Midterm review Chapters 1-5

Beschreibung

Information Technology Quiz am Midterm review Chapters 1-5, erstellt von Mary Sunseri am 03/03/2018.
Mary Sunseri
Quiz von Mary Sunseri, aktualisiert more than 1 year ago
Mary Sunseri
Erstellt von Mary Sunseri vor mehr als 6 Jahre
232
1

Zusammenfassung der Ressource

Frage 1

Frage
Which of the following is the best definition for war-driving?
Antworten
  • Driving and seeking rival hackers
  • Driving while hacking and seeking a computer job
  • Driving looking for wireless networks to hack
  • Driving while using a wireless connection to hack

Frage 2

Frage
In addition to mandating federal agencies to establish security measures, the Computer Security Act of 1987 defined important terms such as:
Antworten
  • security information
  • private information
  • unauthorized access
  • sensitive information

Frage 3

Frage
What are the three approaches to security?
Antworten
  • High security, medium security, and low security
  • Perimeter, layered, and hybrid
  • Internal, external, and hybrid
  • Perimeter, complete, and none

Frage 4

Frage
An attack characterized by an explicit attempt by attackers to prevent legitimate users from accessing a system is called:
Antworten
  • war-dialing
  • spoofing
  • denial of service
  • social engineering

Frage 5

Frage
The first computer incident response team is affiliated with what university?
Antworten
  • Harvard University
  • Princeton
  • Carnegie-Mellon University
  • Yale

Frage 6

Frage
The process of reviewing logs, records, and procedures to determine whether they meet appropriate standards is called:
Antworten
  • auditing
  • filtering
  • authenticating
  • sneaking

Frage 7

Frage
Which of the following best defines the primary difference between a sneaker and an auditor?
Antworten
  • There is no difference
  • The sneaker tends to be less skilled
  • The sneaker tends to use more unconventional methods
  • The auditor tends to be less skilled

Frage 8

Frage
Which of the following types of privacy laws affect computer security?
Antworten
  • Any privacy law applicable to your organization
  • Any privacy law
  • Any federal privacy law
  • Any state privacy law

Frage 9

Frage
An intrusion-detection system is an example of:
Antworten
  • Proactive security
  • Perimeter security
  • Good security practices
  • Hybrid security

Frage 10

Frage
Which of the following is the best definition of “sensitive information”?
Antworten
  • Any information that is worth more than $1,000
  • Any information that has monetary value and is protected by any privacy laws
  • Any information that, if accessed by unauthorized personnel, could damage your organization in any way
  • Military or defense related information

Frage 11

Frage
Which of the following maintains a repository for information on virus outbreaks and detailed information about specific viruses?
Antworten
  • F-Secure Corporation
  • CERT
  • SANS Institute
  • Microsoft Security Advisor

Frage 12

Frage
Which is a technique used to provide false information about data packets?
Antworten
  • Phreaking
  • Social engineering
  • Hacking
  • Spoofing

Frage 13

Frage
What is the term for hacking a phone system?
Antworten
  • phreaking
  • Cracking
  • Hacking
  • Telco-hacking

Frage 14

Frage
Which is NOT one of the three broad classes of security threats?
Antworten
  • Preventing or blocking access to a system
  • Gaining unauthorized access into a system
  • Malicious software
  • Disclosing contents of private networks

Frage 15

Frage
Are there any reasons not to take an extreme view of security, if that view errs on the side of caution?
Antworten
  • No, there is no reason not to take such an extreme view.
  • Yes, if you are going to err, assume there are few if any realistic threats.
  • Yes, that can lead to wasting resources on threats that are not likely.
  • Yes, that can require that you increase your security skills in order to implement more rigorous defenses.

Frage 16

Frage
A text file that is downloaded to a computer by a Web site to provide information about the Web site and online access is called a:
Antworten
  • cookie
  • Trojan horse
  • script kiddy
  • key logger

Frage 17

Frage
Which of the following is the most basic security activity?
Antworten
  • Installing a firewall
  • Controlling access to resources
  • Authenticating users
  • Using a virus scanner

Frage 18

Frage
Which of the following is NOT a connectivity device used to connect machines on a network?
Antworten
  • Network interface card
  • Hub
  • Proxy server
  • Switch

Frage 19

Frage
The process of determining whether the credentials given by a user are authorized to access a particular network resource is called:
Antworten
  • auditing
  • accessing
  • authorization
  • authentication

Frage 20

Frage
Which approach to security is proactive in addressing potential threats before they occur?
Antworten
  • Layered security approach
  • Passive security approach
  • Dynamic security approach
  • Hybrid security approach

Frage 21

Frage
Those who exploit systems for harm such as to erase files, change data, or deface Web sites are typically called:
Antworten
  • gray hat hackers
  • black hat hackers
  • white hat hackers
  • red hat hackers

Frage 22

Frage
Encryption and virtual private networks are techniques used to secure which of the following?
Antworten
  • Connection points
  • Data
  • Firewalls
  • Proxy servers

