University of the Cumberlands EMISS ISOL532 Telecommunications and Network Security. Final Exam summer 2020. 100 Q&A

Document Content and Description Below

Question 1 1. The degree to which a firewall can impose user access restrictions is known as which of the following? Security assurance Privilege control Authentication Audit capabilities 10... points Question 2 1. Which of the following is a system that waits for an IDS to detect and attackers and then transfers the attackers to a special host where they cannot do damage to the production environment? Padded cell Honeypo t Honeyne t OpenVPN 10 points Question 3 1. If the process of creating rules requires a significant number of special exceptions to modify or adjust ranges of addresses or ports, what should you do? Use a more complex rule set. Consider reconfiguring the network rather than using a too complex or too long rule set. Use a longer rule set. Don't use any addresses or ports. 10 points Question 4 1. ShieldsUP! is a port-scanning tool that is an effective way to test your configuration. TrueFalse 10 points Question 5 1. Handling physical security attacks is the most important aspect of a security plan, as these types of attacks pose the highest risks to the organization. True False 10 points Question 6 1. Which of the following monitors traffic that gets through the screening firewall and has the advantage of reducing the amount of traffic to be monitored? Unfiltered IDS/IPS installation Intrusion prevention system (IPS) Screened IDS/IPS solution Intrusion detection system (IDS) 10 points Question 7 1. Most individuals and small office environments are at the most significant risk of being a primary target of hacker activity. True False 10 points Question 8 1. When considering transaction security, it is common for the web server to stand behind one firewall and the database server to stand behind a second firewall. TrueFalse 10 points Question 9 1. Every five minutes, SmoothWall allows the viewing of graphs representing network traffic, generated by RRDtool. True False 10 points Question 10 1. Which of the following is an element of infrastructure design that takes into account the likelihood of a security breach by malicious code or some other intruder? Containment Trapping Compartmentaliz ation Intrusion detection 10 points Question 11 1. Most computers include power management capabilities, allowing them to turn off or go to a low power state when they aren’t being used for a time. These computers can then be awakened when they are sent a specific string of bits in a “magic packet.” True False 10 points Question 12 1. There are six steps for writing a security incident response plane. Which of the following is not a step? DetectionContainm ent Eradicatio n Report 10 points Question 13 1. Software firewalls cannot be bastion hosts. True False 10 points Question 14 1. Which of the following is not a security suite? Netfilter Webroot Internet Security Essentials McAfee Personal Firewall Plus Computer Associates 10 points Question 15 1. It is a mistake to use remote system and device management mechanisms that are convenient but not secure, such as telnet, HTTP, and FTP. True False 10 points Question 16 1. Which term describes a set of concepts and practices that provide detailed descriptions and comprehensive checklists, tasks, and procedures for common IT practices? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL)Anti-forensics Data leakage prevention (DLP) 10 points Question 17 1. It's important to evaluate the purpose and content of your firewall policy. Which of the following is not an evaluation method? Define the software and hardware options that will be used to adopt the policy. Determine the features necessary for the infrastructure's network communications. Determine how to write a policy that is as short as possible to avoid confusion. Order the rules properly to use the least numbers of rules. 10 points Question 18 1. Which of the following is as an architecture that is designed to limit a network’s vulnerability to eavesdropping and traffic analysis? File sharing Onion routing Firewall filtering Print sharing 10 points Question 19 1. Which term describes an approach to security similar to defense in depth in that it supports multiple layers, but uses a different security mechanism at each or most of the layers? Diversity of defense Security stance Proprietary OS Universal participation 10 points Question 20 1. Which of the following allows file-sharing functionality?GoToMyPC NTRconnect LogMeIn VPN appliance 10 points Question 21 1. Which of the following refers to a system designed, built, and deployed specifically to serve as a frontline defense for a network? Diversity of defense Universal participation Proprietary OS Bastion host OS 10 points Question 22 1. Which of the following is a Microsoft solution that runs on a Microsoft Terminal Services server but appears, to end users, as if it were actually running on their systems? TS Web Access DirectAccess TS RemoteApp Terminal Services for Applications 10 points Question 23 1. If an external server needs to communicate with servers inside the green zone, which network setting on SmoothWall can be opened? Port forwarding PPP settings DMZ pinholes IP block 10 pointsQuestion 24 1. Which type of test is run in non-production subnets where you’ve configured a duplicate of the production environment? Laboratory test Simulated firewall test Laboratory test Virtualized test 10 points Question 25 1. Which of the following are documents that can help you to review and assess your organization’s status and state of security? Firewall checklists Risk assessment STIGs (Security Technical Implementation