Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
1.
|
(1 point) A district wants to reduce the risk of someone guessing a
router’s local admin password. Which router security policy requirement best
addresses this?
a. | Allow any employee to create router
accounts | b. | Disable the firewall to improve speed | c. | Ban local user accounts and require logins through an
approved company authentication server | d. | Enable Telnet for easier
troubleshooting |
|
|
|
2.
|
(1 point) Which item is an example of a minimum configuration standard that could be
included in a router security policy?
a. | Increase the
router’s Wi‑Fi signal range | b. | Allow split tunneling for all VPN
users | c. | Disable encryption on wireless traffic | d. | Disable unnecessary services like
Telnet |
|
|
|
3.
|
(1 point) A company’s router is running a service that no one uses,
and it increases the attack surface. What router security policy control would directly address
this?
a. | Require beacon frames to be
disabled | b. | Disable unnecessary services | c. | Require split tunneling for VPN
users | d. | Require MAC filtering on
switches |
|
|
|
4.
|
(1 point) An organization decides to use a firewall device separate from the router.
Which policy would typically state this requirement?
a. | Router security
policy | c. | Wireless security
policy | b. | Acceptable use policy (AUP) | d. | VPN policy |
|
|
|
5.
|
(1 point) A router admin suggests enabling Telnet because it is quick. Which router
policy statement best explains why that service is often disabled?
a. | Telnet prevents unauthorized access
automatically | b. | Unnecessary services like Telnet increase risk and should be disabled to
reduce attack opportunities | c. | Telnet replaces the need for authentication
servers | d. | Telnet is required for encryption to
work |
|
|
|
6.
|
(1 point) Which router policy control most directly helps ensure only authorized logins
occur across all routers?
a. | Require router logins to use an
approved company authentication server | b. | Allow local user accounts for each router | c. | Disable AES encryption on wireless
networks | d. | Disable port security on all switch
ports |
|
|
|
7.
|
(1 point) A company wants consistent router settings across locations. What is the
primary purpose of a router security policy?
a. | Define how to physically lock server
rooms | b. | Set a minimum configuration standard for routers on the
organization’s network | c. | List employee vacation
procedures | d. | Explain how to analyze log files for
IoCs |
|
|
|
8.
|
(1 point) A company wants to stop unknown devices from plugging into a switch port and
joining the network. Which switch security policy requirement best supports this
goal?
a. | Enable Telnet on all
switches | b. | Require port security to be enabled | c. | Disable MAC filtering | d. | Allow local switch accounts for
guests |
|
|
|
9.
|
(1 point) Which item would most likely be included in a switch security
policy?
a. | Require split tunneling for VPN
connections | b. | Require AES encryption on all wireless
traffic | c. | Disable beacon frames on access points | d. | Use MAC
filtering |
|
|
|
10.
|
(1 point) A student intern asks why the organization bans local user accounts on
switches. Which description best explains the benefit?
a. | Central authentication reduces
unmanaged accounts and helps control who can administer switches | b. | Local accounts improve wireless
encryption | c. | Local accounts prevent phishing attacks | d. | Local accounts are required for port
security |
|
|
|
11.
|
(1 point) A switch security policy sets a minimum configuration standard. Which control
below matches that idea?
a. | All wireless networks must allow
open access | b. | All switch logins must use an approved company authentication
server | c. | All employees must use a privacy screen | d. | All passwords must be written down in a
notebook |
|
|
|
12.
|
(1 point) Which statement best describes what port security helps
mitigate?
a. | A power outage in the
building | b. | Unauthorized devices physically connecting to the network through a switch
port | c. | Users clicking malicious links in email | d. | A flood damaging the server
room |
|
|
|
13.
|
(1 point) An organization wants to allow only known device MAC addresses on certain
switch ports. Which switch policy control supports this?
a. | Disable unnecessary services like
Telnet | b. | Disable beacon frames | c. | Require a prohibition against split
tunneling | d. | Use MAC filtering |
|
|
|
14.
|
(1 point) Which policy would you check to confirm whether port security is required on
switches?
a. | Switch security
policy | c. | Wireless security
policy | b. | Router security policy | d. | VPN policy |
|
|
|
15.
|
(1 point) A company allows remote work but only certain roles may connect to the
internal network using a VPN. Where would this rule be documented?
a. | Router security
policy | c. | VPN
policy | b. | Wireless security policy | d. | Switch security policy |
|
|
|
16.
|
(1 point) A security analyst recommends MFA for employees using VPN. Which policy type
would include this requirement?
a. | VPN
policy | c. | Workstation security
policy | b. | Switch security policy | d. | Router security policy |
|
|
|
17.
|
(1 point) A company wants to prevent split tunneling (dual tunneling) for VPN users.
