Q&A Hero

Q: SPI firewalls cannot handle UDP communications because UDP is connectionless.

Q: SPI filtering for packets that are part of ongoing communications is usually simple.

Q: What is the SPI firewall rule for packets that only have their TCP ACK bits set but no other flags set? A) Drop the packet unless it is permitted by an ACL B) Pass the packet unless it is forbidden by an ACL C) Pass the packet if it is part of a previously approved connection D) Either A or B

Q: What is the SPI firewall rule for packets that do not attempt to open connections? A) Drop the packet unless it is permitted by an ACL B) Pass the packet unless it is forbidden by an ACL C) Pass the packet if it is part of a previously approved connection D) Either A or B

Q: A socket designates a specific program designated by a port number on a specific computer's IP address.

Q: A connection designates a specific program designated by a port number on a specific computer's IP address.

Q: A connection between two programs on different computers is represented by its ________. A) pair of IP addresses B) pair of port numbers C) pair of sockets D) None of the above

Q: A ________ is a persistent conversation between different programs on different computers. A) connection B) state C) Both A and B D) Neither A nor B

Q: A state is a distinct phase in a connection between two applications.

Q: Most packets are part of the ________ state. A) connection opening B) connection closing C) Both A and B D) Neither A nor B

Q: A connection opening is a state.

Q: Static packet filtering is sometimes used ________. A) as a secondary filtering mechanism on an application proxy firewall B) on border routers C) Both A and B D) Neither A nor B

Q: Static packet filtering firewalls are limited to ________. A) inspecting packets for which there are good application proxy filtering rules B) inspecting packets in isolation from their context C) Both A and B D) Neither A nor B

Q: SPI firewalls can conduct ________ inspection. A) stateful packet B) static packet filtering C) Both A and B D) Neither A nor B

Q: Almost all main border firewalls use ________ filtering as their primary filtering mechanism. A) unified threat management B) application proxy C) static packet filtering D) None of the above

Q: A ________ firewall handling all traditional firewall functions (SPI, ACLs, etc.) as well as additional security functions such as antivirus filtering, spam filtering, application proxy filtering, and so forth. A) unified threat management B) stateful packet inspection C) static packet inspection D) None of the above

Q: Wire speed is the maximum speed at which a firewall can filter packets.

Q: A border firewall sits at the boundary between the corporate site and the external Internet.

Q: If a firewall has to drop packets because it cannot keep up with traffic volume, this is ________. A) good because it will prevent possible attack packets from entering the network B) bad because valid, non-attack packets will be dropped and this will effectively created a self-generated DOS attack C) Both A and B D) Neither A nor B

Q: If a firewall cannot keep up with traffic volume, it will ________. A) continue passing all packets but slow operation B) drop packets it cannot process C) pass any packets it cannot filter D) shut down, failing safely

Q: The purpose of egress firewall filtering is to stop attack packets from entering the firm's internal network.

Q: In ________ filtering, the firewall filters packets when they are leaving the network. A) ingress B) egress C) Both A and B D) Neither A nor B

Q: In ________ filtering, the firewall examines packets entering the network from the outside. A) ingress B) egress C) Both A and B D) Neither A nor B

Q: ________ firewalls filter traffic passing between different parts of a site's network. A) Border B) Internal C) Intermediate D) None of the above

Q: In ingress filtering, the firewall examines packets entering the network from the outside, typically from the Internet.

Q: An internal firewall sits at the boundary between the corporate site and the Internet.

Q: If a firewall receives a packet that is suspicious, it will drop and log the packet.

Q: If a firewall receives a suspicious packet, the firewall will ________. A) log the packet B) drop the packet C) Both A and B D) Neither A nor B

Q: If a firewall receives a provable attack packet, the firewall will ________. A) log the packet B) drop the packet C) Both A and B D) Neither A nor B

Q: Firewalls will drop ________. A) suspicious packets B) provable attack packets C) Both A and B D) Neither A nor B

Q: A ________ does not require a special reader to be added to a PC for access control. A) USB token B) magnetic stripe card C) smart card D) All of the above

Q: A ________ is a small device that plugs into a standard computer port to identify the owner. A) one-time-password token B) USB token C) magnetic stripe card D) smart card

Q: A ________ is a small device with a display that has a number that changes frequently. A) one-time-password token B) USB token C) magnetic stripe card D) None of the above

Q: A ________ card stores authentication data. A) magnetic stripe B) smart C) Both A and B D) Neither A nor B

Q: A magnetic stripe card is an access card that has a built-in microprocessor and memory.

Q: A ________ card is an access card that has a built-in microprocessor and memory. A) magnetic stripe B) smart C) Both A and B D) Neither A nor B

Q: Passwords offer reasonable security at reasonable cost and will likely continue to increase in importance in the future.

Q: In high-risk environments, password reset risks are reduced by requiring the user's physical presence.

