Chapter 6 Quiz Question Bank – CIST1601-Information Security Fund
Unlock all answers in this set
Unlock answersquestion
The filtering component of a content filter is like a set of firewall rules for Web sites, and is common in residential content filters. _________________________ A) True B) False
answer
B) False
question
Which of the following version of TACACS is still in use? A) TACACS B) Extended TACACS C) TACACS+ D) All of the above
answer
C) TACACS+
question
A VPN, used properly, allows a user to use the Internet as if it were a private network. A) True B) False
answer
A) True
question
The __________ is an intermediate area between a trusted network and an untrusted network. A) perimeter B) DMZ C) domain D) firewall
answer
B) DMZ
question
Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems. A) True B) False
answer
A) True
question
Circuit-level gateways usually look at data traffic flowing between networks rather than preventing direct connections between networks. A) True B) False
answer
B) False
question
In most common implementation models, the content filter has two components: __________. A) encryption and decryption B) filtering and encoding C) rating and decryption D) rating and filtering
answer
D) rating and filtering
question
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. A) True B) False
answer
B) False
question
Kerberos __________ provides tickets to clients who request services. A) KDS B) TGS C) AS D) VPN
answer
B) TGS
question
Access control is achieved by means of a combination of policies, programs, and technologies. _________________________ A) True B) False
answer
A) True
question
The presence of external requests for Telnet services can indicate a potential attack. _________________________ A) True B) False
answer
A) True
question
It is important that e-mail traffic reach your e-mail server and only your e-mail server. A) True B) False
answer
A) True
question
The dominant architecture used to secure network access today is the __________ firewall. A) static B) bastion C) unlimited D) screened subnet
answer
D) screened subnet
question
Syntax errors in firewall policies are usually extremely difficult to identify. A) True B) False
answer
B) False
question
The restrictions most commonly implemented in packet-filtering firewalls are based on __________. A) IP source and destination address B) Direction (inbound or outbound) C) TCP or UDP source and destination port requests D) All of the above
answer
D) All of the above
question
A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network. A) True B) False
answer
A) True
question
A firewall cannot be deployed as a separate network containing a number of supporting devices. A) True B) False
answer
B) False
question
When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. A) True B) False
answer
A) True
question
The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure as the general public networks but more secure than the internal network. A) True B) False
answer
B) False
question
The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers. A) True B) False
answer
B) False
question
Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients. A) True B) False
answer
B) False
question
All organizations with a router at the boundary between the organization's internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets. A) True B) False
answer
B) False
question
__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. A) RADIUS B) RADIAL C) TUNMAN D) IPSEC
answer
A) RADIUS
question
Some firewalls can filter packets by protocol name. A) True B) False
answer
A) True
question
A(n) intranet is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________ A) True B) False
answer
B) False
question
SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers—in the case of a client, this key is simply the client's encrypted password.. _________________________ A) True B) False
answer
B) False
question
Firewalls can be categorized by processing mode, development era, or structure. A) True B) False
answer
A) True
question
Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.. _________________________ A) True B) False
answer
B) False
question
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system. A) intermediate mode B) tunnel mode C) reversion mode D) transport mode
answer
B) tunnel mode
question
Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _________________________ A) True B) False
answer
B) False
question
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host. A) trusted B) domain C) DMZ D) sacrificial
answer
D) sacrificial
question
The primary disadvantage of Stateful Packet Inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________ A) True B) False
answer
A) True
question
SOCKS is a de facto standard for circuit-level gateways. _________________________ A) True B) False
answer
A) True
question
The RADIUS system decentralizes the responsibility for authenticating each user, by validating the user's credentials on the NAS server. A) True B) False
answer
B) False
question
__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall. A) Dynamic B) Static C) Stateful D) Stateless
answer
B) Static
question
Traceroute, formally known as ICMP Echo request, is used by internal systems administrators to ensure that clients and servers can communicate. _________________________ A) True B) False
answer
B) False
question
The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device._________________________ A) True B) False
answer
A) True
question
Known as the ping service, ICMP is a(n) __________ and should be ___________. A) essential feature, turned on to save money B) common method for hacker reconnaissance, turned off to prevent snooping C) infrequently used hacker tool, turned off to prevent snooping D) common method for hacker reconnaissance, turned on to save money
answer
B) common method for hacker reconnaissance, turned off to prevent snooping
question
Telnet protocol packets usually go to TCP port __________ whereas SMTP packets go to port __________. A) 23, 52 B) 80, 52 C) 80, 25 D) 23, 25
answer
D) 23, 25
question
When a bastion host approach is used, the host contains two NICs, forcing all traffic to go through the device. _________________________ A) True B) False
answer
B) False
question
The application layer firewall is firewall type capable of performing filtering at the application layer of the OSI model, most commonly based on the type of service. A) True B) False
answer
A) True
question
The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _________________________ A) True B) False
answer
B) False
question
Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database or violations of those rules. A) True B) False
answer
A) True
question
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. A) True B) False
answer
B) False
question
In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall.. _________________________ A) True B) False
answer
A) True
question
One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels._________________________ A) True B) False
answer
B) False
question
Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _________________________ A) True B) False
answer
A) True
question
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. A) MAC layer B) Circuit gateway C) Application gateways D) Packet filtering
answer
A) MAC layer
question
A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________ A) True B) False
answer
B) False
question
__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. A) Packet-filtering B) Application gateways C) Circuit gateways D) MAC layer firewalls
answer
A) Packet-filtering
question
Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services. A) True B) False
answer
B) False
question
Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _________________________ A) True B) False
answer
A) True
question
Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall's database. A) True B) False
answer
A) True
question
Authentication is the process of validating a supplicant's purported identity. A) True B) False
answer
A) True
question
Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. A) True B) False
answer
B) False
question
The service within Kerberos that generates and issues session keys is known as __________. A) VPN B) KDC C) AS D) TGS
answer
B) KDC
question
In __________ mode, the data within an IP packet is encrypted, but the header information is not. A) tunnel B) transport C) public D) symmetric
answer
B) transport
question
Port Address Translation assigns non-routing local addresses to the computer systems in the local area network and uses ISP-assigned addresses to communicate with the Internet, on a one-to-one basis. _________________________ A) True B) False
answer
B) False
question
The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. _________________________ A) True B) False
answer
B) False
