Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 6: Firewalls

Full screen (f)
exit full mode
Question
When a firewall examines a packet passing through it, it will drop the packet if it is ________.

A) a provable attack packet
B) a suspicious packet
C) not a provable attack packet
D) a stateful packet
Use Space or
up arrow
down arrow
to flip the card.
Question
If a packet received by the firewall is not a provable attack packet, what happens?

A) Day and time are logged in a log file.
B) It is noted as a suspicious packet in the log file.
C) It passes it on to its destination.
D) It remains stored in an authentication server.
Question
A ________ is made by a firewall.

A) NAT/PAT
B) unified threat
C) pass/deny decision
D) log file
Question
________ firewalls examine traffic entering the network from outside.

A) Internal
B) Egress
C) Border
D) Ingress
Question
________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering.

A) Unified threat management
B) Ingress
C) Egress
D) Static packet filter
Question
Which of the following is NOT a type of filtering?

A) Stateful packet inspection
B) Static packet
C) Antivirus
D) Authentication
Question
________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering.

A) Unified threat management
B) Ingress
C) Egress
D) Static packet filter
Question
Almost all main border firewalls use static packet filtering as their primary inspection mechanism.
Question
Static packet filtering is sometimes used ________.

A) on all internal transmission in a company
B) as a secondary filtering mechanism
C) on all Internet-related communication
D) as the primary border firewall filtering technique
Question
The earliest type of border firewalls used static packet filtering.
Question
A static packet filtering firewall can stop incoming packets with spoofed source IP addresses.
Question
Static packet filtering has many limitations and is no longer typically used as a primary filtering mechanism.
Question
Nearly all corporate border firewalls use the ________ filtering method.

A) static packet
B) stateful packet
C) ingress
D) egress
Question
Which of the following can be described as analogous to a telephone call between two individuals?

A) A connection
B) Filtering
C) A state
D) A socket
Question
Which of the following can be described as a particular temporal period during a connection?

A) A connection
B) A default
C) A state
D) A socket
Question
________ focuses on connections between programs on different hosts.

A) SPI
B) IPS
C) IDS
D) ASIC
Question
________ uses specific examination methods depending on the state of the connection.

A) IPS
B) SPI
C) IDS
D) ASIC
Question
Well-known port numbers range from ________.

A) 0 to 256
B) 1 to 516
C) 1 to 50
D) 1 to 1023
Question
________ consist of a series of rules that are exceptions to the default behavior.

A) IPS
B) SPI
C) IDS
D) ACLs
Question
Which of the following is FALSE about stateful packet inspection firewalls?

A) They are relatively fast.
B) They are relatively inexpensive.
C) They are typically safe.
D) They are fairly rare.
Question
A connection is a persistent conversation between different programs on different computers.
Question
Instead of talking about periods or phases, computer scientists use the term "state."
Question
________ is used in firewalls that use various types of examination methods as a second type of protection.

A) NAT
B) IPS
C) SPI
D) IDS
Question
________ are able to send attack packets to IP addresses and port numbers.

A) Sockets
B) Connections
C) IDSSs
D) Sniffers
Question
Port numbers ranging from 1024 to 49151 are ________.

A) source ports
B) registered ports
C) ephemeral ports
D) TCP ports
Question
Port numbers ranging from 49151 to 65535 are ________.

A) source ports
B) registered ports
C) ephemeral ports
D) TCP ports
Question
NAT firewalls translate both network addresses (IP addresses) and port addresses.
Question
________ firewalls examine application messages in depth.

A) Application proxy
B) Unified threat management
C) Egress
D) Static packet filter
Question
________ can examine outgoing packets from an internal client to the external webserver to detect client misbehavior.

A) Protocol fidelity
B) The HTTP proxy
C) Internal IP address hiding
D) Packet streams
Question
Inspection of a URL, scripts, and MIME type are part of ________.

A) protocol fidelity
B) an HTTP proxy
C) internal IP address hiding
D) deep packet inspection
Question
Which of the following offer internal IP address hiding and header destruction?

