Network hardware that provides multiple security functions.
A monitoring technique used by an IDS that creates a baseline of normal activities and compares actions against the baseline. Whenever a significant deviation from this baseline occurs, an alarm is raised.
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.
Demilitarized Zone (DMZ)
A separate network that rests outside the secure network perimeter; untrusted outside users can access the DMZ but cannot enter the secure network.
A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.
Host Intrusion Detection System (HIDS)
A software-based application that runs on a local host computer that can detect an attack as it occurs.
Intrusion Detection System (IDS)
A device designed to be active security; it can detect an attack as it occurs.
A device that can direct requests to different servers based on a variety of factors, such as the number of server connections, the server's processor utilization, and overall performance of the server.
Network Access Control (NAC)
A technique that examines the current state of a system or network device before it is allowed to connect to the network.
Network Address Translation (NAT)
A technique that allows private IP addresses to be used on the public Internet.
Network Intrusion Detection System (NIDS)
A technology that watches for attacks on the network and reports back to a central device.
Network Intrusion Prevention System (NIPS)
A technology that monitors network traffic immediately react to block a malicious attack.
A computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
Any combination of hardware and software that enables remote users to access a local internal network.
A computer or an application program that routes incoming request to the correct server.
A device that can forward packets across computer networks.
A monitoring technique used by an IDS that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
Subnetting (Subnet Addressing)
A technique that uses IP addresses to divide a network into network, subnet, and host.
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
Virtual LAN (VLAN)
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.
Virtual Private Network (VPN)
A technology to use an unsecured public network, such as the Internet, like a secure private network.
A device that aggregates hundreds or thousands of VPN connections.
Web Application Firewall
A special type of firewall that looks more deeply into packets that carry HTTP traffic.
Web Security Gateway
A device that can block malicious content in "real time" as it appears (without first knowing the URL of a dangerous site).
International Organization for Standardization
ISO stands for the __________.
Open Systems Interconnection
OSI stands for the __________.
D. it is also called subnet addressing
Which of the following is true about subnetting? A. it requires the use of a Class B network B. it divides the network IP address on the boundaries between bytes C. it provides very limited security provisions D. it is also called subnet addressing
A virtual LAN (VLAN) allows devices to be grouped __________. A. based on subnets B. logically C. directly to hubs D. only around core switches
Which of the following devices is easier for an attacker to take advantage of to capture and analyze packets? A. hub B. switch C. router D. load balancer
B. ARP address impersonation
Which of the following is not an attack against a switch? A. MAC flooding B. ARP address impersonation C. ARP poisoning D. MAC address impersonation
D. it contains servers that are used only by internal network users
Which of the following is not true regarding a demilitarized zone (DMZ)? A. it provides an extra degree of security B. it typically includes an e-mail or Web server C. it can be configured to have one or two firewalls D. it contains servers that are used only by internal network user
B. it removes private addresses when the packet leaves the network
Which of the following is true about network address translation (NAT)? A. it substitutes MAC addresses for IP addresses B. it removes private addresses when the packet leaves the network C. it can be found only on core routers D. it can be stateful or stateless
A. the risk of overloading a desktop client is reduced
Which of the following is not an advantage of a load balancer? A. the risk of overloading a desktop client is reduced B. network hosts can benefit from having optimized bandwidth C. network downtime can be reduced D. DoS attacks can be detected and stopped
Which of the following is another name for a packet filter? A. proxy server B. reverse proxy server C. DMZ D. firewall
A __________ firewall allows the administrator to create sets of related parameters that together define one aspect of the device's operation.
C. proxy server
A(n) __________ intercepts an internal user request and then processes that request on behalf of the user. A. content filter B. host detection server C. proxy server D. intrusion prevention device
D. routes incoming requests to the correct server
A reverse proxy __________. A. only handles outgoing requests B. is the same as a proxy server C. must be used together with a firewall D. routes incoming requests to the correct server
A. install the spam filter with the SMTP server
Which is the preferred location for a spam filter? A. install the spam filter with the SMTP server B. install the spam filter on the POP3 server C. install the spam filter on the proxy server D. install the spam filter on the local host client
C. network intrusion detection system (NIDS)
A __________ watches for attacks and sounds an alert only when one occurs. A. network intrusion prevention system (NIPS) B. proxy intrusion device C. network intrusion detection systems (NIDS) D. firewall
C. all-in-one network security appliance
A multipurpose security device is known as a(n) __________. A. unified attack management system (UAMS) B. intrusion detection/prevention device C. all-in-one network security appliance D. proxy security system (NSS)
A. a protocol analyzer
Each of the following can be used to hide information about the internal network except __________. A. a protocol analyzer B. a proxy server C. network address translation (NAT) D. subnetting
A. A NIPS can take actions quicker to combat an attack
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? A. A NIPS can take actions quicker to combat an attack B. A NIDS provides more valuable information about attacks C. A NIPS is much slower because it uses protocol analysis D. There is no difference because a NIDS and a NIPS are equal
A. port address translation (PAT)
A variation of NAT that is commonly found on home routers is ___________. A. port address translation (PAT) B. network proxy translation (NPT) C. network address IP transformation (NAIPT) D. subnet transformation (ST)
C. Address Resolution Protocol (ARP) poisoning
If a device is determined to have an out-of-date virus signature file, then Network Access Control (NAC) can redirect that device to a network by __________. A. a Trojan horse B. TCP/IP hijacking C. Address Resolution Protocol (ARP) poisoning D. DHCP man-in-the-middle
Each of the following is an option in a firewall rule except __________. A. prompt B. block C. delay D. allow
C. stateless packet filtering
A firewall using __________ is the most secure type of firewall. A. stateful packet filtering B. network intrusion detection system replay C. stateless packet filtering D. reverse proxy analysis