University of the Cumberlands EMISS ISOL532 Telecommunications and Network Security. Final Exam. 100 Q&A

Document Content and Description Below

Take Test: ISOL 532 - Final Exam Test Information Description The Final Exam covers chapters 8 - 15 in the Textbook Instructions The exam consists of 100 questions and the time limit is 2 hours. On... ce the exam is started it must be completed as it will automatically submit at the 2 hour mark. Timed Test This test has a time limit of 2 hours.This test will save and submit automatically when the time expires. Warnings appear when half the time, 5 minutes, 1 minute, and 30 seconds remain. Multiple Attempts Not allowed. This test can only be taken once. Force Completion Once started, this test must be completed in one sitting. Do not leave the test before clicking Save and Submit. Remaining Time: 1 hour, 57 minutes, 33 seconds. Question Completion Status: Question 1 1. Which term is describes the second core IPSec security protocol; it can perform authentication to provide integrity protection, although not for the outermost IP header? Point-to-Point Protocol (PPP) Layer 2 Forwarding (L2F) Protocol Point-to-Point Tunneling Protocol (PPTP) Encapsulating Security Payload (ESP) 10 points Question 2 1. When considering transaction security, it is common for the web server to stand behind one firewall and the database server to stand behind a second firewall. True False Save and Submit10 points Question 3 1. Which of the following forces all traffic, communications, and activities through a single pathway or channel that can be used to control bandwidth consumption, filter content, provide authentication services, or enforce authorization. Fail-safe Chokepoint Fail-secure Reverse proxy 10 points Question 4 1. Which of the following characteristics relates to Point-to-Point Protocol (PPP)? The standards body for Internet-related engineering specifications A protocol that provides integrity protection for packet headers and data, as well as user authentication A protocol commonly used in establishing a direct connection between two networking nodes An older protocol largely replaced by IPSec and SSL/ TLS-based VPNs in production environments, but still in use in some older environments 10 points Question 5 1. The Containment phase of an incident response plan restrains further escalation of the incident. True False 10 points Question 6 1. Which of the following describes Layer 2 Tunneling Protocol (L2TP)? The standards body for Internet-related engineering specifications An older protocol largely replaced by IPSec and SSL/ TLS-based VPNs in production environments, but still in use in some older environments The second core IPSec security protocol; it can perform authentication to provide integrity protection, although not for the outermost IP header An early proprietary protocol from Microsoft10 points Question 7 1. Which layer of the OSI model is the Data Link Layer? Layer 1 Layer 2 Layer 3 Layer 4 10 points Question 8 1. To mitigate the risk of security threats and breaches, all installers should be trained before installing the VPN. True False 10 points Question 9 1. Each form of firewall filtering or traffic management is vulnerable in some way. True False 10 points Question 10 1. Which of the following describes a service level agreement (SLA)? A contractual commitment by a service provider or support organization to its customers or users The ability for a network or system user to remain unknown An industry term referring to any product that appears in a vendor’s PowerPoint slide deck, but is not yet available in one of its products A process by which malicious code can enter from a non-secure network, and make a hairpin, or sharp turn and enter a secure network with little or no trouble because it is entering from a secure and verified endpoint10 points Question 11 1. Deploying a security product is more preferable than addressing your environment’s specific risks. True False 10 points Question 12 1. VPN hardware can suffer from an unsecured default configuration or misconfiguration. True False 10 points Question 13 1. Which of the following is one of the most common and easily exploited vulnerabilities on any hardware network device? Insecure default configuration Misconfiguration by the installer Undistributed authentication credentials Default password 10 points Question 14 1. Which of the following refers to a protocol that provides integrity protection for packet headers and data, as well as user authentication? Point-to-Point Tunneling Protocol (PPTP) Request for Comments (RFC) Authentication Header (AH) Layer 2 Tunneling Protocol (L2TP) 10 points Question 151. All of the following are disadvantages of the build-it-yourself firewall, but one is an advantage. Which of the following is an advantage? Additional hardware manipulation Hardening of a host OS Juggling of device drivers Cost 10 points Question 16 1. The volume of data throughput and transmission speed associated with a firewall is considered what? Scalability Privilege control Flexibility Performance 10 points Question 17 1. The next generation IP version and successor to IPv4 is called what? IPv5 IPv6 IANA SSL 10 points Question 18 1. An encrypted VPN link guarantees that the other end of the VPN connection is secure. True False 10 points Question 19 1. Which of the following documents an organization's rules for using a VPN? HairpinningRemote access policy Service level agreement Vaporware 10 points Question 20 1. Which of the following is an IPSec-based VPN protocol that uses NAT traversal (NAT-T)? Internet Key Exchange v2 (IKEv2) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Remote Desktop Protocol (RDP) 10 points Question 21 1. Which one of the following is not a benefit of having a written firewall policy? It acts as a tool for assisting in troubleshooting. It serves as a guideline for detecting changes and differences. It defines how to use a reverse proxy to add an additional layer of protection and control between Internet-based users and internally hosted servers. It ensures consistent filtering across firewalls. 