Frage 23

Frage
Which of the following is the best definition for the term sneaker?
Antworten
  • An amateur hacker
  • A person who hacks a system to test its vulnerabilities
  • A person who hacks a system by faking a legitimate password
  • An amateur who hacks a system without being caught

Frage 24

Frage
Which of the following is not one of the three major classes of threats?
Antworten
  • Online auction fraud
  • Denial of Service attacks
  • A computer virus or worm
  • Actually intruding on a system

Frage 25

Frage
Which is NOT one of the three broad classes of security threats?
Antworten
  • Disclosing contents of private networks
  • Malicious software
  • Preventing or blocking access to a system
  • Gaining unauthorized access into a system

Frage 26

Frage
What is a computer virus?
Antworten
  • Any program that can change your Windows registry.
  • Any program that self replicates
  • Any program that causes harm to your system
  • Any program that is downloaded to your system without your permission

Frage 27

Frage
When assessing threats to a system, what three factors should you consider?
Antworten
  • How much traffic the system gets, the security budget, and the skill level of the security team
  • The system’s attractiveness, the information contained on the system, and how much traffic the system gets
  • The skill level of the security team, the system’s attractiveness, and how much traffic the system gets
  • The system’s attractiveness, the information contained on the system, and the security budget

Frage 28

Frage
Which of the following would most likely be classified as misuses of systems?
Antworten
  • Using your business computer to conduct your own (non-company) business
  • Getting an occasional personal email
  • Looking up information on a competitor using the Web
  • Shopping on the web during lunch

Frage 29

Frage
What is a technique used to determine if someone is trying to falsely deny that they performed a particular action?
Antworten
  • Non-repudiation
  • Access Control Authorization
  • Audiiting
  • Sneaking

Frage 30

Frage
Which approach to security addresses both the system perimeter and individual systems within the network?
Antworten
  • Perimeter security approach
  • Layered security approach
  • Hybrid aecurity approach
  • Dynamic security approach

Frage 31

Frage
Which of the following gives the best definition of spyware?
Antworten
  • Any software that monitors which Web sites you visit
  • Any software or hardware that monitors your system
  • Any software that logs keystrokes
  • Any software used to gather intelligence

Frage 32

Frage
Which of the following is the best definition for non-repudiation?
Antworten
  • It is another term for user authentication
  • Processes that verify which user performs what action
  • Security that does not allow the potential intruder to deny his attack
  • Access control

Frage 33

Frage
Blocking attacks seek to accomplish what?
Antworten
  • Prevent legitimate users from accessing a system
  • Breaking into a target system
  • Shut down security measures
  • Install a virus on the target machine

Frage 34

Frage
Which term is generally used by hackers to refer to attempts at intrusion into a system without permission and usually for malevolent purposes?
Antworten
  • Social engineering
  • Blocking
  • Hacking
  • Cracking

Frage 35

Frage
The most desirable approach to security is one which is:
Antworten
  • Layered and dynamic
  • Perimeter and static
  • Layered and static
  • Perimeter and dynamic

Frage 36

Frage
Which of the following activities do security professionals recommend to limit the chances of becoming a target for a Trojan horse?
Antworten
  • Prevent employees from downloading and installing any programs
  • Download and install Windows updates and patches monthly
  • Only open e-mail attachments from friends or co-workers
  • Only download jokes, animated Flash files, or utility programs from popular sites

Frage 37

Frage
Which method of defense against a SYN flood involves altering the response timeout?
Antworten
  • Micro blocks
  • SYN cookies
  • RST cookies
  • Stack tweaking

Frage 38

Frage
Which created a buffer overflow attack against a Windows flaw called the DCOM RPC vulnerability?
Antworten
  • Blaster
  • MyDoom
  • SoBig
  • Slammer

Frage 39

Frage
What do many analysts believe was the reason for the MyDoom virus/worm?
Antworten
  • A DoS attack against Microsoft.com
  • A DoS attack targeting Microsoft Windows IIS servers
  • An e-mail attack targeting Bill Gates
  • A DDoS attack targeting Santa Cruz Operations

Frage 40

Frage
Which is NOT true about a buffer overflow attack?
Antworten
  • Susceptibility to a buffer overflow is entirely contingent on software flaws.
  • A hacker does not need a good working knowledge of some programming language to create a buffer overflow.
  • A buffer overflow can load malicious data into memory and run it on a target machine.
  • A careful programmer will write applications so the buffer will truncate or reject data that exceeds the buffer length.

