Computer Security Quiz 9

A packet filtering firewall is typically configured to filter packets going in both directions. T/F?

True

The countermeasure to tiny fragment attacks is to discard packets with an inside source address if the packet arrives on an external interface. T/F?

False

A traditional packet filter makes filtering decisions on an individual packet basis and does not take into consideration any higher layer context. T/F?

True

A logical location for implementing IPSec is in a firewall. T/F?

True

Distributed firewalls protect against internal attacks and provide protection tailored to specific machines and applications. T/F?

False

An important aspect of a distributed firewall configuration is security monitoring. T/F?

True

Unlike a firewall, an IPS does not block traffic. T/F?

False

A ____ gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host.

Circuit-level

An example of a circuit-level gateway implementation is the ____ package.

SOCKS

Typically the systems in the ___ require or foster external connectivity such as a corporate Web site, an e-mail server, or a DNS server.

DMZ

A ___ consists of a set of computers that interconnect by means of a relatively unsecure network and makes use of encryption and special protocols to provide security.

VPN

A NIPS using ____ scans for attack signatures in the context of a traffic stream rather than individual packets.

Stateful matching

A NIPS using ____ looks for deviation from standards set forth in RFCs.

Protocol anomaly

The ___ attack is designed to circumvent filtering rules that depend on TCP header information.

Tiny fragment

A ___ is inserted between the premises network and the Internet to establish a controlled link and to erect an outer security wall or perimeter to protect the premises network from Internet-based attacks.

firewall

The __ IP address is the IP address of the system that originated the IP packet.

source

A ____ firewall controls the traffic between a personal computer or workstation on one side and the Internet or enterprise network on the other side.

personal

Snort Inline adds three new rule types: drop, reject, and ___.

Sdrop

A single device that integrates a variety of approaches to dealing with network-based attacks is referred to as a ____ system.

UTM

The firewall follows the classic military doctrine of ___ because it provides an additional layer of defense.

defense in depth