A) Application proxy firewalls
B) Unified threat management firewalls
C) Egress firewalls
D) Static packet filter firewalls
Question
Neither static packet filter firewalls nor application proxy firewalls examine application messages.
Question
SPI application inspection provides the same automatic protections offered by application proxy firewalls.
Question
Protocol fidelity is part of an ingress firewall.
Question
Intrusion prevention system filtering is considered ________.

A) a new type of filtering
B) old technology
C) one of the most effective and long-used type of filtering
D) too expensive and too time-consuming for most businesses
Question
________ identify suspicious packets that may or may not be parts of attacks.

A) IDSs
B) Firewalls
C) Static packet inspection
D) Deep packet inspection
Question
Which of the following is FALSE about IDSs?

A) IDSs log all suspicious activity but only create alarms for some suspicious activities.
B) IDSs tend to generate far too many false alarms.
C) IDSs are highly processing-intensive.
D) IDSs use stateful packet inspection.
Question
IPSs use ________.

A) SPI filtering
B) ingress filtering
C) IDS filtering methods
D) egress filtering
Question
Hardware filtering is much faster than software filtering,
Question
Which of the following is FALSE about antivirus servers?

A) They search for worms.
B) The only search for viruses.
C) They search for Trojan horses.
D) They search for spam.
Question
Firewalls typically have antivirus filtering.
Question
Between a border firewall and the Internet is typically a site's ________.

A) border router
B) internal firewall
C) host firewall
D) main border firewall
Question
A(n) ________ stops simple high volume attacks and ensures that responses to external scanning probes cannot reach an external attacker.

A) internal firewall
B) screening border router
C) host firewall
D) main border firewall
Question
________ means that a border firewall is connected to multiple subnets.

A) DMZ
B) Multihomed
C) Logging
D) Ingress filtering
Question
Both border firewalls and internal firewalls are complex to set up.
Question
A DMZ is a subnet.
Question
Multihoming tends to make it easier to develop rules to control access to public-facing hosts and internal hosts.
Question
DMZs never have more than two kinds of hosts.
Question
________ are high-level statements to guide firewall implementation.

A) Firewall policies
B) Connections
C) Sockets
D) Firewall policy management servers
Question
The ________ field in a firewall policy database describes what firewalls should do with a service.

A) action
B) track
C) firewalls
D) service
Question
The ________ field in a firewall policy database describes what the firewall should do after taking an action.

A) action
B) track
C) firewalls
D) service
Question
The ________ field in a firewall policy database can include host names or even groups of IP addresses.

A) action
B) track
C) source
D) service
Question
________ is typically considered the most time-consuming part of firewall administration.

A) Installing software
B) Configuring hardware
C) Reading firewall logs
D) Creating policies
Question
ICMP echo probes are used in ________.

A) IP address scanning
B) ingress filtering
C) egress filtering
D) antivirus filtering
Question
Each firewall policy must be translated into an ACL rule.
Question
Firewall appliances are pre-packaged firewalls.
Question
A firewall policy database rarely includes more than six rules.
Question
Normally, firewalls are configured to only log packets that they drop.
Question
Which of the following is NOT a typical way that attackers may avoid firewall filtering?

A) Internal attackers
B) Compromised internal hosts
C) Wireless LAN hackers
D) Border firewalls
Question
By various accounts, it is estimated that ________ percent of all misbehavior is done by employees working within a site.

A) 20 to 35
B) 30 to 50
C) 30 to 70
D) 50 to 90
Question
________ is a pattern in the traffic data within an access control list.

A) A NAT/PAT
B) A UTM
C) Anomy detection
D) An attack signature
Question
________ look(s) for patterns that indicate that some kind of attack is underway.

A) Attack signatures
B) Anomaly detection
C) Intrusion detection systems
D) UTMs
Question
For firewalls to be effective, there should be several points of connection between a site network and the external environment.
Question
Companies should assume that an increasing number of attacks will reach their internal clients and servers.
Question
Antivirus filtering uses signatures to detect viruses, worms, and Trojan horses.
Question
One way to address threats for which no signature exists is to use anomaly detection.
Question
Signature-based detection is less accurate than anomaly detection.
Question
Anomaly detection tends to generate so many false positives that many firms will not use it.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/68
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 6: Firewalls
1
When a firewall examines a packet passing through it, it will drop the packet if it is ________.

