Chat with AI
Deck 10: Firewall Design and Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 10: Firewall Design and Management
1
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
A) caching firewall
B) proxy server
C) caching-only DNS server
D) DMZ intermediary
A) caching firewall
B) proxy server
C) caching-only DNS server
D) DMZ intermediary
B
2
What is a step you can take to harden a bastion host?
A) enable additional services to serve as honeypots
B) open several ports to confuse attackers
C) configure several extra accounts with complex passwords
D) remove unnecessary services
A) enable additional services to serve as honeypots
B) open several ports to confuse attackers
C) configure several extra accounts with complex passwords
D) remove unnecessary services
D
3
Proxy servers take action based only on IP header information.
False
4
Which of the following is true about a screening router?
A) it examines the data in the packet to make filtering decisions
B) it can stop attacks from spoofed addresses
C) it maintains a state table to determine connection information
D) it should be combined with a firewall for better security
A) it examines the data in the packet to make filtering decisions
B) it can stop attacks from spoofed addresses
C) it maintains a state table to determine connection information
D) it should be combined with a firewall for better security
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
In what type of attack are zombies usually put to use?
A) buffer overrun
B) virus
C) DDoS
D) spoofing
A) buffer overrun
B) virus
C) DDoS
D) spoofing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
What do you call a firewall that is connected to the Internet,the internal network,and the DMZ?
A) multi-homed proxy
B) three-pronged firewall
C) three-way packet filter
D) multi-zone host
A) multi-homed proxy
B) three-pronged firewall
C) three-way packet filter
D) multi-zone host
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
A screened host has a router as part of the configuration.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is a disadvantage of using a proxy server?
A) shields internal host IP addresses
B) slows Web page access
C) may require client configuration
D) can't filter based on packet content
A) shields internal host IP addresses
B) slows Web page access
C) may require client configuration
D) can't filter based on packet content
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
What should you consider installing if you want to inspect packets as they leave the network?
A) security workstation
B) RIP router
C) filtering proxy
D) reverse firewall
A) security workstation
B) RIP router
C) filtering proxy
D) reverse firewall
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following best describes a bastion host?
A) a host with two or more network interfaces
B) a computer on the perimeter network that is highly protected
C) a computer running a standard OS that also has proxy software installed
D) a computer running only embedded firmware
A) a host with two or more network interfaces
B) a computer on the perimeter network that is highly protected
C) a computer running a standard OS that also has proxy software installed
D) a computer running only embedded firmware
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Which type of firewall configuration protects public servers by isolating them from the internal network?
A) screened subnet DMZ
B) dual-homed host
C) screening router
D) reverse firewall
A) screened subnet DMZ
B) dual-homed host
C) screening router
D) reverse firewall
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers?
A) Layer 7 switch
B) translating gateway
C) proxy server
D) ICMP redirector
A) Layer 7 switch
B) translating gateway
C) proxy server
D) ICMP redirector
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following best describes a DMZ?
A) a network of computers configured with robust firewall software
B) a subnet of publicly accessible servers placed outside the internal network
C) a private subnet that is inaccessible to both the Internet and the company network
D) a proxy server farm used to protect the identity of internal servers
A) a network of computers configured with robust firewall software
B) a subnet of publicly accessible servers placed outside the internal network
C) a private subnet that is inaccessible to both the Internet and the company network
D) a proxy server farm used to protect the identity of internal servers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
A dual-homed host has a single NIC with two MAC addresses.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is true about a dual-homed host?
A) serves as a single point of entry to the network
B) its main objective is to stop worms and viruses
C) uses a single NIC to manage two network connections
D) it is used as a remote access server in some configurations
A) serves as a single point of entry to the network
B) its main objective is to stop worms and viruses
C) uses a single NIC to manage two network connections
D) it is used as a remote access server in some configurations
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
The TCP normalization feature forwards abnormal packets to an administrator for further inspection.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Where should network management systems generally be placed?
A) out of band
B) in the DMZ
C) on the perimeter
D) in the server farm
A) out of band
B) in the DMZ
C) on the perimeter
D) in the server farm
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Reverse firewalls allow all incoming traffic except what the ACLs are configured to deny.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following is best described as software that prioritizes and schedules requests and then distributes them to servers based on each server's current load and processing power.
