Chapter 13: Network Security and Protective Technologies (Set-8)
When creating firewall rules for a new server, the safest starting approach is
A Allow all first
B Disable firewall
C Deny all first
D Open random ports
Starting with “deny all” blocks unknown services by default. Then you add only required ports and IPs. This reduces exposure, prevents accidental open access, and follows least privilege from the beginning.
A firewall rule using “ANY-ANY” source/destination is risky because it
A Over-permits traffic
B Improves latency
C Reduces CPU use
D Encrypts sessions
ANY-ANY rules allow traffic from any source to any destination, often widening access too much. They increase attack surface and make audits difficult, so they should be avoided or tightly limited.
A stateful firewall can block many unsolicited packets because it
A Removes malware files
B Replaces antivirus tools
C Disables TCP traffic
D Uses connection tracking
Connection tracking lets stateful firewalls know which packets belong to valid sessions. Packets that do not match an established or expected state are blocked, reducing many scan and spoof attempts.
A proxy firewall may break some apps because it
A Increases RAM size
B Fixes IP conflicts
C Changes protocol flow
D Speeds DNS queries
Proxies terminate and re-create connections, which can affect applications that require direct end-to-end connections. Some protocols do not work well through proxies unless special handling is configured.
Placing a database server in DMZ is usually
A Always required
B Not recommended
C Same as VPN
D Faster for queries
Databases hold sensitive data and should usually stay in internal protected networks. DMZ is for public-facing services. If a DMZ host is compromised, internal databases would be at greater risk.
A common “defense-in-depth” setup uses firewall plus
A Screen recorder
B Disk defragmenter
C IDS or IPS
D Printer driver
Firewalls control access, while IDS/IPS detects or blocks malicious patterns that may pass through allowed ports. Using both provides layered protection and improves detection and response capability.
IDS false positives can be reduced by
A Tuning rules
B Disabling updates
C Removing all logs
D Allowing all traffic
IDS signatures and thresholds must be tuned to match normal network behavior. Whitelisting trusted systems, adjusting thresholds, and removing noisy rules reduces false alerts while keeping useful detection.
IPS can cause business disruption if
A Has extra storage
B Logs are enabled
C Uses VLAN tagging
D Blocks legitimate traffic
IPS may block valid connections if signatures are too strict. Careful tuning, testing, and staged deployment reduce disruption. Monitoring mode is often used first before enabling full blocking.
A DMZ-to-LAN rule should be
A Open and wide
B Same as inbound
C Minimal and specific
D Always disabled
DMZ systems are more exposed, so DMZ-to-LAN access should be very limited. Only necessary ports and specific destinations should be allowed to reduce risk if a DMZ server is compromised.
Firewall rule reviews are important to remove
A Unused rules
B Keyboard shortcuts
C Screen settings
D Wi-Fi passwords
Old rules may remain after projects end, leaving open ports and access. Regular reviews remove unused rules, reduce complexity, and improve security by preventing forgotten exceptions from becoming vulnerabilities.
In encryption, the “key” is used to
A Increase storage
B Repair files
C Transform data
D Delete malware
Encryption uses algorithms and keys to convert plaintext into ciphertext. Without the correct key, decryption is not possible. Key strength and protection are essential for maintaining confidentiality.
Symmetric encryption key sharing is difficult because
A No key is needed
B Key must stay secret
C It is always public
D It changes screen color
Both sides must have the same secret key, but sending it over insecure networks can expose it. Secure exchange methods like TLS key exchange or secure channels solve this problem.
Asymmetric encryption supports secure email by using
A Public key sharing
B No keys at all
C Only fast hashing
D Disk partitioning
With asymmetric cryptography, recipients can share public keys openly. Senders encrypt messages using that public key, and only the matching private key holder can decrypt, improving confidentiality.
A certificate chain is needed because it
A Speeds file transfer
B Removes encryption
C Blocks VPN traffic
D Builds trust path
Browsers trust certificates when they can validate a chain from the site certificate up to a trusted root CA. This trust path confirms identity and reduces risk of connecting to fake servers.
TLS protects against packet sniffing because it
A Blocks all ports
B Deletes log files
C Encrypts data stream
D Changes MAC address
Packet sniffers can capture network traffic, but TLS encrypts the contents. Even if traffic is captured, attackers cannot easily read it without keys, protecting credentials and sensitive data.
Hashing is commonly used to
A Verify integrity
B Hide VPN IP
C Replace encryption
D Increase bandwidth
Hashing creates a digest used to detect any change in a file or message. It does not provide confidentiality, but it is critical for integrity checks, passwords, and digital signatures.
