Module 8 Security Technology: Access Controls, Firewalls, and VPNS Multiple Choice 55. access control is a form of particular areas of access. access control in which users are assigned a matrix of authorizations for a. task-based, discretionary b. role-based, nondiscretionary c. mandatory, discretionary d. lattice-based, nondiscretionary 56. Which of the following is not a major processing mode category for firewalls? 57. a. Packet-filtering b. Application Layer Proxy c. Media Access Control Layer d. Router Passthrough firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information. b. Application gateway a. Packet-filtering c. Circuit gateway d. MAC layer 58. The restrictions most commonly implemented in packet-filtering firewalls are based on 59. a. IP source and destination address b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of these answers are correct filtering requires that the firewall's filtering rules for allowing and denying packets are manually developed and installed with the firewall. a. Dynamic b. Static c. Stateful d. Stateless 60. A 61. filtering firewall can react to an emergent event and update or create rules to deal with the event. a. dynamic c. stateful b. static d. stateless inspection firewalls keep track of each network connection between internal and external systems. b. Dynamic a. Static c. Stateful d. Stateless 62. The application layer proxy firewall is also known as a(n). a. application firewall c. proxy firewall b. client firewall d. All of these are correct 63. The proxy server is often placed in an unsecured area of the network or is placed in the a. fully trusted b. hot Zone. Module 8 Security Technology: Access Controls, Firewalls, and VPNs c. demilitarized 64. The 65. d. cold. is an intermediate area between a trusted network and an untrusted network. a. perimeter c. domain b. DMZ d. firewall make filtering decisions based on the specific host computer's identity, as represented by its network interface card (NIC) address, and operate at the data link layer of the OSI model or the subnet layer of the TCP/IP model. a. Media Access Control Layer c. Application gateway 66. Because the sacrificial host. b. Circuit gateway d. Packet-filtering host stands as a sole defender on the network perimeter, it is commonly referred to as the b. domain a. trusted c. DMZ d. bastion 67. The dominant architecture used to secure network access today is the a. static b. bastion c. unlimited d. screened subnet 68. Configuring firewall is viewed as much an art as it is a science. a. policies c. VPNs b. subnets d. protocols 69. Telnet protocol packets usually go to TCP port a. 23, 52 b. 80, 52 c. 80, 25 d. 23,25 70. Known as the ping service,, snooping. a. RADIUS c. telnet b. ICMP d. DNS firewall whereas SMTP packets go to port is a common method for hacker reconnaissance and should be turned off to prevent 71. In most common implementation models, the content filter has two components: a. allow and deny b. filtering and encoding c. rating and decryption d. rating and filtering 72. and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection. a. RADIUS b. RADIAL c. TUNMAN d. IPSEC 73, Which of the following versions of TACACS is still in use? Module 8 Security Technology: Access Controls, Firewalls, and VPNs a. TACACS v2 b. Extended TACACS c. TACACS+ d. All of these are correct 74. The service within Kerberos that generates and issues session keys is known as a. VPN c. AS b. KDC d. TGS 75. Kerberos provides tickets to clients who request services. a. KDS c. AS b. TGS d. VPN 76. In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n). a. VPN c. ticket 77. A(n) b. ECMA d. PAC is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. a. SVPN c. SESAME b. VPN d. KERBES 78. In a. tunnel mode, the data within an IP packet is encrypted, but the header information is not. b. transport c. public d. symmetric 79. The primary benefit of a VPN that uses system. a. intermediate mode c. reversion mode b. tunnel mode d. transport mode is that an intercepted packet reveals nothing about the true destination