Chapter 13: Network Security and Protective Technologies (Set-1)
A firewall mainly helps a network by
A Increasing internet speed
B Repairing hard disks
C Blocking unwanted traffic
D Creating user accounts
A firewall checks incoming and outgoing network traffic using rules. It allows trusted connections and blocks suspicious or unauthorized traffic, helping reduce attacks and unauthorized access to systems.
A packet-filtering firewall makes decisions using
A User keyboard input
B File names only
C Screen resolution
D Packet header fields
Packet-filtering firewalls check basic header details like source IP, destination IP, port number, and protocol. They do not inspect full session state or deep application content.
A stateful firewall is different because it
A Tracks active sessions
B Ignores all ports
C Works only offline
D Encrypts all data
Stateful firewalls remember connection states (like established TCP sessions). They allow return traffic for valid connections and block unexpected packets, giving stronger protection than simple packet filtering.
A proxy firewall typically works at
A Physical layer only
B Data link layer
C Application layer
D Power supply level
Proxy firewalls act as intermediaries between clients and servers. They can inspect application data like HTTP requests, hide internal addresses, and enforce more detailed security policies.
A hardware firewall is commonly used as
A Mobile app feature
B Router-based security device
C Printer driver
D Spreadsheet tool
Hardware firewalls are dedicated appliances often placed at the network edge. They protect multiple devices, handle high traffic, and are commonly integrated with routers or security gateways.
A software firewall is installed on
A Network cables
B Power adapters
C Monitor screens
D Individual devices
Software firewalls run on a PC or server and control traffic for that machine. They are useful for endpoint protection, especially when devices move between different networks.
Inbound firewall rules mainly control
A Outgoing web browsing
B Keyboard shortcuts
C Incoming connections
D File compression
Inbound rules decide which external requests can reach internal devices. They help block unauthorized remote access attempts while allowing required services like web servers when needed.
Outbound firewall rules mainly control
A Leaving network traffic
B Incoming VPN tunnels
C Screen brightness
D Wi-Fi password reset
Outbound rules restrict which apps or services can send data out. This helps prevent malware from contacting control servers and reduces data leakage from infected systems.
A “port” in networking refers to
A Hard disk slot
B Keyboard connector
C RAM section
D Logical service number
Ports identify specific services on a device, like HTTP on 80 or HTTPS on 443. Firewalls often allow or block traffic based on port numbers to control access.
A DMZ is best described as
A Private home folder
B Antivirus update file
C Isolated network zone
D Wireless password type
A DMZ (demilitarized zone) is a separate network segment for public-facing servers. It reduces risk by preventing direct access from the internet to the internal private network.
Firewall “logging” is useful because it
A Increases RAM size
B Records traffic events
C Changes IP address
D Formats hard drives
Logs store details of allowed and blocked connections, source IPs, ports, and rule matches. This helps in troubleshooting, detecting attacks, and supporting audits and incident investigations.
IDS stands for
A Internet Data System
B Internal DNS Service
C Intrusion Detection System
D Input Device Security
An IDS monitors network or host activity to detect suspicious behavior. It usually alerts administrators but does not automatically block traffic unless combined with prevention features.
IPS mainly differs from IDS because it
A Cannot detect attacks
B Works without network
C Deletes all logs
D Actively blocks threats
An IPS (Intrusion Prevention System) can detect and automatically stop malicious traffic in real time, such as dropping packets or blocking IPs, reducing the impact of attacks.
Encryption is the process of
A Converting to ciphertext
B Making files larger
C Removing passwords
D Copying data faster
Encryption converts readable plaintext into unreadable ciphertext using an algorithm and key. Only someone with the correct key can decrypt it back to the original readable form.
Decryption converts
A Files to folders
B Images to videos
C Ciphertext to plaintext
D Password to username
Decryption is the reverse of encryption. It uses the correct key to restore ciphertext into original plaintext, enabling authorized users to read the protected information.
“Plaintext” means
A Encrypted message
B Readable original data
C Random noise data
D Broken file format
Plaintext is data in its normal readable form before encryption. After encryption, it becomes ciphertext, which appears unreadable until decrypted with the correct key.
“Ciphertext” means
A Public IP address
B Backup file name
C Router firmware version
D Encrypted unreadable data
Ciphertext is the encrypted output created from plaintext. It is designed to be unreadable without the correct decryption key, protecting data during storage and transmission.
Symmetric-key encryption uses
A Two different keys
B No key required
C One shared key
D Only public key
Symmetric encryption uses the same secret key for encryption and decryption. It is fast for large data, but the key must be shared securely to avoid interception.
Asymmetric encryption uses
A Public and private keys
B Single shared key
C Only password text
D No encryption algorithm
Asymmetric encryption uses a key pair: a public key to encrypt and a private key to decrypt (or vice versa for signatures). It helps secure key exchange and identity verification.
A public key is typically
A Kept secret always
B Stored only offline
C Same as private key
D Shared with others
Public keys are meant to be shared so others can encrypt data for you or verify your signatures. The corresponding private key must remain secret to maintain security.
A private key should be
A Posted on website
B Shared to speed login
C Kept confidential
D Printed on router label
Private keys must be protected because they can decrypt sensitive data or create valid digital signatures. If a private key is leaked, attackers may impersonate the owner.
SSL/TLS is mainly used for
A Faster printing
B Secure web communication
C File deletion
D Disk partitioning
SSL/TLS provides encryption and integrity for data in transit, like HTTPS websites. It prevents eavesdropping and tampering, and it supports server identity verification using certificates.
A digital certificate mainly links
A Domain to public key
B User to keyboard
C Folder to file name
D Router to printer
Digital certificates bind an identity (like a website domain) to a public key, usually validated by a Certificate Authority. This supports trusted HTTPS connections and helps prevent impersonation.
A hash function output is
A Reversible always
B Larger than file
C Same as plaintext
D Fixed-length digest
Hash functions create a fixed-size value from input data. Small changes in input change the hash significantly. Hashes help verify integrity and are widely used in passwords and signatures.
A digital signature mainly provides
A Faster Wi-Fi speed
B Extra storage space
C Integrity and authenticity
D Screen privacy filter
Digital signatures use cryptography to prove who sent the data and that it was not altered. Recipients verify signatures using the sender’s public key, supporting trust in communications.
“Key exchange” helps two parties
A Share keys securely
B Change monitor settings
C Remove malware
D Boost CPU speed
Key exchange methods allow parties to establish encryption keys over an insecure network. This is essential for secure sessions like TLS, where a shared secret is needed without exposure.
A VPN primarily creates
A Faster browser cache
B Bigger email inbox
C New antivirus database
D Encrypted tunnel
A VPN creates an encrypted tunnel between the user and VPN server. It protects data from interception on insecure networks, such as public Wi-Fi, and can secure remote access.
VPN tunneling means
A Physical cable drilling
B Deleting old logs
C Encapsulating network traffic
D Changing file extension
Tunneling wraps one network protocol inside another, allowing secure transmission across public networks. Combined with encryption, it keeps traffic private and protects against snooping.
A VPN client is usually
A Server room device
B User-side software
C Firewall rule list
D Router antenna
A VPN client runs on the user device to connect to a VPN server. It authenticates the user, sets up the encrypted tunnel, and routes selected traffic through the VPN.
A site-to-site VPN connects
A Two mobile apps
B Printer to scanner
C Mouse to keyboard
D Two network locations
Site-to-site VPNs securely connect entire networks, such as two office branches. They allow devices in different locations to communicate as if they are on the same private network.
A remote-access VPN is used when
A Linking two data centers
B Formatting a USB drive
C Employee connects from home
D Installing RAM modules
Remote-access VPNs let individual users securely access a private network over the internet. They are common for work-from-home access to internal resources like servers and intranet apps.
Split tunneling means
A Some traffic bypasses VPN
B VPN blocks all internet
C VPN disables encryption
D Only email uses VPN
With split tunneling, only selected traffic goes through the VPN while other traffic goes directly to the internet. It can improve speed but may reduce security if sensitive traffic leaks.
A limitation of VPN is that it
A Stops all malware
B Removes need of passwords
C Guarantees anonymity
D Depends on VPN provider
VPN traffic is encrypted to the VPN server, but the provider may see metadata or traffic exiting the tunnel. Trust, logging policy, and security of the provider matter a lot.
IP masking with VPN means
A Hiding local printer
B Removing MAC address
C Showing VPN server IP
D Changing file type
When using a VPN, websites often see the VPN server’s public IP instead of the user’s real IP. This can improve privacy and reduce tracking based on location or ISP address.
SIEM is mainly used for
A Image editing
B Security log correlation
C Keyboard driver update
D Creating user accounts
SIEM tools collect logs from many sources, correlate events, and raise alerts for suspicious patterns. They support monitoring, incident response, and compliance reporting in organizations.
Log monitoring helps security teams by
A Compressing files
B Improving monitor display
C Increasing Wi-Fi range
D Detecting unusual activity
Monitoring logs can reveal repeated failed logins, strange IP connections, malware behavior, or policy violations. Early detection reduces damage by enabling faster response and investigation.
A packet sniffer is used to
A Encrypt hard drives
B Format memory cards
C Capture network packets
D Delete spyware files
Packet sniffers capture and analyze network traffic for troubleshooting and security analysis. They can help detect attacks, misconfigurations, or performance issues, so access must be controlled.
Vulnerability scanning is done to
A Find security weaknesses
B Increase download speed
C Replace router hardware
D Clean browser history
Vulnerability scanners check systems and networks for known weaknesses like outdated software, open ports, and misconfigurations. Results help teams patch and secure systems before attackers exploit them.
Patch management mainly ensures
A New wallpapers installed
B Updates applied regularly
C More RAM available
D Faster keyboard response
Patch management is the process of testing, scheduling, and applying updates to fix vulnerabilities. Timely patching reduces the risk of exploitation from known security flaws.
Authentication means
A Giving permissions
B Encrypting backups
C Verifying identity
D Creating VLANs
Authentication confirms who a user is, using passwords, OTPs, biometrics, or certificates. It is the first step before access is granted to systems, networks, or applications.
Authorization means
A Verifying identity
B Changing encryption keys
C Blocking all ports
D Granting allowed access
Authorization decides what an authenticated user can do, like reading files or accessing admin panels. It follows the “least privilege” principle to reduce damage from compromised accounts.
Auditing in security refers to
A Cleaning computer fans
B Increasing screen size
C Reviewing security records
D Renaming folders
Auditing involves reviewing logs and activities to ensure policies are followed. It helps identify misuse, supports compliance, and provides evidence during investigations of security incidents.
A full backup includes
A All selected data
B Only changed files
C Only system settings
D Only cloud files
A full backup copies all chosen data every time. It is easy to restore from, but it takes more time and storage compared to incremental or differential backups.
An incremental backup saves
A All files daily
B Only old data
C Only large files
D Changes since last backup
Incremental backups store only data changed since the most recent backup (full or incremental). They are fast and small, but restoration may require multiple backup sets in order.
A differential backup saves
A Only system drivers
B Changes since full backup
C Only deleted files
D All data every time
Differential backups store changes made since the last full backup. They grow larger over time, but restoration usually needs only the last full backup plus the latest differential backup.
The 3-2-1 backup rule suggests
A Three passwords daily
B 3 servers, 2 routers, 1 switch
C 3 copies, 2 media, 1 offsite
D 3 users, 2 admins, 1 guest
The 3-2-1 rule improves reliability: keep three copies of data, store on two different media types, and keep one copy offsite. This protects against failure, theft, or disasters.
Backup verification means
A Deleting old backups
B Renaming backup folder
C Compressing backup files
D Testing restore works
Verification ensures backups are usable. It may include checksum checks and test restores. Without verification, backups may be corrupted or incomplete, causing failure during real recovery.
Disaster recovery focuses on
A Restoring services quickly
B Screen repairs
C Making new passwords
D Installing new games
Disaster recovery plans help organizations restore critical systems and services after major failures like ransomware or hardware loss. It includes recovery steps, priorities, backups, and communication procedures.
Network segmentation helps security by
A Making cables shorter
B Limiting attack spread
C Increasing printer speed
D Removing encryption
Segmentation divides networks into smaller zones. If one segment is compromised, access to others is restricted. It reduces lateral movement and helps enforce different security rules per group.
Router firmware updates are important to
A Change screen colors
B Increase keyboard size
C Fix security flaws
D Remove file duplicates
Firmware updates patch vulnerabilities in router software that attackers can exploit. Updating also improves stability and features. Using strong admin passwords plus regular updates greatly reduces network takeover risks.