Frage 41

Frage
What is the name for a DoS defense that is dependent on sending back a hash code to the client?
Antworten
  • Server reflection
  • RST cookie
  • Stack tweaking
  • SYN cookie

Frage 42

Frage
What is the best way to defend against a buffer overflow?
Antworten
  • Stopping all ICMP traffic
  • Using a robust firewall
  • Keeping all software patched and updated
  • Blocking TCP packets at the router

Frage 43

Frage
The spread of viruses can be minimized by all of the following EXCEPT:
Antworten
  • using a code word with friends to determine if attachments are legitimate
  • using a virus scanner
  • immediately following instructions in security alerts e-mailed to you from Microsoft
  • never opening attachments you are unsure of

Frage 44

Frage
Which of the following is NOT a denial of service attack?
Antworten
  • Ping of Death
  • SYN flood
  • Smurf attack
  • Stack tweaking

Frage 45

Frage
Which of the following is the best definition for IP spoofing?
Antworten
  • Sending packets that are misconfigured
  • Sending a packet that appears to come from a trusted IP
  • Setting up a fake Web site that appears to be a different site
  • Rerouting packets to a different IP

Frage 46

Frage
Which attack relies on broadcast packets to cause a network to actually flood itself with ICMP packets?
Antworten
  • Smurf attack
  • SYN flood
  • Tribal flood
  • ICMP flood

Frage 47

Frage
Which attack occurs by sending packets that are too large for the target machine to handle?
Antworten
  • SYN flood
  • ICMP flood
  • Ping of death
  • Stack tweaking

Frage 48

Frage
One of the most common types of attacks via the Internet is:
Antworten
  • Buffer overflow
  • IP spoofing
  • Session hacking
  • Denial of service

Frage 49

Frage
Which of the following virus attacks initiated a DoS attack?
Antworten
  • Walachi
  • MyDoom
  • Bagle
  • Faux

Frage 50

Frage
Which router configuration is potentially least vulnerable to an attack?
Antworten
  • Routers that filter packets with source addresses in the local domain
  • Proxy firewalls where the proxy applications use the source IP address for authentication
  • Routers to external networks that support multiple internal interfaces
  • Routers with two interfaces that support subnetting on the internal network

Frage 51

Frage
What is a technical weakness of the Stack tweaking defense?
Antworten
  • It only decreases time out but does not actually stop DoS attacks
  • It is complicated and requires very skilled technicians to implement
  • It is resource intensive and can degrade server performance.
  • It is ineffective against DoS attacks

Frage 52

Frage
Which created a domestic “cyber terrorism” attack against a Unix distributor?
Antworten
  • MyDoom
  • W32.Storm.Worm
  • Blaster
  • Slammer

Frage 53

Frage
What is the name for a DoS attack that causes machines on a network to initiate a DoS against one of that network’s servers?
Antworten
  • Smurf attack
  • Distributed Denial of Service
  • SYN flood
  • Ping of Death

Frage 54

Frage
Which of the following would be the best defense if your Web server had limited resources but you needed a strong defense against DoS?
Antworten
  • Stack tweaking
  • A firewall
  • SYN cookies
  • RST cookies

Frage 55

Frage
What was the greatest damage from the Bagle virus?
Antworten
  • It deleted system files
  • It corrupted the Windows registry
  • It was difficult to detect
  • It shut down antivirus software

Frage 56

Frage
How does the SYN cookie work?
Antworten
  • Replaces cookies left by virus/worm programs.
  • Causes server to send wrong SYNACK to the client.
  • Prevents memory allocation until third part of SYN ACK handshaking.
  • Enables encryption of outbound packets.

Frage 57

Frage
From the attacker’s point of view, what is the primary weakness in a DoS attack?
Antworten
  • The attack does not cause actual damage
  • The attack must be sustained.
  • The attack is difficult to execute
  • The attack is easily thwarted

Frage 58

Frage
Shutting down router and firewall ports 5554 and 9996 will block most damage from which of these?
Antworten
  • Sobig
  • Trojan horses
  • Bagle
  • Sasser

Frage 59

Frage
Which attack causes Internet routers to attack the target systems without actually compromising the routers themselves?
Antworten
  • ICMP flood
  • SYN flood
  • Tribal Flood Network
  • Distributed Reflection Denial of Service

Frage 60

Frage
Which attack relies on broadcast packets to cause a network to actually flood itself with ICMP packets?
Antworten
  • Tribal flood
  • SYN flood
  • Smurf attack
  • ICMP flood

Frage 61

Frage
What DoS attack is based on leaving connections half open?
Antworten
  • SYN flood
  • Smurf Attack
  • Ping of Death
  • Distributed Denial of Service

Frage 62

Frage
What is the best method of defending against IP spoofing?
Antworten
  • Installing a router/firewall that blocks packets that appear to be originating within the network
  • Blocking all incoming TCP traffic
  • Blocking all incoming ICMP traffic
  • Installing a router/firewall that blocks packets that appear to be originating from outside the network

Frage 63

Frage
Which of the following best describes session hacking?
Antworten
  • Taking over a target machine via a Trojan horse
  • Taking control of the login session
  • Taking control of a target machine remotely
  • Taking control of the communication link between two machines

Frage 64

Frage
Which of the following is a recommended configuration of your firewall to defend against DoS attacks?
Antworten
  • Block TCP packets that originate outside your network
  • Block all incoming packets
  • Block ICMP packets that originate outside your network
  • Block all ICMP packets

Frage 65

Frage
Which copies itself into the Windows directory and creates a registry key to load itself at startup?
Antworten
  • Slammer
  • MyDoom
  • Sasser
  • Bagle

