Chapter 13: Network Security and Protective Technologies (Set-2)
A basic firewall rule usually matches traffic using
A Screen resolution
B File extension
C Battery level
D IP and ports
Explanation: Firewall rules commonly use source/destination IP, protocol, and port numbers to decide allow or block. This simple matching controls which services can communicate and reduces unauthorized access attempts.
Stateful firewalls reduce risk mainly by
A Allowing only replies
B Ignoring return packets
C Blocking all websites
D Removing encryption keys
Explanation: Stateful inspection remembers active connections. It allows response traffic only when it belongs to a valid session started by an allowed request, blocking many unsolicited packets used in attacks.
A proxy firewall can improve privacy because it
A Stores files locally
B Hides internal IPs
C Changes monitor size
D Speeds up CPU
Explanation: Proxy firewalls act as intermediaries, so external servers see the proxy address instead of internal device IPs. This reduces direct exposure and allows deeper inspection of application traffic.
IDS output is most commonly
A Printed reports
B Auto traffic blocks
C Disk formatting
D Security alerts
Explanation: An IDS focuses on detecting suspicious traffic patterns or known signatures and then alerting administrators. Blocking is usually done by an IPS or firewall, not by a basic IDS.
IPS often stops attacks by
A Changing passwords
B Encrypting backups
C Dropping packets
D Replacing router cables
Explanation: An IPS sits inline and can actively block threats. It may drop malicious packets, reset connections, or temporarily block IP addresses to reduce damage during active attacks.
A DMZ server is usually placed
A Inside LAN only
B Inside CPU cabinet
C Under monitor stand
D Between LAN and internet
Explanation: Public servers like web or mail often live in a DMZ. If compromised, the attacker is still separated from the internal LAN, reducing the chance of deeper network takeover.
Firewall logging is most useful for
A Incident investigation
B Faster downloads
C Extra disk space
D Better screen colors
Explanation: Logs record allowed/blocked connections, IPs, ports, and timestamps. During incidents, logs help trace what happened, identify attack sources, and confirm whether rules worked correctly.
“Allow outbound DNS” typically permits port
A 22
B 53
C 25
D 3389
Explanation: DNS commonly uses port 53 (UDP, and sometimes TCP). Outbound DNS rules let devices query DNS servers to resolve domain names, while still controlling who can access DNS.
Encryption mainly protects data
A At rest only
B In transit only
C From power failure
D From unauthorized reading
Explanation: Encryption makes data unreadable without the correct key. It protects stored files and transmitted data from eavesdropping, reducing risk even if attackers capture the information.
In symmetric encryption, both sides need
A Same shared key
B Different public keys
C Only username
D No secret at all
Explanation: Symmetric encryption uses one secret key for both encryption and decryption. It is efficient, but the key must be shared securely; if the key leaks, confidentiality is lost.
Asymmetric encryption is helpful because it
A Needs no keys
B Removes passwords
C Solves key sharing
D Blocks all malware
Explanation: With public/private keys, a public key can be shared safely for encryption or verification. Only the private key can decrypt or sign, reducing the risk involved in key distribution.
A digital certificate is mainly issued by
A Keyboard vendor
B Antivirus scanner
C ISP modem
D Certificate Authority
Explanation: A Certificate Authority (CA) verifies identity and issues certificates binding a domain or organization to a public key. Browsers trust known CAs to help prevent fake HTTPS sites.
HTTPS indicates the website uses
A FTP security
B TLS encryption
C Printer sharing
D Offline mode
Explanation: HTTPS uses TLS to encrypt data between browser and server. It protects logins and sensitive data from interception and also helps confirm the server identity through certificates.
A hash is mainly used to check
A Data integrity
B Battery status
C Screen brightness
D Wi-Fi range
Explanation: Hash functions produce a fixed-length digest from data. If even one bit changes, the hash changes greatly. This helps detect tampering and verify file or message integrity.
A digital signature is created using
A Receiver public key
B Symmetric shared key
C Router admin password
D Sender private key
Explanation: Digital signatures are made with the sender’s private key and verified with the sender’s public key. This provides authenticity (who signed) and integrity (no change after signing).
TLS handshake mainly helps to
A Clean browser cache
B Format hard disk
C Agree on session keys
D Increase monitor size
Explanation: During a TLS handshake, the client and server authenticate and negotiate encryption settings. They securely establish session keys for fast symmetric encryption during the rest of the connection.
A VPN is best used when
A Using public Wi-Fi
B Playing offline games
C Printing documents
D Cleaning keyboard
Explanation: Public Wi-Fi is risky due to possible sniffing and fake hotspots. A VPN encrypts traffic from device to VPN server, reducing eavesdropping and improving privacy on untrusted networks.
