323. In a domain name system (DNS) environment, who is responsible for the configuration and operation of the name servers?
a. Security administrators
b. System administrators
c. Zone administrators
d. Database administrators
323. c. Zone administrators are also called DNS administrators, and they are responsible for the configuration and operation of the name servers.
324. All the following services and application traffic should always be blocked inbound by a firewall except:
a. RPC
b. NFS
c. FTP
d. SNMP
324. c. File transfer protocol (FTP) should be restricted to specific systems using strong authentication. Services such as remote procedure call (RPC), network file sharing (NFS), and simple network management protocol (SNMP) should always be blocked.
325. Packet-switching networks use which of the following protocol standards?
a. X9.63
b. X9.44
c. X9.17
d. X.25
325. d. X.25 protocol standard is used in packet-switching networks. It operates at the network and data link levels of a communications network.
X9.63 is used for key establishment schemes that employ asymmetric techniques. X9.44 is the transport of symmetric algorithm keys using reversible public key cryptography. X9.17 is used for cryptographic key management, especially for financial institution key management.
326. Countermeasures against Internet Protocol (IP) address spoofing attacks do not include which of the following?
a. Using firewalls
b. Disabling active-content
c. Using smart tokens
d. Using timestamps
326. c. Smart tokens are part of robust authentication techniques to authenticate a user accessing a computer system. IP address spoofing is using various techniques to subvert IP-based access control by masquerading as another system by using their IP address. Countermeasures include (i) using firewalls, (ii) disabling active-content code (e.g., Active-X and JavaScript) from the Web browser, and (iii) using timestamps. Access control lists (ACLs) can also be used to block inbound traffic with source addresses matching the internal addresses of the target network.
327. Which of the following can provide a seamless failover option for firewalls?
a. Heartbeat solution
b. Network switches
c. Back-end system
d. Custom network interface
327. b. Network switches that provide load-balancing and failover capabilities are the newest and most advanced solution currently available. In a failover configuration, these switches monitor the responsiveness of the production firewall and shift all traffic over to a backup firewall if a failure on the production system occurs. The primary advantage to this type of solution is that the switch masquerades both firewalls behind the same media access control (ISO/OSI Layer 2) address. This functionality enables seamless failover; that is, established sessions through the firewall are not impacted by a production system failure.
The heartbeat-based solutions typically involve a backend or custom network interface that exists to notify the backup system in the event of a primary system failure. These systems rely on established, reliable technology to handle failover. The primary drawback with this approach is that established sessions traversing the production firewalls are almost always lost in the transition from production to backup resources. The decision on which failover method to implement is often reduced to cost and the network switch-based failover solution is generally more expensive than a heartbeat-based system.
328. A limitation of point-to-point tunneling Protocol (PPTP) is which of the following?
a. End-to-end secure virtual networks
b. Lack of authentication at end nodes
c. Hiding information in IP packets
d. In-band management
328. b. A limitation of the point-to-point tunneling protocol (PPTP), when compared to secure sockets layer (SSL), is that it does not provide authentication of the endpoints. PPTP is useful in implementing end-to-end secure virtual networks, hiding information in IP packets, and providing in-band management.
329. Which of the following is the most important step to be followed by a firewall administrator when upgrading the firewall system?
a. Analyze and upgrade
b. Evaluate and upgrade
c. Monitor and upgrade
d. Upgrade and test
