Exam 6: Security Technology: Access Controls, Firewalls, and VPNS

A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________

____________________ firewalls combine the elements of other types of firewalls-that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________

A firewall cannot be deployed as a separate network containing a number of supporting devices.

SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers-in the case of a client, this key is simply the client's encrypted password. _________________________

As organizations implement cloud-based IT solutions, bring your own device (BYOD) options for employees, and other emerging network solutions, the network perimeter may be ____________________ for them.

Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. _________________________

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. _________________________

Which of the following is not a major processing mode category for firewalls  

Syntax errors in firewall policies are usually difficult to identify.

Briefly describe the best practice rules for firewall use.

The application layer proxy firewall is also known as a(n) __________.

A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

A packet-____________________ firewall installed on a TCP/IP-based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall.

Kerberos __________ provides tickets to clients who request services.

Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) __________.

SESAME uses ____________________ key encryption to distribute secret keys.