Exam 21: Network Endpoint Security

A __________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.

An application-level gateway, also called a(n) __________ , acts as a relay of application-level traffic.

there are four techniques that firewalls use to control access and enforce the site's security policy: service control, direction control, user control, and __________ .

__________ determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.

Information security ___________ consists of processes for detecting, reporting, assessing, responding to, dealing with, and learning from information security incidents.

Multiple internal firewalls can be used to protect portions of the internal network from each other.

the user control feature is typically applied to users outside the firewall perimeter.

A __________ is an undocumented way of gaining access to a computer system.

A firewall may filter traffic on the basis of IP address, protocol, or port number.

__________ can more readily see the intended outcome of an attempted attack because they can directly access and monitor the data files and system processes usually targeted by attacks.

Systems that are externally accessible but need some protections are usually located on _________ networks.

the primary benefit of a host-based IDS is that it can detect both external and internal intrusions.

A __________ attack can be defeated by enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header.

A __________ is a computer program that can copy itself and infect a computer without permission or knowledge of the user.

the internal firewall provides a measure of access control and protection for the DMZ systems consistent with their need for external connectivity.

A scanning strategy that uses information contained on an infected victim machine to find more hosts to scan is the __________ method.

A(n) __________ is hardware or software products that gather and analyze information from various areas within a computer or a network for the purpose of finding, and providing real-time or near-real-time warning of, attempts to access system resources in an unauthorized manner.

the __________ to an IDS enables a user to view output from the system or control the behavior of the system.

Data collection, correlation, alerting, and reporting/compliance are all key elements of ___________ .

__________ is the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the dat A.