Frage 66

Frage
Which presented itself as an e-mail from the system administrator informing the user of a virus infection and gave directions to open an e-mail attachment which would then scan for e-mail addresses and shared folders?
Antworten
  • Sobig
  • Sasser
  • Minmail
  • Bagle

Frage 67

Frage
Which of the following best describes a buffer overflow attack?
Antworten
  • An attack that attempts to put misconfigured data into a memory buffer
  • An attack that attempts to send oversized TCP packets
  • An attack that attempts to put too much data in a memory buffer
  • An attack that overflows the target with too many TCP packets

Frage 68

Frage
What is a Trojan horse?
Antworten
  • Software that deletes system files then infects other machines
  • Software that self replicates
  • Software that causes harm to your system
  • Software that appears to be benign but really has some malicious purpose

Frage 69

Frage
Which of the following denial of service attacks results from a client’s failure to respond to the server’s reply to a request for connection?
Antworten
  • ICMP flood
  • SYN flood
  • Tribal flood
  • UDP flood

Frage 70

Frage
What is the danger inherent in IP spoofing attacks?
Antworten
  • Many of these attacks open the door for other attacks
  • Many firewalls don’t examine packets that seem to come from within the network.
  • They can be difficult to stop
  • They are very damaging to target systems

Frage 71

Frage
Which is NOT a typical adverse result of a virus?
Antworten
  • Increased network traffic
  • Changing system settings
  • Increased network functionality and responsiveness
  • Deletion of files

Frage 72

Frage
What type of firewall is Check Point Firewall-1?
Antworten
  • Packet filtering/application gateway hybrid
  • SPI/application gateway hybrid
  • Circuit level gateway
  • Application gateway

Frage 73

Frage
What implementation is Check Point Firewall-1?
Antworten
  • Switch based
  • Host based
  • Network based
  • Router based

Frage 74

Frage
Which is a hardware firewall vendor manufacturing Stateful Packet Inspection units with NAT and DES especially for small offices?
Antworten
  • Cisco
  • Wolverine
  • D-Link
  • Check Point

Frage 75

Frage
Should a home user with ICF block port 80, and why or why not?
Antworten
  • She should not because it would prevent her from using Web Pages
  • She should not because that will prevent her from getting updates and patches
  • She should unless she is running a Web server on her machine.
  • She should because port 80 is a common attack point for hackers

Frage 76

Frage
Why is an SPI firewall more resistant to flooding attacks?
Antworten
  • It requires user authentication
  • It examines each packet in the context of previous packets
  • It automatically blocks large traffic from a single IP
  • It examines the destination IP of all packets

Frage 77

Frage
Snort is which type of IDS?
Antworten
  • Client-based
  • Router-based
  • OS-based
  • Host-based

Frage 78

Frage
Snort is which type of IDS?
Antworten
  • Client-based
  • Router-based
  • OS-based
  • Host-based

Frage 79

Frage
What is one complexity found in enterprise environements that is unlikely in small networks or SOHO environments?
Antworten
  • Diverse user groups
  • Web vulnerabilities
  • Multiple operating systems
  • Users running different applications

Frage 80

Frage
Which type of IDS is the Cisco Sensor?
Antworten
  • Anomaly detection
  • Intrusion deterrence
  • Intrusion deflection
  • Anomaly deterrence

Frage 81

Frage
It should be routine for someone in the IT security staff to
Antworten
  • Physically inspect the firewall
  • Review firewall logs
  • Reboot the firewall
  • Test the firewall by attempting a ping flood

Frage 82

Frage
Using a server running the Linux operating system with its built-in firewall as the network firewall is one example of which firewall configuration?
Antworten
  • router-based
  • dual-homed host
  • network host-based
  • screened host

Frage 83

Frage
What is an advantage of an enterprise environment?
Antworten
  • Skilled technical personnel available
  • Multiple operating systems to deal with
  • IDS systems not needed
  • Lower security needs

Frage 84

Frage
Which is true about SonicWALL firewall solutions?
Antworten
  • They work on Linux, Unix, Solaris, and Windows platforms.
  • They are relatively inexpensive.
  • All models contain built-in encryption.
  • They include built-in proxy server capabilities.

Frage 85

Frage
In which mode of operation does Snort display a continuous stream of packet contents to the console?
Antworten
  • Heuristic mode
  • Network intrusion-detection mode
  • Packet logger mode
  • Packet sniffer mode

Frage 86

Frage
In comparing a packet filter firewall with a stateful packet inspection firewall (SPI), the SPI firewall is:
Antworten
  • LESS susceptible to ping and SYN floods but MORE susceptible to IP spoofing
  • LESS susceptible to ping and SYN floods and LESS susceptible to IP spoofing.
  • MORE susceptible to ping and SYN floods and MORE susceptible to IP spoofing
  • MORE susceptible to ping and SYN floods and LESS susceptible to IP spoofing

Frage 87

Frage
Which of the following are four basic types of firewalls?
Antworten
  • Screening, bastion, dual-homed, circuit level
  • Packet filtering, application gateway, circuit level, stateful packet inspection
  • Stateful packet inspection, gateway, bastion, screening
  • Application gateway, bastion, dual-homed, screening

