243. c. The basic simple network management protocol (SNMP) should be switched to SNMP version 3 (SNMPv3) because the latter provides strong security feature enhancements to basic SNMP, including encryption and message authentication and therefore should be used. The earlier versions of SNMP, SNMPv1, and SNMPv2 should not be used because they are fundamentally insecure because they support only trivial authentication based on default plaintext community strings. SNMP version 3 handles all the security problems listed in the question. The other three choices mostly solve the password-related security problem after the protocol switch is made but do not solve all the other security problems listed. That is, Telnet should be switched to secure shell (SSH), HTTP should be switched to HTTPS using TLS, and FTP should be switched to secure FTP (SFTP).
244. A stronger barrier control around insecure application software is which of the following?
a. Firewalls
b. Intrusion detection systems
c. Virus checkers
d. Operating system’s security features
244. d. Application software often contains numerous vulnerabilities. Many security systems (e.g., firewalls, intrusion detection systems, and virus checkers) attempt to protect these insecure applications by monitoring and filtering the application’s interactions with users. Ultimately, however, these barrier techniques are inadequate because users must be allowed to interface directly with the vulnerable applications software. The best defense is to install ever-stronger barriers around the applications software. The operating system is the best place for such a barrier.
245. Which of the following is an example of a boundary access control?
a. Gateway
b. Bridge
c. Modem
d. Firewall
245. d. Firewalls monitor network traffic that enters and leaves a network. A firewall controls broad access to all networks and resources that lie “inside” it. By limiting access to host systems and services, firewalls provide a necessary line of perimeter defense against attack; that is, they form a boundary control.
A gateway is incorrect because it is an interface between two networks. A bridge is incorrect because it is a device used to link two or more homogeneous local-area networks (LANs). A modem is incorrect because it is a device that converts analog signals to digital signals and vice versa. The devices mentioned in the three incorrect choices do not have the ability to perform as a boundary access control.
246. Which of the following is used for high-speed remote access with virtual private networks (VPNs)?
a. Calling cards with ISDN
b. Cable modems with ADSL
c. Modem pools with ADSL
d. Toll-free lines with ISDN
246. b. Modem pools, calling cards, and toll-free arrangements can be an expensive alternative to cable modems and asymmetric digital subscriber line (ADSL). An ISDN line is limited to 128 bits and is slow. Cable modems and ADSL technologies take advantage of the Internet and IPsec functioning at the network layer. These technologies provide high-speed remote access.
247. Which of the following is suitable for a low-risk computing environment?
a. Static packet filter firewall
b. Hybrid gateway firewall
c. Stateful inspection gateway firewall
d. Dynamic packet firewall
247. a. The static packet filter firewall offers minimum-security provisions suitable for a low-risk computing environment. The hybrid gateway firewall is good for medium- to high-risk computing environment. Both stateful and dynamic packet firewalls are appropriate for high-risk computing environments.
248. The Internet Protocol security (IPsec) is usually implemented in which of the following?
a. Bridge
b. Gateway
c. Firewall
d. Backbone
248. c. Usually, Internet Protocol security (IPsec) is implemented on a firewall for VPNs. The IPsec in tunnel mode, not in transport mode, encrypts and encapsulates IP packets, so outsiders cannot observe the true source and destinations. VPNs enable a trusted network to communicate with another network over untrusted networks such as the Internet. A policy is needed for use of firewalls with VPNs. Any connection between firewalls over public networks should use encrypted VPNs to ensure the privacy and integrity of the data passing over the public network. Bridges, gateways, and backbones do not have the access control mechanism as the firewall.
249. Which of the following is an example of connectionless data communications?
a. X.25
b. TCP