Guides) Incident response plan 10 points Question 26 1. Which of the following is used to connect two offices in different locations? Remote gateway Host-to-gateway VPN Gateway-to-gateway VPN VPN appliance 10 points Question 27 1. Which of the following is a Microsoft solution that can be used as an alternative to a traditional Internet Engineering Task Force (IETF) VPN? Forefront Unified Access Gateway (UAG) HotSpotVPN Group Policy DirectAccess10 points Question 28 1. Deploying a security product is more preferable than addressing your environment’s specific risks. True False 10 points Question 29 1. Which of the following offers keycard security and allows you to restrict the times that your computer can be remotely accessed? GoToMyPC LogMeIn NTRconne ct Internet café 10 points Question 30 1. Which of the following is a detailed and thorough review of the deployed security infrastructure compared with the organization’s security policy and any applicable laws and regulations? Incident response plan Compliance audit Disaster recovery plan Business continuity plan 10 points Question 31 1. Which of the following is not one of the reasons commercial software is a dominant solution? Companies relying on solutions they can support The popularity of combining hardware and software into an applianceCompanies relying on the least expensive solutions The commercialization of open source solutions 10 points Question 32 1. Cloud computing is an old phenomenon in computing infrastructure dating back to the early days of the Internet that involves moving computing resources out to the Internet. True False 10 points Question 33 1. BYOD stands for "Be Your Own Deterrent." True False 10 points Question 34 1. Which of the following describes a VPN? A hardware and software solution for remote workers, providing users with a data-encrypted gateway through a firewall and into a corporate network A connection that connects two offices in different locations A proprietary protocol developed by Microsoft that provides a user with a graphical interface to another computer A small home office 10 points Question 35 1. If a firm puts Internet-facing servers directly in the Internet, they are exposed to threats of attack from anywhere in the world. True False10 points Question 36 1. What term is used to describe a chipset developed and promoted by the U.S. government from 1993 to 1996 as an encryption device to be adopted by telecommunications companies for voice transmission? Synchronous Dynamic Random Access Memory (SDRAM) Clipper Chip Kerberos National Information Infrastructure (NII) 10 points Question 37 1. Port 53 is one you should consider forwarding. True False 10 points Question 38 1. Which of the following is not a common reason for deploying a reverse proxy? Reverse caching Security Time savings Encryption 10 points Question 39 1. Which of the following is a Microsoft remote control solution used for modern operating systems since Windows XP and allows help desk professionals or other IT administrators to remotely control a user’s system, while the user is watching? Terminal Services for Administration pcAnywhere Terminal Services for ApplicationsRemote Assistance 10 points Question 40 1. Which of the following refers to a failure response resulting in open and unrestricted access or communication? Fail-open Missioncritical Default allow Fail-secure 10 points Question 41 1. Which of the following refers to a public interest research group in Washington, D.C. that was established in 1994 to preserve the right of privacy in the electronic age as well as to give individuals greater control over personal information? National Security Agency (NSA) CERN National Information Infrastructure (NII) Electronic Privacy Information Center (EPIC) 10 points Question 42 1. Which of the following forces all traffic, communications, and activities through a single pathway or channel that can be used to control bandwidth consumption, filter content, provide authentication services, or enforce authorization. Fail-safe Chokepoint Fail-secure Reverse proxy 10 points Question 431. In SmoothWall, what color network interface card indicates the segment of the network is not trusted, but shares the Internet connection? Green Blue Oran ge Red 10 points Question 44 1. Which of the following is a form of threat that takes some type of initiative to seek out a target to compromise? Native firewall Passive threat Active threat Cookie 10 points Question 45 1. Windows Firewall is a native operating system firewall. True False 10 points Question 46 1. A closed-source product is typically free. True False 10 points Question 47 1. Which of the following characteristics relates to Kerberos? A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to oneanother in a secure manner A public interest research group in Washington, D.C., established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and Constitutional values in the information age A round-robin database tool intended to handle time-series data like network bandwidth, temperatures, CPU load, and so on. Dynamic random access memory (DRAM) that has a synchronous interface 10 points Question 48 1. Which of the following links customers, suppliers, partners, or communities of interest to a corporate intranet over a shared infrastructure? Untrusted networks Intranets DMZs Extranet VPNs 10 points Question 49 1. Which of the following is a third-party tool that Symantec offers as a solution for organizations to access and securely manage remote computers? NTRconnect Remote Assistance pcAnywhere LogMeIn 10 points Question 50 1. Which of the following refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL) Anti-forensics Data leakage