Mary Sunseri
Quiz by , created more than 1 year ago

Information Technology Quiz on Midterm review Chapters 1-5, created by Mary Sunseri on 03/03/2018.

Mary Sunseri
Created by Mary Sunseri over 6 years ago

Midterm review Chapters 1-5

Question 1 of 176


Which of the following is the best definition for war-driving?

Select one of the following:

  • Driving and seeking rival hackers

  • Driving while hacking and seeking a computer job

  • Driving looking for wireless networks to hack

  • Driving while using a wireless connection to hack


Question 2 of 176


In addition to mandating federal agencies to establish security measures, the Computer Security Act of 1987 defined important terms such as:

Select one of the following:

  • security information

  • private information

  • unauthorized access

  • sensitive information


Question 3 of 176


What are the three approaches to security?

Select one of the following:

  • High security, medium security, and low security

  • Perimeter, layered, and hybrid

  • Internal, external, and hybrid

  • Perimeter, complete, and none


Question 4 of 176


An attack characterized by an explicit attempt by attackers to prevent legitimate users from accessing a system is called:

Select one of the following:

  • war-dialing

  • spoofing

  • denial of service

  • social engineering


Question 5 of 176


The first computer incident response team is affiliated with what university?

Select one of the following:

  • Harvard University

  • Princeton

  • Carnegie-Mellon University

  • Yale


Question 6 of 176


The process of reviewing logs, records, and procedures to determine whether they meet appropriate standards is called:

Select one of the following:

  • auditing

  • filtering

  • authenticating

  • sneaking


Question 7 of 176


Which of the following best defines the primary difference between a sneaker and an auditor?

Select one of the following:

  • There is no difference

  • The sneaker tends to be less skilled

  • The sneaker tends to use more unconventional methods

  • The auditor tends to be less skilled


Question 8 of 176


Which of the following types of privacy laws affect computer security?

Select one of the following:

  • Any privacy law applicable to your organization

  • Any privacy law

  • Any federal privacy law

  • Any state privacy law


Question 9 of 176


An intrusion-detection system is an example of:

Select one of the following:

  • Proactive security

  • Perimeter security

  • Good security practices

  • Hybrid security


Question 10 of 176


Which of the following is the best definition of “sensitive information”?

Select one of the following:

  • Any information that is worth more than $1,000

  • Any information that has monetary value and is protected by any privacy laws

  • Any information that, if accessed by unauthorized personnel, could damage your organization in any way

  • Military or defense related information


Question 11 of 176


Which of the following maintains a repository for information on virus outbreaks and detailed information about specific viruses?

Select one of the following:

  • F-Secure Corporation

  • CERT

  • SANS Institute

  • Microsoft Security Advisor


Question 12 of 176


Which is a technique used to provide false information about data packets?

Select one of the following:

  • Phreaking

  • Social engineering

  • Hacking

  • Spoofing


Question 13 of 176


What is the term for hacking a phone system?

Select one of the following:

  • phreaking

  • Cracking

  • Hacking

  • Telco-hacking


Question 14 of 176


Which is NOT one of the three broad classes of security threats?

Select one of the following:

  • Preventing or blocking access to a system

  • Gaining unauthorized access into a system

  • Malicious software

  • Disclosing contents of private networks


Question 15 of 176


Are there any reasons not to take an extreme view of security, if that view errs on the side of caution?

Select one of the following:

  • No, there is no reason not to take such an extreme view.

  • Yes, if you are going to err, assume there are few if any realistic threats.

  • Yes, that can lead to wasting resources on threats that are not likely.

  • Yes, that can require that you increase your security skills in order to implement more rigorous defenses.


Question 16 of 176


A text file that is downloaded to a computer by a Web site to provide information about the Web site and online access is called a:

Select one of the following:

  • cookie

  • Trojan horse

  • script kiddy

  • key logger


Question 17 of 176


Which of the following is the most basic security activity?

Select one of the following:

  • Installing a firewall

  • Controlling access to resources

  • Authenticating users

  • Using a virus scanner


Question 18 of 176


Which of the following is NOT a connectivity device used to connect machines on a network?

Select one of the following:

  • Network interface card

  • Hub

  • Proxy server

  • Switch


Question 19 of 176


The process of determining whether the credentials given by a user are authorized to access a particular network resource is called:

Select one of the following:

  • auditing

  • accessing

  • authorization

  • authentication


Question 20 of 176


Which approach to security is proactive in addressing potential threats before they occur?

Select one of the following:

  • Layered security approach

  • Passive security approach

  • Dynamic security approach

  • Hybrid security approach


Question 21 of 176


Those who exploit systems for harm such as to erase files, change data, or deface Web sites are typically called:

Select one of the following:

  • gray hat hackers

  • black hat hackers

  • white hat hackers

  • red hat hackers


Question 22 of 176


Encryption and virtual private networks are techniques used to secure which of the following?

Select one of the following:

  • Connection points

  • Data

  • Firewalls

  • Proxy servers


Question 23 of 176


Which of the following is the best definition for the term sneaker?

