CNIT 455 Exam I Latest Update with Verified Solutions

CNIT 455 Exam I Latest Update with Verified Solutions T/F A Packet Filter is hardware that limits connectivity F (Software) Packet filters block _______ and ______ traffic ingress, egress Packet filters use ____ based filtering rule Packet filter rules are combined into ________ rulesets T/F A good practice with packet filters is to allow what you want then deny all else. T A firewall always includes a ______ ______ packet filter T/F All packet filters are firewalls F (Firewalls contain packet filters, not vice versa) T/F Windows firewall, iptables, and pfsense are examples of software "firewalls" T T/F Packet filters are often used as a replacement in the IP stack on modern implementations. F (uncommon) T/F Packet filters are often implemented as a specialized network device. T One should always use __ rather than ___ when configuring a packet filter, as the latter is far easier to spoof. IP, DNS When filtering by IP, one should control access based on the ______/__________ IP address. source/destination T/F Packet filters are vulnerable to IP address spoofing via ARP. T LSRR stands for Loose Source Record Routing T/F LSRR tells packets specific routes to gain access to otherwise unreachable networks. T T/F LSRR prevents machines from spoofing addresses. F (Enables spoofing, as net traffic can still find the machine) T/F You should always enable LSRR on border routers and firewalls F (DISABLE IT) UDP and TCP communication is based on numbered _____ ports T/F UDP and TCP source and destination ports are standardized. F (only destination) UDP and TCP ______ ports are chosen randomly, from port ____ and above source, 1024 The two types of port filtering are ______ and ________ Static, dynamic Static port filtering involves only allowing traffic based on ____ number or IP/____ number combination port In static port filtering, each packet is checked _____________ independently Dynamic port filtering is also known as ________ ______ __________ stateful packet inspection Dynamic port filtering checks the _______ of the packet as well as ______ and ___________ addresses context, source, destination T/F Destination Static Port Filtering involves examining and filtering based on source port number F (destination you dip) The major limitation of Destination Static Port Filtering is that it only works if a server responds to incoming messages on the _________ ____ receiving port In source static port forwarding, source ports are typically randomly chosen from numbers above ____ 1023 In source static port forwarding, after a server sends a message using a random port > 1023, the return traffic will be _______ by the firewall. blocked To work around the blocking caused by SSPF, you must ______ incoming traffic for ports > 1023 allow T/