Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
110 Cards in this Set
- Front
- Back
Firewalls can be categorized by processing mode, development era, or structure. |
True |
|
The firewall can often be deployed as a separate network containing a number of supporting devices. |
True |
|
Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database. |
True |
|
A packet’s structure is independent from the nature of the packet. |
False |
|
The ability to restrict a specific service is now considered standard in most routers and is invisible to the user. |
True |
|
The application firewall runs special software that acts as a proxy for a service request. |
True |
|
A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network. |
False |
|
Circuit gateway firewalls usually look at data traffic flowing between one network and another. |
False |
|
The Cisco security kernel contains three component technologies: the Interceptor/Packet Analyzer, the Security Verification ENgine (SVEN), and Kernel Proxies. |
True |
|
Internal computers are always visible to the public network. |
False |
|
The SMC Barricade residential broadband router does not have an intrusion detection feature. |
False |
|
One method of protecting the residential user is to install a software firewall directly on the user’s system. |
True |
|
There are limits to the level of configurability and protection that software firewalls can provide. |
True |
|
All organizations with an Internet connection have some form of a router at the boundary between the organization’s internal networks and the external service provider. |
False |
|
The DMZ cannot be a dedicated port on the firewall device linking a single bastion host. |
False |
|
The screened subnet protects the DMZ systems and information from outside threats by providing a network of intermediate security. |
True |
|
Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules. |
True |
|
Syntax errors in firewall policies are usually difficult to identify. |
False |
|
When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. |
True |
|
Firewall Rule Set 1 states that responses to internal requests are not allowed. |
False |
|
Some firewalls can filter packets by protocol name. |
True |
|
It is important that e-mail traffic reach your e-mail server and only your e-mail server. |
True |
|
Though not used much in Windows environments, Telnet is still useful to systems administrators on Unix/Linux systems. |
True |
|
A content filter is technically a firewall. |
False |
|
A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations. |
True |
|
Internet connections via dial-up and leased lines are becoming more popular. |
False |
|
The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication. |
False |
|
Even if Kerberos servers are subjected to denial-of-service attacks, a client can request additional services. |
False |
|
A VPN allows a user to use the Internet into a private network. |
True |
|
On the client end, a user with Windows 2000 or XP can establish a VPN by configuring his or her system to connect to a VPN server. |
True |
|
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. |
False |
|
A false positive is the failure of an IDPS system to react to an actual attack event. |
False |
|
The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. |
False |
|
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on the network. |
True |
|
NIDPSs can reliably ascertain if an attack was successful or not. |
False |
|
HIDPSs are also known as system integrity verifiers. |
True |
|
A HIDPS can monitor systems logs for predefined events. |
True |
|
An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. |
True |
|
A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. |
False |
|
The statistical anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal. |
True |
|
IDPS responses can be classified as active or passive. |
True |
|
A passive response is a definitive action automatically initiated when certain types of alerts are triggered. |
False |
|
The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. |
True |
|
An IDPS can be configured to dial a phone number and produce an alphanumeric page or a modem noise. |
True |
|
In order to determine which IDPS best meets an organization’s needs, first consider the organizational environment in technical, physical, and political terms. |
True |
|
Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. |
False |
|
All IDPS vendors target users with the same levels of technical and security expertise. |
False |
|
Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors. |
True |
|
Intrusion detection and prevention systems can deal effectively with switched networks. |
False |
|
A fully distributed IDPS control strategy is the opposite of the centralized strategy. |
True |
|
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. |
True |
|
To assist in the footprint intelligence collection process, you can use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. |
True |
|
Services using the TCP/IP protocol can run only on port 80. |
False |
|
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. |
True |
|
Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default firewall policy. |
False |
|
A starting scanner is one that initiates traffic on the network in order to determine security holes. |
False |
|
The Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems. |
True |
|
A sniffer cannot be used to eavesdrop on network traffic. |
False |
|
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. |
False |
|