A VPN server mainly provides
A Screen sharing
B File compression
C CPU overclocking
D Tunnel endpoint
Explanation: The VPN server terminates the encrypted tunnel from clients and then routes traffic onward. It can enforce authentication, encryption policies, and access rules for protected resources.
“Site-to-site VPN” is common for
A Home printer setup
B Branch office links
C Mouse driver update
D Audio streaming only
Explanation: Site-to-site VPNs connect two networks securely over the internet, such as head office to branch office. Devices at both sites communicate privately without individual user VPN sessions.
A VPN protocol is basically
A Tunneling method
B Routing table name
C File system type
D Monitor refresh rate
Explanation: VPN protocols define how tunnels are created and secured, including authentication and encryption. Examples include IPsec and SSL-based approaches, each with different performance and compatibility traits.
Split tunneling can increase risk because
A VPN is faster
B Passwords auto-save
C Some traffic unencrypted
D Logs become smaller
Explanation: When split tunneling is enabled, non-VPN traffic goes directly to the internet. If sensitive traffic leaks outside the tunnel, it may be exposed on unsafe networks or bypass security monitoring.
A packet sniffer is often used for
A Screen recording
B Battery testing
C File renaming
D Network troubleshooting
Explanation: Packet sniffers capture traffic to analyze errors, delays, and protocol behavior. They are also used in security to detect suspicious patterns, so access should be restricted and monitored.
SIEM helps security teams by
A Centralizing log data
B Editing images
C Printing backup labels
D Increasing RAM speed
Explanation: SIEM collects logs from devices, servers, and security tools into one place, then correlates events. This improves detection of attacks that appear harmless when viewed on a single system.
A vulnerability scan usually finds
A Strong passwords
B Missing security patches
C Faster CPU settings
D New hardware drivers
Explanation: Scanners look for known vulnerabilities, outdated versions, open ports, and weak configurations. Reports guide patching and hardening so attackers cannot exploit common weaknesses.
Patch management should include
A Random updates
B Sharing admin keys
C Disabling all logs
D Testing before rollout
Explanation: Good patch management tests updates for compatibility, schedules deployment, and verifies success. This reduces downtime while still fixing vulnerabilities quickly, especially for internet-facing systems.
Access control mainly answers
A What you can do
B Who you are
C How fast internet is
D Which printer works
Explanation: Access control defines permissions after authentication. It decides what resources a user can access and what actions are allowed, supporting least privilege to limit damage from mistakes or compromised accounts.
MFA improves account security by
A Removing passwords
B Blocking all emails
C Adding second factor
D Increasing storage size
Explanation: Multi-factor authentication requires something else besides a password, such as an OTP or authenticator app. Even if a password is stolen, attackers cannot easily log in without the second factor.
Antivirus console mainly helps to
A Change DNS servers
B Create VLANs
C Encrypt Wi-Fi signals
D Manage many endpoints
Explanation: An antivirus management console centrally monitors devices, pushes updates, schedules scans, and reports infections. This improves visibility and ensures consistent protection across an organization’s endpoints.
A security alert should trigger
A Initial incident review
B Ignoring the event
C Immediate disk format
D Router factory reset
Explanation: Alerts should be assessed quickly to confirm if they are real threats or false positives. A basic review checks logs, affected systems, and severity before taking containment and recovery actions.
A full backup is best when
A Storage is very limited
B Simple restore is needed
C Network is always down
D Only one file changed
Explanation: Full backups store all selected data in one set, making restoration straightforward. They use more time and space, but they simplify recovery compared to multi-step restores from incremental chains.
Incremental backups mainly reduce
A Screen flicker
B Password strength
C Router range
D Backup time
Explanation: Incremental backups save only changes since the last backup, so they are faster and smaller. However, restoring may require the last full backup plus every incremental backup after it.
Differential backups become larger because they
A Accumulate changes daily
B Store system logs only
C Delete old backups
D Encrypt less data
Explanation: Differential backups capture changes since the last full backup. As more changes happen, each differential grows. Restore is simpler than incremental because you need only the full backup and latest differential.
A restore point is mainly used for
A Increasing disk capacity
B Adding new printer
C Undoing system changes
D Speeding up Wi-Fi
Explanation: Restore points record critical system settings and files so a system can roll back after bad updates or driver issues. They help recover stability without restoring full personal data backups.
The 3-2-1 rule improves protection against
A Slow internet plans
B Keyboard damage
C Printer paper jams
D Single point failure
Explanation: Keeping three copies on two different media and one offsite ensures one problem does not destroy all backups. It protects against hardware failure, ransomware, theft, fire, and site disasters.