Select one of the following:

  • An amateur hacker

  • A person who hacks a system to test its vulnerabilities

  • A person who hacks a system by faking a legitimate password

  • An amateur who hacks a system without being caught


Question 24 of 176


Which of the following is not one of the three major classes of threats?

Select one of the following:

  • Online auction fraud

  • Denial of Service attacks

  • A computer virus or worm

  • Actually intruding on a system


Question 25 of 176


Which is NOT one of the three broad classes of security threats?

Select one of the following:

  • Disclosing contents of private networks

  • Malicious software

  • Preventing or blocking access to a system

  • Gaining unauthorized access into a system


Question 26 of 176


What is a computer virus?

Select one of the following:

  • Any program that can change your Windows registry.

  • Any program that self replicates

  • Any program that causes harm to your system

  • Any program that is downloaded to your system without your permission


Question 27 of 176


When assessing threats to a system, what three factors should you consider?

Select one of the following:

  • How much traffic the system gets, the security budget, and the skill level of the security team

  • The system’s attractiveness, the information contained on the system, and how much traffic the system gets

  • The skill level of the security team, the system’s attractiveness, and how much traffic the system gets

  • The system’s attractiveness, the information contained on the system, and the security budget


Question 28 of 176


Which of the following would most likely be classified as misuses of systems?

Select one of the following:

  • Using your business computer to conduct your own (non-company) business

  • Getting an occasional personal email

  • Looking up information on a competitor using the Web

  • Shopping on the web during lunch


Question 29 of 176


What is a technique used to determine if someone is trying to falsely deny that they performed a particular action?

Select one of the following:

  • Non-repudiation

  • Access Control Authorization

  • Audiiting

  • Sneaking


Question 30 of 176


Which approach to security addresses both the system perimeter and individual systems within the network?

Select one of the following:

  • Perimeter security approach

  • Layered security approach

  • Hybrid aecurity approach

  • Dynamic security approach


Question 31 of 176


Which of the following gives the best definition of spyware?

Select one of the following:

  • Any software that monitors which Web sites you visit

  • Any software or hardware that monitors your system

  • Any software that logs keystrokes

  • Any software used to gather intelligence


Question 32 of 176


Which of the following is the best definition for non-repudiation?

Select one of the following:

  • It is another term for user authentication

  • Processes that verify which user performs what action

  • Security that does not allow the potential intruder to deny his attack

  • Access control


Question 33 of 176


Blocking attacks seek to accomplish what?

Select one of the following:

  • Prevent legitimate users from accessing a system

  • Breaking into a target system

  • Shut down security measures

  • Install a virus on the target machine


Question 34 of 176


Which term is generally used by hackers to refer to attempts at intrusion into a system without permission and usually for malevolent purposes?

Select one of the following:

  • Social engineering

  • Blocking

  • Hacking

  • Cracking


Question 35 of 176


The most desirable approach to security is one which is:

Select one of the following:

  • Layered and dynamic

  • Perimeter and static

  • Layered and static

  • Perimeter and dynamic


Question 36 of 176


Which of the following activities do security professionals recommend to limit the chances of becoming a target for a Trojan horse?

Select one of the following:

  • Prevent employees from downloading and installing any programs

  • Download and install Windows updates and patches monthly

  • Only open e-mail attachments from friends or co-workers

  • Only download jokes, animated Flash files, or utility programs from popular sites


Question 37 of 176


Which method of defense against a SYN flood involves altering the response timeout?

Select one of the following:

  • Micro blocks

  • SYN cookies

  • RST cookies

  • Stack tweaking


Question 38 of 176


Which created a buffer overflow attack against a Windows flaw called the DCOM RPC vulnerability?

Select one of the following:

  • Blaster

  • MyDoom

  • SoBig

  • Slammer


Question 39 of 176


What do many analysts believe was the reason for the MyDoom virus/worm?

Select one of the following:

  • A DoS attack against

  • A DoS attack targeting Microsoft Windows IIS servers

  • An e-mail attack targeting Bill Gates

  • A DDoS attack targeting Santa Cruz Operations


Question 40 of 176


Which is NOT true about a buffer overflow attack?

Select one of the following:

  • Susceptibility to a buffer overflow is entirely contingent on software flaws.

  • A hacker does not need a good working knowledge of some programming language to create a buffer overflow.

  • A buffer overflow can load malicious data into memory and run it on a target machine.

  • A careful programmer will write applications so the buffer will truncate or reject data that exceeds the buffer length.


Question 41 of 176


What is the name for a DoS defense that is dependent on sending back a hash code to the client?

Select one of the following:

  • Server reflection

  • RST cookie

  • Stack tweaking

  • SYN cookie


Question 42 of 176


What is the best way to defend against a buffer overflow?

Select one of the following:

  • Stopping all ICMP traffic

  • Using a robust firewall

  • Keeping all software patched and updated

  • Blocking TCP packets at the router


Question 43 of 176


The spread of viruses can be minimized by all of the following EXCEPT:

Select one of the following:

  • using a code word with friends to determine if attachments are legitimate

  • using a virus scanner

  • immediately following instructions in security alerts e-mailed to you from Microsoft

  • never opening attachments you are unsure of


Question 44 of 176


Which of the following is NOT a denial of service attack?

Select one of the following:

  • Ping of Death

  • SYN flood

  • Smurf attack

  • Stack tweaking


Question 45 of 176


Which of the following is the best definition for IP spoofing?

Select one of the following:

  • Sending packets that are misconfigured

  • Sending a packet that appears to come from a trusted IP

  • Setting up a fake Web site that appears to be a different site

  • Rerouting packets to a different IP


Question 46 of 176


Which attack relies on broadcast packets to cause a network to actually flood itself with ICMP packets?

Select one of the following:

  • Smurf attack

  • SYN flood

  • Tribal flood

  • ICMP flood


Question 47 of 176


Which attack occurs by sending packets that are too large for the target machine to handle?

Select one of the following:

  • SYN flood

  • ICMP flood

  • Ping of death

  • Stack tweaking


Question 48 of 176


One of the most common types of attacks via the Internet is:

Select one of the following:

  • Buffer overflow

  • IP spoofing

  • Session hacking

  • Denial of service


Question 49 of 176


Which of the following virus attacks initiated a DoS attack?

Select one of the following:

  • Walachi

  • MyDoom

  • Bagle

  • Faux


Question 50 of 176


Which router configuration is potentially least vulnerable to an attack?

Select one of the following:

  • Routers that filter packets with source addresses in the local domain

  • Proxy firewalls where the proxy applications use the source IP address for authentication

  • Routers to external networks that support multiple internal interfaces

  • Routers with two interfaces that support subnetting on the internal network


Question 51 of 176


What is a technical weakness of the Stack tweaking defense?

Select one of the following:

  • It only decreases time out but does not actually stop DoS attacks

  • It is complicated and requires very skilled technicians to implement

  • It is resource intensive and can degrade server performance.

  • It is ineffective against DoS attacks


Question 52 of 176


Which created a domestic “cyber terrorism” attack against a Unix distributor?

Select one of the following:

  • MyDoom

  • W32.Storm.Worm

  • Blaster

  • Slammer


Question 53 of 176


What is the name for a DoS attack that causes machines on a network to initiate a DoS against one of that network’s servers?

Select one of the following:

  • Smurf attack

  • Distributed Denial of Service

  • SYN flood

  • Ping of Death


Question 54 of 176


Which of the following would be the best defense if your Web server had limited resources but you needed a strong defense against DoS?

Select one of the following:

  • Stack tweaking

  • A firewall

  • SYN cookies

  • RST cookies


Question 55 of 176


What was the greatest damage from the Bagle virus?

Select one of the following:

  • It deleted system files

  • It corrupted the Windows registry

  • It was difficult to detect

  • It shut down antivirus software


Question 56 of 176


How does the SYN cookie work?

Select one of the following:

  • Replaces cookies left by virus/worm programs.

  • Causes server to send wrong SYNACK to the client.

  • Prevents memory allocation until third part of SYN ACK handshaking.

  • Enables encryption of outbound packets.


Question 57 of 176


From the attacker’s point of view, what is the primary weakness in a DoS attack?

Select one of the following:

  • The attack does not cause actual damage

  • The attack must be sustained.

  • The attack is difficult to execute

  • The attack is easily thwarted


Question 58 of 176


Shutting down router and firewall ports 5554 and 9996 will block most damage from which of these?

Select one of the following:

  • Sobig

  • Trojan horses

  • Bagle

  • Sasser


Question 59 of 176


Which attack causes Internet routers to attack the target systems without actually compromising the routers themselves?

Select one of the following:

  • ICMP flood

  • SYN flood

  • Tribal Flood Network

  • Distributed Reflection Denial of Service


Question 60 of 176


Which attack relies on broadcast packets to cause a network to actually flood itself with ICMP packets?

Select one of the following:

  • Tribal flood

  • SYN flood

  • Smurf attack

  • ICMP flood


Question 61 of 176


What DoS attack is based on leaving connections half open?

Select one of the following:

  • SYN flood

  • Smurf Attack

  • Ping of Death

  • Distributed Denial of Service


Question 62 of 176


What is the best method of defending against IP spoofing?

Select one of the following:

  • Installing a router/firewall that blocks packets that appear to be originating within the network

  • Blocking all incoming TCP traffic

  • Blocking all incoming ICMP traffic

  • Installing a router/firewall that blocks packets that appear to be originating from outside the network


Question 63 of 176


Which of the following best describes session hacking?

Select one of the following:

  • Taking over a target machine via a Trojan horse

  • Taking control of the login session

  • Taking control of a target machine remotely

  • Taking control of the communication link between two machines


Question 64 of 176


Which of the following is a recommended configuration of your firewall to defend against DoS attacks?

Select one of the following:

  • Block TCP packets that originate outside your network

  • Block all incoming packets

  • Block ICMP packets that originate outside your network

  • Block all ICMP packets


Question 65 of 176


Which copies itself into the Windows directory and creates a registry key to load itself at startup?

