CIS 3500 Exam 1 Study Questions (Ch 1-7) With
Complete Solutions
What do load balancers use to determine if a host is operational?
A. Logixn
B. Request count
C. Health checking
D. Time To Live (TTL) - ANSWER C. Health checking
What is meant by the word "stateful" with respect to firewalls?
A. The firewall tracks what country requests are from.
B. Only packets matching an active connection are allowed through.
C. Only packets that are addressed to the internal server are allowed through.
D. The firewall keeps a list of all addresses to prevent spoofing of an internal IP address. -
ANSWER B. Only packets matching an active connection are allowed through.
What is the primary difference between a proxy and a firewall?
A. A proxy allows access, while a firewall denies access.
B. A firewall uses a hardened operating system, while a proxy does not.
C. A proxy makes application-level requests on behalf of internal users, while a firewall
typically just passes through authorized traffic.
,D. A firewall is capable of successfully performing Network Address Translation for internal
clients, while a proxy is forced to reveal internal addressing schemes. - ANSWER C. A proxy
makes application-level requests on behalf of internal users, while a firewall typically just
passes through authorized traffic.
Why is it important for a web application firewall to perform SSL inspection?
A. A lack of SSL inspection would allow a channel of threats past the firewall.
B. SSL inspection is only used when you know you are under attack.
C. Inspecting the SSL traffic assists with load balancing.
D. None of the above. - ANSWER A. A lack of SSL inspection would allow a channel of threats
past the firewall.
An anomaly-based NIPS will alert in which case?
A. When the network traffic matches a known attack pattern
B. When the network traffic deviates from a predefined traffic profile
C. When attack traffic alerts on a host-based intrusion detection system,
forwarding a network cookie to allow the intrusion prevention system to
block the traffic
D. When the network traffic changes from a configured traffic baseline - ANSWER D. When
the network traffic changes from a configured traffic baseline
What is the best policy to use when administrating a firewall?
,A. Quality of service (QoS)
B. Least access
C. First-in, first-out (FIFO)
D. Comprehensive - ANSWER B. Least access
Why does a network protocol analyzer need to be in promiscuous mode?
A. To avoid network ACLs
B. To tell the switch to forward all packets to a workstation
C. To force the network card to process all packets
D. Promiscuous mode is not required. - ANSWER C. To force the network card to process all
packets
Which protocol can create a security vulnerability in switches, firewalls, and routers because it
authenticates using a cleartext password?
A. SNMP
B. SSH
C. SMTP
D. NAT - ANSWER A. SNMP
Why should most organizations use a content-filtering proxy?
, A. To allow users to browse the Internet anonymously
B. To provide a secure tunnel to the Internet
C. To enforce a network acceptable use policy
D. To reduce bandwidth usage with local copies of popular content - ANSWER C. To enforce a
network acceptable use policy
Why is delay-based filtering effective against spam?
A. Spam generators will not send spam if they cannot do it immediately.
B. Spam generators do not wait for the SMTP banner.
C. Spam generators are poorly behaved and will quickly move on to the next server.
D. Spam has a very short TTL value. - ANSWER B. Spam generators do not wait for the SMTP
banner.
Which logs should be examined to determine if an intruder breached internal systems?
Choose all that apply.
A. Router
B. Firewall
C. Caching proxy
D. Switch
E. IDS
Complete Solutions
What do load balancers use to determine if a host is operational?
A. Logixn
B. Request count
C. Health checking
D. Time To Live (TTL) - ANSWER C. Health checking
What is meant by the word "stateful" with respect to firewalls?
A. The firewall tracks what country requests are from.
B. Only packets matching an active connection are allowed through.
C. Only packets that are addressed to the internal server are allowed through.
D. The firewall keeps a list of all addresses to prevent spoofing of an internal IP address. -
ANSWER B. Only packets matching an active connection are allowed through.
What is the primary difference between a proxy and a firewall?
A. A proxy allows access, while a firewall denies access.
B. A firewall uses a hardened operating system, while a proxy does not.
C. A proxy makes application-level requests on behalf of internal users, while a firewall
typically just passes through authorized traffic.
,D. A firewall is capable of successfully performing Network Address Translation for internal
clients, while a proxy is forced to reveal internal addressing schemes. - ANSWER C. A proxy
makes application-level requests on behalf of internal users, while a firewall typically just
passes through authorized traffic.
Why is it important for a web application firewall to perform SSL inspection?
A. A lack of SSL inspection would allow a channel of threats past the firewall.
B. SSL inspection is only used when you know you are under attack.
C. Inspecting the SSL traffic assists with load balancing.
D. None of the above. - ANSWER A. A lack of SSL inspection would allow a channel of threats
past the firewall.
An anomaly-based NIPS will alert in which case?
A. When the network traffic matches a known attack pattern
B. When the network traffic deviates from a predefined traffic profile
C. When attack traffic alerts on a host-based intrusion detection system,
forwarding a network cookie to allow the intrusion prevention system to
block the traffic
D. When the network traffic changes from a configured traffic baseline - ANSWER D. When
the network traffic changes from a configured traffic baseline
What is the best policy to use when administrating a firewall?
,A. Quality of service (QoS)
B. Least access
C. First-in, first-out (FIFO)
D. Comprehensive - ANSWER B. Least access
Why does a network protocol analyzer need to be in promiscuous mode?
A. To avoid network ACLs
B. To tell the switch to forward all packets to a workstation
C. To force the network card to process all packets
D. Promiscuous mode is not required. - ANSWER C. To force the network card to process all
packets
Which protocol can create a security vulnerability in switches, firewalls, and routers because it
authenticates using a cleartext password?
A. SNMP
B. SSH
C. SMTP
D. NAT - ANSWER A. SNMP
Why should most organizations use a content-filtering proxy?
, A. To allow users to browse the Internet anonymously
B. To provide a secure tunnel to the Internet
C. To enforce a network acceptable use policy
D. To reduce bandwidth usage with local copies of popular content - ANSWER C. To enforce a
network acceptable use policy
Why is delay-based filtering effective against spam?
A. Spam generators will not send spam if they cannot do it immediately.
B. Spam generators do not wait for the SMTP banner.
C. Spam generators are poorly behaved and will quickly move on to the next server.
D. Spam has a very short TTL value. - ANSWER B. Spam generators do not wait for the SMTP
banner.
Which logs should be examined to determine if an intruder breached internal systems?
Choose all that apply.
A. Router
B. Firewall
C. Caching proxy
D. Switch
E. IDS
