Physical Security and Risk

Question 1

In general, firewalls work by _________.

Rejecting all packets regardless of security restrictions

Forwarding all packets regardless of security restrictions

Allowing only packets that pass security restrictions to be forwarded

Answer 1

Allowing only packets that pass security restrictions to be forwarded

Firewalls work by allowing only packets that pass security restrictions to be forwarded through the firewall. A firewall can also permit, deny, encrypt, decrypt, and proxy all computer traffic that flows through it; this can be between a public and private network or between different security domains (or zones) on a private network. You, as the administrator, set up the rules by which a firewall decides to forward or reject packets of data

Question 2

Which of the following devices can read an entry card from a distance?

Biometric reader

Proximity reader

Mantrap

Answer 2

Proximity reader

Proximity readers are door controls that read a card from a short distance and are used to control access to sensitive rooms

Question 3

What is the main difference between a network-based firewall and a host-based firewall?

A network-based firewall protects the Internet from attacks.

A network-based firewall protects a network, not just a single host.

A network-based firewall protects the network wires.

Answer 3

A network-based firewall protects a network, not just a single host.

A network-based firewall is what companies use to protect their private network from attacks sourced in the public network. The defining characteristic of this type of firewall is that it’s designed to protect an entire network of computers as opposed to just one system. This is usually a combination of hardware and software. A host-based firewall is implemented on one machine and is designed to protect that machine only. Most often, this is implemented as software; no additional hardware is required on your personal computer to run a host-based firewall

Question 4

Which of the following minimizes the effect of a disaster and includes the steps necessary to resume normal operation?

SLA

BIA

DRP

Answer 4

DRP

A properly designed disaster recovery plan (DRP) minimizes the effect of a disaster and includes the steps necessary to resume normal operation. The DRP is implemented when the emergency occurs and includes the steps to restore functions and systems

Question 5

Which of the following items cannot be identified by the Nessus program?

Default password use

Incorrect IP addresses

Unsecured data

Answer 5

Incorrect IP addresses

Nessus cannot identify incorrect IP addresses

Question 6

What is the benefit of using a firewall?

Protects external users

Protects external hardware

Protects LAN resources

Answer 6

Protects LAN resources

One of the benefits of using a firewall is that it helps protect LAN resources from unwanted attacks

Question 7

IDSs can identify attackers by their _______.

Port number

Signature

Timing

Answer 7

Signature

An intrusion detection system (IDS) monitors network traffic, looking for signs of an intrusion. Intrusions are detected by an attack signature

Question 8

Which of the following is also called disk striping?

RAID-0

RAID-1

RAID-3

Answer 8

RAID-0

RAID-0, also called disk striping, writes the data across multiple drives. While it improves performance, it does not provide fault tolerance

Question 9

Which is not a type of access control list (ACL)?

Standard

Extended

Referred

Answer 9

Referred

Standard, extended, and outbound are all types of ACLs. Referred is not

Question 10

What is it called when the firewall ignores an attack?

Logging

Shunning

Notification

Answer 10

Shunning

You can sometimes just ignore the attack because it’s possible it won’t affect your network. This is called shunning

Question 11

What is the function of a DMZ?

To separate a security zone for an IPS and IDS server

To create a security zone for VPN terminations

To create a security zone that allows public traffic but is isolated from the private inside network

Answer 11

To create a security zone that allows public traffic but is isolated from the private inside network

A DMZ can be set up many different ways, but the best explanation is that the DMZ is used to separate and secure your inside network from the Internet while still allowing hosts on the Internet to access your servers

Question 12

Which of the following are types of services that firewalls can provide?

Content filtering

Segregation of network segments

Signature identification

Scanning services

All of the above

Answer 12

All of the above

Most firewalls provide content filtering, signature identification, and the ability to segregate network segments into separate security zones. Most firewalls are also capable of performing scanning services, which means that they scan different types of incoming traffic in an effort to detect problems

Question 13

In which type of test is the testing team provided with limited knowledge of the network systems and devices, using publicly available information, while the security team knows the test is coming?

Blind test

Double-blind test

Target test

Answer 13

Blind test

In a blind test, the testing team is provided with limited knowledge of the network systems and devices, using publicly available information. The organization’s security team knows that an attack is coming. This type of test requires more effort by the testing team

Question 14

Which of the following is a vulnerability scanner?

Network Monitor

Nessus

Traceroute

Answer 14

Nessus

Nessus is a proprietary vulnerability scanning program that requires a license for commercial use yet is the single most popular scanning program in use

Question 15

Which of the following is not a function of Nmap?

Perform port scanning

Identify operating systems

Collect passwords

Answer 15

Collect passwords

Nmap does not collect passwords

Question 16

Changing network configurations, terminating sessions, and deceiving the attacker are actions that can be taken from what type of security device?

Access control list (ACL)

Content filter

Intrusion prevention system (IPS)

Answer 16

Intrusion prevention system (IPS)

Changing network configurations, terminating sessions, and deceiving the attacker are all actions that can be taken by an IPS device

Question 17

___________ act on behalf of the whole network to completely separate packets from internal hosts and external hosts.

Honeypots

IDSs

Proxies

Answer 17

Proxies

Proxies act on behalf of the whole network to completely separate packets from internal hosts and external hosts

Question 18

Which of the following cannot be identified by Nessus?

Unsecured access to sensitive data on a system

IP address conflicts

Misconfigurations like open mail relay

Answer 18

IP address conflicts

Nessus operates by performing a port scan and then follows up with more specific tests, but it cannot identify IP address conflicts

Question 19

A _________ firewall keeps track of the established connections passing through it.

Hardware

Software

Stateful

Answer 19

Stateful

A stateful firewall keeps track of the established connections passing through it. When another packet is received that’s part of an existing connection (part of a current state), the packet is passed without checking the ACLs

Question 20

A(n) _______ learns what is “normal” on the network and can react to abnormalities even if they’re not part of the signature database.

IDS

Firewall

IPS

Answer 20

IPS

An intrusion prevention system (IPS) is like an IDS but with two key differences. First, it learns what is “normal” on the network and can react to abnormalities even if they’re not part of the signature database. Second, it can issue an active response such as shutting down a port, resetting connections, or attempting to lull an attacker into a trap