Most of the technologies that scan human characteristics convert these images to some form of minutiae. |
True |
|
An alert or intrusion is an indication that a system has just been attacked or is under attack. |
F, alarm |
|
The confidence value, which is based upon false logic, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in progress. |
F, fuzzy |
|
Alarm filtering is alarm clustering that may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators. |
F, compaction |
|
The activities that gather information about the organization and its network activities and assets is called fingerprinting |
F, footprinting |
|
A(n) server-based IDPS protects the server or host’s information assets. |
F, host-based |
|
In the process of protocol application verification, the NIDPSs look for invalid data packets. |
F, stack |
|
A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing |
F, HIDPS |
|
Preconfigured, predetermined attack patterns are called signatures. |
True |
|
A(n) log file monitor is similar to a NIDPS. |
True |
|
The IDPS console includes the management software, which collects information from the remote sensors, analyzes the systems or networks, and determines whether the current situation has deviated from the preconfigured baseline. |
True |
|
A(n) partially distributed IDPS control strategy combines the best of the other two strategies. |
True |
|
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. |
True |
|
A padded cell is a hardened honeynet |
F, honeypot |
|
The trace usually consists of a honeypot or padded cell and an alarm. |
F, trap |
|
The trap is a process by which the organization attempts to identify an entity discovered in unauthorized areas of the network or systems. |
F, trace |
|
Enticement is the action of luring an individual into committing a crime to get a conviction. |
F, Entrapment |
|
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. |
F, Footprinting |
|
For Linux or BSD systems, there is a tool called “scanner” that allows a remote individual to “mirror” entire Web sites. |
F, wget |
|
Port fingers are tools used by both attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. |
F, scanners |
|
A(n) port is a network channel or connection point in a data communications system. |
True |
|
A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. |
F, passive |
|
A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. |
True |
|
Minutiae are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created. |
True |
|
The false error rate is the percentage of identification instances in which authorized users are denied access a result of a failure in the biometric device |
F, reject |
|
The false detect rate is the percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device. |
F, accept |
|
Access control is achieved by means of a combination of policies, programs, and technologies. |
True |
|
The outside world is known as the trusted network (e.g., the Internet) |
F, untrusted |
|
Address grants prohibit packets with certain addresses or partial addresses from passing through the device. |
F, restrictions |
|
Static filtering is common in network routers and gateways. |
True |
|
The static packet filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall. |
F, dynamic |
|
Circuit gateway firewalls prevent direct connections between one network and another. |
True |
|
First generation firewalls are application-level firewalls |
F, Second |
|
SOHO assigns non-routing local addresses to the computer systems in the local area network and uses the single ISP-assigned address to communicate with the Internet. |
F, NAT |
|
In addition to recording intrusion attempts, a(n) router can be configured to use the contact information to notify the firewall administrator of the occurrence of an intrusion attempt. |
True |
|
When a dual-homed host approach is used, the bastion host contains four NICs. |
False, two |
|
A benefit of a(n) dual-homed host is its ability to translate between many different protocols at their respective data link layers, including Ethernet, token ring, Fiber Distributed Data Interface, and asynchronous transfer mode. |
True |
|
In a DMZ configuration, connections into the trusted internal network are allowed only from the DMZ bastion host servers. |
True |
|
A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. |
F, extranet |
|
When Web services are offered outside the firewall, SMTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. |
F, HTTP |
|
Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. |
True |
|
Best practices in firewall rule set configuration state that the firewall device is never accessible directly from the public network. |
True |
|
Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate. |
F, Pings |
|
The presence of external requests for Telnet services can indicate a potential attack. |
True |
|
In order to keep the Web server inside the internal network, direct all HTTP requests to the proxy server and configure the internal filtering router/firewall only to allow the proxy server to access the internal Web server. |
True |
|
The filtering component of a content filter is like a set of firewall rules for Web sites, and is common in residential content filters. |
F, rating |
|
An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. |
True |
|
Kerberos uses asymmetric key encryption to validate an individual user to various network resources. |
F, symmetric |
|
SESAME may be obtained free of charge from MIT. |
F, Kerberos |
|
Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet |
True |
|
The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. |
F, transport |