What is split tunneling in this policy context?
a. | Encrypting Wi‑Fi
traffic with AES | b. | Disabling Telnet on routers | c. | Blocking all VPN traffic until a password is
changed | d. | Allowing a user to access the internet and the internal network at the same
time through different paths |
|
|
|
18.
|
(1 point) Why might an organization prohibit split tunneling for VPN
users?
a. | It makes firewall rules
unnecessary | b. | It disables all authentication requirements | c. | It reduces risk by preventing a device from being
connected to the internet while also connected to the internal
network | d. | It increases speed by sending internal traffic in
plaintext |
|
|
|
19.
|
(1 point) Which option is an example of an authentication requirement that might appear
in a VPN policy?
a. | Public/private key system or
MFA | b. | Installing fencing around the building | c. | MAC filtering on
switches | d. | Disabling beacon frames |
|
|
|
20.
|
(1 point) A new employee tries to use the VPN but their job role is not on the approved
list. Which managerial control would stop this?
a. | A switch policy that disables port
security | b. | A router policy that enables Telnet | c. | A VPN policy that lists which roles are allowed to use VPN
access | d. | A wireless policy that disables
encryption |
|
|
|
21.
|
(1 point) Which statement best describes the purpose of a VPN
policy?
a. | It details minimum security
requirements for employees using a VPN to access the organization’s internal
network | b. | It lists the ports used by DNS and HTTP | c. | It describes malware types and
symptoms | d. | It defines the physical placement of security
cameras |
|
|
|
22.
|
(1 point) A school requires users to authenticate to Wi‑Fi using EAP
connected to an approved authentication server. Which policy would contain this
requirement?
a. | Router security
policy | c. | Switch security
policy | b. | VPN policy | d. | Wireless security policy |
|
|
|
23.
|
(1 point) Which requirement is most directly related to protecting wireless traffic in
transit?
a. | Prohibiting split tunneling for VPN
users | b. | Banning local user accounts on switches | c. | Requiring port security to be
enabled | d. | All wireless traffic must be encrypted using AES encryption with a minimum key
length |
|
|
|
24.
|
(1 point) A company wants to reduce how easy it is for outsiders to find their
Wi‑Fi network name. Which wireless policy requirement matches this
goal?
a. | Beacon frames must be disabled on
wireless access points | b. | Enable Telnet on routers | c. | Allow any device to join without
authentication | d. | Use split tunneling to improve
speed |
|
|
|
25.
|
(1 point) What does it mean when a wireless policy requires EAP connected to an approved
authentication server?
a. | Wi‑Fi access is
open to the public without login | b. | Wi‑Fi traffic is never
encrypted | c. | Wi‑Fi beacons are required to advertise
passwords | d. | Wi‑Fi access requires user authentication through a trusted
system instead of a shared password alone |
|
|
|
26.
|
(1 point) Which wireless security policy control best reduces the risk of attackers
reading captured wireless traffic?
a. | Disable all firewall
devices | b. | Encrypt wireless traffic using AES | c. | Allow local accounts on
routers | d. | Enable unnecessary services like
Telnet |
|
|
|
27.
|
(1 point) A student says, “Our Wi‑Fi is safe
because it has a password.†Which additional wireless policy control would
strengthen security beyond a shared password?
a. | Require users to authenticate
through EAP tied to an approved authentication server | b. | Ban port security on
switches | c. | Allow split tunneling for all users | d. | Disable encryption to reduce
errors |
|
|
|
28.
|
(1 point) Which statement best describes the purpose of a wireless security
policy?
a. | It sets rules for how to configure
server room locks | b. | It provides instructions for installing antivirus
software | c. | It establishes minimum security requirements for wireless networks in an
organization | d. | It outlines the steps for incident response
investigations |
|
|
|
29.
|
(1 point) A network team wants to disable Telnet across all routers and switches. Which
policies would most directly include this kind of requirement?
a. | Router security policy and switch
security policy | b. | Wireless security policy and clean-desk
policy | c. | VPN policy and workstation policy | d. | Camera placement policy and UPS
policy |
|
|
|
30.
|
(1 point) A company wants to require MFA for remote access and also stop split
tunneling. Which policy should be updated?
a. | VPN
policy | c. | Router security
policy | b. | Wireless security policy | d. | Switch security policy |
|
|
|
31.
|
(1 point) An organization wants to reduce risk from unauthorized devices connecting
through wall jacks. Which managerial control best matches this?
a. | A VPN policy listing approved job
roles | b. | A switch security policy requiring port security and MAC
filtering | c. | A wireless policy requiring beacon frames | d. | A router policy requiring a separate firewall
device |
|
|
|
32.
|
(1 point) A security auditor checks that Wi‑Fi uses AES encryption
and EAP authentication. What type of control is this in the context of the
framework?
a. | Physical control documented in a
workstation policy | b. | Corrective control documented in a firewall
ACL | c. | Managerial control documented in a wireless security
policy | d. | Environmental control documented in a UPS
checklist |
|
|
|
33.
|
(1 point) A coffee shop’s Wi‑Fi is easy to find
because the network name appears for anyone nearby. How would disabling beacon frame broadcasting
help reduce risk?
a. | It blocks all internet access for
everyone | b. | It forces every device to use a static IP
address | c. | It automatically encrypts all traffic without a
password | d. | It makes the network harder to discover and learn basic properties about,
reducing casual scanning by adversaries |
|
|
|
34.
|
(1 point) Why might an organization still be at risk even if it hides its SSID by
disabling beacon broadcasts?
a. | Disabling beacons makes WEP more
secure than WPA3 | b. | Hiding the network name reduces discovery but does not replace encryption and
authentication controls | c. | Disabling beacons prevents password cracking
completely | d. | Disabling beacons guarantees no one can intercept wireless
traffic |
|
|
|
35.
|
(1 point) A school disables beacon broadcasting on WAPs. What is the main security
benefit of this control?
a. | It makes it harder for adversaries
to find the wireless network and learn its basic settings | b. | It prevents computers from being infected by
malware | c. | It increases the wireless signal strength to cover more
area | d. | It removes the need for any
passwords |
|
|
|
36.
|
(1 point) An attacker is war-driving to find nearby Wi‑Fi networks.
Which control would most directly slow this reconnaissance step?
a. | Turn on split tunneling for VPN
users | b. | Increase WAP transmit power | c. | Disable beacon frame
broadcasting | d. | Switch from WPA3 to WEP |
|
|
|
37.
|
(1 point) How does disabling beacon broadcasts change an adversary’s
effort to identify a target network?
a. | It encrypts frames even if WEP is
used | b. | It makes the network show up on more devices
automatically | c. | It disables MAC addresses on the network | d. | It reduces passive discovery because the network is not
openly advertising itself to all nearby devices |
|
|
|
38.
|
(1 point) A student says, “If we hide the SSID, our
Wi‑Fi is secure.†Which response best explains why that is
incomplete?
a. | Hiding the SSID can reduce
discovery, but strong encryption and user authentication are still needed to protect data and
access | b. | Hiding the SSID forces attackers to use only wired
connections | c. | Hiding the SSID replaces the need for any firewall
rules | d. | Hiding the SSID prevents all wireless
attacks |
|
|
|
39.
|
(1 point) A hospital’s wireless signal leaks into the parking lot.
How does lowering signal strength help improve security?
a. | It makes WEP stronger by shrinking
coverage | b. | It reduces how far the signal extends, limiting who can attempt to connect or
intercept traffic from outside the building | c. | It removes the need for encryption because fewer people
are nearby | d. | It guarantees no device can connect inside the
building |
|
|
|
40.
|
(1 point) Why is controlling the broadcast direction of a WAP a useful security
control?
a. | It increases the number of beacon
frames to improve performance | b. | It prevents MAC spoofing on switches | c. | It disables all authentication
prompts | d. | It focuses coverage on intended areas and reduces wireless leakage into public
spaces where adversaries can listen |
|
|
|
41.
|
(1 point) A company wants Wi‑Fi only on floors
2–3, not outside or in the lobby. Which control best supports this
goal?
a. | Disable encryption to improve
speed | b. | Switch from WPA3 to WEP for compatibility | c. | Allow any device to join without
authentication | d. | Adjust WAP signal strength and broadcast direction to match the intended
physical space |
|
|
|
42.
|
(1 point) How can wireless signal leakage increase risk even when encryption is
strong?
a. | Signal leakage automatically
disables WPA3 | b. | Strong encryption becomes useless if the signal is
strong | c. | Signal leakage forces devices to stop using MAC
addresses | d. | Adversaries have more opportunity to attempt attacks because they can reach
the signal from outside the secure area |
|
|
|
43.
|
(1 point) A school’s access point is set to maximum power. What is a
likely security downside?
a. | It turns WPA3 into WPS
automatically | b. | It blocks all network authentication
protocols | c. | The network may broadcast beyond the building, giving adversaries more chances
to detect and target it | d. | It prevents students from connecting to
Wi‑Fi |
|
|
|
44.
|
(1 point) Which explanation best connects physical space to wireless
risk?
a. | Wireless signals can extend beyond
walls, so limiting signal coverage reduces who can attempt to intercept or join the
network | b. | Wireless signals only travel through cables, so space does not
matter | c. | Wireless security is only about passwords, not
coverage | d. | Wireless signals cannot be intercepted if SSID is
visible |
|
|
|
45.
|
(1 point) A student captures wireless traffic with a packet sniffer. How does strong
encryption help reduce this risk?
a. | Encryption replaces the need for
passwords | b. | Encryption makes intercepted wireless frames unreadable to unauthorized
observers | c. | Encryption increases signal strength to block
sniffers | d. | Encryption prevents devices from sending any
data |
|
|
|
46.
|
(1 point) Why are WEP and WPS considered insecure choices for wireless
encryption?
a. | They can only be used on wired
networks | b. | They have known vulnerabilities that make them easier for adversaries to
break | c. | They require too many passwords to manage | d. | They block all network traffic by
default |
|
|
|
47.
|
(1 point) An organization uses WEP because it is “older but
reliable.†What is the best security explanation for switching away from
WEP?
a. | WEP is more secure than WPA3 if the
password is long | b. | WEP automatically blocks rogue access points | c. | WEP prevents beacon frames from being
broadcast | d. | WEP has known vulnerabilities, so stronger protocols like WPA3 better protect
data in transit |
|
|
|
48.
|
(1 point) Which wireless protocol listed is currently the strongest
option?
a. | WPS | c. | WEP | b. | Open (no encryption) | d. | WPA3 |
|
|
|
49.
|
(1 point) How does enabling WPA3 instead of WEP change the likelihood of an adversary
reading captured traffic?
a. | It makes encryption unnecessary if
SSID is hidden | b. | It increases the likelihood because WPA3 is
older | c. | It forces all devices to broadcast in
plaintext | d. | It lowers the likelihood because WPA3 provides stronger encryption and is
harder to break |
|
|
|
50.
|
(1 point) Why does wireless encryption matter even on a private network inside a
building?
a. | Encryption only protects against
power outages | b. | Private networks cannot be attacked from
inside | c. | Adversaries can still intercept frames over the air, so encryption protects
data during transmission | d. | Encryption is only needed for email, not
Wi‑Fi |
|
|
|
51.
|
(1 point) A user connects to a Wi‑Fi network that uses WPS. What risk
does the organization increase by allowing WPS?
a. | WPS blocks all encrypted
connections | b. | WPS has known vulnerabilities that can allow unauthorized access to the
network | c. | WPS disables MAC addresses on the router | d. | WPS prevents authentication from
working |
|
|
|
52.
|
(1 point) Which statement best explains what encryption protects in wireless
networking?
a. | It protects the confidentiality of
wireless frames so intercepted data is not readable | b. | It ensures every user has a unique IP
address | c. | It guarantees the access point will never
fail | d. | It automatically detects malware on
devices |
|
|
|
53.
|
(1 point) A company’s guest Wi‑Fi allows anyone to
connect without logging in. How does requiring user authentication improve
security?
a. | It makes WEP as strong as
WPA3 | b. | It disables encryption to reduce overhead | c. | It increases signal strength so users connect
faster | d. | It limits network access to verified users, reducing unauthorized connections
and attacks from inside the network |
|
|
|
54.
|
(1 point) How can MAC filtering increase wireless security?
a. | It guarantees no spoofing is
possible | b. | It can block devices that are not on an approved list from joining the
network | c. | It automatically encrypts traffic without
keys | d. | It disables the need for any
authentication |
|
|
|
55.
|
(1 point) Why is MAC filtering usually considered a helpful but not perfect
control?
a. | MAC addresses can sometimes be
spoofed, so it should be layered with encryption and authentication | b. | MAC filtering replaces the need for
WPA3 | c. | MAC filtering prevents all wireless attacks by
itself | d. | MAC filtering makes beacon frames
stronger |
|
|
|
56.
|
(1 point) A school uses WPA3 but everyone shares the same password. What additional
control would better prevent unauthorized users from joining?
a. | Enable WPS for easier
setup | b. | Increase WAP transmit power | c. | Require network authentication for users to join the
network | d. | Disable encryption to speed up
access |
|
|
|
57.
|
(1 point) An attacker parks outside a building and tries passwords until one works.
Which combination best reduces the attacker’s chance of joining the
network?
a. | WPS plus no
authentication | b. | WEP plus SSID broadcasting | c. | Open Wi‑Fi plus maximum transmit
power | d. | Strong encryption (WPA3) plus user authentication and MAC
filtering |
|
|
|
58.
|
(1 point) How do authentication requirements help defend against attacks launched from
within a network?
a. | They turn off firewall
rules | b. | They prevent power outages from affecting
routers | c. | They reduce who can join the network, lowering the chance an adversary can
gain internal access | d. | They increase the number of beacon frames
sent |
|
|
|
59.
|
(1 point) A company wants to ensure only employee laptops can join the internal
Wi‑Fi. Which control best supports this?
a. | Disable beacon frames and remove
encryption | b. | Enable MAC filtering and require users to authenticate to
join | c. | Increase signal strength to cover the parking
lot | d. | Switch from WPA3 to WEP for
compatibility |
|
|
|
60.
|
(1 point) Which explanation best describes layered wireless
security?
a. | Using only higher signal strength
improves security | b. | Using only SSID hiding is enough to stop all
attacks | c. | Using only MAC filtering guarantees full
protection | d. | Using multiple controls—limiting discovery, reducing
leakage, strong encryption, and authentication—addresses different wireless
risks |
|
|
|
61.
|
(1 point) A network is hidden (no beacons), but it still uses WEP. Which risk is most
likely still high, and why?
a. | Power outages become more likely
because encryption is weak | b. | Rogue switch ports remain the highest risk because WEP controls
switches | c. | Traffic interception remains a high risk because WEP is vulnerable even if the
network is harder to discover | d. | Phishing becomes impossible because SSID is
hidden |
|
|
|
62.
|
(1 point) An auditor finds WPS enabled on the access points. What is the best
explanation for turning it off?
a. | WPS prevents traffic interception by
itself | b. | WPS disables beacon frames automatically | c. | WPS has known vulnerabilities, so disabling it reduces the
chance of unauthorized access | d. | WPS is required for WPA3 to work |
|
|
|
63.
|
(1 point) A small office wants to control which traffic can enter or leave its network.
Which statement best describes what a firewall does?
a. | It permanently encrypts all files
stored on the network | b. | It physically locks the server room doors | c. | It replaces the need for usernames and
passwords | d. | It allows or denies network traffic in or out of a network based on
rules |
|
|
|
64.
|
(1 point) A home router has a built-in firewall feature that can block unwanted inbound
connections. What does this example show about where firewall software can run?
a. | A firewall must always be a separate
physical device | b. | Firewall software can be integrated into another network device, such as a
router | c. | A firewall only runs on end-user laptops | d. | A firewall only works on wireless
networks |
|
|
|
65.
|
(1 point) A school installs a dedicated appliance at the edge of its network that only
runs firewall software. Which option best describes this setup?
a. | A server performing data
backups | b. | A switch using MAC filtering | c. | A password manager for staff
accounts | d. | A standalone device hosting firewall
software |
|
|
|
66.
|
(1 point) A network admin wants to reduce risk quickly without buying new hardware.
Which action best aligns with the idea that a firewall can be integrated into a
router?
a. | Turn off the router and rely on
physical locks only | b. | Disable all network authentication to reduce
complexity | c. | Enable and configure the router’s built-in firewall
features | d. | Replace all Ethernet cables with
fiber |
|
|
|
67.
|
(1 point) Which choice best explains why organizations often place a firewall between
internal networks and the internet?
a. | To guarantee devices never need
software updates | b. | To prevent users from making strong
passwords | c. | To increase the Wi‑Fi signal range outside the
building | d. | To control inbound and outbound traffic and reduce exposure to malicious
connections |
|
|
|
68.
|
(1 point) A firewall blocks traffic based only on the source IP address and destination
port number in each packet. Which type of firewall is this?
a. | Stateful
firewall | c. | Stateless
firewall | b. | Antivirus scanner | d. | Next-generation firewall (NGFW) |
|
|
|
69.
|
(1 point) Why is a stateless firewall often described as filtering based on
“packet headers†?
a. | It uses fields like IP addresses,
ports, and protocols to decide whether to allow traffic | b. | It scans files on the hard drive for
malware | c. | It verifies user identities with biometrics | d. | It reads the entire message content for
keywords |
|
|
|
70.
|
(1 point) A district wants a simple rule: “Block all inbound traffic
to TCP port 23.†Which firewall type is best matched to this header-based
rule?
a. | Stateless
firewall | c. | Physical access
control vestibule | b. | NGFW only | d. | Stateful firewall |
|
|
|
71.
|
(1 point) A network team writes rules to allow DNS (UDP 53) and block Telnet (TCP 23).
Which firewall type is being used if the decision is based on ports and protocols
only?
a. | NGFW with application
filtering | c. | Host-based
firewall | b. | Stateful firewall | d. | Stateless firewall |
|
|
|
72.
|
(1 point) Which limitation is most consistent with a stateless firewall compared to more
advanced firewalls?
a. | It does not track active
connections; it evaluates each packet independently using header
info | b. | It cannot filter by IP address at all | c. | It can only be used on wireless
networks | d. | It requires deep packet inspection to
function |
|
|
|
73.
|
(1 point) A firewall allows a returning response packet because it recognizes it as part
of an already-approved connection. Which firewall type is this?
a. | Stateless
firewall | c. | Stateful
firewall | b. | NGFW | d. | Spam
filter |
|
|
|
74.
|
(1 point) How does a stateful firewall typically provide more control than a stateless
firewall?
a. | It only filters by application name
and ignores ports | b. | It blocks all traffic by default and cannot be
configured | c. | It tracks the state of network connections and can apply connection-related
rules in addition to header filtering | d. | It replaces the need for
encryption |
|
|
|
75.
|
(1 point) A company wants to block unsolicited inbound traffic but still allow responses
to employee web browsing. Which firewall type best matches this need?
a. | A wireless access
point | c. | No firewall is
needed | b. | Stateful firewall | d. | Stateless firewall |
|
|
|
76.
|
(1 point) A school’s firewall rule set is causing legitimate web
browsing to fail because return packets are being blocked. Which firewall feature would most directly
reduce this problem?
a. | Turning off the
router’s IP addressing | b. | Increasing the Wi‑Fi signal
strength | c. | Disabling all filtering by ports | d. | Stateful connection tracking that recognizes return
traffic as part of an established session |
|
|
|
77.
|
(1 point) Which statement best describes “dynamic packet
filtering†in the context of network firewalls?
a. | Filtering that changes MAC addresses
automatically | b. | Filtering that considers active connection state, not just individual packet
headers | c. | Filtering that uses only physical locks and
cameras | d. | Filtering that only occurs on laptops, not
routers |
|
|
|
78.
|
(1 point) Compared to a stateless firewall, why might a stateful firewall better reduce
certain spoofing or scanning attempts?
a. | It automatically patches operating
systems | b. | It disables beacon frames on access points | c. | It can deny packets that do not match a valid, established
connection state | d. | It prevents all malware
downloads |
|
|
|
79.
|
(1 point) A firewall can block traffic because it identifies the application type (for
example, a peer-to-peer file sharing app), not just the port. Which firewall type is
this?
a. | Stateless
firewall | c. | Next-generation
firewall (NGFW) | b. | Stateful firewall | d. | Packet sniffer |
|
|
|
80.
|
(1 point) Why might an organization choose an NGFW over a basic stateful
firewall?
a. | NGFWs require no rules or
configuration | b. | NGFWs only work on small home networks | c. | NGFWs cannot filter by
ports | d. | NGFWs add advanced features like intrusion prevention and deep packet
inspection |
|
|
|
81.
|
(1 point) A firewall examines packet contents to look for known attack patterns and can
stop the traffic automatically. Which feature best matches this description?
a. | Intrusion prevention capabilities
often found in an NGFW | b. | Beacon frame broadcasting | c. | Disk encryption on a
laptop | d. | MAC filtering on a switch |
|
|
|
82.
|
(1 point) A company wants to prevent employees from using unauthorized messaging apps
even if the apps use common ports like 443. Which firewall type would best support this
mitigation?
a. | No firewall, only strong
passwords | b. | NGFW with application-type filtering | c. | A physical door lock | d. | Stateless firewall using only port
rules |
|
|
|
83.
|
(1 point) Which option best describes deep packet inspection (DPI) in the context of
firewalls?
a. | Only checking the MAC address of a
device | b. | Inspecting packet contents beyond basic headers to make more informed
allow/deny decisions | c. | Only checking the Wi‑Fi network
name | d. | Only checking physical security
cameras |
|
|
|
84.
|
(1 point) A district wants one firewall to provide stateful filtering plus intrusion
prevention alerts. Which type best matches that combination?
a. | DNS
server | c. | Stateless
firewall | b. | Unmanaged switch | d. | Next-generation firewall (NGFW) |
|
|
|
85.
|
(1 point) Which firewall type is most likely to help stop a known exploit that is hidden
inside allowed web traffic?
a. | NGFW using deep packet inspection
and intrusion prevention features | b. | A password policy | c. | Stateless firewall using only IP address
rules | d. | A clean-desk policy |
|
|
|
86.
|
(1 point) A firewall rule says, “Allow inbound TCP 80 from any
source.†Which firewall type could enforce this rule using only header
information?
a. | NGFW
only | c. | A camera
system | b. | Stateless firewall | d. | A UPS device |
|
|
|
87.
|
(1 point) Which pairing correctly matches firewall type to how it makes
decisions?
a. | Stateless: uses application type
only | b. | NGFW: uses only MAC addresses | c. | Stateful: uses headers plus connection
state | d. | All firewalls: ignore ports and
protocols |
|
|
|
88.
|
(1 point) Which firewall type combines typical stateless and stateful capabilities and
adds application filtering?
a. | Stateful firewall
only | c. | Next-generation firewall
(NGFW) | b. | Stateless firewall | d. | VPN concentrator |
|
|
|
89.
|
(1 point) Which statement is true about network-based firewall software according to the
framework?
a. | It only blocks physical
intruders | b. | It must be installed on every printer to
work | c. | It can run on a standalone device or be integrated into another device like a
router | d. | It only manages file permissions on hard
drives |
|
|
|
90.
|
(1 point) A team wants a firewall that can allow return traffic for approved connections
while blocking random inbound packets. What type should they implement?
a. | Only an IDS without any
firewall | b. | Stateful firewall | c. | No firewall is needed if SSID is hidden | d. | Stateless
firewall |
|
|
|
91.
|
(1 point) Which information would a stateless firewall most likely use to make a
decision?
a. | CPU temperature
readings | b. | Source IP address, destination port, and
protocol | c. | User’s fingerprint scan | d. | Hard drive serial
number |
|
|
|
92.
|
(1 point) A security analyst wants to see which application generated suspicious
traffic, even when ports are shared. Which firewall type best supports that
visibility?
a. | Cable
modem | b. | Stateless firewall | c. | NGFW | d. | Stateful firewall without advanced
features |
|
|
|
93.
|
(1 point) A small company wants a low-complexity control to block known risky ports at
the network boundary. Which type is most appropriate to implement first?
a. | A database access control
list | c. | NGFW with DPI and IPS
only | b. | Stateless firewall | d. | A phishing simulation program |
|
|
|
94.
|
(1 point) Which feature is most unique to NGFW compared with basic stateless/stateful
firewalls in this framework?
a. | Allowing or denying
traffic | c. | Filtering by
application type | b. | Using ports in rules | d. | Using IP addresses in rules |
|
|
|
95.
|
(1 point) Why would a stateful firewall generally be better for controlling content
allowed in and out of a network than a stateless firewall?
a. | It can only run on end-user
devices | b. | It removes the need for any encryption | c. | It can apply rules based on connection state in addition
to header filtering, offering more control | d. | It can only allow traffic, not deny
it |
|