Frage 88

Frage
In many typical configurations with multiple firewalls, e-mail servers and FTP servers are located in the:
Antworten
  • internal corporate network
  • demilitarized zone
  • corporate intranet
  • external network

Frage 89

Frage
Which of the following is not an advantage of the Fortigate firewall?
Antworten
  • Built-in encryption
  • Built-in virus scanning
  • Content filtering
  • Low cost

Frage 90

Frage
Should a home user block ICMP traffic, and why or why not?
Antworten
  • It should be blocked because such traffic is often used to transmit a virus
  • It should be blocked because such traffic is often used to do port scans and flood attacks
  • It should not be blocked because it is necessary for network operations
  • It should not be blocked because it is necessary for using the Web

Frage 91

Frage
Why might a proxy gateway be susceptible to a flood attack?
Antworten
  • It does not require user authentication
  • It allows multiple simultaneous connections
  • It does not properly filter packets
  • Its authentication method takes more time and resources

Frage 92

Frage
A standalone technology that hides internal addresses from the outside and only allows connections that originate from inside the network is called:
Antworten
  • TFTP
  • HTTP
  • DMZ
  • NAT

Frage 93

Frage
What is another term for preemptive blocking?
Antworten
  • Banishment vigilance
  • Intruder blocking
  • Intrusion deflection
  • User deflection

Frage 94

Frage
Which serves as a single contact point between the Internet and the private network?
Antworten
  • Bastion host
  • DMZ
  • Screened host
  • Dual-homed host

Frage 95

Frage
One type of intrusion-detection and avoidance which involves identifying suspect IP addresses and preventing intrusions is called:
Antworten
  • anomaly detection
  • intrusion deterrence
  • preemptive blocking
  • intrusion deflection

Frage 96

Frage
NAT is a replacement for what technology?
Antworten
  • Proxy server
  • Firewall
  • IDS
  • Antivirus software

Frage 97

Frage
Which is a robust commercial software firewall solution for Linux operating systems?
Antworten
  • SonicWALL
  • Wolverine
  • McAfee Personal Firewall
  • Symantec Norton Firewall

Frage 98

Frage
Which is true about Windows XP Internet Connection Firewall (ICF)?
Antworten
  • It has a logging feature enabled by default.
  • It works best in conjunction with a perimeter firewall.
  • It blocks incoming and outgoing packets.
  • It is a screened host firewall.

Frage 99

Frage
Which of the following is not a profiling strategy used in anomaly detection?
Antworten
  • Executable profiling
  • Threshold monitoring
  • Resource profiling
  • System monitoring

Frage 100

Frage
Which type of intrusion-detection relies on people rather than software or hardware?
Antworten
  • Banishment vigilance
  • Intrusion deterrence
  • Infiltration
  • Anomaly detection

Frage 101

Frage
Which type of firewall is included in Windows XP and many distributions of Linux operating systems?
Antworten
  • Stateful packet inspection
  • User authentication
  • Packet filter
  • Application proxy

Frage 102

Frage
What is one complexity found in enterprise environements that is unlikely in small networks or SOHO environments?
Antworten
  • Users running different applications
  • Multiple operating systems
  • Diverse user groups
  • Web vulnerabilities

Frage 103

Frage
What type of firewall requires individual client applications to be authorized to connect?
Antworten
  • Stateful packet inspection
  • Dual-homed
  • Application gateway
  • Screened gateway

Frage 104

Frage
Which of the following is not one of Snort’s modes?
Antworten
  • Network intrusion-detection
  • Sniffer
  • Packet logger
  • Packet filtering

Frage 105

Frage
What tool does McAfee Personal Firewall offer?
Antworten
  • A visual tool to trace attacks
  • NAT
  • Strong encryption
  • Vulnerability scanning

Frage 106

Frage
An open source software circuit level gateway is available from which of the following?
Antworten
  • Watchguard Technologies
  • SonicWALL
  • Teros
  • Amrita Labs

Frage 107

Frage
Which of the following are four basic types of firewalls?
Antworten
  • Application gateway, bastion, dual-homed, screening
  • Packet filtering, application gateway, circuit level, stateful packet inspection
  • Stateful packet inspection, gateway, bastion, screening
  • Screening, bastion, dual-homed, circuit level

Frage 108

Frage
Which type of firewall creates a private virtual connection with the client?
Antworten
  • Circuit level gateway
  • Dual-homed
  • Application gateway
  • Bastion

Frage 109

Frage
Which type of firewall negotiates between the server and client to permit or deny connection based on the type of software and connection requested?
Antworten
  • Circuit level gateway
  • Application gateway
  • Packet filter
  • Stateful packet inspection

Frage 110

Frage
Which firewall configuration would be appropriate within a network to separate and protect various subnets of a network to provide greater security?
Antworten
  • bastion host
  • demilitarized zone
  • router-based
  • dual-homed host