A) server pooling software
B) traffic distribution filter
C) priority server farm
D) load-balancing software
A) server pooling software
B) traffic distribution filter
C) priority server farm
D) load-balancing software
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
What is a critical step you should take on the OS you choose for a bastion host?
A) ensure all security patches are installed
B) make sure it is the latest OS version
C) choose an obscure OS with which attackers are unfamiliar
D) customize the OS for bastion operation
A) ensure all security patches are installed
B) make sure it is the latest OS version
C) choose an obscure OS with which attackers are unfamiliar
D) customize the OS for bastion operation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
In a screened ____________ setup,a router is added between the host and the Internet to carry out IP packet filtering.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a process that uses the source and destination TCP and UDP port addresses to map traffic between internal and external hosts
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
What is the term used for a computer placed on the network perimeter that is meant to attract attackers?
A) bastion host
B) honeypot
C) proxy decoy
D) virtual server
A) bastion host
B) honeypot
C) proxy decoy
D) virtual server
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a group of servers connected in a subnet that work together to receive requests
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a group of servers connected in a subnet that work together to receive requests
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address?
A) one-to-one NAT
B) port address translation
C) one-to-many NAT
D) DMZ proxy translation
A) one-to-one NAT
B) port address translation
C) one-to-many NAT
D) DMZ proxy translation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a router placed between an untrusted network and an internal network
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a router placed between an untrusted network and an internal network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
software that prioritizes and schedules requests and then distributes them to servers in a server cluster based on each server's current load and processing power
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
software that prioritizes and schedules requests and then distributes them to servers in a server cluster based on each server's current load and processing power
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Which type of NAT is typically used on devices in the DMZ?
A) one-to-one NAT
B) port address translation
C) one-to-many NAT
D) many-to-one NAT
A) one-to-one NAT
B) port address translation
C) one-to-many NAT
D) many-to-one NAT
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a firewall with separate interfaces connected to an untrusted network,a semitrusted network,and a trusted network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
software that forwards packets to and from the network being protected and caches Web pages to speed up network performance
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
software that forwards packets to and from the network being protected and caches Web pages to speed up network performance
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
A _______________ router determines whether to allow or deny packets based on their source and destination IP addresses.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
A primary goal of proxy servers is to provide security at the _______________ layer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Why is a bastion host the system most likely to be attacked?
A) it has weak security
B) it contains company documents
C) it is available to external users
D) it contains the default administrator account
A) it has weak security
B) it contains company documents
C) it is available to external users
D) it contains the default administrator account
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
You can ______________ a bastion host by removing unnecessary accounts and services.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a host in which one interface is connected to an internal network and the other interface is connected to a router to an untrusted network
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a host in which one interface is connected to an internal network and the other interface is connected to a router to an untrusted network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
A DMZ is a subnet of _____________ accessible servers placed outside the internal network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a device that filters outgoing connections
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a device that filters outgoing connections
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
the process of mapping one internal IP address to one external IP address
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
the process of mapping one internal IP address to one external IP address
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Which of the following is true about private IP addresses?
A) they are assigned by the IANA
B) they are not routable on the Internet
C) they are targeted by attackers
D) NAT was designed to conserve them
A) they are assigned by the IANA
B) they are not routable on the Internet
C) they are targeted by attackers
D) NAT was designed to conserve them
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
MATCHING
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a computer configured with more than one network interface
a.dual-homed host
b.load-balancing software
c.many-to-one NAT
d.one-to-one NAT
e.proxy server
f.reverse firewall
g.screened host
h.screening router
i.server farm
j.three-pronged firewall
a computer configured with more than one network interface
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What are the 8 general steps for creating a bastion host?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What is a honeypot and how is one used to help protect the network?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Describe the setup in which a dual-homed host is used.What are the limitations of this configuration?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
How does a screened host setup differ from a dual-homed host configuration? Why might you choose this configuration?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What are the primary and secondary goals of modern proxy servers?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What is a bastion host and how is one typically configured?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Describe the process of network address translation.What are the two primary types of NAT?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
How can using two firewalls help in protecting your network?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
How does a server farm and load-balancing software figure into the multiple DMZ/firewall configuration?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What is a reverse firewall and why would you use one?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
