Indicate whether the statement is true or false.

Similar documents
BOR3307: Intro to Cybersecurity

Why Firewalls? Firewall Characteristics

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Computer Security and Privacy

CSC Network Security

Chapter 8 roadmap. Network Security

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

Network Security and Cryptography. 2 September Marking Scheme

CyberP3i Course Module Series

Firewalls can be categorized by processing mode, development era, or structure.

Network Security. Thierry Sans

Internet Security Firewalls

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Fundamentals of Network Security v1.1 Scope and Sequence

CSE 565 Computer Security Fall 2018

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Internet Security: Firewall

Chapter 9. Firewalls

Intranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

10 Defense Mechanisms

CSC 4900 Computer Networks: Security Protocols (2)

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Broadcast Infrastructure Cybersecurity - Part 2

COMPUTER NETWORK SECURITY

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

CTS2134 Introduction to Networking. Module 08: Network Security

ASA Access Control. Section 3

Implementing Firewall Technologies

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Advanced Security and Mobile Networks

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

Unit 4: Firewalls (I)

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Radius, LDAP, Radius used in Authenticating Users

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

HikCentral V.1.1.x for Windows Hardening Guide

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Cisco IOS Firewall Authentication Proxy

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

ASA/PIX Security Appliance

Network+ Guide to Networks 5 th Edition. Network Security

HikCentral V1.3 for Windows Hardening Guide

Radius, LDAP, Radius, Kerberos used in Authenticating Users

Sample excerpt. Virtual Private Networks. Contents

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

Configuring L2TP over IPsec

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Network Security and Cryptography. December Sample Exam Marking Scheme

Firewalls, Tunnels, and Network Intrusion Detection

Computer Network Vulnerabilities

CSC 474/574 Information Systems Security

Introduction. The Safe-T Solution

Configuring a Zone-Based Firewall on the Cisco ISA500 Security Appliance

Configuring Commonly Used IP ACLs

ipro-04n Security Configuration Guide

Application Firewalls

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Network Protocols. Security. TDC375 Autuman 03/04 John Kristoff - DePaul University 1

Advanced Security and Forensic Computing

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Configuring Authentication Proxy

Configuring IP Session Filtering (Reflexive Access Lists)

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

IT Exam Training online / Bootcamp

Information Systems Security

CHAPTER 8 FIREWALLS. Firewall Design Principles

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

SecBlade Firewall Cards NAT Configuration Examples

SE 4C03 Winter 2005 Network Firewalls

H

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Network Interconnection

Stateless Firewall Implementation

Exam Questions SY0-401

Introduction to Security

Simple and Powerful Security for PCI DSS

Network Security: Firewall, VPN, IDS/IPS, SIEM

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

HP Instant Support Enterprise Edition (ISEE) Security overview

Understanding Cisco Cybersecurity Fundamentals

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Choosing The Best Firewall Gerhard Cronje April 10, 2001

Configuring Authentication Proxy

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Network+ Guide to Networks 6th Edition. Network Security

Network Defenses 21 JANUARY KAMI VANIEA 1

CISCO EXAM QUESTIONS & ANSWERS

Sirindhorn International Institute of Technology Thammasat University

Configuring Authentication Proxy

Cisco Secure PIX Firewall Advanced (CSPFA)

DMZ Networks Virtual Private Networks Distributed Firewalls Summary of Firewall Locations and Topologies

Transcription:

Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2. A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network. 3. Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall s database. 4. Using an application firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ. 5. Authentication is the process of validating a supplicant s purported identity. 6. Some firewalls can filter packets by protocol name. 7. Syntax errors in firewall policies are usually extremely difficult to identify. 8. The application layer firewall is firewall type capable of performing filtering at the application layer of the OSI model, most commonly based on the type of service. 9. Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules. 10. It is important that e-mail traffic reach your e-mail server and only your e-mail server.