Select one of the following:

  • Slammer

  • MyDoom

  • Sasser

  • Bagle


Question 66 of 176


Which presented itself as an e-mail from the system administrator informing the user of a virus infection and gave directions to open an e-mail attachment which would then scan for e-mail addresses and shared folders?

Select one of the following:

  • Sobig

  • Sasser

  • Minmail

  • Bagle


Question 67 of 176


Which of the following best describes a buffer overflow attack?

Select one of the following:

  • An attack that attempts to put misconfigured data into a memory buffer

  • An attack that attempts to send oversized TCP packets

  • An attack that attempts to put too much data in a memory buffer

  • An attack that overflows the target with too many TCP packets


Question 68 of 176


What is a Trojan horse?

Select one of the following:

  • Software that deletes system files then infects other machines

  • Software that self replicates

  • Software that causes harm to your system

  • Software that appears to be benign but really has some malicious purpose


Question 69 of 176


Which of the following denial of service attacks results from a client’s failure to respond to the server’s reply to a request for connection?

Select one of the following:

  • ICMP flood

  • SYN flood

  • Tribal flood

  • UDP flood


Question 70 of 176


What is the danger inherent in IP spoofing attacks?

Select one of the following:

  • Many of these attacks open the door for other attacks

  • Many firewalls don’t examine packets that seem to come from within the network.

  • They can be difficult to stop

  • They are very damaging to target systems


Question 71 of 176


Which is NOT a typical adverse result of a virus?

Select one of the following:

  • Increased network traffic

  • Changing system settings

  • Increased network functionality and responsiveness

  • Deletion of files


Question 72 of 176


What type of firewall is Check Point Firewall-1?

Select one of the following:

  • Packet filtering/application gateway hybrid

  • SPI/application gateway hybrid

  • Circuit level gateway

  • Application gateway


Question 73 of 176


What implementation is Check Point Firewall-1?

Select one of the following:

  • Switch based

  • Host based

  • Network based

  • Router based


Question 74 of 176


Which is a hardware firewall vendor manufacturing Stateful Packet Inspection units with NAT and DES especially for small offices?

Select one of the following:

  • Cisco

  • Wolverine

  • D-Link

  • Check Point


Question 75 of 176


Should a home user with ICF block port 80, and why or why not?

Select one of the following:

  • She should not because it would prevent her from using Web Pages

  • She should not because that will prevent her from getting updates and patches

  • She should unless she is running a Web server on her machine.

  • She should because port 80 is a common attack point for hackers


Question 76 of 176


Why is an SPI firewall more resistant to flooding attacks?

Select one of the following:

  • It requires user authentication

  • It examines each packet in the context of previous packets

  • It automatically blocks large traffic from a single IP

  • It examines the destination IP of all packets


Question 77 of 176


Snort is which type of IDS?

Select one of the following:

  • Client-based

  • Router-based

  • OS-based

  • Host-based


Question 78 of 176


Snort is which type of IDS?

Select one of the following:

  • Client-based

  • Router-based

  • OS-based

  • Host-based


Question 79 of 176


What is one complexity found in enterprise environements that is unlikely in small networks or SOHO environments?

Select one of the following:

  • Diverse user groups

  • Web vulnerabilities

  • Multiple operating systems

  • Users running different applications


Question 80 of 176


Which type of IDS is the Cisco Sensor?

Select one of the following:

  • Anomaly detection

  • Intrusion deterrence

  • Intrusion deflection

  • Anomaly deterrence


Question 81 of 176


It should be routine for someone in the IT security staff to

Select one of the following:

  • Physically inspect the firewall

  • Review firewall logs

  • Reboot the firewall

  • Test the firewall by attempting a ping flood


Question 82 of 176


Using a server running the Linux operating system with its built-in firewall as the network firewall is one example of which firewall configuration?

Select one of the following:

  • router-based

  • dual-homed host

  • network host-based

  • screened host


Question 83 of 176


What is an advantage of an enterprise environment?

Select one of the following:

  • Skilled technical personnel available

  • Multiple operating systems to deal with

  • IDS systems not needed

  • Lower security needs


Question 84 of 176


Which is true about SonicWALL firewall solutions?

Select one of the following:

  • They work on Linux, Unix, Solaris, and Windows platforms.

  • They are relatively inexpensive.

  • All models contain built-in encryption.

  • They include built-in proxy server capabilities.


Question 85 of 176


In which mode of operation does Snort display a continuous stream of packet contents to the console?

Select one of the following:

  • Heuristic mode

  • Network intrusion-detection mode

  • Packet logger mode

  • Packet sniffer mode


Question 86 of 176


In comparing a packet filter firewall with a stateful packet inspection firewall (SPI), the SPI firewall is:

Select one of the following:

  • LESS susceptible to ping and SYN floods but MORE susceptible to IP spoofing

  • LESS susceptible to ping and SYN floods and LESS susceptible to IP spoofing.

  • MORE susceptible to ping and SYN floods and MORE susceptible to IP spoofing

  • MORE susceptible to ping and SYN floods and LESS susceptible to IP spoofing


Question 87 of 176


Which of the following are four basic types of firewalls?

