Chat with AI
Deck 4: Firewall Technologies and Administration
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 4: Firewall Technologies and Administration
1
Network firewall entry and exit points are called ____.
A) sockets
C) gateways
B) ports
D) proxies
A) sockets
C) gateways
B) ports
D) proxies
B
2
What protocol breaks a message into numbered segments so that it can be transmitted?
A) UDP
C) ICMP
B) IP
D) NAT
A) UDP
C) ICMP
B) IP
D) NAT
A
3
At the Physical layer, data is referred to as a ____.
A) datagram
C) bit stream
B) packet
D) frame
A) datagram
C) bit stream
B) packet
D) frame
C
4
Which function is considered to be an advanced firewall feature?
A) Providing entry and exit points such as TCP port 80 for Web page content
B) Allowing information that meets specified security criteria (such as an approved IP address) to pass
C) Logging of unauthorized accesses both into and out of a network
D) Providing a VPN link to another network
A) Providing entry and exit points such as TCP port 80 for Web page content
B) Allowing information that meets specified security criteria (such as an approved IP address) to pass
C) Logging of unauthorized accesses both into and out of a network
D) Providing a VPN link to another network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
At the Network layer, ____ are used to encapsulate packets (or datagrams).
A) jump rules
C) bit streams
B) state tables
D) frames
A) jump rules
C) bit streams
B) state tables
D) frames
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Which statement represents a packet-filtering best practice?
A) Any outbound packet must not have a source address that is in your internal network.
B) Keep all packets that use the IP header source routing feature.
C) Any inbound packet must have a source address that is in your internal network
D) If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.
A) Any outbound packet must not have a source address that is in your internal network.
B) Keep all packets that use the IP header source routing feature.
C) Any inbound packet must have a source address that is in your internal network
D) If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
The dominant firewall architecture used today is the screened subnet firewall.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Deep packet inspection is implemented through the use of ____ rules.
A) ACL
C) jump
B) firewall
D) state table
A) ACL
C) jump
B) firewall
D) state table
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which application-level gateway task provides the benefit to an internal network of shielding actual internal IP addresses from the prying eyes of unauthorized external clients?
A) Spoofing
C) Load balancing
B) IP address mapping
D) URL filtering
A) Spoofing
C) Load balancing
B) IP address mapping
D) URL filtering
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
A(n) ____ is an ideal endpoint for VPN, which connects two companies' networks over the Internet.
A) DMZ
C) firewall
B) extranet
D) intranet
A) DMZ
C) firewall
B) extranet
D) intranet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Firewalls can speed up network traffic.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
A(n) ____ tracks the state and context of each packet in the conversation by recording which station sent what packet and when.
A) state table
C) context table
B) routing table
D) jump rule
A) state table
C) context table
B) routing table
D) jump rule
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
It is sometimes easier to protect a network from the Internet than from an inside attack.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
The ____ process can be performed at the firewall and make use of encryption to protect credentials transmitted from client to server (or client to firewall).
A) integrity
C) authentication
B) confidentiality
D) nonrepudiation
A) integrity
C) authentication
B) confidentiality
D) nonrepudiation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Application ____ are control devices that can restrict internal users from unlimited access to the Internet.
A) proxies
C) gateways
B) programs
D) appliances
A) proxies
C) gateways
B) programs
D) appliances
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A ____ is a network subaddress (assigned a number between 0 and 65,535) through which a particular type of data is allowed to pass.
A) datagram
C) socket
B) header
D) port
A) datagram
C) socket
B) header
D) port
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
You should block packets that use ports below 20.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
A computer firewall is designed to prevent all attackers, viruses, and would-be intruders from entering a computer or computer network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
IP ____ is the falsification of the source IP address in a packet's header so that it appears to have come from a trusted or legitimate sender.
A) switching
C) snooping
B) routing
D) spoofing
A) switching
C) snooping
B) routing
D) spoofing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Known as the ping service, use of ____ traffic is a common method for hacker reconnaissance and should be turned off to prevent snooping.