10 points Question 22 1. Which of the following is a closed-source product? One that is non-commercial One where the source code cannot be obtained and view by just anyone One where the source code can be obtained and viewed by anyone One that is commercial 10 points Question 231. The term Electronic Privacy Information Center (EPIC) refers to a form of the digital subscriber line technology, which enables faster data transmission over copper telephone lines than a conventional voice band modem can provide. True False 10 points Question 24 1. Allowing every communication is a bad idea from a security standpoint as well as a productivity one. True False 10 points Question 25 1. Which of the following refers to a system designed, built, and deployed specifically to serve as a frontline defense for a network? Diversity of defense Universal participation Proprietary OS Bastion host OS 10 points Question 26 1. A passive threat seeks out vulnerable targets. True False 10 points Question 27 1. A bastion host allows the firewall to connect to the internal network and the perimeter network. True False10 points Question 28 1. Which of the following is used to connect two offices in different locations? Remote gateway Host-to-gateway VPN Gateway-to-gateway VPN VPN appliance 10 points Question 29 1. One of the most important steps in VPN troubleshooting is documenting processes and procedures. True False 10 points Question 30 1. Which of the following does not address passive threats? Pop-up blockers Cookie filters Malicious site managers Active threats 10 points Question 31 1. Which of the following is hardware that connects a local network—or even a single computer—to a telco’s carrier network to access the Internet? IPFire ISP connection device DSL line SOHO 10 points Question 321. Which of the following is not a security strategy? Defense diversity Firewall policies Weakest link Forced universal participation 10 points Question 33 1. What name is given to a method that proves identity using two different authentication factors? Service level agreement (SLA) Two-factor authentication Hairpinning Anonymity 10 points Question 34 1. Digital signatures rarely accompany both authentication and nonrepudiation transactions. True False 10 points Question 35 1. Which type of architecture places a firewall in front of the VPN to protect it from Internet-based attacks as well as behind a firewall to protect the internal network? Bi-lateral architecture Two-prong approach Two-factor architecture DMZ architecture 10 pointsQuestion 36 1. Linux distributions automatically come with a native software firewall. True False 10 points Question 37 1. An intranet is an external network. True False 10 points Question 38 1. Which of the following is not a firewall type? Universal Static packet filtering Proxy Stateful inspection 10 points Question 39 1. Which of the following is a proprietary protocol developed by Microsoft that provides a user with a graphical interface to another computer? Secure Sockets Layer (SSL) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Remote Desktop Protocol (RDP) 10 points Question 40 1. A gateway-to-gateway VPN provides connectivity between two locations such as a main office and a branch office. True False10 points Question 41 1. Which of the following represents a standards-based protocol suite designed specifically for securing Internet Protocol communications? Authentication Header (AH) Tunnel mode Transport mode Internet Protocol Security (IPSec) 10 points Question 42 1. If strong authentication is a priority, select an application gateway firewall or a dedicated application-specific proxy firewall. True False 10 points Question 43 1. Which of the following risks can compromise the confidentiality of documents stored on the server? Risk that transaction data can be intercepted Risk that unauthorized individuals can breach the server’s document tree Risk that information about the server can be accessed Risk of denial of service attacks 10 points Question 44 1. Which section of the VPN policy describes the systems, networks, or people covered by the policy? Introducti on Policy Scope Purpose 10 pointsQuestion 45 1. Which of the following offers keycard security and allows you to restrict the times that your computer can be remotely accessed? GoToMyP C LogMeIn NTRconne ct Internet café 10 points Question 46 1. Examples of users purposefully avoiding or violating security—that is, not actively supporting and participating in security—include all of the following except which one? Using proxy tools to get around firewalls Using personal equipment Sharing accounts with other employees Setting strong passwords 10 points Question 47 1. IPSec is a mandatory component for IPv6, and is used to natively protect IPv6 data as it is sent over the network. True False 10 points Question 48 1. Which of the following describes a general purpose OS? An operating system that supports only firewall functions An operating system that does not support firewall functions A means of providing faster access to static content for external users accessing internal Web servers An operating system such as Windows or Linux that can support a wide variety of purposes and functions, but which, when used as a bastion host OS, must be hardened and locked down10 points Question 49 1. Which of the following outbound ports is for DNS? Port 25 Port 53 Port 80 Port 110 10 points Question 50 1. Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise? Native firewall Passive threat Active threat Cookie 10 points Question 51 1. A commercial software production is typically uses open source code. True False 10 points Question 52 1. Which of the following refers to any product that appears in a vendor’s PowerPoint slide deck, but is not yet available in one of its products? Anonymity Hairpinning Service level agreement (SLA) Slideware10 points Question 53 1. TCP is responsible for providing reliable transmissions from one system to another, and IP is responsible for addressing and route selection. True False 10 points Question 54 1. Which type of firewall is designed to control input, output, and/or access to an application? Application firewall Hybrid firewall Database firewall Data protection 10 points Question 55 1. There are six steps for writing a security incident response plane. Which of the following is not a step? Detection Containm ent Eradicatio n Report 10 points Question 56 1. Most individuals and small office environments are at the most significant risk of being a primary target of hacker activity. True False 10 points Question 571. Which of the following supports multiple layers of security? is similar to defense in depth—it supports multiple layers of security. Defense in depth Diversity of defense Chokepoint Weakest link 10 points Question 58 1. For which of the following does the mobile user take specific actions to connect to the VPN? Remote gateway Host-to-gateway VPN Gateway-to-gateway VPN VPN appliance 10 points Question 59 1. A closed-source product is typically free. True False 10 points Question 60 1. Which of the following is not an ISP connection? Cable Satelli te pfSen se DSL 10 points Question 61 1. Simulator tests are secure by design.True False 10 points Question 62 1. A firewall’s vulnerability to DoS flooding is a limitation or weakness that you can’t fix, improve, or repair by either upgrading the firewall or applying a patch. True False 10 points Question 63 1. Which of the following is a benefit of an open source VPN solution? Ease of installation Available management tools Low cost Access to vendor support 10 points Question 64 1. Which term describes a process by which malicious code can enter from a non-secure network, and make a hairpin, or sharp turn, and enter a secure network with little or no trouble because it is entering from a secure and verified endpoint? Hairpinning Anonymity Slideware Service Level Agreement (SLA) 10 points Question 65 1. Although it provides a mechanism for creating tunnels through an IP network, which of the following does not provide a mechanism for encrypting the data being tunneled?Point-to-Point Protocol (PPP) Authentication Header (AH) Layer 2 Tunneling Protocol (L2TP) Encapsulating Security Payload (ESP) 10 points Question 66 1. A proxy server can track every single connection outside the Web by IP address and the URL requested. True False 10 points Question 67 1. Windows Firewall is a native operating system firewall. True False 10 points Question 68 1. Which of the following is a public location that sells Internet access? Internet café Extranet Intranet LogMeIn, 10 points Question 69 1. Which of the following links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure? Untrusted networks Intranets DMZs Extranet VPNs10 points Question 70 1. A is a physical or logical subnetwork that contains and exposes an organization’s external services to a larger untrusted network, usually the Internet. Demilitarized zone (DMZ) VPN LAN Extranet 10 points Question 71 1. Which of the following is an advantage of SSL/TLS VPNs over IPSec VPNs? Installation on corporate systems only More vendor-created workarounds on the network address translation tool More firewall rules Platform Independence 10 points Question 72 1. Which of the following allows file-sharing functionality? GoToMyPC NTRconnect LogMeIn VPN appliance 10 points Question 73 1. GoToMyPC, LogMeIn, and NTRconnect allow you to use a Mac as the client, but only NTRconnect enables you to use a Mac as the host. True False 10 points Question 741. A passive threat is similar to a virus in that it depends upon the activity of the user to activate, infect, and spread. True False 10 points Question 75 1. Which of the following describes security stance? An organization’s filtering configuration; it answers the question, “What should be allowed and what should be blocked?” A means of providing faster access to static content for external users accessing internal Web servers An operating system such as Windows or Linux that supports a wide variety of purposes and functions, but when used as a bastion host OS must be hardened and locked down An approach to security similar to defense in depth that uses a different security