Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TSM353 > Chapter 5-7 > Flashcards

Chapter 5-7 Flashcards

1
Q 
To provide a one-to-one mapping of a recyclable pool of public IP addresses to internal clients, this NAT type should be used:   
A: Policy NAT/PAT
B: Dynamic PAT  
C: Static NAT   
D: Dynamic NAT
A

D: Dynamic NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
2.	Which NAT technology is limited by the number of ports available?   
 A: Dynamic PAT
 B: Static NAT
 C: Policy NAT/PAT
 D: Dynamic NAT
A

A: Dynamic PAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A web proxy server is an example of which type of firewall:
    a) Application Layer Gateway
    b) Application Inspection
    c) Static Packet Filtering
    d) Transparent Firewall
    e) Stateful Packet Filtering
A

a) Application Layer Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. If the number of inside clients exceeds the number of public IP addresses available to an organization, then this NAT type must be used:
    a) Static NAT
    b) Policy NAT/PAT
    c) Dynamic NAT
    d) Dynamic PAT
A

d) Dynamic PAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Cisco ACL’s are an example of which type of firewall:
    a) Stateful Packet Filtering
    b) Application Layer Gateway
    c) Transparent Firewall
    d) Static Packet Filtering
    e) Application Inspection
A

d) Static Packet Filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. IP Addresses that should not be seen coming from the Internet are referred to as:
    a) private addresses
    b) bogons
    c) supernets
    d) darknet
A

b) bogons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. If a client needs to be NAT’ed to a certain public IP ONLY in specific cases, this type of NAT should be used:
    a) Dynamic NAT
    b) Dynamic PAT
    c) Static NAT
    d) Policy NAT/PAT
A

d) Policy NAT/PAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. This firewall type is not visible to most network scanners.
    a) Transparent Firewall
    b) Static Packet Filtering
    c) Stateful Packet Filtering
    d) Application Inspection
    e) Application Layer Gateway
A

a) Transparent Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. If a single inside client requires a single public IP address to be consistently assigned, this NAT type should be used:
    a) Dynamic NAT
    b) Dynamic PAT
    c) Policy NAT/PAT
    d) Static NAT
A

d) Static NAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. This firewall type is able to track communication streams that switch from one network port to another.
    a) Application Inspection
    b) Static Packet Filtering
    c) Stateful Packet Filtering
    d) Application Layer Gateway
    e) Transparent Firewall
A

a) Application Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. When developing a risk rating, this factor is assigned by the creator to indicate the importance of the signature
    a) Global Correlation
    b) Attack Relevancy
    c) Signature Fidelity Rating
    d) Target Value Rating
    e) Attack Severity Rating
A

e) Attack Severity Rating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Using community participation to create a database of threats which are shared to the community is using which method:
    a) Signature-based
    b) Reputation-based
    c) Policy-based
    d) Anomaly-based
    e) Question 3
A

b) Reputation-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of these methods typically comes pre-loaded onto an IPS/IDs?
    a) Policy-based
    b) Anomaly-based
    c) Reputation-based
    d) Signature-based
A

d) Signature-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Creating a baseline of network traffic and alerting when it deviates from this is using which method:
    a) Policy-based
    b) Signature-based
    c) Anomaly-based
    d) Reputation-based
A

c) Anomaly-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. In order to get the best visibility into the security of a client, this device should be used:
    a) HIDS
    b) NIDS
    c) Firewalls
    d) IPS
A

a) HIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. When developing a risk rating, this factor determines the accuracy of the rating:
    a) Historical Rating
    b) Signature Fidelity Rating
    c) Margin of Error Rating
    d) Accuracy Rating
    e) Statistical Analysis Rating
A

b) Signature Fidelity Rating

17
Q
  1. When developing a risk rating, this factor is assigned based on the value of the asset being protected.
    a) Signature Fidelity Rating
    b) Attack Severity Rating
    c) Attack Relevancy
    d) Target Value Rating
    e) Global Correlation
A

d) Target Value Rating

18
Q
  1. Limiting the number of packets in a network scan to avoid triggering alerts is an example of which evasion technique:
    a) Timing Attacks
    b) Resource Exhaustion
    c) Traffic Substitution
    d) Traffic Fragmentation
    e) Protocol Level Misinterpretation
    f) Encryption & Tunneling
A

a) Timing Attacks

19
Q
  1. This evasion technique relies on generating an excessive amount of logs using one attack to cover up a more subtle attack.
    a) Timing Attacks
    b) Traffic Substitution
    c) Resource Exhaustion
    d) Encryption & Tunneling
    e) Protocol Level Misinterpretation
    f) Traffic Fragmentation
A

c) Resource Exhaustion

20
Q
  1. Detecting threats based on specific patterns or characteristics uses which method:
    a) Anomaly-based
    b) Signature-based
    c) Policy-based
    d) Reputation-based
A

b) Signature-based

21
Q
  1. Which is the most secure method for authentication of IKE Phase I?
    a) PSK
    b) RSA signatures, using digital certificates to exchange public keys
    c) Symmetrical AES-256
    d) DH Group 5
A

b) RSA signatures, using digital certificates to exchange public keys

22
Q
  1. This encryption method uses one-way functions to encrypt and decrypt data:
    a) Asymmetric Encryption
    b) Hashing Function
    c) Pre-Shared Keys
    d) Symmetric Encryption
A

a) Asymmetric Encryption

23
Q
  1. Which of the following are NOT negotiated during IKE Phase 1?
    a) IKE Phase 1 protocols
    b) Encryption
    c) Authentication method
    d) DH group
    e) Hashing
A

a) IKE Phase 1 protocols

24
Q
  1. Which tunnel is used for private management traffic between the two VPN peers?
    a) IKE Phase 3
    b) IKE Phase 2
    c) IPsec
    d) IKE Phase 1
A

d) IKE Phase 1

25
Q
  1. In IPSec, how is the negotiation of the IKE Phase 2 in tunnel done securely?
    a) Uses Pre-Shared Keys
    b) Uses the IKE Phase 1 tunnel
    c) Uses an IPsec tunnel
    d) Uses RSA
A

c) Uses an IPsec tunnel

26
Q
  1. With VPN technology, Data Integrity is a function of:
    a) Auditing
    b) Authentication
    c) Encryption
    d) Hashing
A

d) Hashing

27
Q
  1. Encrypting data a single bit at a time is referred to as a(n):
    a) Fragmentation
    b) Hash Function
    c) Stream cipher
    d) Block cipher
A

c) Stream cipher

28
Q
  1. A set of rules on how to perform encryption or decryption is referred to as:
    a) Algorithm
    b) Cipher
    c) Function
    d) Key
A

b) Cipher

29
Q
  1. The protocol used to perform a key exchange in an IKE connection is known as:
    a) ESP
    b) MD5
    c) Diffie-Helman
    d) RSA
A

c) Diffie-Helman

30
Q
  1. Which of these is not a type of VPN:
    a) IPSec
    b) HTTPS
    c) SSL
    d) MPLS
A

b) HTTPS

31
Q

A security measure whose primary purpose is to deny unwanted traffic from crossing the boundary of the firewall.

A

Firewall

TSM353 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions