CNIT 455 Exam I

studied byStudied by 1 person
0.0(0)
learn
LearnA personalized and smart learning plan
exam
Practice TestTake a test on your terms and definitions
spaced repetition
Spaced RepetitionScientifically backed study method
heart puzzle
Matching GameHow quick can you match all your cards?
flashcards
FlashcardsStudy terms and definitions

1 / 209

encourage image

There's no tags or description

Looks like no one added any tags here yet for you.

210 Terms

1

T/F A Packet Filter is hardware that limits connectivity

F (Software)

New cards
2

Packet filters block _______ and ______ traffic

ingress, egress

New cards
3

Packet filters use ____ based filtering

rule

New cards
4

Packet filter rules are combined into ________

rulesets

New cards
5

T/F A good practice with packet filters is to allow what you want then deny all else.

T

New cards
6

A firewall always includes a ______ ______

packet filter

New cards
7

T/F All packet filters are firewalls

F (Firewalls contain packet filters, not vice versa)

New cards
8

T/F Windows firewall, iptables, and pfsense are examples of software "firewalls"

T

New cards
9

T/F Packet filters are often used as a replacement in the IP stack on modern implementations.

F (uncommon)

New cards
10

T/F Packet filters are often implemented as a specialized network device.

T

New cards
11

One should always use __ rather than ___ when configuring a packet filter, as the latter is far easier to spoof.

IP, DNS

New cards
12

When filtering by IP, one should control access based on the ______/__________ IP address.

source/destination

New cards
13

T/F Packet filters are vulnerable to IP address spoofing via ARP.

T

New cards
14

LSRR stands for

Loose Source Record Routing

New cards
15

T/F LSRR tells packets specific routes to gain access to otherwise unreachable networks.

T

New cards
16

T/F LSRR prevents machines from spoofing addresses.

F (Enables spoofing, as net traffic can still find the machine)

New cards
17

T/F You should always enable LSRR on border routers and firewalls

F (DISABLE IT)

New cards
18

UDP and TCP communication is based on numbered _____

ports

New cards
19

T/F UDP and TCP source and destination ports are standardized.

F (only destination)

New cards
20

UDP and TCP ______ ports are chosen randomly, from port ____ and above

source, 1024

New cards
21

The two types of port filtering are ______ and ________

Static, dynamic

New cards
22

Static port filtering involves only allowing traffic based on ____ number or IP/____ number combination

port

New cards
23

In static port filtering, each packet is checked _____________

independently

New cards
24

Dynamic port filtering is also known as ________ ______ __________

stateful packet inspection

New cards
25

Dynamic port filtering checks the _______ of the packet as well as ______ and ___________ addresses

context, source, destination

New cards
26

T/F Destination Static Port Filtering involves examining and filtering based on source port number

F (destination you dip)

New cards
27

The major limitation of Destination Static Port Filtering is that it only works if a server responds to incoming messages on the _________ ____

receiving port

New cards
28

In source static port forwarding, source ports are typically randomly chosen from numbers above ____

1023

New cards
29

In source static port forwarding, after a server sends a message using a random port > 1023, the return traffic will be _______ by the firewall.

blocked

New cards
30

To work around the blocking caused by SSPF, you must ______ incoming traffic for ports > 1023

allow

New cards
31

T/F Allowing traffic for SSPF is a massive security problem.

T

New cards
32

By monitoring the source port for ingress traffic in SSPF, you have created a __-__________ static filter

bi-directional

New cards
33

TCP Static Source Port Filtering consists of performing a check on the ___ bit of outgoing TCP traffic

ACK

New cards
34

TCP SSPF does not work for flows that dynamically open ________ connections, such as FTP or H.323

Multiple

New cards
35

UDP source packet filtering can be done by denying ___ traffic

UDP

New cards
36

T/F UDP SPSF is essentially impossible due to the reliance on DNS

T

New cards
37

To solve the inherent problem with DNS in UDP SPSF, one can use DNS _________ and limit IP addresses to your upstream DNS server

forwarding

New cards
38

In _______ packet filtering, ports are closed until they are needed.

Dynamic

New cards
39

Dynamic Packet Filtering builds a _____ _____ of information about communications

state table

New cards
40

T/F The state table in DPF keeps track of sequence numbers of TCP packets and UDP data flows.

T

New cards
41

T/F Dynamic Packet Filtering cannot perform authentication upon session startup

F (it can)

New cards
42

T/F Dynamic packet filtering can examine the application layer to ensure the traffic is what it says it is.

T

New cards
43

The three things that can be done when a filter blocks traffic are:

1. Send ICMP host not reachable

2. Send ICMP host not administratively reachable

3. Send _______

Nothing

New cards
44

The safest solution when deciding to block traffic is to send ______

Nothing

New cards
45

The primary strength of a packet filter is how ____ it is

fast

New cards
46

T/F A packet filter can approach line speeds.

T

New cards
47

T/F Packet filters log everything that passes through them.

F (Too much data to collect)

New cards
48

T/F Packet filters are fully capable of perfectly authenticating all traffic passing through

F (very limited authentication)

New cards
49

T/F Once you allow traffic to pass through a filter, it likely cannot be tracked.

