Quiz for chapter 4 IAS

MULTIPLE CHOICE

1. Firewall type that filters based on source and destination IP addresses .

a. Network Layer Firewall

b. Transport Layer Firewall

c. Application Layer Firewall

d. Context Aware Application Firewall

answer: Network Layer Firewall

2. Firewall type that filters based on application, program or service.

a. Network Layer Firewall

b. Transport Layer Firewall

c. Application Layer Firewall

d. Context Aware Application Firewall

answer: Application Layer Firewall

3. Filtering of web content requests like URL, domain, media, etc.

a. Proxy Server

b. Reverse Proxy Server

c. Host-based Firewall

d. Network Address Translation (NAT) Firewall

answer: Proxy Server
4. Hides or masquerades the private addresses of network hosts.

a. Proxy Server

b. Reverse Proxy Server

c. Host-based Firewall

d. Network Address Translation (NAT) Firewall

answer: Network Address Translation

5. Placed in front of web servers, these servers protect, hide, offload, and distribute access to web
servers.

a. Proxy Server

b. Reverse Proxy Server

c. Host-based Firewall

d. Network Address Translation (NAT) Firewall

answer: Reverse Proxy Server

6. “The host replied indicating a service is listening on the port.” is the port scan host response of?

a. Open or Accepted 

b. Closed, Denied, or Not Listening

c. Filtered, Dropped, or Blocked

d. Encrypted
answer: Open or Accepted

7. “The host replied indicating that connections will be denied to the port.” is the port scan host
response of?

a. Open or Accepted 

b. Closed, Denied, or Not Listening

c. Filtered, Dropped, or Blocked

d. Encrypted
answer: Closed, Denied, or Not Listening
 8. “There was no reply from the host.” is the port scan host response of?

a. Open or Accepted 

b. Closed, Denied, or Not Listening

c. Filtered, Dropped, or Blocked

d. Encrypted

answer: Filtered, Dropped, or Blocked

9. Which of the choices are not among the “Security Best Practices”.

a. Perform Risk Assessment

b. Perform and Test Backups

c. Implement a Comprehensive Endpoint Security Solution

d. Don’t Encrypt Data

answer: Don’t Encrypt Data

10. Process of probing a computer, server or other network host for open ports.

a. Port Probing

b. Port Exploiting

c. Port Hacking

d. Port Scanning
answer: Port Scanning

TRUE OR FALSE

1. Security appliances can be stand-alone devices, like a router or firewall, a card that can be
installed into a network device, or a module with its own processor and cached memory.
ANSWER: TRUE
 2. To execute a port-scan of your network from outside of the network, you will need to initiate
the scan from outside of the network. ANSWER: TRUE

3. A botnet is a single bot, connected through the Internet, with the ability to be controlled by a
malicious individual or group. ANSWER: FALSE

4. In cybersecurity, the Kill Chain is the stages of an information systems attack. ANSWER: TRUE

5. Router has many capabilities besides just routing functions, including traffic filtering, encryption,
and capabilities for secure encrypted tunneling. ANSWER: TRUE

6. The Stage 6 of The Kill chain of Cyberdefense is "Action". ANSWER: FALSE

7. Cisco Identity Services Engine (Cisco ISE) and Cisco TrustSec enforce access to network resources
by creating role-based access control policies that segment access to the network (guests,
mobile users, employees) without added complexity. ANSWER: TRUE

8. An Intrusion Detection System (IDS) has the ability to block or deny traffic based on a positive
rule or signature match. ANSWER: FALSE

9. Software is not perfect. When a hacker exploits a flaw in a piece of software before the creator
can fix it, it is known as a zero-day attack. ANSWER: TRUE

10. The primary mission of CSIRT is to help ensure company, system, and data preservation by
performing comprehensive investigations into computer security incidents. ANSWER: TRUE

IDENTIFICATION

1. It is software that collects and analyzes security alerts, logs and other real time and historical
data from security devices on the network.
ANSWER: Security Information and Event Management

2. Helps ensure company, system, and data preservation by performing comprehensive

investigations into computer security incidents.
ANSWER: Computer Security Incident Response Team
3. It is a behavior-based detection tool that first lures the attacker in by appealing to the attacker’s
predicted pattern of malicious behavior, and then, when inside the honeypot, the network
administrator can capture, log, and analyze the attacker’s behavior.
ANSWER: Honeypot

4. It comes in next generation devices and can also be installed as software in host computers.
ANSWER: Advance Malware Protection

5. It is a collection of repeatable queries (reports) against security event data sources that lead to
incident detection and response.
ANSWER: Security playbook

6. It has the ability to perform real-time traffic and port analysis, logging, content searching and
matching, and can detect probes, attacks, and port scans. It also integrates with other third-
party tools for reporting, performance and log analysis.
ANSWER: Sourcefire

7. Designed for secure encrypted tunneling.

ANSWER: VPN or Virtual Private Network

8. It is a software or hardware system designed to stop sensitive data from being stolen from or
escaping a network.
ANSWER: Data Loss Prevention Software

9. It is used to gather information about data flowing through a network.

ANSWER: NetFlow technology

10. Firewall type that does filtering of ports and system service calls on a single computer operating
system.
ANSWER: Host-based Firewall