Digital signatures are mainly used for
A Increasing Wi-Fi range
B Faster printing
C Proving sender authenticity
D Creating backups
Digital signatures confirm who signed the data and that it was not changed. Verification with the signer’s public key provides authenticity and integrity, which is important for secure documents and communications.
A VPN is most useful when you need
A Bigger monitor size
B Secure remote access
C Faster hard disk
D More printer ink
VPN provides encrypted connectivity over the internet for remote users and offices. It secures traffic on untrusted networks and allows safe access to internal systems without exposing them directly.
VPN tunneling provides security mainly by
A Faster mouse speed
B Stronger Wi-Fi signal
C More RAM available
D Encapsulation and encryption
VPN tunneling encapsulates traffic inside another protocol and encrypts it. This prevents attackers on public networks from reading or modifying the data, improving privacy and security.
Split tunneling is avoided in high-security settings because
A VPN becomes faster
B Logs become bigger
C Some traffic bypasses
D Wi-Fi becomes stronger
With split tunneling, some traffic goes outside the VPN tunnel. Sensitive traffic may leak and security monitoring may miss it. High-security environments often force all traffic through the VPN.
VPN does not fully guarantee anonymity because
A Tracking still possible
B DNS never leaks
C Cookies are removed
D Malware is blocked
Even with a VPN, websites can track users using cookies, browser fingerprints, and account logins. VPN hides IP from sites, but it cannot remove all tracking methods.
SIEM helps by collecting and then
A Formatting disks
B Printing invoices
C Correlating events
D Replacing antivirus
SIEM gathers logs from multiple systems and correlates them to detect suspicious patterns. This helps identify multi-step attacks that may not be visible when logs are checked separately.
Good log monitoring requires
A Time synchronization
B Lower screen brightness
C More keyboard keys
D No firewall rules
If device clocks differ, logs cannot be correlated accurately. Time synchronization (often via NTP) ensures timestamps match across systems, helping investigators build correct timelines during incidents.
A packet sniffer is best controlled by
A Public access
B Guest login
C Restricted permissions
D Open Wi-Fi
Packet sniffers can capture sensitive information. Limiting access, monitoring usage, and using secure networks prevents misuse. Only authorized staff should run sniffers for troubleshooting or security analysis.
Vulnerability scans should be repeated after
A Wallpaper change
B Printer cleaning
C Screen calibration
D Patching changes
After patching or configuration fixes, rescanning confirms vulnerabilities are resolved and no new issues appeared. This verification step improves accuracy and prevents false confidence in security posture.
Patch management should include
A Sharing passwords
B Update testing
C Disabling backups
D Removing logs
Testing patches before wide rollout reduces outages and compatibility issues. After testing, patches should be deployed, verified, and tracked to ensure critical security fixes are applied consistently.
Access control lists are used to
A Increase RAM speed
B Change screen size
C Limit network access
D Create passwords
ACLs define which users, devices, or IPs can access specific resources. They support least privilege by limiting communication paths, especially between segments like user VLANs and server networks.
Authentication is best improved by using
A MFA methods
B Default passwords
C Shared accounts
D Open admin access
MFA reduces account compromise by requiring a second factor beyond a password. It protects against stolen passwords and improves security for email, VPN, admin panels, and remote access.
Authorization problems often result in
A Faster internet
B Smaller backups
C Excess permissions
D Better encryption
If authorization is too broad, users may access data they should not. Excess permissions increase risk of misuse and damage during compromise, so role-based access and reviews are important.
Auditing helps detect
A Screen scratches
B Printer jams
C Cable faults
D Policy violations
Auditing reviews logs and access records to find suspicious actions and policy violations. It supports compliance and provides evidence for investigations by showing who accessed what and when.
Full backups are often scheduled weekly because they
A Need no storage
B Take longer time
C Are always small
D Never encrypt data
Full backups copy all selected data, so they require more time and storage. Many organizations run full backups less frequently and use incremental or differential backups on other days.
Incremental backups are smaller because they store
A Entire data copy
B Only system files
C Only daily changes
D Only old backups
Incremental backups record only changes since the last backup, making them fast and space-saving. However, restoration can be slower because multiple incremental sets may be needed.
Differential backups simplify restore because they require
A Full plus latest
B Latest only
C Incrementals only
D No full backup
To restore, you typically need the last full backup and the latest differential. This is simpler than incremental chains, though differential backups grow larger over time.
The 3-2-1 rule reduces ransomware risk by
A Only cloud sync
B Sharing backups public
C Having offline copy
D Disabling encryption
Keeping one backup copy offsite or offline prevents ransomware from reaching all backups. Combined with multiple copies and different media types, it improves recovery chances after attacks.
Backup retention decides
A Screen resolution
B VPN protocol used
C Port numbers used
D How long stored
Retention policies define how many versions and how long backups are kept. This supports recovery of older files, compliance needs, and storage planning while preventing endless storage growth.
Backup verification should include
A Only renaming files
B Disabling schedules
C Test restores
D Deleting older sets
Real test restores confirm that backups are complete and usable. Integrity checks alone may miss missing files or permission issues, so periodic restore testing is essential for reliable recovery.
Disaster recovery requires knowing your
A Screen size
B RTO and RPO
C Printer speed
D Mouse DPI
RTO defines acceptable downtime and RPO defines acceptable data loss. These targets guide backup frequency, replication methods, and recovery strategies to meet business needs during disasters.
Segmentation plus ACLs helps by
A Increasing storage capacity
B Improving monitor color
C Restricting lateral movement
D Speeding keyboard input
Segmentation separates networks, and ACLs enforce what can cross between them. This limits attacker movement and reduces the chance that a compromise in one zone reaches critical systems.
VLAN misconfiguration can cause
A Unwanted access
B Faster internet speed
C Better backup retention
D Stronger TLS
Misconfigured VLANs or trunks can allow traffic between segments that should be isolated. Proper switch configuration, trunk restrictions, and ACLs are required to maintain strong segmentation security.
Secure DNS is important because DNS can be
A Faster than HTTPS
B Used for printing
C Stored in RAM only
D Spoofed or poisoned
DNS attacks can redirect users to malicious websites. Using trusted resolvers and secure DNS methods reduces the chance of receiving fake DNS responses and improves browsing safety.
Enforcing HTTPS helps protect against
A Screen flicker
B Printer noise
C Data interception
D Keyboard lag
HTTPS uses TLS to encrypt web traffic, protecting credentials and session cookies from sniffing. It also ensures integrity, reducing the risk of traffic modification in transit.
Endpoint security is layered because it includes
A AV, patching, firewall
B Only screen lock
C Only VPN tunnel
D Only backups
Endpoint security requires multiple controls: antivirus/EDR detects malware, patching closes vulnerabilities, and local firewalls control connections. Together they reduce infections and limit damage if compromise occurs.
Device encryption supports compliance by protecting
A Internet download speed
B Stored sensitive data
C Printer settings
D Keyboard shortcuts
Encryption protects stored files on laptops and mobiles. It reduces exposure when devices are lost or stolen, which helps meet privacy requirements and lowers data breach impact.
Secure remote desktop should also enable
A Public port forwarding
B Default username
C Account lockout
D No activity logs
Lockout limits repeated failed logins, reducing brute-force attacks. Combined with VPN, MFA, strong passwords, and logging, it helps protect remote desktop services from common internet attacks.
A clear security policy should include
A Wallpaper color rules
B Printer ink limits
C Monitor refresh settings
D Incident reporting steps
Policies should guide users on how to report suspicious emails, malware, or data loss quickly. Clear steps speed response, reduce confusion, and ensure incidents are handled consistently.
Incident containment example is
A Share admin password
B Delete all backups
C Isolate affected device
D Disable all logs
Containment aims to stop spread by isolating infected devices, blocking malicious traffic, or disabling compromised accounts. Fast containment reduces damage and buys time for investigation and removal.
Eradication step mainly means
A Remove root cause
B Increase Wi-Fi range
C Create new VLAN
D Print log reports
Eradication removes malware and the weakness that allowed it, such as unpatched software or stolen credentials. Without eradication, attackers may return even after systems appear normal.
Recovery step mainly includes
A Disable patches
B Open all firewall
C Restore clean systems
D Share private keys
Recovery restores systems safely using verified backups and patched configurations. After recovery, monitoring continues to ensure no reinfection occurs and normal operations resume securely.
Lessons learned helps by
A Reducing encryption
B Disabling SIEM alerts
C Removing all logs
D Improving future response
Post-incident review documents what happened, what worked, and what failed. It improves policies, controls, training, and detection so similar incidents are prevented or handled faster next time.
A common reason for security alerts is
A Bigger monitor size
B Lower printer speed
C Misconfigured rules
D Extra mouse buttons
Incorrect firewall, IPS, or access control settings can trigger alerts or expose services. Regular reviews, testing, and change control reduce misconfigurations and improve security stability and reliability.