Frage 111

Frage
Which of the following is not a common feature of most single PC firewalls?
Antworten
  • Packet filtering
  • Software-based
  • Ease of use
  • Built-in NAT

Frage 112

Frage
It should be routine for someone in the IT security staff to
Antworten
  • Reboot the firewall
  • Physically inspect the firewall
  • Review firewall logs
  • Test the firewall by attempting a ping flood

Frage 113

Frage
A firewall designed to secure an individual personal computer is a:
Antworten
  • screened host firewall
  • single machine firewall
  • simple hardware firewall
  • combination hardware/software firewall

Frage 114

Frage
What type of firewall is SonicWALL TI70?
Antworten
  • Application gateway
  • Circuit-level gateway
  • Packet screening
  • Stateful Packet Inspection

Frage 115

Frage
Which of the following is an advantage of the network host-based configuration?
Antworten
  • It is resistant to IP spoofing
  • It has user authentication
  • It is inexpensive or free
  • It is more secure

Frage 116

Frage
Which of the following is a benefit of Cisco firewalls?
Antworten
  • Very low cost
  • Built-in virus scanning on all products
  • Built-in IDS on all products
  • Extensive training available on the product

Frage 117

Frage
Once a circuit level gateway verifies the user’s logon, it creates a virtual circuit between:
Antworten
  • the internal client and the external server
  • the external server and the proxy server
  • the external server and the firewall
  • the internal client and the proxy server

Frage 118

Frage
At what OSI layer do packet filters function?
Antworten
  • Physical layer
  • Transport layer
  • Network layer
  • Data link layer

Frage 119

Frage
Which is NOT a function of an intrusion-detection system?
Antworten
  • Inspect all inbound and outbound port activity
  • Notify the system administrator of suspicious activity
  • Infiltrate the illicit system to acquire information
  • Look for patterns in port activity

Frage 120

Frage
What might one see in an implementation of intrusion deterrence?
Antworten
  • Real resources with fake names
  • Fake resources with legitimate-sounding names
  • Blocking of legitimate users by mistake
  • Profiling of users, resources, groups, or applications

Frage 121

Frage
A system that is set up for attracting and monitoring intruders is called what?
Antworten
  • Fly paper
  • Honey pot
  • Hacker cage
  • Trap door

Frage 122

Frage
A device that hides internal IP addresses is called
Antworten
  • Dual-homed host
  • Bastion firewall
  • Proxy server
  • A screened host

Frage 123

Frage
Medium-sized networks have what problem?
Antworten
  • Low budgets
  • Diverse user group
  • Need to connect multiple LANs into a single WAN
  • Lack of skilled technical personnel

Frage 124

Frage
A firewall that uses a combination of approaches rather than a single approach to protect the network is called:
Antworten
  • multi-homed
  • dual-homed
  • open source
  • hybrid

Frage 125

Frage
How can vulnerability to flooding attacks be reduced with an application gateway?
Antworten
  • Packets are continually checked during the connection
  • Vulnerability to flooding attacks with an application gateway cannot be mitigated
  • Authenticating users
  • External systems never see the gateway

Frage 126

Frage
Identifying abnormal activity on a firewall requires that one establish a:
Antworten
  • baseline
  • screened host
  • bastion host
  • proxy server

Frage 127

Frage
An intrusion-detection system detecting a series of ICMP packets sent to each port from the same IP address might indicate:
Antworten
  • scanning of the system for vulnerabilities prior to an attack
  • Trojan horse/virus infection sending information back home
  • a Distributed Denial of Service attack in progress
  • the system has been infiltrated by an outsider

Frage 128

Frage
Why is an SPI firewall less susceptible to spoofing attacks?
Antworten
  • It requires user authentication
  • It requires client application authentication
  • It automatically blocks spoofed packets
  • It examines the source IP of all packets

Frage 129

Frage
What is ICF?
Antworten
  • Windows XP Internet Connection Firewall
  • Windows 2000 Internet Connection Firewall
  • Windows 2000 Internet Control Firewall
  • Windows XP Internet Control Firewall

Frage 130

Frage
Which is a firewall vendor manufacturing a host-based firewall for Windows 2000 Server, Sun Solaris, and Red Hat Linux environments?
Antworten
  • D-Link
  • Wolverine
  • Check Point
  • Cisco

Frage 131

Frage
Which of the following is not a reason to avoid choosing infiltration as part of an IDS strategy?
Antworten
  • It can be time consuming
  • It requires knowledge of the target group
  • It can be expensive
  • The group may retaliate

Frage 132

Frage
A series of ICMP packets sent to your ports in sequence might indicate what?
Antworten
  • A packet sniffer
  • A port scan
  • A DoS attack
  • A ping flood

Frage 133

Frage
An intrusion-detection method that measures and monitors how programs use system resources is called:
Antworten
  • user/group profiling.
  • resource profiling.
  • executable profiling.
  • threshold monitoring.

