Chapter 6 Quiz Question Bank – CIST1601-Information Security Fund

The filtering component of a content filter is like a set of firewall rules for Web sites, and is common in residential content filters. _________________________

A) True
B) False

B) False
Which of the following version of TACACS is still in use?

A) TACACS
B) Extended TACACS
C) TACACS+
D) All of the above

C) TACACS+
A VPN, used properly, allows a user to use the Internet as if it were a private network.

A) True
B) False

A) True
The __________ is an intermediate area between a trusted network and an untrusted network.

A) perimeter
B) DMZ
C) domain
D) firewall

B) DMZ
Though not used as much in Windows environments, terminal emulation is still useful to systems administrators on Unix/Linux systems.

A) True
B) False

A) True
Circuit-level gateways usually look at data traffic flowing between networks rather than preventing direct connections between networks.

A) True
B) False

B) False
In most common implementation models, the content filter has two components: __________.

A) encryption and decryption
B) filtering and encoding
C) rating and decryption
D) rating and filtering

D) rating and filtering
Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager.

A) True
B) False

B) False
Kerberos __________ provides tickets to clients who request services.

A) KDS
B) TGS
C) AS
D) VPN

B) TGS
Access control is achieved by means of a combination of policies, programs, and technologies. _________________________

A) True
B) False

A) True
The presence of external requests for Telnet services can indicate a potential attack. _________________________

A) True
B) False

A) True
It is important that e-mail traffic reach your e-mail server and only your e-mail server.

A) True
B) False

A) True
The dominant architecture used to secure network access today is the __________ firewall.

A) static
B) bastion
C) unlimited
D) screened subnet

D) screened subnet
Syntax errors in firewall policies are usually extremely difficult to identify.

A) True
B) False

B) False
The restrictions most commonly implemented in packet-filtering firewalls are based on __________.

A) IP source and destination address
B) Direction (inbound or outbound)
C) TCP or UDP source and destination port requests
D) All of the above

D) All of the above
A content filter, also known as a reverse firewall, is a network device that allows administrators to restrict access to external content from within a network.

A) True
B) False

A) True
A firewall cannot be deployed as a separate network containing a number of supporting devices.

A) True
B) False

B) False
When Web services are offered outside the firewall, HTTP traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture.

A) True
B) False

A) True
The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure as the general public networks but more secure than the internal network.

A) True
B) False

B) False
The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers.

A) True
B) False

B) False
Most current operating systems require specialized software to connect to VPN servers, as support for VPN services is no longer built into the clients.

A) True
B) False

B) False
All organizations with a router at the boundary between the organization’s internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets.

A) True
B) False

B) False
__________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection.

A) RADIUS
B) RADIAL
C) TUNMAN
D) IPSEC

A) RADIUS
Some firewalls can filter packets by protocol name.

A) True
B) False

A) True
A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________

A) True
B) False

B) False
SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers—in the case of a client, this key is simply the client’s encrypted password.. _________________________

A) True
B) False

B) False
Firewalls can be categorized by processing mode, development era, or structure.

A) True
B) False

A) True
Authentication is a mechanism whereby unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system.. _________________________

A) True
B) False

B) False
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals nothing about the true destination system.

A) intermediate mode
B) tunnel mode
C) reversion mode
D) transport mode

B) tunnel mode
Kerberos uses asymmetric key encryption to validate an individual user to various network resources. _________________________

A) True
B) False

B) False
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.

A) trusted
B) domain
C) DMZ
D) sacrificial

D) sacrificial
The primary disadvantage of Stateful Packet Inspection firewalls is the additional processing required to manage and verify packets against the state table. _________________________

A) True
B) False

A) True
SOCKS ​is a de facto standard for circuit-level gateways. _________________________

A) True
B) False

A) True
The RADIUS system decentralizes the responsibility for authenticating each user, by validating the user’s credentials on the NAS server.

A) True
B) False

B) False
__________ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.

A) Dynamic
B) Static
C) Stateful
D) Stateless

B) Static
Traceroute, formally known as ICMP Echo request, is used by internal systems administrators to ensure that clients and servers can communicate. _________________________

A) True
B) False

B) False
The false reject rate describes the number of legitimate users who are denied access because of a failure in the biometric device._________________________

A) True
B) False

A) True
Known as the ping service, ICMP is a(n) __________ and should be ___________.

A) essential feature, turned on to save money
B) common method for hacker reconnaissance, turned off to prevent snooping
C) infrequently used hacker tool, turned off to prevent snooping
D) common method for hacker reconnaissance, turned on to save money

B) common method for hacker reconnaissance, turned off to prevent snooping
Telnet protocol packets usually go to TCP port __________ whereas SMTP packets go to port __________.

A) 23, 52
B) 80, 52
C) 80, 25
D) 23, 25

D) 23, 25
When a bastion host approach is used, the host contains two NICs, forcing all traffic to go through the device. _________________________

A) True
B) False

B) False
The application layer firewall is firewall type capable of performing filtering at the application layer of the OSI model, most commonly based on the type of service.

A) True
B) False

A) True
The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _________________________

A) True
B) False

B) False
Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall’s database or violations of those rules.

A) True
B) False

A) True
Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels.

A) True
B) False

B) False
In static ​filtering, configuration rules must be manually created, sequenced, and modified within the firewall.. _________________________

A) True
B) False

A) True
One of the biggest challenges in the use of the trusted computer base (TCB) is the existence of explicit channels._________________________

A) True
B) False

B) False
Most firewalls use packet header information to determine whether a specific packet should be allowed to pass through or should be dropped. _________________________

A) True
B) False

A) True
__________ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

A) MAC layer
B) Circuit gateway
C) Application gateways
D) Packet filtering

A) MAC layer
A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________

A) True
B) False

B) False
__________ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

A) Packet-filtering
B) Application gateways
C) Circuit gateways
D) MAC layer firewalls

A) Packet-filtering
Even if Kerberos servers are subjected to denial-of-service attacks, a client can still request additional services.

A) True
B) False

B) False
Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _________________________

A) True
B) False

A) True
Packet filtering firewalls scan network data packets looking for compliance with or violation of the rules of the firewall’s database.

A) True
B) False

A) True
Authentication is the process of validating a supplicant’s purported identity.​

A) True
B) False

A) True
​Discretionary access control is an access control approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.

A) True
B) False
B) False
The service within Kerberos that generates and issues session keys is known as __________.

A) VPN
B) KDC
C) AS
D) TGS

B) KDC
In __________ mode, the data within an IP packet is encrypted, but the header information is not.

A) tunnel
B) transport
C) public
D) symmetric

B) transport
Port Address Translation assigns non-routing local addresses to the computer systems in the local area network and uses ISP-assigned addresses to communicate with the Internet, on a one-to-one basis. _________________________

A) True
B) False

B) False
The popular use for tunnel mode VPNs is the end-to-end transport of encrypted data. _________________________

A) True
B) False

B) False