Quiz 12: Securing Tcp/Ip Environments

Proxy server software permits internal network addresses to be "translated" into public network addresses when packets leave inside networks so only public IP addresses are exposed on the public Internet.

When users from outside the network attach to a service inside the network, they actually attach to the proxy server, which establishes a proxy session into the private side of the network from there.

Strictly speaking, VPNs use tunneling protocols; therefore, they need to encrypt tunneled traffic.

Fundamental protocols-including IP and TCP or UDP-offer no built-in security controls.

A stealthy attacker may cover its tracks by deleting log files, or terminating any active direct connections. Indicate the answer choice that best completes the statement or answers the question.

In which of the following attacks is the attacker able to intercept traffic from both parties and either pass the traffic unaltered to the other end of the communication link, or the attacker can forge replies from either side? A)DoS attack B)brute force attack C)man-in-the middle attack D)IP service attack

Which type of attack includes SYN Flood, broadcast amplification attacks, and buffer overflow? A)DoS-related B)Brute force-related C)Man-in-the-middle-related D)IP service-related

Which of the following is a process of borrowing identity information, such as an IP address, domain name, NetBIOS name, or TCP or UDP port numbers to hide or deflect interest in attack activities? A)Ingress filtering B)Data authentication C)Network sniffing D)Spoofing

Which of the following terms means restricting who may view or use certain resources, including access to bandwidth or a computer, as well as access to information? A)Access control B)Connectionless integrity C)Data origin authentication D)Confidentiality

Which of the following refers to a successful attempt to compromise a system's security? A)discovery B)exploit C)break-in D)gateway

Which of the following types of attacks serves the purpose of masquerading as an authorized user in order to gain access to a system? A)egress filtering B)session hijacking C)data authentication D)network sniffing

Which type of device makes access control decisions on the basis of application content rather than by looking at IP addresses or port numbers and can act on a host to deny potentially malicious activity? A)Firewall B)IPS C)IDS D)Proxy

Which of the following software programs can attempt to communicate with any IP-based system while cycling through all valid TCP and UDP port addresses? A)agent B)Trojan C)port scanner D)socket

Which of the following is a weak spot or known place of attack on any common operating system, application, or service? A)back door B)hole C)discovery D)hash

Which of the following reveals a system vulnerability and is often documented, either by the manufacturer or by an attacker? A)hole B)exploit C)break-in D)attack

Which of the following is a specially "hardened" software service or software/hardware product that erects a barrier to inspect and control traffic flow between networks? A)firewall B)bastion host C)DMZ D)boundary router

Which of the following terms is a hardened computer specifically designed to resist and oppose illicit or unwanted attempts at entry, and whose job is to guard the boundary between internal and external networks? A)firewall B)bastion host C)DMZ D)boundary router

Which of the following serves the purpose of finding out what you have and what is vulnerable? A)reconnaissance B)covering-up C)session hijacking D)packet sniffing

Which of the following is an undocumented and illicit point of entry into an operating system or application added by a system's programmers to bypass normal security? A)back door B)hole C)discovery D)hash

Which of the following is a type of software that opens the door for a compromised machine to display all kinds of unsolicited and unwanted advertising, often of an unsavory nature? A)SA bundle B)Spyware C)Adware D)Cache

Which type of attacks are designed to interrupt or completely disrupt operations of a network device or network communications? A)Trojan horse attacks B)Dictionary attacks C)DoS attacks D)Worms

Which of the following is an area that's accessible to both outsiders and insiders, but which establishes a buffer area between what's completely inside and outside a network boundary? A)firewall B)bastion host C)DMZ D)boundary router

Which of the following is unsolicited and unwanted software that takes up stealthy unauthorized and uninvited residence on a computer? A)SA bundle B)Spyware C)Adware D)Cache

Which of the following is the ability to verify that the data received did in fact come from the named source? A)Access control B)Connectionless integrity C)Data origin authentication D)Confidentiality

In how many minutes can any knowledgeable systems professional with the right toolkit break into just about any system if allowed unsupervised and unrestricted access to the computer on which such a system resides? A)15 minutes B)20 minutes C)25 minutes D)30 minutes

Which of the following best defines an attempt to snoop inside traffic moving across the Internet to look for unprotected account and password information, or to obtain other sensitive information while it's in transit? A)brute force attack B)user impersonation C)session hijacking D)packet sniffing Enter the appropriate word(s) to complete the statement.

A(n) ____________________ is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

In a(n) ____________________ attack, a service is inundated with requests, or malformed service requests, which cause a server to hang or freeze, preventing it from responding to input.

A(n) ____________________ consists of creating hashed values for all words in a specialized dictionary of terms, then comparing those values to the hashed values in password files.

A(n) ____________________ model excludes users from access to resources, by default, and then adds whatever users need access to such resources as exceptions to the general exclusionary rule.

____________________ attacks are DoS attacks that are launched from numerous devices.

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -any activity that represents a potential danger or attack on a system or network

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -any type of network service that permits users elsewhere on a network to use the network to log on to a system as if they were attached locally while operating remotely

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -an ICMP Echo-based operation used to locate active devices on a network

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -the process of examining the "footprints" that an attacker leaves behind

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -a special-purpose software tool that cycles through all possible TCP and UDP port addresses looking for open ports that then can be probed for access or exploited for vulnerabilities

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -a manager system in a DDoS attack

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -an IP attack technique whereby an impostor takes over an ongoing communications session between a client and server

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -a document that represents the concrete manifestation of an organization's requirements for security practices, rules, and procedures

Match each item with a statement below. a.threat b.remote logon service c.PING sweep d.computer forensics e.port scanner f.handler g.session hijacking h.security policy i.honeypot -a computer system deliberately set up to attract, entice, and entrap would-be attackers, often by being made to appear part of a larger network

According to RFC 4301, what are the goals of IPSec?

Briefly describe IP service implementation vulnerabilities, and insecure IP protocols and services.

Provide a brief definition of spoofing.

What is the difference between an attack and an exploit?

Briefly describe the following types of attacks: DoS, man-in-the-middle, and IP service.

Discuss the risks of allowing anonymous access.

Discuss the difference between physical security and personnel security.

What is meant by the term buffer overflow?

What are the steps when planning and implementing firewalls and proxy servers on your networks?

Briefly define proxy server, screening host, and screening router.