CTC 452-01 TEST 2 – Flashcards
Unlock all answers in this set
Unlock answersquestion
If you see a /16 in the header of a snort rule, what does it mean?
answer
the subnet mask is 255.255.0.0
question
Which of the following is true about an NIDPS versus an HIDPS?
answer
an HIDPS can detect attacks not caught by an NIDPS
question
Which of the following is NOT a typical IDPS component?
answer
Internet gateway
question
A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.
answer
True
question
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?
answer
training period
question
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
answer
hybrid
question
What is an advantage of the anomaly detection method?
answer
system can detect attacks from inside the network by people with stolen accounts
question
Where is a host-based IDPS agent typically placed?
answer
on a workstation or server
question
A weakness of a signature-based system is that it must keep state information on a possible attack
answer
True
question
Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?
answer
Dynamic Application layer protocol analysis
question
What are the two standard ports used by FTP along with their function?
answer
TCP 21 control, TCP 20 data
question
Which of the following is a general practice for a rule base?
answer
permit access to public servers in the DMZ
question
What is a suggested maximum size of a rule base?
answer
30 rules
question
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy?
answer
employees can use instant-messaging only with external network users
question
Software firewalls are usually more scalable than hardware firewalls.
answer
False
question
At what layer of the OSI model do proxy servers generally operate?
answer
Application
question
The Cisco PIX line of products is best described as which of the following?
answer
firewall appliance
question
Which of the following is a typical drawback of a free firewall program?
answer
cannot monitor traffic in real time
question
Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted?
answer
Teredo tunneling
question
Which of the following is an advantage of hardware firewalls?
answer
not dependent on a conventional OS
question
Which of the following best describes a DMZ?
answer
a subnet of publicly accessible servers placed outside the internal network
question
Where should network management systems generally be placed?
answer
out of band
question
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?
answer
three-pronged firewall
question
What should you consider installing if you want to inspect packets as they leave the network?
answer
reverse firewall
question
What is a step you can take to harden a bastion host?
answer
remove unnecessary services
question
Which type of firewall configuration protects public servers by isolating them from the internal network?
answer
screened subnet DMZ
question
In what type of attack are zombies usually put to use?
answer
DDoS
question
Which type of NAT is typically used on devices in the DMZ?
answer
one-to-one NAT
question
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
answer
proxy server
question
Which of the following is true about private IP addresses?
answer
they are not routable on the Internet
question
Which of the following is true about SSL?
answer
it uses sockets to communicate between client and server
question
What was created to address the problem of remote clients not meeting an organization's VPN security standards?
answer
VPN quarantine
question
Which of the following is an improvement of TLS over SSL?
answer
adds a hashed message authentication code
question
What are the two modes in which IPsec can be configured to run?
answer
tunnel and transport
question
Which of the following is true about software VPNs?
answer
more cost-effective than hardware VPNs
question
Which VPN protocol leverages Web-based applications?
answer
SSL
question
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
answer
IPsec
question
Which of the following is a type of VPN connection?
answer
client-to-site
question
Which of the following is NOT an essential element of a VPN?
answer
authentication server
question
Which of the following is true about using VPNs?
answer
can use an existing broadband connection