prevention (DLP) 10 pointsQuestion 51 1. Which of the following is a key feature of SmoothWall? Weak traffic graphs and bandwidth bars Universal Plug and Play support DMZ support only Inbound traffic blocking with timebased controls 10 points Question 52 1. Which one of the following is not a commercial hot firewall option available for Linux? SmoothWall IPFire Kaspersky Internet Security IPCop 10 points Question 53 1. Which of the following involves moving computing resources out to the Internet where resources are shared by multiple applications and, in many cases, shared by multiple corporations? Mobile computing BYOD mobility Cloud computing Screened IDS/IPS 10 points Question 54 1. GoToMyPC, LogMeIn, and NTRconnect allow you to use a Mac as the client, but only NTRconnect enables you to use a Mac as the host. True False10 points Question 55 1. A padded cell is a system that waits for a honeynet to detect attackers and then transfers the attackers to a special host where they cannot do any damage to the production environment. True False 10 points Question 56 1. Which of the following command-line tools will list the current open, listening, and connection sockets on a system as well as the service related to each socket? TCPVie w Fport Netstat Nmap 10 points Question 57 1. Which of the following refers to the guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities? The whitelist Principle of least privilege Single-factor authentication Incident response plan 10 points Question 58 1. Commercial Off-the-Shelf (COTS) software is a more popular choice over custom solutions with corporations because of their network security tools, firewalls, and VPNs.True False 10 points Question 59 1. Connecting port 22 or 222 with a client such as WinSCP3 will allow SmoothWall which capability? Access to tools like TCPdump Transfer of files to and from the system via SCP/SFTP Auto-sensing crossover capabilities Access to graphics of network traffic 10 points Question 60 1. Which type of firewall is designed to control input, output, and/or access to an application? Application firewall Hybrid firewall Database firewall Data protection 10 points Question 61 1. Which of the following is an operating system built exclusively to run on a bastion host device? Proprietary OS General OS Reverse proxy Appliance firewall 10 points Question 62 1. Patch management watches for the release of new updates from vendors, tests the patches, obtains approval, and then oversees the deployment and implementation of updates across the production environment.True False 10 points Question 63 1. A honeynet is a collection of multiple honeypots in a network for the purposes of luring and trapping hackers. True False 10 points Question 64 1. You should consider placing rules related to more common traffic earlier in the set rather than later. True False 10 points Question 65 1. Which of the following is a collection of honeypots used to present an attacker an even more realistic attack environment? Padded cell Honeynet Biometrics Virtualization security 10 points Question 66 1. Linux distributions automatically come with a native software firewall. True False 10 pointsQuestion 67 1. Which of the following characteristics relates to a common Gateway Interface (CGI) script? A standard that defines how Web server software can delegate the generation of Web pages to a console application. A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner A public interest research group in Washington, D.C., established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and Constitutional values in the information age A round-robin database tool intended to handle time-series data such as network bandwidth, temperatures, CPU load, and so on 10 points Question 68 1. Which of the following is a popular open source intrusion detection system that runs on SmoothWall?? Synchronous Dynamic Random Access Memory (SDRAM) Kerberos Common Gateway Interface (CGI) script Snort 10 points Question 69 1. Simulator tests are secure by design. True False 10 points Question 70 1. Which of the following is an IPSec-based VPN protocol that uses NAT traversal (NAT-T)? Internet Key Exchange v2 (IKEv2) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP)Remote Desktop Protocol (RDP) 10 points Question 71 1. Which of the following steps of an incident response plan resolves the compromise? Eradicati on Detectio n Recovery Followup 10 points Question 72 1. What is meant by synchronous Dynamic Random Access Memory (SDRAM)? A computer network memory capability that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner Dynamic random access memory (DRAM) that has a synchronous interface A public interest research group in Washington, D.C., established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy A web cache/proxy 10 points Question 73 1. Which of the following is not a security strategy? Defense diversity Firewall policies Weakest link Forced universal participation 10 points Question 74 1. For which of the following does the mobile user take specific actions to connect to the VPN?Remote gateway Host-to-gateway VPN Gateway-to-gateway VPN VPN appliance 10 points Question 75 1. Which of the following refers to an operating system built exclusively to run on a bastion host device? Universal participation Bastion host OS Reverse caching Proprietary OS 10 points Question 76 1. A graphical user interface should be uninstalled before attempting to install a firewall product. True False 10 points Question 77 1. CERT, SANS, and Symantec are excellent network security web sites. True False 10 points Question 78 1. Free software can have no cost, which makes it non-commercial. True False10 points Question 79 1. Which of the following is defined as a characteristic of a resource being accessible to a user, application, or computer system when required? Availability Authenticati on Integrity Confidential ity 10 points Question 80 1. What must be enabled to test SmoothWall’s capability to mitigate attacks? open SSH SQUID Ping Snort intrusion detection software 10 points Question 81 1. Which one of the following is not a benefit of having a written firewall policy? It acts as a tool for assisting in troubleshooting. It serves as a guideline for detecting changes and differences. It defines how to use a reverse proxy to add an additional layer of protection and control between Internet-based users and internally hosted servers. It ensures consistent filtering across firewalls. 