When an organization first deploys a firewall and chooses to begin logging activity, what should you include in the log file?
A. Only malicious traffic
B. Only DoS traffic
C. Only dropped packets
D. Only allowed packets
E. All events
Answer: E
Learn More :
Network Security
- The use of computer analysis techniques to gather evidence for criminal and/or civil trials is known as:
- To snare intruders, many organizations now use _________ techniques.
- A fundamental technique to determine if an intrusion is in progress in a stable network is: a. anomaly detection b. armoring cable c. RSA algorithm d. patching e. scanning a user's fingerprint Answer: a. anomaly detection
- Which of the following is not a type of intrusion prevention system?
- Which of the following is not true about one-time passwords?
- Which of the following is a mode that is used by IPSec?
- IP Security Protocol:
- A __________ is a trusted organization that can vouch for the authenticity of the person or the organization using the authentication.
- __________ provide authentication which can legally prove who sent a message over a network.
- DES:
- A brute force attack against an encryption system:
- A symmetric encryption system has two parts: the key and the ____________.
- Encryption is the process of:
- A way to prevent intrusion by disguising information through algorithms is:
- Spyware, adware and DDOS agents are three types of:
- A security hole is a(n):
- A(n) _________ is a type of application level firewall that is transparent so that no other computer notices that it is on the network.
- A(n) ____________ acts an intermediate host computer or gateway between the Internet and the rest of the organization's networks.
- IP spoofing means to:
- A(n) ____________ examines the source and destination address of every network packet that passes through it.
- A __________ is a router or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization's network.
- __________ refers to the process of translating between one set of private addresses inside a network and a set of public address outside the network.
- With ANI security control, the network manager:
- The use of a(n) _________ prevents unauthorized intruders from accessing a computer network because the host or server will only permit access via inbound calling from prespecified phone numbers.
- A sniffer program is a:
Firewalls
- All of the following avenues of accessing a firewall's management interface should be limited, restricted, or disabled except:
- The most important configuration element related to a firewall's management interface is:
- What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging?
- What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales?
- What form of encryption allows a firewall to filter based on the original source and destination address?
- When a firewall is able to process packets, filter malicious code, and transmit authorized communications onward to their destination without introducing latency or lag, this is known as operating at
- Which of the following limitations or potential weaknesses of a firewall cannot be fixed or corrected with the application of an update or patch?
- The performance of what type of communication session can be improved using caching on a firewall?
- Which of the following is not related to improving or maintaining the performance of a firewall?
- Which of the following is not a limitation or potential weakness of a firewall?
- What is the biggest issue or problem with an IDS?
- Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?
- All of the following events appearing in a firewall log warrant investigation by an administrator except:
- Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted?
- You can use firewall logging to perform all of the following activities except:
- What mechanism allows a firewall to hand off authentication to a dedicated service hosted on a different system?
- The default-deny rule appears where in the rule set?
- Which of the following is a default-deny rule?
- Which of the following is a firewall rule that prevents internal users from accessing public FTP sites?
- What is the primary purpose of a post-mortem assessment review?
- The purpose of a post-mortem assessment review is to learn from mistakes, improve the process in future events, and avoid a recurrence of the same mistakes. True or False
- What is the key factor that determines how valuable and relevant a vulnerability assessment's report is?
- Vulnerability scanning focuses on mitigating known exploitable weaknesses or vulnerabilities in deployed systems. True or False?
- Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?
VPNs
- All of the following avenues of accessing a firewall's management interface should be limited, restricted, or disabled except:
- The most important configuration element related to a firewall's management interface is:
- What is the name of a single device that is based on a firewall but that has been expanded and improved to perform a wide variety of services, such as filtering, IPS, antivirus scanning, anti-spam filtering, VPN endpoint hosting, content filtering, load-balancing, and detailed logging?
- What is the primary factor used to distinguish a great firewall enhancement from a marketing gimmick used to drive up sales?
- What form of encryption allows a firewall to filter based on the original source and destination address?
- When a firewall is able to process packets, filter malicious code, and transmit authorized communications onward to their destination without introducing latency or lag, this is known as operating at
- Which of the following limitations or potential weaknesses of a firewall cannot be fixed or corrected with the application of an update or patch?
- The performance of what type of communication session can be improved using caching on a firewall?
- Which of the following is not related to improving or maintaining the performance of a firewall?
- Which of the following is not a limitation or potential weakness of a firewall?
- What is the biggest issue or problem with an IDS?
- Which of the following is an event found in a firewall log file that is a symptom of a rogue host operating within the private network?
- All of the following events appearing in a firewall log warrant investigation by an administrator except:
- Which of the following is a highly recommended method or technique for keeping firewall logs secure and uncorrupted?
- You can use firewall logging to perform all of the following activities except:
- What mechanism allows a firewall to hand off authentication to a dedicated service hosted on a different system?
- The default-deny rule appears where in the rule set?
- Which of the following is a default-deny rule?
- Which of the following is a firewall rule that prevents internal users from accessing public FTP sites?
- What is the primary purpose of a post-mortem assessment review?
- The purpose of a post-mortem assessment review is to learn from mistakes, improve the process in future events, and avoid a recurrence of the same mistakes. True or False
- What is the key factor that determines how valuable and relevant a vulnerability assessment's report is?
- Vulnerability scanning focuses on mitigating known exploitable weaknesses or vulnerabilities in deployed systems. True or False?
- Which of the following is not typically considered a form of network security assessment in terms of how well existing security stands up to current threats?