Q: Which of the following is true? A) Human password resets are dangerous. B) Automated password resets are dangerous. C) Both A and B D) Neither A nor B

Q: Passwords should be changed frequently.

Q: Users should select very long and complex passwords and use the same password at all sites for auditability.

Q: It is very important for testers to get permission before running a password cracking program on their company's computers to check for weak passwords even if such testing is in their job definitions.

Q: According to the book, r%Dv$ is a strong password.

Q: The book recommends that passwords be at least ________ characters long. A) 6 B) 8 C) 20 D) 100

Q: Long passwords that use several types of keyboard characters are called ________ passwords. A) complex B) reusable C) dictionary D) one-time

Q: Password cracking is usually done over the network by trying many passwords to log into an account.

Q: PCs should require login screens with complex passwords.

Q: Most users who have access to servers use reusable passwords for authentication.

Q: It is illegal to go through a company's trash bins even if the trash bins are outside the corporation.

Q: ________ is a social engineering trick where an intruder may follow an authorized user through a door that the authorized user opens with an access device. A) Shoulder surfing B) Shadowing C) Trailing D) Piggybacking

Q: Buildings should be set back from streets and protected with rolling hill landscaping to reduce threats from ________. A) wireless eavesdropping B) industrial espionage C) casual observation D) terrorism

Q: If a laptop needs to be taken off premises, ________. A) it should first be logged out. B) it should be logged in when returned C) all sensitive information should be removed D) All of the above

Q: ________ can be used to supply power during long power outages. A) Uninterruptable power supplies B) Electrical generators C) Both A and B D) Neither A nor B

Q: Placing sensitive equipment in secure areas to minimize potential threats and damage is called siting.

Q: Which of the following should be forbidden in secure areas? A) Cameras B) USB flash drives C) Both A and B D) Neither A nor B

Q: Which of the following is not one of the rules for working in secure areas? A) Unsupervised work in secure areas should be avoided. B) When no one is in a secure area, it should be locked and verified periodically. C) No one should be allowed to work in secure areas for more than four hours in a row. D) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas.

Q: On loading docks, outgoing shipments should be separated from incoming shipments ________. A) to ensure the segregation of duties B) to avoid confusion C) to reduce the risk of theft D) All of the above

Q: In CobiT, entry must be ________. A) justified B) logged C) Both A and B D) Neither A nor B

Q: All unattended exits should be locked to bar exit.

Q: In military security, SBU documents are unclassified.

Q: In military security, the term multilevel security means multifactor security.

Q: In ________ the department has discretion over giving access to individuals, within policy standards set by higher authorities. A) policy-based access control B) mandatory access control C) discretionary access control D) delegated access control

Q: In the military, departments do not have the ability to alter access control rules set by higher authorities in ________. A) policy-based access control B) mandatory access control C) discretionary access control D) multilevel access control

Q: Compared to access control based on individual accounts, RBAC is ________. A) less prone to error B) more expensive C) Both A and B D) Neither A nor B

Q: Two-factor authentication can be defeated if ________. A) the user's computer is compromised B) the attacker uses a man-in-the-middle attack C) Both A and B D) Neither A nor B

Q: Which of the following is one of the four bases for authentication credentials? A) What you know B) What you have C) Both A and B D) Neither A nor B

Q: Authentication is the process of collecting information about the activities of each individual in log files for immediate and later analysis.

Q: ________ is the process of collecting information about the activities of each individual in log files for immediate and later analysis. A) Authorizations B) Authentication C) Accuracy D) Auditing

Q: ________ is the process of assessing the identity of each individual claiming to have permission to use a resource. A) Authorizations B) Authentication C) Both A and B D) Neither A nor B

Q: ________ is the process of assessing the identity of each individual claiming to have permission to use a resource. A) Authorizations B) Authentication C) Accuracy D) Auditing

Q: Which of the following is not one of the AAA controls? A) Authentication B) Auditing C) Accuracy D) Authorizations

Q: The amount of money companies should spend on identity management can be measured through risk analysis.

Q: Identity management is really just another form of risk management.

Q: Self-service identity management should be used to change a ________ in the identity database. A) password B) telephone number C) Both A and B D) Neither A nor B

Q: As far as possible, identities should be managed by people closest to the situation.

Q: A(n) ________ is the set of attributes about a person or resource that must be revealed in a particular context. A) template B) subtemplate C) identity D) None of the above

Q: ________ is possible today. A) Single sign-on B) Reduced sign-on C) Both A and B D) Neither A nor B

Q: ________ allows a user to authenticate him or herself to the identity management server once; thereafter, whenever the user asks for access to another server, no additional logins are required. A) RSO B) SSO C) TSO D) None of the above

Q: Which of the following are benefits of using identity management? A) Reduced costs B) Centralized auditing of all an employee's access permission across a firm C) Both A and B D) Neither A nor B

Q: ________ is the centralized policy based management of all information required for access to corporate systems by people, machines, programs, or other resources. A) Directory service B) Meta-directory service C) Identity management D) Meta-identity management