and the relationship between current packets with the previous packets of the same session, firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
A) Static packet-filtering
B) Application-level gateway
C) Stateful inspection
D) Circuit-level gateway
Stateful inspection
Stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.
Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?
A) Brute-force attacks
B) Denial of service
C) Social engineering
D) Port scanning
Social engineering
Social engineering can often be used to bypass even the most effective physical and logical controls. Whatever activity the attacker convinces the victim to perform, it is usually directed toward opening a back door that the attacker can use to gain access to the network.
________ is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.
A) UDP
B) IDEA
C) IPSec
D) SDLC
IPSec
IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.
What is both a benefit and a potentially harmful implication of multilayer protocols?
A) Throughput
B) Encapsulation
C) Hash integrity checking
D) Logical addressing
Encapsulation
Encapsulation is both a benefit and a potentially harmful implication of multilayer protocols.
Which of the following is not true regarding firewalls?
A) They are able to log traffic information.
B) They are able to block viruses.
C) They are able to issue alarms based on suspected attacks.
D) They are unable to prevent internal attacks.
They are able to block viruses.
Most firewalls offer extensive logging, auditing, and monitoring capabilities as well as alarms and even basic IDS functions. Firewalls are unable to block viruses or malicious code transmitted through otherwise authorized communication channels, prevent unauthorized but accidental or intended disclosure of information by users, prevent attacks by malicious users already behind the firewall, or protect data after it passed out of or into the private network.
What is needed to allow an external client to initiate a communication session with an internal system if the network uses a NAT proxy?
A) IPSec tunnel
B) Static mode NAT
C) Static private IP address
D) Reverse DNS
Static mode NAT
Static mode NAT is needed to allow an outside entity to initiate communications with an internal system behind a NAT proxy.
Which of the following is not a benefit of NAT?
A) Hiding the internal IP addressing scheme
B) Sharing a few public Internet addresses with a large number of internal clients
C) Using the private IP addresses from RFC 1918 on an internal network
D) Filtering network traffic to prevent brute-force attacks
Filtering network traffic to prevent brute-force attacks
NAT does not protect against or prevent brute-force attacks.
In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?
A) Encrypting communications
B) Changing default passwords
C) Using transmission logs
D) Taping and archiving all conversations
Changing default passwords
Changing default passwords on PBX systems provides the most effective increase in security.
Which of the following is not a technology specifically associated with 802.11 wireless networking?
A) WAP
B) WPA
C) WEP
D) 802.11i
WAP
Wireless Application Protocol (WAP) is a technology associated with cell phones accessing the Internet rather than 802.11 wireless networking.