Cloud backup is useful mainly because it
A Needs no internet
B Gives offsite copy
C Removes encryption need
D Prevents all hacking
Explanation: Cloud backups provide geographic separation, protecting data from local disasters. Good cloud backup still needs encryption, access controls, and periodic restore testing to ensure data is safe and recoverable.
Backup retention policy decides
A How long to keep backups
B Wi-Fi channel number
C Monitor refresh rate
D Password reset speed
Explanation: Retention policies define how many backup versions are kept and for how long. This balances storage cost with recovery needs, including restoring older files or meeting compliance requirements.
Data loss prevention aims to
A Increase disk speed
B Improve screen quality
C Reduce printer ink use
D Stop sensitive data leaks
Explanation: DLP focuses on preventing unauthorized sharing of sensitive information like IDs, financial data, or company documents. It can monitor transfers, block risky actions, and enforce encryption or policy rules.
Network segmentation is often done using
A Mouse drivers
B VLANs
C Screen savers
D Browser cookies
Explanation: VLANs logically separate networks on the same physical switches. Segmentation limits who can talk to whom, reduces attack spread, and allows different security rules for departments or device types.
VLAN security should include
A Proper access controls
B Open trunk ports
C Shared admin passwords
D Disabled logging
Explanation: VLANs help separation, but access controls and correct switch configuration are required. Misconfigured trunks or weak controls can allow VLAN hopping or unauthorized access between segments.
Router admin passwords should be
A Default factory
B Same everywhere
C Printed publicly
D Strong and unique
Explanation: Routers are critical gateways. Default or weak passwords are easily guessed, allowing attackers to change DNS, open ports, or spy on traffic. Strong unique passwords reduce takeover risk.
Firmware updates on security devices help to
A Add wallpapers
B Reduce internet speed
C Fix known vulnerabilities
D Disable encryption
Explanation: Firewalls, routers, and switches run software that can have security bugs. Firmware updates patch these flaws, improving stability and protection. Regular updates are a key basic security practice.
Secure DNS mainly protects against
A DNS spoofing risk
B Keyboard logging
C Screen burn-in
D USB corruption
Explanation: Secure DNS approaches like DNSSEC validation or encrypted DNS can reduce risks from spoofed or tampered DNS responses. This helps prevent users being redirected to fake or malicious websites.
HTTPS enforcement is important because it
A Blocks all ads
B Deletes cookies
C Speeds up CPU
D Encrypts website traffic
Explanation: Forcing HTTPS ensures data between browser and site is encrypted and protected from tampering. It reduces credential theft on open networks and improves trust by using certificates for identity checks.
Endpoint security refers to protecting
A Only network cables
B User devices
C Only internet routers
D Only cloud servers
Explanation: Endpoints include laptops, desktops, and mobiles. Endpoint security uses tools like antivirus, device encryption, firewall, and patching. Since users interact with email and web, endpoints are common attack targets.
Device encryption is mainly used to
A Increase battery
B Remove malware
C Protect lost devices
D Speed up boot
Explanation: Full-disk encryption protects data if a laptop or phone is lost or stolen. Without the decryption key, attackers cannot easily read stored files, reducing the risk of data theft.
Secure remote desktop should include
A Open internet access
B Default port only
C No password needed
D MFA and VPN
Explanation: Remote desktop exposed directly to the internet is often attacked. Using VPN access and MFA reduces risk, while strong passwords, limited users, and logging help detect and prevent unauthorized access.
A basic security policy mainly provides
A Security guidelines
B Gaming rules
C Printer shortcuts
D Screen theme list
Explanation: Security policies define expected behavior and controls, such as password rules, patching, backups, and incident reporting. Clear policies help teams follow consistent practices and reduce human errors.
During incident handling, the first step is
A Erase all evidence
B Buy new hardware
C Share passwords
D Identify the incident
Explanation: Incident response begins by identifying and confirming what happened. Teams gather initial facts, scope affected systems, and decide severity. Accurate identification prevents wrong actions and supports proper containment.
Containment in incident response aims to
A Spread the issue
B Limit further damage
C Delete all backups
D Increase internet speed
Explanation: Containment focuses on stopping the incident from growing, such as isolating infected devices, blocking malicious IPs, or disabling compromised accounts. Quick containment reduces data loss and system disruption.
Recovery after an incident includes
A Restoring clean systems
B Ignoring patching
C Sharing private keys
D Disabling antivirus
Explanation: Recovery restores services safely by removing malware, patching vulnerabilities, restoring data from verified backups, and monitoring for reinfection. It also includes validating systems, updating controls, and documenting lessons learned.