|
The filtering component of a content filter is like a set of firewall rules for Web sites, and is common in residential content filters. _________________________ A) True |
B) False |
|
Which of the following version of TACACS is still in use? A) TACACS |
C) TACACS+ |
|
A VPN, used properly, allows a user to use the Internet as if it were a private network. A) True |
A) True |
|
The __________ is an intermediate area between a trusted network and an untrusted network. A) perimeter |
B) DMZ |
|
Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. A) True |
A) True |
|
Circuit-level gateways usually look at data traffic flowing between networks rather than preventing direct connections between networks. A) True |
B) False |
|
In most common implementation models, the content filter has two components: __________. A) encryption and decryption |
D) rating and filtering |
|
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. A) True |
B) False |
|
Kerberos __________ provides tickets to clients who request services. A) KDS |
B) TGS |
|
Access control is achieved by means of a combination of policies, programs, and technologies. _________________________ A) True |
A) True |
|
The presence of external requests for Telnet services can indicate a potential attack. _________________________
A) True |
A) True |
|
It is important that e-mail traffic reach your e-mail server and only your e-mail server. A) True |
A) True |
|
The dominant architecture used to secure network access today is the __________ firewall. A) static |
D) screened subnet |
|
Syntax errors in firewall policies are usually extremely difficult to identify. A) True |
B) False |
|
The restrictions most commonly implemented in packet-filtering firewalls are based on __________. A) IP source and destination address |
D) All of the above |
|
A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network. A) True |
A) True |
|
A firewall cannot be deployed as a separate network containing a number of supporting devices. A) True |
B) False |
|
When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. A) True |
A) True |
|
The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure as the general public networks but more secure than the internal network. A) True |
B) False |
|
The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers. A) True |
B) False |
|
Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients. A) True |
B) False |
|
All organizations with a router at the boundary between the organization’s internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets. A) True |
B) False |
|
__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection. A) RADIUS |
A) RADIUS |
|
Some firewalls can filter packets by protocol name. A) True |
A) True |
|
A(n) intranet is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________ A) True |
B) False |
|
SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers—in the case of a client, this key is simply the client’s encrypted password.. _________________________ A) True |
B) False |
|
Firewalls can be categorized by processing mode, development era, or structure. A) True |
A) True |
|
Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.. _________________________ A) True |
B) False |
|
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system. A) intermediate mode |
B) tunnel mode |
|
Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _________________________ A) True |
B) False |
|
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host. A) trusted |
D) sacrificial |
|
The primary disadvantage of Stateful Packet Inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________ A) True |
A) True |
|
SOCKS is a de facto standard for circuit-level gateways. _________________________ A) True |
A) True |
|
The RADIUS system decentralizes the responsibility for authenticating each user, by validating the user’s credentials on the NAS server. A) True |
B) False |
|
__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. A) Dynamic |
B) Static |
|
Traceroute, formally known as ICMP Echo request, is used by internal systems administrators to ensure that clients and servers can communicate. _________________________ A) True |
B) False |
|
The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device._________________________ A) True |
A) True |
|
Known as the ping service, ICMP is a(n) __________ and should be ___________. A) essential feature, turned on to save money |
B) common method for hacker reconnaissance, turned off to prevent snooping |
|
Telnet protocol packets usually go to TCP port __________ whereas SMTP packets go to port __________. A) 23, 52 |
D) 23, 25 |
|
When a bastion host approach is used, the host contains two NICs, forcing all traffic to go through the device. _________________________ A) True |
B) False |
|
The application layer firewall is firewall type capable of performing filtering at the application layer of the OSI model, most commonly based on the type of service. A) True |
A) True |
|
The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _________________________ A) True |
B) False |
|
Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall’s database or violations of those rules. A) True |
A) True |
|
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. A) True |
B) False |
|
In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall.. _________________________ A) True |
A) True |
|
One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels._________________________ A) True |
B) False |
|
Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _________________________ A) True |
A) True |
|
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. A) MAC layer |
A) MAC layer |
|
A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________ A) True |
B) False |
|
__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. A) Packet-filtering |
A) Packet-filtering |
|
Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services. A) True |
B) False |
|
Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _________________________ A) True |
A) True |
|
Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database. A) True |
A) True |
|
Authentication is the process of validating a supplicant’s purported identity. A) True |
A) True |
|
Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. |
B) False |
|
The service within Kerberos that generates and issues session keys is known as __________. A) VPN |
B) KDC |
|
In __________ mode, the data within an IP packet is encrypted, but the header information is not. A) tunnel |
B) transport |
|
Port Address Translation assigns non-routing local addresses to the computer systems in the local area network and uses ISP-assigned addresses to communicate with the Internet, on a one-to-one basis. _________________________ A) True |
B) False |
|
The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. _________________________ A) True |
B) False |
Share This
Flashcard