mechanism at each or most of the layers 10 points Question 76 1. What term is used to describe a chipset developed and promoted by the U.S. government from 1993 to 1996 as an encryption device to be adopted by telecommunications companies for voice transmission? Synchronous Dynamic Random Access Memory (SDRAM) Clipper Chip Kerberos National Information Infrastructure (NII) 10 points Question 77 1. Which of the following describes a native firewall? A small text file used by Web browsers and servers to track Web sessions A firewall in an operating system or hardware device that is placed there by the vendor or manufacturer Open-source and commercial software firewalls for most operating systems Windows 7 host software firewall 10 pointsQuestion 78 1. If a larger organization wanted to protect subnets within the network, basic packet filtering provided by routers might be the most appropriate choice. True False 10 points Question 79 1. Snort is an open-source, rule-based IDS that can detect firewall breaches. True False 10 points Question 80 1. “Privacy” is considered keeping information about a network or system user from being disclosed to unauthorized people. True False 10 points Question 81 1. Which of the following is a dedicated hardware device that functions as a black-box sentry? Fail-safe Reverse proxy firewall Proxy firewall Appliance firewall 10 points Question 82 1. GoToMyPC and NTRconnect enable you to easily print a document on the host using the printer attached to the client. True False10 points Question 83 1. Which of the following reflects the ability of a network or system user to remain unknown? Flexibility Anonymity Security Denial of service 10 points Question 84 1. Which of the following should specifically be included in the organizations VPN solution? The prohibiting of split tunneling Encouraging shared VPN credentials Types of VPN connections supported How scalable the VPN is 10 points Question 85 1. Which of the following key VPN protocols used today is the main alternative for a VPN solution that does not leverage an IPSec solution? Internet Engineering Task Force (IETF) Authentication Header (AH) Secure Sockets Layer(SSL)/Transport Layer Security (TLS) Layer 2 Forwarding (L2F) Protocol 10 points Question 86 1. One of the drawbacks of HTTP is that it does not include the ability to encrypt or otherwise protect the data stream between the client and server. True False10 points Question 87 1. Which name is given to an architectural framework for delivering IP multimedia services? IP Multimedia Subsystem (IMS) Anti-forensics Digital forensic techniques Data leakage prevention (DLP) 10 points Question 88 1. Which of the following identifies a user based on anatomical characteristics such as a fingerprint, a voice print, or iris patterns? Anti-forensics Data leakage prevention (DLP) Biometrics Virtualization security 10 points Question 89 1. One of the primary benefits of an open source solution is access to vendor support. True False 10 points Question 90 1. Which of the following requires PKI support and is used for encryption with newer tunneling protocols? Secure Socket Tunneling Protocol (SSTP) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Internet Key Exchange v2 (IKEv2)10 points Question 91 1. Which of the following will track every single connection outside the Web by IP address and URL? Clipper Chip National Security Agency Proxy server Electronic Privacy Information Center 10 points Question 92 1. Which of the following does port forwarding support? Any service on any port Caching Encryption endpoint Load balancing 10 points Question 93 1. Which of the following refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL) Anti-forensics Data leakage prevention (DLP) 10 points Question 94 1. Which of the following refers to a public interest research group in Washington, D.C. that was established in 1994 to preserve the right of privacy in the electronic age as well as to give individuals greater control over personal information? National Security Agency (NSA) CERN National Information Infrastructure (NII)Electronic Privacy Information Center (EPIC) 10 points Question 95 1. Which of the following describes the principle that for an organization’s security policy to be effective, everyone must be forced to work within it and follow its rules? Universal participation Diversity of defense General purpose OS Bastion host OS 10 points Question 96 1. Which of the following refers to an operating system built exclusively to run on a bastion host device? Universal participation Bastion host OS Reverse caching Proprietary OS 10 points Question 97 1. Which of the following negotiates, creates, and manages security associations? Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Authentication Header (AH) Internet Key Exchange (IKE) 10 points Question 98 1. Which type of software is closed-sourced to protect intellectual property and allow vendors to charge for the product? NoncommercialOpen source Free software Commercial 10 points Question 99 1. Permanent site-to-site VPNs do not require firewalls at both ends that use static IP addresses. True False 10 points Question 100 1. When troubleshooting firewalls, which of the following is not something you should do after you attempt a fix? Make multiple fixes. Repeat the failure. Test after each attempt. Reverse or undo solution failures. [Show More]

Last updated: 2 years ago

Preview 1 out of 25 pages