Elance Firewall Concepts Test Answers 2015
·
What firewall based technology would you use
to create a secure tunnel connection from a corporate headquarters to a remote
branch office?
VPN
Tunnel
HTTPS
Radius
When configuring a firewall to deny port 3389
to a RDP server that is to receive the SYN packet, what is the address?
Flag
Destination
Source
Connected
Which of the folllowing firewalls keeps track
of the state of network connections ?
Static filtering
Stateless inspection
Stateful inspection
Dynamic Filtering
What is a DMZ zone?
Dual Master Zone
DeMilitarized Zone
Donor Master Zone
Dedicated Master Zone
Your client asks you to create a rule for FTP
access, what port(s) will you add on the firewall?
20 and 21
20
8021
2121
Which of the following 8-bit values identifies
the maximum time the packet can remain in the system before it is dropped?
fragment
time to live
checksum
protocol
Which TCP port is used by Telnet?
110
80
23
72
What is the primary purpose of a firewall?
Enables fast forwarding
Route frames
Route hot packets
Inspect packets
Which of the following server creates a secure
tunnel connection?
RADIUS
tunnel
authentication
VPN
Your customer asks you to allow ALL hosts from
the Internet to company's secure webserver (Secure HTTP), what port do you open
on the firewall?
23
22
443
43
FTP uses which of the following port as
control port?
21
22
20
23
Which of the following is not a recognized
generation of Firewall?
First Generation
Third Generation
DMZ
Second generation
What device logically filters traffic at the
edge of a computer network and the Internet?
Switch
Firewall
Router
Hub
Which of the following is TRUE?
The firewall may be a separate computer system, a
software service running on an existing router or server, or a separate network
containing a number of supporting devices
All of the given options are correct
Firewalls can be categorized by processing mode,
development era, or structure
Firewalls categorized by which level of technology
they employ are identified by generation, with the later generations being more
complex and more recently developed
You want to filter all traffic going to an
internal web server from the Internet side of the firewall, what port will you
filter on the firewall?
8080
80
21
25
In an IP packet header, which of the following
is the address of the computer or device that is to receive the packet?
total length
source address
flag
destination address
What port does FTP use for the control port?
20
23
21
22
Which of the following firewalls works at the
application level?
Packet filtering firewal
application-level firewalls
circuit firewall
MAC layer firewalls
Which port does secure HTTP use?
442
8080
443
441
What application controls what information is
transmitted or received from an external source destined to a server,
workstation, or computer that is based on a preset of rules and/or user
preferences?
Server
Repeater
Router
Firewall
Some firewalls deploy a technology that allows
monitoring of traffic in and out of a network and alerts network staff when
suspicious traffic patterns occur.
Router
IDS
Hub
Switch
Which of the following firewalls keeps track
of the connection state?
Packet filtering firewall
Stateful packet filtering firewall
Application layer firewall
Router enhanced firewall
You are a network administrator and you have
been asked to add a deny all ICMP firewall stated that is sourced from the
Internet; you add a deny all for ICMP, what common command would you use to
test your newly added rule?
Traceroute
ICMP
PING
MTR
What is a host based firewall?
Software firewall installed on a
server/workstation/desktop
A proxy server configured to handle http requests
A device that is installed by your Internet Service
Provider
A Firewall connected directly to the Network
Interface Card of a Computer
When referring to firewall concepts, what are
application level gateways?
HTTP servers
Proxy servers
IP Servers
HTTP servers
Packets contain an 8-bit value that determines
the maximum time the packet can remain the CPU, Memory, and Buffer circuits of
a firewall before it is dropped or discarded, what is this called?
Protocol
Time To Live
Fragment
Checksum
When designing a network that consists of a
firewall, the firewall design needs to be "BLANK" so that it can grow
with the network it protects.
Cost effective
Robust
Scalable
Expensive
The Windows based program, ZoneAlarm is an
example of a "BLANK" firewall?
Software
Business
Corporate
IDS
What types of firewalls are able to analyze
the contents of packets and the IP headers for signs that the traffic is
legitimate?
Stateless
Software
Boundary
Stateful
Which of the following is another term for a
packet of digital information?
header
data
datagram
footer
Which of the following is not a VALID basic
criteria for rule in the firewall policy?
Destination
User
Service
Source
Which of the following valid OSI layer are
covered by packet filtering firewall operation ?
Network layer
Transport layer
At the Application layer
Both Transport layer and Network layer
The practice of designing operational aspects
of a system to work with a minimal amount of system privilege is called:
IP forwarding
least privilege
access denied
failover firewall
When referring to firewalls, what does SPI
Stand for?
Stateless Packet Inspection
Shared Packet Interconnection
Stateful Packet Inspection
Source Packet Information
Ports up to which of the following are called
well-known ports?
1025
255
1023
1500
Which particular firewall usually consists of
two separate firewall devices?
Application –level firewall
MAC layer firewalls
Hybrid Firewall
Dynamic Filtering
What main attributes are used at layer 4 of
the OSI model to filter traffic on a firewall?
Frames and packets
Source and/or destination IP Addresses
Source and/or destination TCP/UDP ports
ICMP and IP
When packets are being processed by a hardware
firewall, one of the several steps in processing the packets is an
error-checking procedure that is performed in the trailer section of an IP
Packet, this is called what?
IFG
IPC (IP Check)
CRC
FQDN
Which type of firewall involves firewall
software installation directly on the user's system?
Third Generation
Residential –Grade Firewall
Commercial –Grade Firewall
Fourth Generation
Which of the following are the most common
restrictions implemented in packet filtering firewalls?