Select one of the following:

  • Screening, bastion, dual-homed, circuit level

  • Packet filtering, application gateway, circuit level, stateful packet inspection

  • Stateful packet inspection, gateway, bastion, screening

  • Application gateway, bastion, dual-homed, screening


Question 88 of 176


In many typical configurations with multiple firewalls, e-mail servers and FTP servers are located in the:

Select one of the following:

  • internal corporate network

  • demilitarized zone

  • corporate intranet

  • external network


Question 89 of 176


Which of the following is not an advantage of the Fortigate firewall?

Select one of the following:

  • Built-in encryption

  • Built-in virus scanning

  • Content filtering

  • Low cost


Question 90 of 176


Should a home user block ICMP traffic, and why or why not?

Select one of the following:

  • It should be blocked because such traffic is often used to transmit a virus

  • It should be blocked because such traffic is often used to do port scans and flood attacks

  • It should not be blocked because it is necessary for network operations

  • It should not be blocked because it is necessary for using the Web


Question 91 of 176


Why might a proxy gateway be susceptible to a flood attack?

Select one of the following:

  • It does not require user authentication

  • It allows multiple simultaneous connections

  • It does not properly filter packets

  • Its authentication method takes more time and resources


Question 92 of 176


A standalone technology that hides internal addresses from the outside and only allows connections that originate from inside the network is called:

Select one of the following:

  • TFTP

  • HTTP

  • DMZ

  • NAT


Question 93 of 176


What is another term for preemptive blocking?

Select one of the following:

  • Banishment vigilance

  • Intruder blocking

  • Intrusion deflection

  • User deflection


Question 94 of 176


Which serves as a single contact point between the Internet and the private network?

Select one of the following:

  • Bastion host

  • DMZ

  • Screened host

  • Dual-homed host


Question 95 of 176


One type of intrusion-detection and avoidance which involves identifying suspect IP addresses and preventing intrusions is called:

Select one of the following:

  • anomaly detection

  • intrusion deterrence

  • preemptive blocking

  • intrusion deflection


Question 96 of 176


NAT is a replacement for what technology?

Select one of the following:

  • Proxy server

  • Firewall

  • IDS

  • Antivirus software


Question 97 of 176


Which is a robust commercial software firewall solution for Linux operating systems?

Select one of the following:

  • SonicWALL

  • Wolverine

  • McAfee Personal Firewall

  • Symantec Norton Firewall


Question 98 of 176


Which is true about Windows XP Internet Connection Firewall (ICF)?

Select one of the following:

  • It has a logging feature enabled by default.

  • It works best in conjunction with a perimeter firewall.

  • It blocks incoming and outgoing packets.

  • It is a screened host firewall.


Question 99 of 176


Which of the following is not a profiling strategy used in anomaly detection?

Select one of the following:

  • Executable profiling

  • Threshold monitoring

  • Resource profiling

  • System monitoring


Question 100 of 176


Which type of intrusion-detection relies on people rather than software or hardware?

Select one of the following:

  • Banishment vigilance

  • Intrusion deterrence

  • Infiltration

  • Anomaly detection


Question 101 of 176


Which type of firewall is included in Windows XP and many distributions of Linux operating systems?

Select one of the following:

  • Stateful packet inspection

  • User authentication

  • Packet filter

  • Application proxy


Question 102 of 176


What is one complexity found in enterprise environements that is unlikely in small networks or SOHO environments?

Select one of the following:

  • Users running different applications

  • Multiple operating systems

  • Diverse user groups

  • Web vulnerabilities


Question 103 of 176


What type of firewall requires individual client applications to be authorized to connect?

Select one of the following:

  • Stateful packet inspection

  • Dual-homed

  • Application gateway

  • Screened gateway


Question 104 of 176


Which of the following is not one of Snort’s modes?

Select one of the following:

  • Network intrusion-detection

  • Sniffer

  • Packet logger

  • Packet filtering


Question 105 of 176


What tool does McAfee Personal Firewall offer?

Select one of the following:

  • A visual tool to trace attacks

  • NAT

  • Strong encryption

  • Vulnerability scanning


Question 106 of 176


An open source software circuit level gateway is available from which of the following?

Select one of the following:

  • Watchguard Technologies

  • SonicWALL

  • Teros

  • Amrita Labs


Question 107 of 176


Which of the following are four basic types of firewalls?

Select one of the following:

  • Application gateway, bastion, dual-homed, screening

  • Packet filtering, application gateway, circuit level, stateful packet inspection

  • Stateful packet inspection, gateway, bastion, screening

  • Screening, bastion, dual-homed, circuit level


Question 108 of 176


Which type of firewall creates a private virtual connection with the client?

Select one of the following:

  • Circuit level gateway

  • Dual-homed

  • Application gateway

  • Bastion


Question 109 of 176


Which type of firewall negotiates between the server and client to permit or deny connection based on the type of software and connection requested?