A) ICMP
C) SMTP
B) UDP
D) IPconfig
A) ICMP
C) SMTP
B) UDP
D) IPconfig
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Consists of application software that is configured for the firewall application and runs on a general-purpose computer.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Consists of application software that is configured for the firewall application and runs on a general-purpose computer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
____________________ record attempted intrusions and other suspicious activity as well as mundane events such as legitimate file accesses, unsuccessful connection attempts, and the like.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
A(n) ____________________ is a boundary between two zones of trust.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
The architecture of a screened subnet firewall provides a ____.
A) tunnel
C) VPN
B) bastion host
D) DMZ
A) tunnel
C) VPN
B) bastion host
D) DMZ
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Even simple residential firewalls can be used to create a logical screened subnetwork (often called a ____) that can provide Web services.
A) DMZ
C) segment
B) host point
D) proxy
A) DMZ
C) segment
B) host point
D) proxy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
What is one of the most effective methods for improving computing security in the SOHO setting?
A) Keep all packets that use the IP header source routing feature.
B) Allow all ICMP data.
C) Implement a software-based firewall.
D) Use a SOHO or residential-grade firewall.
A) Keep all packets that use the IP header source routing feature.
B) Allow all ICMP data.
C) Implement a software-based firewall.
D) Use a SOHO or residential-grade firewall.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Can be used to block a site's Domain Name System (DNS) name.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Can be used to block a site's Domain Name System (DNS) name.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
An examination of the data contained in a packet as well as the state of the connection between internal and external computers.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
An examination of the data contained in a packet as well as the state of the connection between internal and external computers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
In general, a(n) ____________________ is anything, whether hardware or software (or a combination of hardware and software), that can filter the transmission of packets of digital information as they attempt to pass through a boundary of a network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Stand-alone, self-contained combinations of computing hardware and software.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Stand-alone, self-contained combinations of computing hardware and software.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Firewall packet inspection that ignores the state of the connection between the internal computer and the external computer.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Firewall packet inspection that ignores the state of the connection between the internal computer and the external computer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
When this architectural approach is used, the bastion host contains two NICs rather than one, as in the bastion host configuration.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
When this architectural approach is used, the bastion host contains two NICs rather than one, as in the bastion host configuration.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Technologically, firewalls are categorized into ____.
A) cycles
C) generations
B) versions
D) states
A) cycles
C) generations
B) versions
D) states
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Create tunnels connecting specific processes or systems on each side of the firewall and then allow only authorized traffic, such as a specific type of TCP connection for authorized users, in these tunnels.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Create tunnels connecting specific processes or systems on each side of the firewall and then allow only authorized traffic, such as a specific type of TCP connection for authorized users, in these tunnels.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
For a single home user who regularly surfs the Web, exchanges e-mail, and uses instant messaging, a firewall's primary job is to keep viruses from infecting files and prevent Trojan horses from entering the system through hidden openings called ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Which firewall architecture combines the packet-filtering router with a separate, dedicated firewall, such as an application proxy server?
A) Screened subnet firewall
C) Proxy server
B) Dual-homed host
D) Screened host firewall
A) Screened subnet firewall
C) Proxy server
B) Dual-homed host
D) Screened host firewall
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Which company offers a free firewall that provides basic ingress and egress filtering?
A) Check Point
C) ZoneAlarm
B) IBM
D) Barracuda
A) Check Point
C) ZoneAlarm
B) IBM
D) Barracuda
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Runs special software that enables it to act as a proxy for a specific service request.
a.Commercial-grade firewall
f.Application-level gateway
b.Dual-homed host firewall
g.URL filtering
c.Packet-filtering firewall
h.Circuit-level gateway
d.Stateless packet filtering
i.Firewall appliances
e.Stateful packet filtering
Runs special software that enables it to act as a proxy for a specific service request.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
A(n) ____________________ is an extended network that shares part of an organization's network with a third party.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Define and compare well-known ports and ephemeral ports.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Describe a virtual firewall.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Describe how packet-filtering routers can be configured to lower an organization's risk from external attack.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Why is the order of firewall rules important?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Describe the two basic security functions firewalls perform.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Briefly describe how firewalls affect the transmission of packets within Internet Protocol (IP).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Define jump rules and explain how they work.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Compare the concept of defense-in-depth and the principle of least privilege.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What is the primary disadvantage of application-level gateways?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What are the limitations of packet filtering?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