Frage 134

Frage
Which strategy is used in the implementation of intrusion deterrence?
Antworten
  • Installing honey pots to pose as important system
  • Monitoring connection attempts to identify IP addresses of attackers
  • Using fake names to camouflage important systems
  • Infiltrating online hacker groups

Frage 135

Frage
Which method of intrusion-detection develops historic usage levels to measure activity against?
Antworten
  • Threshold monitoring
  • Application profiling
  • Resource profiling
  • Infiltration profiling

Frage 136

Frage
What is the greatest danger in a network host-based configuration?
Antworten
  • SYN flood attacks
  • IP spoofing
  • Operating System Security flaws
  • Ping flood attacks

Frage 137

Frage
Which type of firewall is generally the simplest and least expensive?
Antworten
  • Circuit level gateway
  • Application gateway
  • Packet filter
  • Stateful packet inspection

Frage 138

Frage
Implementation of intrusion deflection as a strategy requires the use of:
Antworten
  • fake targets
  • blocking software
  • warnings to intruders to leave
  • innocuous names for sensitive targets

Frage 139

Frage
Which of the following is found in Norton’s personal firewall but not in ICF?
Antworten
  • Strong encryption
  • Vulnerability scanning
  • A visual tool to trace attacks
  • NAT

Frage 140

Frage
Which of the following is a common problem when seeking information on firewalls?
Antworten
  • Unbiased information may be hard to find.
  • It is difficult to find information on the Web.
  • Information often emphasizes price rather than features.
  • Documentation is often incomplete

Frage 141

Frage
Which of the following can be shipped preconfigured?
Antworten
  • Router-based firewalls
  • Stateful packet inspection firewalls
  • Dual-homed firewalls
  • Network host-based firewalls

Frage 142

Frage
Which is a term used to refer to the process of authentication and verification?
Antworten
  • Filtering
  • Negotiation
  • Connecting
  • Screening

Frage 143

Frage
Which type of firewall negotiates between the server and client to permit or deny connection based on the type of software and connection requested?
Antworten
  • Circuit level gateway
  • Stateful packet inspection
  • Application gateway
  • Packet filter

Frage 144

Frage
Which intrusion detection strategy monitors and compares activity against preset acceptable levels?
Antworten
  • Threshold monitoring
  • Infiltration monitoring
  • Application monitoring
  • Resource profiling

Frage 145

Frage
Which of the following is a problem with the approach of a profiling strategy that is used in anomaly detection?
Antworten
  • It misses many attacks
  • It is resource intensive
  • It yields many false positives
  • It is difficult to configure

Frage 146

Frage
What is the purpose of the warning configuration for Specter’s email file?
Antworten
  • To scare off at least novice hackers
  • To keep your normal users honest
  • To deter highly skilled hackers
  • To track hackers back to their source IPs

Frage 147

Frage
Regarding the Firewall-1 firewall, which of the following is NOT true?
Antworten
  • It is particularly vulnerable to SYN floods.
  • It is a packet filtering, application gateway hybrid.
  • It uses Stateful Packet Inspection.
  • It automatically blocks and logs oversized packets.

Frage 148

Frage
IDS is an acronym for:
Antworten
  • Intrusion deterrence service
  • Intrusion-detection service
  • Intrusion deterrence system
  • Intrusion-detection system

Frage 149

Frage
What is the most important security advantage to NAT?
Antworten
  • It hides internal network addresses
  • By default it blocks all ICMP packets
  • It blocks incoming ICMP packets
  • By default it only allows outbound connections

Frage 150

Frage
Which is true about the Wolverine firewall solution?
Antworten
  • It includes built-in VPN capabilities.
  • It works on Linux, Unix, Solaris, and Windows platforms.
  • Encryption can be added with a free Web download.
  • It is expensive.

Frage 151

Frage
What four rules must be set for packet filtering firewalls?
Antworten
  • Username, password, protocol type, destination IP
  • Source IP, destination IP, username, password
  • Protocol type, source port, destination port, source IP
  • Protocol version, destination IP, source port, username

Frage 152

Frage
Setting up parameters for acceptable use, such as the number of login attempts, and watching to see if those levels are exceeded is referred to as what?
Antworten
  • Resource profiling
  • Executable profiling
  • System monitoring
  • Threshold monitoring

Frage 153

Frage
Attempts by an intruder to determine information about a system prior to the start of an intrusion attack is called:
Antworten
  • foot printing
  • infiltration
  • deflecting
  • detecting

Frage 154

Frage
Which is NOT a service included in the Norton single machine firewall?
Antworten
  • Data recovery
  • Popup ad blocking
  • Blocking of outgoing traffic
  • Privacy protection

Frage 155

Frage
Banishment vigilance is another name for:
Antworten
  • anomaly detection
  • intrusion deflection
  • intrusion deterrence
  • preemptive blocking

Frage 156

Frage
Which type of encryption is included with the T170?
Antworten
  • PGP and AES
  • WEP and DES
  • WEP and PGP
  • AES and DES

Frage 157

Frage
Which is a unique feature of the McAfee Personal Firewall that is not found on most personal firewalls?
Antworten
  • Blocking incoming traffic on selected ports
  • Online scanning of system for vulnerabilities
  • Performing traceroute to show the source of incoming packets
  • Recording a log of all attempts at incoming packets