Select one of the following:

  • Circuit level gateway

  • Application gateway

  • Packet filter

  • Stateful packet inspection


Question 110 of 176


Which firewall configuration would be appropriate within a network to separate and protect various subnets of a network to provide greater security?

Select one of the following:

  • bastion host

  • demilitarized zone

  • router-based

  • dual-homed host


Question 111 of 176


Which of the following is not a common feature of most single PC firewalls?

Select one of the following:

  • Packet filtering

  • Software-based

  • Ease of use

  • Built-in NAT


Question 112 of 176


It should be routine for someone in the IT security staff to

Select one of the following:

  • Reboot the firewall

  • Physically inspect the firewall

  • Review firewall logs

  • Test the firewall by attempting a ping flood


Question 113 of 176


A firewall designed to secure an individual personal computer is a:

Select one of the following:

  • screened host firewall

  • single machine firewall

  • simple hardware firewall

  • combination hardware/software firewall


Question 114 of 176


What type of firewall is SonicWALL TI70?

Select one of the following:

  • Application gateway

  • Circuit-level gateway

  • Packet screening

  • Stateful Packet Inspection


Question 115 of 176


Which of the following is an advantage of the network host-based configuration?

Select one of the following:

  • It is resistant to IP spoofing

  • It has user authentication

  • It is inexpensive or free

  • It is more secure


Question 116 of 176


Which of the following is a benefit of Cisco firewalls?

Select one of the following:

  • Very low cost

  • Built-in virus scanning on all products

  • Built-in IDS on all products

  • Extensive training available on the product


Question 117 of 176


Once a circuit level gateway verifies the user’s logon, it creates a virtual circuit between:

Select one of the following:

  • the internal client and the external server

  • the external server and the proxy server

  • the external server and the firewall

  • the internal client and the proxy server


Question 118 of 176


At what OSI layer do packet filters function?

Select one of the following:

  • Physical layer

  • Transport layer

  • Network layer

  • Data link layer


Question 119 of 176


Which is NOT a function of an intrusion-detection system?

Select one of the following:

  • Inspect all inbound and outbound port activity

  • Notify the system administrator of suspicious activity

  • Infiltrate the illicit system to acquire information

  • Look for patterns in port activity


Question 120 of 176


What might one see in an implementation of intrusion deterrence?

Select one of the following:

  • Real resources with fake names

  • Fake resources with legitimate-sounding names

  • Blocking of legitimate users by mistake

  • Profiling of users, resources, groups, or applications


Question 121 of 176


A system that is set up for attracting and monitoring intruders is called what?

Select one of the following:

  • Fly paper

  • Honey pot

  • Hacker cage

  • Trap door


Question 122 of 176


A device that hides internal IP addresses is called

Select one of the following:

  • Dual-homed host

  • Bastion firewall

  • Proxy server

  • A screened host


Question 123 of 176


Medium-sized networks have what problem?

Select one of the following:

  • Low budgets

  • Diverse user group

  • Need to connect multiple LANs into a single WAN

  • Lack of skilled technical personnel


Question 124 of 176


A firewall that uses a combination of approaches rather than a single approach to protect the network is called:

Select one of the following:

  • multi-homed

  • dual-homed

  • open source

  • hybrid


Question 125 of 176


How can vulnerability to flooding attacks be reduced with an application gateway?

Select one of the following:

  • Packets are continually checked during the connection

  • Vulnerability to flooding attacks with an application gateway cannot be mitigated

  • Authenticating users

  • External systems never see the gateway


Question 126 of 176


Identifying abnormal activity on a firewall requires that one establish a:

Select one of the following:

  • baseline

  • screened host

  • bastion host

  • proxy server


Question 127 of 176


An intrusion-detection system detecting a series of ICMP packets sent to each port from the same IP address might indicate:

Select one of the following:

  • scanning of the system for vulnerabilities prior to an attack

  • Trojan horse/virus infection sending information back home

  • a Distributed Denial of Service attack in progress

  • the system has been infiltrated by an outsider


Question 128 of 176


Why is an SPI firewall less susceptible to spoofing attacks?

Select one of the following:

  • It requires user authentication

  • It requires client application authentication

  • It automatically blocks spoofed packets

  • It examines the source IP of all packets


Question 129 of 176


What is ICF?

Select one of the following:

  • Windows XP Internet Connection Firewall

  • Windows 2000 Internet Connection Firewall

  • Windows 2000 Internet Control Firewall

  • Windows XP Internet Control Firewall


Question 130 of 176


Which is a firewall vendor manufacturing a host-based firewall for Windows 2000 Server, Sun Solaris, and Red Hat Linux environments?

Select one of the following:

  • D-Link

  • Wolverine

  • Check Point

  • Cisco


Question 131 of 176


Which of the following is not a reason to avoid choosing infiltration as part of an IDS strategy?

Select one of the following:

  • It can be time consuming

  • It requires knowledge of the target group

  • It can be expensive

  • The group may retaliate


Question 132 of 176


A series of ICMP packets sent to your ports in sequence might indicate what?

