AID 413 Data Security

Tutorial 11

Mcq

1. What is the primary purpose of a firewall?

a. Monitor and control network traffic
b. Store sensitive data
c. Encrypt all communication
d. Provide physical security to servers
Explanation: Firewalls are designed to monitor and control incoming and
outgoing network traffic based on predefined security rules.
2. Which layer does a packet-filtering firewall operate on?
a. Application Layer
b. Network Layer
c. Data Link Layer
d. Transport Layer
Explanation: Packet-filtering firewalls operate at the network layer (Layer 3) and
focus on IP addresses, ports, and protocols.
3. What feature is unique to a Next-Generation Firewall (NGFW)?
a. Deep packet inspection
b. Basic traffic monitoring
c. Circuit-level filtering
d. Physical access control
Explanation: NGFWs go beyond traditional firewalls by offering deep packet
inspection and advanced threat protection.
4. Which of the following is not an advantage of an Intrusion Detection System
(IDS)?
a. Tracks intrusions in real-time
b. Blocks malicious packets
c. Provides logs for forensic analysis
d. Offers continuous monitoring
Explanation: IDS is designed for detection, not prevention, which is a function
of an Intrusion Prevention System (IPS).
5. What does a proxy server primarily do?
a. Monitors real-time attacks
b. Acts as an intermediary for client requests
c. Encrypts all outgoing traffic
d. Blocks unauthorized access
Explanation: A proxy server acts as a gateway between the client and the
internet, improving privacy and security.
6. What is a key feature of Intrusion Prevention Systems (IPS) compared to IDS?
a. Detects anomalies
b. Blocks malicious packets
c. Provides log data
d. Monitors network traffic
Explanation: IPS not only detects but also prevents attacks by actively blocking
malicious traffic.
7. Which type of VPN allows remote workers to connect to a private network over
the internet securely?
a. Site-to-Site VPN
b. SSL VPN
c. Remote Access VPN
d. Encrypted Tunnel VPN
Explanation: Remote Access VPNs are specifically designed for individuals to
access private networks over the internet securely.
8. What is an advantage of using a honeypot?
a. Encrypts all network traffic
b. Attracts attackers to monitor their behavior
c. Blocks all unauthorized access
d. Prevents insider threats
Explanation: Honeypots are decoy systems used to attract attackers and study
their techniques.
9. Which of the following is a feature of Unified Threat Management (UTM)
appliances?
a. Packet filtering only
b. Basic routing protocols
c. Consolidation of multiple security features
d. Application-level inspection only
Explanation: UTM appliances integrate various security functionalities, such as
firewalls, intrusion detection, and content filtering.
10. What is deep packet inspection (DPI)?
a. Analyzing only the headers of data packets
b. Examining the content of data packets for threats
c. Filtering traffic based on IP addresses
d. Monitoring physical network connections
Explanation: DPI examines the actual content within packets to detect malicious
activities or unauthorized data.
11. Which type of firewall tracks the state of active connections?
a. Packet-filtering firewall
b. Stateless firewall
c. Stateful inspection firewall
d. Proxy firewall
Explanation: Stateful inspection firewalls analyze the state of active connections to
determine which packets to allow.
12. What is a primary benefit of using Internet content filters?
a. Enhances internal server performance
b. Blocks access to unauthorized websites
c. Encrypts web traffic
d. Monitors real-time data flow
Explanation: Internet content filters restrict access to specific websites or types of
content, improving security and compliance.
13. Which VPN type connects entire networks securely over the internet?
a. Remote Access VPN
b. SSL VPN
c. Site-to-Site VPN
d. Direct Connection VPN
Explanation: Site-to-Site VPNs securely connect multiple networks, such as
branch offices, over the internet.
14. Which firewall is best suited for inspecting application-specific data?
a. Stateful inspection firewall
b. Packet-filtering firewall
c. Proxy firewall
d. Circuit-level gateway
Explanation: Proxy firewalls operate at the application layer (Layer 7) and inspect
application-specific data.
15. What does user authorization determine in access control?
a. User identity
b. What actions a user is permitted to perform
c. How a user accesses the system
d. User activity logs
Explanation: Authorization defines the actions a user can perform based on their
credentials and role.
Essay

1. How does a firewall work?

2. Mention types of firewall and explain them

• Packet-Filtering Firewall
Monitors and controls network traffic based on predefined rules for
source/destination IP addresses, ports, and protocols. Operates at the network
layer (Layer 3).
• Stateful Inspection Firewall
Tracks the state of active connections and determines which packets to allow
through by analyzing the entire packet flow. Operates at multiple OSI layers.
• Proxy Firewall (Application-Level Gateway)
Acts as an intermediary between the client and server, filtering traffic at the
application layer (Layer 7). It inspects application-specific data.
• Next-Generation Firewall (NGFW)
Combines traditional firewall functions with advanced features like intrusion
prevention, deep packet inspection, and application control. Operates across
multiple OSI layers.

3. Mention key features of Next-Generation Firewalls (NGFWs)

a. Deep Packet Inspection (DPI): Examines the content of data packets to
identify and block malicious activity.
b. Intrusion Prevention System (IPS): Detects and prevents network-based
attacks in real-time.
c. Application Awareness and Control: Identifies and manages specific
applications, regardless of the port or protocol used.
d. Advanced Threat Protection (ATP): Protects against malware, ransomware,
and zero-day attacks through integration with threat intelligence services.
e. Encrypted Traffic Inspection: Analyzes SSL/TLS traffic for threats without
compromising security.
 f. Centralized Management: Provides a unified interface for monitoring,
configuration, and reporting.

4. Compare between IDS and IPS

5. What is advantages of IPS over IDS
• Unlike an IDS, the IPS systems can block as well as drop illegal packets in the
network.
• An IPS can be used to monitor activities occurring in a single organization.
• An IPS prevents the occurrence of direct attacks in the network by controlling
the amount of network traffic.

6. Mention different security zones and explain Demilitarized zones

a. Demilitarized Zones
b. Using network address translation to create zones

Computer sub network is placed between the organization’s private network,

such as LAN and outside such as internet and acts as additional security layer

7. Compare between different types of VPNs

a. Remote Access VPN
i. Purpose: Allows individual users to securely connect to a private
network over the internet.
ii. Use Cases: Remote workers accessing company resources, students
connecting to a university network.
b. Site-to-Site VPN
i. Purpose: Connects entire networks (e.g., two or more office
locations) over the internet securely.
ii. Use Cases: Businesses with multiple branch offices requiring
seamless communication between networks.
c. SSL VPN
i. Purpose: Provides secure access to specific applications and
resources via a web browser.
ii. Use Cases: Employees accessing internal systems without installing
VPN clients.

8. Mention advantages and disadvantages of UTM