Frage 158

Frage
Why might you run Specter in strange mode?
Antworten
  • It will be difficult to determine the system is a honey pot
  • It will deter novice hackers
  • It may fascinate hackers and keep them online long enough to catch them
  • It may confuse hackers and deter them from your systems

Frage 159

Frage
A firewall configuration using a server as a router and running multiple network interfaces with automatic routing disabled is an example of a:
Antworten
  • dual-homed host
  • screened host
  • router-based
  • network host-based

Frage 160

Frage
Why might a proxy gateway be susceptible to a flood attack?
Antworten
  • Its authentication method takes more time and resources
  • It does not properly filter packets
  • It allows multiple simultaneous connections
  • It does not require user authentication

Frage 161

Frage
Which intrusion-detection method measures activity levels against known short-term and/or long-term work profiles?
Antworten
  • Threshold monitoring
  • User/group work profiling
  • Executable profiling
  • Resource profiling

Frage 162

Frage
Why might a circuit level gateway be inappropriate for some situations?
Antworten
  • It blocks web traffic
  • It is simply too expensive
  • It has no user authentication
  • It requires client side configuration

Frage 163

Frage
Which is NOT true about enterprise networks and firewall solutions?
Antworten
  • They are likely to be supported by multiple network administrators.
  • They are usually made up of several interconnected networks.
  • They are usually easier to manage and secure.
  • They are likely to contain several different operating systems.

Frage 164

Frage
Attempting to make your system appear less appealing is referred to as what?
Antworten
  • Intrusion deterrence
  • System deterrence
  • System camouflage
  • Intrusion deflection

Frage 165

Frage
Which of the following is an important feature of D-Link DFL 300?
Antworten
  • Vulnerability scanning
  • Liberal licensing policy
  • WEP encryption
  • Built-in IDS

Frage 166

Frage
Which firewall solution would be best for a large enterprise running Windows XP Professional and Linux operating systems, using the Internet, and requiring remote access to their Intranet server for field sales people?
Antworten
  • Check Point Firewall-1
  • Cisco PIX 515E
  • Fortigate 3600
  • Windows XP Internet Connection Firewall

Frage 167

Frage
Why is an SPI firewall more resistant to flooding attacks?
Antworten
  • It automatically blocks large traffic from a single IP
  • It requires user authentication
  • It examines each packet in the context of previous packets
  • It examines the destination IP of all packets

Frage 168

Frage
A profiling technique that monitors how applications use resources is called what?
Antworten
  • Application monitoring
  • Resource profiling
  • System monitoring
  • Executable profiling

Frage 169

Frage
Symantec Decoy Server does all of the following EXCEPT:
Antworten
  • simulate incoming mail server functions
  • record all traffic related to an intrusion attack
  • simulate outgoing mail server functions
  • track attacking packets to their source

Frage 170

Frage
Attempting to attract intruders to a system set up to monitor them is called what?
Antworten
  • Intrusion routin
  • Intrusion deterrence
  • Intrusion banishment
  • Intrusion deflection

Frage 171

Frage
Which type of firewall is considered the most secure?
Antworten
  • Circuit-level gateway
  • Stateful packet inspection
  • Dual-homed
  • Packet screening

Frage 172

Frage
Following rules and learning from experience as part of the process to identify and notify an administrator about an intrusion are typical when Snort is operating in which mode?
Antworten
  • Network intrusion-detection mode
  • Packet logger mode
  • Sniffer mode
  • Command mode

Frage 173

Frage
Using a server running the Linux operating system with its built-in firewall as the network firewall is one example of which firewall configuration?
Antworten
  • screened host
  • network host-based
  • router-based
  • dual-homed host

Frage 174

Frage
Which of the following solutions is actually a combination of firewalls?
Antworten
  • Dual-homed firewalls
  • Router-based firewalls
  • Screened firewalls
  • Bastion host firewalls

Frage 175

Frage
Which is NOT one of the basic premises under which a honey pot functions?
Antworten
  • Intruders will tend to go for easy targets with valuable data
  • Any traffic to the honey pot is suspicious
  • Security must allow attackers inside
  • Only legitimate users have a reason to connect to it

Frage 176

Frage
In many typical configurations with multiple firewalls, e-mail servers and FTP servers are located in the:
Antworten
  • demilitarized zone
  • internal corporate network
  • corporate Intranet
  • external network
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

CCNA Security 210-260 IINS - Exam 3
Mike M
Application of technology in learning
Jeff Wall
Innovative Uses of Technology
John Marttila
Ch1 - The nature of IT Projects
mauricio5509
The Internet
Gee_0599
CCNA Answers – CCNA Exam
Abdul Demir
SQL Quiz
R M
Professional, Legal, and Ethical Issues in Information Security
mfundo.falteni
System Analysis
R A
Flash Cards Networks
JJ Pro Wrestler
EDUC260- Multimodal Literacies for a Digital Age
angelwoo2002