Security+ Mock Exam Questions Set 2

The deny all is the most restrictive statement that is implicitly defined in the fireall when no other statement is configured. This will get applied to all packets that do not match with the criteria mentioned in the list above the deny all statement.

If you wish to allow the external users access your Web server you must unblock port number 80.

NTFS supports EFS (Encrypted File System) which allows data stored on a mass storage device to be saved in encrypted format.

SMTP service uses port number 25.

As the name suggests the modem mainly modulates and demodulates signals. Seated (logically) between the telephone line and the PC, it is responsible for converting the analog signals of the telephone to the digital signals required by the PC and vice versa.

Since the only protocol that supports cross platform communication is IP, the best way to implement security in this scenario would be through IPSec. PPTP is a tunneling protocol and does not relate to security. Kerberos is a LAN security protocol. Certificates can help in this scenario provided the access limitation is acceptable.

Authorizing the sender of the update and then checking for verification purpose is one way of securing the DNS server database and service availability.

A VPN tunnel requires tunneling protocols. L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are the only two relevant protocols that relate to VPN. HTTP and NNTP are services that are usually configured on a Web Server.

There are web sites that keep updating vulnerability information for different platforms. It is ideal to constantly browse these sites and keep checking if it applicable for the platform and applications housed in your web server. Another mandatory task is to update virus definition files regularly.

The port number 443 must also be blocked.

Stateful Inspection firewall will not operate on all the & layers of OSI reference mode.

Blocking port numbers 67 and 68 on the external interface of the firewall for incoming connections will ensure that no external user will be able to access the internal DHCP service.

Proxy service as well as the Router is both capable of Network Address translation (NAT) which is the basic function of a firewall.

In the mentioned scenario, the RADIUS server would be challenging the users request first, the rest of the servers on the network, would then verify with this RADIUS server at a later stage when they receive a request for resource access from this dial-in or remote user.

SLIP and PPP are the only two protocols that can be used for dial-up connections. SLIP is now obsolete. PPTP is a tunneling protocol and POP3 is used for mail retrieval.

The best way to preserve an internal server from external attacks is to make sure there are no unnecessary services running on the server, no unused user names are existing in the user database, all vulnerabilities are being verified and monitored at required intervals.

The mentioned devices purpose is media access. Media access is the responsibility of Layer 2 or the data link layer. Hence the devices belong to data link layer.

The firewall will first look at the destination address.

The access policy or the Service access policy will dictate to what extend the external users can access internal network resources or which of the internal resources will be totally inaccessible to the outside world.

It is not wise to have just one administrator account in case that administrator gets locked out. It is always safe to rename guest and administrator accounts renamed. Administrator passwords must be difficult to guess and should not be blank.

Infrared and Radio frequency are two different communication media. The Infrared communication requires line of sight. If the device that intends interception is placed in the line of sight as the main devices then interception will be very easy. This mode of communication is least secure.

Usually email attachments are documents, pictures or zip files. EXE files are usually too large to be sent as mail attachments hence EXE file virus is not appropriate. Boot record virus is deposited into a system through floppy media and not via email.

The microwave operates on the 2.4 GHz range, which is why is it is necessary to place the Wireless 802.11b and g devices slightly apart from Microwave device when used in homes. Blue-tooth as well as Wireless 802.11b and g devices operate on 2.4 GHz frequency.

The Stateful inspection firewall, monitors connection status based on the state table. It functions on the network layer and monitors connection status for the entire network.

Scan before downloading will ensure the message that is infected will be deleted before actually downloading to the hard disk. Scan before sending will ensure that you are not inadvertently transmitting a virus along with the message tot the destination email Id.

Stateful inspection is a type of filtering used when complex security is required and header information of packets will have to be read to perform filtering. In the above mentioned scenario, you just need filtering based on port numbers. This type of filtering is done in packet filtering firewall types. Port filtering is a function and not a firewall type. Application filtering is irrelevant.

Before transmitting any email, the mail server is bound to verify the domain in the destination address of the email to see if it the domain name is self or not before it actually sends the mail out. Before receiving any email its primary security function is to ensure that the email is not infected. In case of the email being infected it is supposed to be discarded.

TACACS (Terminal Access Controller Access Control System), RADIUS are both dedicated authenticating services for dial in users. IAS (Internet Authentication Server) is not ideally meant for this purpose.

It is always safe that you host a database server on a server resource internal to the network rather than on the same server as your Web server. A three-tier model ensures security to your database server as the database server cannot be directly accessed in this model. Centralized or distributed administration will not be a security concern here.