Chapter 8 Quiz

11 September 2022
4.7 (114 reviews)
25 test answers

Unlock all answers in this set

Unlock answers (21)
question
Which of the following refers to a system designed, built, and deployed specifically to serve as a frontline defense for a network? a. diversity of defense b. universal participation c. proprietary OS d. bastion host
answer
d. bastion host
question
Which of the following refers to an operating system built exclusively to run on a bastion host device? a. universal participation b. bastion host OS c. reverse caching d. proprietary OS
answer
d. proprietary OS
question
Which of the following provides faster access to static content for external users accessing internal Web servers? a. general purpose OS b. security stance c. reverse caching d. diversity of defense
answer
c. reverse caching
question
Which of the following describes security stance? a. an organization's filtering configuration; it answers the question, "What should be allowed and what should be blocked?" b. a means of providing faster access to static content for external users accessing internal Web servers c. an operating system such as Windows or Linux that supports a wide variety of purposes and functions, but when used as a bastion host OS must be hardened and locked down d. an approach to security similar to defense in depth that uses a different security mechanism at each or most of the layers
answer
a. an organization's filtering configuration; it answers the question, "What should be allowed and what should be blocked?"
question
Which of the following forces all traffic, communications, and activities through a single pathway or channel that can be used to control bandwidth consumption, filter content, provide authentication services, or enforce authorization? a. fail-safe b. chokepoint c. fail-secure d. reverse proxy
answer
b. chokepoint
question
In which type of system environment do you block all access to all resources, internal and external, by default, and then use the principle of least privilege by adding explicit and specific allow-exceptions only when necessary based on job descriptions? a. default-deny b. default-accept c. filter-free d. fail-safe
answer
** a, d
question
Which of the following is not a security strategy? a. defense diversity b. firewall policies c. weakest link d. forced universal participation
answer
**c, d
question
Which of the following is not a firewall type? a. universal b. static packet filtering c. proxy d. stateful inspection
answer
a. universal
question
Which of the following is a dedicated hardware device that functions as a black-box sentry? a. fail-safe b. reverse proxy firewall c. proxy firewall d. appliance firewall
answer
d. appliance firewall
question
Which of the following does port forwarding support? a. any service on any port b. caching c. encryption endpoint d. load balancing
answer
a. any service on any port
question
If the process of creating rules requires a significant number of special exceptions to modify or adjust ranges of addresses or ports, what should you do? a. use a more complex rule set b. consider reconfiguring the network rather than using a too complex or too long rule set c. use a longer rule set d. don't use any addresses or ports
answer
b. consider reconfiguring the network rather than using a too complex or too long rule set
question
Which of the following is an operating system built exclusively to run on a bastion host device? a. proprietary OS b. general OS c. reverse proxy d. appliance firewall
answer
a. proprietary OS
question
Which of the following is not a common reason for deploying a reverse proxy? a. reverse caching b. security c. time savings d. encryption
answer
** d
question
True or False: Allowing every communication is a bad idea from a security standpoint as well as a productivity one. a. true b. false
answer
a. true
question
True or False: Diversity of defense uses a different security mechanism at each or most of the layers. a. true b. false
answer
a. true
question
True or False: When conducting an inventory, you don't need to include protocols in use or the port(s) in use. You just need to include the likely source and destination addresses. a. true b. false
answer
b. false
question
True or False: Wireshark can be used in the absence of a firewall, with a firewall set to allow all traffic, or even in the presence of a firewall to inventory all traffic on the network. a. true b. false
answer
a. true
question
True or False: You should not automatically purchase the product your cost/benefit analysis says is the best option. a. true b. false
answer
a. true
question
True or False: Software firewalls cannot be bastion hosts. a. true b. false
answer
b. false
question
True or False: To allow clients to use a single public addresses to access a cluster of internal Web servers, you can deploy reverse proxy to support load balancing or load distribution across multiple internal resource hosts. a. true b. false
answer
a. true
question
True or False: Security through obscurity can be both a good strategy and a bad one depending on the type of security. a. true b. false
answer
a. true
question
True or False: Rule-set ordering is critical to the successful operation of firewall security. a. true b. false
answer
a. true
question
True or False: The fewer rules you need to check before you grant an Allow, the less delay to the traffic stream. a. true b. false
answer
a. true
question
True or False: Deploy firewalls as quickly as possible. a. true b. false
answer
b. false
question
True or False: You should consider placing rules related to more common traffic earlier in the set rather than later. a. true b. false
answer
a. true