Question 1: Which of the following is the latest VPN protocol?
WireGuard
OpenVPN
IPSec
SSTP
Solution: WireGuard
Question 2: A firewall can be implemented in the following ways EXCEPT:
As a module in a router or a switch
As a specialized firewall hardware
As a software running on a PC operating system
As a module in a network interface card
Solution: As a module in a network interface card
Question 3: In what way is an IPS (intrusion prevention system) different from an IDS (intrusion detection system)?
An IPS can prevent an attack while an IDS can detect an attack
IDS is installed on a host while IPS is installed on a network
IPS is more intelligent than an IDS because it uses machine learning
Upon detecting a malicious activity, an IDS will only generate an alert while an IPS will attempt to take an appropriate action to mitigate the attack
Solution: Upon detecting a malicious activity, an IDS will only generate an alert while an IPS will attempt to take an appropriate action to mitigate the attack
Question 4: Why is stateful inspection firewall more secure than the packet filtering firewall?
Stateful inspection firewall will automatically block high-numbered ports without having to specify them in the rules
Stateful inspection firewall will only allow incoming packets to high-numbered ports if they are part of an active TCP connection
Stateful inspection firewall can filter packets based on the network application
Stateful inspection firewall can allow for more specific rules
Solution: Stateful inspection firewall will only allow incoming packets to high-numbered ports if they are part of an active TCP connection
Question 5: Which of the following security objectives are important when VPN is used for organizations?
Confidentiality and authenticity
Privacy and authenticity
Confidentiality and anonymity
Privacy and anonymity
Solution: Confidentiality and authenticity
Question 6: An online NIDS (Network-based intrusion detection system) is characterized by:
Its ability to perform traffic evaluation in real time
Its ability to utilize online resources in detecting malicious activities
Its ability to be online 24/7 and monitor traffic all the time
Its ability to search for vulnerability signature online
Solution: Its ability to perform traffic evaluation in real time
Question 7:Which of the following specifies the main difference between stateful inspection firewall and packet filtering firewall?
State inspection firewall is faster
Stateful inspection firewall maintains the list of active TCP connections
Stateful inspection firewall can identify to which network application the packet belongs to
State inspection firewall can detect a network attack
Solution: Stateful inspection firewall maintains the list of active TCP connections
Question 8: Which of the following security threats cannot be prevented by a firewall?
A DDoS attack coming from a specific IP address range
A staff who attempts to use BitTorrent application for downloading pirated software and movies
An external attacker who attempts to exploit an unused port on a server in the DMZ
A malware downloaded through Web browsing activity of staff within the organization
Solution: A malware downloaded through Web browsing activity of staff within the organization
Question 9: Choose the correct statement regarding signature-based and anomaly-based IDS detection methods
Anomaly-based detection can only detect both active and passive attacks while signature-based detection only detect passive attacks
Signature-based detection makes use of machine learning algorithms and therefore is more accurate than anomaly-based detection
Signature-based detection may suffer from false positives while anomaly-based detection is more accurate
Signature-based detection can only detect known attacks while anomaly-based detection can detect new attacks
Solution: Signature-based detection can only detect known attacks while anomaly-based detection can detect new attacks
Question 10: Which of the following statements are TRUE about the TCP SYN flood attack?
Select one or more:
It is a type of reflector DDoS attack
It works by having the attacker to pretend to establish TCP connection to the victim but never actually complete the connection
It causes the victim to use up its system resources
It attempts to saturate the bandwidth of the victim
Solution: It works by having the attacker to pretend to establish TCP connection to the victim but never actually complete the connection
It causes the victim to use up its system resources
Question 11: Which of the following statements are TRUE about the HTTP flood attack?
Select one or more:
It can be configured to cause the victim to use up its system resources
It can saturate the bandwidth of the victim
It works by having attackers send large number of HTTP GET or POST messages to the victim
It is a type of reflector DDoS attack
Solution: It can be configured to cause the victim to use up its system resources
It can saturate the bandwidth of the victim
It works by having attackers send large number of HTTP GET or POST messages to the victim