11. Internet connections via dial-up lines are regaining popularity due to recent technological developments. 12. The DMZ can be a dedicated port on the firewall device linking a single bastion host. 13. A firewall cannot be deployed as a separate network containing a number of supporting devices. 14. Circuit-level gateways usually look at data traffic flowing between networks rather than preventing direct connections between networks. 15. Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. 16. Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. 17. Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. 18. When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. 19. Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services. 20. The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers.

21. All organizations with a router at the boundary between the organization s internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets. 22. A VPN, used properly, allows a user to use the Internet as if it were a private network. 23. Firewalls can be categorized by processing mode, development era, or structure. 24. The RADIUS system decentralizes the responsibility for authenticating each user, by validating the user's credentials on the NAS server. 25. Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients. 26. Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. 27. Good firewall rules include requiring that all data that is not verifiably authentic should be denied. 28. A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations. 29. Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

30. The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure as the general public networks but more secure than the internal network. Indicate the answer choice that best completes the statement or answers the question. 31. In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n). a. VPN b. ECMA c. ticket d. PAC 32. The is an intermediate area between a trusted network and an untrusted network. a. perimeter b. DMZ c. domain d. firewall 33. Telnet protocol packets usually go to TCP port whereas SMTP packets go to port. a. 23, 52 b. 80, 52 c. 80, 25 d. 23, 25 34. The service within Kerberos that generates and issues session keys is known as. a. VPN b. KDC c. AS d. TGS 35. Which of the following is not a major processing-mode category for firewalls? a. Packet-Filtering Firewalls b. Application Gateways c. Circuit Gateways d. Router Passthru 36. The dominant architecture used to secure network access today is the firewall. a. static b. bastion c. unlimited d. screened subnet 37. In most common implementation models, the content filter has two components:. a. encryption and decryption b. filtering and encoding c. rating and decryption d. rating and filtering 38. firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. a. MAC layer b. Circuit gateway c. Application gateways d. Packet filtering 39. Kerberos provides tickets to clients who request services. a. KDS b. TGS c. AS d. VPN

40. filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. a. Dynamic b. Static c. Stateful d. Stateless 41. access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. a. lattice-based, discretionary b. arbor-based, nondiscretionary c. arbor-based, discretionary d. lattice-based, nondiscretionary 42. and TACACS are systems that authenticate the credentials of users who are trying to access an organization s network via a dial-up connection. a. RADIUS b. RADIAL c. TUNMAN d. IPSEC 43. firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. a. Packet-filtering b. Application gateways c. Circuit gateways d. MAC layer firewalls 44. Which of the following version of TACACS is still in use? a. TACACS b. Extended TACACS c. TACACS+ d. All of the above 45. is the protocol for handling TCP traffic through a proxy server. a. SOCKS b. HTTPS c. FTP d. Telnet 46. Known as the ping service, ICMP is a(n) and should be. a. essential feature, turned on to save money b. common method for hacker reconnaissance, turned off to prevent snooping c. infrequently used hacker tool, turned off to prevent snooping d. common method for hacker reconnaissance, turned on to save money 47. A(n) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. a. SVPN b. VPN c. SESAME d. KERBES 48. In mode, the data within an IP packet is encrypted, but the header information is not. a. tunnel b. transport c. public d. symmetric 49. The application gateway is also known as a(n). a. application-level firewall b. client firewall c. proxy firewall d. All of the above

50. A filtering firewall can react to an emergent event and update or create rules to deal with the event. a. dynamic b. static c. stateful d. stateless 51. Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the host. a. trusted b. domain c. DMZ d. sacrificial 52. The restrictions most commonly implemented in packet-filtering firewalls are based on. a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of the above 53. The primary benefit of a VPN that uses is that an intercepted packet reveals nothing about the true destination system. a. intermediate mode b. tunnel mode c. reversion mode d. transport mode 54. inspection firewalls keep track of each network connection between internal and external systems. a. Static b. Dynamic c. Stateful d. Stateless 55. The proxy server is often placed in an unsecured area of the network or is placed in the zone. a. fully trusted b. hot c. demilitarized d. cold

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback