Chapter 06 Security Technology Access Controls Firewalls and VPNs TRUEFALSE 1. Discretionary access control is an approach whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users. (A) True (B) False Answer : (B) 2. Lattice-based access control is a form of access control in which users are assigned a matrix of authorizations for particular areas of access. (A) True (B) False Answer : (A) 3. Task-based controls are associated with the assigned role a user performs in an organization, such as a position or temporary assignment like project manager. (A) True (B) False Answer : (B) 4. Authentication is the process of validating and verifying an unauthenticated entity's purported identity. (A) True (B) False Answer : (A) 5. Accountability is the matching of an authenticated entity to a list of information assets and corresponding access levels. (A) True (B) False
Answer : (B) 6. Firewalls can be categorized by processing mode, development era, or structure. (A) True (B) False Answer : (A) 7. A firewall cannot be deployed as a separate network containing a number of supporting devices. (A) True (B) False Answer : (B) 8. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall's database or violations of those rules. (A) True (B) False Answer : (A) 9. The ability of a router to restrict traffic to a specific service is an advanced capability and not considered a standard feature for most routers. (A) True (B) False Answer : (B) 10. The application layer proxy firewall is capable of functioning both as a firewall and an application layer proxy server. (A) True (B) False Answer : (A) 11. Using an application firewall means the associated Web server must be exposed to a higher level of risk by placing it in the DMZ.
(A) True (B) False Answer : (B) 12. All organizations with a router at the boundary between the organization's internal networks and the external service provider will experience improved network performance due to the complexity of the ACLs used to filter the packets. (A) True (B) False Answer : (B) 13. The DMZ can be a dedicated port on the firewall device linking a single bastion host. (A) True (B) False Answer : (A) 14. The screened subnet protects the DMZ systems and information from outside threats by providing a network with intermediate security, which means the network is less secure than the general-public networks but more secure than the internal network. (A) True (B) False Answer : (B) 15. An extranet is a segment of the DMZ where no authentication and authorization controls are put into place. (A) True (B) False Answer : (B) 16. Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of configuration rules.
You've reached the end of your free preview.
Want to read all 20 pages?
- Summer '17
- IP address, Denial-of-service attack, Computer network security , Technology Chapter