The firewall device must never be accessible directly from the ____________________
network.
Public
____________________ is a firewall type that keeps track of each network connection
between internal and external systems using a table and that expedites the processing
of those communications.
Stateful packet inspection (SPI)
____________________ firewalls combine the elements of other types of firewalls —
that is, the elements of packet filtering and proxy services, or of packet filtering and
circuit gateways.
Hybrid
The restrictions most commonly implemented in packet-filtering firewalls are based on
__________.
a. IP source and destination address
b. TCP or UDP source and destination port
requests
c. Direction (inbound or outbound)
d. All of the above
Since the bastion host stands as a sole defender on the network perimeter, it is
commonly referred to as the __________ host.
Sacrificial
Which of the following is not a major processing-mode category for firewalls?
Router Passthru
__________ is the protocol for handling TCP traffic through a proxy server.
SOCKS
The ____________________ packet-filtering firewall allows only a particular packet with
a particular source, destination, and port address to enter through the firewall.
Dynamic
A ____________________ mode VPN establishes two perimeter tunnel servers to
encrypt all traffic that will traverse an unsecured network, with the entire client packet is
, encrypted and added as the data portion of a packet addressed from one tunneling
server to another.
Tunnel
Kerberos is based on the principle that the ____________________ knows the secret
keys of all clients and servers on the network.
Key Distribution Center (KDC)
The dominant architecture used to secure network access today is the __________
firewall.
screened subnet
SESAME uses ____________________ key encryption to distribute secret keys.
Public
The primary benefit of a VPN that uses _________ is that an intercepted packet reveals
nothing about the true destination system.
tunnel mode
A(n) ____________________ contains a computer chip that can verify and validate
several pieces of information instead of just a PIN.
smart card
A(n) ____________________ filter is a software filter — technically not a firewall — that
allows administrators to restrict access to content from within a network
Content
__________ filtering requires that the filtering rules governing how the firewall decides
which packets are allowed and which are denied be developed and installed with the
firewall.
Static
The ____________________ Access Controller Access Control System contains a
centralized database, and it validates the user's credentials at this TACACS server.
Terminal
__________ inspection firewalls keep track of each network connection between
internal and external systems.
Stateful
The application firewall is also known as a(n) ____________________ server.
Proxy
__________ and TACACS are systems that authenticate the credentials of users who
are trying to access an organization's network via a dial-up connection.
RADIUS