All of the given options are valid
IP source and destination address
Inbound Direction
Outbound Direction
When troubleshooting the flow of packets
through a firewall, a datagram is called what at the network layer of the OSI
model?
Frames
Packets
Segments
Bits
What port do most DDOS DNS attacks occur on?
161
80
53
443
Which of the following firewall makes the
filtering decision based on the media access control address of the
source/destination of a packet ?
MAC layer Firewalls
Packet Filtering
Circuit Gateways
Application Gateways
Zone Alarm is an example of which type of
firewall?
proxy
IDS
corporate
personal
The basic concept of a SYN flooding attack
lies in the design of what handshake that begins a TCP connection?
4-way
2-way
TCP
3-way
What it is called when a packet arrives at a
firewall, gets analyzed and determines that no connection exists and the packet
is dropped?
Stateful Packet Inspection
Connection Oriented Inspection
Stateless Packet Inspection
Stateful Frame Inspection
A stateful firewall maintains which of the
following?
bridging table
connection table
routing table
state table
What happens when a packet arrives on an
interface and a route exists in the local routing table and the firewall routes
the packet back out the same interface the packet arrived on?
Interface will get disabled due to a routing
conflict
The Packet is allowed, but marked as low priority
The Packet is dropped
Poison reverse routing is disabled and the packet
is allowed
What specific chip design allows firewalls to
accelerate packet processing to analyze and filter packets between an untrusted
and trusted network?
MIPS
Intel X86
RISC
ASIC
What technology is used on firewalls that
process stateful packet inspections at the hardware level and as close to the
line rate as possible?
ACL
ASIC
Intel
SPI
True/False: Application proxy firewalls are
faster than Stateful Packet Inspection firewalls.
False
True
Which of the following firewall's filtering
process can be either Stateful, Stateless or both ?
Circuit Gateways
Application Gateways
Packet Filtering
MAC layer firewalls
What device should be the front line defense
in your network?
Network Layer Firewalls
Application Based Firewalls
Packet Filtering Firewalls
Stateful Packet Inspection firewall
What kind of firewall is the opensource
IPtables firewall commonly found on Linux Distros?
Connection oriented firewall
Stateful
Zone Based
Stateless
Which particular generation firewall are
stateless in nature ?
Second generation
Third Generation
Fourth Generation
First Generation
A Stateful Packet Inspection firewall
maintains a "BLANK", which is also just a list of active connections.
NAT Table
Routing Table
Connection Table
State Table
Ports up to "BLANK" are considered
well known ports.
65536
1024
1023
65524
True/False: NAT is considered as a firewall
technology.
True
False
What kind of firewall is the integrated
Microsoft Windows firewall application?
Stateful
Stateless
Zone Based
Connection oriented firewall
A "BLANK" flowing through a firewall
is another term for a packet of digital information.
Frame
Datagram
Data
Packet
Network-based firewalls and Host-based
firewalls are valid categories of which of the following firewall ?
Circuit Gateways
Hybrids
Application –level firewall
MAC layer firewalls
What do circuit layer Firewalls monitor?
Transport Handshaking
TCP Handshaking
IP Handshaking
UDP Handshaking
Which of the following is not a VALID subset
of packet filtering firewalls?
Stateless inspection
Dynamic Filtering
Stateful inspection
Static filtering
A dynamic or Stateful Packet Inspection
firewall maintains active "BLANK" sessions and "BLANK"
pseudo sessions.
Server and Host
Stateful and Stateless
TCP and UDP
IP and ICMP
Which of the following is not a VALID
processing –mode category of firewalls?
Proxy firewalls
Circuit gateways
Packet filtering Firewalls
Application gateways
What is a Cisco Access Control List (ACL)
considered as?
Controlled
Stateful
Stateless
NAT
Which of the following is a mechanism designed
into operating system kernel ?
Second generation
Third Generation
Fifth Generation
First Generation
Which of the following servers in the DMZ
needs only list a limited number of public IP addresses?
DNS
NAT
proxy
firewall
Which of the following is FALSE about Circuit
Gateways?
Circuit Gateway firewalls provide a common access
mechanism which is not dependent on the destination application
Circuit Gateway firewalls provide a unique access
mechanism based on the destination application
Circuit gateways firewalls DO NOT look at data
traffic flowing between one network and another
Firewall operates at the transport layer
Which generation firewalls are stateful
inspection firewalls?
Second generation
First Generation
Fourth Generation
Third Generation
In an IP packet header, which of the following
describes the length of the header in 32-bit words and is a 4-bit value?
total length
fragment offset
header checksum
Internet header length
Which of the following can have different
components of the firewall for different systems?
dual-homed firewalls
packet filtering routers
screened subnet firewall
Screened Host Firewalls
What layer(s) does an SPI firewall generally
operate at?
Application
Network
D and F
Data Link
Which of the following is not a vaild
categorization of Firewall based on structure?
residential grade
application-based
hardware-based
commercial-grade
What layer of the OSI model do Circuit Layer
Firewalls operate at?
Application Layer
Session Layer
Transport Layer
Network Layer
Which of the following is not a vaild
categorization of Firewall based on processing mode?
Application filtering
Packet filtering Firewalls
Application gateway
Circuit gateway
Which level proxy provides protection at the
session layer of OSI?
circuit
application
server
proxy
Which of the following is an INVALID common
architectural implementation of firewall?
packet filtering routers
Dynamic Filtering
dual-homed firewalls
screened host firewalls
Which of the following host is sometimes
called a dual-homed gateway or bastion host?
proxy
blocked
stub
sceened
Which generation firewalls are either
application-level firewalls or proxy servers?
Second generation
Third Generation
First Generation
Fourth Generation
Subscribe to:
Posts (Atom)
