OS Hardening SEC340 – Chapter 9 ; 10 – Flashcards

Unlock all answers in this set

Unlock answers
question
At what layer of the OSI model do proxy servers generally operate? Select one: a. Application b. Transport c. Network d. Session
answer
a. Application
question
The Cisco PIX line of products is best described as which of the following? Select one: a. PC with firewall installed b. software firewall c. firewall appliance d. VPN gateway
answer
c. firewall appliance
question
What are the two standard ports used by FTP along with their function? Select one: a. UDP 23 control, TCP 20 data b. TCP 21 control, TCP 20 data c. UDP 20 data, TCP 21 control d. TCP 23 data, TCP 21 control
answer
b. TCP 21 control, TCP 20 data
question
What is a suggested maximum size of a rule base? Select one: a. 10 rules b. 30 rules c. 300 rules d. 100 rules
answer
b. 30 rules
question
What is considered the 'cleanup rule' on a Cisco router? Select one: a. implicit deny all b. implicit allow c. explicit prompt d. explicit allow all
answer
a. implicit deny all
question
What service uses UDP port 53? Select one: a. DNS b. SMTP c. ICMP d. TFTP
answer
a. DNS
question
What should a company concerned about protecting its data warehouses and employee privacy might consider installing on the network perimeter to prevent direct connections between the internal network and the Internet? Select one: a. VPN server b. router c. ICMP monitor d. proxy server
answer
d. proxy server
question
What type of attack are stateless packet filters particularly vulnerable to? Select one: a. attempts to connect to the firewall b. attempts to connect to ports below 1023 c. IP spoofing attacks d. attempts to connect to ports above 1023
answer
c. IP spoofing attacks
question
What type of ICMP packet can an attacker use to send traffic to a computer they control outside the protected network? Select one: a. Destination Unreachable b. Echo Request c. Redirect d. Source Quench
answer
c. Redirect
question
Which element of a rule base conceals internal names and IP addresses from users outside the network? Select one: a. tracking b. QoS c. NAT d. filtering
answer
c. NAT
question
Which of the following is a general practice for a rule base? Select one: a. permit access to public servers in the DMZ b. allow direct access from the Internet to computers behind the firewall c. begin by blocking all traffic and end by allowing selective services d. allow all access to the firewall
answer
a. permit access to public servers in the DMZ
question
Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted? Select one: a. IPsec tunneling b. SMTP/S tunneling a. permit access to public servers in the DMZ d. ICMPv6 encapsulation
answer
a. permit access to public servers in the DMZ
question
Which of the following is a typical drawback of a free firewall program? Select one: a. oversimplified configuration b. have centralized management c. cannot monitor traffic in real time d. more expensive than hardware firewalls
answer
c. cannot monitor traffic in real time
question
Which of the following is an advantage of hardware firewalls? Select one: a. not scalable compared to software firewalls b. not dependent on a conventional OS c. easy to patch d. less expensive than software firewalls
answer
b. not dependent on a conventional OS
question
Which of the following is described as the combination of an IP address and a port number? Select one: a. socket b. subnet c. portal d. datagram
answer
a. socket
question
Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets. Select one: a. ports b. TCP flags c. data patterns d. IP address
answer
c. data patterns
question
Which of the following is NOT a protocol,port pair that should be filtered when an attempt is made to make a connection from outside the company network? Select one: a. TCP,139 b. TCP,80 c. TCP,3389 d. UDP,138
answer
b. TCP,80
question
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy? Select one: a. employees can have restricted Internet access b. employees can use instant-messaging only with external network users c. the public can access the company Web servers d. only authenticated traffic can access the internal network
answer
b. employees can use instant-messaging only with external network users
question
Which of the following is NOT an ICMPv6 packet type that you should allow within your organization but never outside the organization? Select one: a. Packet too big b. Packet Redirect c. Time Exceeded d. Destination unreachable
answer
b. Packet Redirect
question
Which two ports should packet-filtering rules address when establishing rules for Web access? Select one: a. 143, 80 b. 80, 443 c. 25, 110 d. 423, 88
answer
b. 80, 443
question
In what type of attack are zombies usually put to use? Select one: a. buffer overrun b. spoofing c. DDoS d. virus
answer
c. DDoS
question
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ? Select one: a. multi-zone host b. three-way packet filter c. multi-homed proxy d. three-pronged firewall
answer
d. three-pronged firewall
question
What is a critical step you should take on the OS you choose for a bastion host? Select one: a. customize the OS for bastion operation b. choose an obscure OS with which attackers are unfamiliar c. ensure all security patches are installed d. make sure it is the latest OS version
answer
c. ensure all security patches are installed
question
What is a step you can take to harden a bastion host? Select one: a. open several ports to confuse attackers b. enable additional services to serve as honeypots c. remove unnecessary services d. configure several extra accounts with complex passwords
answer
c. remove unnecessary services
question
What is the term used for a computer placed on the network perimeter that is meant to attract attackers? Select one: a. virtual server b. bastion host c. honeypot d. proxy decoy
answer
c. honeypot
question
What should you consider installing if you want to inspect packets as they leave the network? Select one: a. security workstation b. reverse firewall c. filtering proxy router d. RIP
answer
b. reverse firewall
question
Where should network management systems generally be placed? Select one: a. out of band b. in the server farm c. in the DMZ d. on the perimeter
answer
a. out of band
question
Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers? Select one: a. Layer 7 switch b. proxy server c. translating gateway d. ICMP redirector
answer
b. proxy server
question
Which of the following best describes a bastion host? Select one: a. a host with two or more network interfaces b. a computer running a standard OS that also has proxy software installed c. a computer on the perimeter network that is highly protected d. a computer running only embedded firmware
answer
c. a computer on the perimeter network that is highly protected
question
Which of the following best describes a DMZ? Select one: a. a private subnet that is inaccessible to both the Internet and the company network b. a subnet of publicly accessible servers placed outside the internal network c. a network of computers configured with robust firewall software d. a proxy server farm used to protect the identity of internal servers
answer
b. a subnet of publicly accessible servers placed outside the internal network
question
Which of the following is a disadvantage of using a proxy server? Select one: a. shields internal host IP addresses b. can't filter based on packet content c. slows Web page access d. may require client configuration
answer
d. may require client configuration
question
Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power. Select one: a. load-balancing software b. priority server farm c. server pooling software d. traffic distribution filter
answer
a. load-balancing software
question
Which of the following is true about a dual-homed host? Select one: a. it is used as a remote access server in some configurations b. uses a single NIC to manage two network connections c. serves as a single point of entry to the network d. its main objective is to stop worms and viruses
answer
c. serves as a single point of entry to the network
question
Which of the following is true about a screening router? Select one: a. it can stop attacks from spoofed addresses b. it examines the data in the packet to make filtering decisions c. it should be combined with a firewall for better security d. it maintains a state table to determine connection information
answer
c. it should be combined with a firewall for better security
question
Which of the following is true about private IP addresses? Select one: a. they are assigned by the IANA b. NAT was designed to conserve them c. they are not routable on the Internet d. they are targeted by attackers
answer
c. they are not routable on the Internet
question
Which type of firewall configuration protects public servers by isolating them from the internal network? Select one: a. dual-homed host b. screened subnet DMZ c. reverse firewall d. screening router
answer
b. screened subnet DMZ
question
Which type of NAT is typically used on devices in the DMZ? Select one: a. one-to-one NAT b. many-to-one NAT c. port address translation d. one-to-many NAT
answer
a. one-to-one NAT
question
Which type of security device can speed up Web page retrieval and shield hosts on the internal network? Select one: a. caching-only DNS server b. caching firewall c. DMZ intermediary d. proxy server
answer
d. proxy server
question
Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address? Select one: a. one-to-many NAT b. port address translation c. one-to-one NAT d. DMZ proxy translation
answer
b. port address translation
question
Why is a bastion host the system most likely to be attacked? Select one: a. it is available to external users b. it contains the default administrator account c. it has weak security d. it contains company documents
answer
a. it is available to external users
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New