Chapter 6 Review Question Answers

  1. Which of the following is true about subnetting?
  1. It requires the use of a Class B network.
  2. It divides the network IP address on the boundaries between bytes.
  3. It provides very limited security protection.
  4. Itis also called subnet addressing.
  1. A virtual LAN (VLAN) allows devices to be grouped ______.
  1. based on subnets
  2. logically
  3. directly to hubs
  4. only around core switches
  1. Which of the following devices is easiest for an attacker to take advantage of in order to capture and analyze packets?
  1. hub
  2. switch
  3. router
  4. load balancer
  1. Which of the following is not an attack against a switch?
  1. MAC flooding
  2. ARP address impersonation
  3. ARP poisoning
  4. MAC address impersonation
  1. Which of the following is not true regarding a demilitarized zone (DMZ)?
  1. It provides an extra degree of security.
  2. It typically includes an e-mail or Web server.
  3. It can be configured to have one or two firewalls.
  4. It contains servers that are only used by internal network users.
  1. Which of the following is true about network address translation (NAT)?
  1. It substitutes MAC addresses for IP addresses.
  2. It removes private addresses when the packet leaves the network.
  3. It can only be found on core routers.
  4. It can be stateful or stateless.
  1. Which of the following is not an advantage of a load balancer?
  1. The risk of overloading a desktop client is reduced.
  2. Network hosts can benefit from having optimized bandwidth.
  3. Network downtime can be reduced.
  4. DoS attacks can be detected and stopped.
  1. Which is another name for a packet filter?
  1. proxy server
  2. reverse proxy server
  3. DMZ
  4. firewall
  1. A _____ firewall allows the administrator to create sets of related parameters that together define one aspect of the device’s operation.
  1. rule-based
  2. host-based
  3. signature-based
  4. settings-based
  1. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.
  1. content filter
  2. host detection server
  3. proxy server
  4. intrusion prevention device
  1. A reverse proxy ______.
  1. only handles outgoing requests
  2. is the same as a proxy server
  3. must be used together with a firewall
  4. routes incoming requests to the correct server
  1. Which is the preferred location for a spam filter?
  1. Install the spam filter with the SMTP server.
  2. Install the spam filter on the POP3 server.
  3. Install the spam filter on the proxy server.
  4. Install the spam filter on the local host client.
  1. A _____ watches for attacks and only sounds an alert when one occurs.
  1. network intrusion prevention system (NIPS)
  2. proxy intrusion device
  3. network intrusion detection system (NIDS)
  4. firewall
  1. A multipurpose security device is known as a(n) ______.
  1. unified attack management system (UAMS)
  2. intrusion detection/prevention device
  3. all-in-one network security appliance
  4. proxy security system (PSS)
  1. Each of the following can be used to hide information about the internal network except ______.
  1. a protocol analyzer
  2. a proxy server
  3. network address translation (NAT)
  4. subnetting
  1. What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)?
  1. A NIPS can take actions quicker to combat an attack.
  2. A NIDS provides more valuable information about attacks.
  3. A NIPS is much slower because it uses protocol analysis.
  4. There is no difference because a NIDS and a NIPS are equal.
  1. A variation of NAT that is commonly found on home routers is ______.
  1. Port address translation (PAT)
  2. Network proxy translation (NPT)
  3. Network address IP transformation (NAIPT)
  4. Subnet transformation (ST)
  1. If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by ______.
  1. a Trojan horse
  2. TCP/IP hijacking
  3. Address Resolution Protocol (ARP) poisoning
  4. DHCP man-in-the-middle
  1. Each of the following is an option in a firewall rule except ______.
  1. prompt
  2. block
  3. delay
  4. allow
  1. A firewall using _____ is the most secure type of firewall.
  1. stateful packet filtering
  2. network intrusion detection system replay
  3. stateless packet filtering
  4. reverse proxy analysis