OS Hardening SEC340 – Chapter 11 & 12

decrypting, and checking packets?
Select one:
a. IKE
b. ISAKMP
c. IPsec driver
d. Oakley protocol

c. IPsec driver

What are the two modes in which IPsec can be configured to run?
Select one:
a. header and payload
b. tunnel and transport
c. client and server
d. transit and gateway

b. tunnel and transport

What was created to address the problem of remote clients not meeting an organization’s VPN security standards?
Select one:
a. VPN quarantine
b. IPsec filters
c. GRE isolation
d. split tunneling

a. VPN quarantine

Which activity performed by VPNs encloses a packet within another packet?
Select one:
a. address translation
b. encapsulation
c. authentication
d. encryption

b. encapsulation

Which IPsec component authenticates TCP/IP packets to ensure data integrity?
Select one:
a. AH
b. ESP
c. ISAKMP
d. IKE

a. AH

Which of the following is a disadvantage of putting the VPN on a firewall?
Select one:
a. Internet and VPN traffic compete for resources
b. centralized control of network access security
c. VPN and firewall use the same configuration tools
d. more configuration mistakes

a. Internet and VPN traffic compete for resources

Which of the following is a type of VPN connection?
Select one:
a. remote gateway
b. site-to-server
c. server-to-client
d. client-to-site

d. client-to-site

Which of the following is an improvement of TLS over SSL?
Select one:
a. uses only asymmetric encryption
b. adds a hashed message authentication code
c. requires less processing power
d. uses a single hashing algorithm for all the data

b. adds a hashed message authentication code

Which of the following is defined as a relationship between two or more entities that describes how they will use the security services to communicate?
Select one:
a. security association
b. internet key exchange
c. tunnel
d. pairing

a. security association

Which of the following is NOT a factor a secure VPN design should address?
Select one:
a. encryption
b. performance
c. nonrepudiation
d. authentication

c. nonrepudiation

Which of the following is NOT an essential element of a VPN?
Select one:
a. VPN server
b. VPN client
c. tunnel
d. authentication server

d. authentication server

Which of the following is NOT true about a hardware VPN?
Select one:
a. have more security vulnerabilities than software VPNs
b. create a gateway-to-gateway VPN
c. can handle more traffic than software VPNs
d. should be the first choice for fast-growing networks

a. have more security vulnerabilities than software VPNs

Which of the following is true about software VPNs?
Select one:
a. best when all router and firewall hardware is the same
b. more cost-effective than hardware VPNs
c. configuration is easy since there is no OS to rely upon
d. usually less flexible than hardware VPNs

b. more cost-effective than hardware VPNs

Which of the following is true about SSL?
Select one:
a. it uses sockets to communicate between client and server
b. it operates at the Data Link layer
c. it uses shared-key encryption only
d. it uses IPsec to provide authentication

a. it uses sockets to communicate between client and server

Which of the following is true about using VPNs?
Select one:
a. can use an existing broadband connection
b. more expensive than leased lines
c. usually higher performance than leased lines
d. not dependent on an ISP

a. can use an existing broadband connection

Which VPN protocol is a poor choice for high-performance networks with many hosts due to vulnerabilities in MS-CHAP?
Select one:
a. L2TP
b. PPTP
c. SSL
d. IPsec

b. PPTP

Which VPN protocol leverages Web-based applications?
Select one:
a. PPTP
b. SSL
c. L2TP
d. IPsec

b. SSL

Which VPN protocol uses UDP port 1701 and does not provide confidentiality and authentication?
Select one:
a. L2TP
b. IPsec
c. PPTP
d. SSL

a. L2TP

Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
Select one:
a. SSL
b. PPTP
c. IPsec
d. L2TP

c. IPsec

Which VPN topology is also known as a hub-and-spoke configuration?
Select one:
a. star
b. partial mesh
c. bus
d. full mesh

a. star

What feature of the 13 DNS root servers enables any group of servers to act as a root server?
Select one:
a. broadcast addressing
b. anycast addressing
c. multicast addressing
d. unicast addressing

b. anycast addressing

What is a zone transfer?
Select one:
a. copying host file data to another system
b. the movement of e-mail from one domain to another
c. updating a secondary DNS server
d. backing up an SQL data file

c. updating a secondary DNS server

What makes IP spoofing possible for computers on the Internet?
Select one:
a. network address translation
b. the lack of authentication
c. the 32-bit address space
d. the DNS hierarchy

b. the lack of authentication

What type of attack displays false information masquerading as legitimate data?
Select one:
a. SQL injection
b. phishing
c. buffer overflow
d. Java applet

b. phishing

What type of attack exploits a lack of bounds checking on the size of data stored in an array?
Select one:
a. buffer overflow
b. phishing
c. ActiveX control
d. SQL injection

a. buffer overflow

What type of attack involves plaintext scripting that affects databases?
Select one:
a. ActiveX control
b. SQL injection
c. phishing
d. Java applet

b. SQL injection

What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server?
Select one:
a. split-DNS architecture
b. anti-phishing DNS
c. read-only zone
d. caching DNS zone

a. split-DNS architecture

What type of DNS server is authoritative for a specific domain?
Select one:
a. initial
b. read-only
c. primary
d. secondary

c. primary

Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address?
Select one:
a. access control
b. authentication
c. data confidentiality
d. NTFS permissions

a. access control

Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?
Select one:
a. ISP
b. NAP
c. NSF
d. POP

b. NAP

Which of the following is a top-level digital certificate in the PKI chain?
Select one:
a. DNSSEC resolver
b. trust anchor
c. RRSIG record
d. security-aware resolver

b. trust anchor

Which of the following is NOT a recommended security setting for Apache Web servers?
Select one:
a. create Web groups
b. harden the underlying OS
c. disable HTTP traces
d. use the default standard Web page error messages

d. use the default standard Web page error messages

Which of the following is NOT a step you should take to prevent attackers from exploiting SQL security holes?
Select one:
a. place the database server in a DMZ
b. limit table access
c. use stored procedures
d. use standard naming conventions

d. use standard naming conventions

Which of the following is true about the Internet?
Select one:
a. it is the same as the World Wide Web
b. it was originally built on an extended star topology
c. it was established in the mid-1960s
d. it was developed by a network of banks and businesses

c. it was established in the mid-1960s

Which variation on phishing modifies the user’s host file to redirect traffic?
Select one:
a. DNS phishing
b. hijacking
c. spear phishing
d. pharming

d. pharming