Select one of the following:

  • A packet sniffer

  • A port scan

  • A DoS attack

  • A ping flood


Question 133 of 176


An intrusion-detection method that measures and monitors how programs use system resources is called:

Select one of the following:

  • user/group profiling.

  • resource profiling.

  • executable profiling.

  • threshold monitoring.


Question 134 of 176


Which strategy is used in the implementation of intrusion deterrence?

Select one of the following:

  • Installing honey pots to pose as important system

  • Monitoring connection attempts to identify IP addresses of attackers

  • Using fake names to camouflage important systems

  • Infiltrating online hacker groups


Question 135 of 176


Which method of intrusion-detection develops historic usage levels to measure activity against?

Select one of the following:

  • Threshold monitoring

  • Application profiling

  • Resource profiling

  • Infiltration profiling


Question 136 of 176


What is the greatest danger in a network host-based configuration?

Select one of the following:

  • SYN flood attacks

  • IP spoofing

  • Operating System Security flaws

  • Ping flood attacks


Question 137 of 176


Which type of firewall is generally the simplest and least expensive?

Select one of the following:

  • Circuit level gateway

  • Application gateway

  • Packet filter

  • Stateful packet inspection


Question 138 of 176


Implementation of intrusion deflection as a strategy requires the use of:

Select one of the following:

  • fake targets

  • blocking software

  • warnings to intruders to leave

  • innocuous names for sensitive targets


Question 139 of 176


Which of the following is found in Norton’s personal firewall but not in ICF?

Select one of the following:

  • Strong encryption

  • Vulnerability scanning

  • A visual tool to trace attacks

  • NAT


Question 140 of 176


Which of the following is a common problem when seeking information on firewalls?

Select one of the following:

  • Unbiased information may be hard to find.

  • It is difficult to find information on the Web.

  • Information often emphasizes price rather than features.

  • Documentation is often incomplete


Question 141 of 176


Which of the following can be shipped preconfigured?

Select one of the following:

  • Router-based firewalls

  • Stateful packet inspection firewalls

  • Dual-homed firewalls

  • Network host-based firewalls


Question 142 of 176


Which is a term used to refer to the process of authentication and verification?

Select one of the following:

  • Filtering

  • Negotiation

  • Connecting

  • Screening


Question 143 of 176


Which type of firewall negotiates between the server and client to permit or deny connection based on the type of software and connection requested?

Select one of the following:

  • Circuit level gateway

  • Stateful packet inspection

  • Application gateway

  • Packet filter


Question 144 of 176


Which intrusion detection strategy monitors and compares activity against preset acceptable levels?

Select one of the following:

  • Threshold monitoring

  • Infiltration monitoring

  • Application monitoring

  • Resource profiling


Question 145 of 176


Which of the following is a problem with the approach of a profiling strategy that is used in anomaly detection?

Select one of the following:

  • It misses many attacks

  • It is resource intensive

  • It yields many false positives

  • It is difficult to configure


Question 146 of 176


What is the purpose of the warning configuration for Specter’s email file?

Select one of the following:

  • To scare off at least novice hackers

  • To keep your normal users honest

  • To deter highly skilled hackers

  • To track hackers back to their source IPs


Question 147 of 176


Regarding the Firewall-1 firewall, which of the following is NOT true?

Select one of the following:

  • It is particularly vulnerable to SYN floods.

  • It is a packet filtering, application gateway hybrid.

  • It uses Stateful Packet Inspection.

  • It automatically blocks and logs oversized packets.


Question 148 of 176


IDS is an acronym for:

Select one of the following:

  • Intrusion deterrence service

  • Intrusion-detection service

  • Intrusion deterrence system

  • Intrusion-detection system


Question 149 of 176


What is the most important security advantage to NAT?

Select one of the following:

  • It hides internal network addresses

  • By default it blocks all ICMP packets

  • It blocks incoming ICMP packets

  • By default it only allows outbound connections


Question 150 of 176


Which is true about the Wolverine firewall solution?

Select one of the following:

  • It includes built-in VPN capabilities.

  • It works on Linux, Unix, Solaris, and Windows platforms.

  • Encryption can be added with a free Web download.

  • It is expensive.


Question 151 of 176


What four rules must be set for packet filtering firewalls?

Select one of the following:

  • Username, password, protocol type, destination IP

  • Source IP, destination IP, username, password

  • Protocol type, source port, destination port, source IP

  • Protocol version, destination IP, source port, username


Question 152 of 176


Setting up parameters for acceptable use, such as the number of login attempts, and watching to see if those levels are exceeded is referred to as what?

Select one of the following:

  • Resource profiling

  • Executable profiling

  • System monitoring

  • Threshold monitoring


Question 153 of 176


Attempts by an intruder to determine information about a system prior to the start of an intrusion attack is called:

Select one of the following:

  • foot printing

  • infiltration

  • deflecting

  • detecting


Question 154 of 176


Which is NOT a service included in the Norton single machine firewall?

