Question 1. What should a company consider installing on the network perimeter to prevent direct connections between the internal network and the Internet to help protect its data warehouses and employee privacy?

Router
VPN server
ICMP monitor
Proxy server

Question 2. The Cisco PIX line of products is best described as which of the following?

software firewall
PC with firewall installed
firewall appliance
VPN gateway

Question 3. Which of the following is a typical drawback of a free firewall program?

cannot monitor traffic in real time
oversimplified configuration
have centralized management
more expensive than hardware firewalls

Question 4. Which of the following is an advantage of hardware firewalls?

not scalable compared to software firewalls
not dependent on a conventional OS
less expensive than software firewalls
easy to patch

Question 5. What are the two standard ports used by FTP along with their function?

UDP 23 control, TCP 20 data
UDP 20 data, TCP 21 control
TCP 21 control, TCP 20 data
TCP 23 data, TCP 21 control

Question 6. Which of the following is true about private IP addresses?

they are assigned by the IANA
they are not routable on the Internet
they are targeted by attackers
NAT was designed to conserve them

Question 7. Which type of security device can speed up Web page retrieval and shield hosts on the internal network?

caching firewall
proxy server
caching-only DNS server
DMZ intermediary

Question 8. Which of the following is true about a dual-homed host?

serves as a single point of entry to the network
its main objective is to stop worms and viruses
uses a single NIC to manage two network connections
it is used as a remote access server in some configurations

Question 9. Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address?

one-to-one NAT
port address translation
one-to-many NAT
DMZ proxy translation

Question 10. Which of the following is a disadvantage of using a proxy server?

shields internal host IP addresses

slows Web page access
may require client configuration
can't filter based on packet content

Question 11. Which of the following is a type of VPN connection?

site-to-server
client-to-site
server-to-client
remote gateway

Question 12. Which of the following is NOT a factor a secure VPN design should address?

Encryption
Authentication
Nonrepudiation
performance

Question 13. Which IPsec component authenticates TCP/IP packets to ensure data integrity?

AH
ESP
IKE
ISAKMP

Question 14. Which of the following is NOT an essential element of a VPN?

VPN server
Tunnel
VPN client
authentication server

Question 15. Which of the following is NOT true about a hardware VPN?

should be the first choice for fast-growing networks
can handle more traffic than software VPNs
have more security vulnerabilities than software VPNs
create a gateway-to-gateway VPN

Question 16. Which of the following is true about the Internet?

it is the same as the World Wide Web
it was established in the mid-1960s
it was developed by a network of banks and businesses
it was originally built on an extended star topology

Question 17. Which of the following is a highly secure public facility in which backbones have interconnected data lines and routers that exchange routing and traffic data?

ISP
POP
NAP
NSF

Question 18. What makes IP spoofing possible for computers on the Internet?

network address translation
the lack of authentication
the 32-bit address space
the DNS hierarchy

Question 19. What type of attack displays false information masquerading as legitimate data?

Java applet
Phishing
Buffer overflow
SQL injection

Question 20. Which of the following best describes ROI?

the chance that a threat will result in lost money
how long before an investment will pay for itself
the cost of mitigating a threat

the benefits of setting security priorities

Question 21. What is considered the first step in formulating a security policy?

risk analysis
elimination of threats
risk reduction
system monitoring

Question 22. Which of the following best describes a Monte Carlo simulation?

a technique for simulating an attack on a system
a formula that estimates the cost of countermeasures
a procedural system that simulates a catastrophe
an analytical method that simulates a real-life system for risk analysis

Question 23. Which of the following is a security-related reason for monitoring and evaluating network traffic?

to determine if your IDPS signatures are working well
to create substantial data to analyze
to optimize your router and switch protocols
to see how many files employees download form the Internet

Question 24. Which of the following is NOT typically an aspect of a security event management program?

monitoring events
managing IDPS firmware
managing data from sensors
managing change

Question 25. What should an outside auditing firm be asked to sign before conducting a security audit?

subpoena

nondisclosure agreement
search and seizure contract
social engineering covenant