Chapter 5

Review Questions

1. Subnetting ____________________.

A. splits the network IP address on the boundaries between bytes

B. is also called subnet addressing

C. provides very limited security protection

D. requires the use of a Class C network

2. A virtual LAN (VLAN) allows devices to be grouped _____________.

A. logically

B. based on subnets

C. only around core switches

D. directly to routers

3. Convergence combines voice, data, and video traffic ____________.

A. over a single IP network

B. through hubs

C. one stream at a time

D. only on wireless networks

4. Each of the following is a convergence security vulnerability except __________.

A. convergence resource attacks (CRA)

B. VoIP protocols

C. spam

D. lack of encryption

5. Which of the following is not true regarding a demilitarized zone (DMZ)?

A. It contains servers that are only used by internal network users

B. It typically has an e-mail or Web server

C. It can be configured to have one or two firewalls

D. provides an extra degree of security

6. Network address translation (NAT) _________________.

A. substitutes MAC addresses for IP addresses

B. can only be found on core routers

C. removes private addresses when the packet leaves the network

D. can be stateful or stateless

7. Each of the following is a variation available in network access control (NAC) implementations except ____________.

A. Client or clientless

B. Switch, inline, or out-of-band

C. Network or local

D. Pre-connect or post-connect

8. Another name for a packet filter is a(n) __________________.

A. DMZ

B. firewall

C. proxy server

D. honeypot

9. The _____ establishes the action that a firewall takes on a packet.

A. host cache

B. rule base

C. syntax table

D. packet outline

10. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.

A. proxy server

B. content filter

C. intrusion prevention device

D. host detection server

11. A reverse proxy _________________.

A. is the same as a proxy server

B. routes incoming requests to the correct server

C. must be used together with a firewall

D. only handles outgoing requests

12. A honeypot is used for each of the following except ____________.

A. Deflect attention away from real servers

B. Filter packets before they reach the network

C. Provide early warning of new attacks

D. Examine attacker techniques

13. A(n) _____ watches for attacks but only takes limited action when one occurs.

A. network intrusion detection system (NIDS)

B. network intrusion prevention system (NIPS)

C. proxy intrusion device

D. firewall

14. A multipurpose security appliance integrated into a router is known as a(n) _______.

A. unified attack management system (UAMS)

B. integrated network security hardware device

C. intrusion detection/prevention device

D. proxy security system (PSS)

15. Each of the following can be used to hide information about the internal network except ___________.

A. Network address translation (NAT)

B. Proxy server

C. subnetting

D. protocol analyzer

16. The difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is ___________.

A. A NIDS provides more valuable information about attacks

B. A NIPS is much slower because it uses protocol analysis

C. A NIPS can take extended actions to combat the attack

D. There is no difference because a NIDS and a NIPS are equal

17. A variation of NAT that is commonly found on home routers is _______.

A. Network address IP transformation (NAIPT)

B. Port address translation (PAT)

C. Network proxy translation (NPT)

D. Subnet transformation (ST)

18. If a device is determined to have an out-of-date virus signature file then Network Access Control (NAC) can redirect that device to a network by _______.

A. Address Resolution Protocol (ARP) poisoning

B. TCP/IP hijacking

C. DHCP man-in-the-middle

D. a Trojan horse

19. Each of the following is an option in a firewall rule base except _______.

A. delay

B. prompt

C. block

D. allow

20. A firewall using _____ is the most secure type of firewall.

A. stateful packet filtering

B. network intrusion detection system replay

C. reverse proxy analysis

D. stateless packet filtering