Select one of the following:

  • Data recovery

  • Popup ad blocking

  • Blocking of outgoing traffic

  • Privacy protection


Question 155 of 176


Banishment vigilance is another name for:

Select one of the following:

  • anomaly detection

  • intrusion deflection

  • intrusion deterrence

  • preemptive blocking


Question 156 of 176


Which type of encryption is included with the T170?

Select one of the following:

  • PGP and AES

  • WEP and DES

  • WEP and PGP

  • AES and DES


Question 157 of 176


Which is a unique feature of the McAfee Personal Firewall that is not found on most personal firewalls?

Select one of the following:

  • Blocking incoming traffic on selected ports

  • Online scanning of system for vulnerabilities

  • Performing traceroute to show the source of incoming packets

  • Recording a log of all attempts at incoming packets


Question 158 of 176


Why might you run Specter in strange mode?

Select one of the following:

  • It will be difficult to determine the system is a honey pot

  • It will deter novice hackers

  • It may fascinate hackers and keep them online long enough to catch them

  • It may confuse hackers and deter them from your systems


Question 159 of 176


A firewall configuration using a server as a router and running multiple network interfaces with automatic routing disabled is an example of a:

Select one of the following:

  • dual-homed host

  • screened host

  • router-based

  • network host-based


Question 160 of 176


Why might a proxy gateway be susceptible to a flood attack?

Select one of the following:

  • Its authentication method takes more time and resources

  • It does not properly filter packets

  • It allows multiple simultaneous connections

  • It does not require user authentication


Question 161 of 176


Which intrusion-detection method measures activity levels against known short-term and/or long-term work profiles?

Select one of the following:

  • Threshold monitoring

  • User/group work profiling

  • Executable profiling

  • Resource profiling


Question 162 of 176


Why might a circuit level gateway be inappropriate for some situations?

Select one of the following:

  • It blocks web traffic

  • It is simply too expensive

  • It has no user authentication

  • It requires client side configuration


Question 163 of 176


Which is NOT true about enterprise networks and firewall solutions?

Select one of the following:

  • They are likely to be supported by multiple network administrators.

  • They are usually made up of several interconnected networks.

  • They are usually easier to manage and secure.

  • They are likely to contain several different operating systems.


Question 164 of 176


Attempting to make your system appear less appealing is referred to as what?

Select one of the following:

  • Intrusion deterrence

  • System deterrence

  • System camouflage

  • Intrusion deflection


Question 165 of 176


Which of the following is an important feature of D-Link DFL 300?

Select one of the following:

  • Vulnerability scanning

  • Liberal licensing policy

  • WEP encryption

  • Built-in IDS


Question 166 of 176


Which firewall solution would be best for a large enterprise running Windows XP Professional and Linux operating systems, using the Internet, and requiring remote access to their Intranet server for field sales people?

Select one of the following:

  • Check Point Firewall-1

  • Cisco PIX 515E

  • Fortigate 3600

  • Windows XP Internet Connection Firewall


Question 167 of 176


Why is an SPI firewall more resistant to flooding attacks?

Select one of the following:

  • It automatically blocks large traffic from a single IP

  • It requires user authentication

  • It examines each packet in the context of previous packets

  • It examines the destination IP of all packets


Question 168 of 176


A profiling technique that monitors how applications use resources is called what?

Select one of the following:

  • Application monitoring

  • Resource profiling

  • System monitoring

  • Executable profiling


Question 169 of 176


Symantec Decoy Server does all of the following EXCEPT:

Select one of the following:

  • simulate incoming mail server functions

  • record all traffic related to an intrusion attack

  • simulate outgoing mail server functions

  • track attacking packets to their source


Question 170 of 176


Attempting to attract intruders to a system set up to monitor them is called what?

Select one of the following:

  • Intrusion routin

  • Intrusion deterrence

  • Intrusion banishment

  • Intrusion deflection


Question 171 of 176


Which type of firewall is considered the most secure?

Select one of the following:

  • Circuit-level gateway

  • Stateful packet inspection

  • Dual-homed

  • Packet screening


Question 172 of 176


Following rules and learning from experience as part of the process to identify and notify an administrator about an intrusion are typical when Snort is operating in which mode?

Select one of the following:

  • Network intrusion-detection mode

  • Packet logger mode

  • Sniffer mode

  • Command mode


Question 173 of 176


Using a server running the Linux operating system with its built-in firewall as the network firewall is one example of which firewall configuration?

Select one of the following:

  • screened host

  • network host-based

  • router-based

  • dual-homed host


Question 174 of 176


Which of the following solutions is actually a combination of firewalls?

Select one of the following:

  • Dual-homed firewalls

  • Router-based firewalls

  • Screened firewalls

  • Bastion host firewalls


Question 175 of 176


Which is NOT one of the basic premises under which a honey pot functions?

Select one of the following:

  • Intruders will tend to go for easy targets with valuable data

  • Any traffic to the honey pot is suspicious

  • Security must allow attackers inside

  • Only legitimate users have a reason to connect to it


Question 176 of 176


In many typical configurations with multiple firewalls, e-mail servers and FTP servers are located in the:

Select one of the following:

  • demilitarized zone

  • internal corporate network

  • corporate Intranet

  • external network