A) a provable attack packet
B) a suspicious packet
C) not a provable attack packet
D) a stateful packet
a provable attack packet
2
If a packet received by the firewall is not a provable attack packet, what happens?

A) Day and time are logged in a log file.
B) It is noted as a suspicious packet in the log file.
C) It passes it on to its destination.
D) It remains stored in an authentication server.
It passes it on to its destination.
3
A ________ is made by a firewall.

A) NAT/PAT
B) unified threat
C) pass/deny decision
D) log file
pass/deny decision
4
________ firewalls examine traffic entering the network from outside.

A) Internal
B) Egress
C) Border
D) Ingress
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
5
________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering.

A) Unified threat management
B) Ingress
C) Egress
D) Static packet filter
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following is NOT a type of filtering?

A) Stateful packet inspection
B) Static packet
C) Antivirus
D) Authentication
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
7
________ firewalls handle traditional firewall processing, antivirus filtering, and spam filtering.

A) Unified threat management
B) Ingress
C) Egress
D) Static packet filter
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
8
Almost all main border firewalls use static packet filtering as their primary inspection mechanism.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
9
Static packet filtering is sometimes used ________.

A) on all internal transmission in a company
B) as a secondary filtering mechanism
C) on all Internet-related communication
D) as the primary border firewall filtering technique
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
10
The earliest type of border firewalls used static packet filtering.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
11
A static packet filtering firewall can stop incoming packets with spoofed source IP addresses.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
12
Static packet filtering has many limitations and is no longer typically used as a primary filtering mechanism.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
13
Nearly all corporate border firewalls use the ________ filtering method.

A) static packet
B) stateful packet
C) ingress
D) egress
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following can be described as analogous to a telephone call between two individuals?

A) A connection
B) Filtering
C) A state
D) A socket
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following can be described as a particular temporal period during a connection?

A) A connection
B) A default
C) A state
D) A socket
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
16
________ focuses on connections between programs on different hosts.

A) SPI
B) IPS
C) IDS
D) ASIC
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
17
________ uses specific examination methods depending on the state of the connection.

A) IPS
B) SPI
C) IDS
D) ASIC
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
18
Well-known port numbers range from ________.

A) 0 to 256
B) 1 to 516
C) 1 to 50
D) 1 to 1023
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
19
________ consist of a series of rules that are exceptions to the default behavior.

A) IPS
B) SPI
C) IDS
D) ACLs
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is FALSE about stateful packet inspection firewalls?

A) They are relatively fast.
B) They are relatively inexpensive.
C) They are typically safe.
D) They are fairly rare.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
21
A connection is a persistent conversation between different programs on different computers.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
22
Instead of talking about periods or phases, computer scientists use the term "state."
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
23
________ is used in firewalls that use various types of examination methods as a second type of protection.

A) NAT
B) IPS
C) SPI
D) IDS
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
24
________ are able to send attack packets to IP addresses and port numbers.

A) Sockets
B) Connections
C) IDSSs
D) Sniffers
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
25
Port numbers ranging from 1024 to 49151 are ________.

A) source ports
B) registered ports
C) ephemeral ports
D) TCP ports
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
26
Port numbers ranging from 49151 to 65535 are ________.

A) source ports
B) registered ports
C) ephemeral ports
D) TCP ports
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
27
NAT firewalls translate both network addresses (IP addresses) and port addresses.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
28
________ firewalls examine application messages in depth.

A) Application proxy
B) Unified threat management
C) Egress
D) Static packet filter
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
29
________ can examine outgoing packets from an internal client to the external webserver to detect client misbehavior.

A) Protocol fidelity
B) The HTTP proxy
C) Internal IP address hiding
D) Packet streams
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
30
Inspection of a URL, scripts, and MIME type are part of ________.

A) protocol fidelity
B) an HTTP proxy
C) internal IP address hiding
D) deep packet inspection
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following offer internal IP address hiding and header destruction?

A) Application proxy firewalls
B) Unified threat management firewalls
C) Egress firewalls
D) Static packet filter firewalls
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
32
Neither static packet filter firewalls nor application proxy firewalls examine application messages.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
33
SPI application inspection provides the same automatic protections offered by application proxy firewalls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
34
Protocol fidelity is part of an ingress firewall.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
35
Intrusion prevention system filtering is considered ________.

A) a new type of filtering
B) old technology
C) one of the most effective and long-used type of filtering
D) too expensive and too time-consuming for most businesses
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
36
________ identify suspicious packets that may or may not be parts of attacks.

A) IDSs
B) Firewalls
C) Static packet inspection
D) Deep packet inspection
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following is FALSE about IDSs?

A) IDSs log all suspicious activity but only create alarms for some suspicious activities.
B) IDSs tend to generate far too many false alarms.
C) IDSs are highly processing-intensive.
D) IDSs use stateful packet inspection.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
38
IPSs use ________.

A) SPI filtering
B) ingress filtering
C) IDS filtering methods
D) egress filtering
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
39
Hardware filtering is much faster than software filtering,
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following is FALSE about antivirus servers?

A) They search for worms.
B) The only search for viruses.
C) They search for Trojan horses.
D) They search for spam.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
41
Firewalls typically have antivirus filtering.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
42
Between a border firewall and the Internet is typically a site's ________.

A) border router
B) internal firewall
C) host firewall
D) main border firewall
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
43
A(n) ________ stops simple high volume attacks and ensures that responses to external scanning probes cannot reach an external attacker.

A) internal firewall
B) screening border router
C) host firewall
D) main border firewall
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
44
________ means that a border firewall is connected to multiple subnets.

A) DMZ
B) Multihomed
C) Logging
D) Ingress filtering
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
45
Both border firewalls and internal firewalls are complex to set up.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
46
A DMZ is a subnet.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
47
Multihoming tends to make it easier to develop rules to control access to public-facing hosts and internal hosts.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
48
DMZs never have more than two kinds of hosts.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
49
________ are high-level statements to guide firewall implementation.

A) Firewall policies
B) Connections
C) Sockets
D) Firewall policy management servers
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
50
The ________ field in a firewall policy database describes what firewalls should do with a service.

A) action
B) track
C) firewalls
D) service
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
51
The ________ field in a firewall policy database describes what the firewall should do after taking an action.

A) action
B) track
C) firewalls
D) service
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
52
The ________ field in a firewall policy database can include host names or even groups of IP addresses.

A) action
B) track
C) source
D) service
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
53
________ is typically considered the most time-consuming part of firewall administration.

A) Installing software
B) Configuring hardware
C) Reading firewall logs
D) Creating policies
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
54
ICMP echo probes are used in ________.

A) IP address scanning
B) ingress filtering
C) egress filtering
D) antivirus filtering
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
55
Each firewall policy must be translated into an ACL rule.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
56
Firewall appliances are pre-packaged firewalls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
57
A firewall policy database rarely includes more than six rules.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
58
Normally, firewalls are configured to only log packets that they drop.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
59
Which of the following is NOT a typical way that attackers may avoid firewall filtering?

A) Internal attackers
B) Compromised internal hosts
C) Wireless LAN hackers
D) Border firewalls
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
60
By various accounts, it is estimated that ________ percent of all misbehavior is done by employees working within a site.

A) 20 to 35
B) 30 to 50
C) 30 to 70
D) 50 to 90
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
61
________ is a pattern in the traffic data within an access control list.

A) A NAT/PAT
B) A UTM
C) Anomy detection
D) An attack signature
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
62
________ look(s) for patterns that indicate that some kind of attack is underway.

A) Attack signatures
B) Anomaly detection
C) Intrusion detection systems
D) UTMs
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
63
For firewalls to be effective, there should be several points of connection between a site network and the external environment.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
64
Companies should assume that an increasing number of attacks will reach their internal clients and servers.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
65
Antivirus filtering uses signatures to detect viruses, worms, and Trojan horses.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
66
One way to address threats for which no signature exists is to use anomaly detection.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
67
Signature-based detection is less accurate than anomaly detection.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
68
Anomaly detection tends to generate so many false positives that many firms will not use it.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree