FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 6: Security Technology: Access Controls, Firewalls, and VPNS

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Multiple Choice

Review LaterAdd Note

Review Later

Which of the following is not a major processing mode category for firewalls  

A)  Packet-filtering firewalls
B)  Application gateways 
C)  Circuit gateways​
D)  Router passthru

Correct Answer

verified

Show Answer

Question 22

Short Answer

Review LaterAdd Note

Review Later

A packet-____________________ firewall installed on a TCP/IP-based network typically functions at the IP level and determines whether to drop a packet (deny) or forward it to the next network connection (allow) based on the rules programmed into the firewall.

Correct Answer

verified

Show Answer

Question 23

Short Answer

Review LaterAdd Note

____________________ firewalls combine the elements of other types of firewalls-that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.

Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. _________________________

The proxy server is often placed in an unsecured area of the network or is placed in the __________ zone.

Briefly describe the best practice rules for firewall use.

SESAME uses ____________________ key encryption to distribute secret keys.

A firewall cannot be deployed as a separate network containing a number of supporting devices.

As organizations implement cloud-based IT solutions, bring your own device (BYOD) options for employees, and other emerging network solutions, the network perimeter may be ____________________ for them.

Because the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the __________ host.

Kerberos __________ provides tickets to clients who request services.

Authentication is the process of validating and verifying an unauthenticated entity's purported identity.

SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers-in the case of a client, this key is simply the client's encrypted password. _________________________

An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. _________________________

In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) __________.

A(n) intranet ​is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. _________________________

A routing table tracks the state and context of each packet in the conversation by recording which station sent what packet and when. _________________________

The application layer proxy firewall is also known as a(n) __________.

Syntax errors in firewall policies are usually difficult to identify.

A(n) __________ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.