logo image

CTC 452-01 TEST 2

If you see a /16 in the header of a snort rule, what does it mean?
the subnet mask is 255.255.0.0
Which of the following is true about an NIDPS versus an HIDPS?
an HIDPS can detect attacks not caught by an NIDPS
Which of the following is NOT a typical IDPS component?
Internet gateway
A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.
True
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?
training period
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
hybrid
What is an advantage of the anomaly detection method?
system can detect attacks from inside the network by people with stolen accounts
Where is a host-based IDPS agent typically placed?
on a workstation or server
A weakness of a signature-based system is that it must keep state information on a possible attack
True
Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?
Dynamic Application layer protocol analysis
What are the two standard ports used by FTP along with their function?
TCP 21 control, TCP 20 data
Which of the following is a general practice for a rule base?
permit access to public servers in the DMZ
What is a suggested maximum size of a rule base?
30 rules
Which of the following is NOT among the common guidelines that should be reflected in the rule base to implement an organization’s security policy?
employees can use instant-messaging only with external network users
Software firewalls are usually more scalable than hardware firewalls.
False
At what layer of the OSI model do proxy servers generally operate?
Application
The Cisco PIX line of products is best described as which of the following?
firewall appliance
Which of the following is a typical drawback of a free firewall program?
cannot monitor traffic in real time
Which of the following is a method for supporting IPv6 on IPv4 networks until IPv6 is universally adopted?
Teredo tunneling
Which of the following is an advantage of hardware firewalls?
not dependent on a conventional OS
Which of the following best describes a DMZ?
a subnet of publicly accessible servers placed outside the internal network
Where should network management systems generally be placed?
out of band
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ?
three-pronged firewall
What should you consider installing if you want to inspect packets as they leave the network?
reverse firewall
What is a step you can take to harden a bastion host?
remove unnecessary services
Which type of firewall configuration protects public servers by isolating them from the internal network?
screened subnet DMZ
In what type of attack are zombies usually put to use?
DDoS
Which type of NAT is typically used on devices in the DMZ?
one-to-one NAT
Which type of security device can speed up Web page retrieval and shield hosts on the internal network?
proxy server
Which of the following is true about private IP addresses?
they are not routable on the Internet
Which of the following is true about SSL?
it uses sockets to communicate between client and server
What was created to address the problem of remote clients not meeting an organization’s VPN security standards?
VPN quarantine
Which of the following is an improvement of TLS over SSL?
adds a hashed message authentication code
What are the two modes in which IPsec can be configured to run?
tunnel and transport
Which of the following is true about software VPNs?
more cost-effective than hardware VPNs
Which VPN protocol leverages Web-based applications?
SSL
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet?
IPsec
Which of the following is a type of VPN connection?
client-to-site
Which of the following is NOT an essential element of a VPN?
authentication server
Which of the following is true about using VPNs?
can use an existing broadband connection

Need essay sample on "CTC 452-01 TEST 2"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy