CIS 231 EXAM 2 WITH COMPLETE
SOLUTIONS
Tonya is a network engineer. She is developing a new security policy for her company's
IT infrastructure. She understands that the heart of performing a risk assessment, which
is a necessary part of policy development, is understanding assets, likelihoods, threats,
and _________. - Answer- vulnerabilities.
In deploying security for a network, which method is no longer seen as truly secure or
sufficient for protecting logins? - Answer- Single-factor authentication
A small fire breaks out in the lunch room of a branch office and the fire alarms sound.
The employees are directed to leave the building and assemble in the parking lot. What
condition is required to enable them to cross restricted access areas that are normally
locked? - Answer- Fail-open
A company hires security experts to play the role of hackers. The experts are asked to
attempt to breach the infrastructure to determine how secure the company is from
threats. The experts are also asked to recommend improvements. What is this activity
called? - Answer- Penetration testing
Alphonse is a networking contractor who has been hired by a small to medium-sized
company to configure its firewall. The firewall comes preconfigured with a common rule
set that allows web, email, instant messaging, and file transfer traffic using default ports.
The company wants to allow access to secure websites and common website protocols
but block access to insecure Internet websites. Which of the following is the best
solution? - Answer- Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Duncan runs a small writing and editing business. He employs two people in his small
office/home office (SOHO). He also has general knowledge of networking, including
how to configure a basic firewall to protect the network. His off-the-shelf firewall has rule
sets built in with several main elements. Duncan is currently setting rules for TCP and
UDP. What element is he working with? - Answer- Base protocol
Shoshana is a network technician for a mid-sized organization. She is configuring
firewall rules. She is in a firewall's graphical interface and sets a rule as TCP,
192.168.42.0/24, ANY, ANY, 443, Allow. In what order is this rule organizing protocols,
source addresses, source and target ports, and actions? - Answer- Protocol, source
address, source port, target address, target port, action
, Lenita is a network technician. She is setting up a rule set for a firewall in her company's
demilitarized zone (DMZ). For email, she creates an allow-exception rule permitting
Simple Mail Transfer Protocol (SMTP) traffic on port 25 to leave the internal network for
the Internet. Her supervisor examines Lenita's work and points out a possible problem.
What is it? - Answer- The allow-exception rule could create a loophole threatening
internal communications on the same port.
Reid is a network security trainer for a mid-sized company. He is demonstrating
alternative methods of protecting a network using unconventional means. The IT
department's "sandbox" network is used for testing and is not connected to the
production network. Using the sandbox, Reid shows how to protect a network from
external threats without using a firewall. What is Reid's approach? - Answer- Packet
Sniffer
Leandro is writing a firewall policy. He needs to define which type of firewall he needs
for each portion of the infrastructure based on differing areas of risk and trust. What are
these areas called? - Answer- Security zones
Carl is a networking student who is reading about methods of encryption and how they
work with firewalls. Right now, he is studying a form of encryption that encrypts the
entire original payload and header of a packet. However, because the header contains
only information about endpoints, it is not useful for a firewall filtering malicious traffic.
Which of the following is the encryption method being described? - Answer- Tunnel
mode
Depending on the firewall, a single rule can sometimes define outbound and inbound
communication parameters. - Answer- True
Isabella is a network administrator. She is researching virtual private network (VPN)
options for company employees who work from home. The solution must provide
encryption over public networks, including the Internet; not rely upon pathways the
company owns; be reliable; and not be subject to eavesdropping. It must also be cost-
effective. Which solution does she choose? - Answer- Secured VPN
Otto is one of many employees working from home. Because his home is located in a
rural area, the only form of connectivity available is dial-up. To connect to his office
located in an urban community, what must the IT department set up? - Answer- Remote
access server (RAS)
Which of the following statements is TRUE of connections between a corporate local
area network (LAN) and a remote client, such as a remote worker? - Answer- The
remote client can have either a dedicated or a nondedicated connection to the Internet.
Diego is a network consultant. He is explaining the benefits of virtual private network
(VPN) connections for remote clients to the owner of a company who wants to allow
most staff to work remotely. He says that a VPN is both private and secure. What does
SOLUTIONS
Tonya is a network engineer. She is developing a new security policy for her company's
IT infrastructure. She understands that the heart of performing a risk assessment, which
is a necessary part of policy development, is understanding assets, likelihoods, threats,
and _________. - Answer- vulnerabilities.
In deploying security for a network, which method is no longer seen as truly secure or
sufficient for protecting logins? - Answer- Single-factor authentication
A small fire breaks out in the lunch room of a branch office and the fire alarms sound.
The employees are directed to leave the building and assemble in the parking lot. What
condition is required to enable them to cross restricted access areas that are normally
locked? - Answer- Fail-open
A company hires security experts to play the role of hackers. The experts are asked to
attempt to breach the infrastructure to determine how secure the company is from
threats. The experts are also asked to recommend improvements. What is this activity
called? - Answer- Penetration testing
Alphonse is a networking contractor who has been hired by a small to medium-sized
company to configure its firewall. The firewall comes preconfigured with a common rule
set that allows web, email, instant messaging, and file transfer traffic using default ports.
The company wants to allow access to secure websites and common website protocols
but block access to insecure Internet websites. Which of the following is the best
solution? - Answer- Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Duncan runs a small writing and editing business. He employs two people in his small
office/home office (SOHO). He also has general knowledge of networking, including
how to configure a basic firewall to protect the network. His off-the-shelf firewall has rule
sets built in with several main elements. Duncan is currently setting rules for TCP and
UDP. What element is he working with? - Answer- Base protocol
Shoshana is a network technician for a mid-sized organization. She is configuring
firewall rules. She is in a firewall's graphical interface and sets a rule as TCP,
192.168.42.0/24, ANY, ANY, 443, Allow. In what order is this rule organizing protocols,
source addresses, source and target ports, and actions? - Answer- Protocol, source
address, source port, target address, target port, action
, Lenita is a network technician. She is setting up a rule set for a firewall in her company's
demilitarized zone (DMZ). For email, she creates an allow-exception rule permitting
Simple Mail Transfer Protocol (SMTP) traffic on port 25 to leave the internal network for
the Internet. Her supervisor examines Lenita's work and points out a possible problem.
What is it? - Answer- The allow-exception rule could create a loophole threatening
internal communications on the same port.
Reid is a network security trainer for a mid-sized company. He is demonstrating
alternative methods of protecting a network using unconventional means. The IT
department's "sandbox" network is used for testing and is not connected to the
production network. Using the sandbox, Reid shows how to protect a network from
external threats without using a firewall. What is Reid's approach? - Answer- Packet
Sniffer
Leandro is writing a firewall policy. He needs to define which type of firewall he needs
for each portion of the infrastructure based on differing areas of risk and trust. What are
these areas called? - Answer- Security zones
Carl is a networking student who is reading about methods of encryption and how they
work with firewalls. Right now, he is studying a form of encryption that encrypts the
entire original payload and header of a packet. However, because the header contains
only information about endpoints, it is not useful for a firewall filtering malicious traffic.
Which of the following is the encryption method being described? - Answer- Tunnel
mode
Depending on the firewall, a single rule can sometimes define outbound and inbound
communication parameters. - Answer- True
Isabella is a network administrator. She is researching virtual private network (VPN)
options for company employees who work from home. The solution must provide
encryption over public networks, including the Internet; not rely upon pathways the
company owns; be reliable; and not be subject to eavesdropping. It must also be cost-
effective. Which solution does she choose? - Answer- Secured VPN
Otto is one of many employees working from home. Because his home is located in a
rural area, the only form of connectivity available is dial-up. To connect to his office
located in an urban community, what must the IT department set up? - Answer- Remote
access server (RAS)
Which of the following statements is TRUE of connections between a corporate local
area network (LAN) and a remote client, such as a remote worker? - Answer- The
remote client can have either a dedicated or a nondedicated connection to the Internet.
Diego is a network consultant. He is explaining the benefits of virtual private network
(VPN) connections for remote clients to the owner of a company who wants to allow
most staff to work remotely. He says that a VPN is both private and secure. What does