10 points Question 82 1. Which of the following allows administrators to connect remotely into servers from their desktop computers? Terminal Services for Administration TS RemoteApp Terminal Services for Applications TS Web Access10 points Question 83 1. A honeypot is designed to attract hackers to real targets so that you can learn about the identity of the hackers. True False 10 points Question 84 1. Each form of firewall filtering or traffic management is vulnerable in some way. True False 10 points Question 85 1. Which of the following detects unauthorized user activities, attacks, and network compromises, alerts of the detected attacks, and takes action to prevent breaches? Unfiltered IDS/IPS installation Intrusion prevention system (IPS) Screened IDS/IPS solution Intrusion detection system (IDS) 10 points Question 86 1. Which of the following requires PKI support and is used for encryption with newer tunneling protocols? Secure Socket Tunneling Protocol (SSTP) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Internet Key Exchange v2 (IKEv2)10 points Question 87 1. Which of the following risks can compromise the confidentiality of documents stored on the server? Risk that transaction data can be intercepted Risk that unauthorized individuals can breach the server’s document tree Risk that information about the server can be accessed Risk of denial of service attacks 10 points Question 88 1. Which of the following is not a commonsense element of troubleshooting firewalls? Focus on the most critical issues first. Isolate problems. Work with urgency. Know your firewall thoroughly. 10 points Question 89 1. What is a business continuity plan? A plan explaining the use of only a single element of validation or verification to prove the identity of a subject. A plan outlining the failure response that results in open and unrestricted access or communication. A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline. A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event. 10 points Question 90 1. Which of the following outbound ports is for HTTPS? Port 25 Port 53Port 80 Port 443 10 points Question 91 1. Which of the following describes a native firewall? A small text file used by Web browsers and servers to track Web sessions A firewall in an operating system or hardware device that is placed there by the vendor or manufacturer Open-source and commercial software firewalls for most operating systems Windows 7 host software firewall 10 points Question 92 1. Checking authentication, checking authorization and access control, auditing systems, and verifying firewalls and other filters should all be included on which of the following? A physical security checklist A whitelist A response plan A logical security checklist 10 points Question 93 1. Which of the following is a form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties? Default allow Separation of duties File encryption Fail-secure 10 pointsQuestion 94 1. Which of the following will generate a graph of network traffic every five minutes on a firewall? Asymmetric Digital Subscriber Line (ADSL) TCPdump RRDtool DDNS 10 points Question 95 1. Which of the following characteristics relates to mobile IP? A standard communications protocol designed to let mobile device users move from one network to another while maintaining a permanent IP address A distributed data protection technology that leverages deep analysis, context evaluation, and rules configured from a central console to ensure confidential information remains secure while in use, in transit, and at rest A series of tools and techniques used to prevent forensic examination from identifying an attack or attacker Identifying, extracting, and evaluating evidence obtained from digital media such as computer hard drives, CDs, DVDs and other digital storage devices 10 points Question 96 1. While the Tor network does provide a level of anonymity, the user never knows what other computers the request will go through; data sent and received can be captured by any of these computers. True False 10 points Question 97 1. Which of the following will track every single connection outside the Web by IP address and URL? Clipper Chip National Security AgencyProxy server Electronic Privacy Information Center 10 points Question 98 1. Which of the following uses a brute-force technique to craft packets and other forms of input directed toward the target? VMware Physical devices Fuzzing tools Laboratory tests 10 points Question 99 1. Which of the following creates copies of data on other storage media? Fail-Open Honeynets Backups Security Technical Implementation Guide (STIGS) 10 points Question 100 1. Which of the following refers to a specialized host used to place an attacker into a system where the intruder cannot do any harm? Incident response plan Padded cell Principle of least privilege Default allow [Show More]

Last updated: 2 years ago

Preview 1 out of 26 pages