T

New cards
50

T/F Always ensure Loose Source Record Routing is disabled.

T

New cards
51

T/F Best practice is to send an ICMP host not reachable message when a packet is blocked by a firewall.

F (Send nothing)

New cards
52

T/F A properly configured packet filter is immune to IP address spoofing

F (Not immune)

New cards
53

T/F All modern packet filters implement stateful (dynamic) packet inspection

T

New cards
54

T/F Your mail server is delivering a message to an external address. The source port address will be TCP 25.

F (The source address will be randomly chosen from a value of 1024 or higher, up to 2^16)

New cards
55

T/F Stateful packet inspection is another term for application layer gateway.

F (Stateful packet inspection is a filtering method. As such packets are delivered from the source to the destination. An application layer gateway breaks the data flow into two separate sessions: one between the target and the ALG and one from the requester and the ALG)

New cards
56

T/F To simplify writing packet filter rules you should use DNS domain names instead of IP addresses.

F

New cards
57

T/F The biggest disadvantage of packet filtering is that a direct connection is made between the source and destination hosts.

T

New cards
58

T/F Using UDP static filtering and allowing outgoing connections effectively opens up all non-reserved UDP ports for incoming traffic.

T

New cards
59

IPsec adds security to the IPv4 or IPv6 ________ layer

network

New cards
60

IPsec reduces the need for __________ layer security

Application

New cards
61

T/F IPsec can provide a layer of security to inherently insecure application layer protocols.

T

New cards
62

IPsec runs at a ___ layer of the operating system

low

New cards
63

T/F IPsec does not support filtering

F (it does)

New cards
64

T/F IPsec will filter all traffic across the network at all times.

F (some traffic is handled natively by IP/TCP/UDP, etc)

New cards
65

The two modes of IPsec operation are __________ and ______

Transport, Tunnel

New cards
66

The two protocols utilized in IPsec are the ____________ _______ protocol, and the ____________ _______ _______.

Authentication Header, Encapsulating Security Payload

New cards
67

T/F IPsec AH and ESP can be used simultaneously.

T

New cards
68

T/F The authentication header can be used for encryption of network traffic.

F (only authentication)

New cards
69

T/F Both transport and tunnel mode can work with AH and ESP.

T

New cards
70

Transport mode is used to secure any layer _ or above protocol set.

4

New cards
71

T/F Transport mode can be used with virtually all application layer protocols

T

New cards
72

T/F IPsec does not require the communication endpoint to be the cryptographic endpoint.

F (comm endpoint must be cryptographic endpoint)

New cards
73

Transport mode is used to protect standard application layer data during transmission across an _______ network.

insecure

New cards
74

T/F Tunnel mode requires an entire IP packet to be encapsulated into the IPsec data field.

T

New cards
75

Tunnel mode is utilized for the creation of ___ connections.

VPN

New cards
76

Authentication Header protocol was established with RFC ____.

4301

New cards
77

AH in included in IP Protocol __.

51

New cards
78

AH provides authentication of the entire IPv4 _______

datagram

New cards
79

AH ensures a packet is not _______ or _______.

spoofed, munged

New cards
80

T/F Authentication Headers provide an anti-replay service with optional sequence numbers.

T

New cards
81

T/F Even when using Authentication Headers, the source address could be spoofed.

F (theoretically the source address cannot be spoofed)

New cards
82

Authentication Headers doe not ______ data.

encrypt

New cards
83

Encapsulating Security Payload is included in RFC ____, ____ et. al.

2460, 4303

New cards
84

ESP is included in IP Protocol __

50

New cards
85

ESP provides for ___________ and/or _________

authentication, encryption

New cards
86

T/F ESP allows implementation of authentication and encryption, but neither have to be enabled when configuring IPsec.

F (one must be specified, otherwise why enable it to begin with)

New cards
87

IPsec supports many block ciphers using ______ _____ _______ (CBC)

Cipher Block Chaining

New cards
88

An IPsec ________ defines the set of cryptographic tools used by IPsec

transform

New cards
89

PIX/ASA implementations of IPsec refer to crypto tools as _______ ____

transform sets

New cards
90

In cryptography, a _______ __________ is a one way set of security information used to facilitate a logical connection between nodes

security association

New cards
91

___ security associations are required for duplex communication.

two

New cards
92

A Security Association contains cryptographic information, including __________, _________ information, and ___ information

authenticators, Encryption, MAC

New cards
93

T/F Before two nodes can communicate securely, they must sort out their security associations

T

New cards
94

Transforms that can be performed in IPsec include ___/__, ______ with key, and ___ with key

ESP/AH, Cipher, MAC

New cards
95

Both nodes must agree on the _______ of interest

traffic

New cards
96

T/F Both nodes must agree on the path MTU.

T

New cards
97

The _______ ________ _____ is a unique 32 bit value identifying each individual data flow.

Security Parameter Index

New cards
98

T/F IPsec security associations are usually manually configured

F (Rarely done, as it is less secure than automatic)

New cards
99

IPsec security associations are configured automatically via a ___ _______ ______

key exchange protocol

New cards
100

ISAKMP stands for

Internet Security Association Key management protocol

New cards
robot