C
1. _________ control determines the types of Internet services that can be accessed, inbound or outbound. A. Behavior B. Direction C. Service D. User
B
2. _________ control controls how particular services are used. A. Service B. Behavior C. User D. Direction
C
3. _________ control determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. A. Behavior B. User C. Direction D. Service
A
4. ________ control controls access to a service according to which user is attempting to access it. A. User B. Direction C. Service D. Behavior
D
5. The _________ defines the transport protocol. A. destination IP address B. source IP address C. interface D. IP protocol field
D
6. A __________ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. A. packet filtering B. stateful inspection C. application-level D. circuit-level
B
7. An example of a circuit-level gateway implementation is the __________ package. A. application-level B. SOCKS C. SMTP D. stateful inspection
A
8. Typically the systems in the _________ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server. A. DMZ B. IP protocol field C. boundary firewall D. VPN
C
9. A _________ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security. A. proxy B. UTM C. VPN D. stateful inspection firewall
B
10. A _________ configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control. A. packet filtering firewall B. distributed firewall C. personal firewall D. stateful inspection firewall
C
11. Typical for SOHO applications, a __________ is a single router between internal and external networks with stateless or full packet filtering. A. single bastion T B. double bastion inline C. screening router D. host-resident firewall
A
12. __________ are attacks that attempt to give ordinary users root access. A. Privilege-escalation exploits B. Directory transversals C. File system access D. Modification of system resources
D
13. __________ scans for attack signatures in the context of a traffic stream rather than individual packets. A. Pattern matching B. Protocol anomaly C. Traffic anomaly D. Stateful matching
B
14. __________ looks for deviation from standards set forth in RFCs. A. Statistical anomaly B. Protocol anomaly C. Pattern matching D. Traffic anomaly
A
15. The _________ attack is designed to circumvent filtering rules that depend on TCP header information. A. tiny fragment B. address spoofing C. source routing D. bastion host
firewall
1. The _________ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.
packet filtering
2. A _________ firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet.
source
3. The ________ IP address is the IP address of the system that originated the IP packet.
spoofing
4. An intruder transmitting packets from the outside with a source IP address field containing an address of an internal host is known as IP address _________.
SOCKS
5. The __________ protocol is an example of a circuit-level gateway implementation that is conceptually a "shim-layer" between the application layer and the transport layer and does not provide network-layer gateway services.
bastion host
6. Identified as a critical strong point in the network's security, the _________ serves as a platform for an application-level or circuit-level gateway.
personal
7. A __________ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.
VPN (virtual private network)
8. A ________ uses encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.
IPSec
9. __________ protocols operate in networking devices, such as a router or firewall, and will encrypt and compress all traffic going into the WAN and decrypt and uncompress traffic coming from the WAN.
host-based IPS (HIPS)
10. A ___________ makes use of both signature and anomaly detection techniques to identify attacks.
Pattern
11. _________ matching scans incoming packets for specific byte sequences (the signature) stored in a database of known attacks.
Traffic
12. __________ anomaly watches for unusual traffic activities, such as a flood of UDP packets or a new service appearing on the network.
Sdrop
13. Snort Inline adds three new rule types: drop, reject, and _________.
UTM (unified threat management)
14. A single device that integrates a variety of approaches to dealing with network-based attacks is referred to as a __________ system.
defense in depth
15. The firewall follows the classic military doctrine of _________ because it provides an additional layer of defense.